Jan 122019

Nate Raymond reports that the Martin Gottesfeld has been sentenced to more than 10 years in prison and $443,000 in restitution for his DDoS attack on Boston Children’s Hospital and another facility in 2014. Gottesfeld had been convicted on August 1, and had shown no remorse for his actions.

According to prosecutors, in late 2013, Gottesfeld, a computer engineer living in Somerville, Massachusetts, learned about a child custody dispute involving a Connecticut teenager, Justina Pelletier.

Pelletier had been taken into state custody in Massachusetts after a dispute over her diagnosis arose between her parents and Boston Children’s Hospital, which determined her health problems were psychiatric in nature and believed her parents were interfering with her treatment.

Her case garnered headlines and drew the attention of religious and political groups who viewed it as an example of government interference with parental rights.

Read more on Computerworld.

So “BestBuy” got a few years for DDoS in the UK and Gottesfeld gets more than 10 years in the U.S.. But was Gottesfeld’s sentencing justifiable in terms of the harm he had done or could have potentially done — and his lack of remorse?  Once again, I think the significant sentencing discrepancies will come into play when Nathan Wyatt, aka “Crafty Cockney,” a member or associate of thedarkoverlord, fights extradition in a UK court.

Nov 062018

From TrustNodes:

Turkish police has arrested 11 individuals on suspicion of hacking cryptocurrencies through Sim Swapping.

The individuals in question allegedly tricked phone providers into transferring the victim’s phone number to them.

Apparently fake IDs were prepared for this operation, according to local crypto media, with the thieves pretending the victim’s phone was stolen. They then managed to persuade phone providers to send them a new sim with the victim’s phone number. The real owner’s sim card was canceled.

The victim’s phone number was then used to reset the password through two factor authentication (2FA) password resets.

Read more on TrustNodes.

Oct 202018

Dan Goodin reports:

A recent hack of eight poorly secured adult websites has exposed megabytes of personal data that could be damaging to the people who shared pictures and other highly intimate information on the online message boards. Included in the leaked file are (1) IP addresses that connected to the sites, (2) user passwords protected by a four-decade-old cryptographic scheme, (3) names, and (4) 1.2 million unique email addresses, although it’s not clear how many of the addresses legitimately belonged to actual users.

Robert Angelini, the owner of wifelovers.com and the seven other breached sites, told Ars on Saturday morning that, in the 21 years they operated, fewer than 107,000 people posted to them.

Read more on Ars Technica.


Oct 192018

Ricardo Alonso-Zaldivar reports:

A government computer system that interacts with HealthCare.gov was hacked earlier this month, compromising the sensitive personal data of some 75,000 people, officials said Friday.

The Centers for Medicare and Medicaid Services made the announcement late in the afternoon ahead of a weekend, a time slot agencies often use to release unfavorable developments.

Read more of this AP report on ABC.

Oct 172018

Patti Singer reports:

A mishap during routine server cleanup at the University of Rochester Medical Center several months ago has made it impossible for staff in the affected departments to open 2.6 million files.

The files were on a server used by finance, research and operations to archive documents that had not been used for at least six months. No patient files were affected, URMC officials said.

Read more on Democrat & Chronicle. And yes, spoiler alert: this is another human/insider error matter.