STE WILLIAMS

Five charged as Feds bust largest credit-card hack in history

Magic Quadrant for Enterprise Backup/Recovery

Federal prosecutors in New Jersey say they’ve busted what could be the biggest credit card hacking fraud in US history, with companies such as NASDAQ, 7-Eleven, and Dow Jones falling prey to an Eastern European criminal gang.

According to the indictment, the gang stole data on up to 160 million credit cards and then sold them on in underground forums so that they could be written onto blank cards and be used to withdraw funds. The losses for just three of the many companies they targeted came to over $300m, according to the authorities.

“This type of crime is the cutting edge. Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy, and our national security,” said US Attorney Paul Fishman in a statement.

“This case shows there is a real practical cost because these types of frauds increase the costs of doing business for every American consumer, every day. We cannot be too vigilant and we cannot be too careful.”

The five men – four Russians and a Ukrainian national – were charged with conspiracy to gain unauthorized access to computers and wire fraud, with additional charges that could see four of the five each facing an extra 120 years in prison.

The government alleges that two of the Russians, Vladimir Drinkman, 32, and Alexandr Kalinin, 26, were the group’s hacking team who carried out the penetration of target firms, usually exploiting SQL attacks and then installing trojan software to harvest credit card and personal information from corporate servers.

The two are well known to prosecutors as former associates of cybercrime-kingpin-turned-US-Secret-Service-snitch-turned-recidivist-cyberblagger Albert Gonzalez and are thought to have been the duo behind the successful 2009 hacking of Heartland Payment Systems.

Once the data had been slurped it was passed over to the team’s Russian analyst Roman Kotov, 32, who identified the most valuable credit cards and the ancillary information needed to use the numbers for fraudulent traffic, the government claims.

This was then passed on to Muscovite Dmitriy Smilianets, 29, for resale on undergrounds message boards, with the Ukrainian Mikhail Rytikov, 26, providing the anonymous ISP services to enable the sale.

The gang sold US credit-card data ready to be slapped onto a blank card for around $10 per number, while Canadian cards went for $15, and European cards for $50 per user. The gang sold only to credentialed underground buyers, and offered volume discounts for larger buyers.

Drinkman and Smilianets were arrested in the Netherlands in June 2012 after the Dutch police were tipped off by the US authorities and are currently being extradited to the US for trial. Kalinin, Kotov, and Rytikov are still at large.

“As is evident by this indictment, the Secret Service will continue to apply innovative techniques to successfully investigate and arrest transnational cyber criminals,” said Special Agent in Charge Mottola of the Newark, New Jersey, Field Office.

“While the global nature of cyber-crime continues to have a profound impact on our financial institutions, this case demonstrates the global investigative steps that U.S. Secret Service Special Agents are taking to ensure that criminals will be pursued and prosecuted no matter where they reside.” ®

Magic Quadrant for Enterprise Backup/Recovery

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/26/five_charged_as_feds_bust_largest_creditcard_hack_in_history/

Japanese police bust poker-playing IT boss for Android malware

Cloud storage: Lower cost and increase uptime

Police in the Chiba Prefectural zone of Japan have arrested nine people suspected of making nearly $4m by distributing malware that harvested mobile user’s contact information and using it for a fake dating website.

The arrests came after a joint operation between the police and Symantec, and the security company reports that the possible ringleader of the group is Masaaki Kagawa, president of IT firm Koei Planning and a semi-professional poker player who has netted over $1.5m in winnings from tournament play over in the last six years.

Since 2007 he’s competed in a variety of games on the international poker circuit in London, Las Vegas, Monte Carlo, and Australia, with some success and the occasional massive loss. If convicted, however, Kagawa won’t be playing high-stakes poker for some time to come.

Kagawa and his associates are accused of using a wide variety of applications to spread the Android malware, Enesoluty, across third-party Android apps forums via 150 hosted domains. The malware harvested the email addresses of its victims, and it seems these were used to drive traffic to a phony dating website.

Those who signed up for the dating site would be bombarded by messages from “people” wanting to talk with them, at the price of conversation tokens. A few people with multiple personas would encourage ever-longer conversations with no chance of meeting a flesh-and-blood date.

