Archive for the ‘Data Breach’ Category

Kippo Honeypot BotNet Takedown

February 16, 2014 1 comment

Kippo Honeypot BotNet Takedown

I wanted to post this over here as well for some folks who may have missed the Kippo Honeypot BotNet Takedown article released this past Friday at Barracuda Labs. This article has a lot of technical details for anyone looking to get down and dirty. You can also click the link to download the technical transcript I received from an unnamed source I called “Bob” for the article.

Please leave comments here or at the Barracuda Labs blog site.

Thanks again for stopping by.


Cloud storage data risks and encryption

On March 8th, 2012 I submitted a blog titled “Cloud storage data risks and encryption” at Naked Security pointing out the risks associated with using cloud storage providers such as Dropbox. To be clear, I’m not suggesting to move away from such services, but to augment them with a layer of encryption which you can control. That is exactly how I use them.

For example using SafeGuard PrivateCrypto for standalone free file based encryption use or SafeGuard Encryption for Cloud Storage if you are looking for enterprise class software such as SafeGuard Enterprise.

I’m excited for mid-2012 when the smartphone encrypted file readers will be available. Definitely a sweet integration point there.

I hope you enjoy the blog article and please comment either here at DSPN or Naked Security. If you make a reasonable comment which invokes the need for me to reply, I will make every attempt to engage you in a conversation.

Until next time, keep it safe and secure online.

Health Information Privacy –

From the website:
“As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.  These breaches are now posted in a new, more accessible format that allows users to search and sort the posted breaches.  Additionally, this new format includes brief summaries of the breach cases that OCR has investigated and closed, as well as the names of private practice providers who have reported breaches of unsecured protected health information to the Secretary.  The following breaches have been reported to the Secretary:”

Breaches over 500

Breaches affecting over 500 individuals

While searching for statistics on data breaches, I stumbled upon the U.S Department of Health and Human Services web page for Breaches Affecting 500 or More Individuals. As of this posting there are 288 recorded incidents of unprotected health information leaking since September 9th, 2009. I like how the HHS offers to save the entire data set of information in CSV and XML formats for personal consumption. For example, this gives you the ability to sum the total of ‘Individuals Affected’ column to put things in perspective.

Sony Data Breach Timeline

In an effort to keep things straight in my head, it made sense to create a timeline of the Sony data breaches (and near data breaches) which were reported either by Sony or by the individuals themselves. This chronology is primarily the attacks which resulted in data loss pieced together by different news sources and not any of the other events in the timeline, such as PSN coming back online. If you find something that’s in need of being updated, please send me an email through this blog.

Hopefully Sony will get their security straightened out in time before the next attack occurs.

Sony Business Unit

(or suspect)

1 April 17th
Sony PlayStation Network/Qriocity Anonymous
2 May 2nd
Sony Online Entertainment
3 May 5th
Sony Electronics, Inc. Sony
Sony Electronics, Inc.
  • The Hacker News coverage of this data breach, which doesn’t look like a hack attack, explains how this is negligence. Using a Google search for on “ filetype:xls” resulted in access to an Excel spreadsheet containing 2,500 pieces of user data. As the THN puts it “Huh, is this called Hacking ????” Well said. It’s called searching.
  • Naked Security Blog Posting
4 May 17th
Sony PlayStation Network/Qriocity
  • The Hacker News coverage of this attack explains that it’s not a true hack, simply reuse of already exposed user data.
5 May 20th
Sony Thailand
  • No public claim has been found for this attack.
  • In this attack a phishing website was setup targeting an Italian credit card company on the Sony Thailand web server. I couldn’t find any definitive quantity of lost user data, but it’s safe to say there’s a high probability of a breach. Magnitude unknown, nonetheless, a breach.
  • source from Digital Trends posting
6 May 21st
So-net Entertainment
  • No public claim has been found for this attack.
  • Computer World reported that So-net, an ISP subsidiary of Sony, had a breach of about $1,200 virtual tokens by the intruder redeeming 130 accounts. In addition, 73 accounts were breached, but not redeemed, and 90 e-mail accounts were compromised.
7 May 21st
Sony Music Indonesia Defaced k4L0ng666
  • While no actual data was taken during this defacement, it existing in the timeline.
  • The Hacker News report on this defacement.
8 May 22nd
Sony BMG Greece b4d_vipera
9 May 23rd Sony Music Japan Lulz SecurityLulzSec
10 May 24th Sony Ericson
11 June 2nd Sony Pictures Lulz Security
  • Lulz Security made is very clear they were behind this data breach. They broadcasted their activities under operation “Sownage” which is a pun on ‘Sony’ + ‘ownage’. The most disturbing aspect of this is that Sony didn’t use any obfuscation/hashing/encryption on the passwords.
  • “Over 1,000,000 users’ passwords, email addresses, home addresses, dates of birth, as well as administrator login passwords acquired by hackers ”
    (source DATALOSSdb ID: 3790)
  • This incident 3790 also includes data from Sony BMG Belgium and Sony BMG Netherlands.
  • Naked Security blog posting
12 June 3rd Sony Europe idahc_hacker
  • Idahc was at it again using another simple SQL Injection method to gain unauthorized access to 120 usernames, passwords (plain text), mobile phone numbers, work emails and website addresses.
  • Naked Security blog posting
13 June 5th Sony Pictures Russia
  • An undisclosed group or individual used another simple SQL Injection method to gain unauthorized access. Extent of the data breach is still undetermined. This could have possibly been an upstart hacking club testing the waters and their salt.
  • Data loss included the database structure of the cosmocard_1 catalog.
  • Naked Security blog posting
14 June 6th Sony CED Network Lulz SecurityLulzSec
  • In a couple of tweets LulzSec presented Sony Computer Entertainment Development Network source code out into the wild. SQL Injection method to gain unauthorized access to 120 usernames, passwords (plain text), mobile phone numbers, work emails and website addresses.
  • Via they shared the source code in a 58MB download in the form of a torrent.
  • The Hacker News coverage
15 June 6th Sony BMG Music NA Lulz SecurityLulzSec
  • In the same torrent made available on, Lulz Security made publicly available Sony BMG internal network diagrams.
  • The network diagrams included a great deal of detail about the Sony BMG Music network. Unfortunately for the author, Shawn Gyorfy, it included his name. I like to take pride in my work as well, but not when it’s labelled ‘INTERNAL USE ONLY’ for the world to read. In addition to the diagrams, there were PDFs which included hub sites, router IDs, Circuit IDs, IP addresses, site contact names and phone numbers, VLAN information, networking product make, model, hostname and management IP address.
  • The Hacker News coverage
16 June 8th Sony BMG Music Portugal idahc_hacker
  • Idahc the Lebanese hacker in a pastebin post declared that he or she is not a black hat hacker, but a gray hat. Idahc backed this statement up by only dumping Sony customer’s email addresses and not the entire database.
  • The attack was conducted by exploiting 3 flaws in the Sony web site, which were 1) SQL injection, 2) XSS and 3) iFrame injection.
  • Naked Security blog post
17 June 8th The Sony Marketing Co.
  • This is from the Sony Japan web site:
  • The Sony marketing company, to dawn on June 8, “spoofing” occurs for unauthorized access attempts by a third party e-mail address and password, and Sonisutoa earn by shopping for Sony products in Sony ” “point, and we found that there is a possibility that the exchange coupon and shopping available in Sonisutoa.
    We have so minimize the damage done to the following measures.
    The evidence of leakage of personal information including email address and password from us is not confirmed.
    The situation, apologize for the inconvenience and worries that your customers and everyone in between.
  • Number of potential email addresses used to exchange illegal exchange status by fraud masquerading Sony Points ■: Number of points that were considered illegal to exchange coupons shopping 278,000 95 points (about 280,000 yen worth)
18 June 19th Sony Pictures France idahc_hacker
  • Idahc the Lebanese hacker did a duet with his French friend Auth3ntiq on Sony Pictures France. In a pastebin post declared again that they are not black hat hackers. Possibly in a ruch but this time they didn’t state that they are gray hat hackers.
  • Using another SQLi, the data breach included the /etc/passwd file dump and a snippet of “emails found : 177172”.
%d bloggers like this: