Tag Archives: hackers

Can Smartphones Steal Our Credit Card Information?

There was a time when credit cards had to be slid through a funky machine and stamped. This left your personal information fairly insecure or at least at the mercy of the retail establishment’s security procedures. Now credit cards are so fancy you can simply walk by and tap them to pay for your bill. Would it surprise you to know that your credit card could be even more at risk today despite the jump in technology? A CBC News investigation is saying that a simple Smartphone app is capable of swiping your information right through your wallet. In about one second, they were able to use a Samsung Galaxy SIII and an app that shall remain nameless to do the deed. Information like the card number, expiration date and name was quickly stolen with a simple walk by.

That is alarming news to those of us that use PayPass or payWave from MasterCard and Visa collectively. Both appear to be susceptible to the app and the smartphone despite what is said by those with Visa or MasterCard. Both companies say that their products are safe and that you are not responsible for unauthorized purchases anyway. For me, the proof is in the doing. They were able to take a card’s information with a simple walk by, and then use it to purchase a Coke. That shows me that it is possible despite claims to the contrary.

This is a natural progression that one should expect to see when new technologies are being formed. If you come up with a new way to do things where paying and money is concerned, someone, somewhere is going to try to exploit it. It is the unfortunate way of the world. Once they have been caught a few times, then the technology will Continue reading Can Smartphones Steal Our Credit Card Information?

List of celebrities and political victims of hackers grows

It seems somewhat ironic, Angelina Jolie who starred as “Kate” aka Acid Burn in the movie “Hackers” has now joined the almost dozen celebrities who have had their financial information hacked into and released for the Internet to share.

TMZ reports that both Lady Gaga and Angelina Jolie are the latest in a line of online hack jobs which pulled financial information including social security numbers, credit card information, car loans, banking information and even mortgage amounts and released them online. Among the others hurt by the hackers were Jay-Z, Beyonce, Kim Kardashian, Paris Hilton, Mel Gibson, Ashton Kutcher, Robert Mueller, Tiger Woods, Kanye West, Eric Holder,  Robert De Niro, Dennis Rodman, Michael Vick,  NRA advocate Wayne LaPierre and LAPD Chief Charlie Beck.  There are also reports of Britney Spears, Donald Trump and even the first lady Michelle Obama being victims of these same hacksters. In the First Ladies case, it appears the problem is really with the president as they stated “”Blame your husband, we still love you, Michelle.”

Other political figures include Sarah Palin, Hilary Clinton, Joe Biden and Al Gore.   However, either there is little to be learned online about these particular political figures or they are protected better online than the other victims, there was little information revealed about them.

Credit agencies are making their own inquiries, and as reported by Forbes Magazine, “We learned about this late this afternoon [and] immediately launched an investigation,” a TransUnion spokesperson said by email.

The hackers appeared to be based out of Russia and performed a dump of the information on a website which now appears to be based on an island off the coast of Madagascar  in a technique known as “doxxing.”   But here’s the really interesting part, doxxing is the act of obtaining and posting private information about a person by scouring the Internet and is not necessarily illegal.

“You can post it as long as there is nothing nefarious about it,”  says LAPD cyber crimes detective Andrew Kleinick. “They are public figures and that kind of thing happens. It’s not right, [but] I know of no crime. He continues Continue reading List of celebrities and political victims of hackers grows

Hack AT&T? That’ll Cost You Over 3 Years in Prison

download-key-logger-programA man who successfully exploited a hole in AT&T’s web security to obtain information about iPad customers was sentenced on Monday to 41 months in prison and an additional three years of supervision following his release. While Andrew Auernheimer didn’t put the information he obtained to any malicious use, under the Computer Fraud and Abuse Act, he did commit a serious computer crime. He was charged with one count of identity fraud, as well as one count of conspiracy to access a computer without authorization.

The hacking occurred back in 2010, when he and a colleague discovered a security hole in AT&T’s website and wrote a program they called the iPad 3G Account Slurper. The program allowed them to access the email addresses and ICC-ID numbers, and other data about the users affected. (ICC-ID numbers identify an iPad and who it belongs to.) Rather than taking the information they retrieved and using it to harm the users affected, they sent their findings to a popular website so the security hole could be publicized and hopefully fixed. It’s just the latest in what seems to be a growing trend in hacktivism.

