WebProNews » hacker

Romanian Hacker Sells Secrets

Shawn Hess — Wed, 01 Feb 2012 17:00:37 +0000

The U.S. Embassy in Bucharest explained to the Associated press yesterday that a 20 year old information technology student has hacked into several Pentagon and NASA servers.

They claim the attacker:

“used sophisticated hacking tools to gain unauthorized access to government and commercial systems.”

The accused person, Razvan Manole Cernaianu, allegedly also attempted to sell the secrets of how to gain access to the servers online. Organized crime prosecutors are cooperating with the FBI and officials at NASA in order to pursue the case.

Twitter Hacker Targets Kutcher

Shawn Hess — Mon, 16 Jan 2012 21:13:08 +0000

Over the past weekend Two and a Half Men star Ashton Kutcher had his Twitter account taken over by a hacker who had ill intentions. Apparently the perpitrator tweeted on the subject of Lorene Scafaria, rumored to be dating Kutcher.

As soon as the star noticed the posts, he took them down and began monitoring his accounts. Not long after, Kutcher’s Foursquare account was also compromised thus revealing the location of the hacker. In retaliation Kutcher tweeted a picture of the hackers Foursquare account for all to see.

For the most part, Kutcher’s responses have been taken as playful toward the hacker telling him, “I’m coming for you my friend…”. Fans seem to be happy to egg him on. The nighttime TV star is well known for being tech-savvy as well as a prankster!

Facebook Hosting 2012 Hacker Cup

Zach Walton — Thu, 05 Jan 2012 15:06:09 +0000

Hackathons give birth to potential new products such as Facebook’s Timeline. Now it’s time for Facebook’s second annual Hacker Cup to put a new wave of hackers to the test.

Facebook is hosting the second annual Hacker Cup starting on January 20 and culminating in the top 25 hackers competing at Facebook’s new Menlo Park campus.

Any and all hackers from around the world are encouraged to enter the Hacker Cup starting January 4. They will be tasked with solving algorithmic problems while being based on speed and accuracy.

The competition will start with a 72-hour qualification round on January 20. All the competitors will be given three problems to solve. Solving at least one problem will advance the competitor to online round 1.

There will be three online rounds with each round presenting more difficult problems with less time to solve them. All in all, there will be only 25 competitors left on February 11 when online round 3 ends.

Facebook will fly the top 25 competitors to Menlo Park to compete on March 17. The first place winner will receive $5,000 with second place receiving $2,000 and third place receiving $1,000. Fourth through 25th place will receive $100.

Any aspiring entrants to the 2012 Hacker Cup should follow the Hacker Cup page for more details as the date for the start of the Facebook Hacker Cup approaches.

Trends Of A Teenage Hacker

Dan Morrill — Wed, 06 May 2009 16:19:43 +0000

When it comes to hacking social networks, girls are showing that they are more practical than boys in terms of what they are doing. Girls are more likely to go after information that leads to bank accounts, while boys are more likely to hack social networks in a survey conducted in England by Trend Micro.

According to Trend Micro, social networks are helping in breeding the next generation of computer hackers. While parents are often unaware of what their kids are up to online, kids have a tendency to do things on line that they would otherwise not do in person. Boys are more likely to (according to the survey) to try to impersonate people, while girls are more likely to gather information that will allow them to go into other people’s bank accounts. One in three teens would consider hacking or spying on people for cash. While the best response is that parents need to step in and explain why this is a bad idea to a teenager, this is not as likely to happen when parents are absentee or otherwise not involved with their kids lives.

This ups the stakes for social network sites, and how people share/consume data that is coming from social networking sites.

• Over one in 10 teens thought it was ‘cool’ or ‘funny’ to pretend to be someone else online
• One in seven 12 to 13 year olds have actually done this
• Over four out of ten teens have hacked into another person’s profile to read emails or looked at bank account details or logged onto another person’s social networking profile
• One in three teens have admitted to being tempted to try hacking or spying on the internet to make money
• Boys it would seem, were almost twice as likely as girls to log into someone’s social networking site
• Girls were up to three times more likely than boys to enter into someone’s online shop or bank accounts without the owner knowing

Source: Global Security Magazine

What makes this interesting is a side note on ITPortal, in that they state the information that is given out on social networking sites makes it easier to guess the security questions that people often default to.

