Machine Politics. George Hotz, Sony, and the Anonymous hacker wars.
In 1984, Congress passed a law called the Computer Fraud and Abuse Act, in the wake of some high profile incidents of hacking. Designed to prosecute hackers, the law is written vaguely enough that it has, in recent years, been used (with varying degrees of success) to prosecute people violating terms of an employer's computer usage policies, or in the infamous case of Lori Drew, a Terms of Service agreement. But today, the 9th circuit court of appeals ruled that employees can not be prosecuted under the CFAA for violating an employer's computer use policies, dealing a blow to the Obama administration’s Justice Department, which is trying to use the same theory to prosecute alleged WikiLeaks leaker Bradley Manning.
Murdoch's Scandal - Lowell Bergman (the journalist portrayed by Al Pacino in The Insider) has investigated News Corporation for PBS Frontline [transcript]. He depicts Rupert Murdoch's British operation as a criminal enterprise, routinely hacking the voicemail and computers of innocent people, and using bribery and coercion to infiltrate police and government over decades. Enemies are ruthlessly "monstered" by the tabloids. Bergman also spoke to NPR's Fresh Air [transcript]. But the hits keep coming: in recent days News Corp has been accused of hacking rival pay TV services and promoting pirated receiver cards in both the UK and Australia. With the looming possibility of prosecution under America's Foreign Corrupt Practices Act, how long will shareholders consider Rupert Murdoch irreplaceable? [Previous 1 2 3 4]
The British newspaper The Guardian has obtained a cache of 3,000 emails purported to have been exchanged between Syrian President Bashar al-Assad, his wife, and a close circle of advisers and friends. The personal emails allegedly show Assad dismissing his government's proposed reforms, mocking the efforts of Arab League monitors to spot military tanks besieging cities, as well as Assad's wife placing extravagant shopping orders, sometimes through intermediaries. [more inside]
The Kaspersky analysts over at Securelist uncovered some interesting things deep in the bowels of the code of a trojan. The hooks of the trojan are written using standard, well known languages and interfaces (C++, DLLs and such), but the payload, upon analysis, seems to be written using some heretofore unknown programming language. Can you figure out what language the Duqu trojan is written in? (via Lambda the Ultimate Programming Blog)
"Ron Paul has regularly met with many A3P members, even engaging in conference calls with their board of directors."
Hacker group Anonymous has discovered that Ron Paul is working directly with the neo-Nazi group American Third Position Party, whose members occupy key posts in Paul's campaign and whose directors have had conference calls with the Congressman and Presidential candidate. The full information release can be viewed at pirasec.org, though the interface is fairly clunky.
The holiday season isn't always relaxing for those in the computing security field. 2011's Chaos Communication Congress brought many gifts in the form of vulnerability disclosures, including: malicious documents that infect HP printers, remote control vulnerabilities in prison lock systems, and denial-of-service attacks against Web servers written in just about every scripting language.
Edwardian Era Grey Hatting. How a magician and part time inventor used griefing to expose security flaws in Marconi's radio transmission system, in 1903. [more inside]
Webcam is a short film which explores the concept (and apparent reality) of "webcam hacking." Straight link Vimeo. Warning: Vimeo comments contain spoilers.
"We’re allowing a whole new level of intelligence in the networks...We can take a copy of everything coming through our switch and dump it off to the FBI."
The Surveillance Catalog: Where Governments Get Their Spying Tools The Wall Street Journal has obtained a "trove" of documents from the secretive retail market in surveillance technology sold to world governments, and has created a searchable database for your enjoyment. "Among the most controversial technologies on display at the conference were essentially computer-hacking tools to enable government agents to break into people's computers and cellphones, log their keystrokes and access their data..." E.g., FinFisher installs malware by sending fake software updates for Blackberry and other devices; VUPEN's Exploits for Law Enforcement Agencies "aim to deliver exclusive exploit codes for undisclosed vulnerabilities" in software from Microsoft, Apple and others. [more inside]
One month ago, Électricité de France S.A. (EDF), one Europe's biggest power producers, went on trial for allegedly hiring a security firm to hack into Greenpeace's computers. Today, the sentence has come down and the security firm, EDF, and its executives (and in a separate sentence of the broader hacking trial, disgraced bicyclist Floyd Landis), will be seeing fines and jail time. Greenpeace responds.
