News in brief: DDoS threat spam; Army logic bomber; Viacom leak

Phantom Squad’s DDoS threat spam

A DDoS extortion gang calling itself Phantom Squad has hit companies around the world with a spam campaign that demands they pay a ransom or suffer DDoS attacks.

Security researcher Derrick Farmer discovered the spam campaign and told BleepingComputer that the threats started 19 September and haven’t stopped. The publication reported:

The emails contain a simple threat, telling companies to pay 0.2 Bitcoin (~$720) or prepare to have their website taken down on Sept. 30. Usually, these email threats are sent to a small number of companies one at a time, in order for extortionists to carry out attacks if customers do not pay. This time, this group appears to have sent the emails in a shotgun approach to multiple recipients at the same time, a-la classic spam campaigns distributing other forms of malware.

Those who receive the emails are advised to contact their local authorities and not cave in to ransom demands.

Admin plants “logic bomb” in Army computer

The Ledger-Inquirer reports that 48-year-old Mittesh Das has been convicted of planting destructive code in a U.S. Army computer program nearly three years ago.

Das, a contractor, was responsible for a system that handled “pay and other data” for 200,000 reservists. Das reacted to the Army’s decision to switch to a different supplier by planting a “logic bomb” that detonated the day the new company began administering the system.

The paper quotes Director Daniel Andrews of the Computer Crime Investigative Unit for the U.S. Army Criminal Investigation Command:

Let this be a warning to anyone who thinks they can commit a crime in cyberspace and not get caught. We have highly trained and specialized investigators who will work around the clock to uncover the truth and preserve Army readiness.

Removing the malicious code and recovering lost data cost taxpayers more than $2.5 million.

Viacom data leak

Entertainment giant Viacom exposed “the keys to its kingdom” on an unsecured server, according to Hacker News.

A security researcher found a misconfigured Amazon S3 bucket (a type of cloud storage) with a gigabyte’s worth of credentials and configuration files for dozens of Viacom properties.

From Hacker News:

Among the data exposed in the leak was Viacom’s master key to its Amazon Web Services account, and the credentials required to build and maintain Viacom servers … the unprotected server also contained GPG decryption keys [but] did not contain any customer or employee information.

As damaging as that sounds, Viacom insists that no harm was done. It said in a statement:

We have analyzed the data in question and determined there was no material impact. Once Viacom became aware that information on a server—including technical information, but no employee or customer information—was publicly accessible, we rectified the issue.

Catch up with all of today’s stories on Naked Security