Scammers pretended to be tech support to get people to install malware; very sophisticated program used in bank DDoS attacks; group says it hacked 100 U.S. universities; and other news from the week. Not a security story but too good to pass up: Does playing World of Warcraft makes you unfit for office? You’d think that this would not be a good moment for a political party to alienate 9 million potential voters, yet the Maine GOP has decided to attack state Senate candidate Colleen Lachowicz on the grounds that she plays WoW. Apparently being an orc assassination rogue with a potty mouth means you shouldn’t hold such an illustrious office. (They clearly forgot the nation owes the phrase “expletive deleted” to President Nixon.) As Politico put it: In an unusual press release issued Thursday, the Maine GOP attacked Lachowicz for a “bizarre double life” in which she’s a devotee of the hugely popular online role-playing game World of Warcraft. In the game, she’s “Santiaga,” an “orc assassination rogue” with green skin, fangs, a Mohawk and pointy ears. What’s the big deal? Speaker of the House John Boehner has orange skin, after all. A few choice quotes from Lachowiz’s comments on WoW: “Oh and I can kill stuff without going to jail. There are some days when this is more necessary than others.” “That is the joy of the VM (Vagina Monologues) traditional or trans. Yelling C*** onstage always cracks me up!” But my favorite is this one from her blog on the DailyKos concerning tax policy: “Now if you’ll excuse me, I may have to go and hunt down Grover Norquist and drown him in my bathtub.” Her opponent, incumbent state Sen. Tom Martin, said he hadn’t heard about either the press release or Lachowiz’s hobby until a reporter asked him about it and I’m inclined to believe him. He said he’s met his opponent once and she “seemed like a nice lady.” He added that he deplores “mudslinging politics.” Expert fingers DDoS toolkit used in bank cyberattacks (CSO) “Cyberattackers who disrupted the websites of U.S. banks over the last two weeks used a highly sophisticated toolkit — a finding that points to a well-funded operation, one security vendor said on Monday. Prolexic Technologies said the distributed denial of service (DDoS) toolkit called itsoknoproblembro was used against some of the banks which included Wells Fargo, U.S. Bank, PNC Bank, Bank of America and JPMorgan Chase. “Each of the banks was struck on separate days. The attackers, who called themselves Izz ad-Din al-Qassam Cyber Fighters, claimed to be hacktivists angry over YouTube video trailers made in the U.S. that denigrated the Prophet Muhammad. Security vendors have questioned the attackers’ claims, saying the assaults were far more sophisticated than those launched by typical hactivists, a term used to describe hackers who target websites in the name of a political or social cause. Prolexic’s findings bolstered that belief.” “Hello, I’m definitely not calling from India. Can I take control of your PC?” (Ars Technica) The Federal Trade Commission today announced a broad crackdown on scareware scammers accused of using an ancient technology—the telephone—to trick thousands of unsuspecting victims into handing over full access to their Windows PCs. By cold-calling victims and claiming to be from companies like Microsoft, Dell, and McAfee, the scammers directed users to a harmless error log on their computers and told them it was a sign of a serious infection, the FTC said. The alleged scammers went on to charge anywhere between $49 and $450 to “fix” the consumers’ computers. At a press conference announcing six lawsuits filed in US District Court in New York, FTC Chairman Jon Leibowitz said at least 2,400 people—and probably many more—were tricked in this manner. The FTC believes such scams have cost consumers tens of millions of dollars worldwide. (Great article on being on the receiving end of one of these calls here.) Security flaws exposed at Washington, D.C. airports (NetworkWorld) The Metropolitan Washington Airport Authority (MWAA) earlier this year published a document to its website containing sensitive security information that terrorists could potentially have used to launch cyber and physical attacks against Reagan National and Dulles International airports in Washington, D.C. Group says it hacked systems at 100 major universities (NetworkWorld) “A hacking group that calls itself Team GhostShell this week claimed credit for breaking into servers at 100 major universities from around the world, including Harvard, Stanford, the University of Pennsylvania and the University of Michigan.” ‘Historic’ DDoS Attacks Against Major U.S. Banks Continue(ThreatPost) “PNC Bank appears, as promised, to be the latest victim of hacktivists carrying out denial-of-service attacks against major U.S. financial services institutions. PNC, out of Pittsburgh, joins Wells Fargo, J.P. Morgan Chase & Co. and Bank of America on a list of banks taken offline reportedly by a group who claimed responsibilities for the attacks as retaliation for the portrayal of Muslims in ‘Innocence of Muslims’, a series of movie trailers uploaded to YouTube.” Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks(ThreatPost) Adobe announced today it was the victim of an APT-style attack after two malicious utilities commonly used in targeted attacks for privilege escalation and pivoting within a network were discovered signed by a valid Adobe digital certificate. Adobe said it will revoke the certificate next week. Adobe products and services senior director of security Brad Arkin said in a statement that a build server with access to the Adobe code signing infrastructure was compromised and is the source of the issue. Anonymous Brings Government Sites Offline in Philippines to Petition Cybercrime Law (ThreatPost) “The National Telecommunications Commission (NTC) of the Philipines has asked for assistance from law enforcement after a handful of government sites in the country, including the NTC’s site, were brought offline this morning in a hack allegedly carried out by PrivateX, an offshoot of the hacktivist group Anonymous.” Related content opinion Why Bitcoins are Just as Viable as Any Other Currency The true value of any currency is a reflection of how much people believe it's worth, according to CIO blogger Constantine von Hoffman. But it's wise to remember just how fast beliefs can change. By Constantine von Hoffman Apr 15, 2013 4 mins Government Technology Industry opinion No Surprise: Docs Show Obama Administration Lying About Drones President Obama has repeatedly said drones would only be used against members of al Qaida and allied groups. However, leaked intelligence documents show the administration has been using them to settle political and tribal feuds for at least four yea By Constantine von Hoffman Apr 10, 2013 3 mins Regulation Government opinion How Big Data Can Quickly Become Big Garbage The bigger the data the bigger the chance of mistakes or inaccuracies. In that vein, a large database used by retailers to screen people accused of stealing from employers is identifying innocent people and could result in major lawsuits, according t By Constantine von Hoffman Apr 04, 2013 2 mins Big Data opinion Why Crazy Trumps Logic on the Internet The earth is flat. Vaccines cause autism. 9/11 was a government conspiracy. These are just a few of the many ideas that continue to find adherents online despite overwhelming proof that they're not based on fact. CIO.com blogger Constantine von By Constantine von Hoffman Apr 02, 2013 3 mins Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe