News On Hacks

How Anonymous spied on FBI / UK Police hacking investigation conference call

Posted on


 

http://sophosnews.files.wordpress.com/2012/02/conference-call-spy-170.jpg” alt=”Conference call spy image from Shutterstock” align=”right” hspace=”10″ vspace=”10″ />

Conference call spy image from ShutterstockLast month, we reported how a conference call, between the FBI and Scotland Yard, discussing their investigation into Anonymous hackers had been secretly recorded by the hacking collective and published on the net.

We surmised at the time that the unknown hackers might have secretly accessed the call by compromising a police investigator’s email account, as the call-in details and passcode were posted by Anonymous on their usual dumping ground – the PasteBin website.

http://sophosnews.files.wordpress.com/2012/02/fbi-email1.jpg” alt=”Conference call email, republished by Anonymous” />

Conference call email, republished by AnonymousYesterday’s announcement by the FBI about the prominent LulzSec hacker Sabu, and other alleged hacktivists, has revealed more details about what actually happened.

According to an FBI press release, a Garda (Irish police) officer who was invited to attend the conference call about ongoing hacking investigations forwarded the message to a personal email account.

Unfortunately, that personal email account was compromised by a hacker.MORE

Facebook Canada Hosts Youth Focused Hack-a-thon

Posted on


hack image

Hack-a-thons are becoming popular ways to get a massive group of hackers together for a manic, usually overnight blitz to code something cool. Hack for a Cause is one of the newest to apply that Red Bull-fueled creativity to social and charity causes.

In just 12 hours (6 p.m. on Friday to 6 a.m. Saturday, EST), 60 coders created 12 products that were ready to ship. The event, hosted at Facebook Canada’s Toronto headquarters, was organized by Free the Children, a Canadian charity that empowers youths across North America to create positive change.

The rules of the hack-a-thon were pretty simple: Come up with some product that will help Free the Children get kids engaged in positive actions. In response, Hack for a Cause turned out Facebook apps to help log and share volunteerism, a mobile app that accepts and displays donation pledges, an interactive map that allows users to see local philanthropic meet ups, educational mobile games and more.

Even though Hack for a Cause is relatively single-minded, as far as hack-a-thons go, providing Free the Children with new technology will hopefully have widespread impact as well. Besides, it’s not such a bad idea to host a group of uber-talented coders and get some awesome new products in return. It’s a smart move by Free the Children that may help some kids get more involved in social change.MoRe

FBI investigates grade change hacking at Santa Clara

Posted on


Mark Loiseau, who says the FBI gained access to his Verizon and Google Voice accounts

A Twitter post from an undergraduate student at Santa Clara University has prompted the school to acknowledge that it asked the FBI to investigate how a few dozen grades were electronically altered.

Mark Loiseau, 25, a senior electrical engineering student, received an unpleasant surprise this morning: three FBI agents showed up at his off-campus apartment wanting to have a friendly chat with him.

FBI agent Jeffrey Miller and his colleagues had complete dossiers on him and his friends, Loiseau told CNET this afternoon. “They had all my grades. They had pictures of me.”

It started out as a friendly conversation, Loiseau said, but then the FBI agents began to suggest that he was involved in illegally changing his or someone else’s grades. After receiving a denial, the trio of agents said that lying to a federal agent was a crime and that they wanted to search his computers.MORE

Valve’s online game service Steam hit by hackers

Posted on


Artwork from Skyrim

The Steam video game service, used by 35 million people, has been compromised by hackers.

Its owner and operator, Valve, uncovered an intrusion into a user database while investigating a security breach of its discussion forums.

The attackers used login details from the forum hack to access a database that held ID and credit card data.

Valve said that, so far, it had no evidence that credit cards were being misused or Steam accounts abused. Read the rest of this entry »

Did Hackers Just Build a Brain-Powered iPhone? 2 days ago by Sarah Kessler

Posted on


VIDEO

 

if you believe this video — and that’s a big if — the era of thought-controlled phones has begun. A pair of hobbyist hackers claim to have taken Siri, the iPhone 4S feature that obeys voice commands, and turned it into an app that obeys brainwave patterns.

“It works! It really works! It’s so freaking amazing,” Josh Evans and Ollie Hayward announced Tuesday on the blog they created to chronicle what they call “Project Black Mirror.”

In the accompanying YouTube video, Evans wears EEG pads on his forehead and squints in concentration. A circuit board attached to an iPhone on the table beeps shortly later, and a mechanical voice says “calling Graham,” the third member of the project, whose phone then rings.

The hackers explain that they used the EEG pads to record the “signature brain patterns” of 25 Siri-based commands. By pairing the signatures with the commands, they effectively create a brain pattern-to-voice dictionary.MORE

Hacking Beyond Limit-’China-based servers in Japan cyber attacks’

Posted on


TOKYO A virus that infected computers at Japanese overseas diplomatic missions had been designed to send data to servers in China, a report said on Friday.

The virus — Backdoor Agent MOF — has been found to have infected computers at around 10 embassies and consulates, and at least two of the servers designated as the recipients of stolen information were in China, the Yomiuri Shimbun said.

The virus is capable of transmitting user IDs and other information to terminals outside and operating software by bypassing authorised users, the daily said.

The domain of the servers was the same as that used for earlier cyber attacks on Google and tens of other companies, the Yomiuri said, quoting unnamed sources.

A “backdoor” virus opens a route into a computer’s system to allow access by a remote hacker, who could use it to steal data.

The Yomiuri earlier this week reported Japan had found viruses in computers at overseas diplomatic missions including those in France, the Netherlands, Myanmar, the US, Canada, China and South Korea. MORE

Wireless Insulin Pumps Exposed to Hacker Attacks

Posted on


The lack of encryption in insulin pumps can put lives at risk

A famous security researcher proved that the embedded insulin pumps on which many diabetics rely can be accessed remotely and reprogrammed to inject a lethal dose.

According to Threat Post, Barnaby Jack, a security researcher at McAfee, demonstrated the proof of concept at the Hacker Halted conference that recently took place in Miami.
It’s not the first time when someone uncovers the weaknesses that lie in such medical equipment, as not long ago, Jerome Radcliffe made a similar demonstration. At the time, Radcliffe remotely connected to the pump and changed the dosage and all he needed to do that was to possess the unique id of the device.

Barnaby managed to get even past that, proving that with the use of a modified antenna, an attacker can take control of the implantable insulin pump and deliver a fatal blow to its owner. He practically showed that by tuning in to the right frequency, anyone within 300 feet of the apparatus can cause serious damage.more

Hackers Use Social Engineering to Obtain Facebook Security Tokens

Posted on


Fake Facebook verification window

The Anti-CSRF tokens generated by Facebook and other websites that want to keep their customers protected are being targeted by cybercriminals who can use them to temporarilytake over an account.

Symantec researchers did a little digging on the matter and found a few cunning plots in which attackers try to dupe users into providing the highly desired codes.

Cross-site request forgery (CSRF) is an attack in which basically the victim’s active session is borrowed by the cyber masterminds to perform illegal operations. Once the security token is obtained, the attacker can do whatever he wants as the website’s server detects him as being legitimate.more

600,000+ compromised account logins every day on Facebook, official figures reveal

Posted on


If you’ve an unauthorised party has logged into your Facebook account, then you’re far from alone.

New official statistics revealed by the social networking giant reveal that 0.06% of the more than billion logins that they have each day are compromised.

Put another way, that’s more than 600,000 per day – or, if you really like to make your mind melt, one every 14 milliseconds.

Snippet of Facebook security infographic

The statistic was revealed in an infographic published alongside an official Facebook blog post trumpeting new security features introduced by the firm.

The new security features include Trusted friends (called “Guardian angels” in the infographic). Read the rest of this entry »

Hacker’s phone call to Boston Police saying he defaced their website.. because he was bored

Posted on


AntiSec

A number of websites associated with US police have been compromised by AntiSec hackers in apparent support of the “Occupy” demonstrations.

One of the sites targeted was the Boston Police Patrolmen’s Association (BPPA), which suffered a hack which resulted in the release of a thousand usernames and passwords. An obvious danger is that staff may be using the same username/password combinations on other sites – such as their email accounts or Facebook.

In addition, the AntiSec movement claimed in an online press release to be publishing more than 600MB of data stolen from the International Association of Chief of Police (IACP) website, including names and addresses, passwords and internal documents.

Names, addresses, phone numbers and social security numbers for police officers in Alabama have also been exposed, and a contact database associated with employees and clients of the internet company Matrix Group made public. Read the rest of this entry »