hackers posts

Forgotten Password Questions Too Easy to Crack, Study Finds

by Dan Reilly — May 19th 2009 at 6:12AM

Remember when Sarah Palin's e-mail account was accessed by a 20-year-old student who guessed the answer to her Yahoo! security question (where she and husband Todd first met)? Well, the former VP candidate is just one of many whose "forgotten password" questions are way too easy for others to guess, according to a new study published in the Technology Review..

Researchers from Carnegie Mellon and Microsoft found that 28-percent of 130 participants had their security questions correctly answered by people they know and trust. Another 17-percent were vulnerable to people they knew, but didn't trust. The problem, it seems, lies with both users and the ineffectiveness of the security method itself.

Tags: hackers, password, sarah palin, SarahPalin, security, studies, study, top

Computers

FAA's Air-Traffic Networks Susceptible to Hackers

by Warren Riddle — May 8th 2009 at 9:20AM

Air travel just became even more stressful, as a recent government study reveals that the Federal Aviation Administration's (FAA) air-traffic control system faces significant threats from cyber-terrorists. According to the Wall Street Journal, the FAA plans to modernize its control systems over the next 15 years, thanks in part to $20 billion of funding, but the technological adaptations are apparently exposing vulnerabilities to hackers.

The FAA uses two technical support systems -- an administrative system, primarily used for corporate purposes, and an operational system, which is used for air-traffic control. Although FAA spokesperson Laura Brown told the WSJ that one network cannot be used to access the other, security tests revealed 763 "high risk" administrative weaknesses.

Tags: FAA, federal aviation administration, FederalAviationAdministration, hackers, studies, top, travel

Computers, Web

Hacker Wants $10M Ransom for Stolen Virginia Private Patient Data

by Peter Mychalcewycz — May 7th 2009 at 12:16PM

On April 30th, an unidentified individual, or group, hacked into the Virginia Prescription Monitoring Program's Web site, WikiLeaks first reported Sunday. A full week after the hack occurred, the perpetrator is still holding hostage the private data of over 8 million Virginia patients.

The party responsible for this security breach didn't hack into the prescription-drug-abuse-tracking site for fun, either. The hacker, or hackers, posted a ransom note on the Web site that, according to WikiLeaks, read:

I have your [expletive]! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password.

For days, Virginia state police and FBI investigators have been trying to get to the bottom of the theft, which could ultimately result in the misuse of those 8 million packets of personal information. The government has not yet publicly identified the 8 million victims, nor has it notified them privately.

Tags: crime, government, hack, hackers, hacking, identity theft, IdentityTheft, prescription drugs, PrescriptionDrugs, security, top, virginia

Computers

70,000 Hackers Probe the NYPD's Computers Daily

by Peter Mychalcewycz — Apr 23rd 2009 at 1:36PM

If the New York Police Department had a dollar for every attempted hack on its computer system, New York cops would be driving around in Ferraris instead of those horrid Crown Victorias (or Impalas).

In a speech to the Council on Foreign Relations, New York Police Commissioner Raymond Kelly said that hackers try to breach the NYPD's computer system at least 70,000 times a day, according to the Associated Press. The NYPD has traced the illegal scans back to computers in myriad countries, including China and the Netherlands.

Thankfully, due to strong system-protection programs, there have been no successful breaches of the vast NYPD computer network. This is just another front in the war on cyber-terrorism, a very real threat in a hyper-modern age. [From: FOX News]

Tags: hack, hackers, hacking, law enforcement, LawEnforcement, nypd, police, security, top

Computers

$300 Billion Pentagon Project Hacked (Data Compromised, Again)

by Terrence O'Brien — Apr 21st 2009 at 6:17PM

According to a front page Wall Street Journal article this morning, it looks like piles of data related to the $300 billion F-35 Joint Strike Fighter military plane have found their way in to the hands of hackers. According to government officials the newspaper spoke with, the Defense Department was the subject of a concerted cyber attack over the past few months in which terabytes (yes plural) of data related to the project were intercepted and fed to IP addresses that have been tracked to China.

Of course, the Chinese embassy issued a statement denying any involvement and said it "opposes and forbids all forms of cyber crimes," but we know it means that in the same way Ted Haggard meant that he opposed homosexuality.

"We aggressively monitor our networks for intrusions...," Air Force Lt. Col. Eric Butterbaugh told the WSJ. Now, anyone who has ever tried to download an HD movie via BitTorrent knows how long it takes to download a few gigabytes of data, which leads us to believe the monitoring couldn't be too aggressive if spies were able to siphon off several thousand gigabytes before setting off alarms.

