If you're in Los Angeles this evening, please join me at a special screening of the documentary about the late Aaron Swartz, "The Internet's Own Boy." The film has been shortlisted for an Academy Award. After the screening, I will host a question and answer session with the film's director, Brian Knappenberger.
Read the rest
It's a long-overdue and much-deserved tribute to the hardest-working chroniclers of hacker culture. Emmanuel Goldstein and co have inspired generations of electronic spelunkers and freedom fighters, and they're still going strong -- and have never been more relevant, thanks to the debate sparked by the Snowden leaks.
Read the rest
NSA Director Adm. Michael Rogers [REUTERS]
It's Las Vegas hacker convention season: Black Hat kicks off Aug. 2-7, and Def Con runs Aug. 7-10. This time around, National Security Agency leadership will be absent from the speaking rosters, in contrast with previous years.
Read the rest
The US government may use visa restrictions to ban hackers from China from participating in the 2014 Defcon hacker conference in Las Vegas. The move is part of a larger effort by the US to combat Chinese internet espionage.
Read the rest
A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. Picture taken January 2, 2014. REUTERS/Edgar Su.
The Justice Department this week indicted five hackers
linked to China’s People’s Liberation Army. The hackers are accused of stealing data from six US companies
, and represent a "cyberwar" escalation with China: what was a diplomatic discomfort is now a criminal matter. "But cybersecurity policy-watchers say that the arrival of the indictments in the wake of Snowden’s serial revelations could both lessen the charges’ impact and leave American officials open to parallel criminal allegations from Chinese authorities," writes Wired's Andy Greenberg
Carla sez, "There are two upcoming ways for designers and coders to put a little good out into the world. First, you can land a job that lets you spend your time making positive social change. On February 6 join WebVisions at Essence in London
for short presentations from Essence Digital, Buddy App, PaveGen, Streetbank, and Sidekick Studios. Learn different ways that you can turn your vocation into a force for good. Second, be a part of WebVisions' Hackathon for Social Good on February 8
. Held at Fjord London, programmers and designers will spend the day working collaboratively to build programs and applications that benefit local nonprofits."
Emmanuel Goldstein from 2600 Magazine sez, "It shouldn't be that surprising, but Volume Three of The Hacker Digest contains all kinds of news items and articles concerning the National Security Agency, its attempts to control encryption, and the threat of surveillance. This was the hacker world of 1986."
Read the rest
California State Attorney General Kamala D. Harris today announced the arrest of a man said to have owned and operated a so-called revenge porn website. According to the arrest warrant (PDF), the site operated by Kevin Christopher Bollaert published over 10,000 sexually explicit photos. The young women who appeared in these images, some of whom were minors at the time they were taken, were charged up to $350 each to be removed from the site.
California Department of Justice agents arrested Bollaert, 27, in San Diego where he lived. He is in San Diego County jail on $50,000 bail, and has been charged with 31 felony counts of conspiracy, identity theft and extortion. If he is convicted, penalties may include jail time and fines.
The arrest warrant is well worth a read. It includes the stories of a number of young women who ended up physically exposed and personally identified on the internet against their will. In some cases, private photos made their way online after their accounts were hacked or phones snatched. The women speak about how that violation damaged their lives and destroyed their sense of privacy.
During an in-person interview with two special agents, Bollaert bemoaned the burden of all those emails he was receiving from young women and teens, asking for images to be removed -- a service he charged hundreds of bucks for.
"At the beginning this was like fun and entertaining," he said to the agents, "But now it's ruining my life." At the end of the meeting, the agents served him with search warrants.
Read the rest
Remember how much fun chemistry sets used to be before the chemicals were deemed too dangerous for household fun? The Society for Science & The Public, in collaboration with the Gordon and Betty Moore Foundation, have launched a contest
to collect ideas for a new kind of Science Play and Research Kit (SPARK) "that encourage imagination and interest in science, recapturing the spirit of the chemistry set." There are cash prizes too! From the SPARK Competition site:
To be clear, we’re interested in science beyond chemistry. We borrow this term to capture the spirit and magic of what the classic chemistry set spawned in the 1940s - 60s. We’re looking for ideas that can engage kids as young as 8 and inspire people who are 88. We’re looking for ideas that encourage kids to explore, create, build and question. We’re looking for ideas that honor kids’ curiosity about how things work.
SPARK Competition: Reimagining The Chemistry Set of the 21st Century (Thanks, Chris Mentzel!)
What users who attempt to connect to the Silk Road marketplace see now (HT: Adrian Chen)
Looks like the government shutdown didn't stop federal agents from shutting down the most popular "deep web" illegal drug market. In San Francisco, federal prosecutors have indicted Ross William Ulbricht, who is said to be the founder of Silk Road. The internet marketplace allowed users around the world to buy and sell drugs like heroin, cocaine, and meth.
The government announced that it seized about 26,000 Bitcoins worth roughly USD$3.6 million, making this the largest Bitcoin bust in history. There were nearly 13,000 listings for controlled substances on the Silk Road site as of Sept. 23, 2013, according to the FBI, and the marketplace did roughly USD$1.2 billion in sales, yielding some $80 million in commissions.
According to the complaint, the service was also used to negotiate murder-for-hire: "not long ago, I had a clean hit done for $80k," the site's founder is alleged to have messaged an associate.
Ulbricht, 29, is also known as "Dread Pirate Roberts."
Read the rest
A lawsuit filed by technology entrepreneur and hacker Kim Dotcom
against the government of New Zealand demands NZ $6 million (roughly USD $5 million) over an "excessively aggressive and invasive approach" by police who raided his mansion 18 months ago. The raid was ordered by the FBI, which sought to extradite him to the US on copyright violation charges.
"Barrett Brown makes for a pretty complicated victim," writes David Carr in his recent profile of the Dallas-based journalist
"obsessed with the government’s ties to private security firms." Brown, 32 has been in jail for a year. He faces charges that carry a combined penalty of more than 100 years in prison. Why does the gag order on his case matter to all of us? Carr explains
"It wasn’t ever seriously in doubt," writes Kevin Poulsen at Wired
, "but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors." Freedom Hosting was a provider of so-called “Tor hidden service” sites. Their addresses end in .onion, their geographic locations are masked behind layers of routing, and they can be reached only over the Tor anonymity network. [Threat Level]
r00tz is the amazing kid-track of programming at DEFCON, the giant hacker conference held annually in Las Vegas. The organizers have created a "code of conduct" for young hackers that is good advice for anyone doing infosec work, or exploring computers and systems:
The Internet is a small place. Word gets around, fast. Follow these rules at all times:
- Only hack things you own
- Do not hack anything you rely on
- Respect the rights of others
- Know and respect the law
- Find a safe playground (One always exists. If you don’t have support from your parents, get their permission to find an adult who will support you.)
There's more, but it's short and sweet. Go read it. The final statement, "r00tz is about creating a better world. You have the power and responsibility to do so. Now go do it! We are here to help you" sums it up nicely.
r00tz Asylum | About
MIT is rightfully proud of alumna Limor Fried, the superhero hardware hacker behind AdaFruit Industries, creators of fantastic DIY, open source electronics components and kits. We're proud of Limor too! From MIT News:
Apart from selling kits, original devices and providing hundreds of guides online, Adafruit works around the world with schools, teachers, libraries and hackerspaces — community technology labs — to promote STEM education, designing curricula in circuitry and electronics, among other initiatives.
The company has released an online children’s show called “A is for Ampere.” On a weekly Saturday night program, “Ask an Engineer,” anyone can ask Fried questions online or show off their original devices.
One of Fried’s favorite stories, from a young viewer of “Ask an Engineer,” illuminates what she sees as the growing diversity of engineering. “A parent emailed us after watching the show with his daughter,” she says. “I had another engineer on the show with me — my friend Amanda — and this parent’s daughter asked, ‘Dad, are there boy engineers too?’”
"Meet the maker
I found out yesterday that George Hotz, the hacker most known for unlocking the original iPhone and hacking the PS3, is now studying at my alma mater, Carnegie Mellon University. CMU has a bash.org clone for saving ridiculous quotes in IRC and around the computer science campus, and geohot already has some great ones in there.
amwatson: George, you have to start working on the assignment! If you don't, you won't have time to run on the supercomputer!
geohot: Don't worry. I have my own supercomputer!
amwatson: ...You have your own 256-core machine?
geohot: Yeah! Well, I have a botnet...
<geohot> I'm permitted to own Sony products. I'm just not permitted to touch them inappropriately.
< Tony0> I like geohot's method of forcing himself to suck less with vim
< Tony0> apparently he rebound the arrow keys to backspace.
< gwillen> I,I vim is properly appreciated in the original Klingon
Oh, geohot! More great quotes at cmubash.org. Thanks, Dannel!
