Industry Intel

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Swedish Trains Schedule Gets Derailed by Cyber Attack

In the last week, several computer systems belonging to the Sweden Transportation Administration were subjected to multiple DDoS attacks that forced the agency to halt some trains and delay others. While they were able to bring the services back online within a few hours, the delays affected transportation schedules for the remainder of the days. Unfortunately, the effects of the attacks were still noticeable within the transportation systems for several days, as the schedules all needed readjustment to accommodate their customers.

Adobe Flash Affected by Zero-Day Exploit

Researchers this week discovered a zero-day exploit within Adobe Flash Player that was used to install FinSpy, a malicious software used to steal user information. The software was hidden in an infected Word document, which the user received via email. FinSpy surveillance software is sold worldwide, but is often used maliciously to gain financial or political power through information gathering and extortion. Fortunately for Adobe Flash users, the latest update patches the exploit and is readily available from Adobe’s site.

Adult Themes Infest Roblox Computer Game

The open-source nature of games like Roblox can enable users to make custom additions to the game and make their experience their own. However, some users choose to take advantage of the system and abuse it. Unfortunately, many of the game’s younger user-base has recently been subjected to Nazi propaganda and other adult content. The vendors of such mods are usually banned from the servers, only to return a short while later.

IoT Takes Major Hit with Krack Attacks

Recently, a vulnerability was found within the WiFi encryption currently in use by hundreds of millions of IoT devices around the world. Fortunately, the vulnerability has been patched by dozens of vendors for quite some time now. However, there are still some devices that won’t likely receive an update in the near future: security cameras, routers, and other household wirelessly connected “things”.

Oracle Updates Large Number of Critical Patches

In their latest update, Oracle pushed out more than 250 different patches for bugs across hundreds of products. Some of the most critical patches involve SQL injection vulnerabilities in their E-Business Suite, which could be used maliciously to steal or alter sensitive financial data. Another area that received multiple patches was the Java Platform, which had 20 unique exploits that were available remotely without any user authentication.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Rigzone Founder Caught Stealing Data

Over the last few months, officials have been piecing together the case against Rigzone founder, David Kent. After selling the Rigzone domain several years ago, Kent used several backdoors he’d implemented to access account information for over 700,000 customers, which he then attempted to sell back to Rigzone. By setting up several dummy accounts, Rigzone staff determined the specific IP address Kent used and apprehend him.

Criminals Hack Eastern Europe Bank for Millions

In the last year, banks in several Eastern European countries have seen a drastic rise in fraudulent charges at ATMs that have allowed hackers to make off with nearly $40 million dollars. Attackers start by manipulating the banks overdraft protection and setting up proxies to allow accomplices in other countries withdraw massive quantities of money from separate accounts. In addition to spoofing the overdraft system, the attackers also installed remote access software on bank computers to enable further intrusion to the institution’s systems.

Multiple Accenture Servers Left Exposed Online

A security researcher recently discovered four servers belonging to Accenture that were left publicly accessible on the internet for an undisclosed length of time. These servers contained data on thousands of Accenture’s clients, though the company’s statement on the issue assured customers that all data was from a retired system that contained no current data. Fortunately, server logs show that the researcher was the only unauthorized user to access them, which should help Accenture’s IT staff sleep a little better.

Latest Apple OS Gives Actual Password instead of Password Hint

A bug within Apple’s latest macOS, High Sierra, could allow a local attacker to request a password hint but receive the actual password. This bug occurred due to an issue with Apple’s file management system, which would have asked users to input a password hint in case they forgot their credentials. Unfortunately, the bug caused the hint request to display the legitimate password instead. Luckily for High Sierra users, Apple was quick to release a patch that fixed the issue.

Healthcare Service Records Found Online

Kromtech researchers discovered an unsecured Amazon S3 bucket belonging to a US healthcare services company that contained information on at least 150,000 patients. Although the company secured the server as soon as they were notified of this security oversight, it’s unclear how long the bucket was freely accessible.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Yahoo Breach Expands to All 3 Billion Users

In a recent statement, Yahoo announced that its 2013 breach, which took nearly 4 years to investigate, has impacted all 3 billion of their site’s unique users. Along with this recent update, the company is still reeling from a separate 2014 breach, which holds the dubious title of 2^nd largest data breach to date. This update to the total affected users isn’t surprising, given that the original breach left questions as to why some accounts were compromised, while others remained untouched and showed no signs of malicious activity.

