Archive for hacking

Newer Entries »

LulzSec Hacks Arizona Law Enforcement….Leaks Classified Data

Posted in Commentary with tags , on June 23, 2011 by itnerd

Those guys or girls from LulzSec are at it again. This time using the Pirate Bay, they’ve leaked “hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement” which they call “Chinga La Migra” (F**k the Border Patrol). Clearly a political move. Here’s what they had to say:

We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 and the racial profiling anti-immigrant police state that is Arizona.

The documents classified as “law enforcement sensitive”, “not for public distribution”, and “for official use only” are primarily related to border patrol and counter-terrorism operations and describe the use of informants to infiltrate various gangs, cartels, motorcycle clubs, Nazi groups, and protest movements.

Every week we plan on releasing more classified documents and embarassing personal details of military and law enforcement in an effort not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities fighting an unjust “war on drugs”.

Hackers of the world are uniting and taking direct action against our common oppressors – the government, corporations, police, and militaries of the world.

See you again real soon! ;D

Well, this really ups the stakes. You can bet that some serious law enforcement time and effort is going to be spent to shut these dudes down. That’s because there’s no way that law enforcement is going to let this slide. I wouldn’t want to be LulzSec right about now.

Leave a comment »

LulzSec Hacker Busted… Or Not…

Posted in Commentary with tags , on June 21, 2011 by itnerd

There’s a report floating around that a member of LulzSec has been arrested over the Sony hacks:

The 19-year-old is suspected of hacking into systems and mounting denial of service attacks against “a number of international businesses and intelligence agencies,” police said.

Naming suspects who have been arrested is illegal in Britain.

Apparently they took his computer to prove he was linked to LulzSec:

The suspect’s computer will also be examined for links to LulzSec, another police spokesman told CNN, who also declined to be named in line with custom.

But LulzSec denied the arrest on their Twitter feed in typical LulzSec fashion. So the question is, did U.K. Cops get a member of LulzSec or not? Time will tell. But you can fully expect LulzSec to do something in revenge shortly.

Leave a comment »

Hey IT Nerd – Who Is LulzSec? Should I Be Worried?

Posted in Commentary with tags , on June 19, 2011 by itnerd

If you haven’t heard of this hacker group before, you’ve likely heard of their exploits. They’ve hacked Sony, the CIA, and posted account info of various companies online. So who are LulzSec? Lulz Security (LulzSec for short) are a group of hackers with a very interesting sense of humor. The name comes from LOL or laugh out loud because according to them, they do hacks “for the lulz.” They seem to be into pranks and exposing weak security rather than being any sort of serious cyberterrorist group. They announce their hacks and taunt their targets via their Twitter feed.

Should you be worried about this group? Only if you’re a government agency or a major company. The average person likely has nothing to worry about, although they did release that account info recently that likely has a lot of average people very concerned. The only thing that I have to say about them is that their exploits are gaining them a lot of attention. Sooner or later it’s going to get the attention of law enforcement who will be arresting them “for the lulz.” Until that happens, you should expect to be hearing from them a lot.

Leave a comment »

Bill Propsed To Force US Companies To Report Hacks…. About Freaking Time!

Posted in Commentary with tags , on June 13, 2011 by itnerd

Here’s something that is long overdue. A bill is in front of the US House Of Representatives to force companies to disclose when they’ve been hacked:

Rep. Mary Bono Mack, R-Calif., is circulating draft legislation that would require companies to provide a basic level of protection for consumers’ personal information and notify the government when data is stolen.

After Mack held hearings last month on enormous data breaches at companies like Sony and Epsilon, she promised to introduce a bill to protect consumer information. The International Monetary Fund and Citigroup have also reported recent cyberattacks.

Mack’s discussion draft promises to “protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach.” According to a background staff memo, the Secure and Fortify Electronic Data [SAFE Data] Act, is based on a bill that passed the House in the last Congress.

The bill has these key features:

The bill would require companies to dispose of old or unnecessary data, as well as notify the government within 48 hours of discovering a breach, unless the breach is an accident.

Excellent. My US readers should call their local Member of Congress and tell them that they need to support this bill. For too long companies have had a free ride when it comes to this issue. It’s time that they’re held to a much higher standard. In fact it’s beyond time.

So Canadian readers are likely wondering the following: When does Canada get something like this? Granted, Canada’s privacy laws do require companies to get rid of personal info they no longer need, but there’s nothing to require companies to report when they’ve been hacked. That’s where things are lacking. It’s time that Canada does something about that just like our friends to the south seem to be doing.

1 Comment »

Chinese Hackers Hit Gmail

Posted in Commentary with tags , , on June 1, 2011 by itnerd

Several high profile Gmail users were hit by Chinese hackers according to Google:

Google says computer hackers in China broke into the Gmail accounts of several hundred people, including senior government officials in the U.S. and political activists.

“This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists,” Google said in a statement

“The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings.”

Google says all victims have been notified and their accounts have been secured.

“It’s important to stress that our internal systems have not been affected — these account hijackings were not the result of a security problem with Gmail itself,” Google said. “But we believe that being open about these security issues helps users better protect their information online.”

Here’s the problem. This is yet another cyberattack from China, and you have to believe that even if the Chinese government doesn’t directly support these sorts of attacks, they don’t seem to be too interested in stopping these attacks. Which still makes them pretty guilty in my mind.

My advice, I’d change your Gmail password and make it as secure as possible. It doesn’t hurt to be careful.

