Monday, January 18, 2010
ID Theft Settlement Gets Preliminary Approval
ID Theft Settlement Gets Preliminary Approval
Federal judge gives preliminary approval to settlement over Countrywide ID theft
By BRETT BARROUQUERE
The Associated Press
LOUISVILLE, Ky.
A federal judge has given preliminary approval to a settlement between Countrywide Financial Corp., and millions of customers whose detailed financial information was exposed in a security breach.
Under the terms of the settlement, Countrywide, now owned by Bank of America, would give up to 17 million people whose information was exposed during the security breach free credit monitoring. That group includes anyone who obtained a mortgage and anyone who used Countrywide to service a mortgage prior to July 1, 2008.
The settlement entitles a person up to $50,000 in reimbursements from Countrywide per instance of identity theft, provided they actually lost something of value, were not reimbursed and it is more likely than not the theft stemmed from Countrywide.
U.S. District Judge Thomas B. Russell of Paducah, who oversaw more than 35 lawsuits related to the security breach, granted class-action status to the suit and gave preliminary approval of the settlement Wednesday. A fairness hearing is scheduled for July in Louisville.
"The proposed settlement agreement provides for a reasonable solution that properly addresses the complications of identity theft," Russell wrote.
Shirley Norton, a spokeswoman for Bank of America, said the settlement is "in the bank's best interest" to avoid additional legal expenses.
"We look forward to moving ahead with the settlement," Norton said.
Plaintiffs' attorneys Ben Barnow and Daniel Haviland did not immediately return messages seeking comment.
Attorneys for the plaintiffs say Countrywide Financial had all his client's financial information including mortgage information, credit card and Social Security numbers and birth dates.
The lawsuits stem from the arrest of Rene Rebollo Jr., of Pasadena, Calif., a former senior analyst for Countrywide, and Wahid Siddiqi, of Thousand Oaks, Calif. Federal investigators said Rebollo used a flash drive to download data from about 20,000 customers a week for two years from 2006 through August 2008.
Rebollo then sold the information to Siddiqi for $500 and earned a combined $50,000, federal investigators said. Siddiqi pleaded guilty on Dec. 9 to 10 counts of fraud and admitted to selling the information to third parties, including an undercover FBI agent.
Rebollo has pleaded not guilty and is scheduled for trial in January.
Countrywide has said it has worked closely with the FBI and federal investigators and that the security breach does not appear to have resulted in anyone's identities being stolen.
Copyright 2010 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Copyright © 2010 ABC News Internet Ventures
Federal judge gives preliminary approval to settlement over Countrywide ID theft
By BRETT BARROUQUERE
The Associated Press
LOUISVILLE, Ky.
A federal judge has given preliminary approval to a settlement between Countrywide Financial Corp., and millions of customers whose detailed financial information was exposed in a security breach.
Under the terms of the settlement, Countrywide, now owned by Bank of America, would give up to 17 million people whose information was exposed during the security breach free credit monitoring. That group includes anyone who obtained a mortgage and anyone who used Countrywide to service a mortgage prior to July 1, 2008.
The settlement entitles a person up to $50,000 in reimbursements from Countrywide per instance of identity theft, provided they actually lost something of value, were not reimbursed and it is more likely than not the theft stemmed from Countrywide.
U.S. District Judge Thomas B. Russell of Paducah, who oversaw more than 35 lawsuits related to the security breach, granted class-action status to the suit and gave preliminary approval of the settlement Wednesday. A fairness hearing is scheduled for July in Louisville.
"The proposed settlement agreement provides for a reasonable solution that properly addresses the complications of identity theft," Russell wrote.
Shirley Norton, a spokeswoman for Bank of America, said the settlement is "in the bank's best interest" to avoid additional legal expenses.
"We look forward to moving ahead with the settlement," Norton said.
Plaintiffs' attorneys Ben Barnow and Daniel Haviland did not immediately return messages seeking comment.
Attorneys for the plaintiffs say Countrywide Financial had all his client's financial information including mortgage information, credit card and Social Security numbers and birth dates.
The lawsuits stem from the arrest of Rene Rebollo Jr., of Pasadena, Calif., a former senior analyst for Countrywide, and Wahid Siddiqi, of Thousand Oaks, Calif. Federal investigators said Rebollo used a flash drive to download data from about 20,000 customers a week for two years from 2006 through August 2008.
Rebollo then sold the information to Siddiqi for $500 and earned a combined $50,000, federal investigators said. Siddiqi pleaded guilty on Dec. 9 to 10 counts of fraud and admitted to selling the information to third parties, including an undercover FBI agent.
