Intruders Target Pbs Website, Post Fake News, Disclose Confidential Information

By Author: eccuni
Total Articles: 211
Comment this article

Recently, attackers intruded into the servers and defaced Public Broadcasting Service (PBS) NewsHour blog site. A group called "Lulz Sec" has claimed responsibility for the attack. Intruders were allegedly successful in extracting over 2000 login credentials. Attackers have published the login credentials of employees, passwords related to PBS servers, PBS affiliates, and PBS press accounts. The group has also leaked the network map of the company's website. The distinguishing feature of the latest attack is that attackers also posted fake news on the site. The fake news claimed that singer Tupac Shakur, who died in 1996, is alive and is staying in New Zealand. Attackers are reportedly still posting items on the blog site. Attackers allegedly used SQL injection attack to breach the security of PBS servers.

PBS has started notifying the affected users of the security breach. Information security professionals of the organization are working to reclaim control of the website, and were successful in removing the fake news from the site. The attack was in response to the alleged negative representation of WikiLeaks ...
... in a documentary by PBS Frontline. Lulz Sec has been in the news for attacks on one of Sony companies in Japan, as well as leakage of login credentials of Fox employees. The group was also successful in gaining unauthorized access to Twitter accounts of some of Fox affiliates and posted arbitrary messages.

Cyber-attacks have been vibrant in the current year with several high profile attacks such as the one on HBGary Federal, Hyundai Capital, Epsilon, RSA, SonyPSN network and other Sony companies, and Lockheed Martin. The frequent security and data breach incidents accentuate the need for heightened security measures to safeguard networks, websites, and computer systems. Availability, confidentiality, and security of business and customer information are crucial for uninterrupted business operations, and maintaining public trust.

Proper validation of input and output, use of parameterized queries, encryption of passwords, timely identification of SQL vulnerabilities and application of requisite patches, use of stored procedures and regular security evaluation may help organizations in defending the websites from SQL injection attacks. The highly sophisticated cyber-attacks make it necessary for organizations to ensure that employees are aware of various Internet-based threats and safe online computing practices. Huddle sessions, e-learning programs, introducing rewards and penalties, periodic counseling may help employees in understanding and adhering to best IT security practices. Mandatory diploma and online degree courses on IT security may also help in improving security awareness among employees. The prevailing security scenario makes it important for IT professionals to constantly improve their technical expertise. Working professionals may self-pace their learning through online video training, iPad training, and online university degree courses.

Security and data breach incidents have severe repercussions on the affected parties. Affected individuals and groups must immediately change their passwords. Use of strong and unique password is a fundamental, but often ignored aspect of cyber security. Internet users often use common and easily predictable passwords for the sake of convenience and easy remembrance. Cybercriminals may leverage user negligence and compromise user accounts, conduct unauthorized transactions, transfer funds, misrepresent users, send fictitious and indecent messages, and use e-mail accounts for propagating spam. As such, Internet users must use unique and unpredictable passwords for different online user accounts.

Frequent security breach incidents has led to increased demand for cyber security specialists qualified in computer administration, network administration, incident management, penetration testing, masters of security science, computer science degree, and computer forensics.