The popularity of social networking websites like Facebook or Bebo makes it much easier for users to harvest personal information like date of birth and the name of the target’s mother, which are often asked as security questions. Source: ITPortal

This makes for an interesting survey, and also provides a basis for risk management in social networking sites, both for social networking administrative support, and for parents of kids who are starting to tend towards the dark side of computing. While you want to encourage your kids to learn computer skills, parents also have to step in when kids start crossing ethical/legal boundaries. We also need to be teaching people who use social networking sites that there are still things you do not want out in the open, like birthdate or other information that makes it easier for people to impersonate you or otherwise break into other accounts you might have on the internet.

Tags: social, networking, kids, hacking, impersonation, hacker, girls, boys, parents, tips, parenting, trend micro, survey

Comments

Hacker Claims Responsibility For Palin Email Breach

WebProNews Staff — Fri, 19 Sep 2008 22:34:10 +0000

It’s not been a good week, online or off, for the McCain campaign, but it’s been especially brutal online. The biggest news, aside from the obvious fundamentally strong economic crisis occurring Monday, has been the hacking of Sarah Palin’s email account.

Wikileaks, where screenshots of the contents of Palin’s Yahoo account were posted as evidence of her conducting state business on non-state accounts, has been crashed all day with people clamoring to get a glimpse of the illegally obtained content and judge for themselves (we assume the Secret Service didn’t shut it down, anyway). Likely they’re discovering the emails are as boring as Lou Dobbs on a pile of actuaries.

The story behind the email hack is much more exciting. One of Michelle Malkin’s loyal subjects explains the hacker’s complex and embattled relationship with the entity (not so much a an organized group) that is Anonymous in the notoriously juvenile and destructive /b/ forum on 4chan.org. The reader aptly describes them as “gremlins” rather than hackers because of their joy of “upsetting people and making messes.”

The person who hacked Palin’s account, according to a copy of a forum post submitted by the above reader, said it took him or her about 45 minutes to find the information necessary online (from Wikipedia and Google) to access the account. “rubico” says the account was accessed by guessing at the secret question prompts provided when one forgets a password:

it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)
the second was somewhat harder, the question was “where did you meet your spouse?” did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screenshits that I took and other fellow anon have so graciously put on photobucket you will see the google search for “palin eloped” or some such in one of the tabs.

I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower…

Even some Anonymous forum members, known for outrageous acts, thought this was over the line and moderators in the forum actively deleted related info as it appeared. Too late, though, it got to Wikileaks and the press. The Secret Service requested copies of the leaked emails from the Associated Press, who had the stones to refuse.

So good on the AP, at least.

Regardless of one’s opinion on Palin (according to the latest polls opinions are slumping), the intent of hacking her personal account (the intent of exposing Bush-like circumvention of open records laws) was overshadowed and out-shouted by the appalling nature of the act itself. Of course, one wonders if we’d feel the same had he or she found something juicy.

Meanwhile, take a break and find out what your name would be if you were one of Palin’s half-dozen kids. Mine would be “Strike Chipper,” king of the bowling alley and the golf course.

UK Aims to Stop Hackers by Banning Tools

Dan Morrill — Thu, 03 Jan 2008 14:13:44 +0000

In what could be a bad day for United Kingdom pen testers, stress testers, and other systems security folks, the UK is getting ready to ban the creation and distribution of tools that could be used by hackers. This generally unpleasant concept could make it not only impossible to create the next nessus or nmap by anyone in the UK, it could also send them to jail for distributing the tools they make as well.

This ought to set back UK computer security by decades.

The distinctions between, for example, a password cracker and a password recovery tool, or a utility designed to run denial of service attacks and one designed to stress-test a network, are subtle. The problem is that anything from nmap through wireshark to perl can be used for both legitimate and illicit purposes, in much the same way that a hammer can be used for putting up shelving or breaking into a car. Source: Register

This should be quickly tested in the UK courts, the minute the ink is wet on the paper kind of legal testing. There are multiple programs, perl, c++, shell scripts in C, and other programs and tools that are made by people to do things. Dual use tools are tools that can be used for both good and evil. It will be difficult to determine the intent of the tool developer unless they leave behind incriminating e-mails saying the tool was created to rip off millions of people.

Any form of distribution would also be included in the statutes, meaning the mere act of sharing a tool with your security friends could be bad for you continued security career.

This is generally bad, and will hamper legitimate security workers and researchers. The state of the security industry in the UK is now dead. The hackers will win this one unfortunately, and there seems to be no way to stop this kind of legislation short of a court testing of its legitimacy.

Comments