Were you born after 1988 in a small state? If so, researchers would have a particularly good chance of figuring out your Social Security number. In a new study, researchers used publicly available data, including an individual’s place and date of birth, to guess the Social Security number that would have been assigned to that person. And the study’s authors say that cyber-crooks could use similar techniques for identity theft. “We live in a precarious time, where knowledge of a Social Security number, along with other information about one’s name and date of birth, is sometimes sufficient to impersonate another individual,” said Alessandro Acquisti, the study’s lead author [Bloomberg].
Acquisti’s team shared their results with the federal government, but the Social Security office is downplaying the findings; spokesman Mark Lassiter said there is still no “foolproof” method for predicting Social Security numbers. “The suggestion that Mr. Acquisti has cracked a code for predicting an SSN is a dramatic exaggeration,” Lassiter said via e-mail. However, he added: “For reasons unrelated to this report, the agency has been developing a system to randomly assign SSNs. This system will be in place next year” [AP].
(more…)
Cyber spies have hacked into computers containing information about the U.S. Defense Department’s most expensive weapons program ever: the $300 billion Joint Strike Fighter, a fighter jet also known as F35 Lightning II. The intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft. The latest intrusions provide new evidence that a battle is heating up between the U.S. and potential adversaries over the data networks that tie the world together [The Wall Street Journal].
U.S. officials reportedly traced the hackers back to China, but experts note that it’s extremely difficult to determine the real origin of an online attack, as paths can be disguised and identities masked. Meanwhile, the Chinese Embassy said in a statement that China “opposes and forbids all forms of cyber crimes.” It called the Pentagon’s report “a product of the Cold War mentality” and said the allegations of cyber espionage are “intentionally fabricated to fan up China threat sensations” [The Wall Street Journal].
(more…)
The computer worm known as Conficker that has infected millions of PCs around the world stirred yesterday and raised new fears that the hackers behind the worm are gearing up to cause mischief, but experts say their intentions are still mysterious. The worm went active on April 1, but it didn’t seek to disrupt networks and didn’t harness infected computers to send out waves of spam. The lack of a clear business model for Conficker … had confounded researchers and analysts. In fact, it was one of the reasons why there was so much attention paid to the worm’s new communications scheme activation date: Everyone wondered what it would do on April 1 to monetize the effort spent collecting a massive botnet [Computerworld].
Over the past two days infected machines have begun to download additional software, but so far the results still haven’t been as dire as many experts originally predicted. According to varying reports, some computers are just preparing to run a small-scale scam on their users, while others have adopted an existing email worm that can steal passwords and send spam. The latter function may be more troublesome, some experts say. The consensus within the computer security industry is that although there are now some indications that Conficker’s authors are intent on building a giant spam system, there is no hard evidence. “This is just Step 5 in a thousand-step chess match,” [The New York Times], said security expert Vincent Weafer.
(more…)
Spies have hacked into the U.S. electrical grid and left behind software programs that could allow outside agents to seize control of the grid and disrupt the flow of electricity across the nation, according to a report in The Wall Street Journal.
The spies came from China, Russia and other countries, [national security] officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven’t sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war. “The Chinese have attempted to map our infrastructure, such as the electrical grid,” said a senior intelligence official. “So have the Russians” [The Wall Street Journal]. While officials say they traced the intrusions back to China, Russia, and other countries, experts say it’s nearly impossible to prove that the hacks were government-sponsored. The Chinese and Russian governments have denied any wrongdoing.
(more…)
The computer worm known as Conficker woke up as expected this morning when calendars flipped to April 1, but fears that millions of infected computers would launch an attack on the world’s cyber-infrastructure have so far proved to be unfounded. Computer security experts have been warning the public for weeks that the Conficker worm was set to try to download commands from a server at an unknown Internet location on [April 1]. There was no certainty about the intent of the program, which could be used to send e-mail spam, distribute malicious software or generate a potentially devastating “denial of service” attack on Web sites or networks [The New York Times].
The worm is thought to have infected 12 million computers worldwide, with the most infections occurring in Asia. But computer experts monitoring the progress of the worm say that while infected computers do appear to be trying to link to control servers, the mysterious hackers behind the virus have yet to give those computers any specific instructions. However, security experts warned that there was no room for complacency…. “We believe the software is geared towards making money. The characteristic of this type of worm is to keep it slow and low, keep it under the radar to slowly maximise profits over the long term” [BBC News], says Vincent Weafer, of the anti-virus firm Symantec.
