Archive for Hacker
Author: Dave Lewis
May 15, 2008 at 8:39 am · Filed under Crime, Hacker, Legal Aspects
Marcia Savage has a nice write up on the Dave & Busters data breach.
From Search Security:
Three men were indicted on charges of hacking into computer systems at 11 Dave & Buster’s restaurants and stealing credit and debit card numbers.
The 27-count federal indictment unsealed Monday in New York charges Maksym Yastremskiy of Kharkov, Ukraine, and Aleksandr Suvorov of Estonia with wire fraud, computer fraud, aggravated identity theft, and other crimes in connection with the scam, which occurred last year. Turkish officials arrested Yastremskiy last July and German authorities arrested Suvorov in March. The third suspect, Albert Gonzalez of Miami, was arrested this month on one count of wire fraud conspiracy.
The indictment alleges that the trio schemed to break into cash register terminals at various locations of the Dallas-based restaurant chain between April 30 and Sept. 22, 2007. They are accused of stealing credit and debit card Track 2 magnetic stripe data and selling it to others who used it to make fraudulent purchases. Track 2 data includes the customer’s account number, expiration data and security code.
Read on.
Article Link
Author: Dave Lewis
May 13, 2008 at 6:40 am · Filed under Education, Hacker, News
Apparently reporters at NBC San Diego have discovered that kid can get hacker tools from the internet. This is another case of kids hacking in to change grades. Sure, this is bad behaviour but, you do have to admire their creativity. I wish I thought of that when I was a kid. Mind you, my parchment and quill didn’t have an internet connection.
From NBC San Diego:
The hacking incident resulted in the changing of grades and acquiring teachers’ tests, according to the release.
The computer breach was discovered when a staff member in a computer at school found a flash drive. An initial investigation revealed that the hacking occurred as a desktop security breach.
Students apparently hacked into the computer using stolen passwords and downloaded hacking tools found on the Internet.
The students will appear before district administrative hearing panels
Article Link
Author: Dave Lewis
May 6, 2008 at 11:19 am · Filed under Crime, Hacker
OK, so it didn’t go down quite like that.
German police announced today that they have busted a hacker ring from the Hamburg area.
From The Local, Germany:
Bavarian authorities have broken up a hacker ring based around a 33,000-member internet forum called ‘hacksector,’ police announced on Tuesday.
Eleven suspects ranging in age from 15 to 22 years old have been taken into custody, along with more than 20 laptop computers, Augsburg police spokesman Manfred Gottschalk told The Local. Seven of the suspects are younger than 18 years old.
“We are at the beginning of our investigation,” Gottschalk said.
It seems that the group is accused of carding, ID theft and various hacking offenses. I wonder if the recent anti-hacking laws will be applied in the case.
Article Link
Author: Dave Lewis
May 3, 2008 at 9:58 pm · Filed under Hacker, News
Wow, this story really gave me a flashback to the 80’s. I remember watching as Ferris Bueller hacked into the school computers to change his grades. That was one of the early influences that helped shape my career. Glad to see that the spirit lives on. I do think that the Fort Bend Independent School District school board is going overboard on the investigation.
From UPI:
Four Texas high school students are accused of hacking into school district computers to change the marks of at least 60 pupils, school authorities said.
The four suspects are students at Hightower High School in Missouri City, Texas, where the altered grades appeared, the Houston Chronicle reported Saturday.
The Fort Bend Independent School District has suffered a monetary loss of at least $190,000 because of the incident, which makes it a potential felony, investigators said.
Court documents reportedly do not give details explaining how investigators calculated the losses.
$190K for a school computer stunt? Me thinks they doth protest too much. I would be very interested to see how they arrived at that grand amount.
Article Link
Author: Dave Lewis
April 10, 2008 at 12:52 pm · Filed under Crime, Hacker
There is a growing trend in the “echo” generation. They’re knee deep in the social networking world without a care for consequences of hacking. It’s amazing how many times I see the MySpace denizens act as if they have some sort of anonymity. News flash folks, you don’t.
From CNET:
On Thursday morning, at this year’s RSA conference in San Francisco, Chris Boyd of Facetime and I will present a talk “How to Adapt to the Echo Generation’s Social Media Hacking Game.” The following is a preview of that talk, presented in three parts. On Tuesday we learned who the Echo Generation are. Wednesday we saw how they use online social media for hacks. Today, we’ll see how Chris uses features of social networks and Web 2.0 to shut these kids down.
Known as the Sherlock Holmes of France, famed criminologist Edmond Locard once said that every contact between two items leaves a trace, and that’s also true when talking about online crimes. IP addresses are left behind with every site we visit. Posts to newsgroups remain accessible via Google long after the initial discussion has ceased to have relevance. And there’s also that embarrassing MySpace page that was started but abandoned years ago that’s still active. So when a person suddenly decides to commit an online crime, all that prior online history follows them, and that’s a good thing for Chris Boyd, director of malware research at Facetime Security Labs.
Have a read of the full piece by Robert Vamosi. A very interesting article.
