A San Francisco-based team has just won the DARPA Shredder Challenge. DARPA, the government agency whose work led to the creation of the Internet, challenged the public to reconstruct five shredded documents. The winning team, called “All Your Shreds Are Belong to U.S.” completed the task in 33 days, spending nearly 600 man-hours building algorithms and piecing together more than 10,000 shreds.
9,000 teams registered to compete. The winning teams gets a $50,000 prize paid for by the U.S. Treasury. → Read More
Remember when Google was hacked by Chinese spies about 18 months ago? Well, that just scratched the surface of some of the more serious and persistent hacking operations over the past few years. In a detailed blog post that is both eye-opening and a brilliant piece of marketing, McAfee’s VP of Threat Research Dmitri Alperovitch lays out the details of Operation Shady RAT (Remote Access Tool), an ongoing series of computer system intrusions that began as far back as 2006 and compromised 72 organizations, including the United Nations, the International Olympic Committee, the World Anti-Doping Agency, U.S. defense contractors, U.S. federal and state government agencies, a national security think tank, tech companies, and “even an unfortunate computer security firm” (presumably a McAfee competitor).
The scope of the attacks makes things like the recent Sony Playstation or News Corp hacks look like child’s play. The targets point to a “state actor,” possibly China (the McAfee post does not identify which state actor it suspects, but China does have a history here). → Read More
Unfortunately for PlayStation Network and Qriocity services users, it looks like the widespread network outages will continue.
Since Sony’s PlayStation and music networks went down two days ago, there has been a fair amount of public speculation over the cause of the outage. (Largely due to Sony’s tight-lipped handling of public relations.) Many blamed vengeful gremlins loose in Sony’s server clusters and datacenters, while others immediately pointed the finger at Anonymous, the merry band of hackers that metastasized out of 4chan.
Thankfully, after 24+ hours of communication silence, Sony has updated its blog and ended the speculation. According to the electronics colossus, “an external intrusion” is responsible for the ongoing outages of the PlayStation Network and Qriocity. (It probably sounded like this at Sony headquarters. Or this.) → Read More
A Chinese company, NetQin, allegedly secretly installed malware whenever users installed a copy of their special “cellular malware detector” and then charged a 30 cent update fee to remove the virus. The software also deleted other anti-virus solutions on Android phones. NetQin has denied the accusation and chalks up the nasty talk to an upset competitor. → Read More
The crusading Phil Torrone offers us a long and detailed list of things Sony has done in the past decade or so to stifle CE innovation and prevent the unauthorized use of their hardware. Whether you’re on the side of “hack everything every day” or, on the other hand, wish these script kiddie pirates would just shut up, you have to admit that Sony’s often ham-handed techniques have diminished their reputation in the hardware hacker community and, in some way, has reduced their overall market share.
This is just the first part in Torrone’s long rant against the company. Here’s his opener, an inspiring jeremiad against Sony’s long-departed power and modern failures. → Read More
Chinese hackers are at it again. This time they went after five multinational oil and gas companies and got some very sensitive information including bidding contracts, proprietary industrial processes and other financial documents. The attack is being called “Night Dragon” by Dmitri Alperovitch, McAfee’s vice president for threat research. Alperovitch said that, “It speaks to quite a sad state of our critical infrastructure security.” → Read More
This, ladies and gentlemen, is good clean fun for everyone. It’s a video, yes, and one that shows what could be the world’s worst hacker attempting to create a little mischief. This is genuinely worth the click-through, trust me. → Read More
Help Mozilla squash a bug, earn some money. Nothing wrong with that, right? The organization that brought us Firefox has expanded its program that pays people between $500 and $,300 for finding and reporting glitches in its software. The program originally only applied to Mozilla’s applications, like Firefox and Thunderbird, but now applies to its various online sites, like getpersonas.com and addons.mozilla.org. → Read More
At the Security Innovation Network (SINET) Showcase at The National Press Club in Washington, D.C., this week, Michael Chertoff, former Secretary of the Department of Homeland Security, presented a dire assessment of the cyber-security threat facing our nation. He discussed how rogue governments and hackers are quietly infiltrating our computer systems and the disasters that can be perpetuated—like those you see on the TV show “24”. Chertoff worries that these risks haven’t yet gripped the public imagination; that it may take a “digital 9-11” to get businesses, consumers, and governments to fortify their defenses.
