STE WILLIAMS

Win Spectre Laptop with HP and The Register

Cybercroooks are running a wide-ranging password-guessing attack against some of the most widely used blogging and content management systems on the net.

The so-called Fort Disco cracking campaign began in late May this year and is still ongoing, DDoS mitigation firm Arbor Networks warns. Arbor has identified six command-and-control (CC) systems associated with Fort Disco that collectively control a botnet of over 25,000 infected Windows servers. More than 6,000 Joomla, WordPress, and Datalife Engine installations have been the victims of password guessing.

Four strains of Windows malware are associated with the campaign, each of which caused infected machines to phone home to a hard-coded command and control domain.

“It’s unclear exactly how the malware gets installed,” said Matthew Bing, a security researcher at Arbor Networks in a blog post on the attack. “We were able to find reference to the malware’s original filename (maykl_lyuis_bolshaya_igra_na_ponizhenie.exe) that referred to Michael Lewis’ book The Big Short: Inside The Doomsday Machine in Russian with an executable attachment.”

“Another filename, proxycap_crack.exe, refers to a crack for the ProxyCap program. It’s unclear if victims were enticed to run these files, and if so, if that is the only means of infection. The CC sites did not offer additional clues as to the infection mechanism,” he added.

The top three countries with infections are the Philippines, Peru, and Mexico. curiously, it seems the US and Western Europe are underrepresented in the attack, which appears to be using zombie PCs in Latin America and the Philippines to target blogs and content management systems with the “weakest of the weak” passwords, predominantly in Russia and the Ukraine.

Only three types of platforms are under attack: Joomla (/administrator/index.php), WordPress (/wp-login.php), and Datalife Engine (/admin.php). Attackers are using compromised credentials to install a variant of the “FilesMan” PHP backdoor. This password-protected backdoor allows the attacker to browse the filesystem, upload or download files, and execute commands. Arbor has found more than 700 blogs and content management systems compromised in this way.

The ultimate aim of the attack remains, for now at least, unclear, but may involve an attempt to serve exploit kits from compromised sites. This is a continuation of a recent trend of targeting blogs and content management systems to create a powerful platform for cyberattacks, as Arbor notes.

“Beginning with the Brobot attacks in early 2013, we’ve seen attackers focusing on targeting blogs and content management systems,” Arbor’s Bing concludes. “This marks a tactical change in exploiting weak passwords and out-of-date software on popular platforms. By uploading a PHP shell to compromised sites, an attacker can easily issue commands to thousands of compromised sites in seconds.”

“Blogs and CMSs tend to be hosted in data centres with immense network bandwidth. Compromising multiple sites gives the attacker access to their combined bandwidth, much more powerful than a similarly sized botnet of home computers with limited network access by comparison. While we have no evidence the Fort Disco campaign is related to Brobot or denial-of-service activity, we’ve experienced the threat that a large blog botnet can deliver.” ®

Bootnote

Fort Disco is named after one of the strings found in the executable metadata field, which inadvertently left publicly accessible log files that paint a complete picture of the campaign.

Win Spectre Laptop with HP and The Register

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/08/fort_disco_bruteforce_blog_attack/

Win Spectre Laptop with HP and The Register

Cybercrooks have found another application for ransomware, the horrible software that locks up a PC until money is handed over: it’s now being used to push fake antivirus onto victims.

Reveton – a widespread piece of ransomware that infects machines, falsely accuses marks of downloading images of child abuse and demands a fine to unlock the computers – has been adjusted to frighten users into buying craptastic security software.

Said software is bogus antivirus, otherwise known as scareware, which announces the PC is riddled with computer viruses and Trojans, a compelling claim that is also a lie: users are tricked into paying for a full version of the dud software in order to remove the non-existent nasties. Running such programs could utterly compromise the machine and the user’s security.

Christopher Boyd, a senior threat researcher at ThreatTrack Security, has more on this use of ransomware to push sales of scareware in a blog post featuring screenshots here.

The Reveton hijack intercepted by ThreatTrack “ditches the locked desktop in favour of something a little more old school – horror of horrors, a piece of Fake AV called Live Security Professional,” Boyd explained. Users are swooped on by the software nasty after visiting websites contaminated with browser exploits and the like courtesy of the Sweet Orange Exploit Kit.

