Jump to content

Search the Community

Showing results for tags 'Hack'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

  1. E-mail addresses and cryptographically protected passwords for thousands of Mozilla developers were exposed through a database glitch that may have been exploited by hackers, Mozilla officials warned Friday. About 76,000 e-mail addresses and 4,000 password hashes were left on a publicly accessible server for about 30 days beginning June 23, according to a blog post. There is no indication the data was accessed, but Mozilla officials investigating the disclosure can't rule out the possibility. Hackers who might have managed to crack the hashes wouldn't be able to use the passwords to access Mozilla Developer Network accounts, but they may be able to access other user accounts secured with the same cracked passcode. The glitch was touched off when a data "sanitization" process failed, causing the addresses and hashes to be dumped to a publicly accessible server. "We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you," Stormy Peters, director of developer relations, and Joe Stevensen, operations security manager, wrote. They continued: Source : http://arstechnica.com/security/2014/08/thousands-of-mozilla-developers-e-mail-addresses-password-hashes-exposed/
  2. Los Angeles, California - January 17, 2014 The massive data breach at Target during the 2013 holiday shopping season which the retailer now admits affected 70 million customers used an inexpensive "off the shelf" malware known as BlackPOS. The same malware may have also been involved in the Neiman Marcus attack. Security researchers from IntelCrawler, a Los-Angeles based cyber intelligence company, announced that the age of BlackPOS malware author is close to 17 years old and the first sample of it was created in March 2013. The first report on this malware was done in the beginning of spring by Andrew Komarov, IntelCrawler CEO, when he was working in another forensics company. According to own sources of IntelCrawler the first infected Point-of-Sales environments by BlackPOS were in Australia, Canada and the US. The first name of the malware was a lyric "Kaptoxa" ("potatoe" - in russian slang), which then was renamed to "DUMP MEMORY GRABBER by Ree[4]" for forums postings, but the title for C&C had string "BlackPOS". During that time, "Ree[4]" ("ree4") has sold more then 40 builds of BlackPOS to cybercriminals from Eastern Europe and other countries, including the owners of underground credit cards shops such as ".rescator", "Track2.name", "Privateservices.biz" and many others. The same dates the detailed information and reverse engineering report were shared with Visa and several major US banks, after which US LEA released internal notification for financial industry about that. The bad actor was pretty opened for trading this malware for 2 000 USD or by receiving 50% from selling of all intercepted credit cards by his customer through Liberty Reserve. [email protected]: http://ree4.7ci.ru/dump_grabber.php [email protected]: it is administrative panel [email protected]: password "pass" [email protected]: http://www.sendspace.com/file/zglgvy [email protected]: after infection you will receive "readme.txt", like "ping" The first C&C server of BlackPOS was installed on "ree4.7ci.ru", which was the personal host of its author with nickname "ree[4]". Some other hosts were found on this domain name, as probably it was used as a hosting for all members of the same group: - onlyddos.7ci.ru; - merzavetz.7ci.ru; - reperckov41.7ci.ru. [email protected]: http://plasmon.rghost.ru/44699041/image.png hidden: how does it keep the data ( intercepted credit cards)? [email protected]: from left side it is files, time.txt, then you click on it and you will find dumps in browser in plaintext hidden: are there any differences in terms of infected Point-of-Sale systems? [email protected]: no, but there are some nuances, for examples it doesn't work on Verifone hidden: really? I have Verifones ... [email protected]: it grabs dumps from memory, Verifone can be connected to PC, but it will be "secured", you need standalone Point-of-Sale terminals with monitor and Windows hidden: how much? [email protected]: 2000 USD [email protected]: 1st build Previously he has created several tools used in hacking community for brute force attacks, such as "Ree4 mail brute", and also earned some first money with social networks accounts hacking and DDoS attacks trainings, as well as software development including malicious code. Investigators from IntelCrawler have also made a profiling on bad actor: E-mail 1: [email protected] E-mail 2: [email protected] ICQ: 565033 Skype: s.r.a.ree4 According to operative information from IntelCrawler, the person behind the nickname "ree[4]" is Sergey Taraspov, having roots in St.Petersburg and Nizhniy Novgorod (Russian Federation), very well known programmer of malicious code in underground. "He is still visible for us, but the real bad actors responsible for the past attacks on retailers such as Target and Neiman Marcus were just his customers", comments Dan Clements, IntelCrawler President. Before both breaches IntelCrawler detected large-scale RDP brute-forcing attacks on Point-of-Sales terminals across the US, Australia and Canada started at the beginning of 2013 year in winter period with week passwords such as: "pos":"pos"; "micros":"micros" (MICROS Systems, Inc. - Point-of-Sale Hardware); "edc":"123456" (EDC - Electronic Draft Capture). February 9th, 2013, 14:30 URL:http://www.rf-cheats.ru/forum/archive/index.php/t-156884.html IP Address: Location: UNITED STATES, CALIFORNIA, LOS ANGELES Latitude & Longitude: 34.052230, -118.243680 Connection: 26 INTERNATIONAL INC Net Speed: (COMP) Company/T1 IDD & Area Code: 213/310/424/323 ZIP Code: 90001 Weather Station: LOS ANGELES (USCA0638) IP Address: Location: UNITED STATES, CALIFORNIA, LOS ANGELES Latitude & Longitude: 34.002300, -118.211520 Connection: DESIGN COLLECTION Net Speed: (COMP) Company/T1 IDD & Area Code: 213/323 ZIP Code: 90058 Weather Station: LOS ANGELES (USCA0638) Usage Type: (COM) Commercial February 21th, 2013, 13:36 IP Address: Location: UNITED STATES, NEW YORK, FAIRPORT Latitude & Longitude: 43.088572, -77.432766 Connection: PAETEC COMMUNICATIONS INC. Domain: PAETEC.COM Net Speed: (DSL) Broadband/Cable IDD & Area Code: 585 ZIP Code: 14450 Weather Station: FAIRPORT (USNY0477) May 21th, 2013, 18-26 URL: http://d3scene.ru/besplatnye-razdachi-i-pooschreniya/49081-razdacha-dedikov.html IP Address: Location:UNITED STATES, COLORADO, LONE TREE Latitude & Longitude: 39.546295, -104.896772 Connection: TW TELECOM HOLDINGS INC. Domain: TWTELECOM.NET Net Speed: (COMP) Company/T1 IDD & Area Code: 303 ZIP Code: 80124 Weather Station: PARKER (USCO0306) According to The New York Times (NYT) Neiman Marcus acknowledged that the time stamp on the first intrusion was in mid-July, which may have good correlation with found compromised Point-of-Sales. July 19th, 2013 URL: http://freegaming.ucoz.net/news/razdacha_dedikov/2013-07-19-3 "EDC" - Electronic Draft Capture, also known as "EDC" or "Point Of Sale" (POS) allows you to capture and authorize a credit card. IP Address: Location: UNITED STATES, ARIZONA, TUCSON Latitude & Longitude: 32.044150, -110.734770 Connection: PRIVATE CUSTOMER Net Speed: (COMP) Company/T1 IDD & Area Code: 520 ZIP Code: 85747 Weather Station: TUCSON (USAZ0247) September 22nd, 2013, 15:52 URL: http://ccc.gs/topic/2405-razdacha-dedikov/ IP Address: Location: UNITED STATES, CALIFORNIA, VALENCIA Latitude & Longitude: 34.406069, -118.535302 Connection: TCAST COMMUNICATIONS INC Domain: COGENTCO.COM Net Speed (DSL): Broadband/Cable IDD & Area Code: 661 ZIP Code: 91355 Weather Station: STEVENSON RANCH (USCA1095) "Most of the victims are department stores. More BlackPOS infections, as well as new breaches can appear very soon, retailers and security community should be prepared for them", commented Andrew Komarov, IntelCrawler CEO. About IntelCrawler IntelCrawler.com is a multi-tier intelligence aggregator, which gathers information and cyber prints from a starting big data pool of over 3, 000, 000, 000 IPv4 and over 200, 000, 000 domain names, which are scanned for analytics and dissemination to drill down to a desired result. This finite pool of cyber prints is then narrowed further by comparing it to various databases and forum intelligence gathered from the underground and networked security company contacts. The final result could be the location of a particular keyboard or a computer housing the threat. http://intelcrawler.com/about/press08
  3. Russian Hackers Stole Personal Details of 54 Million Turkish Citizens The Publicized Hacks, Cyber attacks and Data breaches continue to increase, and the majority of attacks are from outsiders. Recently, Some unknown Russian hackers have reportedly stolen Personal details of nearly 54 million Turkish citizens, about 70% of the whole Turkish population. According to a report published by 'Hurriyet News', Researchers from KONDA Security firm revealed that the hackers have stolen data from a political party's vulnerable system that include Name, ID numbers and address of 54 million voters across the Nation. Researchers claimed that the hacked system (being used for Database and website Management) did not have any antivirus product installed and voter information was also uploaded online on a vulnerable website. This was really a bad idea, and they mentioned that “in two hours hackers downloaded all the information.” In another statement, they mentioned that some government institutions share citizen’s personal data online with other public and private bodies without ensuring the protection of data. It’s tough to accept, but you cannot protect all data. Data breaches will keep striking in 2014 also, but we will never know Where, When and How. Attackers are getting smarter, developing new advanced persistent threats, so Data breaches continue to become increasingly sophisticated. It is always important to take steps to enable encryption for Data and Devices, educate and aware the end users about the latest threats and basic necessary actions to protect the key data. http://thehackernews.com/2013/12/russian-hackers-stole-personal-details.html Edit: Swati Khandelwal, The Hacker News - Tuesday, December 17, 2013 Staff Note: This has already been posted here: Link Hence, topic closed.
