Hacker Herald: March 2012

Saturday, March 31, 2012

Are you being more private on Facebook?

Over 100,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.

Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.

Facebook logo A study shows that Facebook users are wising up to privacy, says research presented by the Polytechnic Institute of New York University at the 4th IEEE International Workshop on Security and Social Networking.

Researchers looked at 1.4 million Facebook profiles from New York City in March 2010 and then again 15 months later in June 2011, reports The Atlantic.

And guess what they found?

In March 2010, about 1 in 5 users hid their friends' list. By June 2011, this number had more than doubled to 53 percent. They also discovered that kids are smarter online than many of us give them credit for.

The researchers were quoted in The Atlantic:

We have found that women tend to be more private than men, and that young and middle aged people tend to be more private than older users....We have found that people living in the wealthier boroughs and in boroughs with more US-born users tend to be more privacy conscious.

It is staggering shift in such a short amount of time. From a security point of view, it is great to see that people are taking privacy concerns more seriously.

But this is not to say that I underestimate the value of social networks. Using them wisely and considerately, rather than using it as a diary for the world to read, is what I hope we are moving towards. Findings like this give me hope.

What about you?

http://twitter.com/caroletheriault

View the original article here

Tuesday, March 6, 2012

Election hacked, drunken robot elected to school board - Register

RSA 2012 Security experts have warned that electronic voting systems are decades away from being secure, and to prove it a team from the University of Michigan successfully got the foul-mouthed, drunken Futurama robot Bender elected to head of a school board.

In 2010 the Washington DC election board announced it had set up an e-voting system for absentee ballots and was planning to use it in an election. However, to test the system, it invited the security community and members of the public to try and hack it three weeks before the election.

"It was too good an opportunity to pass up," explained Professor Alex Halderman from the University of Michigan. "How often do you get the chance to hack a government network without the possibility of going to jail?"

With the help of two graduate students, Halderman started to examine the software. Despite it being a relatively clean Ruby on Rails build, they spotted a shell injection vulnerability within a few hours. They figured out a way of writing output to the images directory on the compromised server, and of encrypting traffic so that the front-end intrusion detection system couldn't spot them. The team also managed to guess the login details for the terminal server used by the voting system. This wasn't exactly difficult, since the user name and password were both "admin".

Once in, the team searched the government servers for additional vulnerabilities and system options. They found that the cameras installed to watch the voting systems weren't protected, and used them to work out when staff left for the day and so wouldn't spot server activity. More worrying, they also found a PDF file containing the authentication codes for every Washington DC voter in the forthcoming election.

The team altered all the ballots on the system to vote for none of the nominated candidates. They then wrote in names of fictional IT systems as candidates, including Skynet and (Halderman's personal favorite) Bender for head of the DC school board. They also set up systems so that any further ballots would come under their control.

According to the log files the team found, plenty of people were also busy trying to get into the system. They spotted attempts to get in from the Persian University, as well as India and China. Using their inside access, they blocked these attacks. Finally, they inserted the word "owned" onto the final signoff screen of the voting page, and set up the University of Michigan football fight song to play after 15 seconds.

It took two days before the authorities discovered they'd been pwned, and they were only alerted to that fact when another tester told them the system was secure, but that they should lose the music on the sign-off screen, as it was rather annoying. Halderman has now published a full account of the attack.

The attack demonstrates several of the flaws in electronic voting systems, and at numerous sessions at the RSA 2012 conference in San Francisco, experts have consistently warned against the dangers of this technology. In the US, there are 33 states that have introduced some kind of electronic voting systems – and none of them are secure enough to resist a determined attacker said Dr. David Jefferson from Lawrence Livermore National Labs.

"The states are in the habit of certifying voting systems, typically without testing them or seeing the source code," he said. "In many cases the voting system uses proprietary code that government can't legally check, and the running of the systems is outsourced to the vendors. This situation is getting worse."

E-voting was a national security issue, he said. Financial attacks by hackers are relatively easy to detect – because at some point money has to leave the system. But if an election is hacked then we may never know, because it's a one-time action that typically isn't checked after the results have been announced and officials elected.

