Radio Attack Lets Hackers Drive Away Your Car

When it was revealed I couldn’t believe my eyes. Someone walks up to a car and its locked, someone else walks up and can instantly get in and at the press of a button start the engine, no key required. Wireless key technology is now employed in cars all over the world and allows for users to avoid the hassle of finding their car keys, sadly it looks like a radio attack lets hackers do exactly the same thing without you even knowing.

A group of german vehicle security experts have studied how the radio hack uses your keys to break into your own key. The whole principle of wireless keys is that the engine and the doors will only work when the keys are within a certain range of the vehicle, this means that if you aren’t near your car it’s just an expensive piece of metal and technology.

Munich-based automobile club, ADAC, tested a hacking technique that uses the principle of “amplification” to fool your car into believing that the keys are actually closer than they actually are. In total, their study found 24 different vehicles were vulnerable, and it wasn’t just one manufacturer that was involved, 19 different manufacturers were vulnerable to the radio attack. What does this mean? Using this kind of attack someone can walk up to your car, and using a small pocket amplification device, unlock and drive away your car. No alarms,

What does this mean? Using this kind of attack someone can walk up to your car, and using a small pocket amplification device, unlock and drive away your car. The total cost of this hack? $225 for the device. Compare that to the cost of the Audi A3, A4 and A6, Ford Galaxy, Mitsubishi Outlander, Renaults Traffic and countless other models that are vulnerable to this attack.

The technique works by “amplifying” your keys signal. In reality, what happens is the key fobs signal is relayed through a pair of radios. Is this an example of technology being made too smart, at the cost of security, in order to save us a few seconds of inconvenience?

Malware Could Be Using Legitimate Signature Certificates

When it comes to installing software on your computer, we often have to take it on faith that the software is safe to use. As an extra precaution, the latest step is to allow companies to use “certificates”, digital signatures that show that a trusted company created the software. A group known for creating malware may have found a way around this system though as some of their nasty programs are using legitimate signature certificates.

By using legitimate signature certificates your computer trusts the software and installs it without further hassle, the problem being that the software is less than safe and, in fact, is just malware (or malicious software). According to Symantec, the group known as Suckfly has used no less than nine different singing certificates from nine different companies since 2014.

Categorising the found malware into groups, Symantec found that 11 of the identified tools could be used for backdooring into your system. While others could be used to log and find out your information, some even checked your network traffic to find out what could be used to access your system through port scanning software.

With so many certificates being stolen and used for signing malware, and it becoming a common practise amongst malware creators, could we see the need for another way of finding and checking software is legitimate if these techniques are so easily bypassed?

 

Cryptsy on Verge of Bankruptcy After $7.5m Bitcoin Theft

Popular cryptocurrency exchange Cryptsy is on the verge of bankruptcy after the startup admitted that it had fallen victim to an online heist in July 2014, during which a total of $9.58 million-worth of Bitcoins and Litecoins. The company has been left with outstanding liabilities of around 10,000BTC – approximately $4.15 million – which, if not met, could result in the business winding up.

“About a year and a half ago,” a blog post from Cryptsy reads, “we were alerted in the early AM of a reduction in our safe/cold wallet balances of Bitcoin and Litecoin, as well as a couple other smaller cryptocurrencies.”

“After a period of time of investigation it was found that the developer of Lucky7Coin had placed an IRC backdoor into the code of wallet, which allowed it to act as a sort of a Trojan, or command and control unit,” the post continues. “This Trojan had likely been there for months before it was able to collect enough information to perform the attack.”

The Trojan was able to steal around 13,000BTC ($7.5 million, based on the exchange rate at the time) and 300,000LTC ($2.08 million).

Cryptsy says that it did not disclose the theft at the time as it believed that it had enough cyptocurrencies in its reserve to make up the shortfall, supplementing that with its own profits. The site, though, has now failed to meet its outstanding liabilities. Unless Cryptsy can recover the stolen funds or can find a buyer to cover the shortfall, the company is set to declare itself insolvent.

Image courtesy of Bloomberg.

Arrested And Robbed All In One Night – All Streamed On Twitch

Live streaming is a big thing these days, with anybody being able to put on a camera, share their screen and show the world everything from their video games to board game parties. Sadly the opportunity to watch others from anywhere in the world has led to some rather nasty situations, one of these is the action known as ‘Swatting’. Swatting involves someone watching a live stream, and through various technological means, finding out the address of the streamer. With the address, they ring the police and often fabricate a situation where someone’s life is in danger and so the police act on the information they have and dispatch SWAT (special weapons and tactics) to the scene to help solve the situation. Normally they are still live streaming when the police burst through their doors, causing distress to everyone bar the caller.

Recently though this was not the case as during a live stream by Mr_13ig who was asked by a policeman to keep the volume down and for his details. After refusing to provide his details, he noticed one of his neighbours walk past and informed the officer that he was feeling harassed because his neighbour was taking photos of him. As the video continues the policemen arrests him for the noise complaint and his behaviour, only to then have two minutes later another crime happen in the apartment.

The neighbour who had walked past earlier, while being filmed by the live stream not only entered the apartment and took several items from the room, but then returned to take even more stuff, all the while seemingly oblivious to the fact that he was being recorded all the time.

You can watch the video here, and you’ll be glad to know that the neighbour who stole from the apartment has been charged with burglary thanks to the viewers ringing and informing the police about the crime.

Image courtesy of Twitch.

Four Men Charged Over $1m MacBook Air Heist

It just goes to show the strength of Apple’s brand or pricing structure when criminals decide to plan to conspire in a robbery of expensive computers. Four men have been charged over the theft of approximately 1200 MacBook Air computers which have an estimated value of $1 million dollars (£660,000) and were thought to be in the process of being delivered to two high schools in New Jersey.

According to federal prosecutors, an individual by the name of Anton Saljanin was hired to transport the computers from a technology compound in Massachusetts to New Jersey on the 16 January 2014. Mr Saljanin reported to police that said delivery van had been stolen from a car park near his home where he parked it overnight. Sounds plausible, but for a few key details, firstly the gentleman in question claimed to have spotted the truck when driving along a highway by chance 27 miles away in Connecticut when out looking for the stolen vehicle. Police investigated this and ran tests before concluding that the truck “would not have been visible in the (Connecticut) Parking Lot to a driver passing by on Interstate 84”.

Further investigation by the FBI into Mr Saljanin phone records indicated that he in fact did not take the route in question when he claimed to have been searching for the truck; he was subsequently arrested along with his three alleged accomplices and charged with participating in a scheme to steal, transport, and sell the shipment of computers. It is also claimed that the four individuals sold at least a dozen MacBook Airs between January 2014 and April 2014 for between $500 – $800 dollars each, this is far below the retail price of around $1000 dollars per machine. Each person paid in cash and were handed the computer in brown cardboard packaging, this is certainly different to the well designed authentic Apple packaging.

What is evident is high-end tech products are a target for criminals with a propensity for theft albeit allegedly at this stage. It would have been ironic if Mr Saljanin had used an iPhone when police analysed it for phone data records.

Thank you ibtimes for providing us with this information

Image courtesy of the-anecdotes

US Federal Agent Admits To Stealing $820,000 Bitcoins From Silk Road

Shaun Bridges, a former US DEA agent who was investigating the online drug marketplace Silk Road, has been charged with obstructing justice and money laundering. He has since admitted the charges that were levelled against him.

So, how did Mr Bridges nick quite so many Bitcoins with a huge resale figure? According to the US Department of Justice (DoJ), Bridges was granted as part of the investigation to the rights to an administrator account on the notorious deep web black marketplace Silk Road. He misused his account by resetting the passwords and pocketing around 20,000 in Bitcoins from numerous wallets on the service, he then transferred the digital currency into his own wallet. Having quite a lot of Bitcoins in a virtual wallet is fun and all, but, Mr Bridges envisaged a big financial reward and subsequently sold off the stolen Bitcoins on the Mt Gox exchange between March to May 2013, which netted him a combined figure of $820,000 in cash.