“The mobile malware was just a step towards his real scheme which was to send out spam about his dating site and get people to sign up over there and not really get any service,” Vikram Thakur, principal research manager at Symantec Security Response, told The Register.

“By getting signups is where he made his money, but that’s not to say that he didn’t also sell the contact information on to spammers and the like,” Thakur said.

From the looks of some of the applications the malware distributors were pushing, they will have scooped the dumbest of users, so the email lists would have been perfect for psychics and pitchers of other such wondrous illogicalities.

One application promised to turn the screen of the smartphone into a solar cell that would charge up the handset, while another app let users jiggle the breasts of a cartoon figure. In all cases, the infected application asked for contact details, despite there being no logical need for such data.

“There’s a sucker born every minute,” the American scammer PT Barnam is reported to have said – and based on the gang’s results he was right. These lamentable apps harvested 37 million email addresses from around 810,000 Android devices.

Researchers at Symantec started picking up infections from Enesoluty in September last year and began analyzing the code. Thakur said it became clear that the malware didn’t come from one of the many automatic malware generating kits available online, but was being written specifically by a group of programmers to harvest contact details.

Further examination of the code showed details of where the purloined contact details were being routed through, and Symantec contacted the local police to see if the culprits could be caught. Thakur said the local police were “very switched-on” when it comes to this kind of crime. Maybe US investigators could get some tips from them. ®

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/25/japanese_police_bust_pokerplaying_it_boss_for_android_malware/

Japanese police bust poker-playing IT boss for Android malware

Cloud storage: Lower cost and increase uptime

Police in the Chiba Prefectural zone of Japan have arrested nine people suspected of making nearly $4m by distributing malware that harvested mobile user’s contact information and using it for a fake dating website.

The arrests came after a joint operation between the police and Symantec, and the security company reports that the possible ringleader of the group is Masaaki Kagawa, president of IT firm Koei Planning and a semi-professional poker player who has netted over $1.5m in winnings from tournament play over in the last six years.

Since 2007 he’s competed in a variety of games on the international poker circuit in London, Las Vegas, Monte Carlo, and Australia, with some success and the occasional massive loss. If convicted, however, Kagawa won’t be playing high-stakes poker for some time to come.

Kagawa and his associates are accused of using a wide variety of applications to spread the Android malware, Enesoluty, across third-party Android apps forums via 150 hosted domains. The malware harvested the email addresses of its victims, and it seems these were used to drive traffic to a phony dating website.

Those who signed up for the dating site would be bombarded by messages from “people” wanting to talk with them, at the price of conversation tokens. A few people with multiple personas would encourage ever-longer conversations with no chance of meeting a flesh-and-blood date.

“The mobile malware was just a step towards his real scheme which was to send out spam about his dating site and get people to sign up over there and not really get any service,” Vikram Thakur, principal research manager at Symantec Security Response, told The Register.

“By getting signups is where he made his money, but that’s not to say that he didn’t also sell the contact information on to spammers and the like,” Thakur said.

From the looks of some of the applications the malware distributors were pushing, they will have scooped the dumbest of users, so the email lists would have been perfect for psychics and pitchers of other such wondrous illogicalities.

One application promised to turn the screen of the smartphone into a solar cell that would charge up the handset, while another app let users jiggle the breasts of a cartoon figure. In all cases, the infected application asked for contact details, despite there being no logical need for such data.

“There’s a sucker born every minute,” the American scammer PT Barnam is reported to have said – and based on the gang’s results he was right. These lamentable apps harvested 37 million email addresses from around 810,000 Android devices.

Researchers at Symantec started picking up infections from Enesoluty in September last year and began analyzing the code. Thakur said it became clear that the malware didn’t come from one of the many automatic malware generating kits available online, but was being written specifically by a group of programmers to harvest contact details.

Further examination of the code showed details of where the purloined contact details were being routed through, and Symantec contacted the local police to see if the culprits could be caught. Thakur said the local police were “very switched-on” when it comes to this kind of crime. Maybe US investigators could get some tips from them. ®

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/25/japanese_police_bust_pokerplaying_it_boss_for_android_malware/

Japanese police bust poker-playing IT boss for Android malware

Cloud storage: Lower cost and increase uptime

Police in the Chiba Prefectural zone of Japan have arrested nine people suspected of making nearly $4m by distributing malware that harvested mobile user’s contact information and using it for a fake dating website.