  4. Jan. 30, 2014 7:19 PM EST FILE - In this Tuesday, Jan. 7, 2014, file photo, Yahoo president and CEO Marissa Mayer speaks during a keynote address at the International Consumer Electronics Show, in Las Vegas. Yahoo said Thursday, Jan. 30, 2014, that usernames and passwords of its email customers have been stolen and used to access accounts, but the company isn't saying how many accounts have been affected. (AP Photo/Julie Jacobson, File) NEW YORK (AP) Usernames and passwords of some of Yahoo's email customers have been stolen and used to gather personal information about people those Yahoo mail users have recently corresponded with, the company said Thursday. Yahoo didn't say how many accounts have been affected. Yahoo is the second-largest email service worldwide, after Google's Gmail, according to the research firm comScore. There are 273 million Yahoo mail accounts worldwide, including 81 million in the U.S. It's the latest in a string of security breaches that have allowed hackers to nab personal information using software that analysts say is ever more sophisticated. Up to 70 million customers of Target stores had their personal information and credit and debit card numbers compromised late last year, and Neiman Marcus was the victim of a similar breach in December. "It's an old trend, but it's much more exaggerated now because the programs the bad guys use are much more sophisticated now," says Avivah Litan, a security analyst at the technology research firm Gartner. "We're clearly under attack." Yahoo Inc. said in a blog post on its breach that "The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails." That could mean hackers were looking for additional email addresses to send spam or scam messages. By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients. "It's much more likely that I'd click on something from you if we email all the time," says Richard Mogull, analyst and CEO of Securois, a security research and advisory firm. The bigger danger: access to email accounts could lead to more serious breaches involving banking and shopping sites. That's because many people reuse passwords across many sites, and also because many sites use email to reset passwords. Hackers could try logging in to such a site with the Yahoo email address, for instance, and ask that a password reminder be sent by email. Litan said hackers appear to be "trying to collect as much information as they can on people. Putting all this stuff together makes it easier to steal somebody's identity." Yahoo said the usernames and passwords weren't collected from its own systems, but from a third-party database. Because so many people use the same passwords across multiple sites, it's possible hackers broke in to some service that lets people use email addresses as their usernames. The hackers could have grabbed passwords stored at that service, filtered out the accounts with Yahoo addresses and used that information to log in to Yahoo's mail systems, said Johannes Ullrich, dean of research at the SANS Institute, a group devoted to security research and education. The breach is the second mishap for Yahoo's mail service in two months. In December, the service suffered a multi-day outage that prompted Yahoo CEO Marissa Mayer to issue an apology. Yahoo said it is resetting passwords on affected accounts and has "implemented additional measures" to block further attacks. The company would not comment beyond the information in its blog post. It said it is working with federal law enforcement. ___ Online: Yahoo blog post: http://yahoo.tumblr.com/post/75083532312/important-security-update-for-yahoo-mail-users http://bigstory.ap.org/article/yahoo-email-account-passwords-stolen
  5. by Jordan Crook Posted 1 hour ago Clinkle is the hottest app around to have done mostly nothing. The stealth payments service, which has raised $25 million from big-name investors, has yet to publicly launch. But that doesnt mean it cant be hacked. Today, a guest user posted a list of 33 usernames, user IDs, profile photos, and phone numbers to PasteBin. Based on the data provided, it seems as though these users are Clinkle employees who are testing the app. Founder Lucas Duplan is on the list (yep, thats his Clinkle profile pic, shown above), as well as former Netflix CFO and Clinkle COO Barry McCarthy. Former PayPal exec Mike Liberatore, now Clinkle CFO, is also listed. The data was seemingly accessed through a private API that Clinkle has in place. Referred to by the hacker as typeahead, the API appears to be the basis of an autocomplete tool, allowing uses to type a single letter (like A) and find all usernames starting with that letter (like Adam and Andrew). [Note: Twitter has a similar tool with the same name it's unclear if they're one and the same.] Clinkle seems to use this API in their own app (presumably so users can find friends when making a payment), which has allowed one hacker to search user names, leading to the associated user IDs and phone numbers. Heres what the hacker had to say: Results from Clinkle typeahead API. It requires no authentication. The app stores writes results to disk automatically. This is much worse than Snapchats breach. Phone numbers masked as courtesy. In other words, whoever broke into the app didnt need a userID to access Clinkles list of testers or their personal information, which seems to be saved on a Clinkle server. But to be fair, Clinkles breach isnt quite the same as Snapchats, considering the information of 4.6 million Snapchat users was released, as opposed a small group of employee testers. Heres Clinkles explanation for the breach: Youre describing visibility that was purposefully built into the system as part of our preliminary user testing and was always intended to be turned off. As you can see from the list, weve been testing internally and registrations have been limited to Clinkle employees. We were using an open API, which has now been closed. That said, only names, phone numbers, photos, and Clinkle unique IDs were accessible. Clinkle points to a Stanford student as the alleged hacker but that has yet to be confirmed. Screenshot 2014-01-30 14.55.33 Clinkle, rumored to launch later this year, currently has both an iOS app in iTunes and an Android app available in the Google Play store for those who wish to join the waiting list. Based on the size of the app (52MB) and the unzipped files uncovered after downloading it, it seems like the full Clinkle app is out there, rather than a placeholder app built for wait list registrants. Right now, the app has a waiting list wall, which VIP members can bypass once an administrator grants permission. This likely allows Clinkle to demo the app to investors and partners without having to go through some cumbersome download process. During the process of fundraising, Im sure that little trick came in handy. Not so much today, though. The hack produced some interesting data about the team that works on Clinkle. Founder Lucas Duplan is listed as the first user (User ID: 1), with a picture that very much resembles him holding cash money. The CFO, Barry McCarthy, is also listed with a legitimate profile photo, as is the Head Of Comms, who confirmed the validity of the images and the data. The photos from Clinkles Team page, where 22 unidentified Clinkle employees are pictured alongside goofy pseudonyms, also seem to resemble people in the leaked profile photos. Finally, we can put faces to names. So what are the implications? Well, Clinkle hasnt actually launched yet, so its very possible that the team hasnt been focusing on security. However, security and trust should be top priorities for a payments company. Especially for a company so young. Clinkle was founded by a group of more than a dozen Stanford students in 2011, and has stayed under the radar while key employees finish their degrees. The company was partially funded by Stanford professors before raising $25 million in a party round. Over 18 investors participated. The WSJ, followed by every other news outlet, proclaimed this the biggest Stanford startup exodus in history. Clinkle was all the rage. Seriously, Silicon Valley wouldnt shut up about it. In fall, however, two rounds of layoffs left many wondering if the Stanford-fueled payments startup was really the Messiah of trade. The company slashed around 30 employees, and then another 16. Around the same time, screenshots and videos of the app in action were leaked, letting Clinkles cat out of the bag. Rumors circulated that the company was going through leadership issues. That those promised equity werent getting it. That folks were overworked and underpaid. That there was no transparency about the product timeline, or the product itself. That 22-year-old Lucas Duplan was taking home a six-figure salary and mistreating employees. Today, the same questions as before creep back into our consciousness. What have they been doing with all that money this whole time? Posting profile photos that confirm our worst fears? Whether the breach was a result of intentional openness or unintentional laziness on the part of Clinkle is unclear, but the photo doesnt lie. http://techcrunch.com/2014/01/30/clinkle-gets-hacked-before-it-even-launches
  6. Updated: 09:20, Thursday January 30, 2014 A journalist has told Britain's phone hacking trial that Rupert Murdoch's News of the World tabloid routinely eavesdropped on celebrities' voicemail messages and editor Andy Coulson 'knew exactly what was going on'. Reporter Dan Evans, who has pleaded guilty to conspiracy to hack phones, said 'even the office cat' knew the illegal practice was widely used at the now defunct paper. Coulson, a former media chief to Prime Minister David Cameron, stared out from the dock as Evans told the jury at London's Old Bailey court: 'The truth is that Andy Coulson knew exactly what was going on on his watch.' Coulson looked up and exchanged stares with Evans, who was giving evidence for a third day as a prosecution witness. Murdoch closed the News of the World in 2011 over a storm of revelations that its staff had illegally accessed the voicemail messages of a murdered schoolgirl, as well as hundreds of celebrities. Coulson, 46, and his predecessor as editor Rebekah Brooks are on trial alongside several other former employees of Murdoch's British newspaper wing. They all deny charges linked to phone-hacking. Evans told the court on Monday that he was recruited to the News of the World in 2004 from the rival Sunday Mirror because of his hacking skills - and Coulson knew this when he hired him. The reporter described to the court how he had discovered that James Bond star Daniel Craig was having an affair with the actress Sienna Miller by hacking Craig's phone. Coulson had described the tape of the conversation as 'brilliant', Evans claimed on Tuesday. But interrogated over this claim by Coulson's lawyer on Wednesday, Evans admitted he may have been 'paraphrasing' when he said Coulson had said the tape was 'brilliant'. Coulson edited the News of the World from 2003 until 2007, when he became Cameron's communications chief. He was forced to quit in 2011 over claims that he knew more about hacking at the News of the World than he had previously admitted. http://www.skynews.com.au/world/article.aspx?id=946072
