Top Level Attack

  • 4 Replies
  • 3082 Views
*

Offline ipl_001

  • Microsoft® MVP
  • SpywareHammer Staff
  • Silver Member
  • 686
    • ipl's
Top Level Attack
« on: October 20, 2008, 02:29:47 PM »
Hi everyone,

I don't know whether you heard about the news: Nicolas Sarkozy's (president of France) bank account was broken into...

-> FoxNews - http://www.foxnews.com/story/0,2933,440625,00.html
-> cnn - http://www.cnn.com/2008/WORLD/europe/10/19/sarkozy.bank.account.hacked.ap/index.html
-> Telegraph - http://www.telegraph.co.uk/news/3226767/Sarkozy-bank-account-raided-in-internet-scam.html
Quote
A prosecutor from the Paris suburb of Nanterre was investigating the case, along with fraud squad officers, Mr Sarkozy's office confirmed.
So, our President will be aware of some dangers on the Web!  ;D
I guess many French MPs will finally learn a little bit regarding the Internet.
Gérard 2007-2015  Don't give up... that is what they want us to do... Budfred!

*

Offline John B.

  • Visiting Staff
  • Bronze Member
  • 56
Re: Top Level Attack
« Reply #1 on: October 21, 2008, 01:36:04 PM »
Maybe we should send him an e-mail to ask him to post a HJT log here. He could be infected.... ;)

*

Offline AlphaCentauri

  • Anti - Phishing Staff
  • Bronze Member
  • 201
Re: Top Level Attack
« Reply #2 on: October 21, 2008, 06:28:53 PM »
I wasn't so sure that "phishing' was the correct label. That implies he was stupid enough to give his password to a spoofed site.

All I gather is that he noticed money missing from his account.  There could have been a skimmer on an ATM he used, which would then give someone the information they needed to withdraw money from his account. They might have collected the information a long time ago, so that when they started stealing from accounts, no one would know which ATM to suspect.

He could also have a trojan on his computer that is collecting passwords. Something like this
http://forum.sysinternals.com/forum_posts.asp?TID=14844&PN=1
could do a lot of damage even to a relatively web-savvy person.

*

Offline ipl_001

  • Microsoft® MVP
  • SpywareHammer Staff
  • Silver Member
  • 686
    • ipl's
Re: Top Level Attack
« Reply #3 on: October 22, 2008, 05:02:57 PM »
Hi John B., AlphaCentauri , hi everyone,

Well, you could note this was France's President...

When they want, the police can do it... very quickly!

2 guys caught
-> http://www.easybourse.com/bourse-actualite/marches/french-police-arrest-2-over-sarkozy-bank-account-hacking-545749
-> http://www.rfi.fr/actuen/articles/106/article_1925.asp
Quote
This particular issue proves that the "banking system via internet is not infallible," Consumer Affairs Junior Minister Luc Chatel said on Sunday. Chatel said that sanctions towards the bank in question were not being ruled out, if clients' information had been misused.
I think they should come to SWH to take some classes!  :D
-> http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=211300006
-> http://www.itbusinessedge.com/blogs/hdw/?p=3375
Quote
It’s unclear how the attackers were able to access the account. InformationWeek says there are several possibilities, including weak bank security, a leak from within the bank, a phishing attack or malware.

Last month, U.S. Republican vice-presidential candidate and Alaska Gov. Sarah Palin’s e-mail account was hacked.

etc.

Interesting...

-> Palin’s Yahoo Account Hacked ... Yahoo Account?? LOL
-> http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=211300006
Quote
Earlier this year, two State Department contract workers were fired and one was disciplined for accessing the passport files of three presidential candidates at the time, Sens. Hillary Rodham Clinton, John McCain, and Barack Obama.
Gérard 2007-2015  Don't give up... that is what they want us to do... Budfred!

*

Offline AlphaCentauri

  • Anti - Phishing Staff
  • Bronze Member
  • 201
Re: Top Level Attack
« Reply #4 on: October 22, 2008, 06:55:12 PM »
They may have trouble prosecuting that kid that hacked Palin's account. For one thing, she was violating the law by using it for official business -- emails for state business aren't supposed to be on free email accounts where they can just get deleted. Also, the feds had been trying to establish case precedent to say that once someone has read her email but left it in her inbox, it isn't in transit and it isn't saved for archival, so it's not protected by the federal law that covers email privacy, and the feds ought to be able to get it without having a subpoena. They hadn't been able to get a judge to go along with that argument yet, but now it's bitten them on the butt.