Articles about Hacking

Jerry Lee Lewis famously sang "there's a whole lotta shakin goin on". Lately, it feels like there is a whole lot of hacking going on. While the world is still reeling from the Target hack, it seems that Microsoft and Twitter have unwillingly joined the retailer as victims.

Today, one of Microsoft's Twitter accounts, @MSFTnews was infiltrated by The Syrian Electronic Army -- a group that claims to be supporters of Syrian president Bashar al-Assad. But who is at fault, Microsoft or Twitter?

Continue reading →

Recently, I was a guest on the CNBC program, Squawk on the Street. The discussion centered on the possible outcome of a limited strike by the US on Syria, and I had the opportunity to provide my opinion on the retaliatory cyber implications for US interests. During the program, I disagreed strongly with the position taken by McAfee Worldwide CTO, Mike Fey: that the Syrian Electronic Army is no more than a hacktivist group. In my opinion, this is a dangerous assertion based on industry group-think and marketing rhetoric.

Two books that I have co-authored have examined attack sophistication in terms of categorizing a threat actor. Ultimately, I am not concerned with which organization or entity carries out an attack. I am, however, concerned with identifying and stopping malicious activity. For example, were a nation-state to engage in industrial espionage against a defense industrial-based contracting firm or critical infrastructure, such as a power grid, this typically would be classified as advanced persistent threat (APT).

Continue reading →

There’s probably nothing worse for a major company than getting hacked. Just ask Adobe. But when the company in question is a provider of security software, well the embarrassment factor goes through the roof. And it’s definitely not good news for consumers who rely on the company’s software products to keep them safe online.

The website of AVG, makers of one of the world’s most popular free anti-virus products, was apparently hacked by a pro-Palestinian group earlier today, and fellow antivirus company Avira has also just suffered the exact same fate.

Continue reading →

When I receive an email asking to validate my account info, it is an obvious alert that something is amiss. These frequently come in the guise of PayPal and even banks where I have no account -- a no brainer to hit the delete button. However, as I browsed through my messages while preparing for bed, one caught my attention, not because of variance from other email scams, but because it simply attempted to lure me to a trap I had not encountered previously.

While the likes of PayPal and CitiBank may trade between targets number one and two, this was the first time I had been asked to validate my Apple account -- the one I have never had.

Continue reading →

When Google released Android 4.0 (Ice Cream Sandwich) back in 2011, it introduced a new data scrambling system designed to protect sensitive user information from snoopers who successfully managed to bypass the lock screen.

It’s strong security, but a team of German researchers have managed to crack the encryption by freezing a Galaxy Nexus and using a toolset called FROST (Forensic Recovery Of Scrambled Telephones) to retrieve contact lists, browser histories, and photos (basically everything you’d want to keep private).

Continue reading →

Burger King’s Twitter account was just hacked and has been turned into an amusing (and rather crude) advert for fast food rival McDonald’s, complete with the Chicken McNuggets header and golden arches logo as the avatar.

No one is entirely sure who is behind the action at the moment, although there’s a shout out to DFNCTSC, the Defonic Team Screen Name Club, a loosely organized collective responsible for hacking Paris Hilton’s mobile phone and posting her address book a while back.

Continue reading →

The anti-virus and security business is a tough one, fraught with competition and cutting-edge technology designed to not only stop current threats, but predict future ones via heuristics. It is also a place where minor errors can become high-profile issues. Like last year when Sophos detected its own files as a virus and began systematically deleting them, rendering its software useless to customers.

The latest blow below the waist for a security firm involves Bit9. In what can only be termed as "embarrassing", the company failed to install its very own security software on computers within its corporate network. The vulnerable systems were soon compromised.

Continue reading →

The lack of an untethered jailbreak for iOS 6.x has been frustrating for many iPhone/iPod touch/and iPad users desperate to liberate their devices, install all their beloved jailbreak apps, and apply their favorite tweaks. A friend of mine is keen to buy an iPhone 5, but hasn’t purely because he’s been waiting to make sure of an iOS 6 jailbreak.