On October 18, Wired embedded a reporter with both Anonymous and the #Occupy movement, calling both "a new kind of hybrid entity, one that breaks the boundaries between “real life” and the internet, creatures of the network embodied as citizens in the real world." The first entries in Quinn Norton's ongoing special report: Anonymous 101: Behind the Lulz were posted today. Coverage from Wired's other special report, Occupy: Dispatches from the Occupation are already online. NPR: Members Of Anonymous Share Values, Aesthetics [more inside]
The Socialbot Network - A UBC study suggests that many Facebook users will friend total strangers. Researchers said they collected 250 gigabytes of information from Facebook users by using socialbots — fake Facebook profiles created and controlled by computer code (sic). The researchers said they got the approval of UBC’s behavioural research ethics board. The data they collected was encrypted and anonymized and deleted after they completed their data analysis. [more inside]
Hacking with gestures in a 3D space is now possible, with Kinectasploit (a mashup of Metasploit and Kinect with OpenNi, in a Blender-made environment). (via Slashdot)
250 lucky attendees to a right-wing concert in Germany were given free souvenir t-shirts with the slogan "Hardcore rebels” and a skull and nationalist flags. [more inside]
Enter the Cyber-dragon. "Hackers have attacked America’s defense establishment, as well as companies from Google to Morgan Stanley to security giant RSA, and fingers point to China as the culprit. The author gets an exclusive look at the raging cyber-war—Operation Aurora! Operation Shady rat!—and learns why Washington has been slow to fight back. Related: Michael Joseph Gross goes inside Operation Shady Rat."
"Gambiarra refers to an unlikely mend, an unthinkable coupling, a solution so raw and transparent that it illustrates the problem at hand instead of eliminating it."
In Brazil, "gambiarra" is the art of improvising makeshift repairs - spontaneously solving the problem at hand with whatever is in hand. Wikipedia Brazil has a bit more on the topic and how it extends to architecture and programming. Gambilogia is an arts group exploring this DIY aesthetic. Interestingly, there's lots of discussion around gambiarra. Personally, I find the original quick fixes more compelling (examples at bottom of the article).
In-depth pieces in Vanity Fair and Wired detail the structure and impact of the Stuxnet worm, and what it means for the future of cybersecurity. (Previously)
not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities
"Hackers of the world are uniting and taking direct action against our common oppressors - the government, corporations, police, and militaries of the world" says LulzSec (previously) in their latest release, Chinga La Migra. "We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 (previously) and the racial profiling anti-immigrant police state that is Arizona."
#antisec is a new track from nerdcore rapper ytcracker (previously)
#antisec is a new track from nerdcore rapper ytcracker (previously)
People who use Sony don't make very good passwords. "None of this is overly surprising, although it remains alarming. We know passwords are too short, too simple, too predictable and too much like the other ones the individual has created in other locations. The bit which did take me back a bit was the extent to which passwords conformed to very predictable patterns, namely only using alphanumeric character, being 10 characters or less and having a much better than average chance of being the same as other passwords the user has created on totally independent systems." [more inside]
'The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.'
