Posts Tagged ‘hacker’

Wednesday, November 20, 2013 @ 06:11 PM gHale

The Anonymous hacker who earlier this year pleaded guilty to conspiracy and hacking charges regarding breach of Strategic Forecasting, will spend the next 10 years in prison.

Jeremy Hammond also admitted leaking information stolen in this hack, as well as breaking into computer systems of the Arizona Department of Public Safety, FBI’s Virtual Academy, Vanguard Defense Industries, and several more defense companies and law enforcement organizations, and stealing and leaking confidential information store in them.

RELATED STORIES
Guilty Pleas for 3 in Cybercrime Ring
Ex-President Sentenced in Employee Death
Faux Anonymous Hackers Sentenced
UK Hacker Heads Off to Prison

Police arrested Hammond in March 2012, along with several LulzSec and Anonymous members, and the FBI had then revealed they managed to discover their real-life identities and to connect them to the crimes by using 28-year old LulzSec leader Hector Xavier Monsegur, aka “Sabu,” as an informant.

Hammond underwent sentencing Friday by Loretta Preska, Chief Judge of the U.S. District Court for the Southern District of New York, before a courtroom full of journalists and activists that came to support him.

Before his sentence, Hammond read a prepared statement in which he said “the acts of civil disobedience and direct action that I am being sentenced for today are in line with the principles of community and equality that have guided my life,” and that he felt he had an obligation to use his skills to expose and confront injustice, give that the peaceful protests he was involved in the past did nothing to change any of the things he wanted to change.

He also stated again that Sabu, under the direction of the FBI, provided information about possible targets they should attack, and among them were also websites belonging to foreign governments (the identities of which the judge ordered redacted).

“The U.S. hypes the threat of hackers in order to justify the multi billion dollar cyber security industrial complex, but it is also responsible for the same conduct it aggressively prosecutes and claims to work to prevent,” he said. “The hypocrisy of ‘law and order’ and the injustices caused by capitalism cannot be cured by institutional reform but through civil disobedience and direct action. Yes I broke the law, but I believe that sometimes laws must be broken in order to make room for change.”

Hammond has already served 18 months in federal detention, and will be eligible for parole in four years. In addition, after his release, he will also have three years of supervised release.

Tuesday, September 3, 2013 @ 06:09 PM gHale

In Java 7 Update 21, Oracle introduced a system that warns users if they are about to execute an app not signed with a digital certificate, but a security expert found it is easy to forge the name of the app that appears in the security dialog.

“The problem is that the ‘Name’ in this ‘security’ dialog contains an unsigned application name that can be easily forged (it comes from the unsigned web page) – at will – by anyone – a basic failure by Oracle in code signing 101 rules – only present information to the end user that was actually signed by the Publisher,” said Jerry Jongerius, the founder of Duckware, and the person who found this and other flaws in Java.

RELATED STORIES
Sophisticated Hacks on Java Native Layer
Java 6 Zero Day Now in Play
Adware via Google App Engine Sites
Unauthorized YouTube Ads via Plugins

Jongerius developed a test page that demonstrates the application name in the Java security dialog window can end up changed.

Jongerius said this shows the level of trust with the new Java security dialogs is not entirely accurate.

He said the risk associated with this vulnerability is low. However, a hacker could compromise an unsuspecting user’s computer simply by tricking him into running a malicious app disguised as an innocent, trusted application.

Jongerius said Oracle already knew about since several people from the company’s IP addresses visited the test page he developed.

In addition to the name, an attacker could also change the name of the JAR file displayed in the security dialog.

“Once a Publisher signs a JAR file, there is NO legitimate reason (other than hacker activity) for Oracle to allow the JAR to be renamed to something else,” Jongerius said.

Finally, Jongerius said Oracle’s new MANIFEST.MF “codebase” attribute, which should prevent a repurposed app, and the Java sandbox don’t work properly.

Tuesday, August 27, 2013 @ 07:08 PM gHale

Slightly adjusting the firmware on certain kinds of phones, a hacker could block other phones in the area from receiving incoming calls or SMS messages, new research shows.