It will be decades before we have the technology to vote securely, Jefferson said, if indeed it is even possible. At stake is democracy itself, but politicians don't seem to understand the problems of electronic voting, and both Jefferson and Halderman expressed fears for the future if current systems become more popular. ®

View the original article here

Monday, March 5, 2012

Hackers Unlock the Box to swipe PS Vitas from Taco Bell - Geek

Hackers Unlock the Box to swipe PS Vitas from Taco Bell – Video Games Reviews, Cheats | Geek.com .wp-polls .pollbar {margin: 1px;font-size: 6px;line-height: 8px;height: 8px;background-image: url('http://www.geek.com/wp-content/plugins/wp-polls/images/default/pollbg.gif');border: 1px solid #c8c8c8;}

Home

Apple

Gadgets

Mobile

Games

Chips

Forums

Shop

Tech Support Chips Apple Mobile Games Gadgets Software The Lounge Geek.com Stuff Cameras Cell Phones Computers Electronics Laptops Memory Monitors PDAs Software Storage Devices Video Games All Products Search: All Articles Products Glossary Forums Username: Password: Cancel Forgot Username / Password? $(document).ready(function(){$('.content').waypoint(function(event, direction) { if (direction === 'down') { $('#share').css('position', 'fixed'); } else { $('#share').css('position', 'relative'); }});$("a#inline").fancybox();});(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1&appId=107500329270870"; fjs.parentNode.insertBefore(js, fjs);}(document, 'script', 'facebook-jssdk'));

Email a copy of: Hackers Unlock the Box to swipe PS Vitas from Taco Bellto a friendYour NameYour EmailFriend's NameFriend's Email
Back to Games Print Hackers Unlock the Box to swipe PS Vitas from Taco Bell Mar. 1, 2012 (11:45 am) By: Lee Mathews

It’s always fun to be selected as the winner of a raffle or contest. But why let chance get involved when you can trick the system into declaring you the winner of an awesome prize like a PS Vita?

That’s exactly what seems to be going on with Taco Bell’s Unlock the Box promotion. Apparently a hacker who goes by the handle Sinister has successfully gamed the contest using a bot — the same one he or she had used earlier to compromise the Vita sign-up page. Sinister then shared his bot with other members of the ExploitN forums about a month ago, with several others then reporting that they, too, had become “winners.” Some actual winners then found that their codes had already been claimed, which caused Taco Bell to cry foul and blame the mix-up on technical glitches.

With more than 1.2 million units sold already, it’s becoming clear that the PS Vita is going to be a hit. Not everyone is willing to shell out the $250 to pick one up, of course, and some of those folks seem to have found a way to get one without having to open their wallets. While finding out how to get something for free can be a good thing, it’s too bad that these cheats screwed legitimate winners out of their prizes in the process.

Of course, Taco Bell probably should have made sure their contest code was up to snuff before flipping the switch…especially with all the hacking that’s been going on with regards to games. Taco Bell is in full lawyer mode now, stating that they’ll pursue “all legal remedies” and noting that defrauding a contest may violate criminal and civil codes.

Whatever the outcome, let’s hope they come up with a better solution for the jilted winners. Right now, Taco Bell is planning on a sort of “consolation draw” for these folks at a later date — which seems odd considering these people should have actually won a Vita.

Hackers claim to have stolen Springfield, Mo., residents' info - STLtoday.com

SPRINGFIELD, Mo. • Springfield officials are offering 2,100 people free identity theft protection for a year after an internationally known group claimed it hacked into the city's website and stole residents' personal information.

KYTV reports the city's website was compromised Feb. 17, and a day later a group known as Anonymous tweeted that it had hacked Missouri government websites.

The group says it will not release information from private citizens, such as Social Security numbers, birth dates and cell phone numbers. But Springfield City Manager Greg Burris says the city is offering one year of ID theft protection insurance to affected residents, just in case.

Burris says the protection will cost a little less than $50,000 to the city, which also is reviewing security measures to prevent future hacking.

View the original article here

Concern Rises Over the Capabilities of Anonymous Hacktivists - PCWorld

When a few members of the politically motivated hacking group Anonymous floated a plan recently to cripple the Internet's core address system, the idea was roundly dismissed by other members of the group.

Trying to disable the Internet by attacking servers critical to the Domain Name System -- the Internet's address look-up system -- would be counter to the group's actions, which depend on a constant online presence, they said.

In any case, experts have said an attack against the root servers that deliver address information for top-level domains would be extremely difficult because of the redundancy built into the system.

"Anonymous understands the strength of these servers and would never have any intention of touching them," said Raven, the screen name for a 23-year-old, U.S.-based member of Anonymous, who is active on its IRC channels. "Same goes for the power grid," he said in an interview via email.

But as Anonymous continues to flex its hacking muscle, it is making officials increasingly nervous. Its actions lately have included the theft of millions of emails from analyst firm Stratfor Global Intelligence, to the recording last month of a conference call between U.S. and British law enforcement agencies.

The director of the U.S. National Security Agency, Gen. Keith Alexander, has warned the White House that Anonymous might have the capability to cause a limited power outage within a year or two, according to a recent report in the Wall Street Journal.

Assessing the motives of Anonymous is difficult since it comprises several groups of hackers and activists and has no central leadership, said Joshua Corman, director of security intelligence for Akamai Technologies, who studies the group.

Cybercriminals motivated by profit are unlikely to try to take down the Internet because it would be contrary to their financial interests, Corman said. But within Anonymous are some "chaotic actors" who can have a "real nasty streak," he said.

"When you don't have centralized leadership, it doesn't matter what most will do, it matters what one of them will do," Corman said.

Only a small core of Anonymous is thought to have the technical know-how to carry out such advanced hacking operations. Like most grassroots organizations, its strength comes from the masses who join its cause, whether through electronic attacks or in physical protests wearing the Guy Fawkes masks that have become a hallmark of the group.

For example, Anonymous encouraged its supporters to download a Web-based tool in November 2010 to conduct distributed denial-of-service attacks against financial companies that turned off payment processing for the whistle-blowing site WikiLeaks.

But security analysts said the crude tool left activists' IP addresses exposed, which could provide a way for authorities to try to track them down.

"There's really only a few hackers out in the movement that really deserve the term 'hackers,'" said Barrett Brown, a writer and activist who works closely with Anonymous and the affiliated AntiSec group and is the founder of Project PM.

While Anonymous could develop the skills to damage power plants within a year or so, attacks on large-scale infrastructure "don't really serve our purposes," Brown said.

Anonymous' decentralized structure also has a big disadvantage: Other groups of hackers, for example from China or Russia, could strike critical targets and then blame Anonymous in an attempt to confuse investigators, a so-called "false flag" attack.

"I see the benefit for others who would want to sow fear and use the Anonymous name as the shield to do whatever they like, and it will be blamed on Anonymous," said Scot A. Terban, an independent information security and open-source intelligence analyst.

If something happened to a water or power plant and was attributed to Anonymous, the "group will be branded a terrorist organization quicker than you can blink an eye," Terban said.

Brown said U.S. officials are already edging close to conflating Anonymous with terrorist groups such as al-Qaida, which could push Anonymous in the direction of wanting to become more accountable in order to credibly deflect false flags.

But the rapidly changing make-up of the group makes it hard even for people within Anonymous to keep current, Brown said. It also makes it harder to coordinate a unified voice for the group.

"It's really a lot of work to keep up with what's going on, even if you're in Anonymous. I wouldn't want to be in law enforcement right now. It's a difficult job," he said.

Send news tips and comments to jeremy_kirk@idg.com

View the original article here

Terrorist hackers waiting in the wings, says F-Secure - Techworld.com

Concern about cyberterrorism was evident this week among security experts at the RSA security conference, who find that some people with extremist views have the technical knowledge that could be used to hack into systems.

Cyberterrorism does not exist currently in a serious form, but some individuals with extremist views have displayed a significant level of knowledge of hacking, so the threat shouldn't be underestimated, said F-Secure's chief research officer Mikko Hypponen.

Other security experts agree. "I think it's something that we should be concerned about. I wouldn't be surprised if 2012 is the year when we start seeing more cyberterrorism," said Mike Geide, a senior security analyst at security vendor Zscaler.

Extremists commonly use the Internet to communicate, spread their message, recruit new members and even launder money in some cases, Hypponen said. Based on the data F-Secure analysed, most groups of radical Islamists, Chechen terrorists or white supremacists seem at this stage more concerned about protecting their communications and hiding incriminating evidence on their computers.

They've even built their own file and email encryption tools to serve this goal and they use strong algorithms that cannot be cracked, Hypponen said. However, there are some extremists out there that possess advanced knowledge of hacking, and they are trying to share it with others, he added.

The researcher has seen members of extremist forums publish guides on how to use penetration testing and computer forensics tools like Metasploit, BackTrack Linux or Maltego. "I don't think they're using these for penetration testing though," Hypponen said.

Others have posted guides on website vulnerability scanning, SQL injection techniques, and on using Google search hacks to find leaked data and more, he said.

Although such extremists have mainly succeeded in unsophisticated web defacements so far, Hypponen believes that cyberterrorists could become the fourth group of Internet attackers after financially motivated hackers, hacktivists and nation states engaging in cyberespionage.

SCADA systems used in industrial facilities could represent a target for cyberterrorist attacks. "If you're talking about terrorism in the real world where you want to blow up a dam or do some destruction, you can potentially do that remotely through a cyber attack," Geide said. The technology required to do this already exists, he said.

The closest we've gotten to a real cyberterrorist attack was the DigiNotar breach which resulted in rogue digital certificates being issued for high profile domain names, said Richard Moulds, vice president of strategy and product marketing at French defence contractor Thales.

The Iranian hacker who took credit for the breach claimed that he had no affiliation to the Iranian government, but he did express pro-government political views in his statements. With Iran currently under the spotlight because of its controversial nuclear energy programme, it will be interesting to see how the country's hackers react, Geide said.

