High Profile Twitter Hacker Arrested in France

The hacker credited with pulling off the most damaging hack against Twitter to date, which resulted in the leak of thousands of confidential corporate documents, was arrested by authorities in France. However, the Frenchman was questioned about an earlier attack involving unauthorized access to several high profile Twitter accounts, including that of Barack Obama.

At the beginning of May last year, someone calling himself "Hacker Croll" took credit for obtaining unauthorized access to a Twitter's administrative backend. In order to sustain his claim, the hacker released screenshots and private information taken from accounts belonging to the likes of Ashton Kutcher, Lily Rose Allen and Barack Obama.

The hacker explained at the time that he used nothing more than social engineering to hijack the e-mail and password of a Twitter employee named Jason Goldman. This gave him access to information from any account on the micro-blogging platform.

"Hacker Croll" repeated the feat a few months later, in July, but on a much larger scale. Starting by hacking into the personal e-mail account of a different Twitter worker, he eventually managed to access the company's Google Apps account, where thousands of internal corporate documents and communications were hosted.

Many of those files were later leaked and published online. Private information collected from them also allowed the hacker to social-engineer his way into the Gmail, AT&T, Amazon, PayPal, iTunes, MobileMe and GoDaddy accounts of multiple Twitter employees, including the company's founders Evan Williams and Biz Stone.

The French police finally caught up with "Hacker Croll" on Wednesday in the city of Clermont-Ferrand, after an investigation that lasted several months and involved a strong collaboration with the FBI. AFP reports that the 25-year-old unemployed hacker was released from police custody after being questioned in regards to the first incident and admitting to his involvement.

"He was a young man spending time on the Internet. He acted as a result of a bet, out of the defiance of the hacker. He is the sort who likes to claim responsibility for what he has done," prosecutor Jean-Yves Coquillat commented for the French news agency. He is scheduled to appear in court on June 24 and could face a sentence of two years in jail.

Top ten antivirus of 2010

1. Kaspersky version 7.0.0.43 beta – 99.23%
2. Kaspersky version 6.0.2.614 – 99.13%
3. Active Virus Shield by AOL version 6.0.0.308 – 99.13%
4. ZoneAlarm with KAV Antivirus version 7.0.337.000 – 99.13%
5. F-Secure 2007 version 7.01.128 – 98.56%
6. BitDefender Professional version 10 – 97.70%
7. BullGuard version 7.0.0.23 – 96.59%
8. Ashampoo version 1.30 – 95.80%
9. eScan version 8.0.671.1 – 94.43%
10. Nod32 version 2.70.32 – 94.00%

Threats to Computer Security

 Computer systems are vulnerable to many threats that can inflict various types of damage resulting in significant losses. This damage can range from errors harming database integrity to fires destroying entire computer centers. Losses can stem, for example, from the actions of supposedly trusted employees defrauding a system, from outside hackers, or from careless data entry clerks. Precision in estimating computer security-related losses is not possible because many losses are never discovered, and others are "swept under the carpet" to avoid unfavorable publicity. The effects of various threats varies considerably: some affect the confidentiality or integrity of data while others affect the availability of a system.
1. Errors and Omissions

Errors and omissions are an important threat to data and system integrity. These errors are caused not only by data entry clerks processing hundreds of transactions per day, but also by all types of users who create and edit data. Many programs, especially those designed by users for personal computers, lack quality control measures. However, even the most sophisticated programs cannot detect all types of input errors or omissions. A sound awareness and training program can help an organization reduce the number and severity of errors and omissions.

Users, data entry clerks, system operators, and programmers frequently make errors that contribute directly or indirectly to security problems. In some cases, the error is the threat, such as a data entry error or a programming error that crashes a system. In other cases, the errors create vulnerabilities. Errors can occur during all phases of the systems life cycle.
2. Fraud and Theft

Computer systems can be exploited for both fraud and theft both by "automating" traditional methods of fraud and by using new methods. For example, individuals may use a computer to skim small amounts of money from a large number of financial accounts, assuming that small discrepancies may not be investigated. Financial systems are not the only ones at risk. Systems that control access to any resource are targets (e.g., time and attendance systems, inventory systems, school grading systems, and long-distance telephone systems). Computer fraud and theft can be committed by insiders or outsiders. Insiders (i.e., authorized users of a system) are responsible for the majority of fraud.

