On Q Professional Investigations

Hackers quietly broke into eBay two months ago and stole a database full of user information, the online auction site revealed Wednesday.

Criminals now have possession of eBay (EBAY, Fortune 500) customer names, account passwords, email addresses, physical addresses, phone numbers and birth dates.

The company said the passwords were encrypted and are virtually impossible to be deciphered. Still, as a precaution, eBay is asking everyone to reset their passwords late Wednesday.

The company isn’t saying how many of its 148 million active accounts were affected — or even how many customers had information stored in that database.

But an eBay spokeswoman said the hack impacted “a large number of accounts.”

EBay’s subsidiary, PayPal, said it was untouched by the data breach. PayPal data, which is sensitive because it includes payment information, is kept on a separate network.

To hack into the eBay database, the cyber attackers managed to get their hands on “a small number” of eBay employee log-in credentials, the company said. They then used that to worm their way into eBay’s corporate network. The hackers grabbed the customer database between late February and early March.

It wasn’t until two weeks ago that eBay discovered employee credentials had been stolen, the company said. The company then conducted a forensic investigation of its computers and found the extent of the theft.

The company said it hasn’t spotted any increase in fraudulent activity on eBay yet.

The good news for eBay customers is that the passwords were encrypted with a technique known as hashing, which turns text into irreversible jumbled code. And they were “salted” with an added random digit or two. Also, eBay’s password requirements are ranked slightly better than average by password manager Dashlane. That’ll make them even harder to decrypt.

But that’s not the point. The real danger here is in the fallout of such a major data breach. Hackers now know where you live. They can call you. Expect to receive fake deals and offers. Beware of getting duped into revealing even more sensitive information, like your bank details or Social Security number.

View Source

The operator at the office supply store call center answers the phone, and the person on the other end claims to be a school purchasing officer with questions about his account. But the caller is actually a criminal, and the information the operator may unwittingly divulge could cost the retailer hundreds of thousands of dollars.

It’s called the school impersonation scheme, and it has been carried out in nine states across the country—mostly by Nigerian criminal groups using the Internet and social engineering techniques.

“Most retailers have been pretty good about catching the scam,” said Special Agent Alla Lipetsker, “but it’s an alarming trend, and the fraudsters have had success.”

Here’s how the scam works:

A member of the criminal group poses as a school official on the telephone or by e-mail and uses social engineering—actions that deceive individuals into revealing otherwise secure information—to learn about a school’s purchasing account with large office supply stores.

Using account information obtained from the original call—and sometimes the school’s website—the fraudster makes a second call and bills the school’s line of credit for a large order of laptops, hard drives, printer ink, and other items that can total more than $200,000.

A U.S. shipping address is provided belonging to a third-party—someone who has been fooled into thinking they are working from home, for example, but is another victim of the group’s social engineering tactics (see sidebar). The purchase will later be re-shipped to Nigeria. In some cases, the order is directed to the actual school, whereupon the scammer—posing as a representative of the retail store—contacts the school and says the shipment was sent in error. The school, believing it is returning the order to the store, reships the items to a domestic address provided by the fraudster.

Either way, once the fraud is discovered, it’s too late, and the retailer absorbs the loss.

Those who perpetrate school impersonation schemes are members of an African Cyber Criminal Enterprise (ACCE), said Lipetsker, who has been investigating these groups for the past year as part of a new initiative in our Criminal Investigative Division.

ACCE refers to a network of predominantly Nigerian criminal actors who are engaged in computer-assisted frauds. The schemes are heavy on deception instead of hard-core intrusions, Lipetsker said. “The Africans don’t do a lot of hacking,” she explained. “They deceive their targets through phishing schemes and social engineering.”

Read More

CINCINNATI, OH (FOX19) - Heather Schreck was asleep around midnight in her Hebron home when a voice startled her.

“All of a sudden, I heard what sounded like a man’s voice but I was asleep so I wasn’t sure,” Heather said.

Disoriented and confused, Heather picked up her cell phone to check the camera in her 10-month-old daughter Emma’s room. The camera was moving, but she wasn’t moving it.

“About the time I saw it moving, I also heard a voice again start screaming at my daughter. He was screaming, ‘Wake up baby. Wake up baby.’ Then just screaming at her trying to wake her up.”