When the net closes tightly around you, Shaun Bridges decided to admit all as part of a plea deal, he also admitted that during the investigation of Silk Road he had lied to investigators and also tried to obstruct them in their duties.

This is why government law enforcement is unable to take the moral high ground in cases like this. Yes, what Ross Ulbricht and co operated was illegal, but the actions of the former agent in question weren’t exactly saint like either. It’s difficult to convey the evils of this type of behaviour to would-be cyber criminals when the supposed “good side” have also been charged with theft.

A perfect summary of this case arrives courtesy of US Attorney Melinda Haag who Stated the following

“Mr. Bridges has now admitted that he brazenly stole $820,000 worth of digital currency while working as a U.S. Secret Service special agent, a move that completely violated the public’s trust. We depend on those in federal law enforcement having the highest integrity and unshakable honour, and Mr. Bridges has demonstrated that he utterly lacks those qualities.”   

A part of preventing crime is trust in those who defend the law-abiding, if trust is disappearing after scandal upon scandal, it’s difficult to regain it.

Thank you techworm for providing us with this information.

Image courtesy of nextpowerup

More Than 65,000 Range Rover Vehicles Recalled Over Software Bug

Land Rover have recalled more than 65,000 vehicles due to a software bug which automatically unlocks the car doors. The affected models are the Range Rover and Range Rover Sport with a manufacturing date from 2013 to the present day. While the introduction of keyless ignition seemed like a novel idea, it’s become prone to software errors and a prime target for car thieves. These issues are compounded further when you consider the technology is exclusively used on luxury models.

In a statement to the BBC, Land Rover said,

“No accidents or injuries were reported to have occurred as a result of the bug.”

“Range Rover owners would not have to pay for the modifications to be made.”

The widespread security concerns with blank key systems are backed by clear evidence as gangs often use a handheld black box to easily open the doors without forced entry. Possibly, there are too many concessions just to avoid the industry standard mechanical lock. This brings up the question, do we even need this technology? Software is always prone to glitches and open to hacking. Given the monetary value of high-end vehicles, it seems a bit reckless to keep relying on these devices. For example, a spokesperson for Thatcham Research which collects information on car crime argued,

“It’s been known for over a year that keyless entry and ignition systems possess certain vulnerabilities.”

“There were a number of vehicles suggested as being vulnerable in this way, Range Rovers being one of them.”

“Other cars targeted include Ford Focus and Fiestas, Audis and some light commercial vehicles.”

“That was all to do with keyless entry systems and vulnerabilities through the onboard diagnostic port.”

Do you believe keyless ignition systems can ever be completely safe?

Thank You BBC for providing us with this information. 

Man Arrested For Stealing Electricity On A Train

Anyone who’s been on a train recently for a long journey will understand that most modern trains come with some power outlets. I have travelled quite a bit in recent years on trains and can safely say these power outlets have given my laptop and my phone some much-needed charge in their final moments. An artist in London, however, found that this was not always welcome after being arrested for stealing electricity on a train.

The artist in question, Robin Lee, was travelling on a train in London when he spotted the power outlet and decided to charge his iPhone. When Robin left the train though he was met by a Police Community Support Officer (PCSO), for those who aren’t aware a Community Support Officer is a person who has been given some police abilities in order to bridge the gap between the public and the police. The PCSO stated that he had been “abstracting electricity” and according to Robin it was at this point that she called to four police officers who were on the platform and requested that he be arrested.

Robin was arrested after trying to push past the police and taken to the British Transport Police in Islington before being de-arrested for the “abstracting electricity” charge while being reported for the “unacceptable behaviour” of pushing past the police officers.

Transport for London has released a statement saying that there are signs near the plugs stating they are for cleaners use and they are not for use by the public.

I don’t know about you but next time I go on a train I will be reading all those signs a little more carefully. Do you think that it’s acceptable to be arrested for a little bit of electricity? Do you charge your devices on the trains?

Thank you Standard for the information and the image.

White House Orders New Measures to Combat Breaches In Digital Security

Earlier we mentioned how OPM (Office of Personal Mangement) in the US found they had been hacked with thousands of records accessed, including those relating to background checks for security clearances, something which if true leaves their employees open to blackmail and a whole host of actions that are unpleasant and unwanted by the government.

The White House has now taken action, directing all agencies to take a series of steps in order to prevent and detect any unwanted access into their networks. Tony Scott, U.S. Chief Information Officer, has launched what is being called a 30-day cyber security sprint.

The emergency measures listed include:

  • patching “critical-level” software holes “without delay”
  • Tightening security and access restrictions for “privileged users”, this includes cutting the number of users with this level of access and to monitor their access to the systems for suspicious behavior
  • Increase level of two-factor authentication, where a user is asked to confirm their login attempt, normally by receiving a text or phone call with a code in it

According to the released information, agencies have to report on their progress and problems implementing these steps within the next 30 days. With a “Cybersecurity Sprint Team” task force being deployed to lead the month long view and analysis of the US’s digital defenses, many organizations could find their technology changing.

While the actions are greatly appreciated, if the documents have been copied or accessed, a lot of personal information has been released to people who may use it for harm. Here’s hoping they don’t and that the government has stepped up their security because of this revelation.

Thank you NextGov for the information.

Image courtesy of NMINews.

China May Have Hacked the US Government Again

Hacking is something we see on a regular basis, but news about such events start cropping up more and more lately. But since we do have constant leaks from Edward Snowden, it is natural for news to be centred around US government officials now. The latest points to another hack that led to a big data leak in the US government.

US officials have confirmed at the beginning of May that a big chunk of data, namely about 4 million US citizens, may have been compromised. The data comes from the US Government’s Office of Personal Management and is now deemed one of the biggest hacks in history. But who to suspect are the culprits? Well, the US thinks China has been involved yet again.

But this is not your ordinary hack challenge or small-time theft. While some government servers hold a variety of information, the OPM servers hold sensitive data of about 1.5 million US military personnel, which makes matters a bit worrying, especially for the latter individuals. This is why federal agencies around the country have been on high alert since the servers got hacked.

The hack has also affected 1% of the US population, which although may seem a small percentage, it does pose a significant threat to the country and its security. Since then, the hackers are said to have operated on a weekly basis, but on small-scale attacks. But will we see another big one in the future? What are they targeting this time? Let us know your concerns in the comments below.

Thank you TechRadar for providing us with this information

Hackers Stealing Money Through Starbucks Accounts

Hackers have been accessing Starbucks accounts, through the coffee seller’s mobile apps, to steal thousands of pounds from unsuspecting customers. The rouse was uncovered by US journalist Bob Sullivan, who wrote on his blog:

Criminals are using Starbucks accounts to access consumers’ linked credit cards. Taking advantage of the Starbucks auto-reload function, they can steal hundreds of dollars in a matter of minutes. Because the crime is so simple, can escalate quickly, and the consumer protections controlling the transaction are unclear, I recommend all Starbucks consumers immediately disable auto-reload on the Starbucks mobile payments and gift cards.

The fraud is a big deal because Starbucks mobile payments are a big deal. Last year, Starbucks said it processed $2 billion in mobile payment transactions, and about 1 in 6 transactions at Starbucks are conducted with the Starbucks app.

It is still unclear as to how criminals have been using hacked accounts to steal money, but one theory is that they are purchasing Starbucks gift cards, which are then sold on, either through legitimate platforms or the dark web, via Tor.

Starbucks has been made aware of the issue but, rather unhelpfully, denies that its apps have been hacked:

Starbucks takes the obligation to protect customers’ information seriously. News reports that the Starbucks mobile app has been hacked are false.

