A first for Black Hat hacker con: Apple in the house

Apple has never before participated in Defcon or Black Hat, but Bloomberg reports that this will change Thursday "when Dallas De Atley, manager of Apple’s platform security team, is scheduled to give a presentation on key security technologies within iOS, the operating system for iPhones and iPads" at Black Hat in Las Vegas, NV.

It’s significant because in recent years, Apple products have been stripped of their image of being hack-proof. The company’s rise has made it a bigger target, as hackers have been discovering bugs in the iPhone since it came out in 2007. Earlier this year, more than 600,000 Macs were infected, the first major malicious software attack targeting Apple computers.

Weev: Not Amused.

Report: hackers targeting Iranian nuclear facilities "AC/DC-rolled" workstations after attack

Mikko H. Hypponen of F-Secure publishes an email he claims is from a scientist with the Atomic Energy Organization of Iran (or AEOI), which details a new "cyber attack" wave against Iranian nuclear systems.

Snip: "There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing 'Thunderstruck' by AC/DC."

Mikko can't validate the email or the tale therein, and neither can we, but if it's true? Heh.

* The 'shoop above is mine, not the hackers'.

Hackers take Yahoo: 453,000 login credentials nabbed

Dan Goodin at Ars: "The dump, posted on a public website by a hacking collective known as D33Ds Company, said it penetrated the Yahoo subdomain using what's known as a union-based SQL injection. ... To support their claim, the hackers posted what they said were the plaintext credentials for 453,492 Yahoo accounts."

Cable hacker jailed

A good old fashioned hardware hacker is off to jail for 3 years for selling rooted modems. The boxes gave cable users actual unlimited internet. P.S. His book, Hacking the Cable Modem: What Cable Companies Don't Want You to Know, is available at Amazon.

NSA Built Stuxnet, but Real Trick Is Building Crew of Hackers

After decades of waging a scorched earth war against hackers, the US government is now complaining about a shortage of hackers it needs to conduct cyberwarfare.

Stuxnet, the worm that targeted Iran's nuclear facilities, was created by US and Israel


Iranian President Mahmoud Ahmadinejad inspects centrifuges at a uranium enrichment plant.

Reporting for the New York Times, David Sanger confirms what internet security researchers suspected all along: Stuxnet, the worm that targeted computers in Iran's central nuclear enrichment facilities, was a US/Israeli project and part of an expanded effort at cyberweaponry by the Obama administration.

Read the rest

Cyber-weapon Flame, "most complex malware ever," identified by Kaspersky Lab

The Moscow-based security firm credited with solving various mysteries around Stuxnet and Duqu today announced the discovery of Flame, a data-stealing virus said to have lurked on thousands of computers in the Mideast for as long as 5 years. A Kaspersky Lab spokesperson described it in a Reuters interview as "the most complex piece of malicious software discovered to date."

Adds Bruce Sterling, "Given that this has been out in the wild for a couple of years now, what’s five times bigger than 'Flame' and even less understood?"

Writing today at Wired News, Kim Zetter reports that Flame is believed to be "part of a well-coordinated, ongoing, state-run cyberespionage operation."

Kaspersky has a FAQ about Flame, here.

(Image: Kaspersky Labs)

New Skype malware threat reported: Poison Ivy

Dancho Danchev reports an incident in which a friend pinged him at an odd hour on Skype "with a message pointing to what appeared to be a photo site with the message 'hahahahaha foto' and a link to hxxp://random_subdomain.photalbum.org." Yup, malware. The Poison Ivy trojan is spreading across Skype. [webroot via Joseph Menn]

Fooling facial recognition surveillance cameras with cunning and crocheting


[Video Link]

Canadian yarn-lover and privacy-lover Howie Woo has developed an ingenious system for thwarting surveillance cameras that use face recognition technology. His solution involves crochet and LOLs. Here are more photos (via the Boing Boing Flickr Pool). More about Howie's playful creations here.

