OUR digital life is in danger. And for sale. I have said and written many, we were forewarned tens if not hundreds of times: our data, those that rely on online services, of whatever kind, are not safe. And there are those who are interested to get their hands on to sell to the highest bidder. This was amply demonstrated in the case of the Playstation Network.
What happened? On April 20 Sony has suddenly "turned off" its network, that connects tens of millions of users fifty-seven countries around the world to our servers to play online, watch movies, listen to music, downloading entertainment and information. He did it because he has discovered an intrusion on the server in a data center in San Diego, California.
Initially thinking of a classic hacker attack, those who frequently affecting data centers of companies or government facilities across the world, Sony has asked a computer security company to investigate. But once you understand the magnitude of the problem the company had to involve not only a second security companies, but also the FBI.
Because hackers have come into possession of personal data, passwords and credit card numbers of more than seventy million subscribers to Sony's network, the largest theft of personal data in history ever succeeded. Evidence of what actually ended up in the hands of hackers, Sony, despite almost twenty days have elapsed from happening, yet it has none, but the possibility that hackers have captured data from the encrypted database that contains personal information approximately ten million subscribers (and a large proportion of them associated with their account, the number of credit card) is very high.
"It was a sophisticated technique used to access our system," said one manager of Sony, and it is clear to everyone that it is not a demonstration or operation of the initiative of a lone hacker. The pirates have passed three separate firewalls, initially masking the attack as if it were a normal procedure in order to bypass security systems and exploit the vulnerabilities of the network of Sony, which had been discovered by hackers presumably in the weeks preceded the attack.
The purpose of the theft? Sell on the black market users' data, providing the highest bidder "sensitive" information and personal, who joined the Playstation Network. According to the German company's information security GData has already started the sale on the Internet for stolen data, names, addresses, emails, dates of birth, id and password, billing address, credit card numbers with expiration dates.
The black market prices vary depending on the completeness and usefulness of information. They range from $ 70 for a credit card with security code to a simple number for $ 3, up to a few cents per e-mail, but prices may go up if the next card numbers or other information to the mail has personal profit, while the discounts are significant events for the buyout of the data.
Stealing an identity is an international business involving hackers all over the world. The market is flourishing more than the emails that are part of a "bot" programs that run automatically and which, at best, send millions of unsolicited advertising messages to mailboxes, and at worst appear as if they had been sent from friends or from large farms or in shops where users usually buy, in order to induce you to click a link that causes the virus load or due to more identity theft.
The data on the black market still cost more than those of credit cards, which can be used for a short time before they are disabled, but they provide more and immediate gains for thieves. Kevin Stevens of TrendMicro, another company specializing in the defense of privacy online, reported a few days ago that the hacker responsible for the theft have already started looking for buyers for the entire block of data.
According to Stevens, hackers have given the Sony re-purchasing data, but the Japanese company has rejected the agreement. Sony, through the words of one of international leaders, Patrick Seybold, denied contact with hackers looking to reassure users: "The entire database of credit card data was encrypted and we have no evidence that hackers have taken these numbers.
" But, as emphasized by many experts, there is also no evidence to the contrary and suspicions that this has happened are corroborated by the fact that hackers were able to have access to the bank's main data system and also made the complaint, as reported by the ABC, by a user in Australia has found $ 2,000 credit on your credit card.
The case of the Playstation is certainly the most dramatic and large, nothing like that had happened so far but, with the growth of social networks and online services on the move "cloud", the problem of data security, privacy of our information disseminated on the web, is becoming increasingly important.
Also because there is no need for special expertise of hackers get their hands on sensitive information. For example many of our personal information that we give to government agencies or to smaller online shops are protected in a relatively safe and are easy to find for those who know where to look inside the server.
And attempts by hackers to steal our personal information is increasingly common. In recent days the broader attempt to data theft has been linked to the death of bin Laden, with a link to the video made public by the American administration, distributed through social networks, which in fact postponed to address infecting with virus able to read the content of users' PCs.
According to Dimitry Bestuzhev, IT security expert with Kaspersky Lab in a few days there have been two waves of attacks, all preventable with the normal anti-virus or, more effectively, without clicking on links. And then there are cases where employees are the same companies to steal data and sell it on the black market, as happened last year at the Bank Of America.
The number of thefts of personal data has been growing from year to year, until you arrive in the United States, the country's most "connected" to the world, with 336,655 cases in 2009, but declined in 2010 to 303.809, and for greater control by many companies that deal with safety, both for an increasing awareness by users.
That the privacy of data, however, is not the major concern of those living on line is a fact: apart from the protests by consumer groups, who have complained about the delay on the part of Sony in communicating the theft occurred by pirates, there was the dreaded "abandonment" of service users from victims of hackers.
"Most users of the PlayStation Network, such as Facebook or other online services," said Rick Wallace, a researcher at Tiversa, a company that deals with security looking for files that are being stolen to large companies, "they assume that the risk of losing their data and that is worth taking the risk against the benefits to using the internet and social networking.
" Meanwhile, Sony's network is still out of service and is not expected, yesterday said Shigenori Yoshida, a spokesman for the Japanese company, the system back on line before 31 May. "We want to extend our apologies to the many people and Qriocity PlayStation Network, Sony said," We have potentially compromised their data customers.
We offer our sincere apologies. " But the apology may not suffice in a world where privacy is increasingly being threatened.