View the original article here

Google Offers $1M to Hackers, Goldman Gets Wells Notice: Hot Trends

NEW YORK (TheStreet) -- Popular searches on the Internet Wednesday include Google(GOOG) as the company announces it will offer $1 million in rewards to hackers who can infiltrate Chrome.

Google said it will pay hackers who are participating in the Pwnium hacking contest not only for infiltrating Chrome but for other targets as well. Google said it will pay $20,000 to any contestant who can hack Windows, Flash or a device driver, which would be problems users of all browsers could face. Google will up the ante for those who can hack Chrome, offering $40,000 each to those who can hack flaws specific to Chrome and $60,000 to those who can exploit only bugs in Chrome. The only other requirement is that those who exploit any flaws must submit the details to Google's security team.

Google said it's willing to pay such high figures in order to test Chrome against some of the world's most innovative hackers in a safer setting where not only will flaws be identified, but fixed.

Goldman Sachs(GS) and Wells Fargo(WFC) are hot topics as both banks revealed they have received "Wells notices" from the Securities and Exchange Commission, which indicates the SEC plans to recommend legal action against the banks and gives the banks time to prepare.

The legal action pertains to the banks' actions involving mortgage-backed securities deals at the time the financial crisis was beginning. Goldman's Wells notice pertains to a $1.3 billion subprime mortgage-backed securities deal the bank underwrote in late 2006. Wells Fargo said its Wells notice related to the bank's disclosures involving mortgage-backed securities.

These Wells notices are the latest in a string of investigations and action the U.S. government is taking to hold banks accountable for their contribution to the subprime housing crisis.

Costco(COST) is another popular search as the company reported better-than-expected fiscal second-quarter earnings and revenue.

Costco's performance beat expectations as profit rose 13%. The wholesale club operator reported net income of $394 million, or 90 cents per share, up from $348 million, or 79 cents, a year ago. Revenue from membership fees also rose to $459 million from $426 million.

View the original article here

Report: Hackers Seized Control of Computers in NASA’s Jet Propulsion Lab

Illustration showing NASA's newest Martian rover, the Curiosity, which will look for past or current conditions favorable for life when it lands later this year. Photo: NASA/JPL

Hackers seized control of networks at NASA’s Jet Propulsion Laboratory last November, gaining the ability to install malware, delete or steal sensitive data, and hijack the accounts of users in order to gain their privileged access, according to a report from the National Aeronautics and Space Administration’s inspector general.

The breach, originating from Chinese-based IP addresses, allowed the intruders to compromise the accounts “of the most privileged JPL users,” giving them “full access to key JPL systems,” according to Inspector General Paul K. Martin in a report to Congress (.pdf).

The investigation of the breach is ongoing, but Martin says the intruders had the ability to modify sensitive files; modify or delete user accounts for mission-critical JPL systems; and alter system logs to conceal their actions.

“In other words, the attackers had full functional control over these networks,” Martin writes.

But this wasn’t the only breach NASA experienced. In 2010 and 2011, the agency had 5,408 computer security incidents that resulted in the installation of malicious software and the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million. Some of the breaches “may have been sponsored by foreign intelligence services seeking to further their countries’ objectives,” Martin writes.

One March 2011 theft of an unencrypted NASA notebook computer resulted in the loss of algorithms used to command and control the International Space Station. In one of the most successful attacks, Martin notes, intruders stole user credentials for more than 150 NASA employees, which could have been used to gain unauthorized access to NASA systems.

NASA operates more than 550 information systems that control spacecraft, collect and process scientific data, and enable NASA personnel to collaborate with colleagues around the world, and spends about $58 million annually for IT security.

“Some NASA systems house sensitive information which, if lost or stolen, could result in significant financial loss, adversely affect national security, or significantly impair our Nation’s competitive technological advantage,” Martin writes.

But even more troubling, he said, skilled attackers “could choose to cause significant disruption to NASA operations, as IT networks are central to all aspects of NASA’s operations.”

Kim Zetter is a senior reporter at Wired covering cybercrime, privacy, security and civil liberties.
Follow @KimZetter and @ThreatLevel on Twitter.

View the original article here

Sunday, March 4, 2012

Anonymous Hackers Claim They Were Infiltrated

People identifying themselves as activists in the Anonymous hacker movement said Wednesday it wasn't technical prowess but police infiltration that yielded 25 arrests in a sweep in Europe and South America.

In conversations in an online chat room where Spanish-speaking activists in the Americas and Spain regularly gather, they said nearly all of those arrested had been active on a single website used by the group.

Among those detained were a Spaniard known by the online nickname "Pacotron" or "Thunder," according to Spanish police and a communique issued by Anonymous Iberoamerica, which said he lives in Malaga.