Anonymous rocked by revelation that top LulzSec hacker was FBI snitch

Quinn Norton has an excellent piece over at Wired:Threat Level on the reactions within "Anonymous" to the news that LulzSec frontman "Sabu" (photo above) was collaborating with the FBI. Kim Zetter's take on the arrests and secret plea deals is here.

LulzSec frontman Sabu was FBI informant, fed Stratfor docs to Wikileaks from an FBI-owned computer

The Guardian has more on the big hacking news which Fox News broke yesterday (as noted in a post by Rob). "Sabu," the trash-talking, self-appointed leader of LulzSec, has been working for the FBI for the last six months. The FBI says he helped the US and various European governments identify and arrest five alleged LulzSec members charged with participating in defacement, DDOSing, and "doxing" against high-profile government and corporate targets. Sabu (above) is, in now identified as Hector Xavier Monsegur, a 28-year-old unemployed Puerto Rican guy living in New York, and a father of two. He was charged with 12 criminal counts of conspiracy to engage in "computer hacking and other crimes" last year, pled guilty in August, 2011, then "snitched" on his LulzSec friends.

Here's the FBI news release, which notably omits the names of any prosecutors (perhaps for fear of Anonymous attack).

Snip from Guardian story:

His online "hacker" activity continued until very recently, with a tweet sent by him in the last 24 hours saying: "The feds at this moment are scouring our lives without warrants. Without judges approval. This needs to change. Asap."

In a US court document, the FBI's informant – there described as CW – "acting under the direction of the FBI" helped facilitate the publication of what was thought to be an embarrassing leak of conference call between the FBI and the UK's Serious and Organised Crime Agency in February. Officers from both sides of the Atlantic were heard discussing the progress of various hacking investigations in the call.

A second document shows that Monsegur – styled this time as CW-1 – provided an FBI-owned computer to facilitate the release of 5m emails taken from US security consultancy Stratfor and which are now being published by WikiLeaks. That suggests the FBI may have had an inside track on discussions between Julian Assange of WikiLeaks, and Anonymous, another hacking group, about the leaking of thousands of confidential emails and documents.

The indictments mark the most significant strike by law enforcement officials against the amateur hacker groups that have sprung out of Anonymous. These groups, which include LulzSec, have cost businesses millions of pounds and exposed the credit card details and passwords of nearly 1 million people.

Read the rest

Report: LulzSec members arrested

Fox News' Jana Winter reports that LulzSec's Sabu was caught and turned by the authorities last June and has been working with them since. Other members of the group were arrested today as a result, she writes; details will be unsealed today in district court. The name given, Hector Xavier Monsegur, would confirm earlier outings and doxings from the same period. Last June saw the group publicly suspend operations, if you'll recall, and suffer its earliest arrests.

Spain, South America arrest 25 in Anonymous crackdown, with Interpol assist

With help from the international police organization Interpol, Spain and three South American countries today arrested 25 people who are suspected of being Anonymous activist/hacktivist/hackers. They are accused of defacing government and corporate websites. Reuters:

Spanish police also accused one of four suspects picked up in the cities of Madrid and Malaga of releasing personal data about police officers and bodyguards protecting Spain's royal family and the prime minister.

Other arrests were in Argentina, Chile and Colombia, and 250 items of computer equipment and mobile phones were seized across 15 cities, Interpol said. Colombia's Ministry of Defence and presidential websites as well as Chile's Endesa electricity company were among the targets of the hackers, it said.

And not coincidentally, the Interpol website has been intermittently offline today.

Shit programmers say

"Shit Programmers Say" -- a worthy addition to the series and a trenchant comment on the inherent interiority of programming.

Shit Programmers Say (via Waxy!)

Newt threatens Russia, China with cyberwar

“I think that we have to treat state-based covert activities as the equivalent of acts of war. And I think that we have to respond to that and create a level of pain which teaches people not to do it.” US presidential candidate Newt Gingrich, responding to a question about countries that target U.S. corporate and government information systems.