Submit a link Features Reviews Podcasts Video Forums More ▾

Social engineer hacks Wal-Mart from Defcon

In a contest at the hacker conference Defcon, security specialist Shane MacDougall successfully penetrated Wal-Mart. "Social engineering is the biggest threat to the enterprise, without a doubt," MacDougall said after his call. "I see all these [chief security officers] that spend all this money on firewalls and stuff, and they spend zero dollars on awareness." (via @kevinmitnick) Xeni

A first for Black Hat hacker con: Apple in the house

Apple has never before participated in Defcon or Black Hat, but Bloomberg reports that this will change Thursday "when Dallas De Atley, manager of Apple’s platform security team, is scheduled to give a presentation on key security technologies within iOS, the operating system for iPhones and iPads" at Black Hat in Las Vegas, NV.

It’s significant because in recent years, Apple products have been stripped of their image of being hack-proof. The company’s rise has made it a bigger target, as hackers have been discovering bugs in the iPhone since it came out in 2007. Earlier this year, more than 600,000 Macs were infected, the first major malicious software attack targeting Apple computers.

Weev: Not Amused.

Report: hackers targeting Iranian nuclear facilities "AC/DC-rolled" workstations after attack

Mikko H. Hypponen of F-Secure publishes an email he claims is from a scientist with the Atomic Energy Organization of Iran (or AEOI), which details a new "cyber attack" wave against Iranian nuclear systems.

Snip: "There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing 'Thunderstruck' by AC/DC."

Mikko can't validate the email or the tale therein, and neither can we, but if it's true? Heh.

* The 'shoop above is mine, not the hackers'.

Anti-anonymous hacker doxed--perhaps a little too spectacularly

The Jester, a vigilante hacker opposed to Anonymous and Wikileaks, was apparently exposed over the last few days. His blog, twitter account and other tracks were soon gone. Many, however, think he's just acting out a scheme to ransom details of the ostensibly "real" identity. [Sean Gallagher at Ars Technica] Rob

Anonymous rocked by revelation that top LulzSec hacker was FBI snitch

Quinn Norton has an excellent piece over at Wired:Threat Level on the reactions within "Anonymous" to the news that LulzSec frontman "Sabu" (photo above) was collaborating with the FBI. Kim Zetter's take on the arrests and secret plea deals is here.

LulzSec frontman Sabu was FBI informant, fed Stratfor docs to Wikileaks from an FBI-owned computer

The Guardian has more on the big hacking news which Fox News broke yesterday (as noted in a post by Rob). "Sabu," the trash-talking, self-appointed leader of LulzSec, has been working for the FBI for the last six months. The FBI says he helped the US and various European governments identify and arrest five alleged LulzSec members charged with participating in defacement, DDOSing, and "doxing" against high-profile government and corporate targets. Sabu (above) is, in now identified as Hector Xavier Monsegur, a 28-year-old unemployed Puerto Rican guy living in New York, and a father of two. He was charged with 12 criminal counts of conspiracy to engage in "computer hacking and other crimes" last year, pled guilty in August, 2011, then "snitched" on his LulzSec friends.

Here's the FBI news release, which notably omits the names of any prosecutors (perhaps for fear of Anonymous attack).

Snip from Guardian story:

His online "hacker" activity continued until very recently, with a tweet sent by him in the last 24 hours saying: "The feds at this moment are scouring our lives without warrants. Without judges approval. This needs to change. Asap."

In a US court document, the FBI's informant – there described as CW – "acting under the direction of the FBI" helped facilitate the publication of what was thought to be an embarrassing leak of conference call between the FBI and the UK's Serious and Organised Crime Agency in February. Officers from both sides of the Atlantic were heard discussing the progress of various hacking investigations in the call.

A second document shows that Monsegur – styled this time as CW-1 – provided an FBI-owned computer to facilitate the release of 5m emails taken from US security consultancy Stratfor and which are now being published by WikiLeaks. That suggests the FBI may have had an inside track on discussions between Julian Assange of WikiLeaks, and Anonymous, another hacking group, about the leaking of thousands of confidential emails and documents.