Weev. Photo: Gawker
Adrian Chen at Gawker has a must-read profile on Weev: so-called "iPad hacker," founder of the anti-blogging Internet-trolling organization "Gay Nigger Association of America," and born-again Mormon troll. Snip:
For Auernheimer, the AT&T breach was one of his finest works as a troll. He personally didn't hack anything—the program used to collect the email addresses was written by Spitler—except the media. He was the hype man for Goatse, and he claims blew the breach up far beyond its actual significance. "The bug that I'm indicted over isn't a big deal," he says. "What made it big is the way I presented it." He boils down his success at promoting the AT&T job to three bullet points: "Rhetoric, persuasion, and meme reference."
But was collecting the email addresses actually a crime? "If somebody mistakenly puts information out there on the web and somebody mistakenly gets that information, that's not illegal," says Jennifer Granick, a lawyer and the director of the Center for Internet and Society at Stanford. This is why Auernheimer decided to fight his charges instead of take a plea deal, as Spitler did last year.
"I contend there is no crime in telling the truth or using AT&T's, or anybody's, publicly accessible data, to cite it to talk about how they made people's data public," he told CNET.
Auernhemier's jury disagreed.
Read: The Internet's Best Terrible Person Goes to Jail: Can a Reviled Master Troll Become a Geek Hero?.
Andrew "Weev" Auernheimer, the 26-year-old "iPad hacker" charged with federal crimes for obtaining personal data of more than 100,000 iPad owners from AT&T’s website was found guilty on Tuesday in federal court in New Jersey. The court convicted him in one count of identity fraud and one count of conspiracy to access a computer without authorization. Kim Zetter in Wired has the details
. Weev tweeted that he plans to appeal
In Slate, Stephen Tobolowsky remembers what it was like to shoot the 1992 hacker/caper flick Sneakers, one of the great hacker movies of all time, with an all-star cast that included Robert Redford and Ben Kingsley:
During part of the big action finale, Robert Redford is chased through a secret lab by all of us bad guys. Phil was choreographing the chase and trying to put us in some kind of order of how fast we were running. He said, "Let's do it this way. Ben, you’re the Academy Award winner, we’ll start with you. Then, Tim, the Emmy winner, you’ll be next. Do we have a Tony winner? Anyway, Stephen, you'll be last."
Here is a Hollywood Zen story. We shot on location around Los Angeles and at Universal. The studio has a going concern of little buses that regularly drive through the back lot area with tourists from all over the world wielding disposable cameras. The tour guide has a set patter, "On your right is the shark from Jaws. On your left is Columbo's automobile." While one of the buses was nearing our stage, we were called to the set. The tour bus had to stop while Robert Redford and James Earl Jones crossed in front of it. No one noticed. The guide just kept up with, "On our right is the bicycle from E.T." People were snapping away at the bicycle and were completely oblivious that two of the most famous actors in the world were a few feet away from them.
At the end of the shoot, Phil said the only thing that could make the whole experience of working on Sneakers better was if the lab lost the film. Then we would be able to do it all over again.
Memories of the Sneakers Shoot
(via Hacker News)
The folks at the NYC Resistor hackerspace found a Macintosh SE that had been abandoned on a Brooklyn sidewalk and decided to conduct a little "digital archeology."
While digging through dumps generated from the Apple Mac SE ROM images we noticed that there was a large amount of non-code, non-audio data. Adam Mayer tested different stride widths and found that at 67 bytes (536 pixels across) there appeared to be some sort of image data that clearly was a picture of people. The rest of the image was skewed and distorted, so we knew that it wasn’t stored as an uncompressed bitmap.
After some investigation, we were able to decode the scrambled mess above and turn it into the full image with a hidden message from “Thu, Nov 20, 1986“
They say there's more curious data in the ROM that they haven't been able to decipher yet.
Ghosts in the ROM (Via Matt Richardson)
In a contest at the hacker conference Defcon, security specialist Shane MacDougall successfully penetrated Wal-Mart
. "Social engineering is the biggest threat to the enterprise, without a doubt," MacDougall said after his call. "I see all these [chief security officers] that spend all this money on firewalls and stuff, and they spend zero dollars on awareness." (via @kevinmitnick)
Apple has never before participated in Defcon or Black Hat, but Bloomberg reports that this will change Thursday
"when Dallas De Atley, manager of Apple’s platform security team, is scheduled to give a presentation
on key security technologies within iOS, the operating system for iPhones and iPads" at Black Hat in Las Vegas, NV.
