Security Brief: Rare Twitter Name Hacks, SpyEye Creator, Angry Birds Defacement

The most important events of the week between January 27 and February 3, 2014

In case you haven’t been online much over the past week, here’s your chance to catch up on some reading. There have been a number of interesting stories, so let’s take them one at a time.


Security researchers say they’ve uncovered the first ever Android Bootkit. Android.Oldboot.1.origin is said to have already infected hundreds of thousands of devices. The Trojan is distributed with the aid of rogue firmware updates.

Another interesting threat is HEUR:Backdoor.Java.Agent.a. This piece of malware is actually a Java bot that’s capable of launching DDOS attacks from infected computers, regardless if they’re running Windows, Max OS X or Linux.


24-year-old Russian national Aleksandr Andreevich Panin has admitted creating the notorious SpyEye banking Trojan. He will be sentenced in April 2014. Security researchers who have been cooperating with law enforcement on bringing Panin and his accomplice (Algerian man Hamza Bendelladj) to justice say the two aren’t too good at hiding their tracks.

Law enforcement organizations have been very busy. Police in Poland have arrested 5 Bulgarians allegedly involved in a payment card fraud scheme. French and Romanian police have dismantled an international network of Romanian payment card fraudsters.

A Russian man living in New York has been sentenced to 30 months in prison for taking part in a securities fraud scheme that involved hacking trading accounts.

11 students from a California high school have been expelled after hacking into school computers to change grades and obtain tests. They had used a keylogger to steal teachers’ passwords.

The founder of Liberty Reserve is doing everything he can to avoid being extradited from Spain to the US. He has told a court that US authorities have been hunting him since 2011, when he refused to hand over the Liberty Reserve source code to the FBI.


Mozilla has addressed a critical vulnerability in Thunderbird that could have been exploited to insert malicious code into emails. The security hole was reported in May 2013, but it was only fixed with the release of Thunderbird 24.

Yahoo has fixed a remote code execution vulnerability identified by security researcher Ebrahim Hegazy. The expert has published a video to demonstrate his findings. It’s still uncertain if the issue is covered by Yahoo’s bug bounty program.

A remote code execution vulnerability has also been found in the MediaWiki platform. Several wiki sites had been impacted, including Wikipedia. Fortunately, the WikiMedia Foundation has rolled out a fix.

Security Explorations has been reviewing Oracle’s Java Cloud Service. They’ve found not one, not two, but 28 security issues. Oracle has confirmed receiving the company’s report.


Anti-NSA hackers have defaced the Angry Birds website after news broke that the NSA is using such mobile games to spy on people. Rovio has confirmed that the site had been defaced. However, the company clarified that this has been another case of DNS hijacking, not a breach of their own systems.

Other noteworthy hack attacks targeted rare Twitter usernames. We learned that the owner of the @JB handle was targeted some time ago by a hacker who first hijacked his Amazon account. Fortunately, he took action before too much damage was caused.

Naoki Hiroshima, the owner of @N, hasn’t been so lucky. He has been forced to hand over the username to an attacker who had hijacked his GoDaddy account after allegedly social engineering PayPal employees.

The story got a lot of attention. Both GoDaddy and PayPal issued statements on the incident, but Twitter still hasn’t given Hiroshima his account back.

At least 15 computers belonging to high-profile organizations from Israel, including a government agency, have been targeted presumably by Palestinian hacktivists. The attackers have used Xtreme RAT to hijack the devices.

Here are some other important stories, in case you’ve missed them:

US authorities can’t decide if the outage suffered by websites of the federal court systems is the work of hackers

Target’s systems had been breached after hackers stole a vendor’s credentials

GitHub launches security bug bounty program

Yahoo Mail accounts hacked with passwords stolen from third party database

Carlo Ancelotti’s Twitter account hacked

Hackers leak user information allegedly stolen from Bell Canada’s systems


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s