  7. 20 January 2014 Last updated at 10:46 GMT The bosses of the three credit card companies that lost data made a public apology Credit card details from almost half of all South Koreans have been stolen and sold to marketing firms. The data was stolen by a computer contractor working for a company called the Korea Credit Bureau that produces credit scores. The names, social security numbers and credit card details of 20 million South Koreans were copied by the IT worker. The scale of the theft became apparent after the contractor at the centre of the breach was arrested. Unprotected data Managers at the marketing firms which allegedly bought the data were also arrested. Early reports suggest that the contractor got hold of the giant trove of data thanks to the access Korea Credit Bureau enjoys to databases run by three big South Korean credit card firms. The contractor stole the data by copying it to a USB stick. Regulators are now looking into security measures at the three firms - KB Kookmin Card, Lotte Card, and NH Nonghyup Card - to ensure data stays safe. A task force has been set up to investigate the impact of the theft. The three bosses of the credit card firms involved made a public apology for the breach. In a statement the Financial Services Commission, Korea's national financial regulator, said: "The credit card firms will cover any financial losses caused to their customers due to the latest accident." Another official at the FSC said the data was easy to steal because it was unencrypted and the credit card firms did not know it had been copied until investigators told them about the theft. This theft of consumer data is just the latest to hit South Korea. In 2012, two hackers were arrested for getting hold of the details of 8.7 million subscribers to KT Mobile. Also, in 2011, details of more than 35 million accounts of South Korean social network Cyworld were exposed in an attack. http://www.bbc.co.uk/news/technology-25808189
  8. Published: 21 Jan 2014 12:38 GMT+01:00 Updated: 21 Jan 2014 12:38 GMT+01:00 Millions of Germans have had their passwords and usernames for websites stolen, the country’s Federal Office for Online Security (BSI) revealed on Tuesday. The BSI said 16 million accounts containing passwords and email addresses had been compromised, according to information passed to it by law enforcement agencies and research institutions. Authorities have set up a website where internet users can check if they have been affected, but the site crashed soon after it went up on Tuesday. If the site does match the users email address as one of the 16 million stolen, then the BSI said the users computer was likely infected with malicious software. Half of the accounts ended in .de meaning they were German-based, Tim Griese from the Frankfurt-based office said. http://www.thelocal.de/20140121/agency-warns-of-16-million-email-accounts-hacked-bsi-germany
  9. By Kevin Poulsen 01.21.14 6:30AM Mathematician Chris McKinlay hacked OKCupid to find the girl of his dreams. Photo:Emily Shur Chris McKinlay was folded into a cramped fifth-floor cubicle in UCLA’s math sciences building, lit by a single bulb and the glow from his monitor. It was 3 in the morn­ing, the optimal time to squeeze cycles out of the supercomputer in Colorado that he was using for his PhD dissertation. (The subject: large-scale data processing and parallel numerical methods.) While the computer chugged, he clicked open a second window to check his OkCupid inbox. McKinlay, a lanky 35-year-old with tousled hair, was one of about 40 million Americans looking for romance through websites like Match.com, J-Date, and e-Harmony, and he’d been searching in vain since his last breakup nine months earlier. He’d sent dozens of cutesy introductory messages to women touted as potential matches by OkCupid’s algorithms. Most were ignored; he’d gone on a total of six first dates. On that early morning in June 2012, his compiler crunching out machine code in one window, his forlorn dating profile sitting idle in the other, it dawned on him that he was doing it wrong. He’d been approaching online matchmaking like any other user. Instead, he realized, he should be dating like a mathematician. OkCupid was founded by Harvard math majors in 2004, and it first caught daters’ attention because of its computational approach to matchmaking. Members answer droves of multiple-choice survey questions on everything from politics, religion, and family to love, sex, and smartphones. On average, respondents select 350 questions from a pool of thousands—“Which of the following is most likely to draw you to a movie?” or “How important is religion/God in your life?” For each, the user records an answer, specifies which responses they’d find acceptable in a mate, and rates how important the question is to them on a five-point scale from “irrelevant” to “mandatory.” OkCupid’s matching engine uses that data to calculate a couple’s compatibility. The closer to 100 percent—mathematical soul mate—the better. But mathematically, McKinlay’s compatibility with women in Los Angeles was abysmal. OkCupid’s algorithms use only the questions that both potential matches decide to answer, and the match questions McKinlay had chosen—more or less at random—had proven unpopular. When he scrolled through his matches, fewer than 100 women would appear above the 90 percent compatibility mark. And that was in a city containing some 2 million women (approximately 80,000 of them on OkCupid). On a site where compatibility equals visibility, he was practically a ghost. He realized he’d have to boost that number. If, through statistical sampling, McKinlay could ascertain which questions mattered to the kind of women he liked, he could construct a new profile that honestly answered those questions and ignored the rest. He could match every woman in LA who might be right for him, and none that weren’t. Chris McKinlay used Python scripts to riffle through hundreds of OkCupid survey questions. He then sorted female daters into seven clusters, like “Diverse” and “Mindful,” each with distinct characteristics. Photo: Maurico Alejo Even for a mathematician, McKinlay is unusual. Raised in a Boston suburb, he graduated from Middlebury College in 2001 with a degree in Chinese. In August of that year he took a part-time job in New York translating Chinese into English for a company on the 91st floor of the north tower of the World Trade Center. The towers fell five weeks later. (McKinlay wasn’t due at the office until 2 o’clock that day. He was asleep when the first plane hit the north tower at 8:46 am.) “After that I asked myself what I really wanted to be doing,” he says. A friend at Columbia recruited him into an offshoot of MIT’s famed professional blackjack team, and he spent the next few years bouncing between New York and Las Vegas, counting cards and earning up to $60,000 a year. The experience kindled his interest in applied math, ultimately inspiring him to earn a master’s and then a PhD in the field. “They were capable of using mathema­tics in lots of different situations,” he says. “They could see some new game—like Three Card Pai Gow Poker—then go home, write some code, and come up with a strategy to beat it.” Now he’d do the same for love. First he’d need data. While his dissertation work continued to run on the side, he set up 12 fake OkCupid accounts and wrote a Python script to manage them. The script would search his target demographic (heterosexual and bisexual women between the ages of 25 and 45), visit their pages, and scrape their profiles for every scrap of available information: ethnicity, height, smoker or nonsmoker, astrological sign—“all that crap,” he says. To find the survey answers, he had to do a bit of extra sleuthing. OkCupid lets users see the responses of others, but only to questions they’ve answered themselves. McKinlay set up his bots to simply answer each question randomly—he wasn’t using the dummy profiles to attract any of the women, so the answers didn’t mat­ter—then scooped the women’s answers into a database. McKinlay watched with satisfaction as his bots purred along. Then, after about a thousand profiles were collected, he hit his first roadblock. OkCupid has a system in place to prevent exactly this kind of data harvesting: It can spot rapid-fire use easily. One by one, his bots started getting banned. He would have to train them to act human. He turned to his friend Sam Torrisi, a neuroscientist who’d recently taught McKinlay music theory in exchange for advanced math lessons. Torrisi was also on OkCupid, and he agreed to install spyware on his computer to monitor his use of the site. With the data in hand, McKinlay programmed his bots to simulate Torrisi’s click-rates and typing speed. He brought in a second computer from home and plugged it into the math department’s broadband line so it could run uninterrupted 24 hours a day. After three weeks he’d harvested 6 million questions and answers from 20,000 women all over the country. McKinlay’s dissertation was relegated to a side project as he dove into the data. He was already sleeping in his cubicle most nights. Now he gave up his apartment entirely and moved into the dingy beige cell, laying a thin mattress across his desk when it was time to sleep. For McKinlay’s plan to work, he’d have to find a pattern in the survey data—a way to roughly group the women according to their similarities. The breakthrough came when he coded up a modified Bell Labs algorithm called K-Modes. First used in 1998 to analyze diseased soybean crops, it takes categorical data and clumps it like the colored wax swimming in a Lava Lamp. With some fine-tuning he could adjust the viscosity of the results, thinning it into a slick or coagulating it into a single, solid glob. He played with the dial and found a natural resting point where the 20,000 women clumped into seven statistically distinct clusters based on their questions and answers. “I was ecstatic,” he says. “That was the high point of June.” He retasked his bots to gather another sample: 5,000 women in Los Angeles and San Francisco who’d logged on to OkCupid in the past month. Another pass through K-Modes confirmed that they clustered in a similar way. His statistical sampling had worked. Now he just had to decide which cluster best suited him. He checked out some profiles from each. One cluster was too young, two were too old, another was too Christian. But he lingered over a cluster dominated by women in their mid-twenties who looked like indie types, musicians and artists. This was the golden cluster. The haystack in which he’d find his needle. Somewhere within, he’d find true love. Actually, a neighboring cluster looked pretty cool too—slightly older women who held professional creative jobs, like editors and designers. He decided to go for both. He’d set up two profiles and optimize one for the A group and one for the B group. He text-mined the two clusters to learn