Celebrity credit reports posted by ID thieves taken from free website

Details from some of the famous identity-theft victims whose personal information was mysteriously published online were fraudulently obtained from a government-mandated website designed to make it easy for consumers to access their credit reports, credit agency officials said.

At least four of the high-profile celebrities and political figures—who include Vice President Joe Biden, FBI Director Robert Mueller, Attorney General Eric Holder, and rap star Jay Z—were "accessed inappropriately" from annualcreditreport.com, a spokesman for credit agency Equifax told Ars. The site allows consumers to obtain a free copy of their credit reports by entering their birth dates, Social Security numbers, and home addresses and then answering several multiple-choice questions involving previous addresses, mortgages or loans taken out, and similar types of information. Once someone provides the correct answers, he gets access to a report providing a wealth of additional personal information, including loan and mortgage details, phone numbers, and previous addresses.

"What it appears happened is that personal identifiable information was evidently accessed or somehow obtained by the fraudsters who therefore were able to go into annualcreditreport.com and get some pieces of information on some individuals," Equifax spokesman Tim Klein said in an interview. "It's four individuals that we can confirm that were accessed inappropriately by fraudsters by going through annualcreditreport.com and procuring some information off their Equifax credit report."

Read 7 remaining paragraphs | Comments

New Microsoft patch purges USB bug that allowed complete system hijack

Microsoft has plugged a hole in its Windows operating system that allowed attackers to use USB-connected drives to take full control of a targeted computer.

Microsoft said it classified the vulnerability as "important," a less severe rating than "critical," because exploits require physical access to the computer being attacked. While that requirement makes it hard for hacks to spread online, readers should bear in mind that the vulnerability in theory allows attackers to carpet bomb conferences or other gatherings with booby-trapped drives that when plugged in to a vulnerable computer infect it with malware. Such vulnerabilities also allow attackers to penetrate sensitive networks that aren't connected to the Internet, in much the way the Stuxnet worm that targeted Iran's nuclear program did.

"When you look at it in the sense of a targeted attack, it does make the vulnerability critical," Marc Maiffret, CTO of BeyondTrust, told Ars. "Because of things like Stuxnet raising awareness around the physical aspect of planting USB drives or having people to take these things into facilities, it does make it critical."

Read 4 remaining paragraphs | Comments

White House asks China to stop hacking, pretty please

The Chinese government says these aren't the hackers you're looking for.

After a rash of attacks against US businesses and government agencies throughout the past few months, the White House is now putting the issue of Chinese state-backed hacking on the front burner. Many of these attacks have been tied by network security firms directly or indirectly to a unit of the Chinese People's Liberation Army (PLA), though Chinese officials still deny any link to the attacks (they claim that China's networks are victims being targeted as well). However, country officials signaled a willingness to talk with the US about cooperation on Internet security—even if it's not clear whether or not the Chinese civilian government is completely in control of the PLA's operations.

White House National Security Advisor Tom Donilon said yesterday that the ongoing alleged Chinese attacks and theft of data from US government and business networks has elevated "cyber" to the top of President Obama's priority list in policy toward China. "From the President on down, this has become a key point of concern and discussion with China at all levels of our government," Donilon told an audience at the Asia Society in New York. "And it will continue to be."

The Obama administration is seeking three things from China's leadership with regard to cyber-espionage, Donilon said. "First, we need a recognition of the urgency and scope of this problem and the risk it poses—to international trade, to the reputation of Chinese industry, and to our overall relations. Second, Beijing should take serious steps to investigate and put a stop to these activities. Finally, we need China to engage with us in a constructive direct dialogue to establish acceptable norms of behavior in cyberspace."

Read 4 remaining paragraphs | Comments

ID thieves “dox” Joe Biden, Jay-Z, Michelle Obama, and dozens more

The front page of exposed.su.

Identity thieves have posted social security numbers, credit information, and other sensitive data belonging to more than a dozen politicians and celebrities. It's a list that includes Vice President Joe Biden, FBI Director Robert Mueller, former Secretary of State Hillary Clinton, rapper Jay Z, and actor and director Mel Gibson.

The website, exposed.su, surfaced on Monday with birth dates, telephone numbers, home addresses, and in some cases credit reports for a handful of politicians and celebrities. Throughout the past 24 hours the site has published details on additional individuals. Social security numbers for Mueller, Jay-Z, and Gibson appeared to be valid, the Associated Press reported. Los Angeles Police Chief Charlie Beck, whose information was also posted on the site, hasn't challenged the accuracy, either. Still, other journalists wrote that phone numbers purportedly belonging to former California Governor Arnold Schwarzenegger and actor Ashton Kutcher reportedly went to a movie production company and a New York-based accounting firm respectively.

The site included the image of a gaunt young woman with black circles around her eyes and an index finger in front of her lips. It was headed by a quote from the Showtime TV series Dexter, in which the title character says, "If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve." The site included an embarrassing or humorous photo related to each individual whose information was disclosed. The act of publicly documenting the private details of people is known as "doxxing," and it came into vogue a few years ago with the growing visibility of the Anonymous hacking collective.

Read 2 remaining paragraphs | Comments