Hackers steal Citibank card data

About 200,000 Citibank credit card customers in North America have had their names, account numbers and e-mail addresses stolen by hackers who broke into Citi's online account site.

Citigroup Inc said it discovered that account information for about 1% of its credit card customers had been viewed by hackers. Citi has more than 21 million credit card customers in North America, according to its 2010 annual report.

The New York-based bank, which discovered the problem during routine monitoring, didn't say exactly how many accounts were breached. Citi said it was contacting those customers.

The bank said hackers weren't able to gain access to social security numbers, birth dates, card expiration dates or card security codes. That kind of information often leads to identity theft, where cybercriminals empty out bank accounts and apply for multiple credit cards.

That can debilitate the finances and credit of victims. Citi customers could still be vulnerable other problems.

Details about their bank accounts and financial information linked to them could be acquired using the e-mail information and account numbers hackers stole.

Federal regulators have taken notice and are asking banks to improve security.

The Citi data breach was the latest in a series of recent high-profile data attacks against a number of major firms.

On June 1, Google Inc said that the personal Gmail accounts of several hundred people, including senior US Government officials, military personnel and political activists, had been breached.
On May 30, broadcaster PBS confirmed that hackers cracked the network's website and posted a phony story claiming dead rapper Tupac Shakur was alive in New Zealand.

On May 28, defense contractor Lockheed Martin Corp said it had detected a "significant and tenacious attack" against its computer networks. The company said it took swift and deliberate actions to protect the network and the systems remain secure.

Worrisome
In April, media and electronics company Sony Corp's PlayStation Network was shut down in April after a massive security breach that affected more than 100 million online accounts.

Also in April, hackers penetrated a network operated by a data marketing firm Epsilon. The company handles e-mail communications for companies like Best Buy Co and Target Corp.

The number of data breaches in the last two months sets a "high water mark," said John Ottman, CEO of Application Security Inc, a New York-based firm that specialises in securing databases, the big repositories companies use to organise account information and other data.

"Attackers have realised that most organisations have not properly protected databases," Ottman said.

The fact that the Citi hackers only got a few pieces of personal data on customers may limit what crooks can do with the information, said Susan Grant, director of consumer protection at Consumer Federation of America, a consumer advocacy group.

"But any ID theft is worrisome for consumers," she said. She believes companies are responsible for protecting their customers' information from internal and external abuse.

In an e-mailed statement, Sean Kevelighan, a spokesman for Citi said the bank is contacting affected customers and enhancing procedures to prevent a similar security breach from happening again.

"For the security of these customers, we are not disclosing further details," he said.

Hackers steal Citibank card data

About 200,000 Citibank credit card customers in North America have had their names, account numbers and e-mail addresses stolen by hackers who broke into Citi's online account site.

Citigroup Inc said it discovered that account information for about 1% of its credit card customers had been viewed by hackers. Citi has more than 21 million credit card customers in North America, according to its 2010 annual report.

The New York-based bank, which discovered the problem during routine monitoring, didn't say exactly how many accounts were breached. Citi said it was contacting those customers.

The bank said hackers weren't able to gain access to social security numbers, birth dates, card expiration dates or card security codes. That kind of information often leads to identity theft, where cybercriminals empty out bank accounts and apply for multiple credit cards.

That can debilitate the finances and credit of victims. Citi customers could still be vulnerable other problems.

Details about their bank accounts and financial information linked to them could be acquired using the e-mail information and account numbers hackers stole.

Federal regulators have taken notice and are asking banks to improve security.

The Citi data breach was the latest in a series of recent high-profile data attacks against a number of major firms.

On June 1, Google Inc said that the personal Gmail accounts of several hundred people, including senior US Government officials, military personnel and political activists, had been breached.
On May 30, broadcaster PBS confirmed that hackers cracked the network's website and posted a phony story claiming dead rapper Tupac Shakur was alive in New Zealand.

On May 28, defense contractor Lockheed Martin Corp said it had detected a "significant and tenacious attack" against its computer networks. The company said it took swift and deliberate actions to protect the network and the systems remain secure.

Worrisome
In April, media and electronics company Sony Corp's PlayStation Network was shut down in April after a massive security breach that affected more than 100 million online accounts.

Also in April, hackers penetrated a network operated by a data marketing firm Epsilon. The company handles e-mail communications for companies like Best Buy Co and Target Corp.

