Shorts: Syria Hacks Israel ; Games Steal FB Credentials ; Evans Hotels Announces Breach

July 14, 2015 mitch tanenbaum Leave a comment

Computer hackers likely working for the Syrian regime and Hezbollah have managed to penetrate the computers of Israeli and American activists working with the Syrian opposition, exposing sensitive contacts between the sides.

Al-Akhbar, a newspaper serving as Hezbollah’s mouthpiece in Lebanon, published a series of articles over the weekend purporting to divulge correspondence between Mendi Safadi, a Druze Israeli and former political adviser to Deputy Regional Cooperation Minister Ayoub Kara, with members of the Syrian opposition around the world, taken from taken from one of the computers which were hacked.

Source: Times of Israel.

Cowboy Adventure, with over a half million downloads and Jump Chess, with a few thousand downloads, both from Tinker Studio, capture the user’s Facebook userid and password and send them to a capture server which is dynamically selected.

The games may have passed testing because they do not capture information from American IP addresses – at least for now.

The games have been removed from the play store. This just points out that crooks are getting more cagey as the testing gets more mature.

Source: SC Magazine .

Evans Hotels, based in California, announced that some of their customers payment card information was stolen. How many was not disclosed.

The hackers operated in the hotel between September 2014 and March 5, 2015. The hotel discovered that malware was installed on the front desk computers – how, they did not say. The front desk system normally uses credit card readers that encrypt the data at the source.

The problem occurred because the front desk used the old non-encrypting readers when the desk was busy. Cards swiped on those readers could be compromised. Those readers have now been removed (? and crushed?)

The hotel chain tried to figure out which cards were read on which reader, but were not able to do that.

The moral here is that keeping old, unsecure technology around for a “backup” is probably not a good idea.

Source: SC Magazine .