Tags: china, computer spies, ComputerSpies, crime, defense department, DefenseDepartment, espionage, f-35, f-35 joint strike fighter, F-35JointStrikeFighter, hack, hacker, hackers, hacking, joint strike fighter, JointStrikeFighter, military, pentagon, security, spy, top

Computers

Teen Author of Twitter Worm Gets Hired for Hacking Skills

by Kaiser Hwang — Apr 19th 2009 at 5:21PM

Oh, the pains of being popular. Now that micro-blogging service Twitter has officially saturated the mainstream, it was only a matter of time before it became the target of hackers. Case in point: Last week, a non-malicious attack infected users' profiles, sending tweets without permission. After fessing up to the attack, 17-year-old Mikeyy Mooney claimed he created the worm for three basic reasons: boredom, to alert the developers behind Twitter of the vulnerability, and to get his name out in the public.

Well, it looks as if the stunt paid off, because Mooney has already been offered (and accepted) a job at exqSoft Solutions, a web applications developer. The gig was one of several job offers that came to Mooney after the Twitter fiasco. Travis Rowland, exqSoft CEO and the man who hired Mooney, suggested to ABC News that the hack was more of a service than anything else, alerting Twitter to a vulnerability in its system.

Tags: hack, hackers, hacking, jobs, microblogging, security, top, twitter, workplace

Cell Phones, Computers, iPhone

Pwn2Own Offers $10,000 to Hack iPhone

by Warren Riddle — Feb 28th 2009 at 7:32PM

The third installment of the Pwn2Own competition, a contest pitting hackers against popular gadgets and operating systems, takes aim at Apple's iPhone and four other smartphones. The contest will dole out $10,000 to anyone able to hack into the devices at the CanSecWest security convention in Vancouver, Canada from March 18-20.

Contestants, armed with phones running the Android, Symbian, and Windows Mobile operating systems, as well as a BlackBerry and an iPhone, will have to exploit "general actions a normal user would take while using the device," according to the rules of the sponsor, TippingPoint.

The three day competition will also include a Web browser division, focusing on a Sony VAIO running Windows 7 and installed with Internet Explorer 8, Firefox and Google Chrome, and a MacBook running OS X with Safari and Firefox. Contestants won't have physical access to their targets and will be given limited applications to work with on the first day. That will gradually expand over the next two days, and any successful bug nets the hacker $5,000.

Tags: hack, hackers, iphone, iphone hack, IphoneHack, pwn, pwn2own, tipping point, tippingpoint

Computers

Assessing Our Cyber Security From the Oval Office

by Chad Mumm — Feb 18th 2009 at 4:35PM

The White House has tapped cyber consultant Melissa Hathaway to conduct an extensive review of US Internet security. She will now be tasked with analyzing the effectiveness of programs she helped foster as the point person of former President George W. Bush's effort to check an increase in breaches of military and government sites in early 2007.

The nascent Obama administration's unprecedented openness through its WhiteHouse.gov site has showcased the President's commitment to the Internet as a necessary tool of modern government, foreshadowed by his extensive and tremendously successful use of the Internet and Web 2.0 during his campaign. Still, the President has been called to extend cyber security beyond government sites to include protection for citizens and businesses and to foster greater collaboration with foreign countries. Fortunately, Hathaway has a history of getting stodgy bureaus to play nice and work together; she spent 15 years as a management consultant getting military and intelligence organizations to collaborate.

President Obama knows the consequences of flimsy Web security firsthand; in April 2008, a programming error allowed a zealous Hillary Clinton supporter to redirect part of Obama's campaign Web site to Clinton's site.

Tags: cyber security, CyberSecurity, expire-images:2009-3-20, hacker, hackers, internet security, InternetSecurity, obama, obama administration, ObamaAdministration, oval office, OvalOffice

Computers

Hackers Steal $9-Million From ATMs, 'Ocean's 11'-Style

by Lee Bains — Feb 11th 2009 at 4:46PM

If you're one of the many who envision hackers and identity thieves as pitiful, grubby men, slouched behind their computers in their parents' basements, peering at their computer screens with beady, glazed eyes, then the group of hackers that stole $9 million from global ATMs this past November might just put a new image in your mind.

According to Network World, these cyber criminals are more cat burglar than catatonic, having composed an attack plan worthy of a Hollywood screenplay.

In the first stage of their attack, the thieves hacked into electronic payment processing service RBS WorldPay, where they obtained the information contained in 100 units of the company's "payroll card," a sort of debit card where cash is directly "loaded" by an employer. Having accessed those 100 cards, the hackers then performed another hack, allowing them to "load" imaginary money onto the cards. With all that information, and money in the bank, the hackers simply made physical copies of those cards, most likely using one of the several legal, relatively cheap card printing machines.

