News On Hacks
http://sophosnews.files.wordpress.com/2012/02/conference-call-spy-170.jpg” alt=”Conference call spy image from Shutterstock” align=”right” hspace=”10″ vspace=”10″ />
Last month, we reported how a conference call, between the FBI and Scotland Yard, discussing their investigation into Anonymous hackers had been secretly recorded by the hacking collective and published on the net.
We surmised at the time that the unknown hackers might have secretly accessed the call by compromising a police investigator’s email account, as the call-in details and passcode were posted by Anonymous on their usual dumping ground – the PasteBin website.
http://sophosnews.files.wordpress.com/2012/02/fbi-email1.jpg” alt=”Conference call email, republished by Anonymous” />
Yesterday’s announcement by the FBI about the prominent LulzSec hacker Sabu, and other alleged hacktivists, has revealed more details about what actually happened.
According to an FBI press release, a Garda (Irish police) officer who was invited to attend the conference call about ongoing hacking investigations forwarded the message to a personal email account.
Unfortunately, that personal email account was compromised by a hacker.MORE
A Twitter post from an undergraduate student at Santa Clara University has prompted the school to acknowledge that it asked the FBI to investigate how a few dozen grades were electronically altered.
Mark Loiseau, 25, a senior electrical engineering student, received an unpleasant surprise this morning: three FBI agents showed up at his off-campus apartment wanting to have a friendly chat with him.
FBI agent Jeffrey Miller and his colleagues had complete dossiers on him and his friends, Loiseau told CNET this afternoon. “They had all my grades. They had pictures of me.”
It started out as a friendly conversation, Loiseau said, but then the FBI agents began to suggest that he was involved in illegally changing his or someone else’s grades. After receiving a denial, the trio of agents said that lying to a federal agent was a crime and that they wanted to search his computers.MORE
The Steam video game service, used by 35 million people, has been compromised by hackers.
Its owner and operator, Valve, uncovered an intrusion into a user database while investigating a security breach of its discussion forums.
The attackers used login details from the forum hack to access a database that held ID and credit card data.
Valve said that, so far, it had no evidence that credit cards were being misused or Steam accounts abused. Read the rest of this entry »
if you believe this video — and that’s a big if — the era of thought-controlled phones has begun. A pair of hobbyist hackers claim to have taken Siri, the iPhone 4S feature that obeys voice commands, and turned it into an app that obeys brainwave patterns.
“It works! It really works! It’s so freaking amazing,” Josh Evans and Ollie Hayward announced Tuesday on the blog they created to chronicle what they call “Project Black Mirror.”
In the accompanying YouTube video, Evans wears EEG pads on his forehead and squints in concentration. A circuit board attached to an iPhone on the table beeps shortly later, and a mechanical voice says “calling Graham,” the third member of the project, whose phone then rings.
The hackers explain that they used the EEG pads to record the “signature brain patterns” of 25 Siri-based commands. By pairing the signatures with the commands, they effectively create a brain pattern-to-voice dictionary.MORE
TOKYO A virus that infected computers at Japanese overseas diplomatic missions had been designed to send data to servers in China, a report said on Friday.
The virus — Backdoor Agent MOF — has been found to have infected computers at around 10 embassies and consulates, and at least two of the servers designated as the recipients of stolen information were in China, the Yomiuri Shimbun said.
The virus is capable of transmitting user IDs and other information to terminals outside and operating software by bypassing authorised users, the daily said.
The domain of the servers was the same as that used for earlier cyber attacks on Google and tens of other companies, the Yomiuri said, quoting unnamed sources.
A “backdoor” virus opens a route into a computer’s system to allow access by a remote hacker, who could use it to steal data.
The Yomiuri earlier this week reported Japan had found viruses in computers at overseas diplomatic missions including those in France, the Netherlands, Myanmar, the US, Canada, China and South Korea. MORE
A famous security researcher proved that the embedded insulin pumps on which many diabetics rely can be accessed remotely and reprogrammed to inject a lethal dose.
According to Threat Post, Barnaby Jack, a security researcher at McAfee, demonstrated the proof of concept at the Hacker Halted conference that recently took place in Miami.
It’s not the first time when someone uncovers the weaknesses that lie in such medical equipment, as not long ago, Jerome Radcliffe made a similar demonstration. At the time, Radcliffe remotely connected to the pump and changed the dosage and all he needed to do that was to possess the unique id of the device.
Barnaby managed to get even past that, proving that with the use of a modified antenna, an attacker can take control of the implantable insulin pump and deliver a fatal blow to its owner. He practically showed that by tuning in to the right frequency, anyone within 300 feet of the apparatus can cause serious damage.more
If you’ve an unauthorised party has logged into your Facebook account, then you’re far from alone.
New official statistics revealed by the social networking giant reveal that 0.06% of the more than billion logins that they have each day are compromised.
Put another way, that’s more than 600,000 per day – or, if you really like to make your mind melt, one every 14 milliseconds.
The statistic was revealed in an infographic published alongside an official Facebook blog post trumpeting new security features introduced by the firm.
The new security features include Trusted friends (called “Guardian angels” in the infographic). Read the rest of this entry »
A number of websites associated with US police have been compromised by AntiSec hackers in apparent support of the “Occupy” demonstrations.
One of the sites targeted was the Boston Police Patrolmen’s Association (BPPA), which suffered a hack which resulted in the release of a thousand usernames and passwords. An obvious danger is that staff may be using the same username/password combinations on other sites – such as their email accounts or Facebook.
In addition, the AntiSec movement claimed in an online press release to be publishing more than 600MB of data stolen from the International Association of Chief of Police (IACP) website, including names and addresses, passwords and internal documents.
Names, addresses, phone numbers and social security numbers for police officers in Alabama have also been exposed, and a contact database associated with employees and clients of the internet company Matrix Group made public. Read the rest of this entry »