Blogs / 80beats

Many medical devices come equipped with wireless communication systems these days, allowing doctors to customize their operations or to see their patents’ information. But fitting pacemakers or implanted defibrillators with WiFi also opens the door to hackers‘ attacks. Hackers could potentially steal personal information, remotely drain batteries, or cause a dangerous malfunction, so researchers are working on ways to block them. The approach relies on using ultrasound waves to determine the exact distance between a medical device and the wireless reader attempting to communicate with it [Technology Review]. The plan is to only allow access to a medical device from wireless reading devices within 10 feet, and only then after a series of authentication steps. However, in the event of an emergency, the medical device would grant access to anyone within a few inches of the device. In other words, to anyone close enough to assist.

The research team also has to consider how much power their security measures will drain from the devices, which is a not-so-trivial point for a  battery-operated pacemaker. But Claude Castelluccia, who was involved with designing the security system, said that because the device won’t respond to requests that come from outside the predetermined distance, it would also be harder for an attacker to wear down the battery by forcing it to process one request after another [Technology Review]. To test their system, researchers recently implanted a medical device in the stomach of a cow, and they’re currently shopping their patented technology to potential developers.

Related Content:
Hackers Infiltrate Pentagon’s $300 Billion Fighter Jet Project
Cyber Attack Hits Government Web Sites; North Korea Is Blamed
“Soupnazi” Hacker Pleads Guilty to Stealing Millions of Credit Card Numbers

Image: flickr / library_mistress

The first worm to infect iPhones is squirming through phones in Australia, spreading the face of the 1980s pop singer Rick Astley throughout the land. On infected phones, the wallpaper changes to a glamor shot of Astley, with a line of type that declares “Ikee is never going to give you up.”

As savvy internet users know, the iPhone has just been Rickrolled. For several years, the bait-and-switch trick has caused internet users to click on a link that looks relevant or promising, only to be led to Astley’s 1987 video, “Never Gonna Give You Up.”

However, only iPhone users who have ‘jailbroken’ their phones will be affected by the worm. Jailbreaking an iPhone involves running a program that circumvents the official Apple operating system and allows users to run software on their phone that has not been approved by Apple [Telegraph]. The worm preys specifically on iPhone users who haven’t changed their default passwords on an application called secure shell (SSH), which allows file transfers between smart phones.

The iPhone worm doesn’t appear to be a malicious or criminal act. Instead, it seems to be half warning, half prank. Ikee’s author, who identifies himself or herself as “ikex” in the worm’s source code, also wrote in the code that “People are stupid, and this is to prove it so,” adding that users should read their phones’ manuals.”It’s not that hard, guys,” ikex writes. “But hey who cares its only your bank details at stake” [ Forbes].

The worm’s creator was later identified as 21-year-old Ashley Towns, a programmer who lives near Sydney; no word yet on whether Towns will face any repercussions for his trick.

Related Content:

80beats: How Did “Soupnazi” Allegedly Steal 130 Million Credit Card Numbers?
80beats: Attack That Took Down Twitter May’ve Been Aimed at Just One Blogger
80beats: Mystery of the Conficker Worm Continues: Does It Want to Scam or Spam?
80beats: Computer Virus Travels Into Orbit, Lands on the Space Station

Image: flickr / William Hook

The self-proclaimed spam king of the Internet, Sam “Spamford” Wallace, was ordered to pay Facebook $711 million in civil damages for slinging spam on the social networking site. Wallace allegedly accessed Facebook accounts without obtaining permission, and used them to make bogus wall posts and spam the account holders’ friends. Those actions run afoul of the CAN-SPAM Act of 2003, which sets guidelines for commercial e-mails, which are enforced by the Federal Trade Commission (FTC) [PC World]. The judge also referred Wallace to the U.S. Attorney’s Office with a request that he be prosecuted for criminal contempt, which means he could actually face jail time if convicted.