The statement by the loosely organized collective's Spanish-language branch identified another of those arrested as a Spaniard known as "Troy" who it said owned computer servers in "such distant places as Slovakia and Romania."

Interpol, which announced the arrests Tuesday, did not say how it encountered the 25 suspects, who it says were involved in cyberattacks originating from Argentina, Chile, Colombia and Spain that targeted sites including Colombia's defense ministry and presidency and Chile's Endesa electricity company and national library.

Activists encountered in the chat room said some of those arrested belonged to a group of hackers called Sector404 while others were unsophisticated activists who took part in denial-of-service attacks, which overwhelm websites with data requests.

"The GREAT majority of those implicated were people inhabiting the servers of anonworld.info, something that disconcerts us," said the activist "Skao," who identified herself as a law student.

In the communique released on its blog, Anonymous Iberoamerica said the 25 were snared not through "inteligence work or informatics strategy" but rather through "the use of spies and informants within the movement."

The activists said many of those arrested had been careless, leaving digital tracks.

A spokeswoman for Chile's chief prosecutor, Marlis Pfeiffer, told The Associated Press on Wednesday that authorities had released the five people arrested there in the sweep, two of whom were 17-year-olds. Anonymous Iberoamerica said three of them were computer science students, one a programmer and one a Colombian.

Pfeiffer said investigators were examining computers confiscated from the five to determine if criminal charges will be filed but were encountering difficulties, presumably encrypted data.

An Argentine police official said Wednesday that 10 adults were still being detained. The official said he had no further information and spoke on condition he not be further identified. Anonymous Iberoamerica said those arrested in Argentina included Colombians and that many were minors.

The arrests followed an investigation begun in mid-February and also led to the seizure of 250 items of IT equipment in 15 cities, according to Interpol, the international police agency that announced them.

Anonymous activists deface websites, carrying out denial-of-service attacks and publish data obtained in computer break-ins.

They are engaged in a number of political causes, including opposition to the global clampdown on file-sharing sites and defense of the secret-spilling site WikiLeaks. The Vatican has also been a target.

In Brazil, Anonymous hacktivists attacked nine banks last month.

Elsewhere in Latin America, they have targed government agencies and ministries they claim are corrupt.

"We hope you understand and reveal that we are not hackers on steroids. We are activists and what happens in the world matters to us," said Skao.

Authorities in Europe, North America and elsewhere have made dozens of arrests of Anonymous activists. In response, the group has increasingly attacked law enforcement, military and intelligence-linked targets.

Anonymous has no real membership structure. Hackers, activists, and supporters can claim allegiance to its freewheeling principles at their convenience, so it's unclear what impact the arrests will have.

———

Associated Press writer Raphael Satter in London contributed to this report.

View the original article here

Chinese hackers took over NASA's Jet Propulsion Lab, Inspector General reveals

Chinese hackers gained control over NASA’s Jet Propulsion Laboratory (JPL) in November, which could have allowed them delete sensitive files, add user accounts to mission-critical systems, upload hacking tools, and more -- all at a central repository of U.S. space technology, according to a report released Wednesday afternoon by the Office of the Inspector General.

That report revealed scant details of an ongoing investigation into the incident against the Pasadena, Calif., lab, noting only that cyberattacks against the JPL involved Chinese-based Internet Protocol (IP) addresses.

Paul K. Martin, NASA's inspector general, put his conclusions bluntly.

"The attackers had full functional control over these networks," he wrote.

JPL is a jewel in NASA's space technology crown.

Beyond a wealth of exploration programs, such as the recent GRAIL mission to study the moon and the upcoming Mars Science Laboratory, JPL manages the Deep Space Network, a network of antenna complexes on several continents that monitors both outer space and planet Earth.

Martin released written testimony about the attacks in the report "NASA Cybersecurity: An Examination of the Agency’s Information Security," presented to the House Science, Space and Technology Committee investigations panel on Wednesday. It details a host of security lapses and breaches of protocol at the space agency.

"In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorized access to its systems," his report states. "These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit."

Other incidents "may have been sponsored by foreign intelligence services seeking to further their countries’ objectives,” he noted.

NASA offered a statement to FoxNews.com saying that there was never a threat to the International Space Station, but did not specifically address whether there was a threat to the Jet Propulsion Laboratory.

"NASA has made significant progress to better protect the agency's IT systems and is in the process of implementing the recommendations made by the NASA Inspector General in this area," Michael Cabbage, NASA spokesman said.

The office of the Inspector General declined to offer further details, telling FoxNews.com it could not comment on the ongoing investigation. A spokesman for the Jet Propulsion Laboratory did not respond to requests for more details about the incident.

It's not known how the number and scope of computer security breaches at NASA compare to other federal agencies because NASA's Office of the Inspector General is the only OIG that regularly conducts international network intrusion cases, Discovery News reported Thursday.

