Monday, 25 November 2013

Report on commodities value in the cyber criminal underground market

Security experts Stewart from Dell SecureWorks and independent researcher David Shearhave explored online underground marketplace for stolen data.

Digital identity is one of the most attractive goods sold in the underground, to a growing demand coincided with a more structured supply that will satisfy even the most complex requirements. Cybercrime pays and in the majority of cases goes unpunished, that’s why we are observing the reconversion of many criminal gangs to the cyber business.
I’ve found an  interesting post that evaluates the economic value assigned by cybercriminals to digital identity in the underground market.
When we speak on identity theft and underground we refer a huge quantity of data and services provided by “black sellers”, stolen data and hacking services are obviously the most requested.
Researcher Joe Stewart of Dell SecureWorks and independent researcher David Shear provided an interesting overview of hacking services and stolen data cost in the black market specifically in this period. The two cyber experts infiltrated 15 different underground forums to collect the pricing information, four of which were Russian forums.
The experts have written the report titled, “The Underground Hacking Economy is Alive and Well” , published by Dell, that is the result of the investigation on the online marketplace for stolen data, specific to the economic value of products proposed.
Security experts have revealed that the price of a stolen identity has been reduced by 37 percent on the black market, passing reaching $25 for a U.S. identity and $40 for an overseas identity.
cybercrime underground
Doxing services, where a cybercriminals steals as much information as they can about a victim or target via malware based attacks, social media, social engineering ranges from $25 to $100.
A cyber criminal for nearly $300 can acquire stolen credentials for a bank account with a balance of $70,000 to $150,000, yes my friend the amount of balance is one the main factor that influence its price.
The increased number of data breaches (e.g. MacRumors, LexisNexis, Dun & Bradstreet and Kroll Background America, vBulletin) are flooding the underground market with huge quantity of data stolen during the cyber attacks, including bank account credentials, Social Security Number and many other personal information. The availability of so much information is leading to a leveling down of its prices.
“I expected to see the drop,” “The best thing we could hope for was for these prices to be very high. It would be a more encouraging trend if the prices increased.” said Stewart, who is director of malware research for Dell SecureWorks.
Stolen personal identities were quoted for $40 per U.S. stolen ID and $60 for a stolen overseas ID in 2011, today the quotation are 33 to 37 percent cheaper.
The experts found more cybercriminals selling a cardholder victim’s birth date and Social Security Number as well as the card data itself to ensure the stolen card data can be used.
“The hackers have come to realize that merely having a credit card number and corresponding CVV code (Card Verification Value–the 3 or 4 digit number on one’s credit or debit card) is not always enough to meet the security protocols of some retailers,” “Hackers are also selling cardholders’ Date of Birth and/or Social Security Number. Having this additional information would allow a hacker to answer additional security questions or produce a fake identification, to go along with a duplicate credit card.” SecureWorks said in its report.

