Mishcon Cyber Watch - September 2014

Posted on 30 September 2014


Hack attack on eBay

Hackers redirected eBay users to a spoof site which masqueraded as the firm's welcome page but which actually captured their names and passwords.
Daily Mail, 18 September 2014

UK and US join forces to tackle cyber crime

Speaking at the first ever US-UK Global Cyber Security Innovation Summit in London, the Business Secretary will announce a £4 million competition for UK cyber businesses to develop ideas to tackle cyber security threats. He will also announce the appointment of a cyber security small business champion, and funding for projects that will drive growth and innovation in the sector. The competition will be run by the Technology Strategy Board, the government’s innovation agency, in 2015, which will award funding to the firms with the best ideas.
Dept of Business, Innovation and Skills press release, 16 September 2014

Peter Pan pantomime hijacked

Eastern European hackers sent out emails claiming to be a £145 invoice for 9 tickets to a performance of Peter Pan at Bournemouth Pavilion. Once opened, the email released a virus which captured sensitive commercial and personal data.
Gregory Walton,
Daily Telegraph, 9 September 2014



Home Depot hacked

Up to 56m card details may have been stolen when Home Depot was hit by hackers. The attack lasted for 5 months before the retailers became aware of the problem in early September. The size of the attack makes it the largest breach of retailer on record.
Hannah Kuchler, 18 September 2014

Pizza firm loses $50,000

Zpizza, a Californian-based pizza chain, were victims of a hack attack on their credit card payment systems. 12 stores were targeted and the firm had to spends thousands of dollars on forensic audits, as well as paying fines to their credit card companies. The company estimated it ended up paying over £50,000, as well as losing customers who lost faith in the firm.
Associated Press, 10 September 2014

Heartbleed attack on US hospital

Tennessee-based hospital group Community Health Systems Inc was victim of a hackers who exploited the Heartbleed internet bug and stole the personal data of around 4.5m patients.
Jongchan Kim,
AJU News, 4 September 2014

US banks victims of suspected Russian cyber attacks

JP Morgan and several other major US banks have been victims of sophisticated cyber attacks which aimed to steal data or disrupt services. No direct fraud has been discovered but the FBI is investigating as the complexity of the attacks has led to suspicion that Russian hackers are behind the attacks, potentially state-sponsored as a retaliation to sanctions.
Tom Braithwaite and Hannah Kuchler,
Financial Times, 29 August 2014

Denial of service attacks on gaming companies

Sony's Playstation, Microsfot Xbox and Riot Games' League of Legends networks have all been victim of denial of service attacks. Main have been undertaken by hacker collective known as Lizard Squad.

UPS attacked

United Parcel Service has had a breach in its computer systems which exposed more than 100,000 transactions to potential theft of confidential client information between January – August 2014.
Hannah Kuchler,
Financial Times, 21 August 2014

Trade secrets from American defence contractors

The U.S. Attorney’s Office for the Central District of California announced the indictment of Su Bin (also known as Stephen Su, Stephen Subin, and Steven Subin), a Chinese national, on charges involving a computer hacking scheme involving the theft of trade secrets from American defence contractors.  According to the indictment, Mr. Su worked with two others to hack into computer systems to obtain secret information about military programs.  If convicted, Mr. Su faces thirty years in prison.
U.S. Attorney’s Office Press Release, 15 August 2014



Law firm sued for recommending wife hacks husband

Lawyers for a woman divorcing her husband recommended computer experts who could hack into her husband's computer and iPhone. The husband's lawyers have been given the go ahead to appeal the divorce ruling in what could be a landmark case concerning the use of information obtained legally. The Singapore High Court said that the law firm could be guilty of perjury, breach of professional ethics, and other crimes under the Computer Misuse Act.
The Straits Times, 17 September 2014



5m Google accounts leaked

An estimated 5m Google accounts, predominantly belonging to Russian users, are suspected to have been leaked online on a database which was linked to on Reddit. It is believed that the details did not come from a hack of Google itself but probably came via computers affected by malware.
Kashmira Gander,
The Independent, 11 September 2014



90% of Irish firms exposed to cyber attacks

Aon Risk Solutions says that cyber security risks are increasing for Irish companies, with over 90% of firms exposed to cyber risks but only 20% doing anything to protect themselves. 20% of Irish companies had suffered data breaches within the past 12 months. It also found that two thirds of companies routinely allowed employees to access confidential information via their own personal devices.
Irish Examiner, 6 September 2014



Islamic jihadists pose cyber terrorist threat

The chief executive of cyber security firm FireEye has warned that jihadists from ISIS and Al Qaeda will target the west with cyber terrorism. He claims that denial of service attacks and virulent cyber espionage viruses may be released, and says that ISIS has already had significant success using the internet to distribute terrorist information. He believes that they will plan an attack on a "sensational" target.
Hannah Kuchler,
Financial Times, 19 September 2014

Nigerian bank worker steals £23m

Godswill Oyegwa Uyoyou, an IT worker at an Abuja commercial bank, stole £23m by hacking into his employers computer systems and transferring money into accounts help by accomplices.
The Times, 18 September 2014

Gulf Cooperation Council main target for cyber crime

IT experts have warned that the Gulf Cooperation Council is a prime target for cyber-criminal and that the area needs to undertake new and robust measures to protect itself. Security solutions company Bit9+ Carbon Black estimated that the average cost to settle data breaches is $5.4m. In 2012 one of the world's largest ever bank heists occurred in the Gulf when $45m was stolen from two Gulf-based banks by hacking credit card processing firms.
Fareed Rahman,
Gulf News, 16 September 2014