In another successful attack against a NASA agency detailed in the OIG report, intruders stole a laptop computer that contained algorithms used to command and control the International Space Station (ISS), detailed by Discovery News.

"Some of these intrusions have affected thousands of NASA computers, caused significant disruption to mission operations, and resulted in the theft of export-controlled and otherwise sensitive data, with an estimated cost to NASA of more than $7 million," Martin wrote.

NASA said it is aware of the problem and taking steps to improve its computer security programs.

"The NASA IT Security program is transforming and maturing," the agency's chief information officer Linda Cureton said in her written testimony to the same panel.

"NASA is increasing visibility and responsiveness through enhanced information security monitoring of NASA's systems across the agency," she said.

View the original article here

Interpol swoop nets 25 suspected 'Anonymous' hackers

Interpol has arrested 25 suspected members of the 'Anonymous' hackers group in a swoop covering more than a dozen cities in Europe and Latin America, the global police body said Tuesday.

"Operation Unmask was launched in mid-February following a series of coordinated cyber-attacks originating from Argentina, Chile, Colombia and Spain," said Interpol, based in the French city of Lyon.

The statement cited attacks on the websites of the Colombian Ministry of Defence and the presidency, as well as on Chile's Endesa electricity company and its National Library, among others.

The operation was carried out by police from Argentina, Chile, Colombia and Spain, the statement said, with 250 items of computer equipment and mobile phones seized in raids on 40 premises in 15 cities.

Police also seized credit cards and cash from the suspects, aged 17 to 40.

"This operation shows that crime in the virtual world does have real consequences for those involved, and that the Internet cannot be seen as a safe haven for criminal activity," said Bernd Rossbach, Interpol's acting director of police services.

However, it was not clear what evidence there was to prove those arrested were part of Anonymous, an extremely loose-knit international movement of online activists, or "hacktivists."

Spanish police said earlier they had arrested four suspected hackers accused of sabotaging websites and publishing confidential data on the Internet.

They were accused of hacking the websites of political parties and companies and adding fangs to the faces of leaders in photographs online, and publishing data identifying top officials' security guards, Spanish police said.

The operation, carried out after trawling through computer logs in order to trace IP addresses, also netted 10 suspects in Argentina, six in Chile and five in Colombia, Spanish police said.

They said one of the suspects went by the nicknames Thunder and Pacotron and was suspected of running the computer network used by Anonymous in Spain and Latin America, via servers in the Czech Republic and Bulgaria.

He was arrested in the southern Spanish city of Malaga.

Two of the suspects were in detention while one was bailed and the fourth was a minor who was left in the care of his parents.

In Santiago, deputy prefect Jaime Jara said police confiscated computer equipment belonging to five Chileans and a Colombian, aged between 17 and 23.

Jara said the suspects appeared to have hacked web pages in Chile, Colombia and Spain.

The six suspects did not know each other and were released after voluntarily giving statements, police said, though they will likely be ordered to appear in court to face possible charges relating to online crimes.

Anonymous has in recent weeks targeted the websites of a series of police organisations, with subgroup "Antisec" on Friday vandalising the website of a major US prison contractor.

Anonymous took credit Thursday for an online raid on the Los Angeles Police Canine Association and previously attacked websites of the Central Intelligence Agency and the Federal Bureau of Investigation.

Anonymous has notably defended WikiLeaks when it was facing a funding cutoff and recently collaborated with the anti-secrecy site for the release of a swathe of emails from Texas-based private intelligence firm Stratfor.

In December 2010, Anonymous attacked the websites of Mastercard, PayPal, Visa and others for blocking donations to WikiLeaks after it began releasing thousands of classified US diplomatic cables.

View the original article here

Interpol arrests Anonymous hackers: Do they warrant the attention?

Yesterday, police coordinating through Interpol conducted a sweep of arrests in Europe and South America of 25 suspected hackers from the group Anonymous. The hackers were allegedly preparing to deface and to launch “denial of service” attacks against key government websites, such as Colombia’s Ministry of Defense and presidential website, Chile’s electric company Endesa, and Chile’s national library. If found guilty, the accused hackers could face sentences of 541 days to five years in prison.

Skip to next paragraph

In retaliation, hackers briefly shut down the website of Interpol itself. Somewhere out there, a girl with a dragon tattoo is smiling, lopsidedly.

It all sounds very dramatic, and past website attacks by the Anonymous collective have been effective at getting a rather clever or satirical point across about what they see as the wrong-headedness of government policies.

But cyber-attacks of this sort against government websites are only a slightly higher-tech version of spray-paint attacks against a high-school wall. One wonders why Anonymous, or Interpol, even bothered.

Compared with the cyber-warfare attack against Iran’s nuclear program – remember the 2010 Stuxnet computer virus which effectively destroyed one-fifth of Iran's uranium-enrichment centrifuges and delayed its nuclear program? – defacing a website is rather tame. If hackers are peeved enough at the Chilean or Colombian governments to declare “war,” then this is of the “war is heck” variety.

The issues that hacker activists, or hactivists, focus on are serious ones. When WikiLeaks founder Julian Assange published hundreds of thousands of US diplomatic cables last year, he did so to protest against excesses of the US government during the ongoing "war against terror." Mr. Assange – who faces charges of sexual assault in Sweden – has since turned his sights onto a private website Stratfor, a subscription-based news service that focuses on terrorism and security issues.

When hackers broke into the website of the Boston Police Department in early February, posting a video of KRS-One’s rap video “Sound of Da Police,” they were making a satirical point about supposed police brutality in the breakup of the Occupy Boston campsite last year.

View the original article here

House Panel: NASA Could Be Hackers' Next Target

Could hackers attack the International Space Station?

That’s what the House Science, Space, and Technology Subcommittee on Investigations and Oversight wants to know.

The panel will hear from NASA’s chief information officer and its inspector general at a hearing on Wednesday.

Besides basic operations like e-mail, NASA uses computer systems to control space missions like the International Space Station and the Hubble Space Telescope. And the potential for cyberattacks on those systems is growing, according to a subcommittee briefing document.

“The threat of cyberattack to agency satellite operations, mission support, and technology research is increasing in sophistication and frequency,” the document said.

In addition, NASA represents a major trove of scientific and technical knowledge that could be targeted by cyberthieves. In 2009 and 2010 the agency reported more than 5,000 incidents of malicious software or unauthorized access in its computers, according to the House panel.

“Because of NASA’s stature as an agency on the vanguard of technological progress, the tampering or corruption of scientific data from unauthorized intruders is a serious concern,” the briefing document concluded.

View the original article here

Terrorist hackers waiting in the wings, says F-Secure

Others have posted guides on website vulnerability scanning, SQL injection techniques, and on using Google search hacks to find leaked data and more, he said.

View the original article here

Saturday, March 3, 2012

Could hackers seize control of your car?

A student at the Freie Universitaet Berlin steers a converted Dodge minivan remotely with an iPhone in November 2009.Car manufacturers' appearance at mobile show heralds new automotive eraIncreased use of technology in cars has raised concerns over securityExperts warn computer hackers could access car systems and data

(CNN) -- When car companies begin exhibiting at mobile phone shows, it's a sign that the "connected" vehicle has truly arrived -- allowing us to take our digital lives with us as we hit the highway.

But while Ford's unveiling of its latest car at Mobile World Congress -- a major cell phone industry event -- this week may have heralded a new automotive age, it also heightens fears that our technology-crammed cars could be hijacked by hackers.

Just like our PCs and smartphones, the computerized components that have infiltrated almost every aspect of modern vehicles could potentially be broken into, experts say. Only, with a car, this could have far more dangerous consequences.

"We typically don't drive our smartphones at 80 miles an hour," said Brian Contos, security strategist at technology protection firm McAfee. "But safety concerns and privacy concerns all culminate when you talk about automobiles."

Ford isn't alone in integrating mobile phone technology into its cars.

Latest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in BarcelonaLatest gadgets on display in Barcelona

Mobile World Congress Event.observe(window, 'load', function() {//report the first gallery image to ADBPif(typeof(cnn_adbptrackpgalimg) == 'function' && typeof(cnnArticleGallery) != 'undefined') {cnn_adbptrackpgalimg(cnnArticleGallery.currentImageList[0].image, "");}});

While its networked B-Max compact and its prototype Evos were big hits at the Mobile World Congress in Barcelona, also on display was a BlackBerry-embedded Porsche 911 and a Toyota with an integrated Samsung phone application.

Read more about Ford's tecnhology-filled car

Almost every vehicle manufactured in the past few years is hardwired with computer circuitry in some way, from simple entertainment units to sophisticated safety systems that can control braking and acceleration.

And technology continues to advance. Google is working on a driverless car project that, in allowing complete control of the vehicle to be handled by computers, could reshape the future of motoring.

With onboard systems capable of preventing crashes or summoning help after accidents, vehicles have arguably never been safer.

But in-built links to cell phones, Bluetooth or even low-range radio transmitters serve only to heighten the possibility that this technology can be turned against us.

So far, such attacks have been largely academic. Last year computer scientists at the University of California, San Diego and University of Washington reported they were able to gain remote access to the safety systems of a "moderately priced sedan" using an audio CD infected with a virus.

"Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack," they argued in a report to the U.S. National Academy of Sciences. They warned of "financially-motivated scenarios" under which an attacker might exploit these weaknesses.