Internet scumbags have previously used ransomware to peddle survey scams that earned crooks affiliate revenues from dodgy marketing firms. Grafting scareware onto ransomware is simply the next step. ®

Win Spectre Laptop with HP and The Register

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/08/ransomware_scareware_hybrid_scam/

Win Spectre Laptop with HP and The Register

When Tor admitted early this week that some nodes on the network had suddenly and inexplicably gone dark, thanks in part to a malware attack, theories abounded as to just what was going on and why.

That the FBI arrested a man suspected of using Tor to host child pornography distribution services further fuelled speculation that perhaps US authorities had launched an attack on Tor.

Some infosec specialists quickly analysed the malware and suggested it was controlled by an entity using IP addresses associated with defence contractor Science Applications International Corporation (SAIC) and/or the NSA. One and one were promptly put together to suggest three elements explaining the Tor takedown:

• The arrest of porn suspect Eric Eoin Marques was but one action in a wider attack on Tor
• The US government, probably the NSA, created weaponised malware to take down Tor
• SAIC and/or the NSA were the source and/or controller of that malware

A couple of days down the track, that theory is looking rocky, as two of the organisations that helped the malware theory to spread have issued a joint post saying their initial analysis of the malware was wrong.

Cryptocloud and Baneki Privacy Labs write that their initial analysis of the IP addresses used by the “torsploit” probably don’t have anything to do with SAIC. Cryptocloud’s also less-than-certain it’s earlier assertion that NSA IP addresses were involved is right.

The post we’ve linked to above is long, rambling and suggests that even if it is not possible to find an IP address tied directly to the NSA in the Torsploit code, the incident looks an awful lot like the kind of thing the NSA is known to be capable of and interested in.

Edward Snowden’s recent revelations make it plain that the NSA is peering into a great may dark places. Tor’s status as a likely gateway to much of the “dark web” means attempts to gain more intelligence on just what lies within the onion router seem well within the bounds of possibility.

For now, however, the dots aren’t joined. Nor, for what it is worth, is a decent explanation of where Torsploit came from or just how much damage it has done. ®

Win Spectre Laptop with HP and The Register

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/08/infosec_analysts_back_away_feds_attacked_tor_theory/

Win Spectre Laptop with HP and The Register

Poll Web browsers Google Chrome and Mozilla Firefox can reveal the logged-in user’s saved website passwords in a few clicks. There now rages a debate over whether this is an alarming security flaw or a common feature.

Picture this: you’ve been asked to fix a friend’s PC because it’s stopped printing pages properly, or you saunter past an office colleague’s desk and notice her computer has been left unlocked.

If the victim, shall we say, is using Chrome, surf over to chrome://settings/passwords, click on a starred-out saved website password and click on “Show”; rinse and repeat down the list. Voila, you can see his or her passwords in plain text.

Blighty-based programmer Elliott Kember raised the issue this week on his blog and made a persuasive argument that it is a bug that needs fixing:

In a world where Google promotes its browser on YouTube, in cinema pre-rolls, and on billboards, the clear audience is not developers. It’s the mass market – the users. The overwhelming majority. They don’t know [Chrome] works like this. They don’t expect it to be this easy to see their passwords. Every day, millions of normal, every-day users are saving their passwords in Chrome. This is not OK.

Today, go up to somebody non-technical. Ask to borrow their computer. Visit chrome://settings/passwords and click “show” on a few of the rows. See what they have to say.

Kember wants to Google’s browser at least ask users for a password before displaying the credentials in plain text, or warn that they can be accessed in full with a few clicks.

“At this stage, anything would be nice. They’re not acknowledging the fact that millions and millions of Chrome users don’t understand how this works,” he told The Reg. “I’d like to never ever see passwords in plain text without authenticating myself first.”

Chrome’s team lead Justin Schuh responded by arguing that if a miscreant has physical access to the computer then it’s game over anyway, in terms of protecting the user’s system. He added:

I appreciate how this appears to a novice, but we’ve literally spent years evaluating it and have quite a bit of data to inform our position. And while you’re certainly well intentioned, what you’re proposing is that that we make users less safe than they are today by providing them a false sense of security and encouraging dangerous behaviour. That’s just not how we approach security on Chrome.

