– InfoSec stories scavenged for you from across the internet –
Three stories this week:
- Hackwurst (The German Hack)
- Un DoS Tres (Guy who dossed a Children’s Hospital sentenced)
- Collection #1 (The Massive 773million record data breach)
(Hackwurst is a play on Bockwurst, which is what the Germans came up with to counter boerewors. You might also now be wondering what’s the difference between Bockwurst, Knockwurst and Bratwurst. The answer is waiting for you here: https://www.epicurious.com/archive/holidays/oktoberfest/germansausagesbruceaidells)
A 20-year-old German man managed to obtain and publish a bunch of personal information of, among others, the Chancellor of Germany, Angela Dorothea Merkel, as well as the German head of state.
If, at this point, you are confused that Merkel is not the German head of state, welcome to the party. Here’s a video of the inauguration of the German President, Frank-Walter Steinmeier: https://www.youtube.com/watch?v=6UsXzwke6OE.
But we digress…
The suspect, who still lives with his parents, claimed to have acted alone when police arrested him earlier this month. The reason for his actions was attributed to anger at “public statements made by politicians, journalists and public figures”. It is unclear how he obtained the leaked information, but it is said to include contact information, credit card details, banking and financial details as well as ID cards and private chats.
2_ Un DoS Tres
(Guy who dossed a Children’s Hospital sentenced)
First things first: If the title of this one made you think of the 1995 Ricky Martin song… here’s the music video for your pleasure: https://www.youtube.com/watch?v=vCEvCXuglqo (and the chap in this story’s name is Martin… Coincidence??)
In 2013, Martin Gottesfeld came to hear about the ‘medical’ child custody case of Justina Pelletier. She was being treated at Boston Children’s Hospital at the time. Taking her fight upon himself, Martin posted a video online claiming to be part of the Anonymous hacking group. He followed this by doxing personal information from people involved in her treatment and then launched a Distributed Denial of Service (DDoS) attack on the Boston Children’s Hospital. The DDoS knocked their internet facing systems offline for two weeks. Fearing arrest by the FBI, Martin and his wife bought a speedboat and fled for Cuba.
Unfortunately for the Gottesfelds, their boat broke down in rough seas and they were forced to send out a distress signal… only to be rescued by a Disney Cruise Liner of all things. In the end, he was arrested and sentenced to 10 years in prison for his efforts.
3_ Collection #1
(The massive 773million record data breach)
By this time, you would most probably have heard or read about this one, as it is widely reported on. But, before you start running down corridors screaming ‘the end is nigh!‘, read this first.
This isn’t a new single breach. To quote Troy Hunt, who runs Have I Been Pwnd: The leaked data set is “made up of many different individual data breaches from literally thousands of different sources.”
Brian Krebs also notes that this is old data and offers the following advice relating to the ‘breach’:
If this Collection #1 has you spooked, changing your password(s) certainly can’t hurt — unless of course you’re in the habit of re-using passwords. Please don’t do that. As we can see from the offering above, your password is probably worth way more to you than it is to cybercriminals (in the case of Collection #1, just .000002 cents per password).”