The number of data breaches in the last two months sets a "high water mark," said John Ottman, CEO of Application Security Inc, a New York-based firm that specialises in securing databases, the big repositories companies use to organise account information and other data.

"Attackers have realised that most organisations have not properly protected databases," Ottman said.

The fact that the Citi hackers only got a few pieces of personal data on customers may limit what crooks can do with the information, said Susan Grant, director of consumer protection at Consumer Federation of America, a consumer advocacy group.

"But any ID theft is worrisome for consumers," she said. She believes companies are responsible for protecting their customers' information from internal and external abuse.

In an e-mailed statement, Sean Kevelighan, a spokesman for Citi said the bank is contacting affected customers and enhancing procedures to prevent a similar security breach from happening again.

"For the security of these customers, we are not disclosing further details," he said.

Hackers steal Citibank card data

About 200,000 Citibank credit card customers in North America have had their names, account numbers and e-mail addresses stolen by hackers who broke into Citi's online account site.

Citigroup Inc said it discovered that account information for about 1% of its credit card customers had been viewed by hackers. Citi has more than 21 million credit card customers in North America, according to its 2010 annual report.

The New York-based bank, which discovered the problem during routine monitoring, didn't say exactly how many accounts were breached. Citi said it was contacting those customers.

The bank said hackers weren't able to gain access to social security numbers, birth dates, card expiration dates or card security codes. That kind of information often leads to identity theft, where cybercriminals empty out bank accounts and apply for multiple credit cards.

That can debilitate the finances and credit of victims. Citi customers could still be vulnerable other problems.

Details about their bank accounts and financial information linked to them could be acquired using the e-mail information and account numbers hackers stole.

Federal regulators have taken notice and are asking banks to improve security.

The Citi data breach was the latest in a series of recent high-profile data attacks against a number of major firms.

On June 1, Google Inc said that the personal Gmail accounts of several hundred people, including senior US Government officials, military personnel and political activists, had been breached.
On May 30, broadcaster PBS confirmed that hackers cracked the network's website and posted a phony story claiming dead rapper Tupac Shakur was alive in New Zealand.

On May 28, defense contractor Lockheed Martin Corp said it had detected a "significant and tenacious attack" against its computer networks. The company said it took swift and deliberate actions to protect the network and the systems remain secure.

Worrisome
In April, media and electronics company Sony Corp's PlayStation Network was shut down in April after a massive security breach that affected more than 100 million online accounts.

Also in April, hackers penetrated a network operated by a data marketing firm Epsilon. The company handles e-mail communications for companies like Best Buy Co and Target Corp.

The number of data breaches in the last two months sets a "high water mark," said John Ottman, CEO of Application Security Inc, a New York-based firm that specialises in securing databases, the big repositories companies use to organise account information and other data.

"Attackers have realised that most organisations have not properly protected databases," Ottman said.

The fact that the Citi hackers only got a few pieces of personal data on customers may limit what crooks can do with the information, said Susan Grant, director of consumer protection at Consumer Federation of America, a consumer advocacy group.

"But any ID theft is worrisome for consumers," she said. She believes companies are responsible for protecting their customers' information from internal and external abuse.

In an e-mailed statement, Sean Kevelighan, a spokesman for Citi said the bank is contacting affected customers and enhancing procedures to prevent a similar security breach from happening again.

"For the security of these customers, we are not disclosing further details," he said.

2011 expected in increased of security threats on mobile devices

Security firm McAfee believes that Apple products, mobile devices and social media services will be at the top of the list of targets for cybercriminals in 2011.

"We've seen significant advancements in device and social network adoption, placing a bulls-eye on the platforms and services users are embracing the most," said Vincent Weafer, senior vice-president of McAfee Labs in a statement to the press.

Platforms and services that rose to popularity in 2010 will be at the forefront of the attacks, says McAfee.
Google's Android OS, Apple's iPhone, Foursquare, Google TV and the Mac OS X platform are on cybercriminals' radars says McAfee.


"These platforms and services have become very popular in a short amount of time, and we're already seeing a significant increase in vulnerabilities, attacks and data loss," said Weafer.

URL-shortening services are at the top of the security company's threat predictions for 2011 thanks to their use on social media sites like Twitter and Facebook.

"The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious websites," explains McAfee.

"With more than 3,000 shortened URLs per minute being generated, McAfee Labs expects to see a growing number used for spam, scamming and other malicious purposes." Geolocation services are an easy target too.