Facebook Under Fire After Russia-Based Ads Overwhelm Users

Recently, Facebook founder Mark Zuckerberg issued an apology for the site’s lack of action in stopping Russian advertisements and fake news articles, which have been circulating heavily since the 2016 election season. His statement goes on to promise that additional safeguards will be implemented to ensure Facebook can continue to be a safe platform for users to voice their opinions.

Hackers Prove You Can Game the Gamers

In the past week, R6DB, an online stat tracking service for the popular game Rainbow Six Siege was shut down after several servers were wiped completely due to a cyber-attack. The attackers accessed the database remotely, as it was left unsecured during a recent data migration that hadn’t yet concluded. Unfortunately for many players, their information is completely gone, while company officials are still working to restore what information they can.

Apple’s About-Face

Face ID, the iPhone X’s highly-touted biometric device locking system, has been found to be less than secure in several scenarios. Some of the vulnerabilities relate to young users whose facial features may change as they age, and siblings with similar facial features being able to spoof the security measure. Fortunately, Face ID isn’t the only security precaution on the new device, as it will still require a passcode to be set.

NFL Player Data Found on Unsecure Server

Recently, researchers discovered that an unsecured database belonging to the NFL Players Association contained records on over 1,100 individual players and agents. The compromised data included everything from players’ personal info to team contracts and payee information. Even more worrisome, a ransom note with a bitcoin address was found among the data, though it appears the data itself wasn’t leaked to Dark Web sellers. Fortunately, the database was secured shortly after researchers notified the NFLPA, though no response was received from the association regarding the incident.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Showtime Site Found Using Cryptocurrency Miner

Following the discovery last week that ThePirateBay has been using a Monero miner to experiment with revenue alternatives for the site, researchers have found that both Showtime.com and ShowtimeAnytime.com have embedded code for similar cryptocurrency mining. The code itself runs only while the user is on the site, and ceases once they navigate away. The main concern, however, was the high CPU usage users experienced. The script in question was removed after several days of testing, but Showtime has yet to comment on their implementation of the crypto-miner or its intended outcome.

Massive Stash of Credit Card Info Linked to Sonic Breach

In the past few days, researchers have found a trove of credit card data that could be tied to a recent breach at Sonic, the popular drive-in restaurant. The data is organized by the location of each card, and currently contains nearly 5 million unique card numbers and related info. While Sonic has not yet determined the cause of the breach, they have been working with their credit processing company to identify the compromised store locations and implement credit monitoring for affected customers.

Big Four Accounting Firm Breached

Deloitte, one of the world’s largest accounting firms, suffered a cyberattack that exposed sensitive emails to criminals. Researchers believe hackers gained access to the email system via an administrative account without 2-factor authentication. The attack appears to have only affected a limited number of the firm’s clients, though actual figures are still unknown. Unfortunately, Deloitte’s security is severely lacking overall. With any luck, this breach will be the impetus they need to step up their protection practices.

Irish National Teachers’ Organisation Hacked

A recent Irish National Teachers’ Organisation breach may affect up to 30,000 current and retired teachers across the Republic of Ireland and Northern Ireland. While the breach doesn’t appear to have been data-oriented, the compromised systems contained massive quantities of teacher information. Fortunately, both payroll data and user passwords were not exposed, as they are stored in an alternate location. With enforcement of the EU’s General Data Protection Regulation (GDPR) on the horizon, breaches like these will likely become very costly for victim companies.

Vehicle Tracking Data Available Online

In the last two weeks, researchers found an unsettling number of account records belonging vehicle tracking service SVR Tracking had been left completely unsecured online. The data includes account credentials and vehicle identification information for roughly 500,000 unique accounts. While it’s unclear how long the data was publicly available, SVR secured the server within several hours of being notified of the discovery.

As a CISO, I think the cybersecurity community is beginning to realize that the threats we face as security professionals are consistently evolving, and, more importantly, that we must evolve just as quickly to combat them. Recent data collected by the Webroot® Threat Intelligence Platform on the acceleration of phishing attacks and the maturation of new, related criminal methodologies demonstrates that, to respond effectively, we must develop and leverage solutions that don’t just keep up with today’s threats, but predict their next moves.

Most CISOs, myself included, want solutions that can respond in real time and assist us in making critical decisions to not only protect our businesses, but reduce risk overall. A lot of the new solutions that might interest us can be integrated into a platform and allow us to consume different types of threat intelligence and data feeds so we can automate responses to attacks in real time.

3 Steps to Mitigate Phishing Risks

Phishing is the number one cause of breaches. Webroot BrightCloud® Web Reputation is one of the solutions I look to as a critical asset for any security team because it provides the knowledge, within milliseconds of selecting a URL, whether a site is malicious. This efficiency and accuracy allows security teams to be proactive in protecting their organizations—to prevent compromises, not react to them after the fact. In addition to leveraging this type of real-time intelligence technology, I recommend several steps to reduce the phishing risk to any organization and its employees.

Social Media Security Awareness

Social media is increasingly used by cybercriminals to research their targets. As such, CISOs should add social media security awareness training to their corporate security awareness curriculum. Personnel should be trained on the risks and given insight into how the data they publish in their profiles could be used to target them, their families, and the organizations they represent. In my experience, the majority of people on social media don’t take even the most basic security precautions, such as only connecting with people whom they know, or not allowing their profiles to be searched or viewed publicly.

Executive Exposure Prevention

Additionally, I recommend directing threat intelligence toward executive staff and assistants. An organization can provide a list of executive staff, board members, executive assistants, and other company VIPs to a threat intelligence service. The service can then scan the dark web and watch for anything related to the client organization and the list of provided personnel. This gives the organization’s security team advanced notice of possible phishing attacks against specific employees, and allows them to warn employees to mitigate risk, change passwords, and even shut down compromised accounts.

Real-Time Anti-Phishing

Given that the number of new unique phishing sites averages over one million per month, and that the lifespans of many such sites can be measured in mere hours, it’s clear we need new techniques to stop modern attacks. With this in mind, I recommend CISOs employ real-time threat intelligence feeds with data specific to their industry, and that the data be contextual, meaning it should apply to the technology, applications, and security controls the CISO has deployed.

I also recommend engaging real-time URL filtering, since phishing emails typically drop a ransomware payload, which can significantly impact an organization’s business operations. Since phishing websites are active for an average of 4-8 hours, and given the new methods cybercriminals use to hide malicious sites in plain view, I believe it’s critical to be proactive and use real-time URL filtering. The methods of bygone years, in which we deployed domain block lists and IP address block lists, have been outpaced by the innovative phishing techniques cybercriminals use today. As threats have adapted, we too need to adapt.

The Bottom Line

The latest quarterly threat report focuses on phishing specifically, and is an informative read for all of my fellow CISOs, and a primer to help support and maintain the security of your own organizations. As CISOs, it’s time to level the online playing field to proactively detect and respond to threats in real time. The first step is by arming ourselves with the right threat intelligence to make more timely and better-informed cybersecurity decisions.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

German Voting Software Raises Concerns

With German elections only a couple weeks away, researchers have been working to determine how secure the voting systems really are. Per a recent study, the software being used contains multiple vulnerabilities that could lead to devastating results if the election is compromised. Meanwhile, the software creator maintains there is nothing wrong with the system and any tampering would only lead to confusion, rather than truly affecting the vote’s outcome.

Upgraded Android OS Slows Tide of Overlay Attacks

While overlay attacks are nothing new to Android™ users, the Toast window is a surprisingly fresh take on this technique. Google has already patched the issue being exploited, but many users unintentionally fell victim and gave permissions to a malicious app using the Toast window overlay on a legitimate page to spoof the users input. This type of attack can range from simply installing an annoying piece of malware on the device, all the way up to locking the device down and demanding a ransom.

