Mat Honan of Wired has a covetableTwitter username (@mat). Recently hackers tore his digital world apart in an attempt to commandeer it. Now he reflects: The age of the password has come to an end; we just haven’t realized it yet. And no one has figured out what will take its place. What we can say for sure is this: Access to our data can no longer hinge on secrets—a string of characters, 10 strings of characters, the answers to 50 questions—that only we’re supposed to know. The Internet doesn’t do secrets. Everyone is a few clicks away from knowing everything.
British computer hacker Gary McKinnon will not be extradited to the US, Home Secretary Theresa May has announced. [bbc]. She stated that "a decision to extradite would be incompatible with Mr McKinnon's human rights." on grounds of his mental illness(es) and propensity for suicidal thoughts. On a broader level she has also indicated that a forum bar will be available in future extraditions to the USA, meaning a court will be able to consider whether it would be more appropriate for a trial to be held in the UK. [more inside]
The AntiSec hacking group claims to have released a set of more than 1 million Apple Unique Device Identifiers (UDIDs) allegedly obtained from breaching an FBI agent's laptop via a Java vulnerability. The group claims to have over 12 million IDs, as well as personal information such as user names, device names, notification tokens, cell phone numbers and addresses. There's a tool to help you check if your device is in the list. [more inside]
Phone Trips - an audio archive of the Phone Phreaking community. Phone phreaking was the practice of hacking into phone systems and networks in order to explore these networks and their connections [1 2]. Many people first heard about the phenomenon in a 1971 Esquire article, Secrets of the Little Blue Box, which included input from Captain Crunch. Crunch discovered that you could access telephone networks by blowing a 2600 Hz tone, from a whistle given away free in cereal boxes, into telephone handsets. "Have you ever heard eight tandems stacked up?" asked Crunch in the interview. Well, now we can, thanks to a large audio archive of phone phreaking. [more inside]
"When Art, Apple and the Secret Service Collide: ‘People Staring at Computers’ ": A year ago (previously on MetaFilter), Kyle McDonald created an art project that landed him in some trouble with Apple and the attention of the US Secret Service. He writes about it for WIRED. [more inside]
Brown Moses Blog curates and analyzes news regarding the Syrian uprising, the wider Arab Spring, and the UK phone hacking scandal. It is written by Something Awful forums moderator Brown Moses. Recent entries include discussion of the increasingly well armed Free Syrian Army, senior members of the Catholic Church criticizing pro-Assad clergy, and a look at the evidence of more sophisticated IEDs being used in Syria. [more inside]
Merge your body with the powers of a Kinect controller to become Ultra Seven!
In the early 80’s, personal computers were a new innovation. Films like WarGames made it seem as if a kid with a keyboard could hack into anything: a school or corporate mainframe, NORAD, the US nuclear arsenal or your neighborhood bank. Hoping to capitalize on this, in 1983 CBS premiered a show which could have been considered WarGames’ intellectual successor. It featured a group of resourceful kids who solved crimes by hacking and cracking, led by Matthew Laborteaux, child star of Little House on the Prairie, and advised by a Gavilan SC-toting, mustachioed reporter played by Max Gail, formerly of the show Barney Miller. Whiz Kids lasted only a single season: 18 episodes, but all of them live on in cyberspace, on YouTube. Complete episode links contained within. [more inside]
On the basis of the facts and evidence before the committee, we conclude that if at all relevant times Rupert Murdoch did not take steps to become fully informed about phone hacking, he turned a blind eye and exhibited wilful blindness to what was going on in his companies and publications. This culture, we consider, permeated from the top throughout the organisation and speaks volumes about the lack of effective corporate governance at News Corporation and News International. We conclude, therefore, that Rupert Murdoch is not a fit person to exercise the stewardship of a major international company. [more inside]
Machine Politics. George Hotz, Sony, and the Anonymous hacker wars.
In 1984, Congress passed a law called the Computer Fraud and Abuse Act, in the wake of some high profile incidents of hacking. Designed to prosecute hackers, the law is written vaguely enough that it has, in recent years, been used (with varying degrees of success) to prosecute people violating terms of an employer's computer usage policies, or in the infamous case of Lori Drew, a Terms of Service agreement. But today, the 9th circuit court of appeals ruled that employees can not be prosecuted under the CFAA for violating an employer's computer use policies, dealing a blow to the Obama administration’s Justice Department, which is trying to use the same theory to prosecute alleged WikiLeaks leaker Bradley Manning.