The most troublesome thing I learned by talking with a who’s who of our nation’s security community was that our government doesn’t believe it has the ability to defend us from the rapidly evolving threats. Yes, the National Security Agency and some branches of government have brilliant computer scientists working for them and can defend their own systems; but the rest of us are our own. The Government simply can’t innovate fast enough to keep pace with the pervasive threats and dynamics of the internet or Silicon Valley’s rapidly changing technologies. Indeed, as George Hoyem, a partner at the CIA-backed venture fund In-Q-Tel, noted, there has been a 571 percent growth in malware since 2006; today, 60 percent of all websites are infected. → Read More
Now here’s a delightful story. A gentleman in Austin, Texas was laid off from his job as a car mechanic. The thing is, he was “pretty good with computers.” So, in order to get petty revenge on his former employers, he used a system to remotely disable more than 100 cars. Fun! → Read More
From now on, any story about “hackers” or “hacking” will be accompanied by a link to the song “Halcyon And On And On,” as made famous by the movie Hackers. With that in mind: who made more money last year, Wall Street fat-cats or hackers? The U.S. FDIC says that online scams cost businesses $25 million last year. These scams include phishing and other associated nonsense, which you really ought to be smart to nowadays. → Read More
Here’s some troubling news for my fellow World of Warcraftplayers. It seems that hackers, account thieves, and other miscreants have now embraced man-in-the-middle (MITM) attacks to further their evil ways. Blizzard says it’s not a widespread issue, and it’s rather difficult to pull off, but it’s something y’all should be aware of. → Read More
More news from that China hacking deal. Investigators have tracked the attacks that befell Google and other victims to two schools in China, one of which has ties to the Chinese military. Whether or not this was an officially sanctioned series of attacks, or merely a couple of comp-sci students testing out their skills, clearly nobody knows. That’s the beauty of these hacks: there’s not a chance in hell there’s going to be a “smoking gun,” giving the hosts of The Today Show a three minute segment on Chinese hacking. → Read More
Here’s a fun story. Police in Australia thought they were being mighty clever when they took over an “underground hacking forum.” (The forum is r00t-y0u.org, though it seems to be down right now.) One of the hackers on the forum then retaliated by breaking into police computers using a simple SQL injection. Security fail. → Read More
Cyber criminals AKA teenagers who are just more organized than the IT staffs of their victims stole $415,000 from a sheriff’s department in Bullitt County, Kentucky. That’s right: Bullitt County. Kentucky. → Read More
The maturity of a certain segment of the pro-Pirate Bay brigade continues to impress. In the wake of last week’s guilty verdict, people had taken to the streets in Sweden. Fair enough, that’s not hurting anyone, and protest is a time-honored way to register one’s disgust with a government or institution or whatever. But now? Yeah, now hashmob-organized DDoS attacks are being orchestrated against the International Federation of the Phonographic Industry. Good idea, guys! → Read More
Internet security experts, and the people who pretend to be them, often only track hacks and the like when there’s money or personal information involved. You know, stolen credit card numbers, eBay phishing scams, etc. That’s all well and good—“I just want to make sure my money is safe!”—but a study detailing a sample of last year’s Internet hacks, and found that 24 percent of them had nothing at all to do with stealing money or personal information, but were rather carried out for no reason other than to deface and disrupt . Or, as Ars Technica so artfully put it, sometimes hackers just hate you. Or, as Nicholas Deleon will put it, sometimes hackers are just big stupid heads. → Read More
What a day! While Apple was busy announcing, relatively speaking, nothing at MacWorld, 4Chan, the bad boys of the Internet, went ahead and hacked MacRumors’ live coverage of the show; Twitter freaked out, which is to be expected. Hardly confusing wrechedness. → Read More
Dear school administrators, What’s the best way to ensure that your computer network remains riddled with security vulnerabilities that leave you, your personnel and [someone think of the] schoolchildren in danger? Why, to demonize the student who discovered the vulnerability and alerted you to it, of course. Have him charged with a felony while you’re at it. A student in a Saratoga County (New York) school alerted his principal to a computer security vulnerability that could expose the names, social security numbers and addresses of school employees. While the student tried to do it anonymously, he was eventually tracked down. Then the school threw the book at him. The student is now being charged with three felonies for his unauthorized use of the computer network. The best is this quote from a state trooper: The kid committed an intentional criminal act. He deceitfully used someone else’s name and password so he would not get caught and was looking to profit from his criminal act. The only thing we can take away from this is, even if you discover a security vulnerability, it’s completely in your best interest to keep it to yourself, otherwise you’ll be branded a criminal terrorist when you were merely trying to do a good deed. Or, if you insist on doing the right then, use Wikileaks. → Read More
