Edward Tufte on Aaron Swartz and his own hacking career

Designer and theorist Edward Tufte was a friend and mentor of Aaron Swartz's. At Saturday's memorial to Aaron at the Cooper Union in NYC, Tufte remembered both Aaron and his own hacking career, inventing "blue boxes" and using them to make illegal calls on AT&T's network, and wondered about what would have become of him had he run into the same prosecutorial zeal as Aaron faced. Here's a quote from Dan Nguyen's transcript of the Livestream video feed:

…[Bowen] then became president of the Mellon Foundation and he had retired from the Mellon foundation. But he was asked by he foundation to handle the problem of JSTOR and Aaron.

So I wrote Bill Bowen an email about it. And I said first that Aaron is a treasure. And then I told a personal story about how I had done some illegal hacking as a student and had been caught at it and what happened.

In 1962, my housemate and I invented the first blue box. That’s a device that allows for free, undetectable, unbillable long-distance telephone calls.

And we got this up. And played around with it and at the end of our research came when we completed was what we thought was the longest long distance phone call ever made, which was from Palo Alto to New York time of day, via Hawaii.

Edward Tufte’s defense of Aaron Swartz and the “marvelously different” Read the rest

The LED dawn at 29c3, the 29th Chaos Communication Congress

Dawn is breaking over last day of the annual Chaos Communication Congress in Hamburg, Germany. CCC is the meeting of the Chaos Computer Club (also CCC), a group of German hackers hanging out together since 1981. Congress (as it is also known) is one of the great gatherings of tribes in the hacker world -- which, in the time it has existed, has gone from being a tiny, sometimes gothy and mathematically inclined subculture to being a big, elitist community whose work, values, and aesthetics touch the lives of billions of people. CCC has grown and flowered with the community. Read the rest

Andrew "Weev" Auernheimer, the Adrian Chen profile

Weev. Photo: Gawker

Adrian Chen at Gawker has a must-read profile on Weev: so-called "iPad hacker," founder of the anti-blogging Internet-trolling organization "Gay Nigger Association of America," and born-again Mormon troll. Snip:

For Auernheimer, the AT&T breach was one of his finest works as a troll. He personally didn't hack anything—the program used to collect the email addresses was written by Spitler—except the media. He was the hype man for Goatse, and he claims blew the breach up far beyond its actual significance. "The bug that I'm indicted over isn't a big deal," he says. "What made it big is the way I presented it." He boils down his success at promoting the AT&T job to three bullet points: "Rhetoric, persuasion, and meme reference."

But was collecting the email addresses actually a crime? "If somebody mistakenly puts information out there on the web and somebody mistakenly gets that information, that's not illegal," says Jennifer Granick, a lawyer and the director of the Center for Internet and Society at Stanford. This is why Auernheimer decided to fight his charges instead of take a plea deal, as Spitler did last year.

"I contend there is no crime in telling the truth or using AT&T's, or anybody's, publicly accessible data, to cite it to talk about how they made people's data public," he told CNET.

Auernhemier's jury disagreed.

Read: The Internet's Best Terrible Person Goes to Jail: Can a Reviled Master Troll Become a Geek Hero?. Read the rest

Ad-blocking box maker seeks funding

AdTrap is a planned $150 firewall box for consumers. Plugged in between your internet connection and router, it strips the web of advertising without requiring a moment's configuration. Unlike browser-based plugins, it covers the whole pipe rather than a single app: every device in the house managed from a single setup screen.

It's open-source and hackable, too, but the moral hazard with these concepts is always the same: the more successful they are in becoming a de facto middle-man between readers and publishers, the greater will be their incentive to research their way to concluding that you like some advertising after all. Read the rest

Report: SEC's computers were vulnerable to security breaches

U.S. Securities and Exchange Commission employees did not encrypt some computers that contained "highly sensitive information from stock exchanges, leaving the data vulnerable to cyber attacks, according to people familiar with the matter." Reuters has the full story. The SEC spent $200K to confirm that "no hacking or spying on the SEC's computers took place," however, and there is no evidence that any data was actually breached. Read the rest

National Institutes of Health and Cancer.gov sites hacked this week

Man, come on, who hacks cancer.gov? Well, they did. And then a few days later, the National Institutes of Health Website was compromised. 5,000 user records were leaked. What's next, kittens.org? Cuddlybabies.tumblr.com? (via Chris Wysopal) Read the rest

