It seems that the high temperatures many countries are experiencing at the moment haven’t discouraged hackers, since in the week between July 16 and July 22 they’ve managed to provide a lot of interesting stories.
The week started with a data breach that affected the ASUS eStore. The company was not able to confirm or deny the claims of the group known as NullCrew, but the 23 administrator usernames and passwords they published did seem legitimate enough.
This is not the only website targeted by NullCrew. They also hacked a South African ISP directory, Yale University, and the systems of Net Communications (Netcom).
The Palm Springs Police Officer Association (PSPOA) has also been hacked. The collective responsible for the incident, Grey Security, leaked a username and a clear text password that allegedly belong to the site’s administrator.
RedHack, the hacktivist collective of the moment, once again made headlines after it published a file containing the identities of informants that work with the Turkish police.
They were quiet for a while, but this week they returned. Team GhostShell took credit for leaking 50,000 account details from IT Wall Street, a portal dedicated to IT jobs in the financial services industry.
Skype's source code was leaked; at least that's what the one who published it said. However, after analyzing it, experts revealed that it is actually part of an old reverse engineering project, not the actual source code.
Another clever hacker, 25-year-old Brad Stephenson, has found a way to make fraudulent purchases worth $80,000 (€65,000) from Nike. The scheme went well for around 5 months, after which the US Secret Service came knocking on his door.
The individual who back in 2008 launched distributed denial-of-service attacks against eBay, Amazon and Priceline.com was finally apprehended. Authorities from Cyprus were the ones to put the cuffs on him.
Websites were not the only things that were hacked this week. A security expert demonstrated that he could “hack” handcuffs by using a 3D printer and a laser cutter.
As far as security holes are concerned, a couple of researchers identified one in Minecraft, the popular game. They demonstrated that user accounts can be easily accessed by anyone.
Fortunately, the game’s developer − Mojang – managed to address the vulnerability in a fairly short amount of time.
As always, there’s not a week that goes by without some controversial story. After the owner of the AnonymousIRC Twitter account was accused by WikiLeaks of luring users to unsecure proxies, many believed that a war would begin between the two sides.
However, the hacktivists rushed to deny the allegations.
This week we were also introduced to Madi (Madhi), a piece of malware that targets organizations from the Middle East. While its targets may be similar to the ones of Stuxnet, Duqu and Flame, its modus operandi is far different.
Researchers found that Madi doesn’t rely on exploits, but on an age-old technique known as social engineering.
Since we’re in the malware segment of this security brief, we must remind everyone of the major victory the security industry has had against Grum, the world’s third largest botnet. Over 120,000 computers were turned from zombies into princes and princesses.
We have also learned that sometimes hackers feel sorry for what they’ve done. Such is the case of DoktorBass, an Anonymous hacktivist who leaked 50,000 email addresses and their associated passwords from Women’s Land Link Africa (wllaweb.org) organization.
Shortly after dumping the data, he began to show remorse. He admitted to being “young and stupid” and started urging everyone to stop downloading the information.
The last incident explains the “hatchet” from the title. After being fired, the unhappy employee of an Australian ISP decided to hack his old company. On the same day, he also took an axe and threatened the company’s owner.
To make sure that he will not be forgotten, he also threatened to burn down the building. He has pleaded guilty to his crimes and now he awaits sentencing.
Source