Article Link
Tags: Social Media, Social Media Hacker, Online Crime
Author: Dave Lewis
March 31, 2008 at 8:40 am · Filed under Crime, Hacker, ID Theft
This morning brings word of another data breach. This time the victim was the Irish employment site Jobs.ie.
From Ireland.com:
Jobs.ie would not say how many of its clients had been affected, but said it had now fixed the security breach.
The clients whose information was taken are at risk from identity fraud and “phishing”, where criminals, often posing as a well-known, legitimate company, use the information gleaned to try to extract further personal and financial information from their victims.
It is understood that the hackers used an illegally obtained log-in and password given to employers who are registered with Jobs.ie to access the job applications area of the site. They then downloaded personal information from CVs submitted, along with job applications.
Most of the stolen information relates to archive CVs rather than those of people now looking for jobs.
The company, which is owned by businessman Denis O’Brien, has in recent days contacted those affected to warn them of the possibility that they may receive e-mails from people using their information.
“All of the people affected have been contacted and informed of the situation. We have urged them to exercise extra vigilance with inbound e-mails in the coming weeks to ensure online security,” a spokeswoman said.
Read on.
Article Link
Author: Dave Lewis
March 28, 2008 at 7:27 am · Filed under Dumbass, Hacker
What a dumbass.
From the Associated Press:
A computer hacker was sentenced to three years in prison for placing a phony 911 call that led a SWAT team to storm a family home at gunpoint.
It marked the first prosecution in Orange County for a prank known as “swatting” that involves sending SWAT teams on wild goose chases, said county district attorney’s spokeswoman Farrah Emami on Thursday.
Randal T. Ellis, 19, pleaded guilty Wednesday in Orange County Superior Court to five felony counts, including computer access and fraud, false imprisonment by violence and falsely reporting a crime.
He was given prison time and ordered to pay $14,765 in restitution, most of which will go to the county Sheriff’s Department.
Wow…this could have cost someone their life. Read on.
Article Link
Author: Dave Lewis
March 28, 2008 at 7:17 am · Filed under Conventions, Hacker
Well, CanSecWest (which I missed yet again) has hit the press with the hacking contest that saw the MacBook Air hacked in…2 minutes. The winner received 10K for his troubles. Now that is one helluva hourly rate.
From security.itworld .com:
Miller, best known as one of the researchers who first hacked Apple’s iPhone last year, didn’t take much time. Within 2 minutes, he directed the contest’s organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.
He was the first contestant to attempt an attack on any of the systems.
Miller was quickly given a nondisclosure agreement to sign and he’s not allowed to discuss particulars of his bug until the contest’s sponsor, TippingPoint, can notify the vendor.
Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible, or possibly inside, Apple’s Safari browser.
Nicely done.
Article Link
Author: Dave Lewis
March 17, 2008 at 7:12 am · Filed under Crime, Hacker, Malware
As part of Operation Bot Roast a hacker named, Robert Matthew Bentley, 21, of Panama City, Florida has plead guilty to a pair of felony counts. Bently, who at times used the moniker LSDigital, was responsible in part for a massive botnet that spanned the globe.
From the Register UK:
An indictment alleged that Bentley and his cronies generated “thousands of dollars” from their botnets. According to court papers signed last week by Bentley, he had applied for an account with DollarRevenue.com, which “pays others for, among other things, the unauthorized intrusion and placement of adware on to vulnerable computers.”
The bot masters, at least one of whom was located in Philadelphia, used the domain name smokedro.com as a command and control channel. They breached Newell Rubbermaid using at least three malicious files bearing the names 84785_redworld[1].exe, mssecure.exe and msiupdate.exe.
Under terms agreed to in the plea agreement, Bentley may qualify for “the granting of relief” if he provides “substantial assistance in the investigation or prosecution of other persons who have committed offenses.”
Ah, the carrot. So will he turn on his fellow ne’er do wells?
Article Link
Author: Dave Lewis
March 14, 2008 at 7:20 am · Filed under Hacker
There’s a kick in the noots for the folks over at Trend Micro. Apparently their site (or parts thereof), on IIS, was compromised by nefarious types as part of a larger effort to capture passwords.
From InfoWorld (via Yahoo):
A Trend Micro spokesman confirmed that the company’s site had been hacked Thursday, saying that the attack took place earlier in the week. “A portion of our site — some pages were attacked,” said Mike Sweeny, a Trend Micro spokesman. “We took the pages down overnight Tuesday night — and took corrective action.”
On Thursday security vendor McAfee reported that more than 20,000 Web pages have been affected by the attack. The pages are infected with malicious code that tries to install password-stealing software on the PCs of people who visit the sites.
Researchers are still not sure how the attackers are managing to hack these Web pages, but the pages all seem to use Microsoft’s Active Server Page (ASP) technology, which is used by many Web development programs to create dynamic HTML pages. A software bug in any of those programs is all the attackers need to install their malicious code.
The attack in question apparently originated in China as part of a massive automated campaign that has taken out roughly 20,000 pages so far.
Article Link
[UPDATE]: Billy Hoffman was good enough to post a copy of the Javascript that is making the rounds as a part of this massive web hack.
Tags: Trend Micro, Massive Web Hack, Password Theft
Next entries »
Explore
Security Bloggers Network
