Douglas writes, "My rooted CyanogenMod phone got hacked at HOPE X. I'm planning to get it write-blocked and imaged to crowdsource forensics." Read the rest
Newly released WikiLeaks publications from the Stratfor leak reveal much about Trapwire, a multi-country surveillance network run by a private US company, Abraxas, led by ex-CIA operatives. The network operates in NYC subways, the London Stock Exchange, Las Vegas casinos, and more. It uses real-time video facial profiling and is linked to red-flag databases.
The WikiLeaks publications related to Trapwire are difficult to access now because WikiLeaks.org and many of its mirrors are under heavy DDOS attack. (Good time to donate!) However you can see the publications here via Tor.
Australian activist @Asher_Wolf is organizing a nonviolent campaign against Trapwire, including an effort to spam the network with creative false positives.
Intelligence and security research group Stratfor was hacked Saturday, and a a list of clients, personal information and credit card numbers purloined from its servers.
Having exposed the group's customers, the hackers apparently used the card numbers to make donations to the Red Cross and other charities.
The New York Times' Nicole Perlroth writes that the attack was also likely intended to embarrass Stratfor. She ends with a curious quote from Jerry Irvine, a member of the Department of Homeland Security's cybersecurity task force:
“The scary thing is that no matter what you do, every system has some level of vulnerability,” says Jerry Irvine, a member of the National Cyber Security Task Force. “The more you do from an advanced technical standpoint, the more common things go unnoticed. Getting into a system is really not that difficult.”
Sure, if it's a web server, exposed to the public by design.
But Stratfor didn't just expose a website to the public. It also, apparently, put all this other stuff online, in the clear, for the taking.
It's true that websites are like storefronts, and that it's more or less impossible to stop determined people from blocking or defacing them now and again.
Here, however, it looks like Stratfor left private files in the window display, waiting to be grabbed by the first guy to put a brick through the glass.
Now, I'm not a member of the national IT security planning task force. But I'm pretty sure that putting unencrypted lists of credit card numbers and client details on public-exposed servers isn't quite explained by "no matter what you do, every system has some level of vulnerability."