Tags: atm hack, AtmHack, crime, cyber crime, CyberCrime, hack, hackers, heists, identity theft, IdentityTheft, security, top

Computers

German Military Hires Hackers

by Evan Shamoon — Feb 10th 2009 at 4:03PM

According to a report by German Web site Heise.de, the Bundeswehr (essentially the German armed forces -- and no, not the American beer manufacturer) is recruiting hackers in order to "penetrate, manipulate and damage hostile networks."

Slashdot has a rough translation of the original article, which includes this tasty nugget of information: "The Regiment is stationed in Rheinbach, near Bonn, and consists of several dozen graduates from Bundeswehr universities. They're training at the moment, but the 'hackers in uniforms' are supposed to be operational by next year. This regiment officially belongs to the Kommando Strategische Aufklärung [strategic reconnaissance], and is commanded by Brigadier General Friedrich Wilhelm Kriesel. The Bundeswehr has not said anything to this regiment yet."

While this is nothing entirely new -- the NSA has hired many hackers over the years in the name of "keeping America safe" -- it's the first report of such action in Germany. And the whole notion of "hackers in uniform" sorta makes us wonder: Will future military video games have us playing the role of the hacker sitting in front of 50 monitors rather than shooting bad guys in the face? [From: Slashdot]

Tags: bundeswehr, german, hackers, military, security, top

Computers

Internet Scams Increasing as Economy Stumbles

by Terrence O'Brien — Feb 2nd 2009 at 6:05AM

We've noted before the economic downturn has been a boon to online scammers. As more tech workers have lost their jobs, the pool of potential cyber criminals has been growing, as has the number of people out there willing to believe the e-mails promising virus protection, get-rich-quick schemes, and funny or pornographic videos circulating on the Web.

By mid September, there were 31,000 malicious programs making the Internet rounds. Trojans, worms, even good 'ol fashioned data mining schemes have really taken off following the collapse of the banking industry and the rest of the economy. The scams are being fed to victims via IM, e-mail, and even social networking services.

Hackers and criminals are becoming more sophisticated as well, hijacking banner ads and complete Web sites, using Flash to install malware, and redirecting users from legitimate pages to infected sites. Monster.com and MyCheckFree.com have both fallen victim recently attacks, and experts only expect the number of scams to increase during 2009.

So keep your guard up when online, and remember as easy as a life of theft may seem, crime -- even cyber crime -- doesn't pay. And now you know... and knowing is half the battle. [From: USA Today]

Related links:

Tags: crime, hacker, hackers, safety, scam, scams, security, virus

Computers

Hacked Obama Site Offering Up Virus

by Terrence O'Brien — Jan 27th 2009 at 8:12AM

Like most of the Internet, we're more than a little excited about having our first truly tech-savvy president here in the U.S. Unfortunately, for all our fawning over the idea of a government that doesn't still think dial-up is modern technology, we've neglected that putting more emphasis on the Internet makes one more susceptible to attacks by hackers and other computer criminals.

We've already seen the Obama campaign's Web site hijacked, and fake Obama e-mails spread viruses. We've even seen our fair share of fake Obama Web sites loaded with malicious software. Now hackers are trying to directly reach Obama supporters by creating fake profiles and blogs on the MyBarackObama social network. The fake blogs often contain links, made to look like YouTube videos, that lead you to a YouTube-like page loaded with porn. Playing one of these videos launches a pop-up that uses the old "install this missing codec" trick. The supposed missing software is, of course, a virus.

Tags: barack obama, BarackObama, breaking news, BreakingNews, hacker, hackers, my.barackobama.com, obama, security, top, virus

Computers

Monster.com's Database Breached, Leaking Job-Seekers' Personal Info

by Tim Stevens — Jan 26th 2009 at 12:10PM

It was about 18 months ago that Monster.com's databases were hacked, compromising the personal information of roughly 1.2 million registrants (most of whom had signed up looking for a job, not for a new way to have their phone numbers stolen0. The job-seeker's site, of course, pledged to fix the hole right away, but, sadly, didn't do a particularly good job of it, as we're hearing that the company has been breached again. At least this time, Monster.com is being proactive and has made news of the breach public from the get-go.

The company has indicated that the database containing its millions of registrants' personal information has been compromised, leaving their private info swinging in the cold. Names, birth dates, phone numbers and other information have all been accessed, and, while it's unclear just how many accounts were accessed illegally, it could possibly be all of them.