The indictments mark the most significant strike by law enforcement officials against the amateur hacker groups that have sprung out of Anonymous. These groups, which include LulzSec, have cost businesses millions of pounds and exposed the credit card details and passwords of nearly 1 million people.

Read the rest

Spain, South America arrest 25 in Anonymous crackdown, with Interpol assist

With help from the international police organization Interpol, Spain and three South American countries today arrested 25 people who are suspected of being Anonymous activist/hacktivist/hackers. They are accused of defacing government and corporate websites. Reuters:

Spanish police also accused one of four suspects picked up in the cities of Madrid and Malaga of releasing personal data about police officers and bodyguards protecting Spain's royal family and the prime minister.

Other arrests were in Argentina, Chile and Colombia, and 250 items of computer equipment and mobile phones were seized across 15 cities, Interpol said. Colombia's Ministry of Defence and presidential websites as well as Chile's Endesa electricity company were among the targets of the hackers, it said.

And not coincidentally, the Interpol website has been intermittently offline today.

Data breach at City College of SF may impact 100,000 students

City College of San Francisco's computers have been infected with software viruses that illegally transmit personal data from students and employees overseas, school officials said today. (MSNBC) Xeni

Hacker history: videos from early Hackers on Planet Earth (HOPE) conferences

Emmanuel Goldstein from 2600 Magazine sez, "As part of a massive archiving project, 2600 Magazine is releasing all of the remastered videos from the second Hackers On Planet Earth conference - Beyond HOPE in 1997. Last month, videos from the first HOPE conference back in 1994 were put online. This weekend's hour-by-hour video release from 1997 will include speakers like cryptographer Bruce Schneier, *everyone* from The L0pht and Cult of the Dead Cow, privacy advocates, technologists, along with lots of glimpses at 1990s websites. It's an enlightening trip down Memory Lane to visit a pre-9/11 conspiracy theorist world - from a hacker perspective."

BEYOND HOPE VIDEO ARCHIVE GOES ONLINE THIS WEEKEND

Flood-hacking in Thailand

Meanwhile, it's still flooding in Thailand. And, after three months of this, the Thai people have been forced to get creative.

Thai Flood Hacks is a Tumblr that feels like a pean to human ingenuity. Here, you will find boats made out of old water bottles. Homemade jet skis. Raised walkways built from shopping carts. Guys just out walking around on stilts. It's amazing. Thai Happy Mutants have pulled off some awe-inspiring instant solutions that allow them to get on with their lives in the middle of an infrastructure-crippling natural disaster.

Via Neatorama

Wizzywig hacker history comic finishes


Ed Piskor, creator of the wonderful Wizzywig hacker history comic, has finally finished the story, which now runs to 412 installments. Ed's done three printed collections of the comic to date, and now promises to finish it in paperback and in limited edition hardcovers. Ed's a great writer, a great storyteller, and a great history of the Internet and hackers, and Wizzywig stands with books like Levy's Hackers and Bruce Sterling's Hacker Crackdown in the annals of hacker lore.

BOINGTHUMP! Chapter 1 Page 1

Hacker stock art

All photos: Shutterstock and Reuters.

Problem: Until they're captured, alleged hackers don't make for stories with good art. But readers won't look at words unless they are immediately adjacent to pictures. Solution: stock art! I am delighted to report that there is an abundance of stock art geared toward illustrating news stories about cybercrime.

Read the rest

Teenager said to be LulzSec's Topiary bailed


Photo: Tim Bradshaw of the Financial Times. Jake Davis, the 18-year-old Briton accused by police of being Lulz Security spokestweeter Topiary, is out on bail. Paul Sawers writes:

The suspected LulzSec member is accused of coordinating Anonymous and LulzSec attacks from his home in Yell, on the Shetland Islands. His laptop was examined and it apparently showed that he wrote a fake article claiming that Rupert Murdoch was dead, and such an article appeared on the Sun’s website recently when its own system was hacked. The hearing today also revealed that Davis’s computer had 750,000 people’s personal details, including private log-in information.
Source [TNW]