The hack involves modifying the baseband processor on some Motorola phones and tricking some older 2G GSM networks into not delivering calls and messages. By “watching” the messages sent from phone towers and not delivering them to users, the hack could effectively shut down some small localized mobile networks, according to the research presented at the USENIX Security Symposium earlier this month.

RELATED STORIES
Cracking Encryption Made Easier
RFID Hacking Tool from Long Range
Cyber Security Assessment Service
Cyber Security Diagnostic Tool

Essentially the hacked firmware – named OsmocomBB – can block some calls and messages (also known as pages) by responding to them before the phones initially intended to receive them do, said Kévin Redon, a Berlin-based telecommunications researcher who discussed the details at the USENIX conference. Redon called this “the race for the fastest paging response time.” Fellow researchers Nico Golde and Jean-Pierre Siefert, who also helped write a paper on the subject, joined him at the conference.

The paper notes that while 4G rolled out en masse in most countries, most of the globe remains at the mercy of the Global System for Mobile Communications (GSM) infrastructure.

GSM had been notoriously difficult to crack in its early days but the group had help thanks to the recent proliferation of cheap tools such as the Universal Software Radio Peripheral, a glorified computer–hosted software radio. In 2004, the source code for the Vitelcom TSM30 phone leaked as well, which allowed researchers to better manipulate and study GSM stack implementations.

The researchers added their OsmocomBB baseband processor (which ran a simple version of the GSM stack) to two different Motorola phones, the C123 and the C118, to observe on air traffic and respond to specific paging requests, or calls.

The exploit’s success generally depends on the response time of the attacker and victim devices. The researchers’ timing differs depending on the device, vendor and network – but according to their research, Redon and company were able to get their hacked phones to respond to signals in about 180 milliseconds.

While the investigation primarily took place in and around Berlin, the trio claims it is possible to “perform targeted denial of service attacks against single subscribers and as well against large geographical regions within a metropolitan area.”

The trio was able to carry out the attack on a variety of German cell phone operators including O2, Vodaphone, T-Mobile and E-Plus.

It would take more than one phone – almost a mobile phone botnet – to disrupt an entire channel and answer all of the “paging requests.” For example, the researchers conclude they would be able to knock down a localized network belonging to E-Plus, the third largest mobile operator in Germany, with only 11 phones.

“The results indicate the required resources for a large-scale attack do not extensively exhaust the resources provided by a cell,” the paper said, adding there “is no technical limitation” when it comes to combining cell phones for an attack.

The group is hoping their research brings to light the archaic GSM system that hasn’t changed much since the 1980s – and breaks the “inherent trust” subscribers have placed in telecommunication companies and their users to “play by the rules.”

Click here to download the white paper.

Tuesday, May 21, 2013 @ 04:05 PM gHale

A Romanian hacker serving five years in prison for working with a criminal gang that planted ATM skimmers and stole card information designed a new device aimed at preventing skimmers from ripping off ATMs – all from the comfort of his cell.

Valentin Boanta, 33, serving five years in a Romanian prison for supplying the skimmers he made himself to the gang, is now using his skills for the good guys as he designed the Secure Revolving System (SRS).

RELATED STORIES
LulzSec Members Sentenced
DDoS Suspect Extradited
SpyEye Suspect Facing Charges in U.S.
Sony Hacker gets 1 Year in Slammer

Outwardly it is a trapezoidal metallic box around 6 inches long with the card slot in the middle. Simply put, the SRS goes over the ATM’s card slot or incorporates into new ATM models, and requires cards to insert into the device longer side first. It then rotates the card and pushes it into the slot, and performs all these steps in reverse when the card is ready to come back to the proper user.

Boanta contacted Bucharest-based firm MB Telecom and they took a flyer on him and is helping to develop and patent the device, which just won an award at this year’s edition of the International Exhibition of Inventions in Geneva. He was not able to collect the award in person.