What are hacktivists? Continue reading Hack AT&T? That’ll Cost You Over 3 Years in Prison

Hacker Myths and Realities in Girl With The Dragon Tattoo

Have you seen the movie Girl With the Dragon Tattoo? The movie is based on the book of the same title by Swedish author Stieg Larsson. The main character is a girl who lives with asperger’s syndrome and has an amazing ability to hack information. She uses her skills to help a journalist solve a mystery. This representation of a computer hacker is realistic in some ways, but misses the mark in others.

Poster from the Girl With the Dragon TattooReality: The young hacker, Lisbeth Salander, goes by the alias “Wasp” when she’s involved in computer hacking. Some hackers, especially notorious ones that have been caught and publicized or those who use their skills to point out flaws in security systems (known as “white hat” hackers), are known by their legal names. However, many hackers have an internet “handle” or code name that they’re known by.

Reality+Myth: Lisbeth has a “lone wolf” sort of hacking persona but does communicate with other hackers in what seems to be a vey loosely organized context. They know each other by their handles and communicate mostly via the internet, sharing tips and helping one another occasionally. According to “The social organization of a criminal hacker network: a case study” by Yong Lu, this sort of hacker community does exist in some cases. However, there are also networks that are far more akin to a professional crime ring, where a hierarchy exists and and the work load is very specifically shared among members.

Lu characterizes this sort of network as being a fairly recent phenomena. While hackers of old tended to use their skills for Continue reading Hacker Myths and Realities in Girl With The Dragon Tattoo

Hackers Want $1M for Mitt Romney’s Tax Records

There is always a great deal of scrutiny laid onto any presidential campaign as each side attempts to make their case for election.  The political backbiting can become very intense and people take sides and join in the slurs against the opponent.  In the last election, the opponents claimed President Obama was not a legal citizen and asked repeatedly for his birth certificate, which he produced but some then thought was a fake.

In the current presidential campaign, the subject of Republican hopeful Mitt Romney’s tax records has become the center of attention.  Many feel that he has not paid the taxes that every other American would pay and hackers are saying that they have located these records that Mitt Romney has refused to produce.

They want $1M for the tax records and if Romney really is hiding something and they truly have the records, it would be cheaper for him to pay them off. But first, do they even have the records? Continue reading Hackers Want $1M for Mitt Romney’s Tax Records

Yahoo! Hacked Learn How to Protect Yourself

Yahoo! Hacked Learn How to Protect Yourself

by guest writer, Linda St.Cyr

 

YAHOO! was hacked by a group calling themselves D33DS. The group claimed that the hack which released 450,000 email addresses and passwords to the public was “a wake-up call not as a threat.” But those who were affected by the hack might not see D33DS benevolence. I know that I don’t and I was one among the half a million emails to be released to the public. Luckily, the password that was associated with my email was outdated. Many other people were not as lucky.

People tend to use the same password for various sites. This can be detrimental if a hack takes place like the one that was done by D33DS. Although, I didn’t use the password that D33DS released I still had to take a day to change the passwords for all the websites that I used. Most of the websites had security measures in place that automatically locked me out the account (and any hackers as well) until I took steps to reset my passwords.

There are three basic steps that can help keep your internet and email activities safe:

 DON’T USE THE SAME PASSWORD

Do not use the same password for various websites. It may make life easier but it also makes you more susceptible to hackers and spam. If you use various websites for business or pleasure create a hard copy list and put it in a desk drawer or in a safe place. If you have ten different website accounts, you should have ten different website passwords.

 CREATE A STRONG PASSWORD

Websites that recommend that you use 6-8 letters including a capital letter and a number or a symbol are ones that want you to have a strong password. The stronger a password is, the harder it is for a hacker to get into your account. A strong password will have a combination of letters, numbers and symbols. Your password should not be your social security number, your birthday, your kids birthdays, your phone number or even your anniversary. That information is easily accessible, especially on social media platforms, which makes using it easily accessible for a hacker.

CHANGE YOUR PASSWORD OFTEN

Every couple of months take a day to change all the passwords you use. This will make it more difficult for a hack to take place as your accounts. A hacker could be close to figuring out what your password is but because you change it so often, the hacker will have to start all over again.

The Daily Telegraph, who reported on the Yahoo! hack, stated: “Users of online accounts are urged by security experts and technology firms to select tough passwords and change them frequently to thwart hackers.”

