April 11, 2012
“Next time you’re playing Call of Duty, the DHS might be listening.” –KTRN
The US Department of Homeland Security might soon take the “joy” out of “joystick.” The country’s top counterterrorism unit has awarded a California company $177,235 to hack video game consoles under the guise of cracking down on criminal activity.
San Francisco-based Obscure Technologies is the recent recipient of a government contract for $177,235.50. For a small computer forensics firm with less than half-a-dozen employees, it’s a significant sum being awarded by Uncle Sam. The only catch, however, is that the small-time Silicon Valley company will be in charge of prying into the video game consoles used by millions of Americans during their personal pastime that was thought to be otherwise free of federal interference. According to the Department of Homeland Security, uncovering online communications conducted over video game networks could be key in thwarting terrorism.
As per the official contract awarded earlier this month to Obscure Technologies, the DHS is hoping the small time computer experts will be able to come up with “hardware and software tools that can be used for extracting data from video game systems.” If those powers can be made possible, the government wants to be able to get into the heavily encrypted computer data inside machines like Microsoft’s X-Box 360 and Nintendo’s Wii in order to build cases against could be criminals.
In explaining their case, the government argues that both pedophiles and terrorists alike are using communication modes available only through video game systems to both lure in children and plot possible attacks, respectively. Currently video game platform largely rely on heavy-duty encryption to keep any sort of person-to-person correspondence made through their systems hard to uncover, but the DHS believes that once Obscure can crack that code they will be able to provide a procedure that law enforcement can use in furthering investigations.
February 6, 2012
By Associated Press
“Go Anonymous, go. They should be given a medal for bravery.” –KTRN
Saboteurs stole passwords and sensitive information on tipsters while hacking into the websites of several law enforcement agencies worldwide in attacks attributed to the collective known as Anonymous.
Breaches were reported this week in Boston, Syracuse, N.Y., Salt Lake City and Greece.
Hackers gained access to the Salt Lake City Police Department website that gathers citizen complaints about drug and other crimes, including phone numbers, addresses and other personal data of informants, police said.
The website remained down Friday as police worked to make it more secure.
Anonymous is a collection of Internet enthusiasts, pranksters and activists whose targets have included financial institutions such as Visa and MasterCard, the Church of Scientology and law enforcement agencies.
Following a spate of arrests across the world, the group and its various offshoots have focused their attention on law enforcement agencies in general and the FBI in particular.
The group also claimed responsibility for hacking the website of a Virginia law firm that represented a U.S. Marine involved in the deaths of civilians in Iraq in 2005.
Anonymous also published a recording on the Internet Friday of a phone call between the FBI and Scotland Yard, gloating in a Twitter message that “the FBI might be curious how we’re able to continuously read their internal comms for some time now.”
January 17, 2012
By Andy Greenberg
“Think about how many companies have your Credit Card numbers or banking account information. This could happen to any of us.” –KTRN
Twenty-four million Zappos customers are getting an unpleasant Sunday-evening surprise.
The Amazon-owned e-commerce firm has revealed that it was the target of a cyber attack that gained access to its internal network, including the accounts of 24 million of its users. Though the company says that no complete credit card numbers were revealed in the breach, the intruders may have accessed customers’ names, e-mail addresses, phone numbers, addresses, the last four digits of their credit card numbers, and encrypted passwords. Zappos says it’s taken the precaution of resetting the passwords of all its customers and directing them to set a new password upon visiting the site.
“We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky,” chief executive Tony Hsieh wrote to Zappos employees in an email posted to the site, declining to offer more information about the breach. ”We are cooperating with law enforcement to undergo an exhaustive investigation.”
December 8th, 2010
By: Stephen A. Webster
MasterCard Worldwide confirmed on Wednesday morning that the “MasterCard Directory Server” had gone down and that cardholders were experiencing service interruptions. The revelation was made as a massive denial of service attack was staged against MasterCard, ostensibly for refusing further payments to secrets outlet WikiLeaks.
“Please be advised that MasterCard SecureCode Support has detected a service disruption to the MasterCard Directory Server,” MasterCard said. “The Directory Server service has been failed over to a secondary site however customers may still be experiencing intermittent connectivity issues. More information on the estimated time of recovery will be shared in due course.”
Yesterday, MasterCard Worldwide became the latest financial institution to face the wrath of online hackers acting to avenge secrets outlet WikiLeaks over the credit card provider’s declaration that the site was engaged in “illegal” activities.