That’s when Heather’s husband, Adam, ran into Emma’s room. Adam said the camera then turned from his petrified daughter to point directly at him.

“Then it screamed at me,” Adam said. “Some bad things, some obscenities. So I unplugged the camera.”

But the Schrecks were only beginning to plug into the truth of what had just happened.

“Someone had hacked in from outside,” Heather said.

So how many other times had someone hacked into their camera and watched their baby through their Foscam IP Camera.

“You do kind of feel violated in a way,” Adam said.

According to tech experts, wireless IP cameras like the one the Shrieks have are an easy way for hackers to open a cyber door directly into your home.

“Any kind of Internet-connected device essentially could be subjected to this,” said Dave Hatter, a solutions expert for Infinity Partners.

And experts say once they get inside the camera in your home, hackers may also be able to get inside your lives.

“It’s not just that they want to get in and mess with your camera. More sophisticated hackers know they can use this as a launching off point to get into your network and potentially steal your ID or use your network to launch malicious attacks against someone else,” Hatter said.

Read More

Crashing websites and overwhelming data centres, a new generation of cyber attacks is costing millions and straining the structure of the Internet.

While some attackers are diehard activists, criminal gangs or nation states looking for a covert way to hit enemies, others are just teenage hackers looking for kicks.

Distributed Denial of Service (DDoS) attacks have always been among the most common on the Internet, using hijacked and virus-infected computers to target websites until they can no longer cope with the scale of data requested, but recent weeks have seen a string of particularly serious attacks.

On Feb. 10, internet security firm Cloudflare says it protected one of its customers from what might be the largest DDoS documented so far.

At its height, the near 400 gigabyte per second (gbps) assault was about 30 percent larger than the largest attack documented in 2013, an attempt to knock down antispam website Spamhaus, which is also protected by Cloudflare.

The following day, a DDoS attack on virtual currency Bitcoin briefly took down its ability to process payments.

On Feb. 20, Internet registration firm Namecheap said it was temporarily overwhelmed by a simultaneous attack on 300 of the websites it registers, and bit.ly, which creates shortened addresses for websites like Twitter, says it was also knocked out briefly in February.

In a dramatic case of extortion, social networking site Meetup.com said on Monday it was fighting a sustained battle against hackers who brought down the site for several days and were demanding $300 to stop. It would not pay, Meetup CEO Scott Heiferman told Reuters.

DDoS attacks were at the heart of attacks blamed on Russian hackers against Estonia in 2007 and Georgia during its brief war with Russia in 2008. It is unclear if they played a role in the current stand-off between Moscow and Ukraine in which communications were disrupted and at least one major government website knocked out for up to 72 hours.

A report this month by security firm Prolexic said attacks were up 32 percent in 2013, and a December study by the cyber-security-focused Ponemon Institute showed them now responsible for 18 percent of outages at U.S.-based data centres From just 2 percent in 2010.

The average cost of a single outage was $630,000, it said.

“It’s really a game of cat and mouse,” said Jag Bains, chief technology officer of Seattle-based DOSarrest, a firm that helps government and private-sector clients protect their sites.

“I’d like to say we are ahead, but I just don’t think it’s true.”

As well as growing in volume, he said attacks were becoming much more sophisticated in targeting the most vulnerable parts of websites, making even a small attack much more effective.

The aims of attackers include extortion, political activism, providing distraction from data theft and, for “hobbyist” hackers, just testing and showcasing their skills, security experts say.

Other victims in recent months have included the Federal Bureau of Investigation, Royal Bank of Scotland and several major U.S. banks, which analysts believe were targeted by Iran in response to sanctions. Iran denies the charge.

HIJACKING PRINTERS, SMARTPHONES

Many attacks, however, appear to be homegrown. The most popular point of origin for DDoS attacks in the last three months of 2013, Prolexic said, appeared to be the United States, followed by China, Thailand, Britain and South Korea.

As well as hijacking computers, Prolexic said attackers are increasingly targeting smartphones, particularly those using Google’s Android operating system, which by the third quarter of 2013 accounted for more than 80 percent of new phones.

Even wireless printers, experts say, have sometimes been co-opted into attacks, packed together in botnet groups. That, they warn, can put previously unprecedented cyber firepower in the hands of relatively unskilled hackers, who increasingly include teenagers.

