More Destructive 2014 Hacks: Snapsaved Had it Coming

Hacker

Today we look at more of the biggest enterprise intrusions of 2014, as showcased by Kim Zetter for Wired (see our opening article here):

  • Home Depot – And You Thought Target Was Bad
  • Jennifer Lawrence Naked – Don’t Look, You Creeps
  • Snapsaved – They Had It Coming
  • Twitter – Never Going to Let You Down
  • Bitcoin – Um, Maybe this Wasn’t a Good Idea
  • I’m Afraid!

Home Depot – And You Thought Target Was Bad

Home Depot now feels the pain of Neiman Marcus, Michael’s, and Target. The hardware box store chain revealed in September that it had been hacked, compromising the payment card numbers of 56 million people – 10 million more than were stolen from Target. Kim notes that the intruders were inside the corporation’s network starting in April, after two previous attempts that resulted in minor damages. Independent security professionals had allegedly recommended that Home Depot install additional data safeguards that could have prevented the breach, but the company had not acted in time.

Jennifer Lawrence Naked – Don’t Look, You Creeps

Hackers ran roughshod on Jennifer Lawrence’s genitals in September, posting pictures of them for everyone to see. 4chan users released more than 500 images supposedly sourced from 100 iCloud accounts of media stars, in what some are calling “The Fappening.” Naked photos of Kate Upton, Kirsten Dunst, and others were included in the collection. According to Kim, analysts believe that the invasion of the Apple system resulted from a weakness “that failed to limit the number of times someone can attempt to open an account with a password, making it possible for someone to brute-force their way in with repeated password guesses.”

Tim Cook, CEO of Apple, said that its systems had not been hit with brute-force. Instead, one of two things happened: Either the hackers were able to answer the stars’ password-reset security questions, or the celebrities were targeted with phishing emails.

Apple also responded with two new features:

  1. Two-factor authentication
  2. Email notification when anyone attempts login from a new IP.

Snapsaved – They Had It Coming

Let me get this straight: They come out with an application that allows you to send messages that disappear after just a few seconds of viewing. You think to yourself, “You know what I should do? I should start saving this data from all these users who clearly don’t want the data to be saved, because that’s how messed up my head is! I demand an application to save these things!”

If you are one of these strange creatures, then you may have just been exposed in a release of 13 GB of information from Snapchat accounts, a total of almost 100,000 videos and photos.The images were posted through file-sharing system Pirate Bay by a 4chan user. The media was stolen out of Snapsaved, a service that panders to the Snapchat weirdos who wanted to save all the temporary files these people were sending them.

Twitter – Never Going to Let You Down

Have you ever wanted to write on Twitter, “I just farted,” and then compel the NPR Twitter handle to immediately retweet it? Well, sadly, and incomprehensibly, various people recently had that power and did not use it to do that.

An Austrian teenager found a bug in TweetDeck, a separate and widely-used Twitter software that helps tweet-hounds manage their newsfeeds. Many people responded by taking advantage of the opportunity to be a puppetmaster, turning the BBC and other Twitter users into their sock puppets. The teen discovered that he could send JavaScript in a tweet that would create pop-up alerts seen by other users or allow re-tweeting of messages through their accounts. People who exploited the vulnerability were mostly fooling around, writing retweet messages such as “Yo!” and the straightforward rickroll, “Never going to give you up, never going to let you down.” The teen figured out the vulnerability when he attempted to tweet a symbol of a heart. When his joyride was over, 30,000 accounts had retweeted his heart message, changing the world from a place of darkness and misery to a wonderland of ebullience and togetherness.

Bitcoin – Um, Maybe this Wasn’t a Good Idea

Bitcoin and similar projects in some ways seem like a great idea. For those who want to get away from currencies that they believe are being manipulated, it offers an alternative to the dollar or the pound or even commodities such as gold or corn – the latter of which have also proven wildly unstable in recent years. For instance, if you take the current example of crypto users, there are people these days that tend to invest their bitcoins on online gambling platforms (check out this dice crypto here, if interested) to earn an extra income.

However, Bitcoin has not been a peaceful environment. Silk Road 2.0, which sold drugs online in a similar manner to the first rendition that was subsequently shut down, was infiltrated and had all of its money removed, approximately $2.6 million worth of Bitcoins.

Three Bitcoin organizations were struck as well: Flexcoin, Poloniex, and CoinEx.

I’m Afraid!

The world can be a scary place, so you want a cloud provider that goes beyond “due diligence” and gets objective verification of its mechanisms. Our three data centers are as SSAE 16 audited, so you can choose our cloud with confidence.

By Kent Roberts