by Constantine von Hoffman

Cybersecurity News Roundup: LulzSec; Father’s Day Spam; and the ‘Do Not Kill’ Registry

Jun 14, 20123 mins
CybercrimeData BreachSecurity

This week's IT security news roundup has stories on a new hacking group called LulzSec Reborn; a Tennessee-school-system data breach that exposed information on 110,000 people; a flood of Father's Day spam; and more.

A new hacking group claims it is behind an attack on a county school system in Tennessee that may have exposed names, Social Security Numbers and other personal data on about 110,000 people. The group, Spex Security, later posted 14,500 of the compromised records online and has threatened to post more. An unknown number of former and current students and employees of the Clarksville-Montgomery County School System are affected by the breach.

LulzSec Rises from the Dead: A person or persons calling itself LulzSec Reborn posted about 10,000 Twitter usernames and passwords on Pastebin. The leaked Twitter account information is from people who use TweetGif, a third-party app that lets users share animated GIFs. The leaked data contains Twitter usernames and passwords, users’ real names and locations, and links to Twitter avatars, as well as token information used to authorize TweetGif. It’s currenty unclear why LulzSec Reborn decided to crack a little-used Twitter app in the name of justice.

Real LulzSec Member Indicted, Again: A federal grand jury in Los Angeles indicted Ryan Cleary, a 20-year-old British citizen, on charges related to attacks perpetrated by the LulzSec hacking group against the Fox and PBS TV networks and Sony’s film and TV studio. Cleary is already in custody in the United Kingdom where he faces prosecution over similar charges. The United States is accusing Cleary of joining other members of LulzSec to use a botnet to steal confidential information, deface websites and attack servers.

Father’s Day Spam Runs Rampant: It’s not really a holiday unless someone tries to rip you off, right? Well, congrats to Father’s Day. Sophos Labs says it has intercepted a large number of “Buy your dad a cigar” spam messages. The spam promises the opportunity to buy dad 12 premium cigars, a lighter and a cutter for just $19.95–a huge savings compared to the stated $138 value. But links in the spam messages take you to a gambling website. As NakedSecurity put it: “Presumably the spammers are hoping to earn affiliate commission by driving traffic to the websites, and hope that the thought of buying a cigar at the last-minute for Father’s Day will be enough to get folks to click. That or the bad guys have goofed up their attempt to earn cash pointing to cigar websites, and are pointing to other websites by mistake.”

Dark Days for Cyber Crooks: Cyber crooks are making more attempts than ever to hijack bank accounts, but they’re ending up with less to show for the efforts. A study by the Financial Services Information Sharing and Analysis Center shows that in 2010 cyber-crime-related losses totaled nearly $3.2 million. However, in 2011 the number plummeted to just over $777,000. Customer losses also fell to around $490,000 in 2011, down from $1.1 million in 2010.

Do Not Kill Registry is Official IT Hack Protest Site of the Week: “In response to the establishment of a national ‘kill list’ and the expansion of the United States’ predator drone program, the National Agency for Ethical Drone-Human Interactions has launched the Do Not Kill Registry. Adding your name to the registry will assist us in avoiding accidental casualties in our mission to make the world a safe place for Democracy and Free Enterprise.”