Stolen credit cards for U.S. accounts (including CVV numbers) is not changed respect previous study conducted in 2011, they ranged from $4 to $8 per account, while European accounts dropped from $21 to $18 today.
Cheaper is also the cost of a cyber attack on demand, for example a distributed denial-of-service (DDoS)-for-hire attack that is quoted around $400. In June McAfee study found a DDoS-for-hire service for $2 per hour, and another for $3 per hour, Dell SecureWorks report found DDoS services anywhere from $3- to $5 per hour, $90- to $100 per day, and $400 to $600 a month.
We can support in the absolute certainty that the model known as cybercrime-as-a-service has been spreading because “It doesn’t require any technical knowledge, and you don’t even have to own a computer,”"You just need to pay” and you can outsource anything”.
“This report shows that cybercrime is becoming more and more commoditized, turnkey, and the bar to entry had become lower and lower as more people develop kits” “It’s created a situation where it’s getting very easy for anyone to get into that business. I think these numbers confirm it,” Stewart says.
It is also quite easy to pay to get a website hacked, the cost runs from $100 to $300, curious the fact that attackers don’t hack government or military websites.
Botnets are very cheap, consider that an architecture composed of 1,000 bots go for $20, and 15,000, for $250 enough to arrange an illegal activity. Following the detailed price list.
There are thousands of compromised computers (bots) for sell by bot salesmen. The price per computer typically decreases when they are bought in bulk. The costs for infected computers (bots):
  • 1,000 bots = $20
  • 5,000 bots= $90
  • 10,000 bots = $160
  • 15,000 bots = $250
In the below table the detailed price list:
Hacker Credentials and Services Details Price
*Visa and Master Card (US)
$4
American Express (US)
$7
Discover Card with (US)
$8
Visa and Master Card (UK, Australia and Canada)
$7 -$8
American Express (UK, Australia and Canada)
$12- $13
Discover Card (Australia and Canada)
$12
Visa and Master Card (EU and Asia)
$15
Discover and American Express Card (EU and Asia)
$18
Credit Card with Track 1 and 2 Data (US) Track 1 and 2 Data is information which is contained in digital format on the magnetic stripe embedded in the backside of the credit card. Some payment cards store data in chips embedded on the front side. The magnetic stripe or chip holds information such as the Primary Account Number, Expiration Date, Card holder name, plus other sensitive data for authentication and authorization. $12
Credit Card with Track 1 and 2 Data (UK, Australia and Canada)
$19-$20
Credit Card with Track 1 and 2 Data (EU, Asia)
$28
US Fullz Fullz is a dossier of credentials for an individual, which also include Personal Identifiable Information (PII), which can be used to commit identity theft and fraud. Fullz usually include: Full name, address, phone numbers, email addresses (with passwords), date of birth, SSN or Employee ID Number (EIN), one or more of: bank account information (account & routing numbers, account type), online banking credentials (varying degrees of completeness), or credit card information (including full track2 data and any associated PINs). $25
Fullz (UK, Australia, Canada, EU, Asia)
$30-$40
VBV(US) Verified by Visa works to confirm an online shopper’s identity in real time by requiring an additional password or other data to help ensure that no one but the cardholder can use their Visa card online. $10
VBV (UK, Australia, Canada, EU, Asia)
$17-$25
DOB (US) Date of Birth $11
DOB(UK, Australia, Canada, EU, Asia)
$15-$25
Bank Acct. with $70,000-$150,000 Bank account number and online credentials (username/password). Price depends on banking institution. $300 and less
Infected Computers 1,000 $20
Infected Computers 5,000 $90
Infected Computers 10,000 $160
Infected Computers 15,000 $250
Remote Access Trojan(RAT)
$50-$250
Add-On Services to RATs Includes set up of C2 Server, adding FUD to RAT, infecting victim $20-$50
Sweet Orange Exploit Kit Leasing Fees
$450 a week/$1800 a month
Hacking Website; stealing data Price depends on reputation of hacker $100-$300
DDoS Attacks Distributed Denial of Service (DDoS) Attacks– throwing so much traffic at a website, it takes it offline Per hour-$3-$5Per Day-$90-$100Per Week-$400-$600
Doxing When a hacker is hired to get all the information they can about a target victim, via social engineering and/or infecting them with an information-stealing trojan. $25-$100

Here’s who (probably) did that massive $150,000,000 Bitcoin transaction

One of the unique things about Bitcoin is that every transaction on its network is publicly available for anyone to examine. Any time a user sends a payment to another user, that transaction is reflected in the "blockchain," a global, permanent ledger of Bitcoin transactions.
You can examine every Bitcoin transaction that has ever occurred at a site called blockchain.info. And that site says that a truly massive Bitcoin transaction occurred yesterday:

Those long strings of seemingly random letters and numbers are Bitcoin addresses. Each is associated with a secret encryption key that allows the owner of that address to transmit the bitcoins to another address. In this particular transaction, bitcoins from 15 different Bitcoin addresses were consolidated and sent to address "12sENwECeRSmTeDwyLNqwh47JistZqFmW8." The size of the transaction? 194,993 bitcoins. Given that one bitcoin is worth around $800 right now, the transaction is valued at more than $150 million.
Who was responsible for the transaction? I asked Sarah Meiklejohn, a computer scientist at the University of California, San Diego, for her thoughts. She's the author of arecent paper demonstrating that sophisticated analysis can reveal a lot of information about who is responsible for Bitcoin transactions. She has compiled a large database of Bitcoin addresses tagged with their likely owners.
While she says she can't be sure, Meiklejohn says that that 194,993-bitcoin transaction was probably done by Bitstamp, the world's second-largest exchange for trading dollars for bitcoins:
About half of the transactions sending bitcoins to this 12sENw address between August 29 and November 14 were from addresses we had associated with Bitstamp. This could be true for a lot of reasons (a heavyweight user withdrawing their bitcoins, for example), but there were a few other weird things I saw that made me think otherwise.
For example, a lot of the bitcoins that flowed out of the 12sENw address went to one of two other addresses: 1Drt3c8 and (especially recently) 1HBa5. The former of these addresses we have tagged as Bitstamp, and the latter is often within one hop of a known Bitstamp address (e.g., it has also sent a lot of bitcoins to 1Drt3c8).
So, while a lot of things could explain many bitcoins being received from Bitstamp, it seems like fewer of them could be explained by many bitcoins flowing from Bitstamp and then back to Bitstamp in a small span of time which is what leads me to think this is an internal shuffling of some kind.
Of course, I could also be completely wrong! For example, I should definitely mention that, for the direct transaction of interest, I don't have any of the input addresses tagged (i.e., they might or might not belong to Bitstamp), so that my inferences are really just going on the past behavior of this small handful of addresses.
So this probably isn't a case of one Bitcoin user sending $150 million to another user. Instead, Bitstamp was perhaps reshuffling its own funds, just as a bank might move stacks of $100 bills from one vault to another. Presumably, most of those 194,993 bitcoins belong to Bitstamp users who have deposited them with Bitstamp to facilitate currency exchanges.