Some will say the users need some top tips on securing their machines – such as not leaving it unlocked or in the case of a shared computer, not saving passwords. However, worldwide web granddaddy Tim Berners-Lee said the Chrome team’s response was “disappointing” in a tweet:

How to get all you big sister’s passwords http://t.co/CpytKWH9aT and a disappointing reply from Chrome team.

— Tim Berners-Lee (@timberners_lee) August 6, 2013

Going back to our earlier scenarios, if the user prefers Firefox, then open Preferences, hit the “Saved passwords” button in the security tab and then press “Show passwords”. But bear in mind that a master password can be set to protect credentials stored in Mozilla’s browser. The same goes for Opera, which also allows a master password to be set to encrypt the data on disk.

Internet Explorer’s saved passwords can be harvested using nimble Registry skills or a suitable third-party tool. And someone’s written cross-browser JavaScript to extract saved passwords from an open page.

So now we turn the debate over to you: in the style of shag, marry or kill, select whether you shrugged, felt wary or had the sudden desire to kill over this issue:

And don’t forget to comment, of course: what else can mitigate the accidental disclosure of one’s privates to a nosy friend? ®

Win Spectre Laptop with HP and The Register

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/08/browser_password_poll/

Win Spectre Laptop with HP and The Register

Security researchers have uncovered what appears to be a malware-based attack targeting Indian military or government entities and designed to steal information.

The malware linked to the attack “contains specific artifacts that [link it] to a commercial Pakistani entity,” according to security intelligence firm ThreatConnect.

The malware samples – which come in the guise of either a booby-trapped PDF supposedly containing pension information from the Indian government or a Flash video file – were discovered on the systems of a small US Midwest ISP.

On the same subnet in Kansas City, Missouri, researchers found a .zip file full of malware under the guise of a decoy document detailing alleged Pakistani incompetence in locating Osama Bin Laden.

“There are several different self-extracting archive samples (likely targeting campaigns) which used two different decoy methods. One of the decoy methods used PDFs, the second decoy method was Flash videos,” said Rich Barger, director of the ThreatConnect Intelligence Research Team (TCIRT).

“In all instances the malware was shrouded within India/Pakistan-themed content and was hosted with a small subnet that doubled as a command-and-control point.”

The security researchers say words hidden in the malware binaries refer to an infosec company called Tranchulas, as well as one of its employees. The Register points out that the presence of the words does not mean the company is responsible for, or even aware of, the creation of the malware. Writing your name or Twitter handle in the binaries would be akin to scrawling your name at a crime scene.

El Reg contacted Tranchulas, which does consultancy work for the Pakistani government and Telenor Pakistan, and it denied any involvement. The firm told us it had been framed by the writers of the malware.

The infosec company said it had contacted the hosting company of the server where the malware was found to seek an explanation.

In a blog post, ThreatConnect agreed that Tranchulas may well have been framed for involvement in the attack. It also floated the idea that the whole exercise was a penetration test by the Indian government.

“We are not in a position to definitively determine attribution based on the information available to us at this time,” Barger told El Reg. “We will continue to work with the ThreatConnect community to obtain more details and update as appropriate.”

Tranchulas made a lengthy statement denying any involvement in the APT attack:

ThreatConnect published a detailed analysis report on 2nd August 2013 on the malware which uses HTTP service to “collect and exfiltrate documents from victim’s network.” As per subject report, this malware uses aliases that belong to Tranchulas and one of its employees.

The report published in the ThreatConnect has been made on assumptions without thorough investigation concluding that Tranchulas is involved directly or indirectly in the activity of cyber espionage.

The most important and intriguing part of the report emphasizes on the results of the malware analysis that shows the aliases used to build the binaries. The analysis shows two aliases, “Tranchulas” and “umairaziz27”. This has been done by developer of malware to portray wrong impression about Tranchulas and mislead malware analysts. The author of article has overlooked the other aliases used for the binaries i.e. “Cath” and “CERT-India”. These two aliases show how the malware developer is using different aliases each time intelligently to portray different sources.

