iTWire - EXCLUSIVE: Best Western Pwned, new facts emerging

IT&T JOBS|Discussion forum|Releases|Technology Events|IT News for mobile|

Today on iTWire iPhone IT News Telecommunications People Our Blogs Tech Lifestyle Science Pod Casts Sustainability

Live Technology Events - Training - Forums - Summits

Technology news and Jobs

Information Technology News

EXCLUSIVE: Best Western Pwned, new facts emerging

EXCLUSIVE: Best Western Pwned, new facts emerging

E-mail

by Davey Winder
Wednesday, 27 August 2008
Page 2 of 3 This morning I had a telephone conversation with Iain S Bruce, and while some of what was covered must remain off the record, I did discover some shocking facts about the case. First of all Iain explained how the compromised information was being sold on an underground cyber-crime website. These communities form the dark underbelly of the web, and are notoriously hard to penetrate successfully. In many ways they are the criminal equivalent of eBay: it takes a long time to build a reputation as a 'trusted' seller, and once you have become one that valuable reputation is jealously guarded. The person offering the database for sale was one such trusted seller. Importantly, the hacker offering the database for sale stated that it was for the entire European reservation system. The newspaper calculated that this equates to 8 million customers stretching back into last year. Which highlights important question number one: why would a seller with a trusted reputation on an underground cybercrime site risk everything by providing a misleading description? The buyers of this kind of information, at this level, are more likely to be Russian Mafia than Del Boy. Not the kind of people who ask politely for a refund when they get ripped off. OK, so what about the Best Western claims that it had would have "welcomed the opportunity to fact check the story, which would have resulted in more accurate and credible reporting on the part of the newspaper" then? From what I have been told it would appear that Best Western were given every opportunity to refute the claims. Instead, Iain tells me, he has two emails from them. One of these thanks him for the disclosure, and comments from this were published within the story. The other email apparently confirming that the quoted figures were correct. That story, of course, claimed that the hacker had "scooped up the personal details of every single customer that has booked into one of Best Western's 1,312 continental hotels since 2007." Best Western refute that claim, and instead state that "There was one instance of suspicious activity at a single hotel with respect to 13 guests, who are being notified" and also that "Best Western purges all online reservations promptly upon guest departure." What about those screenshots of the compromised database which seem to confirm the Sunday Herald story? Read more on page 3... CONTINUES << First page < 1 2 3 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

...Promote yourself here

Latest jobs

SAP Functional Consultant
Test Manager X 2 (M4)
Technical Support Operator (M16)
Program Director
Technical Writer (Q2)
Senior Project Manager - Construction (M15)
Contracts Manager IT
Senior Project Co-ordinator - $95K (F4)
Test Manager X 2 (M4)
SAP Functional Consultant

Visitors last 30 days
Suscribers

904,266
13,751

#1 independent technology news advertise here

Subscribe to our free e-newsletter

Today on iTWire