In 1984, Congress passed a law called the Computer Fraud and Abuse Act
, in the wake of some high profile incidents of hacking
. Designed to prosecute hackers, the law is written vaguely enough that it has, in recent years, been used (with varying degrees of success) to prosecute people violating terms of an employer's computer usage policies
, or in the infamous case of Lori Drew
, a Terms of Service agreement.
But today, the 9th circuit court of appeals ruled that employees can not be prosecuted under the CFAA for violating an employer's computer use policies, dealing a blow to the Obama administration’s Justice Department, which is trying to use the same theory to prosecute alleged WikiLeaks leaker Bradley Manning
- Lowell Bergman (the journalist portrayed by Al Pacino in The Insider
) has investigated News Corporation
for PBS Frontline [transcript]
. He depicts Rupert Murdoch's British operation as a criminal enterprise, routinely hacking the voicemail and computers of innocent people, and using bribery and coercion to infiltrate police and government over decades. Enemies are ruthlessly "monstered
" by the tabloids. Bergman also spoke to NPR's Fresh Air
But the hits keep coming: in recent days News Corp has been accused of hacking rival pay TV services and promoting pirated receiver cards in both the UK
. With the looming possibility of prosecution under America's Foreign Corrupt Practices Act
, how long will shareholders consider Rupert Murdoch irreplaceable? [Previous 1 2 3 4]
The British newspaper The Guardian has obtained a cache of 3,000 emails
purported to have been exchanged between Syrian President Bashar al-Assad, his wife, and a close circle of advisers and friends. The personal emails allegedly show Assad dismissing his government's proposed reforms
, mocking the efforts
of Arab League monitors to spot military tanks besieging cities, as well as Assad's wife placing extravagant shopping orders
, sometimes through intermediaries
. [more inside]
The Kaspersky analysts over at Securelist uncovered some interesting things deep in the bowels of the code of a trojan. The hooks of the trojan are written using standard, well known languages and interfaces (C++, DLLs and such), but the payload, upon analysis, seems to be written using some heretofore unknown programming language.
Can you figure out what language the Duqu trojan is written in?
(via Lambda the Ultimate Programming Blog)
Edwardian Era Grey Hatting.
How a magician and part time inventor used griefing to expose security flaws in Marconi's radio transmission system, in 1903. [more inside]
is a short film which explores the concept (and apparent reality) of "webcam hacking." Straight link Vimeo. Warning: Vimeo comments contain spoilers.
The Surveillance Catalog: Where Governments Get Their Spying Tools
The Wall Street Journal
has obtained a "trove" of documents from the secretive retail market in surveillance technology
sold to world governments, and has created a searchable database for your enjoyment. "Among the most controversial technologies on display at the conference were essentially computer-hacking tools to enable government agents to break into people's computers and cellphones, log their keystrokes and access their data..." E.g., FinFisher installs malware by sending fake software updates
for Blackberry and other devices; VUPEN's Exploits for Law Enforcement Agencies
"aim to deliver exclusive exploit codes for undisclosed vulnerabilities" in software from Microsoft, Apple and others. [more inside]
One month ago, Électricité de France S.A.
(EDF), one Europe's biggest power producers, went on trial
for allegedly hiring a security firm to hack into Greenpeace's computers
. Today, the sentence has come down and the security firm, EDF, and its executives (and in a separate sentence of the broader hacking trial, disgraced bicyclist Floyd Landis
), will be seeing fines and jail time
. Greenpeace responds
On October 18, Wired embedded
a reporter with both Anonymous and the #Occupy movement, calling both "a new kind of hybrid entity, one that breaks the boundaries between “real life” and the internet, creatures of the network embodied as citizens in the real world." The first entries in Quinn Norton's ongoing special report: Anonymous 101: Behind the Lulz
were posted today. Coverage from Wired's other special report, Occupy: Dispatches from the Occupation
are already online. NPR: Members Of Anonymous Share Values, Aesthetics [more inside]
The Socialbot Network
- A UBC study suggests that many Facebook users will friend total strangers. Researchers said they collected 250 gigabytes of information from Facebook users by using socialbots — fake Facebook profiles created and controlled by computer code (sic)
. The researchers said they got the approval of UBC’s behavioural research ethics board. The data they collected was encrypted and anonymized and deleted after they completed their data analysis. [more inside]
Enter the Cyber-dragon.
"Hackers have attacked America’s defense establishment, as well as companies from Google to Morgan Stanley to security giant RSA, and fingers point to China as the culprit. The author gets an exclusive look at the raging cyber-war
—Operation Aurora! Operation Shady rat!—and learns why Washington has been slow to fight back
. Related: Michael Joseph Gross goes inside Operation Shady Rat
In Brazil, "gambiarra
" is the art of improvising makeshift repairs
- spontaneously solving the problem at hand
with whatever is in hand.
Wikipedia Brazil has a bit more on the topic and how it extends to architecture and programming
is an arts group exploring this DIY aesthetic. Interestingly, there's lots of discussion
around gambiarra. Personally, I find the original quick fixes
more compelling (examples at bottom of the article).
In-depth pieces in Vanity Fair
detail the structure and impact of the Stuxnet worm, and what it means for the future of cybersecurity. (Previously
"Hackers of the world are uniting and taking direct action against our common oppressors - the government, corporations, police, and militaries of the world
" says LulzSec (previously)
in their latest release, Chinga La Migra
. "We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 (previously) and the racial profiling anti-immigrant police state that is Arizona.
is a new track from nerdcore rapper ytcracker (previously)
People who use Sony don't make very good passwords
. "None of this is overly surprising, although it remains alarming. We know passwords are too short, too simple, too predictable and too much like the other ones the individual has created in other locations. The bit which did take me back a bit was the extent to which passwords conformed to very predictable patterns, namely only using alphanumeric character, being 10 characters or less and having a much better than average chance of being the same as other passwords the user has created on totally independent systems." [more inside]
'The Pentagon has concluded
that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.'
Last night at midnight, more than a gigabyte of internal memos from the US Chamber of Commerce
and two other conservative think-tanks were leaked to the Internet
. Although no announcement has been posted to the semi-official Anonymous web site
, the archive contains a README file crediting the hacker/cracker/griefer collective
. [more inside]
Sony's PlayStation Network and Qriocity have been down since April 20 2011 due to an illegal intrusion. Today Sony announced
that user data - birthdate, user name, password, e-mail address, possibly credit card information, and more - has been compromised for its 69
million users, exposing them to identify theft amongst other things. [more inside]
Engineer-turn-blogger Scott Whitlock offers some insight
into the limitation of free markets. [more inside]
Computer security vendor RSA, maker of two-factor authentication SecurID, has been hacked by unknown parties
. In an open letter to it customers
RSA Executive Chairman Arthur W. Coviello, Jr. calls the attack the work of an Advanced Persistent Threat, meaning a highly skilled, well-funded group acting deliberately & precisely to achieve a specific goal. RSA's clients include many Fortune 100 companies, US Government, Military & Intelligence Community organizations.
and logging tools, some server admins have logged actual server break-in attempts by nincompoop crackers
. [more inside]
"I almost can't believe I'm witnessing
this. We're inside
the fortress of terror
, our very own Mordor
..." [more inside]
UK cosmetics company Lush
cultivates an image of quirky naiveté in its marketing, even when it loses the credit card details of thousands of customers
. [more inside]
Lorin Edwin Parker
Tommy Stephenson & Patrick McCarthy
are all featured in Nicolas Collins' extraordinarily good book Handmade Electronic Music
"I was daydreaming in class about who knows what, when I thought of my fire poofer project...I tried to think of ways I could apply a fireball shooter to things in ways that would be pretty awesome. I thought of using a microcontroller to sync the fire to the beat of music - now that would be pretty cool, and the patterns would always be different, so it wouldn't get as boring as fast. Then I thought of the game Guitar Hero."
High school student Chris Marion hacks a guitar controller and builds FireHero
. Facemelting ensues.
In late December 2010, fail0verflow
, a team of European hackers, demonstrated that the Playstation 3's security was fundamentally flawed
and managed to obtain the encryption key
used by the device (see previous discussion
). Utilizing the techniques developed by the fail0verflow team, iPhone hacker George Hotz
released the encryption key
publically, which enables the execution of arbitrary code on the console. Now Sony is suing
both George Hotz and members of the fail0verflow team. [more inside]
The Wikileaks Cablegate scandal is the most exciting and interesting hacker scandal ever. I rather commonly write about such things, and I’m surrounded by online acquaintances who take a burning interest in every little jot and tittle of this ongoing saga. So it’s going to take me a while to explain why this highly newsworthy event fills me with such a chilly, deadening sense of Edgar Allen Poe melancholia.
But it sure does.Bruce Sterling on the world of post-Wikileaks diplomacy.