If you’ve ever received an unsolicited email (and who hasn’t), chances are good that it came from Wallace’s company, Cyber Promotions, which was once the largest source of spam. So not surprisingly, this isn’t the first time Spamford has run afoul of the law. In May, 2008, MySpace won a $230 million judgment against Wallace for sending junk messages. Wallace was also fined $4 million by the Federal Trade Commission in 2006 for his excessive pop-up ads [CNN]. Officials at Facebook said they don’t expect to see much of the $711 million, seeing as how Wallace is bankrupt and may soon have to send out his spam as hand written letters from behind bars.

Related Content:
80beats: Happy 40th Birthday, Internet! (Um, Again.)
80beats: Twitter Security Breach Reveals Confidential Company Documents
80beats: Attack That Took Down Twitter May’ve Been Aimed at Just One Blogger

Image: flickr / benstein

The 28-year-old hacker Albert Gonzalez who stole credit and debit card numbers from millions of people pleaded guilty on Friday to 19 counts of conspiracy, fraud, and aggravated identity theft. Gonzalez, also known by his handles “Soupnazi” and “Segvec,” reached a deal with the federal government on charges brought against him in Massachusetts and New York, where he and his co-conspirators stole more than 40 million card numbers from retailers like T.J. Maxx and Barnes & Noble. Gonzalez and his co-conspirators sold the numbers to others for fraudulent use and engaged in ATM fraud by encoding the data on the magnetic stripes of blank cards and withdrawing tens of thousands of dollars at a time from ATMs [PC World], according to the Department of Justice.

Gonzalez faces a prison sentence of 15 to 25 years in Massachusetts and a maximum sentence of 20 years in New York, but based on the terms of his plea agreements the sentences will be served concurrently. Gonzalez also agreed to pay restitution for the loss suffered by his victims, and to forfeit more than $2.7 million, plus real estate, a 2006 BMW, a Tiffany diamond ring and Rolex watches, the DOJ said. Included in the forfeited currency is more than $1 million in cash, which Gonzalez had buried in a container in his backyard [PC World]. He’ll be sentenced in December for the Massachusetts and New York cases, but that’s far from the end of his legal troubles.

(more…)

A 28-year-old hacker has been charged in what federal prosecutors are calling the largest case of identity theft ever seen. The man, Albert Gonzalez, worked with two unnamed Russian conspirators to run wild through the computer networks of a handful of prominent corporations, including 7-Eleven, the supermarket chain Hannaford Brothers, and the payment processor Heartland Payment Center. The size of the heist—130 million credit and debit card numbers, according to prosecutors—have many people wondering: How exactly is such a massive theft carried out?

The Justice Department’s indictment (pdf) describes how Gonzales (a.k.a. “segvec” and “soupnazi,” among other aliases) and his co-conspirators pulled it off. They began the job by scanning lists of Fortune 500 companies for likely targets, and then visited retail outlets to scope out the payment systems used at checkout counters and to look for vulnerabilities. Then they would write specific codes to corrupt their data systems and launch a virus from computers in the United States and Europe to pull hundreds and thousands of credit card numbers, and sort through them using a “sniffer,” which is basically a data analysis system that decodes big chunks of information [The Atlantic].

(more…)

The cyber-attack that temporarily disabled Twitter and compromised Facebook and LiveJournal was politically motivated and was directed at a pro-Georgian blogger called Cyxymu, says a representative from Facebook.

The attack, which paralyzed Twitter for two hours and “degraded” service on Facebook, was one known as a distributed denial of service attack. This technique uses a network of tens of thousands of compromised computers, known as a “botnet”, to flood a website’s servers with page view requests, leaving legitimate traffic unable to get through. This huge amount of connection requests can quickly overwhelm a server and, in some cases, cause an entire website to crash [Telegraph]. It seems Twitter, a relatively new service with a U.S.-based infrastructure, couldn’t handle the surge in traffic, while Facebook and Google, which have many key services located internationally, were better-prepared for it.

It has not been confirmed who perpetrated the attack, but the blogger says he believes it could have been an attempt by the Russian government to squelch his criticism of over Russia’s conduct in the war over the disputed South Ossetia region, which began a year ago today. “Maybe it was carried out by ordinary hackers but I’m certain the order came from the Russian government” [Guardian], the blogger said. Such a widespread attack, some believe, would only be possible if the coordinator of the attack had access to significant resources.