Like all major retailers, the company has safeguards in place to constantly monitor for fraudulent activity and works closely with financial institutions. To protect the integrity of these security measures, Starbucks will not disclose specific details but can assure customers their security is incredibly important and all concerns related to customer security are taken seriously.

Occasionally, Starbucks receives reports from customers of unauthorized activity on their online account. This is primarily caused when criminals obtain reused names and passwords from other sites and attempt to apply that information to Starbucks. To protect their security, customers are encouraged to use different user names and passwords for different sites, especially those that keep financial information.

Though Starbucks passes the buck to the customer, it does at least acknowledge that any fraudulent activity is not the responsibility of the account holder.

Paul Martini, CEO of security firm iboss has certainly taken exception to Starbucks’ statement, accusing it of using semantic to absolve itself of responsibility:

This line of argument is so common now – it’s basically playing with words. Whether the app is literally hacked or not, it’s completely ridiculous. The design itself is flawed. Auto-reload should happen at the register. The second part issue is: why can people reload and drain a card within ten minutes?

If you are concerned about the security of your Starbucks account, simply turn off auto-reload on the Starbucks app, and make sure your username and password are distinct from one another.

Thank you The Next Web for providing us with this information.

Federal Agents Charged with Stealing from Silk Road

Two Federal agents are now facing charges themselves after the takedown of the Silk Road drug marketplace last year. The two agents, Carl Mark Force and Shaun Bridges, were both involved in the takedown by operating undercover and building up evidence against the Silk Road operators.

According to an affidavit, Force redirected Bitcoins to a personal account during the investigation but failed to report this or turn them over once the investigation was completed. The idea of a couple extra bucks in his pocket could now result in years in prison instead as he faces charges of money laundering, wire fraud and theft of government property. The other agent, Bridges, only faces laundering and fraud charges. Naughty agents.

Thanks to The Verge for providing us with this information

GTA V for PC Delayed Again!

Rockstar Games has announced that the release of Grand Theft Auto V for the PC will be delayed again, this time until April 14th. The developer also announced today that Online Heists will now be coming to the console versions on March 10th.

This news marks the third delay to the PC port of the game, sparking anger amongst many PC gamers who have been holding out for it. It’s especially annoying considering the fact that the game was released for consoles back in September 2013 – 17 months ago.

GTAV for PC will be arriving on April 14th at retail and as a digital download. Our apologies to PC gamers worldwide who have been counting down the days until the launch of the game, but a bit more time is needed to ensure that the game is as polished as possible, and to make certain that both Heists and the GTA Online experience are ready to roll out on day one for PC. As a gesture of thanks for your understanding, we will grant anyone who has pre-ordered the game an additional $200,000 in-game cash for use in GTA Online. Rockstar Games

The question now of course, will this be the last delay?

Source: Polygon

Up to $900 Million Stolen Online in Biggest Bank Robbery Ever

In a 21st Century bank job, thieves don’t even need to step foot on the premises, let alone have a getaway car primed: all you need is a computer and the right software. According to a report from The New York Times, tech security firm Kaspersky has been tracking a monumental bank heist that could have netted thieves up to $900 million.

A group of unknown hackers from Russia, China, and Europe targeted a series of banks over a number of years with a bespoke sophisticated software program to siphon over $300 million from accounts. The banks in question have been made aware of the theft, but have chosen not to disclose them. Kaspersky suggests that over 100 banks could have been targeted, and that the total bounty could amount to a figure beyond $900 million.

Chris Doggett, Managing Director of Kaspersky North America, said, “This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert.”

Source: BGR

Mobile Phone Theft down Thanks to New Legislation

Thanks to legislation, significant drops in mobile phone theft have been reported.  This legislation has led to the introduction of kill switches by most manufacturers. Major cities such as San Francisco, New York, and London have been excellent examples, reporting 40 percent, 25 percent, and as much as 50 percent drops respectively on iPhone theft.