Silverpop Systems Inc, an email marketing firm with 105 customers
has had its database systems hacked
last week. [more inside]
An anonymous hacking outfit called "Gnosis" has infiltrated Gawker Media
, hijacking the front page
and leaking the company's internal chat logs, source code, and content databases along with the usernames, email addresses, and passwords of over 1.3 million users
(including Gawker staff). The attack, which was motivated by what the group describes as the "outright arrogance"
with which the company's bloggers taunted anonymous imageboard 4chan (semi-previously)
, affects every site in the Gawker network, including Gizmodo, Kotaku, Lifehacker, Jezebel, Deadspin, Jalopnik, and io9. While most of the leaked passwords are encrypted, more than 200,000 of the simpler ones in the torrent file have been cracked, and the links between account names and email addresses are in plaintext for all to see. Since the integrity of Gawker's encryption methods remains in doubt
, it is recommended that anyone who has ever registered an account on any Gawker property change their passwords immediately, especially if the same log-in information is used for other services.
Music Hack Day heads back to Boston October 16 and 17.
Music Hack Day is a free-to-attend 24-hour convergence over two calendar days designed to throw together programmers, musicians, artists, conceptualizers, and, of course, marketers and promoters. "Music + software + hardware + art + the web. Anything goes as long as it's music related." Music Hack Day London
just ended (September 4, 5). My favorite (and the MHD-London winner!) was Speakatron
, which is WebCam + Software = Goofy Fun! (related, previously
) [more inside]
Last week, the New York Times magazine published an explosive article
about the phone-hacking exploits at the Rupert Murdoch-owned British tabloid News Of The World
under the then-editorship of Andy Coulson, now the the Government's chief of communications
. Following the NYT's investigation, questions about the "unhealthy" relationship between the Metropolitan Police and the press
(particularly Murdoch's News International
, which also includes The Sun, The Times and the Sunday Times), and further claims that an independent inquiry was abandoned so as not to upset the Metropolitan Police
, assistant Met Commissioner John Yates was questioned
[video; 4 mins] on Tuesday by the Home Affairs select committee. Following an emergency debate
in Parliament today, which concerned the fact that MPs of all parties may have had their phones hacked (and therefore had their Parliamentary Privilege
breached), the Standards and Privileges Committee
, the most powerful committee in Parliament, is to open an inquiry which will be able to compel witnesses to give evidence
. Meanwhile, former News of the World reporters are coming out the woodwork, claiming that hacking at the paper was "rife"
, and the pressure is on Coulson to resign his £140,000 job at No. 10, with a poll
[pdf] which says 52% of the public says he should go. [more inside]
"Millions" Of Home Routers Vulnerable to a Web Hack
At the upcoming Black Hat Conference
, to be held on July 29th in Las Vegas this year, a security researcher and ethical hacker
named Craig Heffner
will reveal a software tool to exploit a large-scale vulnerability
in most home routers that will give users outside of the network access to the device. [more inside]
Andrew Shane Huang is a 35 year old hardware hacker, known to some as bunnie
, and others as that guy who hacked the Xbox
and went on to write a book about it
. Finding the hidden key to the Xbox
was an enjoyable distraction
while he worked on getting his PhD in Electrical Engineering from MIT as part
of Project Aries
. Since then, he has written for
(and been written about
) in Make Magazine
, has giving talks on the strategy of hardware openness
and manufacturing practices in China
, as experienced with the development of the opensource ambient
" called Chumby
. When he's not busy on such excursions, bunnie writes about hacking
(and more specifically, Chumby hacking
), technology in China
, and even biology
in exquisite detail on the bunnie studios blog
). [more inside]
The first Global Hackathon organized by Random Hacks of Kindness
has begun. Satellite-linked hackers are attending events in Washington DC, Sydney, Nairobi, Jakarta, and Sao Paulo. Some of the projects being coded right now: Near-Realtime UAV (unmanned aerial vehicle) image processing
BushFire Connect Project
; Person finder [more inside]
The North Skirt
. You need never be fashionably lost in the woods again.
Citing security concerns, Sony has decided to release a firmware update
that will disable the "OtherOS" feature on its older (non-slim) PlayStation 3 systems. This is almost certainly a response to the system finally being hacked
two months ago by George "GeoHot" Hotz. To counter Sony's disabling of the feature, Hotz, who previously stated that he would not be releasing custom firmware for the PS3, now plans to do so
"The PlayStation 3 is the only product I know that loses features throughout its lifecycle. Software PS2 emulation, SACD playback, and OtherOS support are all just software switches you can flip. It's unbelievable you would go and flip one, not just on new boxes you are shipping, but on tens of millions already in the field."
Korean cyber attack on 2-channel An army of Korean netizens apparently attacked the Japanese Internet forum 2chan for their anti-Korean postings, including those targeting Korea’s Olympic gold-medal-winning figure skater Kim Yu-na, causing the site to shut down on Monday (March 1). [more inside]
The Google/China hacking case,
or "How many news outlets do the original reporting on a big story?"