what interested them; teaching turned out to be a popular topic, so he wrote a bio that emphasized his work as a math professor. The important part, though, would be the survey. He picked out the 500 questions that were most popular with both clusters. He’d already decided he would fill out his answers honestly—he didn’t want to build his future relationship on a foundation of computer-generated lies. But he’d let his computer figure out how much importance to assign each question, using a machine-learning algorithm called adaptive boosting to derive the best weightings. With that, he created two profiles, one with a photo of him rock climbing and the other of him playing guitar at a music gig. “Regardless of future plans, what’s more interesting to you right now? Sex or love?” went one question. Answer: Love, obviously. But for the younger A cluster, he followed his computer’s direction and rated the question “very important.” For the B cluster, it was “mandatory.” When the last question was answered and ranked, he ran a search on OkCupid for women in Los Angeles sorted by match percentage. At the top: a page of women matched at 99 percent. He scrolled down … and down … and down. Ten thousand women scrolled by, from all over Los Angeles, and he was still in the 90s. He needed one more step to get noticed. OkCupid members are notified when some­one views their pages, so he wrote a new program to visit the pages of his top-rated matches, cycling by age: a thousand 41-year-old women on Monday, another thousand 40-year-old women on Tuesday, looping back through when he reached 27-year-olds two weeks later. Women reciprocated by visiting his profiles, some 400 a day. And messages began to roll in. “I haven’t until now come across anyone with such winning numbers, AND I find your profile intriguing,” one woman wrote. “Also, something about a rugged man who’s really good with numbers … Thought I’d say hi.” “Hey there—your profile really struck me and I wanted to say hi,” another wrote. “I think we have quite a lot in common, maybe not the math but certainly a lot of other good stuff!” “Can you really translate Chinese?” yet another asked. “I took a class briefly but it didn’t go well.” The math portion of McKinlay’s search was done. Only one thing remained. He’d have to leave his cubicle and take his research into the field. He’d have to go on dates. On June 30, McKinlay showered at the UCLA gym and drove his beat-up Nissan across town for his first data-mined date. Sheila was a web designer from the A cluster of young artist types. They met for lunch at a cafe in Echo Park. “It was scary,” McKinlay says. “Up until this point it had almost been an academic exercise.” By the end of his date with Sheila, it was clear to both that the attraction wasn’t there. He went on his second date the next day—an attractive blog editor from the B cluster. He’d planned a romantic walk around Echo Park Lake but found it was being dredged. She’d been reading Proust and feeling down about her life. “It was kind of depressing,” he says. Date three was also from the B group. He met Alison at a bar in Koreatown. She was a screenwriting student with a tattoo of a Fibonacci spiral on her shoulder. McKinlay got drunk on Korean beer and woke up in his cubicle the next day with a painful hangover. He sent Alison a follow- up message on OkCupid, but she didn’t write back. The rejection stung, but he was still getting 20 messages a day. Dating with his computer-endowed profiles was a completely different game. He could ignore messages consisting of bad one-liners. He responded to the ones that showed a sense of humor or displayed something interesting in their bios. Back when he was the pursuer, he’d swapped three to five messages to get a single date. Now he’d send just one reply. “You seem really cool. Want to meet?” By date 20, he noticed latent variables emerging. In the younger cluster, the women invariably had two or more tattoos and lived on the east side of Los Angeles. In the other, a disproportionate number owned midsize dogs that they adored. His earliest dates were carefully planned. But as he worked feverishly through his queue, he resorted to casual afternoon meetups over lunch or coffee, often stacking two dates in a day. He developed a set of personal rules to get through his mara­thon love search. No more drinking, for one. End the date when it’s over, don’t let it trail off. And no concerts or movies. “Nothing where your attention is directed at a third object instead of each other,” he says. “It’s inefficient.” Love is a Data Field McKinlay’s code found that the women clustered into statistically identifiable groups who tended to answer their OkCupid survey questions in similar ways. One group, which he dubbed the Greens, were online dating newbies; another, the Samanthas, tended to be older and more adventuresome. Here’s how each cluster answered four of the most popular questions. The Questions See Colour Schematic on Page 2 (1) About how long do you want your next relationship to last? One night A few months to a year Several years The rest of my life (2) Say you’ve started seeing someone you really like. As far as you’re concerned, how long will it take before you have sex? 1-2 dates 3-5 dates 6 or more dates Only after the wedding (3) Have you ever had a sexual encounter with someone of the same sex? Yes, and I enjoyed myself Yes, and I did not enjoy myself No, and I would never No, but I’d like to (4) How important is religion/God in your life? Extremely important Somewhat important Not very important Not important at all After a month of dating equally from both of his profiles, he decided he was spending too much time on the freeway reaching east-side women from the tattoo cluster. He deleted his A-group profile. His efficiency improved, but the results were the same. As summer drew to a close, he’d been on more than 55 dates, each one dutifully logged in a lab notebook. Only three had led to second dates; only one had led to a third. Most unsuccessful daters confront self-esteem issues. For McKinlay it was worse. He had to question his calculations. Then came the message from Christine Tien Wang, a 28-year-old artist and prison abolition activist. McKinlay had popped up in her search for 6-foot guys with blue eyes near UCLA, where she was pursuing her master’s in fine arts. They were a 91 percent match. He met her at the sculpture garden on campus. From there they walked to a college sushi joint. He felt it immediately. They talked about books, art, music. When she confessed that she’d made some tweaks to her profile before messaging him, he responded by telling her all about his love hacking. The whole story. “I thought it was dark and cynical,” she says. “I liked it.” It was first date number 88. A second date followed, then a third. After two weeks they both suspended their OkCupid accounts. “I think that what I did is just a slightly more algorithmic, large-scale, and machine-learning-based version of what everyone does on the site,” McKinlay says. Everyone tries to create an optimal profile—he just had the data to engineer one. It’s one year after their first date, and McKinlay and Tien Wang have met me at the Westwood sushi bar where their relationship began. McKinlay has his PhD; he’s teaching math and is now working on a postgraduate degree in music. Tien Wang was accepted into a one-year art fellowship in Qatar. She’s in California to visit McKinlay. They’ve been staying connected on Skype, and she has returned for a couple of visits. At my request, McKinlay has brought his lab notebook. Tien Wang hasn’t seen it before today. It’s page after page of formulas and equations in McKinlay’s tight handwriting, ending in a neatly ordered list of women and dates, a few terse notes about each. Tien Wang leafs through it, laughing at some of the highlights. On August 24, she notices, he took two women to the same beach on the same day. “That’s horrible,” she says. To Tien Wang, McKinlay’s OkCupid hacking is a funny story to tell. But all the math and coding is merely prologue to their story together. The real hacking in a relationship comes after you meet. “People are much more complicated than their profiles,” she says. “So the way we met was kind of superficial, but everything that happened after is not superficial at all. It’s been cultivated through a lot of work.” “It’s not like, we matched and therefore we have a great relationship,” McKinlay agrees. “It was just a mechanism to put us in the same room. I was able to use OkCupid to find someone.” She bristles at that. “You didn’t find me. I found you,” she says, touching his elbow. McKinlay pauses to think, then admits she’s right. A week later Tien Wang is back in Qatar, and the couple is on one of their daily Skype calls when McKinlay pulls out a diamond ring and holds it up to the webcam. She says yes. They’re not entirely sure when they’ll get married. There’s research to be done to determine the optimal wedding day. http://www.wired.com/wiredscience/2014/01/how-to-hack-okcupid/all
  10. by Megan Geuss - Jan 26 2014, 11:00am AUSEST US Secret Service is looking into a potential credit card grab at the chain. On Saturday, security journalist Brian Krebs reported on what looks to be yet another security breach at a big-name national retailer. This time, the craft store Michaels is in the crosshairs. It seems that after being used at Michaels-owned locations, fraudulent purchases were made on at least “hundreds” of customer cards. While Michaels has not yet confirmed a data breach, it published a press release (PDF) on Saturday saying “The Company is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts. Although the investigation is ongoing, based on the information the Company has received and in light of the widely-reported criminal efforts to penetrate the data systems of U.S. retailers, Michaels believes it is appropriate to let its customers know a potential issue may have occurred.” The US Secret Service has confirmed that it is investigating the matter. The news of a potential hack follows similar reports starting late November that Target suffered a data breach that lost the credit card numbers of over 40 million customers and the personal information of over 70 million customers. Earlier this month, luxury retailer Nieman Marcus also admitted that malware on its systems had exposed 1.1 million payment cards to hackers. Brian Krebs broke news pertaining to both of those hacks, and his sources within the payment processing industry have been reliable. One of Krebs' anonymous sources expanded on the news of the probable Michaels hack to compare it to the previous retail break-ins: “What’s interesting is there’s another [arts and framing] store called Aaron Brothers, and within past week or two there was a lot of activity talking about Aaron Brothers. One of the things I learned the other day is that Aaron Brothers is wholly owned by Michael’s. It really does look like kind of the way we saw the Target breach spin up, because the fraud here isn’t limited to one store or one area, it’s been all over the place.” If confirmed, this could be the second high-profile attack in recent years for Michaels. Reuters reports that in 2011, “hackers replaced some 84 PIN pads on payment-card terminals at a small number of its stores, resulting in the theft of about 94,000 payment card numbers.” http://arstechnica.com/security/2014/01/craft-store-michaels-may-be-latest-mega-retailer-to-get-hacked