Murdoch's Scandal - Lowell Bergman (the journalist portrayed by Al Pacino in The Insider) has investigated News Corporation for PBS Frontline [transcript]. He depicts Rupert Murdoch's British operation as a criminal enterprise, routinely hacking the voicemail and computers of innocent people, and using bribery and coercion to infiltrate police and government over decades. Enemies are ruthlessly "monstered" by the tabloids. Bergman also spoke to NPR's Fresh Air [transcript]. But the hits keep coming: in recent days News Corp has been accused of hacking rival pay TV services and promoting pirated receiver cards in both the UK and Australia. With the looming possibility of prosecution under America's Foreign Corrupt Practices Act, how long will shareholders consider Rupert Murdoch irreplaceable? [Previous 1 2 3 4]
The British newspaper The Guardian has obtained a cache of 3,000 emails purported to have been exchanged between Syrian President Bashar al-Assad, his wife, and a close circle of advisers and friends. The personal emails allegedly show Assad dismissing his government's proposed reforms, mocking the efforts of Arab League monitors to spot military tanks besieging cities, as well as Assad's wife placing extravagant shopping orders, sometimes through intermediaries. [more inside]
The Kaspersky analysts over at Securelist uncovered some interesting things deep in the bowels of the code of a trojan. The hooks of the trojan are written using standard, well known languages and interfaces (C++, DLLs and such), but the payload, upon analysis, seems to be written using some heretofore unknown programming language. Can you figure out what language the Duqu trojan is written in? (via Lambda the Ultimate Programming Blog)
"Ron Paul has regularly met with many A3P members, even engaging in conference calls with their board of directors."
Hacker group Anonymous has discovered that Ron Paul is working directly with the neo-Nazi group American Third Position Party, whose members occupy key posts in Paul's campaign and whose directors have had conference calls with the Congressman and Presidential candidate. The full information release can be viewed at pirasec.org, though the interface is fairly clunky.
The holiday season isn't always relaxing for those in the computing security field. 2011's Chaos Communication Congress brought many gifts in the form of vulnerability disclosures, including: malicious documents that infect HP printers, remote control vulnerabilities in prison lock systems, and denial-of-service attacks against Web servers written in just about every scripting language.
Edwardian Era Grey Hatting. How a magician and part time inventor used griefing to expose security flaws in Marconi's radio transmission system, in 1903. [more inside]
Webcam is a short film which explores the concept (and apparent reality) of "webcam hacking." Straight link Vimeo. Warning: Vimeo comments contain spoilers.
"We’re allowing a whole new level of intelligence in the networks...We can take a copy of everything coming through our switch and dump it off to the FBI."
The Surveillance Catalog: Where Governments Get Their Spying Tools The Wall Street Journal has obtained a "trove" of documents from the secretive retail market in surveillance technology sold to world governments, and has created a searchable database for your enjoyment. "Among the most controversial technologies on display at the conference were essentially computer-hacking tools to enable government agents to break into people's computers and cellphones, log their keystrokes and access their data..." E.g., FinFisher installs malware by sending fake software updates for Blackberry and other devices; VUPEN's Exploits for Law Enforcement Agencies "aim to deliver exclusive exploit codes for undisclosed vulnerabilities" in software from Microsoft, Apple and others. [more inside]
One month ago, Électricité de France S.A. (EDF), one Europe's biggest power producers, went on trial for allegedly hiring a security firm to hack into Greenpeace's computers. Today, the sentence has come down and the security firm, EDF, and its executives (and in a separate sentence of the broader hacking trial, disgraced bicyclist Floyd Landis), will be seeing fines and jail time. Greenpeace responds.
On October 18, Wired embedded a reporter with both Anonymous and the #Occupy movement, calling both "a new kind of hybrid entity, one that breaks the boundaries between “real life” and the internet, creatures of the network embodied as citizens in the real world." The first entries in Quinn Norton's ongoing special report: Anonymous 101: Behind the Lulz were posted today. Coverage from Wired's other special report, Occupy: Dispatches from the Occupation are already online. NPR: Members Of Anonymous Share Values, Aesthetics [more inside]
The Socialbot Network - A UBC study suggests that many Facebook users will friend total strangers. Researchers said they collected 250 gigabytes of information from Facebook users by using socialbots — fake Facebook profiles created and controlled by computer code (sic). The researchers said they got the approval of UBC’s behavioural research ethics board. The data they collected was encrypted and anonymized and deleted after they completed their data analysis. [more inside]
Hacking with gestures in a 3D space is now possible, with Kinectasploit (a mashup of Metasploit and Kinect with OpenNi, in a Blender-made environment). (via Slashdot)
250 lucky attendees to a right-wing concert in Germany were given free souvenir t-shirts with the slogan "Hardcore rebels” and a skull and nationalist flags. [more inside]
Enter the Cyber-dragon. "Hackers have attacked America’s defense establishment, as well as companies from Google to Morgan Stanley to security giant RSA, and fingers point to China as the culprit. The author gets an exclusive look at the raging cyber-war—Operation Aurora! Operation Shady rat!—and learns why Washington has been slow to fight back. Related: Michael Joseph Gross goes inside Operation Shady Rat."
"Gambiarra refers to an unlikely mend, an unthinkable coupling, a solution so raw and transparent that it illustrates the problem at hand instead of eliminating it."
In Brazil, "gambiarra" is the art of improvising makeshift repairs - spontaneously solving the problem at hand with whatever is in hand. Wikipedia Brazil has a bit more on the topic and how it extends to architecture and programming. Gambilogia is an arts group exploring this DIY aesthetic. Interestingly, there's lots of discussion around gambiarra. Personally, I find the original quick fixes more compelling (examples at bottom of the article).
In-depth pieces in Vanity Fair and Wired detail the structure and impact of the Stuxnet worm, and what it means for the future of cybersecurity. (Previously)
not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities
"Hackers of the world are uniting and taking direct action against our common oppressors - the government, corporations, police, and militaries of the world" says LulzSec (previously) in their latest release, Chinga La Migra. "We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 (previously) and the racial profiling anti-immigrant police state that is Arizona."
#antisec is a new track from nerdcore rapper ytcracker (previously)
#antisec is a new track from nerdcore rapper ytcracker (previously)
People who use Sony don't make very good passwords. "None of this is overly surprising, although it remains alarming. We know passwords are too short, too simple, too predictable and too much like the other ones the individual has created in other locations. The bit which did take me back a bit was the extent to which passwords conformed to very predictable patterns, namely only using alphanumeric character, being 10 characters or less and having a much better than average chance of being the same as other passwords the user has created on totally independent systems." [more inside]
'The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.'
Over the weekend, PBS' website was hacked by a group calling itself "The Lulz Boat", or "LulzSec". The PBS site displayed a story claiming that rapper Tupac Shakur was alive and well in New Zealand. (He's not). The hack was apparently over the Frontline program that aired last week, 'Wikisecrets', which Julian Assange called "hostile". This follows a separate, unrelated breach at Lockheed Martin, also publicized over the weekend. (Previously)
Last night at midnight, more than a gigabyte of internal memos from the US Chamber of Commerce and two other conservative think-tanks were leaked to the Internet. Although no announcement has been posted to the semi-official Anonymous web site, the archive contains a README file crediting the hacker/cracker/griefer collective. [more inside]
Sony's PlayStation Network and Qriocity have been down since April 20 2011 due to an illegal intrusion. Today Sony announced that user data - birthdate, user name, password, e-mail address, possibly credit card information, and more - has been compromised for its 69 million users, exposing them to identify theft amongst other things. [more inside]
Engineer-turn-blogger Scott Whitlock offers some insight into the limitation of free markets. [more inside]
Computer security vendor RSA, maker of two-factor authentication SecurID, has been hacked by unknown parties. In an open letter to it customers RSA Executive Chairman Arthur W. Coviello, Jr. calls the attack the work of an Advanced Persistent Threat, meaning a highly skilled, well-funded group acting deliberately & precisely to achieve a specific goal. RSA's clients include many Fortune 100 companies, US Government, Military & Intelligence Community organizations.
Using honeypots and logging tools, some server admins have logged actual server break-in attempts by nincompoop crackers. [more inside]
"I almost can't believe I'm witnessing this. We're inside the fortress of terror, our very own Mordor..." [more inside]
Aaron Barr, of security company HBGary, claimed in the Financial Times to have infiltrated Anonymous and to be collecting information on members of the group. Predictably, Anonymous responded by hacking HBGary's website and replacing its front page, as well as by stealing Barr's research documents on Anonymous (and social networking accounts) and releasing them to the public, along with thousands of internal HBGary emails.
UK cosmetics company Lush cultivates an image of quirky naiveté in its marketing, even when it loses the credit card details of thousands of customers. [more inside]
Adachi Tomomi, Alex Baker, Ian Baxter, Ithai Benjamin, Lesley Flanigan, Lorin Edwin Parker, Peter Blasser, Phil Archer, Todd Bailey, Tommy Stephenson & Patrick McCarthy, Tuomao Tammenpaa, and Vasco Alvo are all featured in Nicolas Collins' extraordinarily good book Handmade Electronic Music.
"I was daydreaming in class about who knows what, when I thought of my fire poofer project...I tried to think of ways I could apply a fireball shooter to things in ways that would be pretty awesome. I thought of using a microcontroller to sync the fire to the beat of music - now that would be pretty cool, and the patterns would always be different, so it wouldn't get as boring as fast. Then I thought of the game Guitar Hero." High school student Chris Marion hacks a guitar controller and builds FireHero. Facemelting ensues.
In late December 2010, fail0verflow, a team of European hackers, demonstrated that the Playstation 3's security was fundamentally flawed and managed to obtain the encryption key used by the device (see previous discussion). Utilizing the techniques developed by the fail0verflow team, iPhone hacker George Hotz released the encryption key publically, which enables the execution of arbitrary code on the console. Now Sony is suing both George Hotz and members of the fail0verflow team. [more inside]
Oakland County man faces 5 years in prison for hacking his wife's email. So, is email snooping a crime?
The Wikileaks Cablegate scandal is the most exciting and interesting hacker scandal ever. I rather commonly write about such things, and I’m surrounded by online acquaintances who take a burning interest in every little jot and tittle of this ongoing saga. So it’s going to take me a while to explain why this highly newsworthy event fills me with such a chilly, deadening sense of Edgar Allen Poe melancholia.
But it sure does.
Bruce Sterling on the world of post-Wikileaks diplomacy.
But it sure does.
Bruce Sterling on the world of post-Wikileaks diplomacy.