Last year, British police arrested a 16-year-old as part of their investigations into the attack on Spamhaus, while German police arrested an 18-year-old after a DDoS attack paralysed the Saxony government website.

DDoSarrest says some of the most recent attacks it has dealt with were on U.S. universities and largely blamed on students showing off or protesting against high tuition fees.

The sheer volume of attacks means many perpetrators are never traced, and some computer security experts complain law-enforcement authorities remain reluctant to prosecute the youngest offenders.

Until recently, DDoS attacks were seen less of a threat than attempts to steal customer data or intellectual property. That, however, is changing fast.

SLOWING THE INTERNET

Last year’s Spamhaus attack was described by some as slowing the entire global Internet, and most experts agree the largest attacks can slow access across entire regions. Cloudflare says there were anecdotal reports of slowness in Europe during the latest attack.

Crashing data centres can wreak havoc with other services based there, including phone systems and vital industrial facilities.

The Ponemon report showed DDoS attacks are now the third largest cause of outages after power system failure and human error, outstripping traditional causes such as weather events.

Even if attacks do not succeed, the cost of mitigating them is rising fast, providing many millions of dollars of business for firms such as Cloudflare and Prolexic, taken over last month by Akamai Technologies for about $370 million.

Namecheap, which aims to offer cut-price hosting for websites, said it had already spread its data centres across five countries and three continents to better handle constant attacks but was still overwhelmed by the roughly 100 Gbps incident.

Attacks on that scale, Prolexic says, now occur several times a month and are now frequently so complex and fast moving that automated systems can no longer tackle them.

Prolexic itself runs a permanently manned operation centre at its headquarters in Florida, allowing it to keep one step ahead and instantly move material between data centres.

“It’s very hard to know what to do,” said Alexander Klimburg, a cyber security expert at the Austrian Institute for International Affairs currently on exchange at Harvard Kennedy School of Government. “The tools to do this can be purchased online incredibly cheaply, while the damage they can do and the cost of mitigating it is exponentially higher.

View Source

In a response to a few recent incidents in the community, Northbrook police are warning residents of scammers who have become more technologically savvy and harder to track.

“They are able to use the web now to choose their victims,” said Scott Dunham, deputy chief of Northbrook’s police department, speaking at a Board of Trustees meeting on Tuesday. “Social networking sites are proving to be a fertile ground for them.”

On Feb. 16 and Feb. 17, two Northbrook residents, one on the 1000 block of Springhill Drive and one on the 3100 block of River Falls, reported receiving calls from a person pretending to be their grandson and requesting money, authorities said. Neither resident fell for the scam.

Over the past two years, Northbrook has seen a total of 18 similar incidents, according to Daniel Petka, a spokesman for the Northbrook Police Department.

In three incidents out of 18, the victims actually transferred money to the scammers, he said.

“The important thing is to be more inquisitive,” Petka said, adding that the scammers usually tend to call early morning or during the night, trying to catch the victims at their most vulnerable time.

Scammers can mine social media sites to determine whether their victims have any family members and then impersonate them over the phone, asking for money, according to officials.

“It’s come to a point now that we believe (criminals) are actually trading roster lists of people they have successfully scammed so they can follow up with another one,” Dunham said.

Northbrook Village President Sandra Frum asked whether police are able to correlate some burglaries with residents posting information about their vacations on the social media.

Dunham said while it’s hard to make those connections, the police consistently warn people about posting sensitive information, such as travel schedules, online.

Northbrook officials said they would release in an upcoming village newsletter more information on how to avoid becoming a victim of a phone scam.

Dunham said residents should make sure their online profiles have privacy restrictions.

In general, Dunham said, residents should limit broadcasting sensitive information through the social media.

“You shouldn’t be releasing something you’d be uncomfortable with placing on a billboard on Michigan Avenue,” Dunham said.

View Source

SAN FRANCISCO (AP) — Legislation unveiled Friday in California would require smartphones and other mobile devices to have a “kill switch” to render them inoperable if lost or stolen — a move that could be the first of its kind in the country.

State Sen. Mark Leno, San Francisco District Attorney George Gascon, and other elected and law enforcement officials said the bill, if passed, would require mobile devices sold in or shipped to California to have the anti-theft devices starting next year.