HoneyDrive - various honeypot tools

HoneyDrive is a virtual appliance (OVA) with Xubuntu Desktop 12.04 32-bit edition installed. It contains various honeypot software packages such as Kippo SSH honeypot, Dionaea malware honeypot, Honeyd low-interaction honeypot, Glastopf web honeypot along with Wordpot, Thug honeyclient and more. Additionally it includes useful pre-configured scripts and utilities to analyze, visualize and process the data it can capture, such as Kippo-Graph, Honeyd-Viz, and much more. Lastly, many other helpful security, forensics and malware related tools are also present in the distribution.


Features

  • Virtual appliance based on Xubuntu 12.04 Desktop.
  • Distributed as a single OVA file, ready to be imported.
  • Full LAMP stack installed (Apache 2, MySQL 5), plus tools such as phpMyAdmin.
  • Kippo SSH honeypot, plus Kippo-Graph, Kippo2MySQL and other helpful scripts.
  • Dionaea malware honeypot, plus DionaeaFR and other helpful scripts.
  • Amun malware honeypot, plus helpful scripts.
  • Kojoney SSH honeypot, plus helpful scripts.
  • Glastopf web honeypot, along with Wordpot Wordpress honeypot.
  • Honeyd low-interaction honeypot, plus Honeyd2MySQL, Honeyd-Viz and other helpful scripts.
  • LaBrea sticky honeypot, Tiny Honeypot, IIS Emulator and INetSim.
  • Thug honeyclient for client-side attacks analysis, along with mwcrawler malware collector.
  • A full suite of security, forensics and anti-malware tools for network monitoring, malicious shellcode and PDF analysis, such as ntop, p0f, EtherApe, nmap, DFF, Wireshark, ClamAV, ettercap, Automater, UPX, pdftk, Flasm, pdf-parser, Pyew, dex2jar and more.
  • Firefox plugins pre-installed, plus extra helpful software such as GParted, Terminator, Adminer, VYM, Xpdf and more.