While the folks at Monster.com are being somewhat forthcoming about the leak in general, they still aren't actually e-mailing individual users to tell them about it, meaning, as usual, it's up to you to keep an eye on your credit report. [From: The Register]

Related Links:

Tags: cyber crime, CyberCrime, data leak, database, DataLeak, hack, hackers, identity theft, IdentityTheft, leak, monster, monster.com, personal information, PersonalInformation, top

Computers

Millions of Credit Card Numbers Nabbed in Payment System Breach

by Tim Stevens — Jan 21st 2009 at 9:50AM

It wasn't all that long ago that grocery shoppers at Hannaford were sent reeling with the news that their credit cards had been nabbed by hackers -- 4.2 million credit card numbers were stolen in total. If that was you, chances are you still haven't memorized your new credit card number, and that's just as well because you may need yet another one, as another breach has been identified -- one that may cover hundreds of millions of credit card users.

St. Louis-based Heartland Payment announced yesterday that hackers gained access to the machines it uses to process roughly 100 million credit card transactions every month. The company handles transactions for 175,000 separate businesses and bills itself as having "the highest standards" and "the most trusted transactions." Despite that, the company has no idea how long its systems were being monitored, saying only that it was "longer than weeks."

Because of this nobody knows just how many cards were compromised, but given the sheer volume of cards that are processed, many are already calling this the largest data breach in history. Until they're able to figure out just who was affected, Mastercard and Visa are now warning all cardholders and banks to watch out for suspicious activity, even if they may not have been affected.

If there's some good news it's that only credit card numbers were nabbed, not addresses, so exposure should be somewhat limited. But regardless, the cost of sending millions of letters and millions of replacement cards will surely be massive, and given current economic conditions we're not sure just where all that money will come from. [From: USA Today]

Next >>

Tags: credit card, credit cards, CreditCard, CreditCards, hack, hackers, heartland payment, HeartlandPayment, security, top

Computers

Tricky Windows Worm Spreads to 9 Million PCs

by Terrence O'Brien — Jan 20th 2009 at 6:15PM

Remember this nasty worm with multiple-personality disorder we reported on last week? Well, apparently, it is still spreading, and is now responsible for an estimated nine million infected computers! So far it hasn't done anything especially nasty, beyond finding its way onto machines, but that doesn't mean you want it lurking on yours!

Security experts at F-Secure believe the piece of malware may not be acting as the hackers who designed it intended. The firm believes that the worm was meant to give false alerts saying that malicious software had been discovered on a user's PC and then encourage that user to buy fake anti-virus software. So far, this behavior hasn't been seen, but that doesn't mean that Conficker, Downadup, Kido -- whatever it wants to call itself -- isn't leaving open a back door for hackers to steal passwords and other personal information.

Microsoft has already released a patch to battle the worm, however one of its effects is to disable automatic updates on infected machines. So head to WindowsUpdate.com, if you haven't already, to make sure you get this latest patch! [From: FOXNews.com]

Tags: conficker, downadup, expire-images2010-1-20, hackers, kido, malware, microsoft, safety, security, top, virus, viruses, windows, worm, worms

Most Emailed Stories

Editors' Picks

Weirdest Techie Heists and Scams

Elderly Amish Man Caught on Film With Prostitute, Blackmailed
When a 75-year-old Amish widower slept with a prostitute, he -- we feel certain -- felt pretty bad about it the next morning. As if that guilt weren't enough for the old man, the prostitute and her boyfriend demanded $67,000 from him, claiming that they had filmed the scene with wall-mounted cameras and would upload the recording to the Internet. The pair was later arrested and, we can only imagine, the Amish man abhorred technology more than ever.

Bank Robber Gets Away With the Help of Craiglist
In October, a bank robber -- wearing a safety vest, blue shirt, face mask and goggles -- eluded police with the help of Craiglist. Just outside the bank, while the robbery was in progress, stood a group of men who were responding to a Craiglist day labor opportunity. As the advertisement required, they were all wearing safety vests, blue shirts, face masks and goggles.

Nude New Zealander Arrested After Responding to Fake Sexy Text Message
Late in 2007, a Wellington, New Zealand man received a racy text message from two anonymous "ladies," giving him only an address and a request that he show up naked. Well, he indeed showed up naked... at the home of one appalled, unsuspecting New Zealander. Both the nude Romeo and the sadistic texter were arrested, though neither were prosecuted.

Fake Craiglist Ad Costs Man Most of What He Owns
Last Spring, a post appeared on an Oregon Craigslist board stating that the owner of a specific house was leaving all of his worldly possessions (still in said house) to whoever wanted them. When homeowner Robert Salisbury rushed home -- on a tip from a woman suspicious about the offer of a free horse -- he found his house being ransacked by 30 strangers. We suggest he take that horse and collect some vengeance Clint Eastwood-style.