 

This guest post is by Linda St.Cyr,  a freelance writer, blogger, and columnist. She covers a wide variety of topics from food to celebrity gossip. Read her work at Ecorazzi, Yahoo! Contributor Network, or The Hungry Kitchen.

450,000 email addresses and passwords stolen from Yahoo: Is yours one of them?

Linking up accounts and services seems like it could make life easier doesn’t it?  Until you link things up on the Internet so closely that one security breach could lead to several from you email accounts to your PayPal accounts as well as the services you use on sites like Yahoo, MSN and Google.  A recent theft of over 450,000 log-in credentials were discovered from a Yahoo service.   Unfortunately this theft was not limited to just Yahoo services as many people link up their services with their email address, no matter what provider they may have.

The hackers, “D33Ds Company” released a statement about the incident stating  that this should be a wake up call to Yahoo for “lax security.”

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

While the theft of this data is scary, what is even more frightening is that according to TrustedSec the passwords and information were stored completely unencrypted.

Chief technology officer at Eurosecure, antivirus vendor ESET’s distributor in Scandinavia, Anders Nilsson, revealed that the most common domain names for the leaked email addresses were aol.com, gmail.com hotmail.com and yahoo.com. You can find even more statistics about this incident and the services affected on his blog.  Surprisingly enough the most common password is the one that everyone is told not to use and out of approximately 342,000 entries, 1,666 of them use the password 123456.

If you want to know if you have been compromised Continue reading 450,000 email addresses and passwords stolen from Yahoo: Is yours one of them?

Bodacious babe caused FBI to nail alleged Anonymous hacker

They are nameless, faceless and anonymous.   They are hackers extraordinaire.   Some refer to them as a modern day “Robin Hood” as they steal from the data wealthy and give to the poor.”  Others disagree and say there is nothing heroic about their efforts.   But recently one of them turned “traitor” to stay out of jail and another one was “nailed” by the FBI all thanks to one “bodacious” babe.

Higinio Ochao III, was recently charged as one of the Anonymous, CabinCr3w, that hacked into law enforcement databases, collecting and releasing the names,  addresses and telephone numbers of police officers across the United States.  This could have put a number of law enforcement officials, as well as their families in danger.

This Linux administrator is also being accused of hacking the websites of the Alabama and Texas departments of public safety in February in support of the occupy movement.   This  criminal complaint alleges that Ochoa, who went by the Twitter handle @Anonw0rmer and that while hacking in the County of Houston’s website in Alabama  Agent Scott Jensen says,

“The attacker created fake events on their online calendar, posted images representing Anonymous and CabinCr3w, deleted all the administrator accounts except the one created by the attacker. All of this was accomplished by gaining unauthorized administrator access to the site’s control panel.”

Ochao strongly denies working with the FBI and other law enforcement officials, but seems to have no problem sharing his disdain for their organization and their interrogation techniques.   You can find what appears to be his full statement on PasteBin.

So how did this protestor extraordinaire get busted for hacking?   It’s a tale as old as the Bible.  Some would say it’s a modern day version of Samson and Deliliah.  It’s hard to tell if it was a beautiful woman that caused him to be busted, but law enforcement officials are claiming it to be one great big “bust” based on a bodacious babes boobs.  Yes, that is some of the evidence against Ochao.

Apparently Ochao tooks some pictures of his Australian girlfriend and posted them on his Facebook account, Twitter feed and on his websites.  If you can look past her size to the sign you will see the statement “PwNd by w0rmer & CabinCr3w <3 u BiTch’s !” 

The Twitter account directed followers to a website on which they could find more information about the  ”oppression by police departments around the world … EVERY police department is at risk and will remain that way …”  Another featured a picture of a woman with a sign stating ”We Are ALL Anonymous We NEVERForgive. We NEVER Forget. <3 @Anonw0rmer”.

You can not see the woman’s face in any of the photos but that doesn’t stop the FBI, which claims in the affidavit, that the same woman seems to be appearing in all the photos. (Photos available at Daily Mail News)

Most of us aren’t hackers, but we have been warned of the dangers of our location being found as we take, upload and share photos taken from our Smartphones and iPhone.   For most of us the danger of doing so probably won’t lead to an arrest, but for many it could lead to it’s own set of problems.

 

Cell phone tracking becomes common practice by law enforcement

Geotagging dangers 

 

 

Nothing Anonymous about this take down of child porn sites

This summer the hacker group Anonymous lost a great deal of whatever support their organization had as they allegedly took down the online payment and invoicing service PayPal  hitting the average user hard as they tried to transfer funds or access money on deposit.

