WikiLeaks

A screen shot of the ransom demand apparently posted on the Virginia Prescription Monitoring Program’s Web site last week.

The FBI is investigating a $10 million ransom demand by a hacker or hackers who say they have stolen nearly 8.3 million patient records from a Virginia government Web site that tracks prescription drug abuse, an FBI official confirmed Wednesday.

The state police in Virginia are also investigating the possible breach of confidential records.

The FBI official said the Virginia Information Technologies Agency (VITA) referred the case to the FBI last week, asking for help.

Asked whether people’s personal information is secure, the official said he couldn’t say.

“I really can’t make a declarative statement as to whether anyone’s information is in jeopardy at this point,” the official said.

Asked whether people have been notified that their information may have been breached, the official said it would be up to VITA to do that.

http://www.foxnews.com/story/0,2933,519187,00.html

(WEB HOST INDUSTRY REVIEW) — The past few months has seen a rise in large distributed denial of service attacks which threaten to send entire countries offline, raising concerns among Internet security experts in the Internet infrastructure that help contribute to these attacks, according to a report by The Washington Post.

These DDoS attacks use botnets to send large amounts of spam to websites to the point where it cannot handle incoming traffic from its regular visitors.

In the past six months, DDoS monitoring firm Arbor Networks (www.arbornetworks.com) says it has witnessed a rise in the number, sophistication and size of these attacks, while perpetrators seem to be targeting larger ISPs.

Earlier this month, domain registrar Register.com was hit by a major DDoS attack that caused causing intermittent outages for about 48 hours.

The Post article also cites recent DDoS attacks against dedicated managed hosting provider The Planet, which it says was hit by a “massive” DDoS attack on April 6 and 7, as well as Brazillian ISP Telefonica, which lasted for several days.

Though DDoS attacks are typically seen as the work of cyber criminals who are seeking some kind of financial compensation in exchange for retreating these attacks.

All three of the aforementioned companies were performed in precise intervals over a period of days, according to The Post.

Experts say that the nature of these attacks suggest that the hackers were just showing off their malicious capabilities to attract media coverage in an effort to draw interest from criminals that would hire them for their services.

The domain name system contains many DDoS assault attack weaknesses, which is a key component of the Internet.

Since the global DNS system does not yet have a widely deployed system in place to confirm the location of an individual requesting a site’s location, it makes it harder to block DDoS attackers that lie about their location, according to The Post.

Additionally, there has also been a rise in the number of botnets used to attack networks has largely increased because of globally-spreadl viruses like the Conficker worm.

These attacks are significantly easier to defend against as inffective individuals can work with their ISP to find and drop traffic from the Internet source.

ISPs can also improve their defense against DDoS attacks by adopting long-established Internet best practices.

Source http://www.thewhir.com/web-hosting-news/050109_Internet_Sees_Rise_in_DDoS_Attacks

Almost half of all malicous attacks are done by an internal entity.  Do your employees know how to protect their data?  Don’t guess, get security awareness training from Parameter (End Shameless Plug)

– Dave

News

Monday, 20 April 2009 08:22

It has come to light that Wal-Mart has suffered a breach in its staff data system due to a former employee leaving their job with confidential records. The information is said to refer to 48,000 members of staff in the state of Illinois, America. Security of information has also been a source of several news stories here in the UK as govermnment ministers have accidentally leaked information through mishaps. The breach occurred in mid-2007 and has only just emerged in the media. The language of the documents exposed was generalised, projected and chain-wide, begging the question: how many people’s personal security has been compromised by this? Considering the chain employs 1.8 million members of staff, this is a large loss of personal information which may take the form of private co-ordinates, bank account details for payrolls, tax codes and details, etc. The breach is feared to be more than localised and is being looked into by senior staff.

Twitter tormented by nettlesome computer program

Unwelcome computer program disrupts the chatter on Twitter, adding to service’s growing pains

• Monday April 13, 2009, 3:24 pm EDT