hackers are the powers today Govts' fear, wikiLEAK onwards

[motormafia]

They use cloud technology to whack you, high offensive advantage, you want to catch them? Much harder!

http://www.montrealgazette.com/news/montreal/Hackers+invade+Citibank+data+network/4917886/story.html

Hackers invade Citibank data network


By Maria Aspan and Narayanan Somasundaram, Reuters June 9, 2011 8:11 AM



Story
Photos ( 1 )


Citibank did not say how the security breach had occurred.

Citibank did not say how the security breach had occurred.
Photograph by: Chris Hondros, AFP/Getty Images

NEW YORK/SYDNEY - Citigroup Inc. said computer hackers breached the bank's network and accessed the data of about 200,000 bank card holders in North America, the latest of a string of cyber-attacks on high-profile companies.

Citi said the names of customers, account numbers and contact information, including email addresses, were viewed in the breach, which the Financial Times said was discovered by the bank in early May.

Citi said other information, like birth dates, social security numbers, card expiration dates and card security codes (CVV), were not compromised.

"We are contacting customers whose information was impacted. Citi has implemented enhanced procedures to prevent a recurrence of this type of event," Sean Kevelighan, a United States-based spokesman, said by email.

"For the security of these customers, we are not disclosing further details."

In the brief email statement, Citi did not say how the breach had occurred.

Another Citi spokesman, James Griffiths in Hong Kong, said the breach had affected one per cent of North American card customers, which the bank's annual report says total 21 million.

But like Japanese electronics and entertainment group Sony, which has declared several security breaches of its networks this year, Citi could come under fire for not telling customers sooner.

"It may be the bank's business, but it's the consumer's personal information, so consumers deserve to be told about security breaches immediately," said Dan Simpson, a spokesman for Australia's Consumer Action Law Centre, an advocacy group.

"It's hard to see any reason why this sort of breach couldn't have been disclosed much sooner."

Citigroup joins a growing list of companies that have suffered cyber-attacks.

Data storage firm EMC Ltd. this week offered to replace millions of electronic keys after hackers used data from its RSA security division to break into the network of arms supplier and information technology provider Lockheed Martin.

Sony has reported several attacks, including one in which hackers accessed the personal information on 77 million PlayStation Network and Qriocity accounts.

Sony was criticized for a delay in telling account holders that their information had been stolen by hackers.

Google Inc last week revealed a major attack on its Gmail accounts targeting, among others, senior U.S. government officials that it said appeared to originate in China.

Washington has scrambled to assess if security had been compromised by the raid on Google's Gmail system, reflecting increasing concerns among global policymakers about cyber security.

Citi said it had discovered the unauthorized access at Citi Account Online, an online banking service, through routine monitoring.

"It's definitely a serious security breach when that amount of data's been stolen from a bank," said Sydney-based Ty Miller, chief technology officer of Pure Hacking, a network security company.

Citigroup global enterprise payments head Paul Galant, who previously ran the bank's credit card unit, said in April that security breaches are a fact of life for financial institutions.

"Security breaches happen, they're going to continue to happen. ... The mission of the banking industry is to keep the customer base safe and customers feeling secure about their financial transactions and payments," he told Reuters in an interview.

© Copyright (c) The Montreal Gazette

 

[motormafia]

http://www.guardian.co.uk/technology/2011/jun/08/e3-2011-sony-psn

E3 2011: Sony's Kaz Hirai on the PSN hack

Nick Cowen speaks to Sony's deputy president about the PlayStation Network hack, PS Vita and PS3's enduring appeal

Share17
Reddit
Buzz up
Comments (11)

Nick Cowen
guardian.co.uk, Wednesday 8 June 2011 13.16 BST
Article history

Kazuo Hirai
Kazuo Hirai ... no answers as to who hacked Sony's PlayStation Network. Photograph: Bloomberg/Getty Images

Q: When you first heard the news of the PSN hack how did you respond? What thoughts went through your mind?

A: The first thing that went through my mind when I first got the call from Tim Schaaff– he's the president of Sony Network Entertainment International – was obviously the immediate need to shut the system down. That was his recommendation. The second thing was, "OK, what about the data that we have?".

Q: Has Sony worked out who hacked the PSN?