These kill switches allow users to simply lock the lost or stolen device, or go as far as bricking devices to render them useless, preventing sales illegally. New York State Attorney had this to say:

“The huge drops in smartphone theft have occurred since the kill switch has been on the market are evidence that our strategy is making people safer in our cities, and across the world.”

Initial reaction to such legislation was mixed, but with this show of success, the hope is similar legislation will be passed everywhere. For those unsure how to do so, here are links on how to do this with both iPhone and Android based phones.

Android

iPhone

Source: TweakTown

Watch: GTA Bird Stunt Montage

We’re all used to stunt montages from GTA, but not bird stunt montages. It was with the ‘enhanced’ version of GTA V on the PS4 and Xbox One that Rockstar included the ability to play as a bird and it seems that one YouTuber has really taken that under his wing.

In this video, 8-bit Bastard on YouTube shows us through a number of hair-raising (for birds) stunts. Plus, there’s some of the more everyday bird activities, such as riding the roof of a train.

Source: Kotaku

GTA V Without Textures is Art

A lot of things get pushed off as art these days. Splattered paint, piles of rubbish, famous paintings in raw data, just to name a few. But what about GTA V without any textures? Is that really ‘art’?

Maybe more so than the others in that list. These images consist of screenshots of Los Santos from GTA V without any textures. Artist Kim Laughton had the idea and her shots are now part of the Monadigital exhibition Flanetrie in China.

The images offer a unique view of the city formed of abstract shapes.

See more of the piece, titled los_santos.obj here.

Source: Gizmodo 

Watch Some Old People ‘Play’ GTA V

There’s a lot of these videos nowadays. Kids, teens and old people get sat in front of a game, piece of old or new technology, an outrageous YouTube video, or pretty much anything else that’ll get an interesting reaction, and they’re just asked to say what they think about it.

Well this time, the latest ‘REACT’ video features a bunch of elderly people attempting to get Michael De Santa to walk. There’s more to it obviously, but a lot of it is just about getting him to walk.

See it and their hilarious reactions for yourself in the video bellow.

Source: REACT on YouTube

Watch: Star Wars Trailer in GTA V – Without Mods

Someone attempted to recreate the Star Wars trailer in GTA V. Now of course, without making any modifications to the game, you’d think that would be a pretty difficult task.

Well Powerlight-13 on YouTube didn’t think so and rather creatively reproduced the entire trailer using only in-game characters and vehicles. It all comes together quite well, but we’ll leave you to decide whether the plane at the end bears any resemblance to the Millennium Falcon.

Source: Kotaku

Smartphone Theft in London Still Frustrating Police, But Slow Progress Being Made

Metropolitan areas in the United States and United Kingdom have struggled to crack down on theft related to smartphones, leading to an increase in theft, robbery, and potential violent incidents. Most of the problems occur from street-level crime, with 300 reported smartphone thefts each day in 2013.

Not surprisingly, the Apple iPhone 5 proved to be the most stolen smartphone in the UK, with the iPhone 5C, 5S and 4S following behind, according to “The Mobile Phone Theft Ratio” report from Home Secretary Theresa May. The report was released before the iPhone 6 and iPhone 6 Plus were announced, so a future report will likely indicate a change.

Here is what the Report of Technological Advisory Council (TAC) Subcommittee on Mobile Device Theft Prevention:

“Smartphones are a significant driver of thefts in London. Smartphone thefts from a person more than doubled between 2010 and 2013, increasing from 16,141 stolen smartphones in 2010 to 32,872 in 2013. In 2013, nearly half (49 percent) of London robberies involved a smartphone. Despite a successful 2012 crackdown on smartphone theft, London police still received over 100,000 reports of stolen smartphones in 2013.”

Despite the increase in smartphone thefts, London police authorities believe theft prevention have decreased 24 percent in the six months after Apple made its Activation Lock available. Authorities also have increased undercover patrols aimed at suturing hotspots where increased numbers of thefts have occurred.

Smartphone owners are urged to password/PIN-pin protect their devices, and run some type of anti-theft software – able to remotely wipe and brick a lost or stolen device – and report any stolen mobile devices to proper police authorities. Regardless of new technologies being developed, smartphone theft isn’t going to disappear overnight – and will take continued work between consumers, smartphone manufacturers, and wireless carriers.

(Image courtesy of the Huffington Post)

Expendables 3 Piracy Suspects Arrested

Two men from the UK have been arrested following the leak of The Expendables 3 before its scheduled release date.

The copy of the movie was viewed hundreds of thousands of times and reportedly lost Lionsgate, the film’s production company, $10 million.

Officers from the UK Intellectual Property Crime Unit (Pipcu) arrested the men, a 36-year-old and 33-year-old in Upton, Wirral, and Dewsbury, West Yorkshire. They were arrested on suspicion of taking the film from a private cloud server and uploading it to the web. They released the movie online back in July, just under a month before the film’s August release date. In a statement to the BBC, head of Pipcu, Det Ch Insp Danny Medlycott said that this was not “a victimless crime”.

“By downloading illegal music, film, TV and books, not only are you exposing your own computer to the risk of viruses and malware, but you are also putting hard-working people’s livelihoods at risk as piracy threatens the security of thousands of jobs in the UK’s creative industries.”

Source: BBC News

Retailers Must Invest in New Security Procedures, or Major Breaches Could Accelerate

Companies struggle greatly to try to keep their networks safe, including ensuring employee and customer data remains secure.  Major retailers are suffering data breaches that often lead to stolen customer debit and credit card data taken by hackers.

Popular retailer Target was compromised late last year and 40 million customers were affected – and the company has reportedly spent more than $145 million in expenses stemming from the incident.  Target’s sales temporarily dropped, customers were weary to continue shopping there, and it has been an overall public relations nightmare.

Home Depot recently confirmed a breach with up to 56 million potentially affected customers, with some stolen data posted in online cybercriminal forums.  It’s too early to tell what type of financial damage the company will suffer, but Home Depot will deal with the same type of backlash Target did.

Here is what Joe Caruso, Global Digital Forensics CEO noted:

“Most people tend to focus on how many credit card numbers were stolen, almost like it’s a way to score a game… but the numbers that should really be seeing the spotlight more are the ones that put dollar signs to the costly aftermath of a successful breach.”

Companies sometimes fail to even install antivirus and anti-malware technology, and then forget to conduct vulnerability assessments.  GDF recommends that companies be aware of what threat vectors could cause them the most problems, along with identifying weak links in the security chain.

Thank you to Global Digital Forensics for providing us with this information

Image courtesy of SoftPedia

Samsung Factory Invaded by Armed Criminals, $36 Million in Gadget Stolen

The Samsung Campinas factory near Sao Paolo was attacked last Sunday night when seven armed assailants took over the factory, took the workers hostage and made off with a staggering $36 million in phones, tablets, notebooks, computers and more.

Seven armed robbers took hostages after stopping the staff shuttle bus. Two hostages were kept on board and eight more were set free. Once the route was clear, the group stole over 40,000 products as 13 other members of their group arrived in trucks. They used pallet loaders to fill the trucks and coordinated their efforts via radio and mobile phones in what was obviously a very well organised operation.

A spokesman for Samsung in Sao Paolo said: “We have cooperated fully with the police investigation that is underway and will do our best to avoid any sort of repeat incident.”

In fairness there is only so much you can do to prevent a situation like this, when weapons and hostages are involved in such great numbers, no one needs to be a hero and try save the day, especially when the goods that were stolen can likely be written off through insurance, when a life cannot.

Luckily none of the 100 employees who were present at the factory are reported to be hurt, although psychologically scars will no doubt be running pretty deep after such a traumatic ordeal.

Thank you PocketLint for providing us with this information.

Image courtesy of PocketLint.