Data recovery firm gives man happy ending

Technology writer Mat Honan was "epically hacked," in a widely-circulated cautionary tale that should have you changing your passwords and turning on secondary authentication measures. The Novato, California-based firm DriveSavers helped Mat get his data back, and he traveled to the clean room to see how they did it. (wired.com) Read the rest

Ecuador's president denies granting asylum to Wikileaks' Assange

The Guardian reports that the Ecuadorean government will grant asylum to embattled Wikileaks founder Julian Assange. The New York Times notes that the president of Ecuador denies this. Read the rest

Social engineer hacks Wal-Mart from Defcon

In a contest at the hacker conference Defcon, security specialist Shane MacDougall successfully penetrated Wal-Mart. "Social engineering is the biggest threat to the enterprise, without a doubt," MacDougall said after his call. "I see all these [chief security officers] that spend all this money on firewalls and stuff, and they spend zero dollars on awareness." (via @kevinmitnick) Read the rest

Dropbox: "We wuz hacked"

A couple weeks ago, a few hundred Dropbox users noticed they were receiving loads of spam about online casinos and gambling websites, at email addresses those users had set up only for Dropbox-related actions. The online file storage service now admits that hackers snagged usernames and passwords from third party sites, and used this data to break into those Dropbox users' accounts. Dara Kerr, reporting for CNET:

"Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts," the company wrote in a blog post today. "A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam."

Over at Ars Technica, Jon Brodkin has more. Evidently, the illicit access happened because a Dropbox employee’s account was hacked.

Read the rest

Report: complexity of cyberspying botnets greater than previously known

Brian Krebs interviews Joe Stewart, a security researcher "who’s spent 18 months cataloging and tracking malicious software that was developed and deployed specifically for spying on governments, activists and industry executives." Speaking at Defcon in Las Vegas, Stewart says the "complexity and scope of these cyberspy networks now rivals many large conventional cybercrime operations. Read the rest

A first for Black Hat hacker con: Apple in the house

Apple has never before participated in Defcon or Black Hat, but Bloomberg reports that this will change Thursday "when Dallas De Atley, manager of Apple’s platform security team, is scheduled to give a presentation on key security technologies within iOS, the operating system for iPhones and iPads" at Black Hat in Las Vegas, NV.

It’s significant because in recent years, Apple products have been stripped of their image of being hack-proof. The company’s rise has made it a bigger target, as hackers have been discovering bugs in the iPhone since it came out in 2007. Earlier this year, more than 600,000 Macs were infected, the first major malicious software attack targeting Apple computers.

Weev: Not Amused. Read the rest

Report: hackers targeting Iranian nuclear facilities "AC/DC-rolled" workstations after attack

Mikko H. Hypponen of F-Secure publishes an email he claims is from a scientist with the Atomic Energy Organization of Iran (or AEOI), which details a new "cyber attack" wave against Iranian nuclear systems.

Snip: "There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing 'Thunderstruck' by AC/DC."

Mikko can't validate the email or the tale therein, and neither can we, but if it's true? Heh.

* The 'shoop above is mine, not the hackers'. Read the rest

Hackers take Yahoo: 453,000 login credentials nabbed

Dan Goodin at Ars: "The dump, posted on a public website by a hacking collective known as D33Ds Company, said it penetrated the Yahoo subdomain using what's known as a union-based SQL injection. ... To support their claim, the hackers posted what they said were the plaintext credentials for 453,492 Yahoo accounts." Read the rest

Cable hacker jailed

A good old fashioned hardware hacker is off to jail for 3 years for selling rooted modems. The boxes gave cable users actual unlimited internet. P.S. His book, Hacking the Cable Modem: What Cable Companies Don't Want You to Know, is available at Amazon. Read the rest

NSA Built Stuxnet, but Real Trick Is Building Crew of Hackers

After decades of waging a scorched earth war against hackers, the US government is now complaining about a shortage of hackers it needs to conduct cyberwarfare. Read the rest

Stuxnet, the worm that targeted Iran's nuclear facilities, was created by US and Israel

Iranian President Mahmoud Ahmadinejad inspects centrifuges at a uranium enrichment plant.

Reporting for the New York Times, David Sanger confirms what internet security researchers suspected all along: Stuxnet, the worm that targeted computers in Iran's central nuclear enrichment facilities, was a US/Israeli project and part of an expanded effort at cyberweaponry by the Obama administration. Read the rest

More posts