Over the weekend, PBS' website was hacked by a group calling itself "The Lulz Boat", or "LulzSec". The PBS site displayed a story claiming that rapper Tupac Shakur was alive and well in New Zealand. (He's not). The hack was apparently over the Frontline program that aired last week, 'Wikisecrets', which Julian Assange called "hostile". This follows a separate, unrelated breach at Lockheed Martin, also publicized over the weekend. (Previously)
Last night at midnight, more than a gigabyte of internal memos from the US Chamber of Commerce and two other conservative think-tanks were leaked to the Internet. Although no announcement has been posted to the semi-official Anonymous web site, the archive contains a README file crediting the hacker/cracker/griefer collective. [more inside]
Sony's PlayStation Network and Qriocity have been down since April 20 2011 due to an illegal intrusion. Today Sony announced that user data - birthdate, user name, password, e-mail address, possibly credit card information, and more - has been compromised for its 69 million users, exposing them to identify theft amongst other things. [more inside]
Engineer-turn-blogger Scott Whitlock offers some insight into the limitation of free markets. [more inside]
Computer security vendor RSA, maker of two-factor authentication SecurID, has been hacked by unknown parties. In an open letter to it customers RSA Executive Chairman Arthur W. Coviello, Jr. calls the attack the work of an Advanced Persistent Threat, meaning a highly skilled, well-funded group acting deliberately & precisely to achieve a specific goal. RSA's clients include many Fortune 100 companies, US Government, Military & Intelligence Community organizations.
Using honeypots and logging tools, some server admins have logged actual server break-in attempts by nincompoop crackers. [more inside]
"I almost can't believe I'm witnessing this. We're inside the fortress of terror, our very own Mordor..." [more inside]
Aaron Barr, of security company HBGary, claimed in the Financial Times to have infiltrated Anonymous and to be collecting information on members of the group. Predictably, Anonymous responded by hacking HBGary's website and replacing its front page, as well as by stealing Barr's research documents on Anonymous (and social networking accounts) and releasing them to the public, along with thousands of internal HBGary emails.
UK cosmetics company Lush cultivates an image of quirky naiveté in its marketing, even when it loses the credit card details of thousands of customers. [more inside]
Adachi Tomomi, Alex Baker, Ian Baxter, Ithai Benjamin, Lesley Flanigan, Lorin Edwin Parker, Peter Blasser, Phil Archer, Todd Bailey, Tommy Stephenson & Patrick McCarthy, Tuomao Tammenpaa, and Vasco Alvo are all featured in Nicolas Collins' extraordinarily good book Handmade Electronic Music.
"I was daydreaming in class about who knows what, when I thought of my fire poofer project...I tried to think of ways I could apply a fireball shooter to things in ways that would be pretty awesome. I thought of using a microcontroller to sync the fire to the beat of music - now that would be pretty cool, and the patterns would always be different, so it wouldn't get as boring as fast. Then I thought of the game Guitar Hero." High school student Chris Marion hacks a guitar controller and builds FireHero. Facemelting ensues.
In late December 2010, fail0verflow, a team of European hackers, demonstrated that the Playstation 3's security was fundamentally flawed and managed to obtain the encryption key used by the device (see previous discussion). Utilizing the techniques developed by the fail0verflow team, iPhone hacker George Hotz released the encryption key publically, which enables the execution of arbitrary code on the console. Now Sony is suing both George Hotz and members of the fail0verflow team. [more inside]
Oakland County man faces 5 years in prison for hacking his wife's email. So, is email snooping a crime?
The Wikileaks Cablegate scandal is the most exciting and interesting hacker scandal ever. I rather commonly write about such things, and I’m surrounded by online acquaintances who take a burning interest in every little jot and tittle of this ongoing saga. So it’s going to take me a while to explain why this highly newsworthy event fills me with such a chilly, deadening sense of Edgar Allen Poe melancholia.
But it sure does.
Bruce Sterling on the world of post-Wikileaks diplomacy.
But it sure does.
Bruce Sterling on the world of post-Wikileaks diplomacy.
Silverpop Systems Inc, an email marketing firm with 105 customers has had its database systems hacked last week. [more inside]
An anonymous hacking outfit called "Gnosis" has infiltrated Gawker Media, hijacking the front page and leaking the company's internal chat logs, source code, and content databases along with the usernames, email addresses, and passwords of over 1.3 million users (including Gawker staff). The attack, which was motivated by what the group describes as the "outright arrogance" with which the company's bloggers taunted anonymous imageboard 4chan (semi-previously), affects every site in the Gawker network, including Gizmodo, Kotaku, Lifehacker, Jezebel, Deadspin, Jalopnik, and io9. While most of the leaked passwords are encrypted, more than 200,000 of the simpler ones in the torrent file have been cracked, and the links between account names and email addresses are in plaintext for all to see. Since the integrity of Gawker's encryption methods remains in doubt, it is recommended that anyone who has ever registered an account on any Gawker property change their passwords immediately, especially if the same log-in information is used for other services.