  11. By Ben Zigterman on Jan 24, 2014 at 6:15 PM Phil Schiller recently tweeted a link to a report that said 99% of all mobile malware is directed at Android. Usually the malware comes through the web in the form of phishing or other tactics but it usually doesnt come from PCs. However, thats not the case with a particular piece of malware uncovered by Symantec that installs malware onto Android devices when they are connected to Windows PCs. The malware, called Trojan.Droidpak, installs a fake version of the Google Play store when the Android device is connected to PCs in USB debugging mode. That mode is usually only used by developers, but is also sometimes necessary for rooting Android devices or installing alternative Android firmware. This malware appears to be directed at online bankers in Korea, Symantec has found. The malicious APK [Android application package] actually looks for certain Korean online banking applications on the compromised device and, if found, prompts users to delete them and install malicious versions, wrote Flora Liu, a researcher at Symantec. That being said, the method could be replicated by other malware. To avoid this threat, Symantec recommends turning off the USB debugging mode and avoiding connecting your Android device to computers you dont trust. http://bgr.com/2014/01/24/android-malware-threat-windows
  12. By Dan Goodin - Jan 25 2014, 10:15am AUSEST Crackers-for-hire in Romania, India, and China also charged in global operation. An international law-enforcement crackdown on paid password cracking services has resulted in at least 11 arrests, including the operators of an alleged cracker-for-hire site in the US that prosecutors said compromised almost 6,000 e-mail accounts. Mark Anthony Townsend, 45, of Cedarville, Arkansas, and Joshua Alan Tabor, 29, of Prairie Grove, Arkansas, ran a site called needapassword.com, according to court documents filed this week in federal court in Los Angeles. The site accepted user requests to hack into specific e-mail accounts hosted by Google, Yahoo, and other providers, prosecutors alleged. According to charging documents, the operators would break into the accounts, access their contents and send screenshots to the users proving the accounts had been compromised. The men would then send passwords in exchange for a fee paid to their PayPal account, prosecutors said. "Through www.needapassword.com, defendant and others known and unknown to the United States Attorney obtained unauthorized access to over 5,900 e-mail accounts submitted by customers," a criminal information filed against Townsend stated. During the time of Tabor's involvement, needapassword.com broke into at least 250 accounts, a separate charging document claimed. Federal prosecutors also charged three people in the US for paying for cracking services. One of them, John Ross Jesensky, 30, of Northridge, California, allegedly paid almost $22,000 to a Chinese website to illegally obtain account passwords, prosecutors said. The charges are part of an international investigation into e-mail account takeovers. The investigation has also resulted in arrests in Romania, India, and China. Romanian authorities conducted searches on three residences associated with people running the websites zhackgroup.com, spyhackgroup.com, rajahackers.com, clickhack.com, ghostgroup.org, and emailhackers.com. Four people were arrested. It has been widely reported that a Romanian man was arrested this week under suspicion that he hacked into the online accounts of various public figures and politicians, including the family of former Presidents George H.W. Bush and George W. Bush, as well as former US Secretary of State Colin Powell. Romanian officials have yet to identify the defendants by name. Ars covered last February's hack of the Bush family here. The arrests also came the same week feds arrested the founder of the now-defunct isanyoneup.com on charges that he paid a man to break into the e-mail accounts of hundreds of victims and steal sexually explicit images that later showed up on the notorious "revenge-porn" site. Prosecutors haven't said exactly how so many accounts were compromised, except to say the defendants connected to isanyoneup.com relied on social-engineering techniques that allowed the crackers to impersonate victims or victims' friends. http://arstechnica.com/security/2014/01/investigation-of-password-crackers-turns-up-site-feds-say-hacked-6000-accounts
  13. Let me start this out by saying I didnt hack something in the black hat Hackers way, but by finding a market inefficiency and leveraging it to my advantage. It must be the day trader in me. No harm was done to any computers or systems in the making of this post. TL;DR: I booked a flight through Kayak using a VPN and saved ~$100. Long version: I was looking for flights to New Orleans when I realized that the flight price I checked yesterday was ~$100 cheaper. I started to think why the price went up so much in one day and tried checking the flight again using only Google Incognito but there was no price budge. Maybe my VPN had something to do with it? The night before I was using a VPN (I use BTGuard btw) and Kayak thought I was from Toronto, Canada. I guess if you are not from the departure city then flights are cheaper? So what did I do? So I had originally went to Kayak today and checked flights from Miami to New Orleans (Mardi Gras, w00t!). This was done without a VPN but using Googles Incognito feature. Take a look at how much the flights were: Flights to New Orleans from Miami (Non-VPN) Also, check out where my IP was saying that I was from: This is my real IP, no VPN I thought this was strange since the night before I had checked flights and they were ~$100 cheaper. I realized I was logged into my VPN and thought it might have to do with that (BTW, I use the VPN to mask my internet traffic sorry NSA). So what did I do? Tried checking again while being logged into my VPN! This is me being logged into my VPN: VPN FTW! And here is where my IP is saying that I am from: Canada, eh? So I tried Kayak again, while being shown as being from Canada and this is what I got: Check out the Canadian flag at the top right That is about a ~$70+ price difference (I dont think that included taxes)! Also, when I had checked earlier, that $345 flight wasnt there so it was a +$100 difference. When I went to book my flight my checkout total was in EUROS! The thing is, it wasnt 380 euros, but 207 euros! That converts to about $280 USD. Euros wuddup Moral of the story? Try booking your flights through a VPN, maybe youll save a few bucks.. even if you pay in euros. PS: I checked my online bank statement and I paid $281.60 total! PSS: The flight is now over $400 on a non-VPN via Kayak + Google Incognito. http://www.josecasanova.com/blog/how-i-hacked-kayak-and-booked-a-cheaper-flight I have exactly same those VPN coloured two banks in the backyard :)
  14. By Jett Goldsmith 30 minutes ago The SEA is still going strong and Twitter accounts are still being compromised in droves, as today marks the fourth attack this month against popular Twitter accounts by the Syrian Electronic Army. As of around 6:00 PM eastern time today, CNN's blog was unauthorizedly accessed by the group of 'hacktivists', who are aligned with Syria's Assad regime. The tweets were quickly deleted, but not before they could be seen and screen shots taken. The hackers left a series of semi-cryptic messages on CNN's account, noting their displeasure with the news agency's reporting and the American government's reaction towards the conflict. Thus far they have not released any statement on their Twitter account, but it was noted by Matthew Keys, former social media editor for Reuters, that they apparently gaining access via a phishing attack on a Hootsuite account connected to the organization. This unauthorized entry marks the fourth attack this month on social media sites associated with popular companies. On January 1st, the SEA defaced the Twitter, blog and Facebook of popular internet calling service Skype, telling them to "stop spying on people". Slightly over a week later, they hacked the Xbox Support and MSFTNews Twitter accounts belonging to Microsoft - and a week after that, they compromised the official Microsoft Office blog. Whatever their motivations, today's attack on the CNN account speaks to questionable security on the part of both Twitter and Twitter users, something that should be considered going forward as the hacktivist group doesn't seem to show any sign of slowing down. http://www.neowin.net/news/cnns-twitter-account-hacked-by-sea
  15. By Eduard Kovacs February 4th, 2014, 16:19 GMT · On Monday, RedHack hacktivists claimed to have breached the systems of three major telecoms companies, namely TTNET, Turkcell, and Vodafone. Now, they’ve leaked the details of around 5,000 Vodafone customers. The leaked data includes names, dates of birth, phone numbers, and voicemail delivery details. The information has been posted on the website JustPaste.It. “Vodafone has shown great interest in controlling the global internet and lobbies USA and EU to give them the biggest piece from the cake,” the hackers wrote on Twitter just before leaking the information stolen from Vodafone. “But yet again they are unable you protect their own systems.” The hacktivists say they’ve redacted the phone numbers and deleted last names “to protect the public.” They’ve leaked the data to show that the telecoms giant is logging voicemails in Turkey. “Why would Vodafone keep log of voicecalls made in Turkey?” they noted. RedHack representatives have told Softpedia that they have half a million voicemail log records. They claim the logs are only for Istanbul and only for a period of two days. RedHack members say the goal of these attacks is to prove that no system is 100% secure. They’ve also warned that anyone who “commits injustices” is their next target. A few hours ago, RedHack leaked the details of over 600 Turkish officials and other individuals working for various government agencies. The hackers have told Softpedia that they will “hopefully” manage to leak the data stolen from Turkcell, which is their last target in this operation, tomorrow. The hacktivists have already leaked data from Turkcell. More precisely, they've leaked the phone numbers of thousands of Turkcell employees. The telecoms company came under fire after changing the phone numbers of deputies and ministries leaked by RedHack in protest against a controversial Internet bill. http://news.softpedia.com/news/RedHack-Leaks-Details-of-5-000-Vodafone-Customers-423862.shtml
