by Constantine von Hoffman

Security Round Up: FTC Busts Tech Support Scam, Airports and Banks Compromised

Oct 05, 20125 mins

Scammers pretended to be tech support to get people to install malware; very sophisticated program used in bank DDoS attacks; group says it hacked 100 U.S. universities; and other news from the week.

Not a security story but too good to pass up: Does playing World of Warcraft makes you unfit for office?

You’d think that this would not be a good moment for a political party to alienate 9 million potential voters, yet the Maine GOP has decided to attack state Senate candidate Colleen Lachowicz on the grounds that she plays WoW. Apparently being an orc assassination rogue with a potty mouth means you shouldn’t hold such an illustrious office. (They clearly forgot the nation owes the phrase “expletive deleted” to President Nixon.)

As Politico put it:

In an unusual press release issued Thursday, the Maine GOP attacked Lachowicz for a “bizarre double life” in which she’s a devotee of the hugely popular online role-playing game World of Warcraft. In the game, she’s “Santiaga,” an “orc assassination rogue” with green skin, fangs, a Mohawk and pointy ears.

What’s the big deal? Speaker of the House John Boehner has orange skin, after all.

A few choice quotes from Lachowiz’s comments on WoW:

“Oh and I can kill stuff without going to jail. There are some days when this is more necessary than others.”

“That is the joy of the VM (Vagina Monologues) traditional or trans. Yelling C*** onstage always cracks me up!”

But my favorite is this one from her blog on the DailyKos concerning tax policy:

“Now if you’ll excuse me, I may have to go and hunt down Grover Norquist and drown him in my bathtub.”

Her opponent, incumbent state Sen. Tom Martin, said he hadn’t heard about either the press release or Lachowiz’s hobby until a reporter asked him about it and I’m inclined to believe him. He said he’s met his opponent once and she “seemed like a nice lady.” He added that he deplores “mudslinging politics.”

Expert fingers DDoS toolkit used in bank cyberattacks (CSO) “Cyberattackers who disrupted the websites of U.S. banks over the last two weeks used a highly sophisticated toolkit — a finding that points to a well-funded operation, one security vendor said on Monday. Prolexic Technologies said the distributed denial of service (DDoS) toolkit called itsoknoproblembro was used against some of the banks which included Wells Fargo, U.S. Bank, PNC Bank, Bank of America and JPMorgan Chase.

“Each of the banks was struck on separate days. The attackers, who called themselves Izz ad-Din al-Qassam Cyber Fighters, claimed to be hacktivists angry over YouTube video trailers made in the U.S. that denigrated the Prophet Muhammad. Security vendors have questioned the attackers’ claims, saying the assaults were far more sophisticated than those launched by typical hactivists, a term used to describe hackers who target websites in the name of a political or social cause. Prolexic’s findings bolstered that belief.”

“Hello, I’m definitely not calling from India. Can I take control of your PC?” (Ars Technica) The Federal Trade Commission today announced a broad crackdown on scareware scammers accused of using an ancient technology—the telephone—to trick thousands of unsuspecting victims into handing over full access to their Windows PCs. By cold-calling victims and claiming to be from companies like Microsoft, Dell, and McAfee, the scammers directed users to a harmless error log on their computers and told them it was a sign of a serious infection, the FTC said. The alleged scammers went on to charge anywhere between $49 and $450 to “fix” the consumers’ computers. At a press conference announcing six lawsuits filed in US District Court in New York, FTC Chairman Jon Leibowitz said at least 2,400 people—and probably many more—were tricked in this manner. The FTC believes such scams have cost consumers tens of millions of dollars worldwide. (Great article on being on the receiving end of one of these calls here.)

Security flaws exposed at Washington, D.C. airports (NetworkWorld) The Metropolitan Washington Airport Authority (MWAA) earlier this year published a document to its website containing sensitive security information that terrorists could potentially have used to launch cyber and physical attacks against Reagan National and Dulles International airports in Washington, D.C.

Group says it hacked systems at 100 major universities (NetworkWorld) “A hacking group that calls itself Team GhostShell this week claimed credit for breaking into servers at 100 major universities from around the world, including Harvard, Stanford, the University of Pennsylvania and the University of Michigan.”

‘Historic’ DDoS Attacks Against Major U.S. Banks Continue(ThreatPost) “PNC Bank appears, as promised, to be the latest victim of hacktivists carrying out denial-of-service attacks against major U.S. financial services institutions. PNC, out of Pittsburgh, joins Wells Fargo, J.P. Morgan Chase & Co. and Bank of America on a list of banks taken offline reportedly by a group who claimed responsibilities for the attacks as retaliation for the portrayal of Muslims in ‘Innocence of Muslims’, a series of movie trailers uploaded to YouTube.”

Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks(ThreatPost) Adobe announced today it was the victim of an APT-style attack after two malicious utilities commonly used in targeted attacks for privilege escalation and pivoting within a network were discovered signed by a valid Adobe digital certificate. Adobe said it will revoke the certificate next week. Adobe products and services senior director of security Brad Arkin said in a statement that a build server with access to the Adobe code signing infrastructure was compromised and is the source of the issue.

Anonymous Brings Government Sites Offline in Philippines to Petition Cybercrime Law (ThreatPost) “The National Telecommunications Commission (NTC) of the Philipines has asked for assistance from law enforcement after a handful of government sites in the country, including the NTC’s site, were brought offline this morning in a hack allegedly carried out by PrivateX, an offshoot of the hacktivist group Anonymous.”