Dogevault Goes Offline – Millions of Dogecoins Appear Stolen

As far as cryptocurrencies go, Dogecoin has by far got to be the most popular one of recent times and it’s not surprising really considering it went viral after it was created in the spirit of the popular internet Doge meme.

News has come to light however that some people may have taken a liking to the currency a bit too much after the online wallet Dogevault reportedly went offline without any warning and some users are realising that large quantities of Doge were transferred out of their accounts just before the service went down.

Whether or not the Dogevault servers were hacked or whether the owners have shut up shop and made for the hills is still under investigations, but after some investigation in to where the coins have been transferred to, it seems like we could be looking at the biggest Dogecoin thefts in history. One user posted a shot of his wallet, showing that 950k coins were removed and after following the transaction path, they appear to have landed in this wallet, along with nearly 120 million more coins. Another wallet has been found as well that suggests the Dogevault owners are also responsible, with a balance of over 2.6 million coins itself.

What is certain though is that the coins sadly are not likely to be returned which turn may cost their rightful owners a lot of real hard cash. My suggestion though is that if you use an online wallet, get a desktop wallet that I personally feel is more secure, transfer all your coins there and make sure you keep it safe. A flash drive in a safe would be better suggestion even still.

Source: The Cryptocurrency Times

Silk Road 2 Hacked And 4000 Bitcoins Stolen

It was only a few months ago that Silk Road was taken offline by the FBI and it’s owner tracked down and arrested. The website offered people a place to trade in illegal goods, everything from murder to drugs seemed to be available for purchase and with the use of both the Tor network and cryptocurreny BitCoin to keep things (seemingly) anonymous, it got away with it for quite some time.

Since the site was shut down there has been a few copycat sites, as well as a few lesser sites coming out of the wood work to fill the void that was created. Now it looks even these copycat sites are being hit as Silk Road 2 moderator Defcon has reported in a forum post that the Silk Road 2 site has been hit by hackers.

He claimed that hackers have used a transaction malleability exploit to hack the marketplace, stealing 4474.26 bitcoins, with a total current value of around $2.7 million, effectively emptying the site’s escrow account. This involved using the Silk Road 2 automatic transaction verification system to order from each other, then request a refund for unshipped goods, with six users ordering and claiming from each other and submitting circular refund requests to move funds around, managing to glitch and exploit the system until they had all of Silk Road 2’s money.

Defcon is calling on the hackers to return the bitcoin. “Given the right flavor of influence from our community, we can only hope that he will decide to return the coins with integrity as opposed to hiding like a coward,” the moderator wrote.

The theft has caused the price of BTC to drop by 50 points, and despite the owner asking for his BitCoins back I can’t help but wonder that he’s wasting his time, what is he going to do, call the cops and tell him that all his drug money has been stolen?

Thank you Tech Crunch for providing us with this information.

Image courtesy of Tech Crunch.

Online Wallet Service Has £650,000 Worth Of BitCoins Stolen

An online “wallet service” for storing Bitcoins has claimed that hackers took a load of virtual currency from their service to the value of £650,000 ($1.04 Million US), but that he will not be taking the matter up with the police!

Things are seriously suspicious on this one, not only should you never really keep your Bitcoins in an online service for fear of something like this happening, but the man who operates as TradeFortress is only giving his word that he is sorry to users of the site.

Since Bitcoins are virtually impossible to trace, let alone recover, the man will not involve police as he feels it would be a waste of time. The man who is only known as TradeFortress has a radio interview with ABC News where he said “I know this doesn’t mean much, but I’m sorry, and saying that I’m very sad that this has happened is an understatement.” he continued “Please don’t store Bitcoins on an internet-connected device, regardless if it is your own or a service’s.”

It is already suspected to be an inside job because of his lack of action to investigate the matter. When 4,100 BitCoins go missing from your business you should act immediately and I’m sure the users and owners of these funds will not be letting the matter rest any time soon.

Thank you BBC for providing us with this information.