  16. By Steven Musil February 4, 2014 10:30 PM PST Unit of the U.K.'s communications intelligence agency used the cyberattack method against hacktivist groups, according to documents supplied to NBC news by Edward Snowden. A British spy unit turned a cyber attack method favored by Anonymous against it and other hacktivist groups, according to an NBC report based on documents removed from the NSA by Edward Snowden. A division of the Government Communications Headquarters (GCHQ), the U.K.'s communications intelligence agency, used distributed-denial-of-service attacks to disrupt communications among members of Anonymous, according to the documents. DDoS is the same cyberattack technique used by the hacktivist group to mount online attacks targeting financial institutions, trade groups, and government entities after PayPal and banks refused to process payments for WikiLeaks. Dubbed Rolling Thunder by the GCHQ unit, known as the Joint Threat Research Intelligence Group, or JTRIG, the attack succeeded in reducing the number of users in Anonymous cat rooms by 80 percent, according to the documents. The NBC report, which was co-authored by Glenn Greenwald, the journalist who published the first NSA stories based on documents obtained by Snowden, indicates that this is the first time the existence of the JTRIG has been revealed. The unit's infiltration of IRC chat rooms helped identify hackers who had stolen confidential information from Web sites and sent one person to prison for the theft of data from PayPal, according to the documents. The attack on PayPal was part of "Operation Payback," an anti-copyright campaign that began after the 2010 shutdown of The Pirate Bay, a Swedish torrent-tracking site. In retaliation, the group allegedly launched DDoS attacks against the Motion Picture Association of America, the Recording Industry Association of America, and the U.S. Copyright Office. The campaign was later extended to Bank of America and credit card companies such as Visa and MasterCard for their refusal to process WikiLeaks payments. According to the documents, among the techniques employed by TRIG in response were attacks on computer networks, disruption, "Active Covert Internet Operations," and "Covert Technical Operations." The documents, from a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, detail how agents engaged hactivists by posing as fellow hackers, resulting in one instance in the conviction of a British hacker named Edward Pearson for the theft of 8 million identities from PayPal accounts. The documents list Anonymous, LulzSec, and the Syrian Cyber Army as hactivist groups that use DDoS attacks against government agencies and corporations. GCHQ did not immediately respond to a CNET request for comment but told NBC News that the agency operated within the boundaries of British law. "All of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensure that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee," the agency's statement said. "All of our operational processes rigorously support this position." http://news.cnet.com/8301-13578_3-57618376-38/british-spy-unit-reportedly-hit-anonymous-with-ddos-attacks
  17. 15 February 2014 Last updated at 19:22 German Chancellor Angela Merkel is proposing building up a European communications network to help improve data protection. It would avoid emails and other data automatically passing through the United States. In her weekly podcast, she said she would raise the issue on Wednesday with French President Francois Hollande. Revelations of mass surveillance by the US National Security Agency (NSA) have prompted huge concern in Europe. Disclosures by the US whistleblower Edward Snowden suggested even the mobile phones of US allies, such as Mrs Merkel, had been monitored by American spies. Classified NSA documents revealed that large amounts of personal data are collected from the internet by US and British surveillance. Mrs Merkel criticised the fact that Facebook and Google can be based in countries with low levels of data protection while carrying out business in nations that offer more rigorous safeguards. "Above all, we'll talk about European providers that offer security for our citizens, so that one shouldn't have to send emails and other information across the Atlantic," she said. "Rather, one could build up a communication network inside Europe." Sensitive There was no doubt that Europe had to do more in the realm of data protection, she said. A French official was quoted by Reuters news agency as saying that the government in Paris planned to take up the German initiative. Personal privacy is a sensitive issue in Germany where extensive surveillance was carried out under the Nazis and in communist East Germany. A foreign policy spokesman for Mrs Merkel's Christian Democrats, Philipp Missfelder, recently said revelations about US spying had helped bring relations with Washington down to their worst level since the US-led invasion of Iraq in 2003. Germany has been trying to persuade Washington to agree to a "no-spy" agreement but without success. http://www.bbc.co.uk/news/world-europe-26210053
  18. By Dan Bloom 10:12 GMT, 14 February 2014 Clubcards hacked after Tesco details leak: More than 2,200 accounts dumped on text sharing website Details of 2,240 accounts appeared on popular text-sharing website Hackers are thought to have taken leaked details from other sites' breaches Same passwords would have been run through Tesco with some matches Security experts: People should use a different password on every account Tesco has shut down more than 2,000 user accounts for its online shopping site after a cache of e-mail addresses, passwords and voucher balances were dumped online. Many thought the details on a popular text sharing site were a hoax until Twitter users said they had tested the combinations and they worked. It is thought the list was drawn from previous security breaches and comprised victims who used the same password for Tesco.com - which was not hacked directly - and other, compromised sites. A spokesman said the area of the site affected was for collecting and storing Clubcard points. The hackers would have then tested e-mail and password combinations with Tesco and made a list of positive matches, it is believed. The hack has reignited warnings by security experts for people to use a different password for every single online account which they use. http://www.dailymail.co.uk/news/article-2559256/Tesco-security-breach-hackers-leak-2-000-passwords-internet-shoppers-online.html Update: The Tesco Hack : Heres How It (Probably) Happened By Troy Hunt 14 Feb 2014 Full Story: http://www.troyhunt.com/2014/02/the-tesco-hack-heres-how-it-probably.html
  19. By Arik Hesseldahl February 14, 2014, 2:46 PM PST The Syrian Electronic Army has broken into the website of business magazine Forbes and claims to have made off with a million user account names and passwords, according statements and screen shots posted on the group’s Twitter feed. The group, which claims to to support the regime of Syrian President Bashar al-Assad, said on Twitter that it had downloaded a database containing the user names and passwords of more than a million Forbes.com users. It initially offered to sell the database, but now says it will publish it on the Web. The Forbes attack is the latest in a series of attacks by the SEA on the websites and Twitter accounts of Western media organizations that has included the BBC, CBS, The Financial Times, The New York Times and even The Onion. It typically breaks into these accounts and spreads pro-Assad propaganda messages and information that casts opposition groups in a negative light. Forbes acknowledged the attack through a spokeswoman but gave few details beyond saying that its publishing platform was where the attack took place. “Forbes.com’s publishing platform was compromised. We’ve been making adjustments to the site to protect online privacy and the editorial integrity of our content. We are looking into and monitoring the situation closely. We’re taking this matter very seriously,” the Forbes spokeswoman said in an emailed statement. Forbes has not yet confirmed the theft of user account information and the company did not immediately return calls seeking more details on the extent of the breach. A sign-in screen for user accounts was not working as of 5:30 PM New York time. A person familiar with the situation, but who asked not to be named, confirmed to Re/code that sign-ins for external users of Forbes’ WordPress blogging system has been disabled for all outside contributors for now. The site accepts contributed articles from numerous outside contributors in addition to stories written by staff writers. What’s different about this attack is that the SEA, based on what it shows in its screen shots, appears to have tried to edit stories on the Forbes.com Web site. It claimed that two Twitter accounts were also breached: @ForbesTech, and that of the magazine’s social media editor Alex Knapp, though there’s no Tweets in the relevant streams indicating that. It also said that it can “thank Alex Knapp” for the attack but didn’t elaborate. As you can see from the image shown on Twitter below, the group appears to have obtained administrative access to the Forbes.com WordPress account. It also produced a one-line story under the byline of Forbes editor Tom Post that reads “Hacked by the Syrian Electronic Army.” The URL where that appeared is now showing a 404, but it’s still findable via Google’s cache. I took a screen grab, which you can also see below. It’s been a busy February for the Syrian Electronic Army. Last week it tried but failed in its attempt to hijack Facebook’s domain name and redirect its traffic to another site. In the end it proved it could edit information about the Facebook domain in the database of registrar MarkMonitor, but not much else. The breach comes at a delicate moment for Forbes. The company is in the late stages of a sale process. Earlier this week Bloomberg News reported that parent company Forbes LLC was expecting final buyout offers from two Asian media companies, China-based Fosun International, Ltd. and Singapore’s Spice Global Investments. German publisher Axel Springer was also said to be in the mix. It’s said to be seeking about $400 million. Full disclosure: I worked for Forbes as a senior editor and columnist on the website from 2000-2005. http://recode.net/2014/02/14/syrian-electronic-army-attacks-forbes-web-site-steals-user-info