There have been a few real-life examples, such as the disgruntled ex-employee of a firm providing web-based vehicle-immobilization systems who reportedly managed to disable 100 cars in Austin Texas in 2010.

"The nightmare scenario is 100 cars on a bridge and 50% of them hit their brakes and 50% hit their accelerators," added Contos. "Just the amount of collision that something like that would cause with a remote attack, that's pretty scary stuff."

Safety concerns and privacy concerns all culminate when you talk about automobiles.
Brian Contos, McAfee securty strategist

Another possibility envisaged by Contos is hackers using radio waves to trigger a tire pressure warning. "And then what happens? The logical person would pull over and check their tires, and what a great way to carjack somebody."

Contos, whose company has compiled a report highlighting vehicle cyber security issues, also suggests that the most likely motive for such an attack would be financial, but could simply be the work of hackers trying to wreak havoc for the sake of it. Terrorism could also be a factor.

"A lot people say there's no such thing as cyber terrorism because it doesn't have the shock and awe value of blowing up a car or something of that nature. Well something like (causing a major collision) would have that."

Then there are the concerns over privacy. In downloading personal information into our cars we may help them navigate to our favorite coffee shops or check our diaries, but we also make them targets for data thieves.

For many in the auto industry, the question is currently one of balance: whether the benefits of technology outweigh the problems with security.

Read more about mobiles and medicine

"I don't think this is a situation that's unique to the car industry," said motoring journalist Carlton Boyce. He suggests that handing more computerized autonomy to our vehicles is inevitable in an increasingly traffic-clogged world. This, he says, is something consumers are happy with, and will benefit from in the long run.

"The risks are probably smaller than putting everyone in charge of two tons of metal and letting them drive at 80 miles an hour," he said.

Vehicle manufacturers themselves are not blind to the problem. Bill Ford, great grandson of Model-T creator Henry Ford and now the auto giant's executive chairman, says he traveled to Barcelona this week partly to address security concerns.

"That's one of the issues we're going to have to work out as we go along and that's why we're here, to talk to the mobile providers because they're already facing many of those security issues," he said. "For now, what we're working with is opt-in; you can opt-in with how much you're comfortable with."

He added: "Your car can know where you are at any moment and that's great for safety reasons, but the downside of that potential is someone knows where you are every second, and that's something we're going to have to work through."

This won't be easy, says Contos. With vehicles taking up to three years to develop, he says manufacturers will struggle to keep abreast of rapidly-evolving threats unless they organize regular software updates.

Instead, he says, any installed technology should be given a so-called "white list" of permissible activities beyond which any procedures are blocked.

Another option, of course, is to return to driving jalopies whose only concession to technology is a crackling AM radio. But, adds Contos, this isn't a route most drivers are prepared to take.

"People aren't going to go back to driving the Model T any more than they're going to go back to rotary telephones because of the risks on smartphones," he said.

updated 5:43 AM EST, Fri March 2, 2012

More cars are including integrated mobile technology. But some fear these vehicles could be hijacked by hackers.updated 1:32 PM EST, Thu March 1, 2012

Developers say quad-core offers faster performance for graphics-intensive, high-end gaming.updated 11:57 AM EST, Wed February 29, 2012

Almost all the hot smartphones at MWC run Android, Google's phone operating system. updated 12:09 PM EST, Wed February 29, 2012

Mobile devices are being used in radical and innovative ways to modernize healthcare. updated 11:56 AM EST, Wed February 29, 2012

Highlights of MWC include a smartphone that turns into a tablet, which then slots into a keyboard, making it a feasible laptop replacement.updated 3:01 PM EST, Tue February 28, 2012 Google's Eric Schmidt gives a press conference in Barcelona on February 28, 2012 on the second day of the Mobile World Congress. The 2012 Mobile World Congress, the world's biggest mobile fair, is held from February 27 to March 1 in Barcelona.

Google's Eric Schmidt gives a press conference in Barcelona on February 28, 2012 on the second day of the Mobile World Congress. The 2012 Mobile World Congress, the world's biggest mobile fair, is held from February 27 to March 1 in Barcelona.

The world must act now to prevent a new digital caste system from emerging, Google's executive chairman Eric Schmidt says.updated 10:10 PM EST, Thu March 1, 2012

The latest smartphone and tablet games are unveiled at Mobile World Congress.updated 4:18 PM EST, Tue February 28, 2012

RIM's Rory O'Neill talks about the future of BlackBerry and how cars are becoming more connected.updated 2:51 PM EST, Tue February 28, 2012

Waterproof phones are the latest trend. Some use nano-technology, others special seals, to keep water out.updated 5:31 AM EST, Tue February 28, 2012

Our phones are becoming uncontrollable monsters, argues 'professional skeptic' Andrew Keen.