The services make it easy for strangers to search for lucrative (for cybercriminals) information such as users' location, interests, and operating systems.

McAfee believes that rise in popularity of both sophisticated mobile OS's and the Mac OS means these platforms will no longer fly under the radar.

"The popularity of iPads and iPhones in business environments, combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure, and will make Apple botnets and Trojans a common occurrence."

2011 expected in increased of security threats on mobile devices

Security firm McAfee believes that Apple products, mobile devices and social media services will be at the top of the list of targets for cybercriminals in 2011.

"We've seen significant advancements in device and social network adoption, placing a bulls-eye on the platforms and services users are embracing the most," said Vincent Weafer, senior vice-president of McAfee Labs in a statement to the press.

Platforms and services that rose to popularity in 2010 will be at the forefront of the attacks, says McAfee.
Google's Android OS, Apple's iPhone, Foursquare, Google TV and the Mac OS X platform are on cybercriminals' radars says McAfee.


"These platforms and services have become very popular in a short amount of time, and we're already seeing a significant increase in vulnerabilities, attacks and data loss," said Weafer.

URL-shortening services are at the top of the security company's threat predictions for 2011 thanks to their use on social media sites like Twitter and Facebook.

"The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious websites," explains McAfee.

"With more than 3,000 shortened URLs per minute being generated, McAfee Labs expects to see a growing number used for spam, scamming and other malicious purposes." Geolocation services are an easy target too.

The services make it easy for strangers to search for lucrative (for cybercriminals) information such as users' location, interests, and operating systems.

McAfee believes that rise in popularity of both sophisticated mobile OS's and the Mac OS means these platforms will no longer fly under the radar.

"The popularity of iPads and iPhones in business environments, combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure, and will make Apple botnets and Trojans a common occurrence."

2011 expected in increased of security threats on mobile devices

Security firm McAfee believes that Apple products, mobile devices and social media services will be at the top of the list of targets for cybercriminals in 2011.

"We've seen significant advancements in device and social network adoption, placing a bulls-eye on the platforms and services users are embracing the most," said Vincent Weafer, senior vice-president of McAfee Labs in a statement to the press.

Platforms and services that rose to popularity in 2010 will be at the forefront of the attacks, says McAfee.
Google's Android OS, Apple's iPhone, Foursquare, Google TV and the Mac OS X platform are on cybercriminals' radars says McAfee.


"These platforms and services have become very popular in a short amount of time, and we're already seeing a significant increase in vulnerabilities, attacks and data loss," said Weafer.

URL-shortening services are at the top of the security company's threat predictions for 2011 thanks to their use on social media sites like Twitter and Facebook.

"The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious websites," explains McAfee.

"With more than 3,000 shortened URLs per minute being generated, McAfee Labs expects to see a growing number used for spam, scamming and other malicious purposes." Geolocation services are an easy target too.

The services make it easy for strangers to search for lucrative (for cybercriminals) information such as users' location, interests, and operating systems.

McAfee believes that rise in popularity of both sophisticated mobile OS's and the Mac OS means these platforms will no longer fly under the radar.

"The popularity of iPads and iPhones in business environments, combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure, and will make Apple botnets and Trojans a common occurrence."

The Script Kiddie

What is Script Kiddie ?

A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability.

Script Kiddie also referred to a person who relies on premade exploit programs and files (”scripts”) to conduct his hacking, and refuses to bother to learn how they work. The script kiddie flies in the face of all that the hacker subculture stands for - the pursuit of knowledge, respect for skills, and motivation to self-teach are just three of the hacker ideals that the script kiddie ignores. While anyone can be a script kiddie, generally they are teenagers who want the power of the hacker without the discipline or training involved. Obviously anyone who follows this route aspires to be a blackhat, but most refuse to even dignify them with this term; “blackhat” generally implies having skills of your own.

It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated hacking programs or exploits on their own, and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities.


From around 1995 on, the widespread use of the Internet in the business and home computer field, and the full disclosure movement’s policy of disclosing working exploitation tools has led to an enormous growth of the script kiddie scene.

Script kiddies often act out of boredom, curiosity or a desire to ‘play war’ on the Internet. There are many organized script kiddie groups, who often meet in anonymous chat channels such as IRC.
Script kiddies are always looking for new exploits which are unknown to the public, and hence particularly effective. Such exploits are leaked from research labs or given to script kiddies by insiders; they are then used to compromise a large number of hosts on the Internet. Script kiddies are often young, and can evolve into honest programmers later in life.