(Read PayPal Cyber Attack Arrests)

But the latest news about them is that they used recently used their talents to fight the forces of evil online.

Anonymous is taking credit for taking down more than 40 child pornography websites.   Their campaign “Operation Darknet” began mid October when they decided to enter the dark forces of the web world called “darknet” and bring the actions there to light.

Darnet is a part of the Internet that is hidden, deliberately concealed, offering services like fake ID’s, steroids, prank calling and ironically hacking tips.

Finding a site titled “Hard Candy”  while browsing the Hidden Wiki we noticed a section called Hard Candy which was dedicated to links to child pornography. We then removed all links on the website, within 5 minutes the links were edited back in by an admin. For this reason, we will continue to make the Hidden Wiki unavailable. (taken from their timeline of events) They then decided to dig deeper into the dark underworld of the Internet and found “Freedom Hosting.”

Freedom Hosting “free” no more 

The hackers affiliated with Anonymous warned the Freedom Hosting to take down the child pornography and issued a deadline.  When they failed to do so, the hackers did it for them.  Several hours later, the site was back up again only to be taken down again.

Anonymous issued the following demand statement of which this is an excerpt

“The owners and operators at Freedom Hosting are openly supporting child pornography and enabling pedophiles to view innocent children, fueling their issues and putting children at risk of abduction, molestation, rape and death,” the message said. “For this, Freedom Hosting has been declared #OpDarknet Enemy Number One. By taking down Freedom Hosting, we are eliminating 40+ child pornography websites, among these is Lolita City, one of the largest child pornography websites to date containing more than 100 GB of child pornography. We will continue to not only crash Freedom Hosting’s server, but any other server we find to contain, promote, or support child pornography.”

See the full timeline of events and their demands in this Pastebin post. 

Apparently Anonymous doesn’t take child pornography lightly, because not only did the take the sites down but they also released the names of  of some 1500 registered users in a Pastebin post, on these sites. This isn’t the first time that this organization has hackattacked a website contrary to their agenda.  Among those they have accessed are the New York Stock Exchange, the Westboro Baptist Church, the Recording Industry Association of America and government sites in Malaysia, Egypt, Tunisia and Zimbabwe.

Let’s just hope they continue to don their “white hats” as they hactevate across the web.  I don’t think anyone would like to encounter another holiday season where they had to worry about what they may do next to popular online service and shopping sites.

(Read  WikiLeaks may be spilling into your online holiday shopping and bill paying plans)

Their parting “shot”

We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.
What do you think?  Are they the "good guys" or the "bad guys"  or the new online anti-hero?

PayPal Cyber Attack Arrests

Did you get the message?  I did.  Just a few days ago I received the a purported PayPal message that my account was going to have limited access, as well as several other terms and conditions that to be honest sent me into a PayPal rage. Should I have any questions I should use the link below to log into my PayPal account.  Sound familiar?

It was very convincing, however it was a weekend and I thought, “I’ll deal with it later.”  Monday I find that many other people I know received similar messages which of course caused us all to start wondering, “How real is this reality check on our PayPal account?”  It didn’t take long to find out it wasn’t real at all.

Allegedly hackers broke into the PayPal server in a retaliatory attack for WikiLeaks accounts being suspended.   Founded by Julian Assange, Wiki Leaks is an anti-secrecy organization that collects  information and then releases it to the public.  Their founder was arrested in Great Britian last winter after releasing 250,000 State Department documents in which US diplomats were, quite frankly less than complimentary towards their counterparts throughout the world.

(read more about WikiLeaks founder’s arrest)

The FBI reports the arrest of 14 people allegedly involved in the cyber-attack on PayPal.  Other arrests were made overseas in Great Britain and Amsterdam. Reportedly the cybberattacks on PayPal’s website were by the group “Anonymous.”  Anonymous is a group of hackers sympathetic to WikiLeaks and it has claimed responsibility for attacks against corporate and government websites worldwide.  PayPal closed the account being used for donations to WikiLeaks citing violations of the PayPal terms of service.  Wikileaks response was “PayPal’s action tried to economically strangle WikiLeaks.”

According to the indictment and complaints filed in court in San Jose, California, the defendants Continue reading PayPal Cyber Attack Arrests