The arrests came after a joint operation between the police and Symantec, and the security company reports that the possible ringleader of the group is Masaaki Kagawa, president of IT firm Koei Planning and a semi-professional poker player who has netted over $1.5m in winnings from tournament play over in the last six years.

Since 2007 he’s competed in a variety of games on the international poker circuit in London, Las Vegas, Monte Carlo, and Australia, with some success and the occasional massive loss. If convicted, however, Kagawa won’t be playing high-stakes poker for some time to come.

Kagawa and his associates are accused of using a wide variety of applications to spread the Android malware, Enesoluty, across third-party Android apps forums via 150 hosted domains. The malware harvested the email addresses of its victims, and it seems these were used to drive traffic to a phony dating website.

Those who signed up for the dating site would be bombarded by messages from “people” wanting to talk with them, at the price of conversation tokens. A few people with multiple personas would encourage ever-longer conversations with no chance of meeting a flesh-and-blood date.

“The mobile malware was just a step towards his real scheme which was to send out spam about his dating site and get people to sign up over there and not really get any service,” Vikram Thakur, principal research manager at Symantec Security Response, told The Register.

“By getting signups is where he made his money, but that’s not to say that he didn’t also sell the contact information on to spammers and the like,” Thakur said.

From the looks of some of the applications the malware distributors were pushing, they will have scooped the dumbest of users, so the email lists would have been perfect for psychics and pitchers of other such wondrous illogicalities.

One application promised to turn the screen of the smartphone into a solar cell that would charge up the handset, while another app let users jiggle the breasts of a cartoon figure. In all cases, the infected application asked for contact details, despite there being no logical need for such data.

“There’s a sucker born every minute,” the American scammer PT Barnam is reported to have said – and based on the gang’s results he was right. These lamentable apps harvested 37 million email addresses from around 810,000 Android devices.

Researchers at Symantec started picking up infections from Enesoluty in September last year and began analyzing the code. Thakur said it became clear that the malware didn’t come from one of the many automatic malware generating kits available online, but was being written specifically by a group of programmers to harvest contact details.

Further examination of the code showed details of where the purloined contact details were being routed through, and Symantec contacted the local police to see if the culprits could be caught. Thakur said the local police were “very switched-on” when it comes to this kind of crime. Maybe US investigators could get some tips from them. ®

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/25/japanese_police_bust_pokerplaying_it_boss_for_android_malware/

Raid millions of bank accounts. New easy-to-use tool. Yours for $5,000

Cloud storage: Lower cost and increase uptime

Cybercrooks have brewed a new professional-grade Trojan toolkit called KINS that will pose plenty of problems for banks and their customers in the months and years ahead.

KINS promises the ease of use of bank-account-raiding software nasty ZeuS combined with the technical support offered by the team behind Citadel (which withdrew its banking Trojan from sale in December).

KINS – which infects Windows PCs at a very low level and snoops on victims’ online banking to drain their accounts – therefore seems to be well poised to exploit a gap in the market created by Citadel’s absence, according to Limor Kessem, a security researcher at RSA.

“The moment Citadel was off the market, the deep-web enclaves, where fraudsters congregate, became awash with fraud-as-a-service deals for Trojan binaries and hosting packages,” Kessem explains in an engaging blog post.

“During the dry months that had suddenly befallen the lower ranking cyber criminals, a few shady malware developers attempted to make a few bucks by trying to appease them with basic malware and converted HTTP botnets – Trojans that carry out lists of tasks, equipped with a form-grabber – but even the pseudo return of the Carberp Trojan left the underground hungry for more.”

“The clear and resounding truth was that botmasters have not had to face such a situation since the Limbo Trojan was released in 2005. The ongoing turbulence since the leak of the Zeus code in mid-2011 has not given way to a stable offering in the underground, and it seems that professional cybercrime malware developers are just not what they used to be,” she adds.

Cybercrooks were even willing to team up to finance a banking Trojan project, Kessem reports. RSA researchers first heard whisperings from the digital underground about a new cybercrime tool called KINS in February.