(more…)

A French hacker broke into the email accounts of Twitter executives and employees, and now the cyber snoop is leaking business and personal info about company leaders to TechCrunch, an American blog, and Korben, a French blog. The hacker reportedly guessed passwords and gained access to several Gmail accounts, as well as accounts with Google Docs, PayPal, and other services.

TechCrunch received a compressed zip file of 310 confidential documents, including a complete Twitter employee list and salary information; food preferences of Twitter employees; confidential contracts with companies such as Nokia, Samsung, Dell, AOL, Microsoft, and others; a contact list of notable Web and entertainment personalities; meeting reports; [and] applicant resumes [PC World]. Now it’s up to the site to decide what information to publish. Thus far, TechCrunch has decided not to release anything that is personally embarrassing. Still, under the philosophy “News is what somebody somewhere wants to suppress; all the rest is advertising,” the site will release documents it considers relevant to the company. These include notes from executive meetings, the original pitch for a Twitter TV show, and certain company financial information.

(more…)

A bold and sophisticated cyber attack that began last weekend took down government Web sites in both the United States and South Korea, and South Korean officials have blamed their neighbors to the north for the onslaught. South Korea’s National Intelligence Service, the nation’s main spy agency, told a group of South Korean lawmakers Wednesday it believes that North Korea or North Korean sympathizers in the South “were behind” the attacks [AP].

The attack, which began on July 4, brought down the Web sites of U.S. agencies like the Treasury Department, the Secret Service, and the Federal Trade Commission, with some of the problems lasting for days. In South Korea, an attack that began Tuesday crashed sites belonging to the presidential Blue House and the Defense Ministry, among others. In both countries, the cyber strike also targeted a few large commercial Web sites. “This is not a simple attack by an individual hacker, but appears to be thoroughly planned and executed by a specific organization or on a state level,” the National Intelligence Service said in a statement [The New York Times].

(more…)

Were you born after 1988 in a small state? If so, researchers would have a particularly good chance of figuring out your Social Security number. In a new study, researchers used publicly available data, including an individual’s place and date of birth, to guess the Social Security number that would have been assigned to that person. And the study’s authors say that cyber-crooks could use similar techniques for identity theft. “We live in a precarious time, where knowledge of a Social Security number, along with other information about one’s name and date of birth, is sometimes sufficient to impersonate another individual,” said Alessandro Acquisti, the study’s lead author [Bloomberg].

Acquisti’s team shared their results with the federal government, but the Social Security office is downplaying the findings; spokesman Mark Lassiter said there is still no “foolproof” method for predicting Social Security numbers. “The suggestion that Mr. Acquisti has cracked a code for predicting an SSN is a dramatic exaggeration,” Lassiter said via e-mail. However, he added: “For reasons unrelated to this report, the agency has been developing a system to randomly assign SSNs. This system will be in place next year” [AP].

(more…)

Cyber spies have hacked into computers containing information about the U.S. Defense Department’s most expensive weapons program ever: the $300 billion Joint Strike Fighter, a fighter jet also known as F35 Lightning II. The intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft. The latest intrusions provide new evidence that a battle is heating up between the U.S. and potential adversaries over the data networks that tie the world together [The Wall Street Journal].

U.S. officials reportedly traced the hackers back to China, but experts note that it’s extremely difficult to determine the real origin of an online attack, as paths can be disguised and identities masked. Meanwhile, the Chinese Embassy said in a statement that China “opposes and forbids all forms of cyber crimes.” It called the Pentagon’s report “a product of the Cold War mentality” and said the allegations of cyber espionage are “intentionally fabricated to fan up China threat sensations” [The Wall Street Journal].

(more…)

The computer worm known as Conficker that has infected millions of PCs around the world stirred yesterday and raised new fears that the hackers behind the worm are gearing up to cause mischief, but experts say their intentions are still mysterious. The worm went active on April 1, but it didn’t seek to disrupt networks and didn’t harness infected computers to send out waves of spam. The lack of a clear business model for Conficker … had confounded researchers and analysts. In fact, it was one of the reasons why there was so much attention paid to the worm’s new communications scheme activation date: Everyone wondered what it would do on April 1 to monetize the effort spent collecting a massive botnet [Computerworld].