Leno and Assemblywoman Nancy Skinner, both Democrats, co-authored the bill to be introduced this spring. They joined Gascon, New York Attorney General Eric Schneiderman and other authorities who have been demanding that manufacturers create kill switches to combat surging smartphone theft across the country.

Leno called on the wireless industry to step up as smartphone robberies have surged to an all-time high in California.

“They have a choice. They can either be a part of the problem or part of the solution, especially when there is one readily available,” Leno said.

Leno and Gascon said they believe the bill would be the first of its kind in the U.S. Gascon and Schneiderman have given manufacturers a June 2014 deadline to come up with solutions to curb the theft of smartphones.

CTIA-The Wireless Association, a trade group for wireless providers, says a permanent kill switch has serious risks, including potential vulnerability to hackers who could disable mobile devices and lock out not only individuals’ phones but also phones used by entities such as the Department of Defense, Homeland Security and law enforcement.

The association has been working on a national stolen phone database that launched in November to remove any market for stolen smartphones.

“These 3G and 4G/LTE databases, which blacklist stolen phones and prevent them from being reactivated, are part of the solution,” Michael Altschul, CTIA’s senior vice president and general counsel, said in a statement. “Yet we need more international carriers and countries to participate to help remove the aftermarket abroad for these trafficked devices.”

Almost one in three U.S. robberies involve phone theft, according to the Federal Communications Commission. Lost and stolen mobile devices — mostly smartphones — cost consumers more than $30 billion in 2012, the agency said in a study.

In San Francisco alone, about 60 percent of all robberies involve the theft of a mobile device, Police Chief Greg Suhr said. In nearby Oakland, such thefts amount to about 75 percent of robberies, Mayor Jean Quan added.

“We’re in California, the technological hub of the world,” Suhr said. “I can’t imagine someone would vote against” the proposed kill switch law.

Gascon said the industry makes an estimated $7.8 billion selling theft and loss insurance on mobile devices but must take action to end the victimization of its customers.

“This is one of the areas in the criminal justice system where a technological solution can make a tremendous difference, so there’s absolutely no argument other than profit,” Gascon said.

In 2013, about 136 million smartphones were sold in the U.S., according to International Data Corp., a Massachusetts-based researcher. More than 1 billion smartphones were sold worldwide last year, accounting for $330 billion in sales, IDC said. That’s up from 725 million in 2012.

Last year, Samsung Electronics, the world’s largest mobile phone manufacturer, proposed installing a kill switch in its devices. But the company told Gascon’s office the biggest U.S. carriers rejected the idea.

A Samsung statement issued Friday said the company doesn’t think legislation is necessary and it would keep working with Gascon, other officials and its wireless carrier partners to stop smartphone theft.

Apple Inc., the maker of the popular iPhone, said the “Activation Lock” feature of its iOS 7 software released in the fall is designed to prevent thieves from turning off the Find My iPhone application, which allows owners to track their phone on a map, delete its data, and remotely lock the device so it cannot be reactivated.

“This can help you keep your device secure, even if it is in the wrong hands, and can improve your chances of recovering it,” Apple spokeswoman Trudy Muller said Friday without commenting specifically about the proposed legislation.

Gascon has praised Apple for its effort but reiterated Friday that it is still too early to tell how effective its solution will be.

View Source

Several million Snapchat usernames and phone numbers were apparently leaked online late Dec., 31, 2013. Several outlets reported that 4.6 million usernames and phone numbers were posted as a downloadable database by hackers, but the site where the database was posted appeared to be down on Wednesday morning, USA Today reports.

Days prior, Snapchat – a popular messaging app that lets users send each other photos that quickly disappear – warned users of this potential scenario in a blog post, saying a security group had alerted it about a potential vulnerability “by which one could compile a database of Snapchat usernames and phone numbers.” The company said that it had implemented safeguards making an exploit “more difficult to do.”

The data gleaned from Snapchat could be very valuable, as phone numbers and corresponding names and other records could be used at call centers, or for social-engineering attacks and identity fraud.

According to Roger Thompson, chief emerging threat researcher at ICSA Labs, a vendor-neutral testing and certification firm, “Security and functionality tend to exist in an inverse relationship – the more functional you make a system, the less secure it tends to be. Web-based systems like Snapchat are built for functionality, so we should not be surprised that hackers found a vulnerability in a new, highly-functional system. The hole will be patched, and hackers will look for new ones. It’s almost a cost of doing business. The moral of the story is that we have to be thoughtful about what information we put online, because it might just leak, and we should only use one password per website. Password re-use is your enemy.”

