Tag: hacking

How Hackers Took Subway Customers for Millions of Dollars Due to Franchisees' Incompetence

By Veronique Greenwood | December 21, 2011 2:22 pm

sandwich
At some Subways, the sandwiches aren’t the only thing that’s
poorly constructed.

Security in the networked world of today isn’t always the easiest to understand, we’ll admit. But business owners, who are in a position of trust when it comes to customers’ debit and credit card transactions, should really be up on basic internet security. When they’re not, they literally give away their customers’ information to hackers. Case in point: about 150 Subway franchises, which, along with at least 50 other small retailers, caused 80,000 customers to lose a total of $3 million after they set up debit card scanners without proper security and encryption.

Here’s what happened: Though Subway distributes lists of security requirements to franchisees, some neglected to follow them. According to a Justice Department statement, in addition to disregarding encryption requirements, they installed cheap remote desktop software, the kind that lets a computer be accessed from another location. All hackers had to do was guess or otherwise determine the password for access, which, as all too many people have found out, isn’t very hard when your password is “password” or “12345.” Once they had that, the hackers were like kids in a candy store, and it took quite some time for anyone to notice what was going on.

It’s enough to make you take a good, hard look at your lunch joint’s manager, and, if he looks like he doesn’t know a trojan from a man in a toga, walk right back out that door.

Read more at Ars Technica.

Image courtesy of Brixton / flickr

CATEGORIZED UNDER: Technology

The Pentagon Now Considers Cyber Attacks Acts of War

By Veronique Greenwood | June 1, 2011 11:50 am

pentagon

What’s the News: Cyber attacks undertaken by another nation can be considered an act of war, according to a new Pentagon policy to be released in the next month. If you mess with the US online, the Pentagon has decided, it may retaliate offline, in the form of bombs, missiles, and other very real attacks. One military official sums it up thusly to the Wall Street Journal, which broke the story: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.” How exactly this stance will be put into practice, though, isn’t clear.

Read More

CATEGORIZED UNDER: Technology

PBS Site Pwned By Hacktivists; Tupac, Unfortunately, is Still Dead

By Veronique Greenwood | May 31, 2011 3:04 pm

pwnedA hacked page on PBS’s site announces the perpetrators.

What’s the News: On Sunday night, PBS found itself the victim of a cyber attack by the group LulzSec, which hacked PBS’s site in retaliation for a Frontline episode about WikiLeaks whose tone they found unfavorable. The first evidence? A post on the NewsHour blog alleging that rapper Tupac Shakur, who died in 1996, was still alive and well in New Zealand. PBS responded quickly, but as late as Monday night at about 5:50 pm, according to Boing Boing, LulzSec still had access to the site. Their motivation, the group says in an interview with Forbes, is a mixture of “lulz and justice.”

Read More

CATEGORIZED UNDER: Technology

Engineers Can Now Wirelessly Hack Your Car

By Patrick Morgan | March 16, 2011 4:11 pm

It wasn’t too surprising when scientists first hacked into a car using its own onboard diagnostic port—sure, it’s easy to get into a car’s electronic brain if you’re already inside the car. Now the science of car-hacking has received a digital upgrade: Researchers have have gained access to modern, electronics-riddled cars from the outside. And in so doing, they’ve managed to take control of a car’s door locks, dashboard displays, and even its brakes.

The oddest part of these findings, which were presented this week to the National Academy of Science’s Committee on Electronic Vehicle Controls and Unintended Acceleration, is that they weren’t entirely intentional: It was all part of an investigation prompted by the Toyota acceleration problems, and was meant to probe the safety of electronic automotive systems. But testing those system’s safety also uncovered some flaws.

How It Works

The researchers took a 2009 sedan (they declined to identify the make and embarrass the manufacturer) and methodically tried to hack into it using every trick they could think of. They discovered a couple good ones.

Read More

CATEGORIZED UNDER: Technology

How the Stuxnet Worm Formed Its Attacks—and Who Might Have It Now

By Andrew Moseman | February 15, 2011 1:57 pm

Stuxnet seems to become scarier every time you hear about it. The sophisticated piece of malware came to the world’s attention in September; shortly thereafter we heard that it was perfectly designed to attack nuclear centrifuges, and in fact had disrupted some nuclear research in Iran. Now comes more news about how it works, and who might be using it next.

