vDOS is a distributed denial-of-service (DDoS) kit that is allegedly responsible for most of the DDoS attacks in the past four years. Two teenagers have been arrested in Israel for their alleged link to the selling of the kit. The teenagers, Itay Huri and Yarden Bidani, both 18, were arrested on September 8 by Israeli authorities on the request of the FBI and are under house arrest and forbidden to use internet-connected devices for 30 days. The service has been running undercover for four years now until security researcher, Brian Krebs found a hole in another DDoS-for-hire service that enabled access to vDoS’s database leading to the arrest of the teenagers.
The vDoS service was offered for between $20 to $200 per month depending on how long the hackers wanted to operate and payment was preferred through Bitcoin digital currency. The database uncovered by Krebs had tens of thousands of paying customers and over $600,000 has been netted in the past two years by the operators.
Hacker, Guccifer was sentenced to 52 months in prison for unauthorized access to a protected computer and aggravated identity theft. He will also serve three years of supervised release; give up online storage accounts holding victim information and pay restitution to his victims. Marcel Lehel Lazar, known as Guccifer was responsible for unlawfully gaining access to private accounts of at least 100 Americans and making their private information public on the internet.
Lazar targeted both public figures and private citizens. In some cases, he impersonated his victims online and in many cases released victims’ private records including emails, medical records, financial information and photographs to the public.
Lazer pleaded guilty to the crime on May 25 and admitted to committing the crime while on probation in Romania for a previous computer hacking crime. He admitted using proxies to hide his location and smashing his computers and cellphone with an ax when he discovered his identity had been uncovered.
The Linux Kernel Organization that runs the ‘www.kernel.org’ website that is used for distributing the Linux kernel software was hacked and a South Florida based computer programmer has been arrested on charges of being responsible for the hack.
The programmer, Donald Austin was arrested and is being charged for causing damage to four servers of the Linux Kernel Organization by installing malicious software. Austin is accused of gaining unauthorized access to the four servers using the credentials of an individual associated with the organization and using his access to install rootkit and Trojan and also making changes to the server.
His next court appearance is on Septemer 21, 2016 in San Francisco at 9:30am. If convicted, he could face up to ten years of imprisonment and a fine of $250,000 + restitution for each violation according to helpnetsecurity.
Megaupload, a file sharing site that was seized by the Department of Justice in an online privacy investigation four years ago is now providing pornographic content and junk ads, The website which is still under the control of the FBI, previously only displayed a banner informing visitors that the domain was seized on its web pages.
According to the TorrentFreak article, the FBI last year failed to renew ownership of “Cirfu.net,” an expired domain name assigned to a nameserver where Megaupload.com visitors were being redirected. The domain’s new owner then used Megaupload.com to deliver malware. U.S. authorities “fixed this by removing the nameservers altogether, but it turns out that they didn’t do this for all seized domains,” the report explains. Once again Cirfu.net expired, allowing the latest owner to apparently abuse more Megaupload domains.
Global Financial Giant, Morgan Stanley has been fined for $1 million by the US Securities and Exchange commission for failure to protect information of it’s clients. According to the SEC, the bank “failed to adopt written policies and procedures reasonably designed to protect customer data.” This made it possible for an employee to transfer clients’ data to a private server from which the data is believed to have been breached.
The employee at the time, Galen J. Marsh, was criminally convicted for his actions in 2015 and received 36 months of probation and ordered to pay $600,000 in restitution.
Considering the amount of attacks suffered by organizations in recent times, organizations cannot afford to neglect policies and procedures that will enhance the security of their information and information systems any longer.
Morgan Stanley has agreed to pay the fine.