Saturday, January 31, 2009

Disgruntled contractor indicted for Fannie Mae software bomb

An Indian contract computer engineer who worked for Fannie Mae has been indicted by a federal grand jury for installing a software bomb designed to destroy all the data in Fannie Mae's computer system. The contractor, Rajendrasinh Babubhai Makwana, had been fired by Fannie Mae.

According to the indictment, on the day the contractor was fired, the malicious code was placed at the end of a routine computer program scheduled to run each morning. Set to execute on Jan. 31, 2009, the code was programmed to attack all 4,000 of the company's servers and would have wiped out all the data on them. It was discovered by chance five days later.

See, "U.S. Probes Plot to Destroy Fannie Mae Data," Wall St. Journal, January 31, 2009, at

Hackers knock Kyrgyzstan offline

Russian hackers knocked Kyrgyzstan offline with a massive, sustained denial of service attack focused on the country's two main Internet service providers.

See, "Kyrgyzstan Knocked Offline," Wall St. Journal, January 28, 2009, at; "Kyrgyzstan goes offline following Russian hacker attack," The Industry Standard, January 29, 2009, at

Wednesday, January 28, 2009

Largest UK data theft at

Hackers stole personal data belonging to the 4.5 million job seekers registered with, an online recruitment website. The stolen data includes passwords, telephone numbers, e-mail addresses, birth dates, sex and ethnicity data, and other demographic information. The incident is reportedly the largest data theft in Britain. It is also the second time in six months that Monster's customer database has been hacked.

See, "Hackers steal details of 4.5 million in attack on Monster jobs site," TimesOnline, January 27, 2009, at; "Hackers hit's customer data again," USA Today, January 27, 2009, at

"Kyrgyzstan Knocked Offline

Tuesday, January 20, 2009

600 million credit card data security breach

Heartland Payment Systems, a payment transaction processor for more than 250,000 U.S. businesses, announced what may be the largest data security breach to date. Criminals reportedly installed sniffer software on the computer network and gained access to customer records associated with the 100 million card transactions that the company handles each month. The malicious software captured the credit card data at the point that it was unencrypted to enable Heartland to seek authorization from the major payment companies and banks. The compromised data includes credit card magnetic strip data, which can be used to duplicate (clone) credit cards.

Personal data of up to 600 million cardholders were potentially exposed, but Heartland, which is working with the secret service, cannot yet say how many records were accessed. Credit card companies contacted Heartland about a pattern of fraudulent transactions on accounts the processor handled sometime last fall, but an initial internal investigation and audit failed to detect a security breach. A forensic investigator discovered the breach last week.

According to Forrester Research, data breaches of this type can cost $300 to $600 per account in fraudulent purchases, fees, and legal costs.

See, "Card Data Breached, Firm Says," Wall St. Journal, January 20, 2009, at; "Credit Card Processor Says Some Data Was Stolen," New York Times, January 20, 2009, at

Friday, January 2, 2009

Leap year freezes digital music player

Microsoft's Zune digital music player froze on December 31, 2008. The problem was identified in the device's internal clock driver and how it handles a leap year, such as 2008. The problem affected only the 30-gigabyte model, of which 1.2 million have been sold.

See, "Leap Year Trips Zune In Black Eye For Microsoft," Wall St. Journal, January 1, 2009, at