Russian Hackers Expose FBI, CIA Directors’ Credit Reports, Drama Ensues

In security terms the importance of this story is very low. Credit reports are something any PI can pull; perhaps now that the who’s who has had theirs yanked they’ll implement a little more privacy. Perhaps people will even learn to stop trusting organizations and companies to protect them. Maybe? Hopefully?

Still, the drama is too amazing not to comment on. It’s one of the more amusing to read stories of shadowy attack and counterattack I’ve heard.

At least we can draw a halfway decent lesson out of it: the key to protecting secrets is not to try and cover everything, but to pick a few key things and lock ’em away.

Right, so grab a beer…

A group of evidently Russian hackers posted SSN’s and credit reports for a broad swath of A-list celebrities in culture and government, including the heads of both the FBI and the CIA. (Russia Today gleefully reports that the latters’ account with Nordstrom is not in the greatest shape.)

Bill Gates, Schwarzenegger, Tom Cruise, and a whole lot more also made the list. (Apparently Paris Hilton’s credit is excellent, with a score of 742.)

The Russians led off their leaks with a quote: “If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve.” (Very dualistic. Harkens back to the days of the Cold War, when it was just them against the Main Adversary.)

A few notable figures among the Western security community immediately busied themselves with digging in to the people behind Exposed.su. Evidently in connection with a post that suggested the Russian underground’s pay-per-report service couldn’t hold a candle to the US’ (free) annualcreditreport.com for illicit financial revelations, Brian Krebs got SWATted.

The Peter Parker of the Internet Underground was preparing for a dinner party when he opened the door to find his local police arsenal’s business ends all pointed at his face… despite having told them months ago that this would happen eventually. (They’d called first to check if it was a prank, but he was too busy vacuuming.)

Krebs being a sharp guy, he talked things down and got back to working on his dinner party. (He did post a very interesting link to his Twitter feed, on an unrelated but perhaps useful topic: http://online.wsj.com/article/SB10001424127887324077704578358381575462340.html )

http://exposed.su <– be VERY careful if you decide to visit this http://gawker.com/exposed%27su/
https://krebsonsecurity.com/2013/03/the-world-has-no-room-for-cowards/
http://krypt3ia.wordpress.com/2013/03/14/%D0%B8%D0%B7-%D1%80%D0%BE%D1%81%D1%81%D0%B8%D0%B8-%D1%81-%D0%BB%D1%8E%D0%B1%D0%BE%D0%B2%D1%8C%D1%8E/ http://rt.com/usa/hackers-cia-brennan-financial-records-334/
http://nakedsecurity.sophos.com/2013/03/12/celebrity-hack-social-security/http://nakedsecurity.sophos.com/2013/03/12/celebrity-hack-social-security/

“And if you’re wondering, yes, the head of the Central Intelligence Agency is indeed up-to-date in terms of paying both his Banana Republic and Brooks Brothers cards. His account with retailers Nordstrom, however, is a whole other story.”

Advertisements
%d bloggers like this: