Tech start-ups blackmailed

This after the managers of Meetup, a New York Internet company that connects groups offline, received an e-mail saying their site would go down unless they paid $300 worth of Bitcoins. Four minutes later, 40 times the company's typical data flow crashed their site, beginning a disruption that wouldn't be resolved for days. The New York Times reports that Meetup is one of several small web start-ups that have been hit recently by a wave of so-called denial-of-service, or DDoS attacks, in which attackers knock a victim offline using a flood of traffic and refuse to stop until their victims pay their ransom in Bitcoins. The amounts demanded are typically low - which seems like a lot of work for little payoff - but those who have been targeted say they think the nominal amounts are bait and could lead to future extortion and demands, according to the report. It says if their company is willing to pay $300, for example, they might also be willing to pay $3 000 or $30 000 down the road. The FBI is looking into the attacks and is operating under the assumption that the attacks were the work of the same culprit, or group of culprits, the report states. It says FBI spokesperson Jennifer Shearer declined to comment. Full report in The New York Times

US cosmetics and beauty retailer Sally Beauty also confirmed that hackers had broken into its networks and stolen credit card data from stores. A report on the technologyinsuranceblog.com site notes that the admission comes nearly two weeks after KrebsOnSecurity first reported that the company had likely been compromised by the same criminal hacking gang that stole 40m credit and debit cards from Target. Previously, Sally Beauty had confirmed a breach, but said it had no evidence that card data was stolen in the break-in. However, says the report, the company later acknowledged it discovered evidence that 'fewer than 25 000 records containing card present (track 2) payment card data have been illegally accessed on our systems and we believe have been removed'. Full report on the technologyinsuranceblog.com site

A report on the News24 site notes that cyber crooks are stepping up their efforts to obtain financial information. That's according to a survey conducted by Kaspersky Lab, which indicates that 45% of phishing attacks were targeted using well-known names of banks and online payment systems. That was up by 8% on 2012 as criminals pivot toward exploiting personal data harvested from fake websites. One scam involves a bidding website modelled on a legitimate platform and once the user has entered credit card details, the scammer withdraws funds from the account, according to the report. It notes that phishing sites can potentially be a threat to any device that opens the website and scammers have been known to employ this technique in conjunction with spam e-mails. Full report on the News24 site

Customers must beware of criminals hacking their e-mail accounts to obtain bank account information or issue illicit instructions to their banks, the South African Banking Risk Information Centre (Sabric) has warned. While no statistics are available, Sabric is seeing an increasing trend of e-mail hacking where criminals illegally access e-mail accounts and then communicate as if they are the account holder. Business Day reports that Sabric CEO Kalyani Pillay said criminals used information from e-mail accounts to build a profile of the account holder, which was a form of identity theft. The most targeted e-mails were free accounts, such as Google and Yahoo. Full Business Day report