[ISN] Hacker's list of online accounts spooks users

From: InfoSec News <alerts_at_private>
Date: Thu, 9 Oct 2008 03:02:15 -0500 (CDT)

By Conrad Walters
October 9, 2008

WHEN Australian web users learned from the Herald that details of their 
online accounts [1] had been posted on a hacker's website for all to 
see, they were suspicious, then alarmed, then furious at the hacker who 
compromised their identities.

Email addresses, matched with user names and passwords for online 
memberships, were offered by the hacker for anyone wanting to try their 
hand at identity theft or even financial fraud.

The Herald stumbled across the site during its investigations into 
online fraud. "It's obviously startling," said Lachlan Yee, a research 
associate in biotechnology at the University of NSW and one of those 
whose details were exposed by the hacker.

Dr Yee instantly recognised a password linked with his university email 
address. Fortunately, the password was only used for "not-so-crucial" 
uses such as online sports forums, he said.

The distributor of the data, a hacker who uses the name Farbod, offered 
9600 identities for free. His motivation? To earn status and credibility 
on a website that rates hackers' skills.

Farbod, who purports to be from Texas, has already advanced in rank from 
lowly "pirate in training" to "Microsoft nightmare".

[1] http://www.smh.com.au/pdf/compromisedaccounts.pdf


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Thu Oct 09 2008 - 01:02:15 PDT

This archive was generated by hypermail 2.2.0 : Thu Oct 09 2008 - 01:18:39 PDT