Tranchulas’ research team was already aware of this incident before publication of this report. Our team contacted hosting company of server to seek an explanation.

Cyber-espionage has hit south Asia – researchers

China is frequently blamed for online attacks that use malware and spear phishing to extract information and are normally geared towards stealing blueprints from key industries such as aerospace and clean energy. But ThreatConnect’s research, though inconclusive about who might be responsible, suggests that regional tensions between India and Pakistan are beginning to spawn so-called APT attacks of their own.

Back in May, Norwegian anti-malware firm Norman AS published a report (PDF) linking India with a cyber-espionage campaign targeting business, government and political organisations in China, Pakistan and other countries for over three years.

Targets included the Pakistani subsidiary of Norwegian telco Telenor, which had reported (in Norwegian) a network breach two months earlier.

Norman’s report at the time noted the word “Appin” cropping up in malware file names, and speculated some actor may be deliberately trying to implicate Indian security company Appin Security Group in the attacks. As we reported at the time, Appin denied any involvement, posting a warning on its home page urging surfers “not to be misled by any communication received through fictitious domains which are purportedly being made by, or on behalf of, our company”.

Appin criticised Norman AS for naming it in its reports.

Reasons why cyberspies would wish to target Telenor Pakistan are not hard to work out, as ThreatConnect explains.

“Telenor Pakistan provides voice, data content and mobile communications to more than 3,500 cities and towns within Pakistan. Persistent remote Indian access to a strategic communications service provider, such as Telenor Pakistan, would certainly yield unparalleled signals intelligence collection capability.” ®

Win Spectre Laptop with HP and The Register

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/07/india_cyberespionage/

Win Spectre Laptop with HP and The Register

Syrian hacktivists have chalked up more media-luvvie victims after hacking into and defacing blogs run by British broadcaster Channel 4.

The Syrian Electronic Army, which backs the regime of President Bashar al-Assad, took over an online diary maintained on behalf of veteran newscaster Jon Snow before posting a fictitious story about a tactical nuclear strike against Syria.

Hacktivists posted a screenshot of the administration panel for the WordPress web publishing software used by the Channel 4 blogs, showing off the grab as a trophy while claiming responsibility for the hack. Early indications suggest the compromise was not exploited to spread malware in drive-by downloads.

“The suspicion has to be that Channel 4 was running an old version of WordPress, vulnerable to a security exploit that allowed the hackers to gain access, or that an administrator had his password fished,” writes security blogger Graham Cluley. “In the last few days, WordPress has released the latest version of its blogging platform – version 3.6.”

Channel 4′s blogs were taken offline in response to the breach and replaced with a message stating “Something’s broken (or we’re making things better)” alongside a picture of characters from The IT Crowd sitcom. A separate section dedicated to Snow on the broadcaster’s news website is running normally.

Cluley posted screenshots of the defacement and subsequent holding message by Channel 4 in a blog post here.

The Syrian Electronic Army (SEA) has hacked numerous media organisation over recent months: it successfully targeted Twitter accounts and other social network profiles run by Al-Jazeera, the Associated Press, BBC, Daily Telegraph, Financial Times, The Guardian, Human Rights Watch, America’s National Public Radio, Thompson Reuters and more. Over recent weeks the group graduated to attacking into the backend systems of VoIP apps, such as Viber and Tango. The SEA also managed to take over three personal email accounts of White House employees, reportedly prompting the FBI to open an investigation.

This latter attack appears to have prompted a decision by Twitter to suspend the Syrian Electronic Army’s official Twitter account, @Official_SEA12. The SEA set up replacement propaganda profiles on Twitter but these too were shut down, much to the apparent frustration of hacktivists who threatened war against Twitter. The SEA is now running a profile called @Official_SEA16, which boasted of the latest attacks against Channel 4.

The spate of attacks against media firms helped push the social network’s rollout of two-factor authentication to secure profiles against the types of phishing attack the Syrian hacktivists specialise in. ®

Win Spectre Laptop with HP and The Register

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/07/c4_hacktivist_defacement/

Win Spectre Laptop with HP and The Register

Latvia will extradite an alleged pusher of the online bank account raiding Trojan Gozi to the US – despite opposition from the Baltic republic’s foreign minister.

Deniss Calovskis, 27, and two other alleged co-conspirators (Russian national Nikita Kuzmin and Mihai Ionut Paunescu, a 28-year-old Romanian) were accused of masterminding the software nasty in an indictment unsealed in January.

The Gozi banking Trojan was used to steal millions of dollars from netizens after infecting one million computers worldwide – including systems at NASA – the US attorney for the southern district of New York alleged.

Kuzmin, who wrote the Trojan, was arrested in the US in November 2010 and pleaded guilty to various computer hacking and fraud charges in May 2011. Calovskis allegedly developed code, known as “web injects”, that altered how the websites of particular banks appeared on computers infected with Gozi. He was arrested in Latvia in November 2012.

Paunescu, who operated under the handle Virus, allegedly supplied the “bulletproof [web] hosting” service that helped Kuzmin and others to distribute the Trojan as well as ZeuS, SpyEye and other malware. Paunescu was arrested in Romania in December 2012.

Extradition requests against Calovskis and Paunescu have been filed in Latvia and Romania, respectively, according to the US Feds.

Latvian foreign minister Edgars Rinkēvičs argued last week that Calovskis ought to face justice in Latvia rather than the possibility of a “disproportionate” sentence if he was extradited to the US. Calovskis potentially faces up to 67 years behind bars if convicted on all charges.

After the Latvian courts approved his extradition to America, the issue fell to a close vote of the country’s cabinet ministers on Tuesday. Seven ministers backed the extradition, against five who voted against and one who abstained, Bloomberg reports. The vote gave a green light to attempts to haul Calovskis over the the US.

However Calovskis’s lawyer, Saulvedis Varpins, told Latvian television station LNT that he intended to appeal the case to the European Court of Human Rights, Reuters reports. The 27-year-old denies any wrongdoing. ®

Win Spectre Laptop with HP and The Register

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/07/gozi_trojan_suspect_extradition/

Win Spectre Laptop with HP and The Register

Barely two months after rolling out two-factor authentication, Twitter has beefed up its login procedures yet again, both to improve security and to make two-factor available to more Twitter users worldwide.

Twitter launched two-factor authentication in late May with a system based on SMS messaging. While that was good enough for many users, however, it did present some problems.

For one thing, verification via SMS is only available via supported mobile carriers, which isn’t all of them. For another, using SMS as a security mechanism relies on the SMS delivery channel being secure, and some carriers’ text messaging systems might not be.

On Tuesday, Twitter rolled out an update to its two-factor authentication scheme that can optionally make use of the Twitter mobile app for Android and iOS, rather than SMS.

“Simply tap a button on your phone, and you’re good to go,” Twitter security engineer Alex Smolen wrote in a blog post. “This means you don’t have to wait for a text message and then type in the code each time you sign in on twitter.com.”

The app approach offers other advantages, as well. Because it’s based on public-key cryptography, it’s inherently more secure than the SMS approach. The mobile app generates a public/private key pair and Twitter only stores the public key, while the private key never leaves the user’s phone. As a result, an attacker won’t be able to fake a login even if Twitter’s authentication server is compromised.

When the app receives a login verification request, it will also tell you details about the browser that is being used to make the login attempt, including its approximate location – so if you see any suspicious logins from Iran, you’ll know not to approve them.

The app also generates a “backup code” during the setup process, which it advises you to write down and keep in a safe place. In the event you ever lose your phone, you can use the backup code to login to Twitter, un-enroll your old phone from login verification, and enroll your new one.

As before, login verification is optional and can be enabled from any Twitter account’s Settings panel. To take advantage of the new, app-based authentication process, you’ll need to update to version 5.9 of the Twitter app for iOS or version 4.1.4 of Twitter for Android, both of which shipped on Tuesday. ®

Win Spectre Laptop with HP and The Register

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/07/twitter_hardens_two_factor_authentication/

Win Spectre Laptop with HP and The Register

The single-click Google account login for Android apps is a little too convenient for hackers, according to Tripwire’s Craig Young, who has demonstrated a flaw in the authentication method.

The mechanism is called “weblogin”, and basically it allows users to use their Google account credentials as authentication for third-party apps, without sharing the username and password itself: a token is generated to represent the user’s login details.

Young claimed the unique token used by Google’s weblogin system can be harvested by a rogue app and then used to access all of the advertising’s giants services as that user.

To demonstrate the flaw at this month’s Def Con 21 hacking conference in Las Vegas, Young created an Android app that asks for access to the user’s Google account to display stocks from Google Finance.

Assuming the user grants permission the app, it issues a token to access the requested data. The rogue app sends that token back to the hacker, who can paste it into a web session to access all of the user’s Google services, said Young.

That includes unrestricted access to Gmail, Google Drive, Google Calendar and so forth, even though the permission was only given for an Android app to access Google Finance, we’re told.

Users do have to give multiple permissions to the app first: to access local accounts; to access the network; and to kick off a web session accessing finance.google.com – the last bit being when the web-usable token is issued. But if the user is expecting integration with Google Finance, then none of that would surprise them.

Handing over the keys to their Google Drive files would, however.

Once the miscreant has a valid token then they could see their mark’s search history, among other things. Young points out that should our victim happen to be a Google Administrator then the attacker could take control of the administered accounts, changing passwords, modifying privileges, etc.

But they’ll have to move fast – Google’s automated scanning may not have noticed the app’s behaviour (his rogue app was only removed from the Google Play app store following a complaint despite being clearly marked as a security test) but since being informed about the vuln in February the Chocolate Factory has been working to close the security hole. (The the PC World blog has more details on the bloke’s research.)

The flaw is typical of what happens when simplicity overtakes security in developers’ order of priorities. It’s unlikely that anyone but the most-dedicated spear-phisher would take advantage of a flaw like this, but its exposure reminds us to be aware of the permissions we grant – and keeps Google et al fixing flaws which shouldn’t exist in the first place. ®

Win Spectre Laptop with HP and The Register

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/06/android_oneclick_authentication_open_to_hacking/

Win Spectre Laptop with HP and The Register

Middle England will be shocked to discover that the Daily Mail‘s website, the world’s most read online newspaper, has only gone and admitted to a shameful data security cock-up.

The publication – which is known for displaying loads of pictures of tits and ass online normally alongside an equal amount of outrage about tits and ass online – was alerted to fact that there was an “URGENT problem” with its users’ profiles.

(Mail Online – which has just celebrated unaudited record readership figures of 134 million unique browsers in July – is not exactly the online version of the right-wing Daily Mail as much of its content would never be published in the paper edition.)

The outlet’s senior communities editor Tessa Meneux, who has the thankless task of wrangling Daily Mail commentards, breathlessly confessed at lunchtime today:

Hello

I’ve been frantically emailing readers this morning.

Last night we had a technical issue with our user profile and login service that resulted in a bug with the display of user profiles. When viewing your profile page users were presented with a copy of another user’s profile page instead of their own. The issue is now resolved.

We take your privacy very seriously and we would like to reassure you that we have undertaken several rigorous tests to ensure that your data is secure. Other users were never able to see your password or other encrypted data, post comments on your behalf or make any changes to your profile.

Thank you for your patience and please accept our apologies for any inconvenience caused. If you have any further questions or concerns about this matter, please let us know.

At time of writing, however, it’s unclear whether the newspaper had turned itself into the Information Commissioner’s Office. Meneux certainly didn’t suggest that the UK’s data regulator had been made aware of the breach.

The Register has very kindly done the legwork for the Mail by passing on the details of the blunder to the ICO.

Meanwhile, some Mail Online readers appeared utterly disgusted with the security gaffe. Some readers complained that they were greeted with someone else’s full name, date of birth and email address.

One user frothed: “That was a serious breach of security … wish I had known I would never have joined this forum … was there any compensation offered for the security breach? If not why not???”

Another, meanwhile, couldn’t resist the opportunity to simply blame the internet:

Am truly disgusted by this news and it’s another nail in the coffin of despicable things that happen all the time now. This strengthens my ‘argument’ for not going cyber … once you are cyber, ‘they’ got you by the short n curlies.

We’ll update this story if the Mail does furnish us with a statement. ®

Win Spectre Laptop with HP and The Register

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/06/daily_mail_data_breach/