Leave a comment »

Chinese Espionage Network Is Out For Your Bits [UPDATED]

Posted in Commentary with tags , on March 30, 2009 by itnerd

According to the CBC, a group of Canadians have discovered a massive espionage network based in China that has “pwned” the computers of governments and private organizations in 103 countries:

The researchers said the spy network, dubbed GhostNet, infiltrated at least 1,295 computers, many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centres in India, Brussels, London and New York.

“Significantly, close to 30 per cent of the infected computers can be considered high-value and include the ministries of foreign affairs in Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan,” the researchers said.

Other compromised computers were discovered at embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.

The list continues with the network infiltrating economic organizations in Southeast Asia, news organizations, and an unclassified computer located at NATO headquarters.

Although almost all the hackers were based in China, the researchers could not say whether they are working for the government.

Given that there’s very little that can be done in China without the approval of the government, it seems to me that it would be highly unlikely that the Chinese government isn’t somehow involved in this. But according to their sock puppet spokesperson, that’s not the case:

The spokesman, Wenqi Gao, told The New York Times these are “old stories” and “nonsense.”

Sure. As if we really expected you to say anything else.

In any case, the victims get marware installed on their computers via an e-mail. Once the marware has set up shop, the hackers have full control of the infected computers. They can look at e-mails, documents, and even turn on a webcam or microphone. Oh by the way, there’s currently no way for you to detect this marware.

Scary stuff!

I hope that the research team releases what it knows on this marware to anti-virus makers so that we can be fully protected against this threat. I also hope that serious attempts are made to bring this network down.

UPDATE: Meet the guys who discovered this threat. You can also get more details about how they got the 411 on this threat as well, including the use of a very elite tool to track down the hackers: Google.

Leave a comment »

Winner Of Pwn2Own Says Macs Are Still Safer Despite The Fact That He Hacked One In Seconds…. Fanbois Jump For Joy

Posted in Commentary with tags , on March 27, 2009 by itnerd

Charlie Miller who won the Pwn2Own contest at CanSecWest this year by cracking a MacBook wide open in seconds sat down for an interview with Tomshardware.com recently. In that interview, he stated the following:

” I’ll leave Linux out of the equation since I know my grandma couldn’t run it. Between Mac and PC, I’d say that Macs are less secure for the reasons we’ve discussed here (lack of anti-exploitation technologies) but are more safe because there simply isn’t much malware out there. For now, I’d still recommend Macs for typical users as the odds of something targeting them are so low that they might go years without seeing any malware, even though if an attacker cared to target them it would be easier for them.

That’s sure to make the fanbois out there really happy. But I would hardly call that a ringing recommendation.

Oh what’s his recommendations about security? I think you might find his comment interesting:

For all OS’s, make sure you keep your system up to date. That’s the best thing you can do. On a PC, I’d recommend running some AV software to help clean up when things go bad. Otherwise, just be smart, pay attention, and hope for the best. It is possible to really lock down your computer (running noscript for example) and make it safer, but in my opinion it’s not worth the trouble and the loss of functionality you experience.

That’s not exactly comforting. But at least you can reduce your chances of getting “pwned.”

I would recommend reading the rest of the interview as it contains a ton of interesting insights.

Leave a comment »

Pwn2Own Hacking Contest Proves Absolutely Nothing Is Safe

Posted in Commentary with tags , , , , , on March 19, 2009 by itnerd

It’s day one at the CanSec Pwn2Own hacking contest and the big boys are falling like stock prices on Wall St. Microsoft took the biggest hit of the day when a Sony Vaio running Windows 7 and the allegedly unhackable Internet Explorer 8 were hacked by a hacker named “Nils” who gets to keep the Sony Vaio as well as pocketing $5000 in cash.

You can expect that Microsoft CEO Steve Ballmer is regretting that he said that Internet Explorer 8 had  “protection that no other browser can match.” Of course the fact that IE 8 got hacked right before it was to be released to the public isn’t good either.

“Nils” later went on to hack Safari (Although he wasn’t the first to do that… More on that in a second) and Firefox later in the day earning mad props from those in attendance. The first person to hack Safari however was Charlie Miller who has “Pwned” Apple in the past. He hacked Safari and took over the Macbook that it was running on seconds into the competition to net him both the Macbook and $10000 cash.

You can bet that “The Steve” is somewhere saying “Curses! Pwned again!”

All the participants who successfully hack something have to sign NDA’s so that the companies who get “Pwned” can fix the issues before exploits appear. So you can expect to see a flurry of patches and updates hitting the streets shortly. Oh and by the way, Windows Mobile, Android, Symbian, iPhone and BlackBerry smart phones are all on the table as hacking targets. So you can expect the fun to continue for the next few days.

1 Comment »

Hack In Pakistan, Get Death Penalty…. Makes Jail Time Look Like A Vacation

Posted in Commentary with tags , on November 7, 2008 by itnerd

In North America, you hack and get caught, you do some time. Then you become a security consultant and cash in on your fame infamy. But in Paikistan, if you hack you could die according to Reuters:

“Whoever commits the offence of cyber terrorism and causes death of any person shall be punishable with death or imprisonment for life,” according to a copy of the ordinance, published by the state-run APP news agency.

Okay, so exactly what do you have to do to get the death penalty? Simple:

The ordinance listed several definitions of a “terroristic act” including stealing or copying, or attempting to steal or copy, classified information necessary to manufacture any form of chemical, biological or nuclear weapon.

The latter is important seeing as Pakistan has nukes, and they have a terrorist problem that they need to solve before someone solves it for them. There are lesser punishments like 10 years in prison for some crimes, but death seems harsh to me. But I guess they have to show some backbone to make it look like they’re serious about this.

Leave a comment »

Newer Entries »