Compromised Google, Facebook, Twitter Password is the Least of your Problems

American news media and blog sites have been flooded with warnings from cyber do-gooders for everyone to change their Google, Facebook, Yahoo and Twitter passwords after more than 2 million accounts have been compromised.

But if your system was one that was compromised, changing your password is the least of your worries.

Trustwave Spiderlabs announced on Tuesday that a Russian Pony Botnet server has been identified that had stolen credentials for about 2 million accounts. But this isn’t that big of a deal to Americans as of these, the mass majority were from systems in the Netherlands:

Only a tenth of a percent of systems affected were in America, for a grand total of 1,943 accounts!

And boys and girls, this is a Russian botnet server, which means that if your account is one that has been compromised by the botnet, guess what?

Your machine is most likely still infected with a keylogging, account stealing Trojan!

You may want to scan it for viruses and get that botnet client off your system!

This is not the only Pony Botnet Server out there either. In June SpiderLabs found a smaller one that had 650,000 credentials on it.

And while we are talking passwords, unbelievably, it looks like people are still using simple passwords on their social media accounts.

Here are a list of the top 10 passwords used according to SpiderLabs Analysis:

The number one password used was “123456”…

Crazy…

Advertisements

Obama’s Facebook and Twitter Compromised by Syrian Hackers

Barack Obama

The Syrian Electronic Army (SEA), a Syrian based hacker group known for redirection and denial of service attacks on media and political targets, briefly altered links from Obama’s social media sites to point to videos created by the SEA.

The attack was made possible not by hacking the websites, but by compromising the link shortening service that the President’s campaign team used on several websites.

According to the SEA’s twitter feed, for a while Twitter eventually blocked the links all together and visitors saw this:

Barack Obama 2

In a series of e-mails to news site Mashable, allegedly the SEA hackers claimed they compromised BarackObama.com by attacking one of the site’s administrators:

“In a follow-up email, the SEA provided screenshots that show how it altered the links in Obama’s social media posts. The group appears to have hacked the email address of Suzanne Snurpus, one of the administrators of BarackObama.com, and it gained access to a control panel for the site.”

For more information see the Mashable website.

Twitter Hacked: About 250,000 User Accounts Possibly Compromised

Seems to be the week for large media attacks. The NY Times and WSJ were hacked earlier this week and Twitter announced earlier today that they had a security breach and the credentials for about 250,000 accounts could have been compromised.

“This week, we detected unusual access patterns that led to us identifying unauthorized access attempts to Twitter user data. We discovered one live attack and were able to shut it down in process moments later. However, our investigation has thus far indicated that the attackers may have had access to limited user information – usernames, email addresses, session tokens and encrypted/salted versions of passwords – for approximately 250,000 users.

As a precautionary security measure, we have reset passwords and revoked session tokens for these accounts. If your account was one of them, you will have recently received (or will shortly) an email from us at the address associated with your Twitter account notifying you that you will need to create a new password. Your old password will not work when you try to log in to Twitter.”

Apparently the culprit of the breach was, drum roll please, a Java vulnerability. Twitter recommends disabling Java if it is not necessary, use different passwords for each site and if you are using weak passwords to change them now!

“Make sure you use a strong password – at least 10 (but more is better) characters and a mixture of upper- and lowercase letters, numbers, and symbols – that you are not using for any other accounts or sites. Using the same password for multiple online accounts significantly increases your odds of being compromised.”

Apparently Twitter was able to catch the hacker in progress and shut him out. They are working with Law Enforcement agencies to track the attackers and shut them down.

No source has been mentioned as to who the hackers were or where they were from. There was a lot of finger pointing at China earlier this week with the NY Times and WSJ attacks, not sure if I buy into that at this point. China (at least the military backed hackers) is usually more interested in cyber espionage and targets of strategic importance.

Israel using Air Strikes, Tweets and YouTube in the Battle Against Hamas

In response to yet another barrage of Hamas rocket attacks, Israel strikes back with targeted air strikes, but also with social media including tweets and YouTube videos!

“Since the start of the operation yesterday, IDF forces have struck 105 terror targets in the #Gaza Strip”, the Official IDF spokesperson (@IDFSpokesperson) twitter feed stated just a few minutes ago.

The IDF tweeted that over 50 rockets were fired from Gaza at Israel since yesterday, making the total rockets launched against Israel in 2012 more than 800!

Attacks against Israel by the terrorist group Hamas is not a new thing. And according to the IDF over one million Israelis are under threat of the attacks. The following map shows the different rockets that terrorists are using against Israel and the population that is within reach of the weapons:

But Israel is not defenseless against these threats. As IDF airstrikes and Naval assaults take out launch sites, their “Iron Dome” missile shield takes out incoming rockets that are aimed at populated areas. The Iron Dome is a system somewhat like the American Patriot missile batteries, but it can track and intercept smaller incoming projectiles like rockets and artillery rounds.

According to the IDF, “People in southern Israel have 15 seconds to run to shelter every time a rocket alarm sounds“, and “Tonight, more than 1 million Israelis are going to sleep in bomb shelters” but it sounds like Israel’s missile shield is performing very well as of tonight, “the Iron Dome system successfully intercepted 28 rockets fired from Gaza at major Israeli population centers.”

Israel is not just using Twitter to keep the world up to date on the defensive operation, they are also using YouTube. The following warning to Hamas was sent out about 10 hours ago:

And then an hour later a Twitter notification that Israel had eliminated Ahmed Jabari, the alleged head of Hamas Military Wing with this poster attached:

And finally a Tweet claiming a pinpoint strike on Ahmed Jabari, including a link to a YouTube video:

Of course Hamas is threatening retaliation. And I am sure Islamic cyber groups and hacktivists will get involved because of Israel’s choice to use social media. We shall see what comes of this in the days to come.

As for now, my heart goes out to all those who are suffering tonight. And as the Bible says, please pray for the Peace of Jerusalem.