Hackers Steal Frequent Flier Miles
- Hackers recently stole almost $24,000 worth of Air India frequent flyer miles.
- Investigators don't know how many people’s accounts were affected, though they did learn that the hackers created 20 different email IDs and diverted reward points into their accounts.
- The police believe the hackers could actually be working with former Air India employees.
- The hacked accounts have been deactivated and the false IDs have been suspended.
- Last year, British Airways faced a similar problem, and just a few months ago a computer programmer from Miami was arrested for using $260,000 worth of stolen American Airlines points to book hotels and rent cars.
- It's become such a public problem that United Airlines actually gave two hackers a million frequent flyer miles each to show them the loopholes in their system.
Source: Travel and Leisure, June 23, 2016
Hackers Hit Central Banks
- The central banks of Indonesia and South Korea have been hit by distributed denial of service attacks on their public websites.
- In response to the attempted hacks, Bank Indonesia has blocked 149 regions that do not usually access its website, including several small African countries.
- According to officials, no money was lost in the attacks on Bank Indonesia and the Bank of Korea, which were mainly distributed denial of service (DDoS) attempts.
- It was cooperation between central banks that prevented the attacks from being successful, and that victims are sharing their experiences throughout the region.
- DDoS is the hacktivist group's preferred method of attack, disabling websites by flooding them with internet requests, overwhelming the servers temporarily.
- Bank of Korea officials told Reuters there was at least one DDoS attack on the bank's website in May, however it said no harm was done.
Source: ZDNet, June 22, 2016
Hacker Claim DNC Hack
- The Democratic National Committee(DNC) claimed its computer network had been breached by Russian hackers.
- This is the second such post by the alleged hacker known as Guccifer 2.0, who is not to be confused with "Guccifer," the Romanian-born hacker responsible for breaching a number of politicians' networks in 2013.
- Business Insider has not been able to independently verify the leaked documents.
- Dave Aitel, an ex-NSA research scientist who is now CEO of Immunity, previously told Business Insider that the leak from Guccifer 2.0 was likely an attempt to obfuscate the link between Russian intelligence and the security breach.
- Aitel stated that the evidence linking the hack to Russian intelligence was solid, but that it was unclear why the hackers would release the information.
- The new post from Guccifer 2.0 outlines alleged donor data, financial information from the DNC.
Source: Business Insider – India, June 18, 2016
Teen Hacks Pentagon Websites
- High school student David Dworken spent 10 to 15 hours between classes on his laptop, hacking U.S. Defense Department websites.
- More than 1,400 participants took part in a pilot project launched this year and found 138 valid reports of vulnerabilities.
- The pilot project was limited to public websites and the hackers did not have access to highly sensitive areas.
- The U.S. government has pointed the finger at China and Russia, saying they have tried to access government system in the past.
- The Pentagon said it paid a total of about $75,000 to the successful hackers, in amounts ranging from $100 to $15,000.
- Dworken reported six vulnerabilities and he found some of the bugs would have allowed others to display whatever they wanted on the websites and steal account information.
- His first experience with finding vulnerabilities was in 10th grade when he found bugs on his school website.
- "Hack the Pentagon" is modeled after similar competitions known as "bug bounties" conducted by U.S. companies to discover network security gaps.
- The Pentagon said the pilot project cost $150,000, including the reward money, and several follow up initiatives were planned.
Source: Reuters, June 17, 2016