Rebollo has pleaded not guilty and is scheduled for trial in January.
Countrywide has said it has worked closely with the FBI and federal investigators and that the security breach does not appear to have resulted in anyone's identities being stolen.
Copyright 2010 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Copyright © 2010 ABC News Internet Ventures
Potent malware link infects almost 300,000 webpages
Original URL: http://www.theregister.co.uk/2009/12/10/mass_web_attack/
Potent malware link infects almost 300,000 webpages
Johnny Come Lately
By Dan Goodin in San Francisco
Posted in Malware, 10th December 2009 20:51 GMT
Free whitepaper – Blade learning lab and technical community
A security researcher has identified a new attack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits.
The SQL injection attacks started in late November and appear to be the work of a relatively new malware gang, said Mary Landesman, a researcher with ScanSafe, a web security firm recently acquired by Cisco Systems. Hacked sites contain an invisible iframe that silently redirects users to 318x .com (a space has been added to protect the clueless), which goes on to exploit known vulnerabilities in at least five applications.
At time of writing, this web search (http://search.yahoo.com/search?n=100&ei=UTF-8&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vd=all&vst=0&vf=all&vm=p&fl=0&p=%3Cscript+src%3Dhttp%3A%2F%2F318x.com%3E&vs=) showed more than 294,000 webpages that contained the malicious script. Infected sites included yementimes .com, parisattitude .com and knowledgespeak .com.
People who visit infected pages receive an invisible link that pulls code from a series of sites tied to 318x .com. The code looks for insecure versions of Adobe Flash, Internet Explorer, and several other Microsoft applications, and when they are detected it exploits them to surreptitiously install malware known as Backdoor.Win3.Buzus.croo. The rootkit-enabled program logs banking credentials and may do other nefarious bidding, Landesman said.
At the moment, about two percent of the requests ScanSafe sees are for sites infected by the malicious link, an indication the threat is significant, Landesman said.
SQL injection attacks prey on web applications that fail to adequately inspect user supplied input before passing it off to a webserver's backend database. They are a favorite way of adding malicious links and content to third-party websites and were also the the chink that allowed Albert Gonzalez and other hackers the toehold they needed to steal more than 130 million credit card numbers (http://www.theregister.co.uk/2009/08/17/heartland_payment_suspect/) from card processor Heartland Payment Systems and four other companies.
The fingerprints on this latest attack lead Landesman to believe the perpetrators are new to the SQL injection game. More sophisticated mass attacks using the method, such as the Gumblar infection (http://www.theregister.co.uk/2009/10/16/gumblar_mass_web_compromise/) inject unique, dynamically-generated links that prevent researchers from being able to locate them using web searches.
Gumblar also uploads exploits directly to infected sites, which greatly complicates white hat efforts to clean up the mess. Rather than shutting down a single site that's hosting the malware, thousands of mom and pop sites must be disinfected one at a time.
"I'm not convinced SQL injection is the method they're most accustomed to," Landesman said of the gang behind the most recent mass infection. "It's almost as if they're a seasoned attacker but this is their first foray into managing a wide-scale web attack." ®
Potent malware link infects almost 300,000 webpages
Johnny Come Lately
By Dan Goodin in San Francisco
Posted in Malware, 10th December 2009 20:51 GMT
Free whitepaper – Blade learning lab and technical community
A security researcher has identified a new attack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits.
The SQL injection attacks started in late November and appear to be the work of a relatively new malware gang, said Mary Landesman, a researcher with ScanSafe, a web security firm recently acquired by Cisco Systems. Hacked sites contain an invisible iframe that silently redirects users to 318x .com (a space has been added to protect the clueless), which goes on to exploit known vulnerabilities in at least five applications.
At time of writing, this web search (http://search.yahoo.com/search?n=100&ei=UTF-8&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vd=all&vst=0&vf=all&vm=p&fl=0&p=%3Cscript+src%3Dhttp%3A%2F%2F318x.com%3E&vs=) showed more than 294,000 webpages that contained the malicious script. Infected sites included yementimes .com, parisattitude .com and knowledgespeak .com.
People who visit infected pages receive an invisible link that pulls code from a series of sites tied to 318x .com. The code looks for insecure versions of Adobe Flash, Internet Explorer, and several other Microsoft applications, and when they are detected it exploits them to surreptitiously install malware known as Backdoor.Win3.Buzus.croo. The rootkit-enabled program logs banking credentials and may do other nefarious bidding, Landesman said.