Twitter Toughening Its Security to Thwart Government Snoops

A year ago, hardly anyone, save for cryptographers, had heard of Perfect Forward Secrecy. Now, some customers are demanding it, and technology companies are adding it, one by one, in large part to make government eavesdropping more difficult.
On Friday, Twitter will announce that it has added Perfect Forward Secrecy, after similar announcements by Google, Mozilla and Facebook. The technology adds an extra layer of security to Web encryption to thwart eavesdropping, or at least make the National Security Agency’s job much, much harder. (Update: Twitter has announced the security change on its blog.)
Until Edward J. Snowden began leaking classified documents last summer, billions of people relied on a more common type of security called Transport Layer Security or Secure Sockets Layer (S.S.L.) technology to protect the transmission of sensitive data like passwords, financial details, intellectual property and personal information. That technology is familiar to many Web users through the “https” and padlock symbol at the beginning of Web addresses that are encrypted.
But leaked N.S.A. documents make clear that the agency is recording high volumes of encrypted Internet traffic and retaining it for later cryptanalysis. And it’s hardly the only one: Iran, North Korea, and China all store vast amounts of Internet traffic. More recently, Saudi Arabia has been actively trying to intercept mobile data for Twitter and other communication tools.
The reason governments go to great lengths to store scrambled data is that if they later get the private S.S.L. keys to decrypt that data — via court order, hacking into a company’s servers where they are stored or through cryptanalysis — they can go back and decrypt past communications for millions of users.
Perfect Forward Secrecy ensures that even if an organization recording web traffic gets access to a company’s private keys, it cannot go back and unscramble past communications all at once. Perfect Forward Secrecy encrypts each web session with an ephemeral key that is discarded once the session is over. A determined adversary could still decrypt past communications, but with Perfect Forward Secrecy the keys for each individual session would have to be cracked to read the sessions’ contents.
Perfect Forward Secrecy was invented more than 20 years ago, and Paul Kocher, a leading cryptographer, put support for Perfect Forward Secrecy into the S.S.L .protocol. But companies have been reluctant to use it because it slows website and browser performance, uses resources and because — until Snowden — most consumers did not even know it existed. Unlike S.S.L. technology, there is no indication to a user that Perfect Forward Secrecy is enabled.
This tougher security is quickly becoming a must-have for Internet companies.
Earlier this week, Marissa Mayer, the chief executive of Yahoo, announced that Yahoo would introduce new security features in 2014. But, on Twitter, some consumers were quick to point out that Perfect Forward Secrecy was conspicuously absent from her blog post.
“With security, there are always the things you know you ought to do,” Mr. Kocher said in an interview. “But it’s not until you have a clear adversary that it’s much easier to justify the resources to go fix the problem.”
At Twitter, Jacob Hoffman-Andrews, a security engineer, had been pushing the company to adopt forward secrecy for some time, but did not get much support for the project until the Snowden leaks.
That showed “there really were organizations out there in the world that were scooping up encrypted data just so they could try to attack it at a large scale,” said Jeff Hodges, another Twitter software engineer. “We were like, oh, we need to actually spend some more time and really do this right.”
Actually installing and turning on the technology took only a few months, once Twitter decided to do it, both men said in an interview. That was in part because Google, an early pioneer in the technology, had worked out many of the kinks in Perfect Forward Secrecy and shared its knowledge with the security community.
Perfect Forward Secrecy does add a slight delay to a user’s initial connection to Twitter — about 150 milliseconds in the United States and up to a second in countries like Brazil that are farther away from Twitter’s servers. But the company said the extra protection was worth the delay.
Twitter said it turned on Perfect Forward Secrecy on Oct. 21, although it refrained from publicizing the change immediately to make sure there were no problems.
Twitter said it hoped that its example would prompt other companies to adopt the technology.
“A lot of services that don’t think they need it actually do,” Mr. Hodges said.

