Weekly Security Roundup: No More World of Warcraft for Iranian Gamer Geeks
This week's IT security news roundup has stories on a World of Warcraft shutdown in Iran; Presidential campaign apps that collect users' personal information; a former IT contractor who's charged with stealing data from Toyota; and much more.
By Constantine von Hoffman, CIO
: Iranian gamer geeks suffered a crushing blow this week when the online game World of Warcraft was blocked by its creator, Blizzard, after the country’s failure to comply with U.S. trade sanctions. (See subsection III, paragraph e: Mages and Orcs, Restricted use of.) In a statement on its website the company said, “This week, Blizzard tightened up its procedures to ensure compliance with these laws, and players connecting from the affected nations are restricted from access to Blizzard games and services.” Blizzard also said those same sanctions prevent it from giving refunds to players in Iran or helping them move their accounts elsewhere.
Obama, Romney Apps Suck…Data: Both the Democratic and Republican presidential campaigns are taking more from Americans than time that would have better been spent sleeping. The Romney and Obama campaigns both released mobile apps that suck up personal data, according to TechWorld’s John E. Dunn. The “Obama for America” apps for Android and iOS collect huge amounts of information about users and even their friends and families. If the Mitt’s VP app doesn’t get your name, address and home phone number by suggesting you create a ‘MyMitt’ account, it goes after a Facebook connection to collect data, including information from Facebook friends. As Dunn notes:
“It also notices a user’s device ID, mobile number, carrier, GPS and cell locations and warns them they might be added to the Romney campaign’s contact list, presumably for priority telephone canvassing. It even asks for permission to access the smartphone’s camera and audio recording, although this isn’t used by the app.”
The Obama for America app goes after all that and more. It asks for cell- and GPS-location data, access to your smartphone’s contact book, call logs and SD Card contents. (If the president wants pictures of my dog and my kid he’s going to have to meet me in person, that’s all there is to it.) The app also collects information on nearby registered voters, including first names, last-name initials, home addresses and tips on what to say when campaign reps bother these people on the president’s behalf.
Second Middle-East Energy Company Hit by Malware: An “unknown virus” shut down the computer network of RasGas, a Qatari-based company that is the world’s second largest liquefied-natural-gas (LNG) producer. The company has been offline for at least three days, and it reportedly resorted to telephone and word-of-mouth for all communications. “Our IT department is facing technical difficulties, we have been affected by an ‘unknown virus’, our operational systems onsite and offshore are secure and this does affect nor impact our production as a Ras Laffan Industrial City plant or scheduled cargoes,” a RasGas spokesperson said in a Pipeline Magazine report. The attack follows another earlier one on August 15 at Saudi Aramco, the world’s largest oil producer, that shut down 30,000 of the company’s workstations.
Toyota Says Ex-Contractor Stole Data: Toyota is charging a former IT contractor with breaking into its computer systems and stealing sensitive information, including trade secrets. In a complaint filed in the U.S. District Court in Lexington, Ky., the company claimed Ibrahimshah Shahulhameed illegally accessed one of its websites after being fired on August 23. Shahulhameed allegedly logged into the toyotasupplier.com website and spent hours downloading proprietary plans for parts, designs and pricing information.
Emergency Java Patch Blocks Zero-Day Exploits: Researchers confirmed that a patch released by Oracle Thursday fixes critical vulnerabilities in Java that have been used by hackers to hijack Windows PCs. According to Rapid7, a security firm that runs the Metasploit open-source penetration framework, the so-called “out-of-band” update will stymie the current attack campaigns.