Rumor de asilo a Assange es falso. Todavía no hay ninguna decisión al respecto. Espero informe de Cancillería.— Rafael Correa (@MashiRafael) August 14, 2012
A couple weeks ago, a few hundred Dropbox users noticed they were receiving loads of spam about online casinos and gambling websites, at email addresses those users had set up only for Dropbox-related actions. The online file storage service now admits that hackers snagged usernames and passwords from third party sites, and used this data to break into those Dropbox users' accounts. Dara Kerr, reporting for CNET:
"Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts. We've contacted these users and have helped them protect their accounts," the company wrote in a blog post today. "A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam."
Over at Ars Technica, Jon Brodkin has more. Evidently, the illicit access happened because a Dropbox employee’s account was hacked.
It’s significant because in recent years, Apple products have been stripped of their image of being hack-proof. The company’s rise has made it a bigger target, as hackers have been discovering bugs in the iPhone since it came out in 2007. Earlier this year, more than 600,000 Macs were infected, the first major malicious software attack targeting Apple computers.
Weev: Not Amused.
Mikko H. Hypponen of F-Secure publishes an email he claims is from a scientist with the Atomic Energy Organization of Iran (or AEOI), which details a new "cyber attack" wave against Iranian nuclear systems.
Mikko can't validate the email or the tale therein, and neither can we, but if it's true? Heh.
* The 'shoop above is mine, not the hackers'.
Iranian President Mahmoud Ahmadinejad inspects centrifuges at a uranium enrichment plant.
Reporting for the New York Times, David Sanger confirms what internet security researchers suspected all along: Stuxnet, the worm that targeted computers in Iran's central nuclear enrichment facilities, was a US/Israeli project and part of an expanded effort at cyberweaponry by the Obama administration. Read the rest
Read the rest
The Moscow-based security firm credited with solving various mysteries around Stuxnet and Duqu today announced the discovery of Flame, a data-stealing virus said to have lurked on thousands of computers in the Mideast for as long as 5 years. A Kaspersky Lab spokesperson described it in a Reuters interview as "the most complex piece of malicious software discovered to date."
Adds Bruce Sterling, "Given that this has been out in the wild for a couple of years now, what’s five times bigger than 'Flame' and even less understood?"
Writing today at Wired News, Kim Zetter reports that Flame is believed to be "part of a well-coordinated, ongoing, state-run cyberespionage operation."
Kaspersky has a FAQ about Flame, here.
(Image: Kaspersky Labs)
Canadian yarn-lover and privacy-lover Howie Woo has developed an ingenious system for thwarting surveillance cameras that use face recognition technology. His solution involves crochet and LOLs. Here are more photos (via the Boing Boing Flickr Pool). More about Howie's playful creations here.
Quinn Norton has an excellent piece over at Wired:Threat Level on the reactions within "Anonymous" to the news that LulzSec frontman "Sabu" (photo above) was collaborating with the FBI. Kim Zetter's take on the arrests and secret plea deals is here.
The Guardian has more on the big hacking news which Fox News broke yesterday (as noted in a post by Rob). "Sabu," the trash-talking, self-appointed leader of LulzSec, has been working for the FBI for the last six months. The FBI says he helped the US and various European governments identify and arrest five alleged LulzSec members charged with participating in defacement, DDOSing, and "doxing" against high-profile government and corporate targets. Sabu (above) is, in now identified as Hector Xavier Monsegur, a 28-year-old unemployed Puerto Rican guy living in New York, and a father of two. He was charged with 12 criminal counts of conspiracy to engage in "computer hacking and other crimes" last year, pled guilty in August, 2011, then "snitched" on his LulzSec friends.
Here's the FBI news release, which notably omits the names of any prosecutors (perhaps for fear of Anonymous attack).
Snip from Guardian story:
His online "hacker" activity continued until very recently, with a tweet sent by him in the last 24 hours saying: "The feds at this moment are scouring our lives without warrants. Without judges approval. This needs to change. Asap."
In a US court document, the FBI's informant – there described as CW – "acting under the direction of the FBI" helped facilitate the publication of what was thought to be an embarrassing leak of conference call between the FBI and the UK's Serious and Organised Crime Agency in February. Officers from both sides of the Atlantic were heard discussing the progress of various hacking investigations in the call.
A second document shows that Monsegur – styled this time as CW-1 – provided an FBI-owned computer to facilitate the release of 5m emails taken from US security consultancy Stratfor and which are now being published by WikiLeaks. That suggests the FBI may have had an inside track on discussions between Julian Assange of WikiLeaks, and Anonymous, another hacking group, about the leaking of thousands of confidential emails and documents.
The indictments mark the most significant strike by law enforcement officials against the amateur hacker groups that have sprung out of Anonymous. These groups, which include LulzSec, have cost businesses millions of pounds and exposed the credit card details and passwords of nearly 1 million people.