A: The quick answer is "no". Obviously we're working with the FBI and other authorities as well. We're co-operating with them and giving them as much information as we can so they can track down the perpetrators as quickly as possible.

Q: You waited a week before you informed consumers the PSN had been hacked. Why did you wait so long?

A: I think I'd rephrase that question, because I don't think we "waited" a week. I think we were very aggressive in the way we tried to get the information out to consumers as quickly as possible.

As you probably know there are laws in a number of states in the US that have legal requirements which, in a nutshell, mean you can't just go out there and drop a statement like that without being able to answer some fundamental questions. You need to do your due diligence before you make a statement. We obviously wanted to make sure that we met those requirements.We also wanted, just as good practice, to try and garner as much information as possible before making any announcements.

So I don't think we "waited" a week. I think it took a week to make sure that we had, at least what we thought was enough information that was credible at the time before we made any announcements.

Q: Do you think that the PSN would have been hacked if it had been a closed system like Xbox Live?

A: As far as I know – and I don't profess to know the whole system of Xbox Live – the plain fact of the matter is that they use the internet to connect to their services. It's not like a private or a personal thing that they have. I'm not sure what the distinction there is. Maybe you have more information about their architecture than I do.

Just generally speaking, whether it's PSN or any other non-Sony services, in the past week several companies and organisations also got hacked as well. I think there are reports that the FBI got hacked. So this isn't something that is a Microsoft issue or a Sony issue or limited to one or two companies. This is actually a lot bigger than that. It's large enough to the extent that we're talking about any and all companies, organisations and entities that deal in the online space – which is pretty much everyone at this stage, isn't it?

It's a threat, not just to Sony or a couple of other companies, but to the very fabric of society. Therefore it requires individuals and companies to be very vigilant, which goes without saying, and we need help from various government, various enforcement agencies and legislation in certain instances as well. And this needs to be a worldwide effort.

Q: Has Sony revised its security systems so that it isn't storing passwords that are unencrypted?

A: As you probably know, when we made the announcement that we restored the services, we had moved the data centres and we basically have done everything to bring our practices at least in line with industry standards or better. I'm not going to get into details of what we did and have not done for security reasons. But I can tell you that, as far as the PS3 is concerned, we've done everything that we thought we could to make sure we're protecting our consumers' data as aggressively as possible.

Q: What other plans do you have to win back consumer trust?

A: We certainly have the "welcome back" program in place and that's important. But this is not a situation where you have three program in place and we're good to go. This is an ongoing process of winning back consumer confidence. I think that based on what we've seen so far with the restoration of the PlayStation's services, we're back up to about 90% in terms of activity on the networks.

Another indicator is the fact that before we restored the services, the No 1 question we got in all the territories was "when are you going restore the services?". Once that was up, the top questions were queries relating to how people could get back online as opposed to queries about how to cancel online accounts.

This tells you that the consumers are willing to come back and we're very grateful to them for that. But like I said, it's an ongoing process and we need to work at it.

Q: Are you aware of any knock-on effect that the PSN hack has for developers who are creating online experiences? Has it put any of them that you know of behind schedule?

A: You should probably speak to the publishers and they'll give you a better idea from their perspective. From what I've heard from publishers, obviously the outage has had an impact, but I don't know that it's had an impact to the extent that titles are being pushed back or delayed. Again, it's probably best if you ask the publishers.

Q: What's the future for PS3 in terms of keeping it relevant as it ages as hardware?

A: One of the things that we always talked about is the 10-year life cycle. When we launched the PS3 back in 2006, one of the questions I kept getting asked was why we were putting so much technology into a piece of equipment that was basically a games console. At the time, I said we were looking at a 10-year life cycle. We wanted to make sure we could adapt as new technology was brought on board. A lot of people at the time said that while it all sounded great, they didn't believe it.

The plain fact is, the PS3 has grown with the times. The most recent example was the firmware upgrade for all of the PS3s to be 3D compatible, which is something no other console could do. And to this day, there's still a lot more headroom left in the PS3. That, again, is a function of the initial investments we made, both in terms of technology as well as financial investments for the components.

You probably hear a lot things about the PS3, but one thing you won't hear is that it's slipping behind the times.

Q: Is the PS3 still profitable?

