Hacking New Year

It is the very beginning of 2014 and it seems that privacy and security will be The Question and Issue of the year. With the revelation from former NSA contractor, Edward Snowden, we discovered that users’ data had become the 21st century treasure. Therefore the question is:  who can we trust? What are companies doing with their users’ data? How do they protect it? Do they give it all to institutions of surveillance like the National Security Administration? Some hackers decided to make those questions a priority using their own very way.

download (12)

Last Tuesday more than four-and-a-half million Snapchat usernames and phone numbers leaked online after anonymous hackers posted the information on a website called SnapchatDB.info. The whole Snapchat security story started when Gibson Security, a security firm, highlighted the flaw in August 2013 and again on 25th December. Snapchat acknowledged in a blogpost that “it was possible for an attacker to use the functionality of Find Friends to upload a large number of random phone numbers and match them with Snapchat usernames” but that measures had been implemented to protect users’ data”. Unfortunately for Snapchat, that is what hackers used to breach the company’s security.

According to their statement, the SnapchatDB hackers were compelled to take “the necessary steps to secure user data” because of Snapchat’s reluctance to do it properly”. Our motivation behind the release was to raise the public awareness around the issue, and also put public pressure on Snapchat to get this exploit fixed. It is understandable that tech startups have limited resources but security and privacy should not be a secondary goal. Security matters as much as user experience does,” the hackers said. “We hope to see that Snapchat patches the exploit, and patches it well this time … Especially after seeing the magnitude of attention that our leak received, we think that Snapchat will be targeted by other groups if they don’t safeguard user security. We expect Snapchat to roll out a proper patch and notify their users and assure them that they will be more careful with their private information from now on.” According to their statement, the SnapchatDB hackers were compelled to take action because of Snapchat’s reluctance to take “the necessary steps to secure user data”.

Snapchat first reaction was to blame the security firm, Gibson Security, who warned them in August and publicly documented the company API “making it easier for individuals to abuse our service and violate our Terms of Use.” The company’s public response to the hacking did not include an apology of any sort to its users who have had their user names or phone numbers publicly exposed. However, the company announced that it will be releasing an updated version of its app thus reinforcing security and hopefully address future abuse attempts.

download (11)

The other big example is the cyber-attack launched against Skype’s security by the Syrian Electronic Army (SEA). They managed to hack Skype’s Twitter account, Facebook page and Blog. The reason behind this hack was again due to Snowden’s revelation. Documents from the NSA’s PRISM program apparently indicated that the secretive agency could spy on Skype audio and video calls thanks to backdoor access. Interestingly, in October, it was reported that the messaging and calling service was under investigation in Luxembourg over suspected links to the NSA. A month later, the country’s data protection authority cleared both Microsoft and Skype of any violations.

The SEA gained controlled of Skype’s twitter account to denounce some of the company inappropriate activities. Its message: end spying on the public.

Screen Shot 2014 01 01 at 12.31.00 PM Skypes Twitter, Facebook, and blog hacked by Syrian Electronic Army demanding an end to spying

skype2

The group gained also access to Skype’s Facebook account.

Screen Shot 2014 01 01 at 12.44.44 PM Skypes Twitter, Facebook, and blog hacked by Syrian Electronic Army demanding an end to spying

And finally here is what users could read on Skype’s Blog:

Screen Shot 2014 01 01 at 12.30.36 PM 730x479 Skypes Twitter, Facebook, and blog hacked by Syrian Electronic Army demanding an end to spying

Screen Shot 2014 01 01 at 12.59.23 PM 730x480 Skypes Twitter, Facebook, and blog hacked by Syrian Electronic Army demanding an end to spying

Tech Crunch – The Syrian Electronic Army Rings In The New Year By Hacking Skype’s Social Media Accounts

Mashable – 4.6 Million Snapchat Usernames and Phone Numbers Leaked

Tech Crunch – Snapchat Says It’s Improving Its App, Service To Prevent Future User Data Leaks

The Next Web –  Snapchat responds to hack by promising app update to let you opt out of its Find Friends feature

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s