Lulzsec member indicted for part in 2011 cyber attacks

A 19-year-old Essex man has been indicted by a federal grand jury in the United States for his part in the Lulzsec hacking group, which claimed responsibility for a number of attacks on media and video game websites last year.

Ryan Cleary was arrested in June 2011 and charged with violating the Computer Misuse Act and the Criminal Law Act 1977.

Now the Los Angeles Times has released a copy of the indictment, which claims Cleary “developed software for, and maintained and controlled a large botnet” which he used to “conduct DDOS attacks against various corporate and government entities”.

The papers also accuse Cleary of renting out his botnet to other cybercriminals.

Lulzsec first came to attention in May 2011 when they claimed to have hacked the Fox Entertainment website, taking responsibility for leaking employee information and user passwords as well as a database of applicants for TV talent show X Factor.

An offshoot of hacktivist group Anonymous, the group then went on to attack public television provider PBS, Sony Pictures Entertainment and the online game League of Legends amongst others. Crimes varied from simply bringing down websites to stealing and releasing confidential user data.

In a blog post for PC World, freelance technology writer Ian Paul pointed out that while the group probably didn’t have any particularly sinister motives, their actions were still putting users at risk.

“As its name suggests, LulzSec claims to be interested in mocking and embarrassing companies by exposing security flaws rather than stealing data for criminal purposes,” Paul wrote on June 3 2011.

“But that doesn’t mean others won’t capitalize on security flaws exposed by the online pranksters.”

Cyber-attacks like the ones perpetrated by Lulzsec can have major impacts on businesses. Often a red cell assessment can be the best way to defend your business against an attack, by simulating a legitimate security penetration attempt.

Cyber Security Awareness week highlights importance of PCI DSS compliance

June 12 marked the start of Cyber Security Awareness week in Australia, as the government looks to encourage better understanding of online safety in both the public and private sector.

Minister for broadband, communications and the digital economy Stephen Conroy was on hand to stress the importance of remaining vigilant when dealing with cyber security.

‘The internet is an integral part of our everyday life whether shopping, socialising or doing business,’ said the minister.

‘It is, therefore, important that Australians are able to take full advantage of the benefits offered by the internet in a safe and secure manner, whether they are on their laptop, smartphone or gaming console.’

A range of events have been scheduled, including conferences, workshops and forums all aimed at encouraging cyber security awareness.

Sponsors for the event include global industry leaders like Google, Facebook and PayPal.

Cyber Security Awareness week is a good time for businesses to consider their own security standards and ensure they comply with the rules and regulations surrounding dealing with online retail services.

The official Stay Smart Online website has a range of tips for small to medium businesses, and notes that as more retailers turn to the internet to reach customers, having effective online security practices grows increasingly important.

All businesses that deal with credit or debit cards must ensure they comply with the Payment Card Industry Data Security Standard (PCI DSS), a set of rules and regulations aimed at ensuring secure online payment systems.

The PCI DSS is not a one-size-fits-all standard, as businesses of different sizes will find they have different requirements.

This can be confusing, particularly for small businesses, so a professional PCI DSS compliance test is often the best way to ensure your business is meeting its responsibilities when it comes to ensuring consumer safety.

Lastfm investigating user password security issue

Music website Lastfm is currently investigating a potential security breach, according to a blog post released June 7.

The news follows yesterday’s report of a major hacking incident on professional social networking site Linkedin, which saw a reported six million user passwords stolen.

Lastfm has requested that all users currently registered with the site change their password immediately, to a different log-in than they use on other websites.

Businesses with concerns over the risk of unwanted access to confidential information should consider penetration testing.

This is a means of determining weaknesses in security protocols, and provides a complete analysis of the systems and applications that may need improvement.

Through this evaluation, businesses can take the necessary steps to insure information is secure and private, and greatly reduce the risk of cybercrime.

Lastfm allows users to build a music profile which provides information and recommendations based on listening habits. Both a free service and an advertisement-free subscriber’s service are available.

“We’re sorry for the inconvenience around changing your password; Last.fm takes your privacy very seriously,” wrote the Lastfm team.

“We’ll be posting updates in our forums and via our Twitter account (@lastfm) as we get to the bottom of this.”