YOUR IT - Technology for you

No. 1 Story

Telstra adds one million mobile services, but Sensis plummets

Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

EXCLUSIVE: Best Western Pwned, new facts emerging

Davey Winder
Tuesday, 26 August 2008 19:33

Your IT - Home IT

Page 2 of 3
This morning I had a telephone conversation with Iain S Bruce, and while some of what was covered must remain off the record, I did discover some shocking facts about the case.

Microsoft Office 365 Get your free Trial
First of all Iain explained how the compromised information was being sold on an underground cyber-crime website. These communities form the dark underbelly of the web, and are notoriously hard to penetrate successfully.

In many ways they are the criminal equivalent of eBay: it takes a long time to build a reputation as a 'trusted' seller, and once you have become one that valuable reputation is jealously guarded. The person offering the database for sale was one such trusted seller.

Importantly, the hacker offering the database for sale stated that it was for the entire European reservation system. The newspaper calculated that this equates to 8 million customers stretching back into last year.

Which highlights important question number one: why would a seller with a trusted reputation on an underground cybercrime site risk everything by providing a misleading description?

The buyers of this kind of information, at this level, are more likely to be Russian Mafia than Del Boy. Not the kind of people who ask politely for a refund when they get ripped off.

OK, so what about the Best Western claims that it had would have "welcomed the opportunity to fact check the story, which would have resulted in more accurate and credible reporting on the part of the newspaper" then?

From what I have been told it would appear that Best Western were given every opportunity to refute the claims. Instead, Iain tells me, he has two emails from them.

One of these thanks him for the disclosure, and comments from this were published within the story. The other email apparently confirming that the quoted figures were correct.

That story, of course, claimed that the hacker had "scooped up the personal details of every single customer that has booked into one of Best Western's 1,312 continental hotels since 2007."

Best Western refute that claim, and instead state that "There was one instance of suspicious activity at a single hotel with respect to 13 guests, who are being notified" and also that "Best Western purges all online reservations promptly upon guest departure."

What about those screenshots of the compromised database which seem to confirm the Sunday Herald story? Read more on page 3...

CONTINUES


Start 1 2 3 Next 

Sponsored Announcements

Websense #1 in Web Security Fourth Year in a Row

David Bass | For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases