Tag: hacker

AT&T iPad security hole hacker breaks gagging order

The man who exposed a security flaw in AT&T’s website, which ended with the leak of over 100,000 iPad customer details, has broken his gag order to protest about his civil liberties being violated.

In early June Andrew Auernheimer uncovered a vulnerability in AT&T’s website as part of research for the Goatse Security group. A week later he was arrested on drug charges, which was pretty convenient timing. He was then put under a gagging order which has prevented him from being able to discuss the details of what happened.

Now, however, he is breaking that order because he believes his “civil liberties are being grossly violated”. In a blog post entitled “Hypocrites and pharisees” he said that he has been denied a public defence attorney and that “speaking out is my only hope at being saved.”

He took some time to explain that what Goatse did was perfectly legal and much more honourable than some other hacking attempts have been by security companies who have since been let off the hook. He said that Goatse scrambled the data to ensure that AT&T would have the opportunity to patch it.

He said that the drugs were found near him as part of a search under a computer-only warrant backed by a multi-billion dollar company, but did not go so far as to say that the drugs were not actually his.

He said that his actions and those of Goatse in regard to the iPad details were not criminal but rather “were done using industry standard practices as a public service.” He compared his role to that of lawyers, security researchers, journalists, and web developers, who often scrape data from public websites as part of their research. He said if this act is made to be illegal then Google News or Blogsearch will become illegal as a result of that, and claimed that his “role in this was solely that of a journalist.”

He said he has been denied his right to an attorney for a jailable offence, which is “in violation of the US constitution, Gideon v. Wainright, and title 16 of Arkansas law” and labelled the entire thing a “complete miscarriage of the justice system”. He has called for the public to write to local officials to complain about the situation.

Hacker blackmailed women and teenage girls

A hacker who it is claimed broke into more than 100 computers, used the personal data he found to blackmail women and teenage girls into sending him sexually explicit videos, coppers claim.

US prosecutors told AP  that Luis Mijangos, 31, of Santa Ana, will face charges of extortion. Currently he could face a maximum federal prison sentence of two years which strikes us as a bit light for a country which gives children lethal injections.

US attorney’s spokesman Thom Mrozek said the scheme was eleborate and required some serious technical proficiency.

Mijangos found victims on peer-to-peer networks and sent out files disguised as popular songs that contained malicious computer code.

The malware infected the victims’ computers and was passed to their friends’ and relatives’ machines in the form of infected instant messages, authorities said.

He would search computers for sexually explicit or intimate images and videos of women, or hack email accounts and, posing as some victims’ boyfriends, asked them to make pornographic videos.

Occasionally, Mijangos was able to remotely turn on some victims’ webcams to catch them in “intimate situations.”

Mijangos contacted some victims and threatened to distribute their sexually explicit videos to their computer contacts unless they made additional videos for him.

Of course eventually one of his victims called the cops.

When the FBI knocked on his door Mijangos claimed he hacked the computers at the request of the victims’ boyfriends and husbands to determine whether the victims were cheating on them. 

Top hacker says Aspergers is no defence

Adrian Lamo, a man once hunted by the FBI for hacking the New York Times, who was institutionalised for Aspergers Syndrome claims that it is no defence for hacking.

Lamo, who was recently sectioned after he was discovered out of it  by cops, was diagnosed as having the mild form of Autism.  He said he never really knew about it until he was transferred to the Woodland Memorial Hospital near Sacramento, for nine days.

The staff evaluated him and gave him some medication and discharged him a couple of weeks ago.

Asperger’s is rapidly becoming the hacker’s defence against conviction.

In December, a defence psychiatrist concluded that credit card thief Albert Gonzalez exhibited behaviour consistent with Asperger’s. A government-appointed psychiatrist rejected the claim, and Gonzalez got 20 years. A Los Angeles computer intruder involved in a lucrative fraud scheme received a slightly reduced sentence because of his Asperger’s, which his lawyer argued made him vulnerable to manipulation by the ringleader in the scheme.

British hacker Gary McKinnon was diagnosed with Asperger’s at the age of 42, shortly after losing a legal challenge to an extradition order.

Lamo thinks while Asperger’s might explain his knack for slipping into corporate networks, Wired says that he scoffs at the notion that Asperger’s should mitigate the consequences of illegal behaviour.

He said that Asperger’s might help explain his success in hacking, but not his willingness to do it, he told Wired.

“If, in fact, the diagnosis is accurate, it had zip to do with my actions at that time,” he said. 
Bad news for you Gary.

FTC takes down pirating, spam, ISP

The US Federal Trade Commission asked a judge to effectively kill off  the Internet Service Provider 3FN.

While some sites which run P2P piracy torrents get some degree of mourning  pro-file sharing sites, no one appears to miss the passing of 3FN.

According to the FTC,  the site specialised in spam, porn, botnets, phishing and all sorts of Web nastiness.

The ISP’s computer servers and other assets were seized and will be sold by a court and the operation has been ordered to give back $1.08 million to the FTC.

According to the FTC, 3FN, which does business as Triple Fiber Network, APS Telecom, APX Telecom, APS Communications, APS Communication and Pricewert,  “recruited and colluded with criminals” to “distribute harmful electronic content including spyware, viruses, trojan horses, phishing schemes, botnet command-and-control servers, and pornography featuring children, violence, bestiality, and incest.

Apparently 3FN advertised its services in the darkest corners of the Internet, including a chat room for spammers.

3FN shielded its criminal clientèle by ignoring take-down requests issued by the online security community, or shifting its criminal elements to other IP addresses.

The outfit deployed and operated botnets as well as recruited bot herders and hosted the Zombie command-and-control servers.

The FTC showed the court transcripts of instant-message logs from the defendants’ senior employees discussing the configuration of botnets with bot herders.

It claimed that more than 4,500 malicious software programs were controlled by command-and-control servers hosted by 3FN. This malware included programs capable of keystroke logging, password stealing, and data theft, programs with hidden backdoor remote control activity, and programs involved in spam distribution, the FTC said.

In June 2009,  when a court issued a preliminary injunction against 3FN, spam volumes dropped by about 15 percent.

Two Spanish hackers apply for security jobs

The Security outfit which spent most of last year helping Spanish  coppers nick three men suspected of operating and renting access to a massive and global network of hacked computers had two surprise job applications.

About 60 days after their arrest, Panda Security had a visit from two of the hackers asking to be hired as security researchers.

The pair known by the online nicknames “Netkairo” and “Ostiator,” were arrested by Spanish police for their role in running the “Mariposa” botnet.

Panda’s Luis Corrons told the Krebs on Security Bog  at first, he couldn’t believe it, and thought someone in the office was playing a practical joke on him.

Ostiator told him with everything that’s been happening, they were  not earning any money.

He thought there was some kind of arrangement the pair could come to with Panda. Netkairo and Ostiator haven’t yet been charged with any crime. But Corrons recognised that the names and addresses on the resumes matched those that police had identified as residences belonging to Netkairo and Ostiator.

The pair showed up again in April asking if Panda was thinking of hiring them.

When it became clear that Panda wasn’t interested in hiring him, Netkairo changed his tune, Corrons said, claiming he had found vulnerabilities in the company’s cloud anti-virus software and theatened to publish the information, it’s alleged.

Later that week, someone opened a blog at Google Blogspot using the account name “NeTK,” and posted a video labeled Panda Cloud Antivirus Detection Bypass POC.

Teen hacker gets a year's probation

A teen who bought down a worldwide gaming network has been sentenced to a year’s probation and to perform 250 hours of community service.

The kid will also have to write a cheque to Sony for $5,000 in damages.

The teen, who cannot be named for legal reasons , faced four  counts for planting a computer virus that caused Sony’s gaming Web site to repeatedly crash between November 16-26, 2008.

A report into the kid said he otherwise led a normal life, was a good student and participated in school activities.

However the whole thing was based on an obsession that the kid had with winning.

Rather than do it in the traditional US way of winning on the sports field or fighting in countries that do not have the same weapons ability, the teen burned the midnight oil  playing computer games.

Coppers claimed that the teen crippled Sony’s online PlayStation site in retaliation for being kicked off the site for cheating while playing a war game called SOCOM US Navy Seals.

He used hacker tools to contact a botnet and these were directed  clog three games on the PlayStation site, causing it to crash and go off-line.

Sony wanted $33,200 in restitution, but the judge ruled that amount would be too excessive for the teen.

Toughest hacker sentence ever delivered

A Miami hacker has been sentenced to 20 years in what has been seen as the toughest sentence given out to someone who robbed using a PC.

According to the Miami Herald, Albert Gonzalez masterminded the largest theft of credit cards in US history, so he expected really to have the book thrown at him.

A Boston federal court was told how he broke into the computer systems of major retailers to steal millions in card numbers.

Networks of TJX, BJ’s Wholesale Club, Dave & Buster’s and several others were targeted and netted him $200 million.

Prosecutor Stephen Heymann said that Gonzalez shook a portion of our financial system.

Gonzalez, 28, apologised as his mother, father and sister watched from the front row of the courtroom.

He told the court that he didnn’t do it for the money but because he could not put the lid on his internet addiction.

Gonzalez amassed $2.8 million he used to buy a Miami condo, a car, Rolex watches and a Tiffany ring for his girlfriend.

He would drive past retailers with a laptop computer, tapping into those with vulnerable wireless Internet signals.

They would then install ‘sniffer programs’ that picked off credit and debit card numbers as they moved through a retailer’s computers before trying to sell the numbers overseas, prosecutors said.