What happened? On April 20 Sony has suddenly "turned off" its network, that connects tens of millions of users fifty-seven countries around the world to our servers to play online, watch movies, listen to music, downloading entertainment and information. He did it because he has discovered an intrusion on the server in a data center in San Diego, California.
Initially thinking of a classic hacker attack, those who frequently affecting data centers of companies or government facilities across the world, Sony has asked a computer security company to investigate. But once you understand the magnitude of the problem the company had to involve not only a second security companies, but also the FBI.
Because hackers have come into possession of personal data, passwords and credit card numbers of more than seventy million subscribers to Sony's network, the largest theft of personal data in history ever succeeded. Evidence of what actually ended up in the hands of hackers, Sony, despite almost twenty days have elapsed from happening, yet it has none, but the possibility that hackers have captured data from the encrypted database that contains personal information approximately ten million subscribers (and a large proportion of them associated with their account, the number of credit card) is very high.
"It was a sophisticated technique used to access our system," said one manager of Sony, and it is clear to everyone that it is not a demonstration or operation of the initiative of a lone hacker. The pirates have passed three separate firewalls, initially masking the attack as if it were a normal procedure in order to bypass security systems and exploit the vulnerabilities of the network of Sony, which had been discovered by hackers presumably in the weeks preceded the attack.
The purpose of the theft? Sell on the black market users' data, providing the highest bidder "sensitive" information and personal, who joined the Playstation Network. According to the German company's information security GData has already started the sale on the Internet for stolen data, names, addresses, emails, dates of birth, id and password, billing address, credit card numbers with expiration dates.
The black market prices vary depending on the completeness and usefulness of information. They range from $ 70 for a credit card with security code to a simple number for $ 3, up to a few cents per e-mail, but prices may go up if the next card numbers or other information to the mail has personal profit, while the discounts are significant events for the buyout of the data.
Stealing an identity is an international business involving hackers all over the world. The market is flourishing more than the emails that are part of a "bot" programs that run automatically and which, at best, send millions of unsolicited advertising messages to mailboxes, and at worst appear as if they had been sent from friends or from large farms or in shops where users usually buy, in order to induce you to click a link that causes the virus load or due to more identity theft.
The data on the black market still cost more than those of credit cards, which can be used for a short time before they are disabled, but they provide more and immediate gains for thieves. Kevin Stevens of TrendMicro, another company specializing in the defense of privacy online, reported a few days ago that the hacker responsible for the theft have already started looking for buyers for the entire block of data.
According to Stevens, hackers have given the Sony re-purchasing data, but the Japanese company has rejected the agreement. Sony, through the words of one of international leaders, Patrick Seybold, denied contact with hackers looking to reassure users: "The entire database of credit card data was encrypted and we have no evidence that hackers have taken these numbers.
" But, as emphasized by many experts, there is also no evidence to the contrary and suspicions that this has happened are corroborated by the fact that hackers were able to have access to the bank's main data system and also made the complaint, as reported by the ABC, by a user in Australia has found $ 2,000 credit on your credit card.
The case of the Playstation is certainly the most dramatic and large, nothing like that had happened so far but, with the growth of social networks and online services on the move "cloud", the problem of data security, privacy of our information disseminated on the web, is becoming increasingly important.
Also because there is no need for special expertise of hackers get their hands on sensitive information. For example many of our personal information that we give to government agencies or to smaller online shops are protected in a relatively safe and are easy to find for those who know where to look inside the server.
And attempts by hackers to steal our personal information is increasingly common. In recent days the broader attempt to data theft has been linked to the death of bin Laden, with a link to the video made public by the American administration, distributed through social networks, which in fact postponed to address infecting with virus able to read the content of users' PCs.
According to Dimitry Bestuzhev, IT security expert with Kaspersky Lab in a few days there have been two waves of attacks, all preventable with the normal anti-virus or, more effectively, without clicking on links. And then there are cases where employees are the same companies to steal data and sell it on the black market, as happened last year at the Bank Of America.
The number of thefts of personal data has been growing from year to year, until you arrive in the United States, the country's most "connected" to the world, with 336,655 cases in 2009, but declined in 2010 to 303.809, and for greater control by many companies that deal with safety, both for an increasing awareness by users.
That the privacy of data, however, is not the major concern of those living on line is a fact: apart from the protests by consumer groups, who have complained about the delay on the part of Sony in communicating the theft occurred by pirates, there was the dreaded "abandonment" of service users from victims of hackers.
"Most users of the PlayStation Network, such as Facebook or other online services," said Rick Wallace, a researcher at Tiversa, a company that deals with security looking for files that are being stolen to large companies, "they assume that the risk of losing their data and that is worth taking the risk against the benefits to using the internet and social networking.
" Meanwhile, Sony's network is still out of service and is not expected, yesterday said Shigenori Yoshida, a spokesman for the Japanese company, the system back on line before 31 May. "We want to extend our apologies to the many people and Qriocity PlayStation Network, Sony said," We have potentially compromised their data customers.
We offer our sincere apologies. " But the apology may not suffice in a world where privacy is increasingly being threatened.
- Going for an Easter morning climb! - Cosy Corner Camp Area, Australia (09/05/2011)
- Smartphone providers must quell privacy worries (09/05/2011)
- Il lato nascosto dell'esoterismo (09/05/2011)
- Va prezint strategia adversarilor nostri pentru anul in curs (07/04/2011)
- Teens and privacy online: why using Facebook doesn't mean you don't value privacy (09/05/2011)
No comments:
Post a Comment