Since insiders have both access to and familiarity with the victim computer system (including what resources it controls and its flaws), authorized system users are in a better position to commit crimes. Insiders can be both general users (such as clerks) or technical staff members. An organization's former employees, with their knowledge of an organization's operations, may also pose a threat, particularly if their access is not terminated promptly.
3. Employee Sabotage

Employees are most familiar with their employer's computers and applications, including knowing what actions might cause the most damage, mischief, or sabotage. The downsizing of organizations in both the public and private sectors has created a group of individuals with organizational knowledge, who may retain potential system access (e.g., if system accounts are not deleted in a timely manner). The number of incidents of employee sabotage is believed to be much smaller than the instances of theft, but the cost of such incidents can be quite high.

    Common examples of computer-related employee sabotage include:
  # destroying hardware or facilities,
  # planting logic bombs that destroy
  # programs or data,
  # entering data incorrectly,
  # "crashing" systems,
  # deleting data,
  # holding data hostage, and
  # changing data.

4. Loss of Physical and Infrastructure Support

The loss of supporting infrastructure includes power failures (outages, spikes, and brownouts), loss of communications, water outages and leaks, sewer problems, lack of transportation services, fire, flood, civil unrest, and strikes.
5. Malicious Hackers

The term malicious hackers, sometimes called crackers, refers to those who break into computers without authorization. They can include both outsiders and insiders. Much of the rise of hacker activity is often attributed to increases in connectivity in both government and industry. One 1992 study of a particular Internet site (i.e., one computer system) found that hackers attempted to break in at least once every other day. The hacker threat should be considered in terms of past and potential future damage. Although current losses due to hacker attacks are significantly smaller than losses due to insider theft and sabotage, the hacker problem is widespread and serious.
6. Industrial Espionage

Industrial espionage is the act of gathering proprietary data from private companies or the government for the purpose of aiding another company(ies). Industrial espionage can be perpetrated either by companies seeking to improve their competitive advantage or by governments seeking to aid their domestic industries. Foreign industrial espionage carried out by a government is often referred to as economic espionage. Since information is processed and stored on computer systems, computer security can help protect against such threats; it can do little, however, to reduce the threat of authorized employees selling that information.
7. Malicious Code

Malicious code refers to viruses, worms, Trojan horses, logic bombs, and other "uninvited" software. Sometimes mistakenly associated only with personal computers, malicious code can attack other platforms. Actual costs attributed to the presence of malicious code have resulted primarily from system outages and staff time involved in repairing the systems. Nonetheless, these costs can be significant.

    Malicious Software: A Few Key Terms

    Virus: A code segment that replicates by attaching copies of itself to existing executables. The new copy of the virus is executed when a user executes the new host program. The virus may include an additional "payload" that triggers when specific conditions are met. For example, some viruses display a text string on a particular date. There are many types of viruses, including variants, overwriting, resident, stealth, and polymorphic.

    Trojan Horse: A program that performs a desired task, but that also includes unexpected (and undesirable) functions. Consider as an example an editing program for a multiuser system. This program could be modified to randomly delete one of the users' files each time they perform a useful function (editing), but the deletions are unexpected and definitely undesired!

    Worm: A self-replicating program that is self-contained and does not require a host program. The program creates a copy of itself and causes it to execute; no user intervention is required. Worms commonly use network services to propagate to other host systems.

8. Threats to Personal Privacy

The accumulation of vast amounts of electronic information about individuals by governments, credit bureaus, and private companies, combined with the ability of computers to monitor, process, and aggregate large amounts of information about individuals have created a threat to individual privacy. The possibility that all of this information and technology may be able to be linked together has arisen as a specter of the modern information age.