Not 36 hours after MasterCard froze payments to WikiLeaks, their website was down as hackers with the group “Anonymous” launched a new wave of cyberattacks. The company said its customers could still use their credit cards for purchases, but the PayPoint retail network told a BBC reporter that MasterCard’s “SecureCode” service had been taken down, interrupting service all over.
The hackers also claimed responsibility for taking down the website for Swiss bank PostFinance, after it froze an account with over €31,000 set aside for site founder Julian Assange’s legal defense.
Assange was arrested in London yesterday on an Interpol warrant out of Sweden, where he’s wanted for questioning in an investigation of sexual assault.
“Anonymous” has dubbed their cyber warfare campaign “Operation Payback,” threatening to “fire” on any entity that attempts to censor WikiLeaks.
Service to mastercard.com was unavailable at time of this writing. The website for the Swedish prosecutor’s office was also offline, as was a site for the lawyer representing Assange’s accusers.
Secure Computing Magazine called what’s happening “an all-out cyber war,” noting that massive botnets were attacking each other by mid-Wednesday morning as even the ‘Anonymous’ group had come under fire from another group of hackers that sought to defend US interests. That group, which was successful in taking WikiLeaks offline in late November, was also thought to be behind attacks on the ‘Anonymous’ website, anonops.net, which was still online at time of this writing.
A “botnet” is Internet slang for a massive shadow network of computers that have been unknowingly hijacked by malicious software. They are typically used for nefarious purposes, such as distributed denial of service attacks.
Credit card processor Visa also suspended payments to WikiLeaks on Tuesday morning, but its website was functional at time of this story’s publication. It too was expected to come under denial of service attacks.
“Operation Payback” also promised to attack PayPal, the online payment service that last week cut off WikiLeaks and froze over $60,000 in electronic donations, but their site was still online Wednesday morning. Topics trending on Twitter suggested an attack may also target the micro-blogging site.
Others to suffer downtime this week include PayPal’s blog, EveryDNS — the domain name service provider that pulled WikiLeaks off it’s .org address — and Sen. Joe Lieberman’s (I-CT) .gov website. Lieberman’s staff was responsible for prompting Amazon.com to take WikiLeaks off its US-based cloud servers.
Researchers with Panda Security have been tracking the wave of attacks, blow-for-blow.
In recent days, the online to-do over WikiLeaks has been called the world’s “first serious infowar” and a “war for control of the Internet.”
“What is this all about? And what does it have to do with censorship and Operation Payback?” ‘Anonymous’ asks on their website.
“While we don’t have much of an affiliation with WikiLeaks, we fight for the same reasons. We want transparency and we counter censorship. The attempts to silence WikiLeaks are long strides closer to a world where we can not say what we think and are unable to express our opinions and ideas.
“We can not let this happen. This is why our intention is to find out who is responsible for this failed attempt at censorship. This is why we intend to utilize our resources to raise awareness, attack those against and support those who are helping lead our world to freedom and democracy.”
January 13, 2010
By Ellen Nakashima, Steven Mufson and John Pomfret
Google said Tuesday that it may pull out of China because of a sophisticated computer network attack originating there and targeting its e-mail service and corporate infrastructure, a threat that could rattle U.S.-China relations, as well as China’s business community.
The company said it has evidence to suggest that “a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists,” but it said that at least 20 other large companies, including finance, media and chemical firms, have been the targets of similar attacks. Google said it discovered the attack in December.
“It’s clear that this attack was so pervasive and so essential to the core of Google’s intellectual property that only in such a situation would they contemplate pulling the plug on their entire business model in China,” said James Mulvenon, a China cyber expert with Defense Group Inc.
Congressional sources said the other companies include Adobe and possibly Northrop Grumman and Dow Chemical. Industry sources said the attacks were even broader, affecting 34 firms.
The hackers directed the attacks on the companies through six Internet addresses linked to servers in Taiwan, which sent commands to targeted computers in the firms, said Eli Jellenc, head of international cyberintelligence for the Silicon Valley-based cybersecurity research and forensics firm Verisign iDefense, which is helping companies investigate the penetrations. The hackers were sending the data to a large Internet data center in San Antonio called Rackspace, he said.
They appeared to be after information on weapons systems from defense firms and were seeking companies’ “source code,” the most valuable form of intellectual property because it underlies the firms’ computer applications, he said.
U.S. authorities, including the National Security Agency, are involved in investigating the attacks.
