Thailand : Sony site used for phishing

[Mid]

Sony site used for phishing
Tom Espiner
20 May, 2011

Sony has been hacked, and one of its servers used to host a phishing site, according to Finnish company F-Secure.

The hack, which is not connected to Sony's problems with its PlayStation Network, has placed a phishing webpage on the Sony Thailand site, F-Secure chief research officer Mikko Hypponen told ZDNet UK on Friday.

"The phishers are looking for credit card details and logins," said Hypponen.

Two phishing pages mimicked a site for the Italian CartaSi credit card. The first page asked for username and password, while the second page asked for "additional verification" for credit card number, expiry date, and security code. Users were then redirected to an official CartaSi site.

Hypponen said that the timing of the hack was unfortunate for Sony, given that its PlayStation Network and Qriocity services were coming back online after a major cyberattack that compromised the details of millions of people.

"Right now it looks especially bad," said Hypponen. "It's just bad luck and bad timing."

The security researcher came across the Sony website compromise while looking for phishing scams connected with PSN. The page was most likely to have been compromised via SQL injection or a PHP vulnerability, and is no longer active, Hypponen added.

F-Secure notified Sony, the company said in a blog post on Friday.

zdnet.co.uk

[harrybarracuda]

Sony's CISO needs to be fired. He's obviously a bumbling nip idiot.

[Mid]

Sony hacked AGAIN after PSN reboot
Richi Jennings
May 23, 2011

Sony (SNE) (6758) has been hacked again, by persons unkown. Or should that be "yet again"? Not content to allow Sony to lick its PSN wounds, this time, Sony subsidiaries in Greece, Thailand, and Japan fell victim to anonymous hackers (not to be confused with Anonymous hackers, of course ;-). In IT Blogwatch, bloggers can't believe how "unlucky" Sony has become.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: TBA...

Chester Wisniewski gets all Greece-y:

An anonymous poster has uploaded a user database ... including the usernames, real names and email addresses of users registered on ... the website of Sony BMG in Greece. ... Someone used an automated SQL injection tool to find this flaw. ... [They had the] diligence to comb through Sony websites ... until a security flaw was found.
...
It would cost far less to perform thorough penetration tests than to suffer ... these incidents. ... [But] when this is over, Sony may end up being one of the most secure web assets on the net.

Joe Martin wears a Japanese Thai:

Sony websites in Thailand and Japan have suffered further attacks from hackers, just as the company works to restore PSN. ... The new attacks saw phishing scams added to a Sony website in Thailand, with links to a fake Italian credit card company.
...
Meanwhile, a separate attack ... saw Sony's Japanese ISP, So-Net Internet, admitting that hackers had ... stolen [$1,225] of 'virtual points' from account holders.

Parmy Olson adds 2+2:

Sony is also due to reveal its annual profits on Thursday [which] could prove disappointing. ... The company is preparing to give a press conference ... announcing a revision to its annual profits forecast. ... Companies listed [in] Tokyo ... are required to inform investors if they believe they will miss earnings targets by 30%.

And Steve Ragan offers a colorful metaphor:

Like piranha swarming someone injured in a river, it looks like everyone is testing Sony’s security defenses. ... can their reputation be salvaged?
...
Sony has hired more security staff and added additional layers of protection, [but] they haven’t had time to take hold. ... It does demonstrate that previous measures were spotty at best.
...
Sony's ... mounting security problems and spotty communication, have done little to increase the value of [its brand]. ... It’s not clear if Sony will have a long fight to regain consumer trust. ... What is clear, is that Sony will have a hard time securing every aspect of their networked properties, and [it] will take time. How they react and communicate with the public ... will make all the difference.

blogs.computerworld.com

[SteveCM]

From the blog world.....


Hackers target prominent Thai websites | Asian Correspondent

By Jon Russell
May 24, 2011


So far it hasn’t been a good week so far for website security here in Thailand.

Still reeling from a much publicised breach of security in its online gaming network – which might have compromised customer details including credit card numbers – and a potential loss of $170 million, Sony faced the ignominy of having its Thailand website attacked and used for phishing according to CNET.

The hack, which is not connected to Sony’s problems with its PlayStation Network, has placed a phishing Web page on the Sony Thailand site, F-Secure chief research officer Mikko Hypponen told ZDNet UK today. F-Secure notified Sony, the company said in a blog post today.

“The phishers are looking for credit card details and log-ins,” said Hypponen.

While elsewhere on Thai webspace the Democrat Party suffered when one of its websites was knocked out by a ‘friendly’ hacker who, on assuming control of the website’s content, posted a note aimed to highlight how shoddy the security system is.

More details come from the Bangkok Post:

A website of the Democrat Party, set up to attract young people, was hacked on Sunday night.
Reports said an anonymous hacker broke into “www.youngdemocrat.org” while Prime Minister and Democrat leader Abhisit Vejjajiva was using social media for his party’s election campaign.

The hacker replaced the homepage with a black background with the message: “Don’t Worry Admin! Your Files and Database Are Safe!!! I Just Wanna Tell You that Your Security Sucks!!!”

The black background and the message were removed on Monday morning, but the website was still down.

These events are neither the first, nor (sadly most likely) the last cases of lax website security in Thailand.