17-Year-Old Jailed for Stealing Virtual 'Furniture'
When a 17-year-old Dutch boy hacked into several accounts on the Second Life-style site 'Habbo' in 2007, the the law got involved. The boy was discovered to have stolen $5,800 worth of virtual furniture and knick-knacks. Apparently, crime -- whether actual or virtual -- does not pay.

Phishers Going After Your Phones in New 'Vishing' Trend
Over the past year, sneaky spammers have begun to forsake the worn-out territory of e-mail in favor of cell phones' fertile frontier. The result? "Vishing." Get it? Voice mail phishing. It might be more ominous if it didn't sound like a James Bond villain saying, "Wishing."

Burglars Break Into Restaurant, Steal HDTV, Leave Money / Food Behind
Around Halloween of last year, a truckload of thieves drove into -- that's right, into -- a Pennsylvania Mexican restaurant, where they -- apparently uninterested in the cash register -- stole a mid-grade 47-inch HDTV and fled the scene. We've all heard about how this generation is lacking in ambition, but this generation's thieves, too?

Latest Reviews from CNET.com

CNET provides the latest tech news, unbiased reviews, videos, podcasts, software, and downloads, making tech products easy to find, understand and use.

Top Product Reviews

Home Audio Reviews
9.0 out of 10
Denon AVR-4306 (black)
Incredibly well-featured 7.1-channel receiver; excellent sound quality; three HDMI inputs; converts analog video to HDMI output; upconverts analog video to 720p/1080i HD resolution; iPod and USB MP3 player connectivity; Internet radio and MP3/WMA streaming audio via built-in Ethernet port; XM Satellite Radio compatible; touch-screen remote; multizone, multisource operation; browser-based control via home network; accurate autocalibration routine. Full Review
8.8 out of 10
KEF KHT3005 (black)
The KEF KHT-3005 is one compact, beautifully designed speaker package with solid aluminum satellites that feature unique driver technology to produce incredible clarity. Meanwhile, the equally astounding dual 10-inch, 250-watt powered subwoofer delivers ultradeep bass. Full Review
8.8 out of 10
KEF KHT3005 (silver)
The KEF KHT-3005 is one compact, beautifully designed speaker package with solid aluminum satellites that feature unique driver technology to produce incredible clarity. Meanwhile, the equally astounding dual 10-inch, 250-watt powered subwoofer delivers ultradeep bass. Full Review
Cell Phone Reviews

8.6 out of 10
Wi-Ex zBoost YX510-PCS-CEL cell phone signal extender
The Wi-Ex zBoost YX510-PCS-CEL significantly boosts your cell phone reception and is easy to operate. Also, it uses a wireless connection to your phone. Full Review
8.6 out of 10
Turbo Charge Tc2 portable cell phone charger
The Turbo Charge Tc2 portable cell phone charger successfully delivers emergency power to your cell phone. It's easy to use and comes with a couple of surprising features. Full Review
8.3 out of 10
LG VX6000 (Verizon Wireless)
Compact and stylish; impressive battery life; solid audio quality; sharp color screen; built-in camera; USB ready; affordable. Full Review
Digital Camera Reviews

9.3 out of 10
Canon EOS 1D Mark III
Extremely fast, 10-megapixel continuous shooting; very low noise; highly customizable; well-designed body with weather sealing; 3-inch LCD; abundant optional accessories. Full Review
9.3 out of 10
Nikon D3 (body only)
Full-frame sensor; well designed, pro-level weather-sealed body; very low noise, even at extremely high ISOs; fast. Full Review
9.0 out of 10
Canon EOS-1Ds Mark III
Very low noise, high quality images; 21.1 megapixels; live view shooting; pro-level build-quality and performance. Full Review
Desktop Reviews

8.5 out of 10
Apple iMac (24-inch, 2.8GHz)
A minor specification update results in some significant performance gains; graphics upgrade an option on this 24-inch model; sleek, polished design didn't receive an update, but we won't start clamoring for a new design until the current one is at least 12 months old. Full Review
8.4 out of 10
Velocity Raptor Signature Edition Gaming PC
One of the fastest PCs we've tested; a PCI Express RAID card helps media encoding performance; typically immaculate Velocity Micro assembly; strong, three-year warranty. Full Review
8.3 out of 10
Dell Studio Desktop Computer (Intel Core 2 Quad Q8200, 750GB HDD, 6GB)
Best performance in its class; dedicated graphics card; large hard drive. Full Review