“Crime was like a drug for me. After I was caught, I was happy I escaped from this adrenaline addiction,” Boanta said in a Reuters report. “So that the other part, in which I started to develop security solutions, started to emerge.”

MB Telecom president Mircea Tudor, who’s also had a hand in perfecting the device, said they expect to hire Baonta after he gets out of prison in four and a half years.

“All ATMs have ageing designs so they are prone to vulnerability, they are a very weak side of the banking industry,” Baonta said. “Every ATM can be penetrated through a skimming crime. My security solution, SRS, makes an ATM unbreachable.”

Romanian hackers stole about $1 billion from U.S. accounts in 2012, according to the U.S. embassy in Bucharest. A report by Verizon said Romania was the world’s second-biggest hacking center after China. The FBI has even set up an office in Romania and helped to train specialist police agents.

Monday, April 22, 2013 @ 09:04 AM gHale

Thirteen popular home and small office routers contain security problems that could allow a hacker to snoop or modify network traffic, new research said.

All of the routers tested by Independent Security Evaluators (ISE), a security consultancy based in Baltimore, MD, could end up taken over if the hacker had access credentials. The tested products came from Linksys, Belkin, Netgear, Verizon and D-Link.

RELATED STORIES
Backdoor Found on Router
Moxa Mitigates Router Hole
Router Vulnerability Unveiled
Junos OS Open to Attacks

All of the router models evaluated ran their company’s latest firmware and ended up tested with their default, out-of-the-box configurations. Consumers have few options for mitigating the attacks, ISE said in its report.

http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp

“Successful mitigation often requires a level of sophistication and skill beyond that of the average user,” ISE said.

Compromised routers are valuable to hackers, since they can intercept the traffic of anyone on that network. If the traffic is unencrypted, the attacker can view it.

Man-in-the-middle attacks can let a hacker launch more sophisticated attacks on all users in the router’s domain, ISE said. Hackers can perform attacks such as sniffing and rerouting non-SSL (Secure Sockets Layer) traffic, tampering with DNS (Domain Name System) settings and conducting distributed denial-of-service attacks.

ISPs deploying large numbers of vulnerable routers could also give hackers a way into their own core infrastructure, ISE wrote.

ISE listed a few of the routers it studied, writing that it has notified vendors and worked in some cases on mitigations. It did not list product details for five of the routers, presumably because patches are not ready for release.

The consultancy divided the attacks into those which required an attacker to be on the same network and those on networks that could suffer a remote attack. Two routers from Belkin, the N300 and N900, were vulnerable to a remote attack that did not require the hacker to have authentication credentials.

All of the named products were vulnerable to an authenticated attack if the hacker was on the same network and had login credentials or access to a victim who had an active session on the particular network.

Those products were the Linksys WRT310v2, Netgear’s WNDR4700, TP-Link’s WR1043N, Verizon’s FiOS Actiontec MI424WR-GEN3I, D-Link’s DIR865L and Belkin’s N300, N900 and F5D8236-4 v2 models.

Friday, April 19, 2013 @ 02:04 PM gHale

The LulzSec hacker who admitted in April 2012 to breaching Sony Pictures Entertainment is getting one year in prison.

Cody Kretsinger, 25, also known in the hacking community as “Recursion,” will also have to perform 1,000 hours of community service once he gets out of prison. In addition, he will have to pay $605,000 in restitution.

RELATED STORIES
LulzSec Member Pleads Guilty
WI Man Charged in DDoS Attacks
Estonian Guilty Plea for Net Scam
FBI Busts Accused Hacker

Initially, Kretsinger denied having any involvement in the Sony hack, but later he made an agreement with the U.S. Attorney’s Office in Los Angeles and pleaded guilty to one count of conspiracy and one count of unauthorized impairment of a protected computer.

The former hacker ended up arrested after the HideMyAss.com service handed over information on him to the authorities.

Raynaldo Rivera of Tempe, Arizona, also pleaded guilty to participating in the Sony Pictures hack between May and June 2011. He turned himself in back in August 2012, after prosecutors had unsealed the indictment.