At the moment, about two percent of the requests ScanSafe sees are for sites infected by the malicious link, an indication the threat is significant, Landesman said.
SQL injection attacks prey on web applications that fail to adequately inspect user supplied input before passing it off to a webserver's backend database. They are a favorite way of adding malicious links and content to third-party websites and were also the the chink that allowed Albert Gonzalez and other hackers the toehold they needed to steal more than 130 million credit card numbers (http://www.theregister.co.uk/2009/08/17/heartland_payment_suspect/) from card processor Heartland Payment Systems and four other companies.
The fingerprints on this latest attack lead Landesman to believe the perpetrators are new to the SQL injection game. More sophisticated mass attacks using the method, such as the Gumblar infection (http://www.theregister.co.uk/2009/10/16/gumblar_mass_web_compromise/) inject unique, dynamically-generated links that prevent researchers from being able to locate them using web searches.
Gumblar also uploads exploits directly to infected sites, which greatly complicates white hat efforts to clean up the mess. Rather than shutting down a single site that's hosting the malware, thousands of mom and pop sites must be disinfected one at a time.
"I'm not convinced SQL injection is the method they're most accustomed to," Landesman said of the gang behind the most recent mass infection. "It's almost as if they're a seasoned attacker but this is their first foray into managing a wide-scale web attack." ®
Heartland pays Amex $3.6M over 2008 data breach
Heartland pays Amex $3.6M over 2008 data breach
Robert McMillan
December 17, 2009 (IDG News Service) Heartland Payment Systems will pay American Express $3.6 million to settle charges relating to the 2008 hacking of its payment system network.
This is the first settlement Heartland has reached with a card brand since disclosing the incident in January of this year.
The U.S. Department of Justice has charged Albert Gonzalez and several other accomplices with the hack, saying that Heartland was one of several companies that the hackers managed to break into using SQL injection attacks.
Other alleged victims include 7-Eleven and Hannaford Brothers. In total, the gang managed to steal more than 130 million credit card numbers from Heartland and about 4.2 million from Hannaford, prosecutors allege.
Card-issuing banks such as American Express have had to pay the costs of re-issuing credit cards, following the breach, and many banks have sued Heartland to recover these costs. American Express operates its own credit card brand as well, and the settlement may also cover fines incurred there.
Heartland has also had to pay out fines assessed by other brands such as Visa and MasterCard. Typically, these card brands levy fines against those responsible for data breaches. In May, Heartland CEO Bob Carr said that his company had set aside $12.6 million to handle charges related to the hack. More than half of that money was to handle fines levied by MasterCard, he said.
This settlement resolves "all intrusion-related issues between the two parties," Heartland said in a statement Thursday. However, the company's disputes with other brands such as Visa and MasterCard apparently remain unresolved. A company spokeswoman declined to comment further on the matter for this story.
"We are pleased to have reached an equitable settlement with American Express," Heartland's Carr said in the statement.
Robert McMillan
December 17, 2009 (IDG News Service) Heartland Payment Systems will pay American Express $3.6 million to settle charges relating to the 2008 hacking of its payment system network.
This is the first settlement Heartland has reached with a card brand since disclosing the incident in January of this year.
The U.S. Department of Justice has charged Albert Gonzalez and several other accomplices with the hack, saying that Heartland was one of several companies that the hackers managed to break into using SQL injection attacks.
Other alleged victims include 7-Eleven and Hannaford Brothers. In total, the gang managed to steal more than 130 million credit card numbers from Heartland and about 4.2 million from Hannaford, prosecutors allege.
Card-issuing banks such as American Express have had to pay the costs of re-issuing credit cards, following the breach, and many banks have sued Heartland to recover these costs. American Express operates its own credit card brand as well, and the settlement may also cover fines incurred there.
Heartland has also had to pay out fines assessed by other brands such as Visa and MasterCard. Typically, these card brands levy fines against those responsible for data breaches. In May, Heartland CEO Bob Carr said that his company had set aside $12.6 million to handle charges related to the hack. More than half of that money was to handle fines levied by MasterCard, he said.
This settlement resolves "all intrusion-related issues between the two parties," Heartland said in a statement Thursday. However, the company's disputes with other brands such as Visa and MasterCard apparently remain unresolved. A company spokeswoman declined to comment further on the matter for this story.
"We are pleased to have reached an equitable settlement with American Express," Heartland's Carr said in the statement.
