Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kinko's Spy Case Illustrates Public Terminal Risk

Posted by CowboyNeal on from the virtual-identity-theft dept.

tealwarrior writes "CNN reports in this story that a hacker by the name of Jiang was charged with installing keystroke loggers to record passwords in 14 differnet kinkos in New York. These were then used to open bank accounts online. The article mentions Jiang signing people up for accounts with GoToMyPC then then using their own machine to open bank accounts. Also mentioned are similar schemes perpetrated at Boston College." Be careful out there, folks. Sometimes there's even sneakier things than just stealing one's cookies.

17 of 383 comments (clear)

  1. Funny thing, the name... by jkrise · · Score: 3, Funny

    Sometime back, Passport passwords were hacked: Muhammed from Pakistan.

    Adobe's eBook reader was cracked : Skylarov.

    and now, Jiang.

    Why isn't it Rob or Pete or Chris, ever??

    -

    --
    If you keep throwing chairs, one day you'll break windows....
    1. Re:Funny thing, the name... by Anonymous Coward · · Score: 1, Funny

      Outsourcing. Plan and simple.
      Or perhaps it's an attack on the US by people who don't love freedom :)-

    2. Re:Funny thing, the name... by mirko · · Score: 2, Funny

      Or perhaps it's an attack on the US by people who don't love freedom :)-

      Do you mean "whatever formerly related to the France" ? ;-)

      --
      Trolling using another account since 2005.
    3. Re:Funny thing, the name... by digidave · · Score: 2, Funny

      They seem to be smart enough to avoid you.

      --
      The global economy is a great thing until you feel it locally.
  2. Re:Clarification Please! by ergonal · · Score: 1, Funny

    Whatever it is, it sounds kinky. I need to visit the US more often.

  3. Re:Out-of-order username & password entry by lewiz · · Score: 2, Funny

    I bet they're after you aren't they?

  4. Re:Clarification Please! by rat7307 · · Score: 2, Funny

    That's what I thought too... they used a lowecase k so I was thinking kinko=pervert or something..

    Jiang was charged with installing keystroke loggers to record passwords in 14 differnet kinkos in New York.

    Make that statement seem so much worse if you saw it like I did.... :]

    --
    Burma?
  5. Whoa! Hold on a minute! by Exiler · · Score: 1, Funny

    You mean my COOKIES are in danger? That's it, I'm buying a gun and never leaving the house.

    --
    Banaaaana!
  6. Re:is this viable for a class-action lawsuit? by Anonymous Coward · · Score: 3, Funny

    yep, you went to the hacked store. Jiang says your password was "lutefisk" but fortunately you only used it to access nude pictures Cowboy Neal.

  7. Re:Stupid users, Stupid Kinkos by sevensharpnine · · Score: 1, Funny

    I've found all sorts of stuff including insurance letters complete with SSNs, addresses, etc.

    If those addresses are valuable to you, I could probably sell you a book or two full of them. I'll even throw in the phone numbers for free!

    --
    "God is a comedian playing to an audience too afraid to laugh." -Voltaire
  8. Re:Magic Lantern by Anonymous Coward · · Score: 2, Funny

    They could keep the log in RAM and then as long as the computer didn't crash but instead shut down normally, flush the buffer to dis.... ...oh it's a windows app hey. damn. kills that idea.

  9. we can be reassured.... by lfourrier · · Score: 3, Funny
    Kinko's spokeswoman Maggie Thill said the company takes security seriously and believes it has "succeeded in making a similar attack extremely difficult in the future." She would not provide details, saying that to do so could make systems less secure .

    They obviously really understand security...

    note (for the humour-impaired) : this is irony

  10. Hmmm by r00k123 · · Score: 1, Funny
    Public terminals are insecure?!?

    In other news:

    • The Sky is Blue!
    • The Earth rotates around the Sun!
    • I will never sleep with Natalie Portman.
  11. Re:What do people expect? by mjh · · Score: 1, Funny
    £100 bunch - no ribbon - she hates ribbon - thinks its a waste

    Wow! £100 isn't a waste, but ribbon is! That's funny!

    --
    Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
  12. Re:Clarification Please! by Zeinfeld · · Score: 1, Funny
    What is a Kinkos????

    Like the name says, its a bondage parlor. Prostitution is illegal in the US but bondage is perfectly OK. If a New York businessman feels like a bit of bondage in the afternoon they just go down to their local Kinkos.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  13. Security through Obscurity by Caharin · · Score: 2, Funny

    Quote from article:
    Kinko's spokeswoman Maggie Thill said the company takes security seriously and believes it has "succeeded in making a similar attack extremely difficult in the future." She would not provide details, saying that to do so could make systems less secure.

    Security through obscurity- my favorite.

    --
    By reading this sig, you agree to be bound by all terms and conditions I choose.
  14. Re:is this viable for a class-action lawsuit? by squarefish · · Score: 2, Funny

    The reason I'd like to see them get sued is because they knew that this had happened and made zero effort to contact their customers who may have been effected by this ASAP- I really feel that this type of disclosure is their responsibilty and I'm insulted that I had to find out about it via public news sources when they hadn't even notified their customer service reps about the possibility of inquiries regarding this.

    This is not a situation I wanted to be in, but I was in NY for the conference and considered the network security at h2k2 to be considerably worse- it was much more of a known risk, fresh password lists were being post on boards every day.

    with Kinko's being a paid service, I would expect a higher quality of service. If you goto a restaurant and they serve you the wrong food, you get them correct it right away. if you goto the dry cleaners and your clothes come out worse, you make them cover it. it's a quality of service issue. In this case I would expect to be notified ASAP by a company that I paid and trusted the service of, even if the discovery of the issue came up a year later. I don't know if I've been effected by this or not bacause they haven't disclosed the particular stores or dates involved, and in my opinion they should have been required to do so.

    So, to finish this off- I don't know if I suffered any loss from this or not, I haven't noticed anything yet, but I wasn't looking and certainly didn't expect to see a story like this that may have effected me a year afterwards. Whether anyone suffered a loss or not, there should be something done so that the security of their customers isn't as at risk and they should have mechnism in place to notify those customers if something does happen- it's called customer satisfaction.

    --
    Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.