Game of PWNs
Nov 15, 2011 5:00 AM PT
This past week brought a plethora of cybersecurity news, with attackers going after everything from gaming platforms to advertisers' checkbooks.
Law enforcement scored a big win when the FBI announced that it had busted a major cyberfraud ring that infected millions of computers worldwide and scammed legit online advertisers.
In D.C., federal agencies are seeking to set standards for cybersecurity pros, with an interagency group, the National Initiative on Cybersecurity Education (NICE), publishing for comment a draft document that seeks to define professional requirements in this field.
Meanwhile, Apple has come down like a ton of bricks on noted cybersecurity researcher Charlie Miller for creating a proof-of-concept app that exploited a vulnerability in iOS.
Steam's Security Stumble
Hackers broke into Steam's database, which contains members' usernames, passwords, data about their game purchases, email addresses, billing addresses and encrypted card information, Valve said last week.
However, there's apparently no evidence that the hackers stole encrypted card numbers or information that could personally identify anyone, or that victims' cards are being abused by third parties.
Steam is the latest in a series of gaming companies to have been hacked this year. Earlier victims include the Sony PlayStation Network, Nintendo, Xbox Live and Square Enix.
"Gaming companies are the new gold mine of consumer identity information for hackers," data protection expert Wasim Ahmad, who's vice president at Voltage Security, told TechNewsWorld.
"Few gamers have thought about security the way that, say, financial services companies do," Ahmad added.
Combining data encryption and database activity monitoring to identify and block unusual or unauthorized activity "would have prevented Steam's database breach," Todd Thiemann, senior director of product marketing at Vormetric, told TechNewsWorld.
Gamers can protect themselves by using unique username and password combinations to prevent password reuse problems, Chris Harget, senior product marketing manager at ActivIdentity, suggested.
They should also use a low-credit-limit card to subscribe to game services, Harget told TechNewsWorld.
One Ring to Find Them
This past week, the Manhattan U.S. attorney charged seven people with cyberfraud. Six of the accused, all Estonians, are being held by the Estonian police pending the filing of extradition charges against them, but the seventh, a Russian, is on the lam.
The suspects allegedly released malware that took over 400 million computers worldwide to redirect victims to advertisements, a practice known as "clickjacking."
FBI spokesperson Peter Donald told TechNewsWorld that the Russian suspect, Andrey Taame, is still at large.
This bust is one of the latest examples of international cooperation among law agencies. Cooperation is vital in efforts to fight cybercrime because criminals don't recognize national boundaries.
Tentative Rules for Cybersecurity Pros
PCs at the National Aeronautics and Space Administration (NASA) were among the 500,000 U.S.-based computers infected by the cyberfraud ring.
Things may change soon, however. The National Initiative on Cybersecurity Education (NICE), an interagency cybersecurity group, has published a draft document aimed at defining common terms, requirements and skill sets for pros in this field.
Whether codifying the requirements for cybersecurity pros will help improve matters remains to be seen.
The Defense Advanced Research Projects Agency (DARPA) has admitted it is losing ground in the battle to secure cyberspace, and it's reaching out to hackers for help, hoping they can bring new and unconventional strategies to the table.
Apple Crushes Cyberworm Discoverer
Finally, Apple has kicked Charlie Miller, who's noted for hacking the Mac OS, out of its iOS developer community and has barred him from returning there for a year.
This was apparently in response to Miller's having posted an app on the iTunes App Store that exploits a new vulnerability in iOS.
That app is a proof-of-concept hidden inside a fake stock ticker program and approved by Apple for upload to the iTunes App Store.
It shows that Cupertino's app approval process isn't adequate and no app in the App Store is truly safe, Miller said.