Rivera faces sentencing May 16.

Monday, March 4, 2013 @ 04:03 PM gHale

A hacker doing time in the UK for hacking, ended up taking an IT course the prison offers inmates to prepare themselves for a successful entry back into society upon their release, ended up breaking into the prison’s mainframe.

Nicholas Webber, 21, the founder of the GhostMarket online forum where cyber crooks were able to trade stolen credit card details, tools to commit computer offenses, and knowledge, is the inmate enrolled in the IT class at HMP Isis prison in South London, according to a report in the Daily Mail of London. Apparently, his actions caused ‘major panic’ but it is not clear what, if anything, he managed to access.

RELATED STORIES
Six Strikes Piracy System on Tap
Guilty Plea in Software Piracy Case
Arrest for Selling Counterfeit Software
LulzSec Member Guilty in Sony Attack

Arrested two years ago along with a few accomplices and sentenced to five years in prison, Webber ended up included in the group that took IT lessons provided by the prison in order to teach inmates skills that would help them once they got out.

This incident would have stayed quiet but the prison’s IT teacher, Michael Fox, has an unfair dismissal case against the prison.

Fox said after they discovered the hack, he was held responsible for it and dismissed first by the prison, and then to his employers at the Kensington and Chelsea College where is also worked as a teacher.

He said he was not knowledgeable of Webber’s hacking background and that, ultimately, he wasn’t the one who allowed him to attend the lessons in the first place.

“At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the Internet or other prison systems would have been possible,” said a Prison Service spokesman.

Further details were not immediately available.

Wednesday, January 30, 2013 @ 12:01 PM gHale

Digital video recorders of CCTV video cameras are vulnerable to the point where attackers could watch, copy or delete video streams, researchers found.

Unless systems end up properly firewalled, security flaws in the firmware of the DVR platform also create a jumping-off point for attacks aimed at networks supporting these devices, the researchers said. The CCTV devices from 19 manufacturers apparently all use firmware from the Guangdong, China-based firm Ray Sharp, the researchers said.

RELATED STORIES
Facebook Flaw: Webcam Recording
Gaining Control of Smart TVs
Web Site Security Holes
IE Zero Day Fixed

The issue first came to light last week by a hacker using the handle someLuser, who discovered that commands sent to a Swann DVR of port 9000 ended up accepted without any authentication. The vulnerability created a straightforward means to hack into the DVR’s web-based control panel. The DVRs support Universal Plug And Play, making control panels externally visible on the net. Home and small office routers enable UPnP by default. This has the effect of exposing tens of thousands of vulnerable DVRs to the net.

In addition, the Ray Sharp DVR platform stores clear-text usernames and passwords.

The security woes allowed the hacker to develop a script to lift passwords which gives attackers control of vulnerable devices via built-in telnet servers thanks to an open control panel problem.

HD Moore, CTO of security tools firm Rapid7 founder of Metasploit, has collaborated with someLuser over the last week to validate his research.

“In addition to Ray Sharp, the exposures seem to affect rebranded DVR products by Swann, Lorex, URMET, KGuard, Defender, DEAPA/DSP Cop, SVAT, Zmodo, BCS, Bolide, EyeForce, Atlantis, Protectron, Greatek, Soyo, Hi-View, Cosmos, and J2000,” Moore said in a blog post. “The vulnerabilities allow for unauthenticated access to the device configuration, which includes the clear-text usernames and passwords that, once obtained, can be used to execute arbitrary system commands root through a secondary flaw in the web interface. someLuser’s blog post includes a script for obtaining the clear-text passwords as well as a standalone exploit that yields a remote root shell on any vulnerable device.

“In short – this provides remote, unauthorized access to security camera recording systems,” Moore said in his blog post.

Scans suggest 58,000 hackable video boxes across 150 countries are vulnerable to attack. The majority of exposed systems are in the U.S., India and Italy, the researchers said. Fixing the problem would seem to involve pushing out a firmware update.

 
 
Archived Entries