In the past a range of websites including government, corporate and other important sites have found themselves victim to phishing and viruses. That part is quite normal but when you consider the huge investment – both financial and time – that the government puts into tracking breaches of the country’s lese majeste law and other speech-related violations and one can legitimately ask if the Thai government is doing enough to tackle web security issues which could impact – if personal data and credit cards details are stolen – on its people accessing Thai cyberspace?

If its any consolation, Sony had a similar issue in Japan where an affiliated website had $1,200 of virtual currency stolen by an unknown intruder, as Slashdot reveals.


........

There's also this from Twitter yesterday:

[at]mithuna_khon

Tried to access Royal Thai Army website and Norton security blocks it - says it's a "malicious" site! Lists 21 recorded security threats.

21 hours ago via web


Only 21? And some of us could think of RTA threats that Norton isn't that well-equipped to pick up - but, forgive me, I'm going off-topic......

[harrybarracuda]

Most IT security in Asia is shit, in Thailand they're probably using pirated security products!

[SteveCM]

^
Yep - an absurdity that I've pointed out to numerous farang & Thai friends here. Do they really feel happy installing hacked security (and optimising) s/ware that's originally purpose-made to get deep inside their system? Would they buy a coded burglar alarm from that dodgy bloke at the market stall?

Most just shrug and carry on regardless.

[Thormaturge]

I cannot help thinking the recent problems at Sony may well originate from their competitors who could easily have their own people inside Sony. It beggars belief that such a large company could be this dumb.

[harrybarracuda]

I cannot help thinking the recent problems at Sony may well originate from their competitors who could easily have their own people inside Sony. It beggars belief that such a large company could be this dumb.

Actually, An0nymous are that good.

[Mid]

Sony Canada website hacked in latest security breach
Michael Sawh
Wed 25 May 2011

Cyber attacks now reported in Greece, Canada and Thailand

Sony has reported that its Sony Ericsson website in Canada has come under attack from hackers with personal details of 2,000 customers said to have been stolen.

While Sony revealed that no credit card details had been obtained, emails, passwords and phone numbers had been accessed in the latest attack on Sony services.

This follows on closely from news that Sony sites in Canada and Thailand were comprimised earlier this week all while Sony attempts to recover from the PlayStation Network outage where data and credit card details were stolen from millions of users.

In a statement released by Sony, it claimed that the sites in Greece and Canada were hosted by third parties and are not part of the main Sony network.

t3.com

[Mid]

Hackers attack another Sony network, post data
Jim Finkle and Liana B. Baker
(Additional reporting by Diane Bartz. Editing by Steve Orlofsky and Richard Chang)
Fri Jun 3, 2011


A man looks at Sony Corp's products at an electronics store in Tokyo May 26, 2011.
Credit: Reuters/Toru Hanai

BOSTON/NEW YORK (Reuters) - Hackers have again broken into Sony Corp's computer networks, this time claiming to have stolen customer data to show that the company's systems remain vulnerable to attack.

That marked the latest setback for Sony, which discovered in April that hackers had stolen data from more than 100 million of its accounts. Nobody has claimed responsibility for that attack.

The group LulzSec said on Thursday it broke into servers that run Sony Pictures Entertainment websites, and accessed the personal information of more than 1 million Sony customers.

To underscore the point that the Japanese electronics giant is unable to keep intruders out of its network, LulzSec published the names, birthdates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.

A Sony spokesman said the company was "looking into these claims" but declined to elaborate.

"From a single injection, we accessed EVERYTHING," the hacking group said in a statement.

"Why do you put such faith in a company that allows itself to become open to these simple attacks?"

Reuters confirmed the authenticity of the data published about several of the sweepstakes entrants.

The attacks came on a day Sony executives were hauled before a Congressional committee to testify on the April attack of its gaming networks. Representatives criticized Sony for waiting several days to notify customers of the breach.

The U.S. Federal Trade Commission could choose to review circumstances leading to this latest attack if Sony Pictures Entertainment failed to use proper procedures for protecting the data of its customers.

John Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit, a nonprofit group that monitors Web threats, was not surprised Sony's systems had again been breached.

"The system was unsecure," said Bumgarner, who last month warned of a string of security vulnerabilities across Sony's networks that he identified without special access to the electronics giant's computer systems.

He said he found vulnerabilities in the Sony Pictures Entertainment network as recently as last weekend.

The first hacking attacks in April, considered the biggest in Internet history, prompted Sony to shut down its PlayStation Network and other services for close to a month.

LulzSec has claimed responsibility for several hacks over the past month. It said it defaced the U.S. PBS television network's websites, and posted data stolen from its servers on Monday to protest a "Front Line" documentary about WikiLeaks.

It has also broken into a Fox.com website and published data about contestants for the upcoming Fox TV talent show, "X Factor."

LulzSec also said on Thursday it had hacked into Sony BMG Music Entertainment Netherlands and Belgium. It previously disclosed an attack on Sony Music Japan.

uk.reuters.com

[harrybarracuda]

What's the betting they're concentrating on protecting all of their servers from outside attack and have done nothing about the internal trust relationships?

You have control over one box and, hey presto, you can burrow around the internal network at will.

Like I said, their CIO should be escorted out of the office with his belongings in a small brown paper bag.