The security group Symantec has been trying to analyze and understand the waves of Stuxnet attacks against Iran, and now its researchers have found the base of the attacks, according to Symantec’s Orla Cox.

The new research, which analysed 12,000 infections collected by various anti-virus firms, shows that the worm targeted five “industrial processing” organisations in Iran. “These were the seeds of all other infections,” said Ms Cox. The firm was able to identify the targets because Stuxnet collected information about each computer it infected, including its name, location and a time stamp of when it was compromised. [BBC News]

Though Symantec isn’t naming the five targets in Iran, another security expert studying Stuxnet’s code, Ralph Langner, told CNET the likely target of the whole attack was the Natanz nuclear enrichment plant.

Read More

CATEGORIZED UNDER: Technology

Security Experts: China-Based Hackers Stole Energy Companies’ Secrets

By Andrew Moseman | February 11, 2011 10:47 am

Over the last two years (and perhaps as long as four), hackers probably based in China have been targeting several huge multinational energy companies and using long-established techniques to extract information. That’s according to the computer security firm McAfee, which helped some of the companies fight back against the ongoing wave of attacks it has dubbed “Night Dragon.”

“We have confirmed that five companies have been attacked,” said Dmitri Alperovitch, McAfee’s vice president for threat research. He said he suspected that at least a dozen companies might have been affected by the team of computer hackers seemingly based in Beijing and who appeared to work during standard business hours there. “These people seemed to be more like company worker bees rather than free-spirited computer hackers,” he said. “These attacks were bold, even brazen, and they left behind a trail of evidence.” [The New York Times]

In a blog post about the attacks, McAfee CTO George Kurtz notes that the hackers took advantage of techniques that have been around for more than a decade. In fact, he says, their simplicity helped them to evade security software.

During the last two years — and up to four years — the hackers had access to the computer networks, focusing on financial documents related to oil and gas field exploration and bidding contracts, said Alperovitch. They also copied proprietary industrial processes. “That information is tremendously sensitive and would be worth a huge amount of money to competitors,” said Alperovitch. [Reuters]

Read More

CATEGORIZED UNDER: Technology

Hacktivists Join Protests, Attack Egypt and Yemen Government Websites

By Andrew Moseman | February 4, 2011 9:57 am

When last we covered the hacking group Anonymous, its members were trying to bring down the websites of companies like PayPal and Mastercard that had withdrawn support from WikiLeaks under government pressure. Now hackers have a new political target: Groups like Anonymous are launching attacks to bring down government websites in Egypt and Yemen as a show of solidarity with the protesters there.

The website of President Ali Abdullah Saleh has become inaccessible as Yemenis stage anti-government protests. It follows attacks on the websites of Egypt’s ruling party and ministry of information this week. Last month Anonymous shut down some Tunisian websites, including the government’s official site. [BBC News]

Anonymous managed to bring down the Ministry of Information site in Egypt, as well as that of President Hosni Mubarak’s National Democratic Party. As was the case during the war over WikiLeaks, Anonymous hackers’ primary weapon has been distributed denial of service attacks.

Read More

CATEGORIZED UNDER: Technology
MORE ABOUT: Egypt, hackers, hacking

Google Goes to the Museum, Takes Anatomy, and Challenges Hackers

By Andrew Moseman | February 3, 2011 11:22 am

Google extends its tendrils into new arenas so quickly that it’s difficult to keep up. This week the giant tech company is creating digital art museums, challenging the hackers of the world, letting you play doctor on your tablet, and messing around with fractals.

Google Art Project

Going to an art museum: Sure, it’s a great way to improve your cultural cachet, but it also makes your feet hurt. Fortunately for couch potato art lovers (or those of us who can’t fly all over the world on a whim), Google is bringing some of the world’s greatest museums to you through Art Project, which takes Street View technology into the Metropolitan Museum of Art, the Van Gogh Museum, and others.