Music Hack Day heads back to Boston October 16 and 17. Music Hack Day is a free-to-attend 24-hour convergence over two calendar days designed to throw together programmers, musicians, artists, conceptualizers, and, of course, marketers and promoters. "Music + software + hardware + art + the web. Anything goes as long as it's music related." Music Hack Day London just ended (September 4, 5). My favorite (and the MHD-London winner!) was Speakatron, which is WebCam + Software = Goofy Fun! (related, previously) [more inside]
Last week, the New York Times magazine published an explosive article about the phone-hacking exploits at the Rupert Murdoch-owned British tabloid News Of The World under the then-editorship of Andy Coulson, now the the Government's chief of communications. Following the NYT's investigation, questions about the "unhealthy" relationship between the Metropolitan Police and the press (particularly Murdoch's News International, which also includes The Sun, The Times and the Sunday Times), and further claims that an independent inquiry was abandoned so as not to upset the Metropolitan Police, assistant Met Commissioner John Yates was questioned [video; 4 mins] on Tuesday by the Home Affairs select committee. Following an emergency debate in Parliament today, which concerned the fact that MPs of all parties may have had their phones hacked (and therefore had their Parliamentary Privilege breached), the Standards and Privileges Committee, the most powerful committee in Parliament, is to open an inquiry which will be able to compel witnesses to give evidence. Meanwhile, former News of the World reporters are coming out the woodwork, claiming that hacking at the paper was "rife", and the pressure is on Coulson to resign his £140,000 job at No. 10, with a poll [pdf] which says 52% of the public says he should go. [more inside]
"Millions" Of Home Routers Vulnerable to a Web Hack At the upcoming Black Hat Conference, to be held on July 29th in Las Vegas this year, a security researcher and ethical hacker named Craig Heffner will reveal a software tool to exploit a large-scale vulnerability in most home routers that will give users outside of the network access to the device. [more inside]
Andrew Shane Huang is a 35 year old hardware hacker, known to some as bunnie, and others as that guy who hacked the Xbox and went on to write a book about it. Finding the hidden key to the Xbox was an enjoyable distraction while he worked on getting his PhD in Electrical Engineering from MIT as part of Project Aries. Since then, he has written for (and been written about) in Make Magazine, has giving talks on the strategy of hardware openness and manufacturing practices in China, as experienced with the development of the opensource ambient "internet-based TV" called Chumby. When he's not busy on such excursions, bunnie writes about hacking (and more specifically, Chumby hacking), technology in China, and even biology in exquisite detail on the bunnie studios blog (previously). [more inside]
The first Global Hackathon organized by Random Hacks of Kindness has begun. Satellite-linked hackers are attending events in Washington DC, Sydney, Nairobi, Jakarta, and Sao Paulo. Some of the projects being coded right now: Near-Realtime UAV (unmanned aerial vehicle) image processing; BushFire Connect Project; Person finder [more inside]
The North Skirt. You need never be fashionably lost in the woods again.
Citing security concerns, Sony has decided to release a firmware update that will disable the "OtherOS" feature on its older (non-slim) PlayStation 3 systems. This is almost certainly a response to the system finally being hacked two months ago by George "GeoHot" Hotz. To counter Sony's disabling of the feature, Hotz, who previously stated that he would not be releasing custom firmware for the PS3, now plans to do so: "The PlayStation 3 is the only product I know that loses features throughout its lifecycle. Software PS2 emulation, SACD playback, and OtherOS support are all just software switches you can flip. It's unbelievable you would go and flip one, not just on new boxes you are shipping, but on tens of millions already in the field."
Korean cyber attack on 2-channel An army of Korean netizens apparently attacked the Japanese Internet forum 2chan for their anti-Korean postings, including those targeting Korea’s Olympic gold-medal-winning figure skater Kim Yu-na, causing the site to shut down on Monday (March 1). [more inside]