Thursday 28 July 2016

Ex-CitiBank worker sentenced to 21 months for crippling the network

A former employee of Citibank has been sentenced to 21 months in prison for crippling the bank's internal network.

Lennon Ray Brown was given the nearly two-year jail term – along with a $77,000 fine – by a Northern Texas District Court this week after he pleaded guilty to one count of intentional damage to a computer.
Brown, 38, admitted that on December 23, 2013, he issued commands to wipe the configuration files on 10 core routers within Citibank's internal network.

The resulting outage hit both network and phone access to 110 branches nationwide – about 90 per cent of all Citibank branch offices.

Brown had been working at Citibank's Irving, Texas, corporate office since 2012, first as a contractor and later as a staff employee, when he was called in by a manager and reprimanded for poor performance.

At that point, the US Department of Justice said, Brown uploaded a series of commands to Citibank's Global Control Center routers, deleting the config files for nine of the routers and causing traffic to be re-routed through a set of backup routers. Court documents show that while there was not a complete outage, the re-routing led to "congestion" on the network and at the branch offices.

Brown said the following in a text message to a coworker shortly after the incident:
They was firing me. I just beat them to it. Nothing personal, the upper management need to see what they guys on the floor is capable of doing when they keep getting mistreated. I took one for the team.
Sorry if I made my peers look bad, but sometimes it take something like what I did to wake the upper management up.
Brown admitted the intentional damage charge in February.

Tuesday 26 July 2016

O2 customer data sold on #Darknet #Cyber

O2 customer data is being sold by criminals on the dark net, the Victoria Derbyshire programme has learned.
The data was almost certainly obtained by using usernames and passwords first stolen from gaming website XSplit three years ago to log onto O2 accounts.
When the login details matched, the hackers could access O2 customer data in a process known as "credential stuffing".
O2 says it has reported the case to police, and is helping the inquiry.
It is highly likely that this technique will have been used to log onto other companies' accounts too.
The data for sale included users' phone numbers, emails, passwords and dates of birth.
It was shown to the BBC by an ethical hacker, who found the information listed for sale on a dark net market. The dark net is a part of the internet that is only visible to people using specialist web browsers, and is often used for illegal activity.
Cited and more on this story at the BBC News

Friday 8 July 2016

Wendy's hit by massive #Cyberhack #Databreach

The company reported suspicious activity earlier this year, but the scale of the breach is far bigger than first anticipated.
At least 1,025 of its restaurants were targeted - with debit and credit card information stolen.
The company did not speculate how many people may have been affected, though it did say all of the locations were in the US.
Malware - malicious software - had been installed on point-of-sale systems in the affected locations.
The chain said it was confident the threat had been removed, and was now offering help to customers who may have been affected.
Help includes the offer of one year of "complimentary" fraud protection services.
In a statement outlining the details of the attack, Wendy's said the malware could have been operational in its restaurants from as early as Autumn 2015.
Suspicious activity was noticed in February of this year. The company went public with this discovery in May - saying it believed around 300 restaurants had been affected.
But with the number rising to more than 1,000, this hack ranks among one of the most significant in US history.
The Wendy's hack bears some similarity to the attack on Target in 2013. In that breach, around 40 million customers' details were stolen via malware installed on point-of-sale computers.
Wendy's has blamed a third-party for the intrusion, saying a "service provider" that had remote access to the till systems was compromised.
The company did not say who that service provider was, nor did it explain why it had remote access to the tills of 1,025 of the firm's 5,700 restaurants.
The company has set up a page for customers to check if a restaurant they bought food from has been affected.