(more…)
Trees continue to fall due to illegal logging operations in the the Amazon rainforest, and Brazil’s environmental officials have discovered that those logging companies hired not just lumberjacks to get the job done, but also hackers. The hackers went to work in the Brazilian state of Pará, where the local government has launched an online system for issuing permits to logging companies. The system tracks their total output and simply refuses to issues more permits, which are checked when the wood is hauled out in trucks [Ars Technica].
But instead of abiding by the limits on the amount of timber they could haul out of the rainforest, more than 107 companies allegedly hired hackers to access the government records and increase their timber allocations. Andre Muggiati, a Greenpeace official in Brazil, said that “by hacking into the permit system, these companies have made their timber shipments appear legal and compliant with the forest management plans” [Wired News]. The Brazilian government has already arrested more than 30 people involved in the scandal.
(more…)
Sophisticated computer hackers are as big a threat to the United States as weapons of mass destruction and global jihad, argues a new report on cybersecurity. The report, which was produced by the Center for Strategic and International Studies, a Washington think tank, contains recommendations for the incoming Obama administration, and issues a dire assessment of the government’s current efforts to prevent cyberattacks. “America’s failure to protect cyberspace is one of the most urgent national security problems facing the new administration that will take office in January 2009,” the report states. Cyber safety is “a battle fought mainly in the shadows. It is a battle we are losing” [DailyTech].
The federal government has been embarrassed in recent years by intrusions into the computer networks of many different agencies, including the Defense, State, Homeland Security, and Commerce departments, the National Aeronautics and Space Administration (NASA), and the National Defense University. An investigation last year by The Washington Post showed that multiple compromises of unclassified computer systems for the Transportation Security Administration and DHS headquarters went unnoticed for months in 2006 because the agency failed to effectively monitor its own networks [Washington Post]. In some cases the breaches have been linked to Chinese computer servers, indicating a possible convergence between hacking and espionage.
(more…)
A pesky computer virus that has popped up on computers around the world has now made the leap into space. NASA announced yesterday that several laptops on board the International Space Station were infected with the virus in July, and also admitted that such infections have happened before.
“This is not the first time we have had a worm or a virus,” NASA spokesman Kelly Humphries said. “It’s not a frequent occurrence, but this isn’t the first time.” … NASA downplayed the news, calling the virus mainly a “nuisance” that was on non-critical space station laptops used for things like e-mail and nutritional experiments [Wired News].
(more…)
Computer experts are investigating the cyberattack that brought down Georgian Web sites during Russia’s invasion of Georgia, and say the assault may mark the first large-scale attempt at “cyber warfare.” As Russian tanks began to roll into Georgia on Friday, millions of extraneous requests — a so-called Distributed Denial of Service (DDoS) attack — took down Georgia’s banking and government sites. [Security expert Graham Cluley says:] “In modern warfare, it’s not unusual to see opposing forces take over TV stations, radios and newspapers. In our century, taking over Internet sites is now part of the same kind of strategy” [Venture Beat].
The attack is similar to an incident in May 2007 when Estonian government Web sites were brought down in response to the government’s plans to move a Russian-installed monument; a 20-year-old Russian hacker was later convicted of organizing that attack. As for who’s responsible for the current online strike against Georgia, the theories range from “some kids who got overexcited” [CNET] to a criminal network directed by the Russian government.
(more…)
Three MIT undergraduates who found weaknesses in the fare cards for Boston’s subway system had planned to give a talk about their work at a hackers’ conference in Las Vegas this weekend. But on Friday the Massachusetts Bay Transit Authority sued the students and MIT to stop the speech, and on Saturday morning a federal judge slapped the students with a 10-day restraining order to keep their mouths shut.
The MBTA said that they needed time to investigate the student’s claims, and if they were true, to try to correct them before sensitive information got out via the students’ slide show presentation. One slide explains that the presentation would teach attendees how to generate fare cards, reverse engineer magnetic stripes on cards and hack radio frequency identification (RFID) cards. The next slide says: “And this is very illegal! So the following material is for educational use only” [AP].
(more…)
