Cyber-Attacks on Police Sites, Warning to RIM Lead Week's Security News
Anonymous group cyber-attacks against 70 United States law enforcement agency networks along with the threats it made against Research-In-Motion were among the most significant security news events of the past week
Anonymous kicked off the week with a data dump containing data from 70 United States law enforcement agencies. The almost-10 GB BitTorrent file contained confidential data such as informants tips, sensitive personal information and e-mail. Names, addresses, credit card numbers and Social Security numbers of individual law enforcement officials were also stolen and publicized.
Identity Finder used its data leak prevention tool to analyze the data cache and found 2,719 Social Security numbers, 15,798 dates of births, 8,214 passwords, 45,764 postal addresses, eight credit card numbers, 53 driver's license numbers, 89,589 telephone numbers and 1.5 million addresses.
There were plenty of duplicates for each data type. The stolen Social Security numbers would put people at risk because their full names, addresses and dates of births were also available, making it easy for a cyber-criminal to open up a credit card account or steal a tax refund, according to Identity Finder.
Anonymous also went after Research in Motion and defaced the Inside BlackBerry blog. The Canadian smartphone company had posted on Twitter that it will cooperate with United Kingdom police to investigate the people taking part in the riots that have engulfed London and the surrounding areas.
There were unsubstantiated rumors that RIM was going to suspend its popular BlackBerry Messenger service after reports emerged that the London rioters were using the free service to meet up with like-minded people and coordinate their activities.
Even though RIM didn't specify exactly what it meant by assisting the investigation, Anonymous warned the company that if it handed over any data about customers using the service, or the actual communications, it will release the database containing employees' personal information.
China gets blamed for practically every high-profile cyber-attack in the United States. This week, Chinese officials got to do a little bit of finger-pointing of their own, as China's top cyber-threat agency released a report that found nearly half of the attacks on Chinese systems came from foreign countries, with the United States leading the pack.
The report included several types of threat vectors, including Trojans, e-mail borne malware and botnets. India and Turkey were also named as being the source of many attacks against China. However, Chinese officials did note that cyber-criminals using proxy servers and other stealth technologies make it hard to say with any final authority where the attacks originated from.
Microsoft released its Patch Tuesday updates for August this week. Of the 13 patches, two were considered critical and fixed vulnerabilities in Windows Server 2008 and all versions of Internet Explorer. Interestingly enough, there were a high number of low-level vulnerabilities fixed in this release, including one that exposed computer systems to a 1990s-style "ping of death" attack.
Google and Facebook were busy addressing security on their respective social networking platforms. Facebook announced it was testing a mobile version of its anti-bullying tool and would implement new ways to reset passwords from the mobile device in case the user is locked out of the account. Google fixed a bug in its instant messaging feature in Google+ and promised to enforce its policy requiring users to use their real names on G+ profiles.