Several of the Internet addresses correspond to those used in malicious attacks against the defense industry last year and that are thought to be linked in some fashion to the Chinese government or proxies, Jellenc said.
David Drummond, Google’s senior vice president and chief legal officer, said the attacks had led the company to conclude that it should “review the feasibility” of its Chinese operations. “We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China,” he said.
Drummond also said that the company has decided to stop censoring its search results on Chinese Google sites. Over the next few weeks, he said, the company will discuss with the Beijing government how it may operate “an unfiltered search engine within the law, if at all.”
Google’s threat to pull out of China follows years of tension over the company’s service, which is designed to provide quick, unfettered access to information, and over the Chinese government, which wants to restrict its citizens’ access to politically sensitive topics and to monitor their activity. The confrontation also comes just before a Jan. 21 policy speech on Internet freedom by Secretary of State Hillary Rodham Clinton, who dined last week with a handful of top technology executives, including Google’s chief executive, Eric Schmidt.
Clinton said Google had briefed her on the issue, but in a statement late Tuesday she demanded an explanation from China. “The ability to operate with confidence in cyberspace is critical in a modern society and economy,” she said.
Based on its investigation to date, Google said, it does not believe the cyberattack on its accounts succeeded. “Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves,” the company said in a blog posting.
Google has also been embroiled recently in a dispute over the copyrights of Chinese authors whose works it had published in its online library Google Books. Chinese writers have accused it of copyright infringement. The company apologized to Chinese writers this week.
Privacy advocates applauded Google’s move to disclose the cyberattacks and reverse its stand on censorship of its China search engine results.
“Google has taken a bold and difficult step for Internet freedom in support of fundamental human rights,” said Leslie Harris, president of the Center for Democracy and Technology. “No company should be forced to operate under government threat to its core values or to the rights and safety of its users.”
In China, reaction on the Web was critical of both the Chinese government and Google.
One blogger, identified only as “Crossing the river with eyes closed,” said, “They’d better cut the cable under the sea so that they don’t have to worry at all.” The late Chinese leader Deng Xiaoping famously said that reform was like crossing a river one stone at a time.
Others worried that the potential loss of access to Google would make it harder to obtain technical information.
December 30, 2009
By Maija Palmer
Computer hackers this week said they had cracked and published the secret code that protects 80 per cent of the world’s mobile phones. The move will leave more than 3bn people vulnerable to having their calls intercepted, and could force mobile phone operators into a costly upgrade of their networks.
Karsten Nohl, a German encryption expert, said he had organised the hack to demonstrate the weaknesses of the security measures protecting the global system for mobile communication (GSM) and to push mobile operators to improve their systems.
O2 apologises for snags in London network – Dec-28Mobile operators square off in network envy – Dec-29“This shows that existing GSM security is inadequate,” Mr Nohl told an audience of about 600 people at the Chaos Communication Congress in Berlin, a four-day conference of computer hackers.
“We have given up hope that network operators will move to improve security on their own, but we are hoping that with this added attention, there will be increased demand from customers for them to do this,” he told the Financial Times.
“This vulnerability should have been fixed 15 years ago. People should now try it out at home and see how vulnerable their calls are.”
Mr Nohl was due to run a practical demonstration of the code book at the conference on Wednesday, but has postponed it while he takes advice from lawyers on whether the exercise would be legal. However, the code is already being widely circulated on the internet.
Mr Nohl, a widely consulted cryptography expert with a doctorate in computer engineering from the University of Virginia, waged a similar campaign this year which caused the DECT Forum, a standards group based in Bern, to upgrade the security algorithm for 800m cordless home phones.
The hacked GSM code could compromise more than 3bn people in 212 countries. It does not affect 3G phone calls, however, which are protected by a different security code.
The GSM Association, the industry body for mobile phone operators, which devised the A5/1 encryption algorithm 21 years ago, said they were monitoring the situation closely.
“We are concerned but we don’t believe it will result in widespread eavesdropping tomorrow, or next week or next month,” said James Moran, security director of the GSMA.
“The reality is that a practical attack is beyond the capabilities of the vast majority of people,” he said.
However, security experts disagreed, saying that cracking the code significantly lowered the bar for intercepting calls.
“A year ago it would have required equipment costing hundreds of thousands of dollars, and serious expertise to listen in to a call,” said Simon Bransfield-Garth, chief executive of Cellcrypt, a mobile phone encryption company.