  20. Posted by: HNBulletin in Anonymous, Anonymous Headlines January 10, 2014 LinkedIn has filled one lawsuit in order to identify the unidentified hackers who created several thousand fake accounts with the aim of scraping the profile data. As per the court documents, those defendants operated automated bots on the virtual computers which were rented from Amazon in order to harvest the details on social networking site for the professionals. The lawyers for LinkedIn claimed that it cost $5000 to deal with those hackers-they filed one complaint with the Northern District of California Court after discovering the fake accounts. In the court submission, LinkedIn said that Since May 2013, some unknown entities or persons employing several automated software programs or bots have registered several thousand fake LinkedIn member accounts and therefore they have copied or extracted data from the profile pages of numerous members. This practice is popularly known as data scraping and it is explicitly barred by the user agreement of LinkedIn that prohibits the access to LinkedIn through spidering, scraping, crawling or by using any other data or technology to access the data without any express written consent of the LinkedIn members or LinkedIn. Although, till now the identity of the hackers is unknown, as the hackers had used the Amazon’s Elastic Compute Cloud it, but they are expecting that they would be able to identify those Doe Defendants by serving the third-party discovery on AWS. While this thing was not clear what these hackers would do with these data, LinkedIn mentioned that irreparable and ongoing harm had caused. As per the complaint of LinkedIn, having several thousands of false profiles decreases the integrity and the accuracy of information on this website, causing possibly the legitimate users to become misled or confused. LinkedIn said that the mission of this site is to connect the professionals of this world to make them more successful and productive. Therefore this company hosted the CVs of around 259 million members and a number of them are high-level executives. Recruiters of the 90 of the Fortune 100 companies utilize the website to look for the prospective candidates. Mike Small-the security analyst at Kuppinger Cole mentioned that the cloud services are quite cheap to build up, very powerful and quite easy to use. They mainly need one credit card to get the access. These features are quite attractive to the cyber criminals and hackers like as to the legitimate users. The cloud services mainly have some extensive control in the place in order to prevent the use for the illegal or the illegitimate purposes and the cloud service that deals normally, forbid this particularly. The cyber criminals would require searching the way to cloak the identity while utilizing the public cloud service in this way. This incident demonstrates all the difficulties faced in the world where both law and the law enforcement is organized geographically but the criminal activities that use the Internet cut across the boundaries. LinkedIn spokesman, Mr. Richard George uttered that they are a members-first organization and they feel that they have the responsibility to protect that control that their members have more than the information that they use on LinkedIn. But Amazon was not available for any comment. http://hackersnewsbulletin.com/2014/01/linkedin-files-lawsuit-unmask-anonymous-hackers.html
  21. By Megan Geuss Feb 10 2014, 7:25am AEST A Google search turned up public files that Olivier Laurelli is accused of publishing. In 2012, French blogger, activist, and businessman Olivier Laurelli sat down at his computer. It automatically connected to his VPN on boot (he owns a small security services company, called Toonux, which was providing a connection via a Panamanian IP address) and began surfing the Web. Laurelli, who goes by the alias Bluetouff in most circles (including on Ars Technica), is something of a presence among the French tech-savvy community. Besides managing Toonux, he also co-founded the French-language activist news site Reflets.info, which describes itself as a community project to connect journalists and computer networking specialists. As such, Laurelli initiated a Google search on other subjects, but what he stumbled on was perhaps more interesting: a link that led to 7.7 Gb of internal documents from the French National Agency for Food Safety, Environment, and Labor (the acronym is ANSES in French). Although the documents were openly indexed by Google, Laurelli would soon be in the French governments crosshairs for publishing them. He eventually faced criminal charges, though he was later acquitted of those. However, a separate government agency pursued a civil appeal. And last Tuesday, a French appeals court fined Laurelli 3,000 Euros (or a little over $4,000), meaning he likely made one of the more expensive Google searches to date. On that fateful night, Laurelli merely used the Linux Wget tool to download all of the contents of the Web directory that he found. He left the files on his drive for a few days and then transferred them to his desktop for more convenient reading (which the French government would later spin as the accused made backup copies of the documents he had stolen). A few days later, Laurelli searched through the documents he downloaded and sent some to a fellow Reflets writer, Yovan Menkevick. About two weeks later, a few interesting scientific slides pertaining to nano-substances from the cache were published on Laurelli's site. He later wrote about how he reacted when discovering the documentsthat is, how he faced what at the time was a non-dilemma: According to French language site PC Inpact, when ANSES discovered the slides in question on Reflets.info, the agency filed a report with the police, citing potential intrusion into a computer system and data theft from a computer. At that point, Frances Central Directorate of Interior Intelligence (or DCRI in French) joined the case to investigate how the files had been hacked." The DCRI discovered that the files had been downloaded via a Panamanian IP address, and when they discovered that the address was used by a VPN service operated by a Reflets editor, they went after Laurelli. The activist claims that the involvement of the VPN was the tipping point in convincing the investigators that he was guilty or that he at least did something nefarious: This VPN (in fact above all this Panamanian IP address) is probably one of the strongest elements which had driven the prosecution to pursue a criminal case, he wrote. Laurelli was held in custody for 30 hours before officials indicted him. Update: Bluetouff ended up admitting in testimony that when he found the documents, he had traveled back to the homepage that they stemmed from, where he found an authentication page, which indicated that the documents were likely supposed to be protected. That admission played a part in his later conviction in the appeals court. Shortly after this, an excerpt from court documents (provided on Laurelli's personal website) shows that ANSES internal investigation led to an embarrassing discovery: We [ANSES] have proceeded with internal technical investigations to attempt to identify the method used by the hackers to access and retrieve the documents. Following these analyses, we then found that it was sufficient to have the full URL to access to the resource on the extranet in order to bypass the authentication rules on this server. In other words, the method of hacking was inputting the URL correctly. Incredibly, although a lower criminal court ruled that Laurelli could not be penalized for accessing data that was not secure, the DCRI decided to appeal the decision. That's after ANSES, the organization from which the documents were stolen in the first place, decided not to pursue any civil action. Although the court documents are not yet available, French technology news site Numerama and the French-language version of Slate both quote a baffling scene from the first appeals-court hearing in December 2013, which Mediapart (paywalled link) attended. During those opening arguments, a presiding judge appeared unable to pronounce Google (saying gogleu instead) and demonstrated an ignorance of how logins occur. The prosecutor did not help this perception, saying at the hearing, "half the words I heard today, I did not even understand." The appeals court acquitted Laurelli of fraudulently accessing an information system but saw fit to convict Bluetouff of theft of documents and fraudulent retention of information. The court wrote: "It is well demonstrated that he was conscious of his irregular retention in automated data processing, accessed where he downloaded protected evidence; and that investigations have shown that these data had been downloaded before being... disseminated to others; that it is, in any event, established that Olivier Laurelli made copies of computer files inaccessible to the public for personal use without the knowledge and against the will of its owner" Although $4,000 may not be a huge amount, Le Point explains that the lack of technical knowledge by the courts is hugely troubling for the French publicespecially journalists. "This decision should unsettle all citizens, in particular journalists, who could themselves be convicted much more heavily when they publish documents with the same motive: that of informing." Laurelli, for his part, seems to be taking everything in stride. "It's enormous :) I am officially a cybercriminal" he tweeted Wednesday morning. http://arstechnica.com/tech-policy/2014/02/french-journalist-fined-4000-plus-for-publishing-public-documents
  22. By Jason Del Rey February 15, 2014, 1:50 PM PST Crowdfunding website Kickstarter said in an email to its members on Saturday afternoon that hackers had broken into its platform and accessed the personal information of its users. “On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers’ data,” CEO Yancey Strickler said in the message, which was also posted to the company blog. “Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.” The company said that credit card information was not accessed, and that there is “no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.” (Emphasis made by the company.) That said, a bunch of personal information was stolen, including usernames, email addresses, mailing addresses, phone numbers and encrypted passwords. “Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one,” the message said. As a result, the company is urging users to change their passwords on Kickstarter, as well as on any sites where the same password is used. It’s not clear who is responsible for the hack, how many user accounts have been affected, or why it waited several days to notify its users. Earlier on Saturday, the Syrian Electronic Army said it had published user data from Forbes after it broke into the publisher’s system. “We’re incredibly sorry that this happened,” the Kickstarter message says. “We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come.” I’ve reached out to Kickstarter for more information and will update this post when I hear back. Update 6:45 pm ET: Kickstarter has added a section of questions and answers to the bottom of its post. In it, the company attempts to explain why it waited several days to notify its users — a question that has popped up several times on Twitter since news of the hack broke. “We immediately closed the breach and notified everyone as soon we had thoroughly investigated the situation,” the company said. Kickstarter also reiterated that credit card data was not compromised. Still, the company explained that it never stores entire credit card numbers, and only stores the last four digits “for pledges to projects outside of the U.S.” A company spokesman has yet to respond to a couple of other queries from Re/code, including how long the hackers had access to the site. http://recode.net/2014/02/15/kickstarter-says-it-was-hacked
  23. BERLIN February 3, 2014 (AP) 36 mins ago (AP) A group of computer hackers and human rights campaigners in Germany say they are suing their government for allegedly breaking the law by aiding foreign spies. The Chaos Computer Club and the International League for Human Rights said they submitted a criminal complaint Monday claiming that Chancellor Angela Merkel and her government tolerated spying and effectively even helped members of the U.S. National Security Agency and Britain's GCHQ to spy on German citizens. The groups point to documents released by NSA leaker Edward Snowden as evidence. In a statement they say the criminal complaint is meant to spark a "long-overdue investigation by federal prosecutors" into alleged lawbreaking by German officials and foreign spies. Federal prosecutors have been considering for months whether to open an investigation of alleged NSA activities. http://abcnews.go.com/Technology/wireStory/hackers-sue-german-government-nsa-spying-22342715 Edit: Chaos Computer Club: http://www.ccc.de/en/
  24. By Kevin Poulsen 01.27.14 6:30 AM While investigating a hosting company known for sheltering child porn last year the FBI incidentally seized the entire e-mail database of a popular anonymous webmail service called TorMail. Now the FBI is tapping that vast trove of e-mail in unrelated investigations. The bureau’s data windfall, seized from a company called Freedom Hosting, surfaced in court papers last week when prosecutors indicted a Florida man for allegedly selling counterfeit credit cards online. The filings show the FBI built its case in part by executing a search warrant on a Gmail account used by the counterfeiters, where they found that orders for forged cards were being sent to a TorMail e-mail account: “[email protected]” Acting on that lead in September, the FBI obtained a search warrant for the TorMail account, and then accessed it from the bureau’s own copy of “data and information from the TorMail e-mail server, including the content of TorMail e-mail accounts,” according to the complaint (.pdf) sworn out by U.S. Postal Inspector Eric Malecki. The tactic suggests the FBI is adapting to the age of big-data with an NSA-style collect-everything approach, gathering information into a virtual lock box, and leaving it there until it can obtain specific authority to tap it later. There’s no indication that the FBI searched the trove for incriminating evidence before getting a warrant. But now that it has a copy of TorMail’s servers, the bureau can execute endless search warrants on a mail service that once boasted of being immune to spying. “We have no information to give you or to respond to any subpoenas or court orders,” read TorMail’s homepage. “Do not bother contacting us for information on, or to view the contents of a TorMail user inbox, you will be ignored.” In another e-mail case, the FBI last year won a court order compelling secure e-mail provider Lavabit to turn over the master encryption keys for its website, which would have given agents the technical ability to spy on all of Lavabit’s 400,000 users – though the government said it was interested only in one. (Rather than comply, Lavabit shut down and is appealing the surveillance order). TorMail was the webmail provider of choice for denizens of the so-called Darknet of anonymous and encrypted websites and services, making the FBI’s cache extraordinarily valuable. The affair also sheds a little more light on the already-strange story of the FBI’s broad attack on Freedom Hosting, once a key service provider for untraceable websites. Freedom Hosting specialized in providing turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are used by those seeking to evade surveillance or protect users’ privacy to an extraordinary degree – human rights groups and journalists as well as serious criminal elements. By some estimates, Freedom Hosting backstopped fully half of all hidden services at the time it was shut down last year — TorMail among them. But it had a reputation for tolerating child pornography on its servers. In July, the FBI moved on the company and had the alleged operator, Eric Eoin Marques, arrested at his home in Ireland. The U.S. is now seeking his extradition for allegedly facilitating child porn on a massive scale; hearings are set to begin in Dublin this week. According to the new document, the FBI obtained the data belonging to Freedom Hosting’s customers through a Mutual Legal Assistance request to France – where the company leased its servers – between July 22, 2013 and August 2 of last year. That’s two days before all the sites hosted by Freedom Hosting , including TorMail, began serving an error message with hidden code embedded in the page, on August 4. Security researchers dissected the code and found it exploited a security hole in Firefox to de-anonymize users with slightly outdated versions of Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. Though the FBI hasn’t commented (and declined to speak for this story), the malware’s behavior was consistent with the FBI’s spyware deployments, now known as a “Network Investigative Technique.” No mass deployment of the FBI’s malware had ever before been spotted in the wild. The attack through TorMail alarmed many in the Darknet, including the underground’s most notorious figure — Dread Pirate Roberts, the operator of the Silk Road drug forum, who took the unusual step of posting a warning on the Silk Road homepage. An analysis he wrote on the associated forum now seems prescient. “I know that MANY people, vendors included, used TorMail,” he wrote. “You must think back through your TorMail usage and assume everything you wrote there and didn’t encrypt can be read by law enforcement at this point and take action accordingly. I personally did not use the service for anything important, and hopefully neither did any of you.” Two months later the FBI arrested San Francisco man Ross William Ulbricht as the alleged Silk Road operator. The connection, if any, between the FBI obtaining Freedom Hosting’s data and apparently launching the malware campaign through TorMail and the other sites isn’t spelled out in the new document. The bureau could have had the cooperation of the French hosting company that Marques leased his servers from. Or it might have set up its own Tor hidden services using the private keys obtained from the seizure, which would allow it to adopt the same .onion addresses used by the original sites. The French company also hasn’t been identified. But France’s largest hosting company, OVH, announced on July 29, in the middle of the FBI’s then-secret Freedom Hosting seizure, that it would no longer allow Tor software on its servers. A spokesman for the company says he can’t comment on specific cases, and declined to say whether Freedom Hosting was a customer. “Wherever the data center is located, we conduct our activities in conformity with applicable laws, and as a hosting company, we obey search warrants or disclosure orders,” OVH spokesman Benjamin Bongoat told WIRED. “This is all we can say as we usually don’t make any comments on hot topics.” http://www.wired.com/threatlevel/2014/01/tormail
  25. By Allyn Fisher-Ilan and Jim Finkle JERUSALEM/BOSTON Sun Jan 26, 2014 3:23pm EST (Reuters) - Hackers broke into an Israeli defense ministry computer via an email attachment tainted with malicious software that looked like it had been sent by the country's Shin Bet secret security service, an Israeli cyber security firm said on Sunday. Aviv Raff, chief technology officer at Seculert, said the hackers earlier this month temporarily took over 15 computers, one of them belonging to Israel's Civil Administration that monitors Palestinians in Israeli-occupied territory. Raff told Reuters that Palestinians were suspected to be behind the cyber attack, citing similarities to a cyber assault on Israeli computers waged more than a year ago from a server in the Hamas-ruled Gaza Strip. While the latest attack was conducted from a server in the United States, experts noticed writing and composition similarities with the earlier attack, he said. Israeli officials declined to comment on Raff's findings. "We are not commenting on it, we don't respond to such reports," said one of the officials, Guy Inbar, a spokesman for the Civil Administration. There was no immediate Palestinian comment on the report. Securlet had not determined what the hackers did after the initial infection with "Xtreme RAT" software, Raff said. "All we know is at least one computer at the Civil Administration was in control of the attackers; what they did we don't know." The Civil Administration is a unit of Israel's defense ministry that oversees the passage of goods between Israel and the West Bank and Gaza Strip, territories Israel captured in a 1967 war and which Palestinians want for a state. The administration also issues entry permits to Palestinians who work in Israel. DEFENCE CONTRACTORS ALSO HACKED? Raff declined to identify the other 14 computers targeted by the hackers. An Israeli source who spoke on condition of anonymity said these included companies involved in supplying Israeli defense infrastructure. Based on Raff's analysis the 15 computers were in the hackers' grip for at least several days after the January 15 dispatch of the email, which included an attachment about ex- Israeli prime minister Ariel Sharon who had just died. Hacking activity has surged in the Middle East over the past three years as both governments and activist groups have targeted the military, other state agencies, critical infrastructure, businesses as well as dissidents and criminal groups in order to gain information about their operations and also disrupt them. The email that burrowed into the Israeli defense ministry computer looked like it had been sent from the Shin Bet security service, Raff said. Raff's firm was able to "sinkhole" the operation, tricking the Xtreme RAT software into communicating with servers that Seculert controlled in order to figure out which computers were infected and to deactivate the attack. Xtreme RAT is a remote access trojan, which gives hackers complete control of an infected machine. They can steal information, load additional malicious software onto the network or use the compromised computer as a beachhead from which to conduct reconnaissance and attempt to gain deeper access into the network, Raff said. Word of the cyber attack came a day before a three-day Israeli cybertech conference being held in Jerusalem, and just after Prime Minister Benjamin Netanyahu plugged Israeli technological advances at the World Economic Forum in Davos. Raff denied there was any irony in the timing of his warning so soon after Netanyahu's remarks. "Unfortunately there is no such thing as 100 percent safety either when it comes to physical risks or information security," he said. http://www.reuters.com/article/2014/01/26/us-israel-cybersecurity-idUSBREA0P0ON20140126
  • Create New...