In 1999, NetBus (a software program for remotely controlling a Microsoft Windows computer system over a network as a backdoor.) was used by script kiddie to plant child pornography on the work computer of Magnus Eriksson, a law scholar at Lund University, Sweden. About 3,500 images were discovered by system administrators, and Eriksson was assumed to have downloaded them knowingly. Eriksson lost his research position at the faculty, and following the publication of his name fled the country and had to seek professional medical care to cope with the stress. He was acquitted from criminal charges in late 2004, as a court found that NetBus had been used to control his computer.

The Script Kiddie

What is Script Kiddie ?

A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability.

Script Kiddie also referred to a person who relies on premade exploit programs and files (”scripts”) to conduct his hacking, and refuses to bother to learn how they work. The script kiddie flies in the face of all that the hacker subculture stands for - the pursuit of knowledge, respect for skills, and motivation to self-teach are just three of the hacker ideals that the script kiddie ignores. While anyone can be a script kiddie, generally they are teenagers who want the power of the hacker without the discipline or training involved. Obviously anyone who follows this route aspires to be a blackhat, but most refuse to even dignify them with this term; “blackhat” generally implies having skills of your own.

It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated hacking programs or exploits on their own, and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities.


From around 1995 on, the widespread use of the Internet in the business and home computer field, and the full disclosure movement’s policy of disclosing working exploitation tools has led to an enormous growth of the script kiddie scene.

Script kiddies often act out of boredom, curiosity or a desire to ‘play war’ on the Internet. There are many organized script kiddie groups, who often meet in anonymous chat channels such as IRC.
Script kiddies are always looking for new exploits which are unknown to the public, and hence particularly effective. Such exploits are leaked from research labs or given to script kiddies by insiders; they are then used to compromise a large number of hosts on the Internet. Script kiddies are often young, and can evolve into honest programmers later in life.

In 1999, NetBus (a software program for remotely controlling a Microsoft Windows computer system over a network as a backdoor.) was used by script kiddie to plant child pornography on the work computer of Magnus Eriksson, a law scholar at Lund University, Sweden. About 3,500 images were discovered by system administrators, and Eriksson was assumed to have downloaded them knowingly. Eriksson lost his research position at the faculty, and following the publication of his name fled the country and had to seek professional medical care to cope with the stress. He was acquitted from criminal charges in late 2004, as a court found that NetBus had been used to control his computer.

The Script Kiddie

What is Script Kiddie ?

A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain root access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability.

Script Kiddie also referred to a person who relies on premade exploit programs and files (”scripts”) to conduct his hacking, and refuses to bother to learn how they work. The script kiddie flies in the face of all that the hacker subculture stands for - the pursuit of knowledge, respect for skills, and motivation to self-teach are just three of the hacker ideals that the script kiddie ignores. While anyone can be a script kiddie, generally they are teenagers who want the power of the hacker without the discipline or training involved. Obviously anyone who follows this route aspires to be a blackhat, but most refuse to even dignify them with this term; “blackhat” generally implies having skills of your own.

It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated hacking programs or exploits on their own, and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities.


From around 1995 on, the widespread use of the Internet in the business and home computer field, and the full disclosure movement’s policy of disclosing working exploitation tools has led to an enormous growth of the script kiddie scene.

Script kiddies often act out of boredom, curiosity or a desire to ‘play war’ on the Internet. There are many organized script kiddie groups, who often meet in anonymous chat channels such as IRC.
Script kiddies are always looking for new exploits which are unknown to the public, and hence particularly effective. Such exploits are leaked from research labs or given to script kiddies by insiders; they are then used to compromise a large number of hosts on the Internet. Script kiddies are often young, and can evolve into honest programmers later in life.

In 1999, NetBus (a software program for remotely controlling a Microsoft Windows computer system over a network as a backdoor.) was used by script kiddie to plant child pornography on the work computer of Magnus Eriksson, a law scholar at Lund University, Sweden. About 3,500 images were discovered by system administrators, and Eriksson was assumed to have downloaded them knowingly. Eriksson lost his research position at the faculty, and following the publication of his name fled the country and had to seek professional medical care to cope with the stress. He was acquitted from criminal charges in late 2004, as a court found that NetBus had been used to control his computer.