“Today it is going to require $1,500 of network equipment and a computer. It is getting down to a mainstream price tag and moving to the point when it will be straightforward to do,” he continued.
December 27, 2009
Daily Mail Online
By Jason Lewis and Simon Parry
The investigation into the so-called Warmergate emails – the leaked data from the University of East Anglia’s climate change department – took a new twist last night when The Mail on Sunday tracked the stolen messages to a suspect computer which provides internet access to China.
The address used to post the emails is also on an international ‘black list’ which highlights suspicious behaviour on the internet.
The revelation comes after the Russian security service, the FSB – the former KGB – authorised the release of confidential information that allowed us to retrace the route taken by the email traffic.
A computer company in Siberia was ultimately used to post the controversial messages – which cast doubt on the reliability of scientists’ global warming claims – on the internet.
The revelation led to claims that the Russians were behind the release of the information.
But, anxious to distance themselves from the leak, the FSB revealed how the data had been sent to Siberia from a computer in Kuala Lumpur, Malaysia.
The evidence passed to The Mail on Sunday now raises questions about whether Chinese hackers, backed by the communist regime, are the source of the emails.
Supported by their government and its security and intelligence services, Chinese hackers have been at the centre of huge number of ‘cyber attacks’ in recent years, including attempted computer ‘break-ins’ at the House of Commons and Whitehall departments, including the Foreign Office.
Earlier this year, MI5 chief Jonathan Evans warned 300 British businesses that they were under Chinese cyber-attack. The People’s Liberation Army is reputed to hold an annual competition to recruit the country’s best hackers.
Last week, The Mail on Sunday traced the stolen climate change emails to a so-called Open Access server run by Malaysian telecoms giant Telekom Malaysia Berhad.
The Malay government owns more than a third of the company and it supplies internet access to nearby China.
Last night, the company confirmed the leaked emails passed through Kuala Lumpur using its open relay mail server that can be accessed and used to forward mail by internet users without the need for a password.
Company spokesman Saiful Azmi Matmor said: ‘We cannot divulge any confidential information about our customer accounts. However, we are aware of the international stories about the leaked emails and our technicians are looking into this matter now that you have drawn it to our attention.’
A source within the company said: ‘Because this is an open relay mail server, the emails could have been sent through it from anywhere in the world. It is just as likely to be someone outside Malaysia as someone within the country.’
The internet address used to post the messages is linked to several others used by the Chinese — one is a Chinese environmental institute, the Research Institute of Forest Ecology and Environment Protection, based near Beijing.
Several professors from this institute are regulars at climate change conferences where they have shared a platform with the University of East Anglia experts. After our enquiries in Malaysia began, the suspect computer links to China were suddenly cut.
Scotland Yard and Norfolk Police are leading the investigation into the email theft at the University of East Anglia.
December 2, 2009
It’s becoming the oldest trick in the book. Hackers send out what looks like legitimate email when it’s not. The Centers for Disease Control just became its latest victim.
The email looked like it came from the Centers for Disease Control and Prevention inviting you to create a profile for an H1N1 vaccine program. Sounds like a good idea, right? Not really. It’s a malware scam, according to security provider AppRiver.
A link in the email then goes to a fake CDC page where the visitor is assigned a temporary ID and a link to a vaccination profile that actually is an executable file containing a copy of the Kryptik Trojan targeting Windows. If installed, the Trojan will create a security-free gateway on the system, allowing additional malware to be downloaded and installed without your authorization.
In addition, a remote hacker will be able to take control of your computer, stealing your data from your computer, including details like your credit card information and website passwords.
AppRiver says it is seeing the fake CDC emails at a rate of nearly 18,000 messages per minute, reaching more than 1 million in the first hour alone.
Fake government emails are becoming a huge problem, many IT experts say. And there is no easy way for the government or consumers to fight off hackers masquerading as legitimate government communications. The federal government, however, has an obligation to stop these fakes when they find them and derail the hackers who are pretending to be official.
October 7, 2009
The next world war could take place in cyberspace, the UN telecommunications agency chief warned Tuesday as experts called for action to stamp out cyber attacks.
“The next world war could happen in cyberspace and that would be a catastrophe. We have to make sure that all countries understand that in that war, there is no such thing as a superpower,” Hamadoun Toure said.
“Loss of vital networks would quickly cripple any nation, and none is immune to cyberattack,” added the secretary-general of the International Telecommunications Union during the ITU’s Telecom World 2009 fair in Geneva.
Toure said countries have become “critically dependent” on technology for commerce, finance, health care, emergency services and food distribution.