Internet Traffic Following Malicious Detours Via Route Injection Attacks

Attackers are accessing routers running on the border gateway protocol (BGP) and injecting additional hops that redirect large blocks of Internet traffic to locations where it can be monitored and even manipulated before being sent to its intended destination.
Internet intelligence company Renesys has detected close to 1,500 IP address blocks that have been hijacked on more than 60 days this year, a disturbing trend that indicates attackers could finally have an increased interest in weaknesses inherent in core Internet infrastructure.
It is unknown how the attackers are accessing the affected routers, whether they have physical access or whether the router is exposed to the Internet, but that’s the easy part. The route injection is merely a few tweaks to the router’s configuration.
“It’s actually making a BGP-speaking router do exactly what it is intended to do. All you’re doing is changing the configuration on the router,” said Renesys CTO and cofounder Jim Cowie. “A normal border router would have normal configuration entries for all the networks you have access to—all your customers. This just adds extra lines to a configuration. They can announce these routes to my peers and let them know I can reach this even though it’s fiction. As long as you have access to a border router at an important service provider and you’ve chosen the right place to do this, there’s no software [malware] required.”
The hard part is knowing where to insert the route injection attack, Cowie said, adding that some of the victims Renesys has observed—and contacted—include financial services organizations, voice over IP providers, government agencies and other large enterprises. Attacks take place at the level of the BGP route where blocks of IP addresses, in some cases targeting specific organizations, are misdirected.
“On one hand, we’ve seen people hijacking blocks of addresses that belong to DSL pools, groups of customers not very specific somewhere in the country. And we’ve seen networks hijacked that belong to very specific organizations; they’re not a big pool of generic users, but somebody’s business,” Cowie said.
Cowie said the attackers are using the routing system much in the same way a network engineer would.
“There is some sophistication in the choice of place where you inject these routes from,” Cowie said. “You want to be able to evade whatever filters people have in place to prevent the spread of bad routing. And you want to hijack a place that has influential status who are going to propoagate to the people whose traffic you want. Most of sophistication in the attack is in the choice of the point where you actually do route injection.”
The attackers, meanwhile, can pull of this type of redirection and traffic inspection without much in terms of latency to either end of the web request. Also, unlike traditional man-in-the middle attacks where the bad guy is within physical proximity of the victim, here the attacker could just as easily be halfway around the world. And should the traffic in question be unencrypted, plenty of sensitive business or personal data would be at risk.
“[The attacker is] getting one side of conversation only,” Cowie said. “If they were to hijack the addresses belonging to the webserver, you’re seeing users requests—all the pages they want. If they hijack the IP addresses belonging to the desktop, then they’re seeing all the content flowing back from webservers toward those desktops. Hopefully by this point everyone is using encryption.”
Renesys provided two examples of redirection attacks. The first took place every day in February with a new set of victims in the U.S., South Korea, Germany, the Czech Republic, Lithuania, Libya and Iran, being redirected daily to an ISP in Belarus.
“We recorded a significant number of live traces to these hijacked networks while the attack was underway, showing traffic detouring to Belarus before continuing to its originally intended destination,” the company said on its blog. The hop starting in Guadalajara, Mexico and ending in Washington, D.C., included hops through London, Moscow and Minsk before it’s handed off to Belarus, all because of a false route injected at Level3, the ISP formerly known as Global Crossing. The traffic was likely examined and then returned on a “clean path” to its destination—all of this happening in the blink of an eye.
In the second example, a provider in Iceland began announcing routes for 597 IP networks owned by a large U.S. VoIP provider; normally the Icelandic provider Opin Kerfi announces only three IP networks, Renesys said. The company monitored 17 events routing traffic through Iceland.
“We have active measurements that verify that during the period when BGP routes were hijacked in each case, traffic redirection was taking place through Belarusian and Icelandic routers. These facts are not in doubt; they are well-supported by the data,” the blog said. “What’s not known is the exact mechanism, motivation, or actors.”
Since this isn’t a vulnerability that can be patched, mitigations are limited to either cryptographically signing routes, or following a best practice known as BGP 38, where ISPs put filters in place to prevent spoofing and route injection, Cowie said. Both are expensive and may not be economically feasible to ISPs unless all are required to do so. Also, in particular with crypto signing of routes, if the trust is derived from the government or a single organization, they would have control over segments of Internet traffic which could introduce another set of surveillance issues.
“The tempo [of route injection attacks] has picked up over the course of this year, so my guess is this is more common knowledge among groups who can do this,” Cowie said. “It’s hard to say whether it’s one group, or two groups, three groups. Maybe they know each other, we don’t know. It’s really pretty unknowable.”

Twitter switches on ‘forward secrecy’ to protect user privacy

twitter-tech
Twitter has announced new security measures designed to make it impossible for cyber criminals and spy agencies to steal encrypted data on its users.
Twitter said in a blog post that it had enabled ‘forward secrecy’ across all versions of its site in order to make sure huge swathes of data cannot be siphoned off and read, including private direct messages.
“We recently enabled forward secrecy for traffic on twitter.com, api.twitter.com, and mobile.twitter.com. On top of the usual confidentiality and integrity properties of HTTPS, forward secrecy adds a new property,” the firm said.
“If an adversary is currently recording all Twitter users’ encrypted traffic, and they later crack or steal Twitter’s private keys, they should not be able to use those keys to decrypt the recorded traffic.”
It has done this by using a security cipher called EC Diffie-Hellman. This removes the need for an encryption key to be sent between a client and a server as this can be intercepted by a third party and used to unencrypt data.
“The client and server manage to come up with a shared, random session key without ever sending the key across the network, even under encryption,” Twitter explained. “The server’s private key is only used to sign the key exchange, preventing man-in-the-middle attacks.”
The firm called on other web services to follow the implementation of forward secrecy as a vital step to protect online users from criminals and government spies.
“Security is an ever-changing world. Our work on deploying forward secrecy is just the latest way in which Twitter is trying to defend and protect the user’s voice in that world,” it said.
Many technology giants are taking action against government spying in the wake of the PRISM scandal, with Yahoo announcing last week that it would encrypt all traffic being sent to and from its network following claims that traffic from its systems had been monitored by spy agencies.

