Luxottica Retail Company Hacked

Share

The giant of retail merchandise, Luxottica Retail, distributor of brands such as Anne Klein, Bulgari, Chanel and Ralph Lauren has been hacked and information about 59 000 former employees have been stolen from the mainframe[1].

According to Lt. Jeff Braley from the Cyber Crimes Task Force of the Warren County Sheriff, the suspected hacker breached the mainframe without even hiding her IP address. The incredible omission let the police to a woman called Molly Burns, a 30 years old resident of Glendale, Arizona. The Burns’ apartment has been raided this summer during a heroin raid and a unspecified number of computers have been seized by the police.

“You not only see the criminal history this suspect has, but you see the ties that they have and that is much more worrisome,” Braley said.

According to News 5, the arrest record of the suspected hacker includes forgery, theft and drug abuse[2]. Burns is now on the run and three different police departments in Arizona are also looking for her. The FBI will soon take over the case.

No details were given on how the attack was carried on. Any additional information would be appreciated. Luxottica Retail claimed that their systems have been secured since.


[1] “Thousands At Risk After Hacker Breaches Computer Mainframe”,  Eric Flack, WLWT, November 24, 2008, http://www.wlwt.com/news/18055756/detail.html (accessed on November 25, 2008)

[2] Ibid.

How do Spammers Make Money?

Share

A very interesting article on the BBC discussed on how to spammers actually earn money with their system.

Many of us might have asked themselves the question on “why do spammers still sends their e-mails?”, or “how to they make money?” After all, most of computer users know about spam by now. Well it appears that even if spammers gets only one answer for 12.5 million e-mail sent[1], that’s all they need to make the big bucks. That’s what a team from the International Computer Science Institute found out in their paper “Spamalytics: An Empirical Analysis of Spam Marketing Conversion“.

The researchers hijacked a part of the Storm botnet, which used to be one of the biggest botnet around, and rewrote a part of the command and control module of the bot. In order to measure the success of the spam campaign, the team set up two websites, one being a fake Canadian pharmacy and another was postcard website, used to make the user download malware.

Overall, the computer scientists spawn 8 proxies and 75 869 worker bots[2]. They sent 469 million of spam emails, trying to convince the recipients to buy products from the fake online pharmacy. They also made sure to distinguish the visitors on their website by identifying crawlers and honey clients from genuine clients.

From the 350 million spams sent for the pharmacy website, for a period of 26 days, only 28 people went to visit the purchase page of the fake website[3].

Location of the victims that visited the postcard website (white/gray dots) and the 28 victims that went to the purchase page of the pharmacy.

According to the report:

Under the assumption that our measurements are representative over time (an admittedly dangerous assumption when dealing with such small samples), we can extrapolate that, were it sent continuously at the same rate, Storm-generated pharmaceutical spam would produce roughly 3.5 million dollars of revenue in a year. This number could be even higher if spam-advertised pharmacies experience repeat business. A bit less than “millions of dollars every day”, but certainly a healthy enterprise[5].

The report can be found here.


[1] “Study shows how spammers cash in”, BBC News, November 10, 2008, http://news.bbc.co.uk/2/hi/technology/7719281.stm (accessed on November 10, 2008)

[2]Spamalytics: An Empirical Analysis of Spam Marketing Conversion“, Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Geoffrey M. Voelker, Vern Paxson, Stefan Savage, International Computer Science Institute, 2008, p.6

[3] Ibid. p.11

[4] Ibid. p.9

[5] Ibid. p.11