Apple Implements Even More Security for iOS 11

In recent years, the security surrounding smartphones and other portable devices has been under scrutiny by both users and law enforcement. In its latest iOS® version, Apple is introducing new features that will make unauthorized access to their devices even more challenging. The first is only a minor change, which request the device’s password/code when connecting it to a new computer (like those used by law enforcement for forensic analysis.) This change puts the power back in the device owner’s hands, as they aren’t required to divulge that type of information, nor would a potential thief be likely to know or guess the locking combination. The second feature allows the device to be put into SOS mode, which also requires a passcode to unlock, rather than using the TouchID, which can be falsified.

Equifax Hack Could Be Largest Ever

As you’ve probably heard, Equifax was recently compromised, leaving over 143 million Americans’ social security numbers and other highly sensitive information vulnerable and likely for sale. The original point of access would seem to be their main Argentinian employee portal page, which, through simple HTML viewing, can show both the username and password for nearly 14,000 customers who had filed a complaint, along with their social security number equivalent, all stored in plain text.

WordPress Plugin Removed Again for Malicious Activity

After 4 unprecedented takedowns, WordPress has finally removed the Display Widgets plugin from its repository after being implicated in malicious activity yet again. The plugin was sold several years ago and has since been installed on over 200,000 PCs, though it is hard to tell how many users have upgraded to more secure plugin versions. Even more worrisome is that backdoors became part of the plugin’s payload, and could be actively running on any of the 200,000 known devices.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Consumer Credit Reporting Agency Equifax Suffers Cyberattack Affecting 143 Million Customers

Equifax announced hackers gained access to sensitive company data that potentially compromised information for 143 million American consumers, including Social Security numbers, driver’s license information, and credit card details. This is the third major cybersecurity incident for the agency since 2015. Most concerning, Equifax knew of the breach on June 29 but waited until September 7 to disclose the information.

Instagram Hack Exposes Millions of Accounts

A group of hackers recently gained access to a large number of Instagram accounts for high-profile celebrities and other victims. The attackers were able to use an exploit in the Insta app to retrieve the email addresses and phone numbers for millions of account holders. They then used this information to take control of more valuable accounts and posted the credentials for sale on the dark web. While Instagram was quick to fix the bug, it is still unclear just how many accounts were compromised.

Customer Databases Belonging to Time Warner Cable Publicly Exposed

In the last week, officials have been working to trace the cause of a data breach that could affect nearly 4 million Time Warner Cable customers. The breach appears to have stemmed from two databases, managed by Broadsoft Inc. (a partner of TWC), that were left fully accessible to the public. The data in question spans millions of transactions and communications with customers who have used the MyTWC mobile app in the last 7 years.

PrincessLocker Ransomware Uses Exploit Kit to Spread

While PrincessLocker may not be the newest or most dangerous ransomware variant currently making the rounds, it propagates through an unusual method: exploit kits. Along with a less expensive ransom demand, PrincessLocker has been spotted as the payload for a fully automated exploit kit known as RIG, which uses drive-by attacks to exploit system vulnerabilities.

Energy Grid Hackers Play Waiting Game

As cyberattacks focus more and more on infrastructure, rather than financial gain, they leave the future of many cities and countries uncertain. Many modern hackers have managed to work their way into countries’ infrastructures by easily bypassing the poor security used by numerous largescale energy facilities around the world. They’ve left backdoors into systems that could cause major disruption to the surrounding geographical areas, and, unfortunately, many of these very systems have never been updated appropriately. Meanwhile, attackers have nothing but time on their side to determine how and when it would benefit them to exploit these vulnerabilities.

Poker Site DDoSed, Then Ransomed

Late last week, America’s Cardroom and Winning Poker Network fell victim to the latest in a long string of DDoS attacks that have plagued such sites for years. This latest attack, however, brought with it a ransom demand to stop the attacks. The sites claim to have mitigated the DDoS attacks, though that comes after nearly 2 days of cancelling poker tournaments due to the insufficient bandwidth for their players.