Racing Post website hit by ‘aggressive’ cyber attack

horserace-darkhorse
Racing Post has revealed that its website was hit by a “sophisticated, sustained and aggressive attack” over the weekend in which one of its databases containing customer information was accessed.
In a post on Racingpost.com the firm admitted that reams of other information could have been accessed. “The information at risk from the database that was compromised will vary in the case of each customer, depending on how much information you gave us when you registered,” it said.
“It includes: usernames, first and last names, encrypted passwords, email and customer addresses and date of birth.”
However, it said no financial information had been compromised during the assault: "Betting through the site with our partner bookmakers has at all times been unaffected as this activity takes place directly with the bookmaker,” it said.
Racing Post is not involved in the process – we hold no details whatsoever in relation to your betting accounts. Customer credit and debit card details are not stored on the site and have therefore not been accessed and are not at risk.”
As a result of the incident customers have been urged to change their passwords on other sites where they use the same login details as on Racingpost.com.
Editor of Racing Post Bruce Millington said the company had halted new registrations as a temporary measure and warned other firms to be on their guard against similar attacks.
"We are extremely sorry that this unfortunate incident has occurred. We believe it may be part of a wider attack on a number of companies. We thank you for your patience and understanding,” he said.
The incident is just the latest cyber security incident to hit a notable brand, with high-street retailer Lakeland also becoming the victim of a sophisticated attack earlier this year. The European Commission admitted earlier this month it is also seeing sustained attacks against its systems.

Twitter ramps up security for users – says its approach should be “the new normal”

Twitter has unveiled a serious security upgrade to protect its users’ data from cyber-snooping – and has said that this approach should be “the new normal for web service owners.”
In a technical blog post which linked to privacy group the Electronic Frontier Foundation’s site, the social network said, “Forward secrecy is just the latest way in which Twitter is trying to defend and protect the user’s voice.”
The new technology makes it more difficult to intercept traffic over a secure HTTPS connection, adding a further layer of protection for users. Perfect Forward Secrecy is explained further in Twitter’s technical post here.
Google, Dropbox, Facebook and Tumblr have all already implemented the technology, which may make it difficult even for state-backed agencies to intercept data, and LinkedIn is understood to be in the process of introducing it, according to The Guardian.
In its blog post, Twitter’s Jacob Hoffman-Andrews wrote, “ If an adversary is currently recording all Twitter users’ encrypted traffic, and they later crack or steal Twitter’s private keys, they should not be able to use those keys to decrypt the recorded traffic.”
The blog post continues, “At the end of the day, we are writing this not just to discuss an interesting piece of technology, but to present what we believe should be the new normal for web service owners. Security is an ever-changing world. Our work on deploying forward secrecy is just the latest way in which Twitter is trying to defend and protect the user’s voice in that world.”
Forbes’ Larry Magid points out that while the encryption may help “protect against snoops”, mentioning the NSA, ‘“Of course, encryption can — at best — only protect you against data that you keep private. Don’t expect any privacy when it comes to your public Tweets now or in the future.
Techdirt says that the detailed post was “clearly not written by a PR person”, and praises the approach – but raises concerns that the encryption used may not actually be as bulletproof as Twitter claims.
ESET Security Researcher Stephen Cobb offers advice for small businesses on encryption and security in the wake of recent revelations about state-sponsored spying in a detailed how-to here.

Popular horse-racing site hit by “aggressive” cyber attack – passwords leaked

A major British horse racing website has been hit by an “aggressive” and “malicious” cyber attack – and user details have leaked, including some passwords which the owners warn “could be deciphered.”
Racing Post warned customers who may have shared the same password across other sites to change those immediately, as a security measure. It’s still not clear how many customers were affected, but The Register reports that customers received an email saying, “Despite our best efforts, the security on racingpost.com has been breached over the last 36 hours, in a sophisticated, sustained and aggressive attack.”
The attack on Racing Post’s servers accessed a database containing customer details. The site offers online gambling (legal in the UK), via a partnership with William Hill and Ladbrokes, and its iPhone app is the most popular free horse-racing app on iTunes, according to the company.
The site said it suspected the breach came as part of a wider attack on a number of websites according to editor, Bruce Millington, speaking to the BBC. “We are extremely sorry that this unfortunate incident has occurred. We believe it may be part of a wider attack on a number of companies. We thank you for your patience and understanding.”
The site reassured customers that credit and debit card details had not been accessed, according to V3, saying “Betting through the site with our partner bookmakers has at all times been unaffected as this activity takes place directly with the bookmaker.”
The site has blocked log-ins as a preventative measure, and said in a statement that it is taking “stringent” measures to ensure the breach is not repeated.
“We have removed the log-in facility from racingpost.com until further notice so all users can access all areas, even if you are not a member,” the site said in a warning on its front page Monday.
The site has a clear, helpful guide for users who fear they may have been affected here – including answers on passwords, and advice for those who may have shared logins across several sites. A We Live Security guide to what to do in the event of a breach can be found here.