Over the past two days infected machines have begun to download additional software, but so far the results still haven’t been as dire as many experts originally predicted. According to varying reports, some computers are just preparing to run a small-scale scam on their users, while others have adopted an existing email worm that can steal passwords and send spam. The latter function may be more troublesome, some experts say. The consensus within the computer security industry is that although there are now some indications that Conficker’s authors are intent on building a giant spam system, there is no hard evidence. “This is just Step 5 in a thousand-step chess match,” [The New York Times], said security expert Vincent Weafer.

(more…)

Spies have hacked into the U.S. electrical grid and left behind software programs that could allow outside agents to seize control of the grid and disrupt the flow of electricity across the nation, according to a report in The Wall Street Journal.

The spies came from China, Russia and other countries, [national security] officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven’t sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war. “The Chinese have attempted to map our infrastructure, such as the electrical grid,” said a senior intelligence official. “So have the Russians” [The Wall Street Journal]. While officials say they traced the intrusions back to China, Russia, and other countries, experts say it’s nearly impossible to prove that the hacks were government-sponsored. The Chinese and Russian governments have denied any wrongdoing.

(more…)

The computer worm known as Conficker woke up as expected this morning when calendars flipped to April 1, but fears that millions of infected computers would launch an attack on the world’s cyber-infrastructure have so far proved to be unfounded. Computer security experts have been warning the public for weeks that the Conficker worm was set to try to download commands from a server at an unknown Internet location on [April 1]. There was no certainty about the intent of the program, which could be used to send e-mail spam, distribute malicious software or generate a potentially devastating “denial of service” attack on Web sites or networks [The New York Times].

The worm is thought to have infected 12 million computers worldwide, with the most infections occurring in Asia. But computer experts monitoring the progress of the worm say that while infected computers do appear to be trying to link to control servers, the mysterious hackers behind the virus have yet to give those computers any specific instructions. However, security experts warned that there was no room for complacency…. “We believe the software is geared towards making money. The characteristic of this type of worm is to keep it slow and low, keep it under the radar to slowly maximise profits over the long term” [BBC News], says Vincent Weafer, of the anti-virus firm Symantec.

(more…)

Trees continue to fall due to illegal logging operations in the the Amazon rainforest, and Brazil’s environmental officials have discovered that those logging companies hired not just lumberjacks to get the job done, but also hackers. The hackers went to work in the Brazilian state of Pará, where the local government has launched an online system for issuing permits to logging companies. The system tracks their total output and simply refuses to issues more permits, which are checked when the wood is hauled out in trucks [Ars Technica].

But instead of abiding by the limits on the amount of timber they could haul out of the rainforest, more than 107 companies allegedly hired hackers to access the government records and increase their timber allocations. Andre Muggiati, a Greenpeace official in Brazil, said that “by hacking into the permit system, these companies have made their timber shipments appear legal and compliant with the forest management plans” [Wired News]. The Brazilian government has already arrested more than 30 people involved in the scandal.

(more…)

Sophisticated computer hackers are as big a threat to the United States as weapons of mass destruction and global jihad, argues a new report on cybersecurity. The report, which was produced by the Center for Strategic and International Studies, a Washington think tank, contains recommendations for the incoming Obama administration, and issues a dire assessment of the government’s current efforts to prevent cyberattacks. “America’s failure to protect cyberspace is one of the most urgent national security problems facing the new administration that will take office in January 2009,” the report states. Cyber safety is “a battle fought mainly in the shadows. It is a battle we are losing” [DailyTech].

The federal government has been embarrassed in recent years by intrusions into the computer networks of many different agencies, including the Defense, State, Homeland Security, and Commerce departments, the National Aeronautics and Space Administration (NASA), and the National Defense University. An investigation last year by The Washington Post showed that multiple compromises of unclassified computer systems for the Transportation Security Administration and DHS headquarters went unnoticed for months in 2006 because the agency failed to effectively monitor its own networks [Washington Post]. In some cases the breaches have been linked to Chinese computer servers, indicating a possible convergence between hacking and espionage.

(more…)