Over the past eight years, I’ve been honored to work alongside a world-class group of professionals—including the Webroot team, and our growing network of partners and customers. Our security community has grown into something special, and powerful. With tremendous gratitude for that experience, I am sharing my plan to retire as CEO of Webroot. Mike Potts will be joining Webroot as CEO and a member of the Board of Directors on September 25, 2017, and I will continue to serve on Webroot’s Board of Directors.  

As I look back and think about the highlights of the past 8 years, a few stand out for me: 

• Introducing the first “next gen” endpoint solution, built in the cloud and leveraging contextual threat analysis for greater efficacy against zero day threats than was possible before. 
• Establishing Webroot as a highly innovation company and expanding our portfolio from endpoint protection to network protection, threat intelligence and security awareness training. 
• Winning the prestigious Thomas J. Edison Award for Innovation, the first ever awarded to a security company. 
• Building out a team of almost 600 talented Webrooters across the world, including outstanding teams from our acquisitions of BrightCloud, PrevX, CyberFlow Analytics and Securecast. 
• Achieving #1 status in the major markets where we compete, like consumer retail in North America, and managed service providers and embedded threat intelligence worldwide.
• Growing our customer base to millions of consumers, over 9,000 managed service providers and 210,000 businesses.
• And, achieving with the close of this last fiscal year 14 consecutive quarters of double-digit growth. 

What stands out most for me, though, is the extraordinary people.  My years at Webroot were the most satisfying of my 52 years in business, and I’ve never worked with a finer group of people—employees, customers and partners alike.  We created a uniquely collaborative relationship with our customers and partners, which led to not only the highest satisfaction rates in the industry, but also a great source of inspiration for how our products could evolve to solve new problems. The success of  Webroot is our shared accomplishment. 

It’s time for me to pass the baton, and I am confident Mike Pott’s is the right person to lead Webroot going forward. Mike’s passion, vision, and industry knowledge paired with the talented team in place means you have just seen the beginning of innovation from Webroot. I can’t wait to see what this team accomplishes in the coming years and hear about all of the successful implementations from our customers and partners.  

Thank you, 

Dick Williams

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

IRS-Themed Ransomware Using Old-School Tactics

Over the past week, researchers have discovered a new ransomware variant that attempts to impersonate both the IRS and the FBI, similar to the FBI lockscreen malware that was popular several years ago. By tricking the victim into opening a link to a fake FBI questionnaire, the ransomware is downloaded onto the machine and begins encrypting. Fortunately, both the FBI and the IRS are taking great measures to alert possible victims and to catalog any scam emails that are being sent out.

History Repeats Itself at UK NHS District

Back in May, the UK’s National Health Services fell victim to a large WannaCry ransomware attack. While most of the districts have since regained full functionality, the district of Lanarkshire has once again been targeted. A cyberattack on its staffing and telephone systems left the district with only emergency services for several days. This event just reinforces the importance of updating security on critical systems before an attack, and even more so after one as devastating as WannaCry.

Worldwide Spread of Android DDoS Malware

A recent study found that hundreds of thousands of Android mobile devices had been compromised by a malware variant designed to turn them into a large-scale DDoS botnet. With hundreds of apps carrying the malicious code, it’s unsurprising that devices in more than 100 different countries have been linked to this WireX botnet, which was recently dismantled by security researchers from several different companies.

Hurricane Harvey Brings Out Scammers

As donations have poured in to support the victims of Hurricane Harvey, so too have stories of scammers looking to profit from their tragedy. Many fraudulent non-profit websites have already been registered and are seeing an exponential increase in traffic, along with large donations that will never reach the intended recipients. Phone scams have also been on the rise, with people impersonating relief organizations and other assistance groups to get information and money from victims of the storm.

Payment Records Compromised at UK Tech Retailer

In more tough news for UK citizens, officials at CeX have confirmed unauthorized access to payment records of nearly two million user accounts on their online site, webuy.com. Fortunately for many of the site’s users, CeX stopped storing customer payment information back in 2009, so most of the cards on file are likely expired. Customers have been advised to watch their accounts for any suspicious activity in the coming months, and to change their passwords as a precaution.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

UK NHS Database Exposes Over 1 Million Patient Records

During the past week, a breach was discovered in patient booking system SwiftQueue, which is widely used by several National Health Service (NHS) facilities. The database may have contained patient information for up to 1.2 million UK citizens, though the actual data has yet to be fully examined. Even worse, attackers now claim they have found additional SwiftQueue vulnerabilities and are in possession of all 11 million records stored by the company.

Booking Provider’s Data Found in Public Data Dump

Researchers recently discovered a large customer data dump in a publicly-facing Amazon S3 bucket. The data in question belongs to Groupize, a groups and meetings solution, and contains everything from customer interactions to full credit card information used to book hotels and other meeting spaces. Fortunately for anyone who has used the service, the data was properly secured within a week of the discovery.

Phishing Site Hosted on .fish Domain

A new phishing site using a .fish domain was found in the past few weeks. .Fish is one of many generic top level domains (TLDs) created several years ago. While the site itself appears to have been compromised, rather than created maliciously, it was issuing redirects to an actual phishing page disguised as a French banking cooperative in Vietnam. This is the second .fish-hosted phishing site in the past 2 weeks; the first was a Netflix phishing attack that emerged just one week prior.

U.S. Navy Considers Possible Cyberattack to Blame for Recent Collision

Over the last few days, U.S. Navy officials have been trying to determine the exact cause of a large ship collision in the busy shipping lanes near Southeast Asia. Although there is currently no conclusive evidence of hacking in the ship’s systems, a steering failure occurring without initiating the backup procedures created for this very scenario raises some eyebrows. This is not the first occasion that a ship was purposely sent off-course by external interference, and officials are right to be concerned, as these are major vehicles of war.

Nearly All Hacked Companies Running Unpatched Systems

A new report by the Fortinet cybersecurity firm shows that 90% of all companies hacked in the last year were running unpatched software and network policies. Even worse for many of these companies: suitable patches had been available for months, which could have prevented the attacks, had they been implemented in a timely fashion. With a continually increasing number of attacks on unpatched system protocols, it’s crucial that companies ensure they’re taking sufficient steps to update infrastructure as part of their regular security measures.

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.

Scottish Parliament Successfully Stops Cyberattack

Officials in the Scottish Parliament have issued a statement regarding a brute force attack on their IT infrastructure. Fortunately for the many members of parliament, their already impressive cybersecurity protocols had recently been further improved in the wake of similar attacks over the last few months. On top of the added security measures, a forced password reset was issued to all staff members, simply to improve any weak credentials.

Phony Banking Domains Distribute Malware

While security precautions continue to expand, the malicious campaigns that try to evade them are growing even faster. By creating multiple fake banking domains, scammers are now attempting to spread Trickbot, a banking Trojan, to thousands of unsuspecting customers. Online banking customers should remain cautious of sites that require banking credentials, especially if visiting them from a link from their email.

Web Service Providers Move Away From the Daily Stormer

In the aftermath of the recent demonstrations and violence in Charlottesville, Virginia, the public has fervently demanded that The Daily Stormer, as a high-traffic site for hate speech, be taken down. After GoDaddy took down the domain, the site attempted to use Google’s hosting services, which were quickly terminated. After being shunned by numerous hosting sites, The Daily Stormer has relocated to the Dark Web.

Additional Chrome Extensions Exploited

Over the past week or so, researchers have found a growing list of compromised Google Chrome extensions. The extensions in question have been used to redirect normal internet traffic to malicious sites, and even alter ads that users see on a site. By using Javascript alerts to gain user permissions, these extensions have successfully diverted nearly 1 million users to their redirected landing pages.

Hacker Unlocks Vehicle for Desperate Family

After waiting several months for a replacement key to be shipped from Japan, the owner of a now keyless Toyota minivan called on a hacker for help. The hacker was able to reprogram the car to allow the owner to use a new key. While this case is a white hat story with a happy ending, it calls attention to the security protocols that could be circumvented by a less altruistic character.