The level of detail offered up by up to 14 billion pixels is pretty jaw-dropping. Take “The Ambassadors” by Hans Holbein the Younger at the National Gallery in London. It would be easy to ignore the sheet of music that sits on a table in the painting. But with the Google Art Project’s magnification, users can see that the sheet music actually has real music painted onto it. The user can zoom-in and see the individual notes and words with pin-sharp clarity. [Wall Street Journal]

For now just one painting from each of the participating museums is captured in such detail. More could come, and the project’s founder is also seeking a way to capture three-dimensional art, like sculpture.

A Chrome Challenge

For the first time, Google is taking its Chrome browser to Pwn2Own, a competition in which hackers try to break into the major Internet browsers including Firefox and Internet Explorer. And the company is making things a little more interesting, kicking in an additional $20,000 of prize money into the pool.

Read More

The Hacker War Over WikiLeaks Rages On

By Andrew Moseman | December 7, 2010 11:08 am

WikiLeaks-LogoToday WikiLeaks founder Julian Assange, wanted in connection with sex-related charges in Sweden, turned himself in to the police in London. And while Assange’s personal troubles escalate, so does the online war over WikiLeaks.

Last week came the cyber attack against WikiLeaks.org, which hacker “Jester” claimed to have organized.

On his blog, Jester describes himself as a”hacktivist for good” and someone who is “obstructing the lines of communication for terrorists, sympathizers, fixers, facilitators, oppressive regimes and other general bad guys.” [Los Angeles Times]

That disrupted the site’s operation and left WikiLeaks scrambling. But this week the tide of hacking has turned: Hackers operating under the names Operation Payback or Anonymous are targeting sites that have withdrawn support from WikiLeaks during the current controversy.

Noa Bar Yossef, senior security strategist for Imperva, commented via e-mail to say, “Operation Payback’s goal is not hacking for profit. In the classical external hacker case we see hackers grab information from wherever they can and monetize on it. In this case though, the hackers’ goal is to cripple a service, disrupt services, protest their cause and cause humiliation. In fact, what we see here is a very focused attack – knocking the servers offline due to so-called ‘hacker injustice’.” [PC World]

Read More

CATEGORIZED UNDER: Technology

Internet Intrigue: China Reroutes the Web, Stuxnet Is Even Scarier

By Andrew Moseman | November 19, 2010 10:50 am

computerhackIt was late September when the world got wind of Stuxnet, the complex piece of malware that appeared to specifically target Iranian nuclear sites. Now, analysis of Stuxnet suggests it was almost perfectly designed to corrupt nuclear centrifuges, according to David Albright of the Institute for Science and International Security.

On Wednesday, Mr. Albright and a colleague, Andrea Stricker, released a report saying that when the worm ramped up the frequency of the electrical current supplying the centrifuges, they would spin faster and faster. The worm eventually makes the current hit 1,410 Hertz, or cycles per second — just enough, they reported, to send the centrifuges flying apart. In a spooky flourish, Mr. Albright said in the interview, the worm ends the attack with a command to restore the current to the perfect operating frequency for the centrifuges — which, by that time, would presumably be destroyed. [The New York Times]

Computer experts don’t know Stuxnet’s origin for sure, though the Times’ story drops a few cryptic hints of Israeli involvement. And further study of the attack shows that although Stuxnet appears calibrated to disrupt centrifuges, it could be easily adapted to seize the reins of other systems.

The widespread interconnection of corporate networks and use of SCADA systems [supervisory control and data acquisition] means that industrial infrastructure is increasingly vulnerable to software attack. Such control systems are used in virtually every industry—food production, vehicle assembly, chemical manufacturing—and are commonly exposed to insecure networks. This leaves them vulnerable to tampering, such as with Stuxnet, as well as intellectual property theft. [Ars Technica]

Read More

CATEGORIZED UNDER: Technology
NEW ON DISCOVER
OPEN
CITIZEN SCIENCE
ADVERTISEMENT

Discover's Newsletter

Sign up to get the latest science news delivered weekly right to your inbox!

80beats

80beats is DISCOVER's news aggregator, weaving together the choicest tidbits from the best articles covering the day's most compelling topics.
ADVERTISEMENT

See More

ADVERTISEMENT
Collapse bottom bar
+

Login to your Account

X
E-mail address:
Password:
Remember me
Forgot your password?
No problem. Click here to have it e-mailed to you.

Not Registered Yet?

Register now for FREE. Registration only takes a few minutes to complete. Register now »