“The best way to win a war is to avoid it in the first place,” he stressed.
As the Internet becomes more linked with daily lives, cyberattacks and crimes have also increased in frequency, experts said.
Such attacks include the use of “phishing” tools to get hold of passwords to commit fraud, or attempts by hackers to bring down secure networks.
Individual countries have started to respond by bolstering their defences.
US Secretary for Homeland Security Janet Napolitano said Thursday that she has received the green light to hire up to 1,000 cybersecurity experts to ramp up the United States’ defenses against cyber threats.
South Korea has also announced plans to train 3,000 “cyber sheriffs” by next year to protect businesses after a spate of attacks on state and private websites.
Warning of the magnitude of cybercrimes and attacks, Carlos Solari, Alcatel-Lucent’s vice-president on central quality, security and reliability, told a forum here that breaches in e-commerce are now already running to “hundreds of billions.”
But one of the most prominent victims in recent years has been the small Baltic state of Estonia, which has staked some of its post Cold War development on new technology.
In 2007 a spate of cyber attacks forced the closure of government websites and disrupted leading businesses.
Estonian Minister for Economic Affairs and Communications Juhan Parts said in Geneva that “adequate international cooperation” was essential.
“Because if something happens on cyberspace… it’s a border crossing issue. We have to have horizontal cooperation globally,” he added.
To this end, several countries have joined forces in the International Multilateral Partnership against Cyber Threats (IMPACT), set up this year to “proactively track and defend against cyberthreats.”
Some 37 ITU member states have signed up, while another 15 nations are holding advanced discussions, said the ITU.
Experts say that a major problem is that the current software and web infrastructure has the same weaknesses as those produced two decades ago.
“The real problem is that we’re putting on the market software that is as vulnerable as it was 20 years ago,” said Cristine Hoepers, general manager at Brazilian National Computer Emergency Response Team.
“If you see the vulnerabilities that are being exploited today, they are still the same,” she underlined.
She suggested that professionals needed to be trained to “design something more resilient.”
“Universities are not teaching students to think about that. We need to change the workforce, we need to go to the universities…, we need to start educating our professionals,” she said.
Pointing out the infrastructure weakness, Carlos Moreira, who founded and runs the Swiss information security firm Wisekey, said legislation is needed to bring cybersecurity up to international standards.
October 7, 2009
By Kate Loveys and Graham Smith
The massive security breach that led to millions of Hotmail customers being advised to change their passwords has now spread to users of email services including Gmail and Yahoo! Mail.
Up to 21million people and businesses who use the Hotmail service in the UK were warned they are potentially at risk of being defrauded after passwords were acquired illegally.
Around 10,000 passwords were obtained by hackers who created a fake website identical to Hotmail’s to fool users into entering their email address and password in a ‘phishing’ scam.
‘Phishing’ scams involve using false websites to lure people into revealing important data such as bank account details, login names or passwords.
Now the BBC claims that another list of over 30,000 email addresses and passwords is circulating, which contains the details for Gmail, Yahoo! Mail, AOL, Comcast and Earthlink accounts.
The latest list was posted on Pastebin.com, the same website to which the Hotmail list was originally uploaded.
How to avoid being defrauded
- Change your passwords every 90 days
- Use different passwords for various internet log-ins
- Do not open unsolicited email attachments and links
The site, which is intended for web developers to share code, has since been taken down for maintenance.
Hotmail’s list of users was posted anonymously on to Pastebin.com on October 1. The list was reported by technology blog Neowin.
It is feared that the information could be used by fraudsters to access email accounts and steal personal information such as credit card account details.
A spokesman for Google, which runs Gmail, said: ‘We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail account.
‘As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.’
The firm stressed that the scam was ‘not a breach of Gmail security’ but rather ‘a scam to get users to give away their personal information to hackers’.
A spokesman for the Metropolitan Police said: ‘We advise people to take a commonsense approach and change their password.
‘It is early days but we have yet to receive reports of fraud linked to this breach.’
A Microsoft spokesman added: ‘We are aware that some Windows Live Hotmail customers’ credentials were acquired illegally and exposed on a website.
‘Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers.
‘We are working diligently to help customers regain control of their accounts.’
Some of the accounts appear to be old, unused or fake. Other addresses on the list include Comcast and Earthlink accounts.
A spokesperson for Yahoo urged consumers to ‘take measures to secure their accounts whenever possible, including changing their passwords’.