Hackers Pay Family’s AT&T Bill, Phish for Celeb Nudies, and Infiltrate the UN World Tourism Organization

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Oregon Man Cops to Phishing for Naked Pics of Celebs

Andrew Helton, 29, admits he misrepresented himself as an Apple and Google employee in fraudulent emails sent to Apple and Gmail account holders to trick hundreds of people into divulging their account passwords.

Helton used the stolen credentials to retrieve data from online accounts, including 161 sexually explicit, nude, or partially nude images of 13 people, some who were unidentified celebrities.

The phishing emails asked victims to verify their accounts by clicking on links that led to what looked like authentic Apple or Google login pages. When targets complied, their passwords were transmitted to Helton, who used them to illegally access account data.

There's no indication any of the images Helton stole were among the hoard of nude pictures of celebrities published on the Internet in 2014. A hacker who took responsibility for that incident said the images came from compromised iCloud accounts belonging to the victims. Apple later said the compromised accounts were the result of a targeted attack on user names, passwords and security questions.

2011 UN Hackers Claim to Have Struck Again

A hacktivist group that lost a member to a drone strike in August 2015 is back at it. TeaMp0isoN says it has defaced, hacked and dumped data from a United Nations World Tourism Organization online forum.

Junaid Hussain (TriCk), a British hacker, ISIS recruiter and former TeaMp0isoN member, was killed by a U.S. drone missile outside of the Syrian city of Raqqa. 

The dump contains 1,524 records with forum member usernames, email addresses and MD5-hashed passwords.

In response to an inquiry from DataBreaches.net as to why and how the hacktivists had targeted the site, TeaMp0isoN member “Jimmy” responded, "We owned the UN back in ’11 only seemed right to fuck with them again."

The forum was compromised by an SQL injection, a hacking technique in which an attacker types malicious commands into a website's user text box, tricking the system into returning other data.

ID Thief Hacks into Family’s Netflix, AT&T Accounts to Pay Their Bills

An Orange County, Florida, family says a hacker breached their phone and Netflix accounts to pay off the family’s bills. The Hennigs discovered the sort of well-meaning hack when AT&T alerted Kathy Hennig she owed $1,300 because the card listed for her account was a stolen credit card.

Kathy learned the same card was being used on her Netflix account when she received an alert indicating the card had expired. When she asked to know the last four digits of the card, Netflix gave her the exact sequence of the stolen card used for the phone account.

Hennig says the only other information she has about what went down is that the two hacked accounts are linked to the same email and the accounts were switched at about the same time.

When Hennig called AT&T to try to clear up the switcheroo, she was banned from using a credit card to pay off her cellphone account ever again.

“It blows my mind," she says. “It makes me look like such a liar because why would someone hack into an account just to get a stranger to pay the bill?"

Jackson State U. Student Dumps Personal Data to Expose School's IT Woes

A Jacksonville State University scholar allegedly hacked into his school's computer system and dumped online personal information of other admitted students and faculty.

According to the website where the data was leaked, the suspected hacker lives in Russia, the VPS is in Bulgaria and the domain is in Switzerland.

The website states it was made to bring awareness to JSU's information security problems.

One day after the school learned of the compromise, a university spokeswoman said the incident was not an outside hacking, but an internal breach of a "peripheral system with limited information."

Students' and faculty members' phone numbers, birth dates, hometowns and their ID photos were published. Those impacted by this security violation include students who have been accepted for admission.

The university is working with state and federal law enforcement officials to have the website removed and to seek prosecution of the offenders.

(Image via Rob Wilson/Shutterstock.com)