Well the good news for him, and other users keen to remove the limitations on their Apple devices, is the evad3rs team has rolled out its highly anticipated evasi0n hack for all Apple hardware running iOS6-iOS6.1.

Continue reading →

If you've just received an email from Twitter warning that as a precautionary security measure the micro-blogging site has reset your Twitter account password, and inviting you to create a new one, you should take it seriously. Very seriously.

According to Twitter the service recently "detected an attack on our systems in which the attackers may have had access to limited user information -- specifically, your username, email address and an encrypted/salted version of your password (not the actual letters and numbers in your password)".

Continue reading →

Mega has come in for some criticism since it launched, with the likes of Ars Technica, among others, questioning exactly how secure Kim Dotcom’s new file storage and sharing service actually is. Cryptography researcher Steve Thomas even created a tool designed to reveal passwords stored in confirmation emails.

But despite all this, Mega has so far proven to be a sturdy ship. Although it has had a few (quickly plugged) leaky holes, which is to be expected considering it’s still very new, nothing’s come along so far to sink it. And Kim Dotcom is so sure Mega’s security is uncrackable, he’s prepared to put his money where his mouth is.

Continue reading →

I am not a geek, hacker or programmer but simple storyteller. Some stories are unbearable to write, such as this one -- about an amazing geek and hacker who died suddenly, sadly on January 11. The world lost someone special two days ago. As you prepared for your weekend fun, he contemplated the last moments of life before taking it. You can blame the US government, as his family does and I do. A bright star has gone dark on the Internet firmament, and we'll never know what won't be seen because of it.

I didn't know Aaron Swartz, just of him. I followed some of his accomplishments and legal woes, which surely were catalyst for his final decision. Around the InterWebs, the 26 year old is described in many ways: "programmer"; "hacker"; "activist"; "advocate". His work almost certainly touches your daily life. Swartz co-authored RSS 1.0; he helped architect Creative Commons; he was serendipitous Reddit cofounder via acquisition of his company Infogami; and he was one of the most vocal, active and successful SOPA (Stop Online Piracy Act) opponents.

Continue reading →

A Distributed Denial of Service attack is no different from someone repeatedly tapping F5 in their web browser, at least accordingly to loose hacktivist collective Anonymous. The group (or someone claiming to be affiliated with it at least) has added a petition to the White House's We the People website, asking the US government to recognize DDoS as a legal form of protesting, and comparing it to the international "occupy" movement.

The petition also calls for the immediate release of those who have been jailed for DDoS attacks, and for their records to be cleared.

Continue reading →

Over the long weekend I saw McAfee had predicted that the threat from Anonymous would decline in the new year. The group apparently disagrees and has posted a video boasting of its accomplishments in 2012 and stating emphatically: "We are still here".

The two minute and twenty second video, posted to YouTube, lays out a rather lengthy list of past endeavors including attacks on government websites in the United States, Syria and Israel, as well as on groups such as the Motion Picture Association of America and the infamous Westboro Baptist Church.

Continue reading →

A report surfaced today that Verizon Wireless, a premier mobile carrier in the United States has been breached, with a result of three million customers being compromised. The good news is that the compromise does not seem to be malicious. The bad news is that, as proof of this, 300,000 users' data was released.

While the number may seem large, it represents a small fraction of the company's user base. Still, any customer information released into the wild is bad. So how did this happen and how bad is it?

Continue reading →

Symantec asked hundreds of its experts for their thoughts and opinions on what the biggest security threats will be next year -- assuming we all survive the Mayan apocalypse on December 21, of course -- and boiled down the results into five predictions.

The first threat to make the list is cyber-conflict, which Symantec sees becoming the norm. "Conflicts between nations, organizations, and individuals will play a key role in the cyber world", it says, envisioning a lot of sabre rattling, and countries and hacktivist groups using cyber-tactics to make a point and "send a message".

Continue reading →