Meanwhile, the official blog and social networking accounts for Microsoft’s Web calling service Skype appear to have been breached – a post published Wednesday on the official Skype blog featured the headline: “Hacked by Syrian Electronic Army.. Stop Spying!” A pair of tweets attributed to the SEA were then posted on Skype’s official Twitter account, and Skype’s Facebook page hosted a message accusing Microsoft of monitoring email accounts (Hotmail, Outlook) and selling the information to government sources.

Skype has reported that no user information was compromised.

View Source

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

Many users assume — or have been assured by Internet companies — that their data is safe from prying eyes, including those of the government, and the N.S.A. wants to keep it that way. The agency treats its recent successes in deciphering protected information as among its most closely guarded secrets, restricted to those cleared for a highly classified program code-named Bullrun, according to the documents, provided by Edward J. Snowden, the former N.S.A. contractor.

Beginning in 2000, as encryption tools were gradually blanketing the Web, the N.S.A. invested billions of dollars in a clandestine campaign to preserve its ability to eavesdrop. Having lost a public battle in the 1990s to insert its own “back door” in all encryption, it set out to accomplish the same goal by stealth.

The agency, according to the documents and interviews with industry officials, deployed custom-built, superfast computers to break codes, and began collaborating with technology companies in the United States and abroad to build entry points into their products. The documents do not identify which companies have participated.

The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.

“For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

When the British analysts, who often work side by side with N.S.A. officers, were first told about the program, another memo said, “those not already briefed were gobsmacked!”

An intelligence budget document makes clear that the effort is still going strong. “We are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit Internet traffic,” the director of national intelligence, James R. Clapper Jr., wrote in his budget request for the current year.

In recent months, the documents disclosed by Mr. Snowden have described the N.S.A.’s reach in scooping up vast amounts of communications around the world. The encryption documents now show, in striking detail, how the agency works to ensure that it is actually able to read the information it collects.

The agency’s success in defeating many of the privacy protections offered by encryption does not change the rules that prohibit the deliberate targeting of Americans’ e-mails or phone calls without a warrant. But it shows that the agency, which was sharply rebuked by a federal judge in 2011 for violating the rules and misleading the Foreign Intelligence Surveillance Court, cannot necessarily be restrained by privacy technology. N.S.A. rules permit the agency to store any encrypted communication, domestic or foreign, for as long as the agency is trying to decrypt it or analyze its technical features.

The N.S.A., which has specialized in code-breaking since its creation in 1952, sees that task as essential to its mission. If it cannot decipher the messages of terrorists, foreign spies and other adversaries, the United States will be at serious risk, agency officials say.

Just in recent weeks, the Obama administration has called on the intelligence agencies for details of communications by leaders of Al Qaeda about a terrorist plot and of Syrian officials’ messages about the chemical weapons attack outside Damascus. If such communications can be hidden by unbreakable encryption, N.S.A. officials say, the agency cannot do its work.

Read More

A company that markets video cameras designed to allow consumers to monitor their homes remotely has settled Federal Trade Commission charges that its lax security practices exposed the private lives of hundreds of consumers to public viewing on the Internet. This is the agency’s first action against a marketer of an everyday product with interconnectivity to the Internet and other mobile devices – commonly referred to as the “Internet of Things.”

The FTC’s complaint alleges that TRENDnet marketed its SecurView cameras for purposes ranging from home security to baby monitoring, and claimed in numerous product descriptions that they were “secure.” In fact, the cameras had faulty software that left them open to online viewing, and in some instances listening, by anyone with the cameras’ Internet address.

“The Internet of Things holds great promise for innovative consumer products and services. But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet,” said FTC Chairwoman Edith Ramirez.

In its complaint, the FTC alleges that, from at least April 2010, TRENDnet failed to use reasonable security to design and test its software, including a setting for the cameras’ password requirement. As a result of this failure, hundreds of consumers’ private camera feeds were made public on the Internet.

“…hackers posted links to the live feeds of nearly 700 of the cameras. The feeds displayed babies asleep in their cribs, young children playing, and adults going about their daily lives.”

