German cybercrime forum was hacked by attackers who have exposed the underground dealings of the criminal denizens. The hackers snagged the database containing what appears to be all the private correspondence of the forum members, and posted it to the web.

The hackers also posted information on the IP addresses forum members used when they signed up for membership, noting that most of the administrators and moderators on the site didn’t use a proxy to access it. They also posted usernames, e-mail addresses and some cracked passwords of members, who number 5,000. The data was posted to the RapidShare file-trading site.

The Federal Bureau of Investigation is probing a computer-security breach targeting Citigroup Inc. that resulted in a theft of tens of millions of dollars by computer hackers who appear linked to a Russian cyber gang.

The attack took aim at Citigroup's Citibank subsidiary, which includes its North American retail bank and other businesses. It couldn't be learned whether the thieves gained access to Citibank's systems directly or through third parties.

Ref: http://online.wsj.com/article/SB126145280820801177.html?mod=WSJ_hpp_LEFTWhatsNewsCollection

A BOSTON man appeared in court today charged with trying to download the code of a soon-to-be released video game at a tech convention.

Justin May was attending the March PAX East 2010 in Boston where he allegedly used his laptop to hack into an Xbox 360 Test Kit that was demonstrating a game called "Breach" and downloaded the code.

The game was being shown for the first time at the convention by Atomic Games and is due to be released this summer. It is estimated to be worth $7.1m.

"Breach, and our Hydrogen game engine, are the result of millions of dollars of investment and years of hard work," said Peter Tamte, President of Atomic Games. "It would have been very harmful if Breach had been posted on the internet months before its planned release.”

Justin May faces charges of larceny over $US250 and buying, selling or receiving stolen trade secrets. If convicted, he could face up to five years in prison or a $US25,000 fine for the first charge and up to five years or a $US500 fine and imprisonment of up to two years on the second charge.

Ref: http://www.news.com.au/business/breaking-news/hacker-stole-7m-game-code-at-tech-show/story-e6frfkur-1225868939880

Federal prosecutors have accused Mitchell L Frost was an undergraduate student at the University of Akron of carrying out a series of botnet offenses including attacks that brought down the websites of a number of conservative politicians.

The distributed denial-of-service (DDoS) attacks lasted over a five-day period.

The attacks rendered each website inoperable, at least temporarily, and required intervention and repair by the owners of such sites, causing huge damages or losses.

Frost, who went by the handle "FrostAie," also stands accused of using his botnet to launch a much bigger assault on a University of Akron server that knocked out the college's entire network, depriving "tens of thousands of students, faculty and staff members" of connectivity for more than eight hours. Prosecutors said the attack appeared to be a mistake and that the intended target was an unnamed gaming server that was hosted on the university network. Nevertheless,the outage cost the university more than $10,000.

Prosecutors also accuse Frost of using his botnet to steal credit card information. When agents raided Frost's dorm room they allegedly retrieved almost 3,000 stolen login credentials, and 136 pieces of data for compromising card accounts.

Ref: http://www.theregister.co.uk/2010/05/19/bill_oreilly_ddos_attacks/

Twitter users were hit with what seems to be yet another phishing attack. The latest attack features a message that says "This you????" followed by a link that leads to a fake Twitter log-in page.

If a user provides the log-in credentials, the attackers have control over the user's account and can retweet the phishing message from that account.

Phishing attacks are spreading via direct messages that are widely distributed because of third-party services such as GroupTweet. Compromised accounts are then used to send pharmaceutical spam for herbal Viagra.

Users are recommended not to reuse passwords on different sites. A Twitter phishing attack that steals your log-in credentials can even 
compromise your bank and e-mail accounts if you use the same password on those sites too.

This is a video of how its done.

Ref: http://news.cnet.com/8301-27080_3-10459108-245.html

Ref: http://www.sophos.com/blogs/gc/g/2010/02/24/phishing-attack-hits-twit...