A: I always caveat this by saying that asking whether the hardware in itself is profitable or not is a moot point because we're not in the hardware business. We're in the entertainment business. We look at the totality between hardware, software and peripherals and whether it's profitable as a platform.

Having said that – because everyone is so interested – yes, we are profitable on the PS3 hardware and we'll continue to be profitable on the PS3 hardware, if it answers your question. (Laughs) Whether we're profitable or not in the hardware alone, that doesn't really address the bigger picture.

Q: Is Sony going to commit development resources to PS Vita for the length of its life cycle and how long is its life cycle?

A: Hard to tell at this point how long the cycle will be. We just announced the device in January and we only just announced pricing this week. There are also still many months to go before it hits the market. I'm not going to try and guess what it's life cycle is going to be.

Having said that, with every platform that we launch, we have the responsibility as the platform holder to make sure we're supporting it as aggressively as possible. That goes without saying. We did that for PS3, we continue to do that for PSP and we're definitely going to do that for PS Vita. Unless we are able to push the platform and increase the install basis as quickly as possible there will be less opportunity for publishers have business opportunities on PS Vita.

Q: How do you think the PS Vita will fare in a world of ultra powerful smartphones?

A: If you look at the PS Vita, I think we created the ultimate portable gaming machine. Smartphones and tablets are more general purpose than specifically designed for gameplay. Whether we're talking about the analogue sticks, the keys, the shoulder buttons, the rear touch panel – everything on the PS Vita is designed for immersive gameplay. You don't get any of these functions on tablet devices. You don't even have physical buttons which makes controls in games a little more difficult.

We're catering to a completely different market. I don't see the PS Vita being in direct competition with smartphones and tablets. However, I do recognise that that's a growing market as well and that's why we announced the PS Suite initiative where we are bringing the PlayStation experience to Android-powered smartphones and tablets. But we're doing it in a uniquely PlayStation way where we certify the hardware devices as PS Certified. That means you can enjoy Sony experiences the way they're meant to be enjoyed and the first of these devices is the Sony Ericsson Xperia Play.

 

[motormafia]

http://www.stltoday.com/news/national/article_c6d30ad1-e771-5889-986a-b879b18bc4bb.html

Citigroup says credit cards were hacked
Share |

Story
Discussion

Associated Press | Posted: Friday, June 10, 2011 12:00 am | No Comments Posted

Font Size:
Default font size
Larger font size

Share

NEW YORK • Citigroup's revelation that hackers stole personal information from more than 200,000 credit card holders makes it one of the largest direct attacks on a major bank.

Details remain scarce, but the disclosure of the Citigroup breach Thursday quickly turned into a debate on whether the banks and major credit card companies have invested enough money to safeguard the personal information of their customers.

Citigroup began notifying on Thursday about half of the 200,000 affected customers that it planned to replace their credit cards after it discovered last month that hackers had gained access to its computer systems. The bank said the thieves obtained customer names, card numbers, addresses and email details.

Social Security numbers, expiration dates and the three-digit code found on the back of most credit cards were not compromised — a move that security experts say makes the exposed cardholders less likely to become fraud victims.

Neither Citigroup's debit card business nor its online banking operations were breached.

"Citi has implemented enhanced procedures to prevent a recurrence of this type of event," the company said in a statement.

The intrusion at Citigroup is not all that unique. Over the past six years, there have been 288 publicly disclosed breaches at financial services companies that exposed at least 83 million customer records, according to the Identity Theft Resource Center.

"They're not at all on top of it," said Avivah Litan, a financial security analyst at Gartner Inc. "It's almost shocking."

In Washington, the finger-pointing has already begun. Sheila Bair, chairwoman of the Federal Deposit Insurance Corp., said Thursday that she planned to call on some banks to strengthen their authentication procedures when customers log onto online accounts. That's on top of new data security rules that federal regulators are finalizing.

Lawmakers, meanwhile, said they were outraged that Citigroup waited since early May to notify its customers; some are preparing legislation.

Consumers, meanwhile, are feeling increasingly vulnerable amid recent reports of data breaches at big companies, such as Lockheed Martin, Epsilon and Sony.

Credit card industry officials say security issues go to the heart of their brands and they are trying to keep up with ever-more sophisticated criminals.

