Feds unmask mystery hacker who “hamburgled” Burger King Twitter account

Serial hacker is tied to breaches involving Twitter, police, and Paris Hilton.

Federal prosecutors have charged a previously convicted hacker with illegally accessing millions of records sent by Twitter users requesting technical support. The allegations shed new light into the hijacking of Burger King's Twitter account 17 months ago, a case many assumed had gone cold.

Cameron Lacroix, a 25-year-old resident of New Bedford, Massachusetts, agreed last month to plead guilty to a hacking spree that targeted computer networks around the country, some belonging to law enforcement organizations that stored sensitive data. He was also reportedly one of several hackers to steal racy pictures stored on Paris Hilton's poorly secured cell phone in 2005.

On Wednesday, federal prosecutors in San Francisco alleged that from February 16 to 19 in 2013, Lacroix hacked into Zendesk, a provider of customer support services, and used his illegal access to download millions of records belonging to Twitter, one of the many companies that used Zendesk. The support tickets included users' e-mail addresses and contact information. He then used the information to breach at least two high-profile Twitter accounts, according to charging papers filed in US District Court in San Francisco. Prosecutors wrote:

Read 3 remaining paragraphs | Comments

Monday review – the hot 17 stories of the week

OK, these aren’t just the hot 17 stories of the past week, but of the two weeks before that, too.

If, like us, you’ve been enjoying some downtime over the Christmas and New Year holidays, here’s your quickest way to get back up to speed with Naked Sec…

OK, these aren’t just the hot 17 stories of the past week, but of the two weeks before that, too.

If, like us, you’ve been enjoying some downtime over the Christmas and New Year holidays, here’s your quickest way to get back up to speed with Naked Security…

Would you like spam with that? McDonald’s pinged for spamming by Australian regulator

The world-famous restaurant chain McDonald’s was deemed to have been spamming when it implemented a ‘send to friends’ feature on one of its websites.

Does your organisation have any email auto-generation tools? If so, make sure you comply with the law…

The world-famous restaurant chain McDonald’s was deemed to have been spamming when it implemented a ‘send to friends’ feature on one of its websites.

Does your organisation have any email auto-generation tools? If so, make sure you comply with the law…

How a free breakfast day at McDonalds can lead to malware danger

Beware emails claiming to offer you a free breakfast at McDonalds – it could be malware! Read more…

McDonaldsI don’t know if you’re the sort of person who wakes up in the morning, and the first thing you long for is a McDonalds’ breakfast – but if you are, you might just be exactly what malware authors are looking for.

Researchers at SophosLabs have seen a malicious email that has been spammed out across the world in the last couple of days pretending to come from McDonalds.

The email claims that the fast-food giant is offering free breakfasts in each and every of their many thousands of restaurants around the globe. Chances are that there are many people who would love the prospect of munching on a McDonalds first thing in the morning.

McDonalds malware email

Part of the email reads as follows:

McDonalds invites you to The Free Breakfast Day which will take place on 26 June, 2011, in every cafe of ours.

Free Day’s menu!
- Ranch Snack Wrap (Crispy)
- Chicken Selects Premium Breast Strips
- Premium Caesar Salad with Grilled Chicken
- Strawberry Triple Thick Shake
- McCafe Hot Chocolate

Print the invitation card attached to the letter and show it at the cash desk of any of our restaurants.

But beware! There is no such thing as a free lunch.. breakfast.

The attached file is, of course, malicious. Sophos detects the ZIP file as Troj/BredoZp-DV and the Invitation_Card.exe file contained within as the Troj/Bredo-HU Trojan horse.

In an attempt to fool computer users into believing the file is safe, the EXE file has a Word icon.

Don’t forget – you should always be suspicious of unsolicited attachments sent to you via email!