Today, five months after the rumours first surfaced, a software vendor in a closed Russian-speaking online forum announced the open sale of the KINS Trojan to the cybercrime community. The Trojan is on offer for $5,000 via the WebMoney digital currency. For now, KINS only targets Microsoft-powered machines outside of Russia.

The seller denied all ties to other Trojans but RSA reports the newcomer already shares many of the features of Zeus and SpyEye, the two principle agents of malware-powered bank theft worldwide over recent years.

The KINS architecture is built like both Zeus and SpyEye, with a main blob of code and DLL plugins. Crucially, the Trojan toolkit requires no technical skills to use, a pioneering feature of ZeuS.

The new cybercrime toolkit also comes with an anti-Rapport plugin that featured in SpyEye, designed to foil Trusteer’s widely deployed transaction security tool. It’s unclear how effective this technology is in practice.

Criminals can manage infected PCs using RDP (the Remote Desktop Protocol), a communications channel previously used by SpyEye.

KINS is specifically designed not to infect systems in Russia and the Ukraine by avoiding computers with Russian language keyboard settings, a feature that was first introduced by Citadel in January 2012.

The feature offers a way for cybercrooks based in Russian to avoid the attentions of local cops.

The unknown KINS developer appears to have learned lessons from his predecessors, according to Kessem. For one thing KINS has been kept well away from Trojan trackers, a problem that plagued SpyEye and ZeuS. Trojan trackers log the command-and-control servers associated with banking Trojan attacks, helping to mitigate the consequences of malware compromises as well as assisting zombie network takedown efforts.

KINS is designed to spread using popular exploit packs such as Neutrino. KINS is capable of easily infecting machines running Windows 8 and other x64 operating systems, and features technology to embed itself in computers so that it’s activated almost as soon as the machines are powered on. That makes infections both more stealthy and harder to eradicate.

“With all other major malware developers choosing to lay low to avoid imminent arrest by law enforcement authorities, KINS’ author is very sure to see an immediate demand for his Trojan, so long as he can avoid capture himself and as soon as high-ranking peers sign off on its crime-grade quality,” Kessem concluded. “As that happens, anti-fraud teams around the world may be dealing with a new Trojan in the very near future.” ®

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/25/kins_banking_trojan/

World+Dog hates PRISM: Cloud Security Alliance

Magic Quadrant for Enterprise Backup/Recovery

Edward Snowden’s PRISM revelations will soon impact the balance sheets of US cloud vendors, according to the Cloud Security Alliance.

The group claims the latest survey (PDF) of its 500 members suggests the NSA leaks would make more than half non-US the respondents think twice about hosting their data with American-based providers, and more than 90 percent believe companies should be able to publish transparency-style reports about Patriot Act requests for customer data.

The Patriot Act has frequently emerged as a significant concern among non-US corporations. For example during 2012, Rackspace and Australian provider Macquarie Telecom sniped at each other over such risks. Rackspace had described statements that data stored in the US becomes subject to American snooping as “mischievous”.

Sanguinity about the Patriot Act is no longer in vogue, however: 86 per cent of respondents worldwide believe that bit of legislation should either be abandoned entirely, or should be altered to provide better transparency about, and oversight of, its operations.

However, American respondents to the survey don’t believe the data sovereignty issue is going to dent their business, with 64 percent of those saying the Snowden affair isn’t making it harder to conduct business offshore. ®

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/25/worlddog_hates_prism_cloud_security_alliance/

Malicious Android master key apps found in China: Symantec

Magic Quadrant for Enterprise Backup/Recovery

Virus-hunter Symantec says the Android master key vulnerability is being exploited in China, where half-a-dozen apps have showed up with malicious content hiding behind a supposedly-safe crypto key.

The simple, straightforward and utterly stupid vulnerability arises because, as Bluebox Security demonstrated recently, someone with evil intent and hardly any expertise can pack an Android APK package (a Zip file under another extension) with files carrying the same name as those in the archive.

As noted by El Reg here, Android’s crypto system verifies the first version of any repeated file in an APK – but the installer picks up the large version. On 22 July, BitDefender identified a number of apps popping up on the Google Play store.

Now, Symantec has joined the party, identifying apps in China that have been exploited with the vulnerability to plant malicious code. There’s two apps designed for doctor-finding, a news app, an arcade game, and a betting/lottery app.

The good news for Androiders outside the Great Firewall is that all the malicious apps were being distributed on Chinese Android marketplaces rather than Google Play.

Symantec’s post states that the same attacker embedded code in all the compromised apps. The aim of the attack is to remotely control devices, steal data such as IMEI and phone numbers, send premium SMS messages, and on rooted devices, disable some Chinese mobile security apps. ®

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/25/malicious_android_master_key_apps_found_in_china_symantec/

LinkedIn snaps shut OAuth login token snaffling vulnerability

Magic Quadrant for Enterprise Backup/Recovery

Facebook-for-bosses website LinkedIn has fixed a security vulnerability that potentially allowed anyone to swipe users’ OAuth login tokens.

The flaw came to light after British software developer Richard Mitchell discovered part of the LinkedIn’s customer help website handed out the private OAuth token of the logged-in user. These otherwise secret tokens can be used by anyone to masquerade as LinkedIn users linked to those tokens, and potentially access profile information using APIs.

Before handing over the sensitive data, JavaScript code on the help site merely checked that the previously visited page was served from LinkedIn.com – a trivial HTTP referrer check that can be easily circumvented. Thus, someone could log into LinkedIn and surf to a malicious web page with code embedded to poke the help site for the victim’s OAuth token.

“I quickly found a request to a JavaScript file including the API key for the help system which immediately returned an OAuth token for the user,” Mitchell explained in a blog post.

“You shouldn’t trust JavaScript or the referrer header exclusively for any kind of authorisation policy.”

Losing control of an OAuth token is a great deal less serious than compromised login credentials, but it’s still bad news. Fortunately the LinkedIn flaw was identified and responsibly disclosed before any harm came of the bug.

Mitchell privately reported the flaw on 3 July. The social network was able to squash the bug within a couple of days, and sent Mitchell a t-shirt as a small thank you for his efforts. The “fix” involved disabling requests without HTTP referrers, according to Mitchell.

A LinkedIn spokesman confirmed to El Reg that Mitchell’s account of the bug find was accurate. “We can confirm that we were notified of the OAuth vulnerability and took immediate action to fix the issue, which was resolved by our team within 48 hours of being notified,” he said. ®

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/25/linkedin_oauth_token_snaffling_vuln/

UK pots ‘n’ pans outfit Lakeland scalded by hack attack

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

UK homeware retailer Lakeland is asking its customers to change their passwords as a precaution following a hack attack that allowed cybercrooks to reach two of its encrypted databases.

Lakeland sent an email to customers late on Tuesday admitting the breach, and informing them that it was resetting passwords. Users will be obliged to create a new password the next time they log in or try to shop with the retailer. The breach, which Lakeland detected last Friday (19 July), involved two encrypted databases. In a statement on its website, Lakeland admits it doesn’t yet know if any data was actually stolen, though it’s fair to point out that it’s only days into a breach investigation and any computer forensics work takes time to do properly.

Late on Friday July 19th we discovered that the Lakeland website was being attacked by hackers in a sophisticated and sustained attack. Immediate action was taken to block the attack, repair the system and to investigate the damage done and this investigation continues.

Today it has become clear that two encrypted databases were accessed, though we’ve not been able to find any evidence that the data has been stolen. However, we have decided that it is safest to delete all the customer passwords used on our site and invite customers to reset their passwords. Next time you log in to your Lakeland account you will be asked to reset your password and provide a new one. It is not necessary to do this straight away, just the next time you want to use the account.

We also advise, as a precaution, that if you use the same password on any other account/s, you should change the passwords on these accounts as soon as possible. We do not know for certain that the hackers succeeded in stealing data, however since there is a theoretical risk and because it is our policy to be open and honest with our customers, we are being proactive in alerting you.

Lakeland apologised to its customers for any inconvenience caused by the security flap, which only affects its online punters and not its store or mail order clients. Its statement goes on to blame the hack on a sophisticated assault against a “recently identified flaw” in an unspecified system.

Lakeland had been subjected to a sophisticated cyber-attack using a very recently identified flaw in the system used by the servers running our website, and indeed numerous websites around the world. This flaw was used to gain unauthorised access to the Lakeland web system and data. Hacking the Lakeland site has taken a concerted effort and considerable skill. We only wish that those responsible used their talent for good rather than criminal ends.

As things stand, Lakeland customers can be forgiven for being unsure whether their personal and financial data has been compromised. Lakeland’s statement omits common reassurances that payment systems were unaffected, although it offered some reassurance in an update to its official Twitter account stating “we have no evidence that any card data has been compromised” it hasn’t said whether or not the encrypted databases that got hit contained payment information.

Dodi Glenn, director of security content management at ThreatTrack Security, commented: “It is common practice to purge passwords in the event someone suspects a compromise of their database. While customers may be alarmed as is natural in these circumstances, Lakeland should work with the authorities to identify what information was leaked. Customers should have the right to know if their credit card numbers were stolen. Lakeland and others should take note that being proactive instead of reactive is the best approach, because brand reputation is priceless.”

A blog post on the breach by ThreatTrack Security, containing a copy of the email sent to Lakeland customers, can be found here. ®

Magic Quadrant for Enterprise Backup/Recovery

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/24/lakeland_breach_passwords_reset/

Bad Vibes, man: Babble app chaps unwrapped in phish trap hack flap

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Hacker gang the Syrian Electronic Army broke into the systems of Viber, the popular mobile chat service, and dumped its user account records online.

The miscreants, loyal to Syria’s president Bashar al-Assad, say they were able to infiltrate Viber’s support website, which allowed them to extract punters’ private data. The site was defaced on Tuesday with a message featuring the Syrian Electronic Army logo and unsubstantiated accusations against the gossip app’s makers:

Dear All Viber Users, The Israeli-based “Viber” is spying and tracking you We weren’t able to hack all Viber systems, but most of it is designed for spying and tracking.

The Viber support web server is now unavailable. Before the plug was pulled, the hacktivists’ graffiti linked to a “screen-capture of what appears to be an internal database … showing users’ phone numbers, device UDID, country, IP address, operating system and version, first registration to Viber, and what version of Viber they are using”, notes security industry veteran Graham Cluley.

The phone numbers of the individuals exposed in the defacement began with the international dialling code of 963, the code for Syria. The page also revealed Viber administrators’ contact details, such as their names, phone numbers and email addresses.

In a statement, Viber admitted its computer defences were breached after a support staffer was tricked by a phishing email. It said the hack looked worse than it was, but nonetheless resolved to beef up the security of its systems anyway:

The Viber Support site was defaced after a Viber employee unfortunately fell victim to an email phishing attack. The phishing attack allowed access to two minor systems: a customer support panel and a support administration system. Information from one of these systems was posted on the defaced page.

It is very important to emphasize that no sensitive user data was exposed and that Viber’s databases were not “hacked”. Sensitive, private user information is kept in a secure system that cannot be accessed through this type of attack and is not part of our support system.

We take this incident very seriously and we are working right now to return the support site to full service for our users. Additionally, we want to assure all of our users that we are reviewing all of our policies to make sure that no such incident is repeated in the future.

Viber also insists the spying accusations are cobblers; the company is based in Cyprus but has an office of developers in Israel, a fact that has sparked baseless conspiracy theories about the biz.

In addition to providing a text messaging service, the 200 million users of the Viber app can exchange images, video and audio messages over the internet.

The Viber hack comes days after the same crew of hackers claimed to have extracted sensitive information about millions of Tango users, another mobile messaging app. The Tango hack was reportedly pulled off using a vulnerable WordPress installation, a different hacking strategy.

The Syrian Electronic Army is best known for its cyber-assaults on the social media feeds of media outlets, such as the Associated Press, The Telegraph, and the BBC. Several of these hacks were carried out using multi-stage phishing attacks.

Internet messenger applications such as Skype, Viber and WhatsApp have increasingly come under attack in many repressive regimes where the government has full access to all comms routed through mobile operators but cannot censor OTT systems. Both Skype and WhatsApp have been banned in Syria since March 2012. According to Reuters, Saudi Arabia plans to block WhatsApp within “weeks” if it doesn’t allow the state to monitor communications. ®

Magic Quadrant for Enterprise Backup/Recovery

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/24/viber/