It’s significant because in recent years, Apple products have been stripped of their image of being hack-proof. The company’s rise has made it a bigger target, as hackers have been discovering bugs in the iPhone since it came out in 2007. Earlier this year, more than 600,000 Macs were infected, the first major malicious software attack targeting Apple computers.
Weev: Not Amused.
Mikko H. Hypponen of F-Secure publishes an email he claims is from a scientist with the Atomic Energy Organization of Iran (or AEOI), which details a new "cyber attack" wave against Iranian nuclear systems.
"There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing 'Thunderstruck' by AC/DC."
Mikko can't validate the email or the tale therein, and neither can we, but if it's true? Heh.
* The 'shoop above is mine, not the hackers'.
The Jester, a vigilante hacker opposed to Anonymous and Wikileaks, was apparently exposed over the last few days. His blog, twitter account and other tracks were soon gone. Many, however, think he's just acting out a scheme
to ransom details of the ostensibly "real" identity. [Sean Gallagher at Ars Technica
Quinn Norton has an excellent piece over at Wired:Threat Level on the reactions within "Anonymous" to the news that LulzSec frontman "Sabu" (photo above) was collaborating with the FBI. Kim Zetter's take on the arrests and secret plea deals is here.
The Guardian has more on the big hacking news which Fox News broke yesterday (as noted in a post by Rob). "Sabu," the trash-talking, self-appointed leader of LulzSec, has been working for the FBI for the last six months. The FBI says he helped the US and various European governments identify and arrest five alleged LulzSec members charged with participating in defacement, DDOSing, and "doxing" against high-profile government and corporate targets. Sabu (above) is, in now identified as Hector Xavier Monsegur, a 28-year-old unemployed Puerto Rican guy living in New York, and a father of two. He was charged with 12 criminal counts of conspiracy to engage in "computer hacking and other crimes" last year, pled guilty in August, 2011, then "snitched" on his LulzSec friends.
Here's the FBI news release, which notably omits the names of any prosecutors (perhaps for fear of Anonymous attack).
Snip from Guardian story:
His online "hacker" activity continued until very recently, with a tweet sent by him in the last 24 hours saying: "The feds at this moment are scouring our lives without warrants. Without judges approval. This needs to change. Asap."
In a US court document, the FBI's informant – there described as CW – "acting under the direction of the FBI" helped facilitate the publication of what was thought to be an embarrassing leak of conference call between the FBI and the UK's Serious and Organised Crime Agency in February.
Officers from both sides of the Atlantic were heard discussing the progress of various hacking investigations in the call.
A second document shows that Monsegur – styled this time as CW-1 – provided an FBI-owned computer to facilitate the release of 5m emails taken from US security consultancy Stratfor and which are now being published by WikiLeaks. That suggests the FBI may have had an inside track on discussions between Julian Assange of WikiLeaks, and Anonymous, another hacking group, about the leaking of thousands of confidential emails and documents.
The indictments mark the most significant strike by law enforcement officials against the amateur hacker groups that have sprung out of Anonymous. These groups, which include LulzSec, have cost businesses millions of pounds and exposed the credit card details and passwords of nearly 1 million people.
Read the rest
With help from the international police organization Interpol, Spain and three South American countries today arrested 25 people who are suspected of being Anonymous activist/hacktivist/hackers. They are accused of defacing government and corporate websites. Reuters
Spanish police also accused one of four suspects picked up in the cities of Madrid and Malaga of releasing personal data about police officers and bodyguards protecting Spain's royal family and the prime minister.
Other arrests were in Argentina, Chile and Colombia, and 250 items of computer equipment and mobile phones were seized across 15 cities, Interpol said. Colombia's Ministry of Defence and presidential websites as well as Chile's Endesa electricity company were among the targets of the hackers, it said.
And not coincidentally, the Interpol website has been intermittently offline today.
Emmanuel Goldstein from 2600 Magazine sez, "As part of a massive archiving project, 2600 Magazine is releasing all of the remastered videos from the second Hackers On Planet Earth conference - Beyond HOPE in 1997. Last month, videos from the first HOPE conference back in 1994 were put online. This weekend's hour-by-hour video release from 1997 will include speakers like cryptographer Bruce Schneier, *everyone* from The L0pht and Cult of the Dead Cow, privacy advocates, technologists, along with lots of glimpses at 1990s websites. It's an enlightening trip down Memory Lane to visit a pre-9/11 conspiracy theorist world - from a hacker perspective."
BEYOND HOPE VIDEO ARCHIVE GOES ONLINE THIS WEEKEND