"We're not dealing with 14-year-old hacker kids," said Steve Elefant, chief information officer at Heartland Payment Systems, which overhauled its security measures after the systems it used to process credit and debit card transactions were hacked in 2008. "We're talking about 21st-century bank robbers — sophisticated, organized criminal gangs, located mostly in Eastern Europe and the U.S."

Making matters worse, nearly every step along the payment chain is outsourced from the time a card is swiped to the time a monthly statement arrives, leaving plenty of openings for enterprising thieves. Security is further hampered by a patchwork of data protection laws and regulatory agencies, each with limited mandates.

"We need a uniform national standard for data security and data breach notification," said Rep. Mary Bono Mack, R-Calif., who is pushing for legislation on better consumer safeguards. "In the meantime, regulators need to do a better job of being a consumer watchdog."

Big credit card lenders are loath to acknowledge another reason that the breaches keep happening: They are in the business of reducing the financial losses stemming from fraud, not preventing data theft in the first place. As a result, analysts say, they have devoted the bulk of their resources to trying to stop fraudulent transactions from taking place.

"Data breaches are one thing," noted David Robertson, the publisher of The Nilson Report, a payments industry newsletter. "Acting on that information is another, and the systems in place to catch fraud when it is trying to be perpetrated are extremely good."

Indeed, while the thieves have gotten savvier, the amount of money the banks have lost to fraud has actually stayed the same over the last six years — and has sharply fallen since the early 1990s. Today, fraud costs the banks about 5 cents for every $100 that is charged, compared with 15 cents for every $100 in 1992, according to Nilson data.

Elefant, however, said the credit card issuers needed to adopt encryptions technology more quickly to protect against security breaches.

"Unfortunately, some companies look at breaches as the cost of doing business," he said. "That's not the right way to look at it. You need to be as secure as you possibly can be."

Copyright 2011 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

 

[motormafia]

http://hk.news.yahoo.com/黑客入侵花旗-泄20...F0A.aWsOiBnummlumggQRwdANzZWN0aW9ucw--;_ylv=3

黑客入侵花旗 泄20萬客資料
明報明報 – 2011年6月10日星期五上午6:51

寄給朋友
列印

【明報專訊】美國花旗集團（Citigroup）昨證實，黑客入侵其網上銀行服務網絡，查看了約1%北美信用卡客戶的帳戶信息，涉及20萬人。花旗早於5月初例行檢查時已發現黑客入侵事件，但一直未有公開，引起客戶不滿。

花旗稱，受影響客戶的姓名、帳號及包括電郵在內的聯絡信息外泄，但出生年月、社會保險號碼及信用卡安全碼均未泄露。花旗發言人以保護用戶私隱為由，拒透露更多細節，亦未交代黑客如何入侵，只表示公司正積極聯繫受影響用戶，並提高了安全措施，防範類似事件再發生。

黑客入侵大型企業網站的行動日益常見，日本Sony的遊戲網絡4月受襲，千萬計用戶資料外泄，到本月初才陸續修復。但分析師指出，銀行網絡系統保安措施應較其他企業嚴密，像花旗這樣直接受襲並不尋常，不容忽視。《金融時報》稱，部分花旗客戶是使用銀行卡交易被拒後，才知自己帳戶被入侵。

 

[Char_Azn]

They use cloud technology to whack you, high offensive advantage, you want to catch them? Much harder!

I would seriously want to know which provider so bo cheng hu dare to host Hacking software in the cloud. It would in fact make it 1000000 easier to get caught if this kinda cloud application exist. Dude do U even know what the cloud technology means?

Cloud computing in a nutshell

 

[motormafia]

I would seriously want to know which provider so bo cheng hu dare to host Hacking software in the cloud. It would in fact make it 1000000 easier to get caught if this kinda cloud application exist. Dude do U even know what the cloud technology means?

Cloud computing in a nutshell

They have many ways, they can form a netbot of their own cloud which has millions of users PC and laptop and handphones controlled by trojans, then use that to hit you. these are users who download free games; free music; free movie and free porn etc to watch and they will form a huge cloud used by hackers hidden behind.

It is no Bo Cheng Hu, the hackers are the new Cheng Hu. You are their subjects and they rule the world soon.