Home
Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

The week in info security
Mumsnet hacking
A Surrey teenager has been charged with two counts of hacking and one of impairing the operation of or hindering access to a computer following the cyber-attack on the popular parenting networking site Mumsnet.
David Buchanan, 18, will appear at Guildford Magistrates? Court on 7th June and is accused of causing the website?s homepage to redirect to a now suspended Twitter profile. Mumsnet was also subject to a DDoS (distributed denial of service) attack which forced the site offline for a number of hours.
During the attack, a list of members? usernames, passwords and IP addresses were stolen and published on the now suspended Twitter account @DadSecurity; as were the credentials of the site administrator. At least 11 accounts were compromised and Mumsnet has made all 7.7 million users of the site change their passwords in an effort to protect against any potential hacks in the future.
Two 17-year-olds were also interviewed under caution in relation to the incident but have since been eliminated from the inquiry.
Buchanan has not publicly stated why the hack took place however it is thought that there could be misogynistic motives. Founder Justine Roberts told the New Statesman, ?For whatever reason they're not overly keen on women interacting and supporting each other. It's upsetting and irritating but also very sad. It's a shame that those are the people being targeted when there are some truly evil people in the world you could spend your energy targeting?. Roberts has also been the subject of ?swatting?, where emergency services are deceived into dispatching emergency response to the victim?s home based on fabricated reports of a critical incident.
For more information, click here.
ATM hacking spree in japan
Around ?1.4 Billion (around ?8.6 million) has been stolen from 1,400 ATM machines throughout Japan by 100 criminals in an attack that lasted just three hours. ATMs were targeted throughout Tokyo as well as 16 other prefectures and is thought to be part of a larger international crime network.
The technique used in this incident is thought to be ?ATM skimming?, where devices are installed to steal personal information stored on debit cards and hidden cameras (usually located above the pin pad) can view your pin as you type it in. This information was then transferred to cloned cards that were then used in this incident. ?All bank details used in this case belong to Standard Bank accounts in South Africa.
Standard Bank released a statement saying, ?The South African banking operations of Standard Bank Group have been the victim of a sophisticated, co-ordinated fraud incident,"
"This involved the withdrawal of cash using a small number of fictitious cards at various ATMs in Japan. The target of the fraud has been Standard Bank and there has been no financial loss for customers.
"Standard Bank has taken swift action to contain the matter and the gross loss to the bank is estimated at R200m. This is prior to any potential recoveries that may serve to reduce the loss.
"The relevant authorities have been alerted. Investigations are at a sensitive stage and further information will be provided as appropriate," Standard Bank said.
For more information, click here.
Google?s USB 2-step verification
In a continued effort to keep its users safe online, Google has announced a two-step verification service that features a physical USB key. The aim is to increase the amount of protection between Google?s users and hackers along with other forms of online theft. Users that choose to go ahead with the security key will be able to do without the verification codes Google sends to phones.
Google states on its website, ?With 2-Step Verification, Google requires something you know (your password) and something you have (like your phone) to sign in. Google sends a verification code to your phone when you try to sign in to confirm it's you. However, sophisticated attackers could set up lookalike sites that ask you to provide your verification codes to them, instead of Google. Security Key offers better protection against this kind of attack, because it uses cryptography instead of verification codes and automatically works only with the website it's supposed to work with.?
The new security feature is only available on the Chrome browser and as it requires a USB port it is not possible to use on mobile phone devices.
LinkedIn hack
When LinkedIn?s hacking incident happened back in 2012, it was believed that 6 million users? profiles were compromised. Recently however that number appears to be more like 117 million. This was made possible due to log in IDs such as ?12345678? or ?password? being used by an incredible amount of users on multiple websites.
The black hat hacker using the nickname Peace attempted to sell 117 million LinkedIn users' emails and passwords on the dark web. An analysis of the leak reveals people?s terrible choice of passwords and Kore Logic revealed the top 10 log in IDs used in this leak:
  1. 123456
  2. linkedin
  3. password
  4. 123456789
  5. 12345678
  6. 111111
  7. 1234567
  8. 654321
  9. qwerty
  10. sunshine
LinkedIn has responded by saying they are taking immediate steps to remedy the situation and their 400 million users are being encouraged to change their passwords to something a little more secure. In a statement issued on the 25th May the company said, "We have several dedicated teams working diligently to ensure that the information members entrust to LinkedIn remains secure. While we do all we can, we always suggest that our members visit our Safety Center to learn about enabling two-step verification, and implementing strong passwords in order to keep their accounts as safe as possible.
"We recommend that you regularly change your LinkedIn password and if you use the same or similar passwords on other online services, we recommend you set new passwords on those accounts as well.?
For more information, click here.
Pennsylvania man charged with celebrity hacking
Ryan Collins, 36, of Pennsylvania pled guilty on the 24th May to hacking into email and online accounts of women including many celebrities. The hack took place between November 2012 and September 2014 and over 100 accounts were accessed.
The content of the Google and Apple accounts include nude photos and videos are thought to belong to celebrities such as Jennifer Lawrence and Kate Upton. Collins appeared to have gained access to the account by phishing for log in details through emails appearing to be from Google and Apple.
There is no evidence of Collins sharing the content of the 50 iCloud accounts and 72 Gmail accounts and prosecutors are recommending that Collins be sentenced to a prison term of 18 months however the judge can impose a sentence of up to 5 years.
For more information, click here.
Sources
http://www.bbc.co.uk/news/business-36381827
http://www.itpro.co.uk/security/26598/surrey-teenager-charged-over-misogynist-mumsnet-hack
http://www.engadget.com/2016/05/23/atm-hacking-spree-nets-thieves-12-7-million-in-two-hours/
http://thehackernews.com/2016/05/usb-charger-keylogger.html
https://support.google.com/accounts/answer/6103523?hl=en
http://thehackernews.com/2014/10/Google-USB-Security-Key-2-Step-Verification.html
https://blog.korelogic.com/blog/2016/05/19/linkedin_passwords_2016
http://www.theregister.co.uk/2016/05/24/linkedin_password_leak_hack_crack/
https://www.youtube.com/watch?v=fiaQqA-P13M