Latest Anonymous Havoc, Resurgent Spam Lead Week's Security News

More criminal vandalism by Anonymous, rebounding spam volumes and the risks of insider threats lead the world's IT security news for the past week.

It's becoming quite a routine event with the Anonymous hacker's group welcoming Mondays with a fresh data dump of personal information belonging to innocent people.

This time, the targeted Website was, the trip planning and services portal for the San Francisco region's Bay Area Rapid Transit. Anonymous supposedly breached the site using a SQL injection attack and stole information to protest the regional transit authority's decision last week to shut down cellular service on some of its stations.

The decision was made to prevent protestors from organizing demonstrations at BART stations against two recent fatal shootings by the transit police. Anonymous didn't stop with just a virtual attack, as it also helped organize a physical demonstration in San Francisco.

A person claiming to be a member of Anonymous followed up with another attack on the BART Police Officer Association Website and publicized personal information belonging to 102 transit police officers. Interestingly enough, the main Anon Twitter account did not claim responsibility for the hack as an authorized operation.

If that wasn't enough Anon activity, some of the attackers went after defense contractor Vanguard Defense Industries to steal thousands of emails and documents. Released under the AntiSec banner, the attackers went after VDI to further their goal of exposing government documents.

Hackers aren't really synonymous with the attacks wrought by Anonymous, and eWEEK provided a look at some of the world's best-known hackers this past week. Complaints about people left off the list were inevitable. Comedy Central host Stephen Colbert interviewed one of the people on the list, Kevin Mitnick, on his Colbert Report show on the Comedy Central cable channel last week.

During the course of the interview, Colbert wondered aloud whether the United States government shouldn't be hiring folks like Mitnick as "secret weapons" against enemy nation-states that are attacking American networks. There are plenty of former hackers who have gone on to work for the government (Jeff Moss, Black Hat founder, for one), so perhaps Mitnick might get a phone call soon.

A pair of recently released reports found that organizations are leaving themselves vulnerable to attack. The report from Qualys found that more than 80 percent of Websites aren't implementing SSL correctly,0 and a Protegrity report found that recent data breaches at Citigroup, Epsilon and Sony could have been prevented if the companies had implemented basic security measures beforehand.

Data breaches aren't always by outsiders, as pharmaceutical company Shionogi well knows. A former Shionogi IT administrator remotely logged into the company's network from a free WiFi hotspot in a local McDonald's after being laid off.

During his intrusion, he deleted the company's virtual infrastructure, equivalent to 88 physical servers, and brought the company to a standstill as it tried to recover data. Organizations are so worried about external malware and cyber-attacks damaging systems or stealing data that they aren't paying attention to the kind of power their former and current employees have. Organizations should promptly change all passwords when key IT personnel leave and regularly monitor production databases to make sure all users are current and authorized.

Malware and spam continued to dominate headlines as security companies warned about an Android Trojan variant that not only records phone calls, but actually answers incoming calls without the user being aware of it.

The source code for the SpyEye Trojan was also released, in a manner of speaking, as the malware toolkit's "lock" to restrict how many times people can install the software has been cracked. Now malware developers can skip shelling out $10,000 for the kit and go for the cracked version of the software. Online piracy doesn't just exist for legitimate software, it seems. The pirates are all too happy to rip off other pirates.

Security researchers are noticing a massive spam outbreak for the first time since Rustock's American command-and-control servers were taken offline in March. Spam volumes jumped dramatically the week of Aug. 8 and continued increasing the week of Aug. 15, according to Avi Turiel, director of product marketing at Commtouch.

While total spam volume jumped last week, researchers at M86 Security noticed a significant increase in malicious spam. The majority of the malicious spam appeared to be coming from the Cutwail botnet, although the Festi and Asprox botnets are among the other contributors.