According to the complaint, in January 2012, a hacker exploited this flaw and made it public, and, eventually, hackers posted links to the live feeds of nearly 700 of the cameras. The feeds displayed babies asleep in their cribs, young children playing, and adults going about their daily lives. Once TRENDnet learned of this flaw, it uploaded a software patch to its website and sought to alert its customers of the need to visit the website to update their cameras.

The FTC also alleged that, from at least April 2010, TRENDnet transmitted user login credentials in clear, readable text over the Internet, even though free software was available to secure such transmissions. In addition, the FTC alleged that TRENDnet’s mobile applications for the cameras stored consumers’ login information in clear, readable text on their mobile devices.

Under the terms of its settlement with the Commission, TRENDnet is prohibited from misrepresenting the security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or other devices transmit. In addition, the company is barred from misrepresenting the extent to which a consumer can control the security of information the cameras or other devices store, capture, access, or transmit.

In addition, TRENDnet is required to establish a comprehensive information security program designed to address security risks that could result in unauthorized access to or use of the company’s devices, and to protect the security, confidentiality, and integrity of information that is stored, captured, accessed, or transmitted by its devices. The company also is required to obtain third-party assessments of its security programs every two years for the next 20 years.

The settlement also requires TRENDnet to notify customers about the security issues with the cameras and the availability of the software update to correct them, and to provide customers with free technical support for the next two years to assist them in updating or uninstalling their cameras.

View Source

The New York Times is working to make its website available again for all readers after it was disrupted by a group calling itself the Syrian Electronic Army in an exploit that also affected Twitter Inc.

The group disrupted traffic to the websites by hacking yesterday into registration-services provider Melbourne IT Ltd. (MLB), which handles the online addresses of nytimes.com and twitter.co.uk, according to Tony Smith, a spokesman for the Melbourne-based company. The Times instructed readers who can’t access its home page to go to an alternate site.

Some users initially reported being redirected to the Syrian group’s sites. Many were simply unable to access the pages at all. The Syrian Electronic Army, which backs the country’s president, Bashar al-Assad, has also claimed responsibility for hacking the Washington Post this month and the Financial Times in early May, redirecting readers to its own websites and videos.

“The credentials of a Melbourne IT reseller (username and password) were used to access a reseller account on Melbourne IT’s systems,” Smith wrote in an e-mail. He said the login information was obtained through phishing, a technique used to obtain private data by imitating legitimate websites.

It may take time before all users can get normal access to the newspaper’s site, Smith said. Times employees have been instructed to use caution when sending sensitive e-mails, the newspaper said.

Caching Quirk

A quirk in the way that domain information is updated across the Internet has meant that the Times website is still inaccessible to many users today even though the site is functioning normally. Many corporations and browsers on personal computers cache domain data for 24 hours to speed up connections, preventing access to the news site until those caches are cleared.

On its website, Twitter said its domain registration provider “experienced an issue in which it appears DNS records for various organizations were modified,” including the twimg.com domain it uses to host images. The original domain record for that site has since been restored, and no user information was affected, it said. While Twitter’s site operated normally, twitter.co.uk was inaccessible for some users.

The Huffington Post, owned by AOL Inc. (AOL), also experienced a hack attempt and “minimal disruption of service,” said Rhoades Alderson, a spokesman for the online publisher. The site was working normally today, he said.

AP Hack

Unidentified hackers hijacked the Associated Press Twitter account in April, sending stock markets down 1 percent in a matter of seconds by posting a false claim of an attack on the White House. The fake message — saying that President Barack Obama had been injured after his residence was bombed — followed repeated attempts by hackers to gain access to AP reporters’ passwords, the news agency said in a report. While the Syrian Electronic Army claimed responsibility for the intrusion, that couldn’t be confirmed, the AP said.

The Times has been increasingly focusing on its website for growth as the industry reels from a print-advertising slump. Digital subscribers to the Times and its international edition increased 35 percent to 699,000 at the end of the last quarter. The company averaged about 14 new paying online readers every hour from the beginning of January to the end of June.

On Aug. 14, the newspaper’s website and e-mail systems crashed for more than two hours because of an internal malfunction with its servers.

New York Times Co. dropped 1.4 percent to $11.42 at 12:52 p.m. in New York. The shares had gained 36 percent this year through yesterday.

View Source