Archive | Hackers RSS for this section

ISPs Are About to Crack Down on lllegal File-Sharing

In July 2011, a coalition of U.S. Internet providers — including AT&T, Verizon, Comcast, Cablevision and Time Warner Cable — signed on to an agreement to crack down on online copyright infringers. Or, well, to “crack down.”

The terms of the agreement emphasized user education over user punishment. Instead of cutting infringing users off from Internet services, the providers dreamed up a “six strikes” approach to infringement notification: Copyright holders would do their standard scanning for infringement.

They would then cross-reference suspect IP addresses against the ISPs that control them. The copyright holders would then send a message to infringers — and, under the agreement, the ISPs would in turn commit to forwarding those messages to their customers.

For up to six of those messages. The agreement’s goal, Ars Technica noted at the time, was to “educate and stop the alleged content theft in question, not to punish. No ISP wants to lose a customer or see a customer face legal trouble based on a misunderstanding, so the alert system provides every opportunity to set the record straight.”

The plan, though, was never implemented. Instead, its launch kept getting postponed. And postponed. And postponed. In March, the ISP crackdown was predicted to have a July 2012 launch. And July came and went.

But bad news, torrenters. The ISP crackdown, as of today, appears imminent. According to a report in The Hill, the infringement alert system will be implemented “over the next several weeks.”

The report quotes Jill Lesser, the executive director of the Center for Copyright Information — the organization overseeing the new anti-piracy program — as saying, “We’re really close and we’ll start seeing alerts over the next several weeks.” (She prefaces that comment with a nod to the long build-up to the system’s launch: “There are [implementation] dates in draft materials that are not set in stone and we don’t want to create any expectations we can’t meet…”)

The Hill‘s report, though, confirms an earlier story from the blog TorrentFreak, which obtained internal documents from AT&T specifying a Nov. 28 launch date for the alert program. Those documents also suggested that the cooperation between service providers and copyright holders could facilitate legal action against infringers.

Under the alert system, TorrentFreak noted, “Internet providers have to inform copyright holders about which IP-addresses are repeatedly flagged. The MPAA and RIAA can then use this information to ask the court for a subpoena, so they can obtain the personal details of the account holder.”

Lesser insists that the arrangement is not SOPA Lite. Receiving an alert “doesn’t mean you’re any more liable to be sued or the content owner has any more eligibility to sue someone,” as she put it. And Internet subscribers’ accounts won’t be terminated as part of the program.

Instead, the plan will allow for “mitigation measures” if users fail to respond to alerts. Not only may a service provider temporarily slow down those users’ Internet speeds, or direct them to an online tutorial when they try to access popular websites. They also might implement other penalties, which are up to the service providers themselves (who, on their own, have very little incentive to punish copyright infringers to begin with).

The main hope in all this seems to be that it will, essentially, scare users straight — and that the “scorched earth tactics” of the past won’t be necessary now that copyright holders have used those tactics to make their point. As the draft language of the agreement puts it, “It’s likely that very few subscribers who after having received multiple alerts, will persist (or allow others to persist) in the content theft.”

That attitude might be pragmatic — it might be Pollyanna-ish. Either way, we’ll soon find out which it is.

Advertisements

This hacker is porting the original Google Maps app to iOS 6, shows it can be done

At a time when the Apple Maps and Google Maps brouhaha is being discussed by everyone everywhere, one iOS hacker offers a glimpse at a temporary solution. While iOS 6 users wait for either Apple to hire engineers to fix all the issues, for Google tostop focusing just on Android and save the day, or for Microsoft to wake up and smell the coffeeRyan Petrich has a video that shows Google Maps running on iOS 6

Before you watch, Petrich would like to apologize for the poor video quality as hesays “YouTube mangles source video if it’s less than a certain width.” While the iOS hacker hasn’t revealed how he pulled off the feat, the video’s description does offer a bit more detail:

Preview of the old Google Maps application from iOS5.1 and earlier running on an iPhone 3G S updated to iOS 6.0

Still crashy and cannot be distributed to the public yet, but it mostly works 🙂

Uncompressed video from DisplayRecorder: http://rpetri.ch/db/GoogleMapsiOS6.mov

We thus know the Google Maps app in question is unsurprisingly from previous versions of iOS. More importantly, Petrich hints at the fact that he would like to release it to the public, once he gets it working properly.

Given that the iPhone 5 has already fallen to hackers, it would not surprise me if this port is released on the Cydia Store for jailbroken devices in the near future. If Apple Maps doesn’t get its act together soon, Cupertino will have created a very good reason for Apple users to jailbreak their devices.

I have contacted Petrich for more information. I will update you if and when I hear back.

Update at 4:00PM EST: Petrich has shared more information about the hack with The Next Web. He’s run into some issues and thus doesn’t have a release date:

Currently it requires binaries from both an older 5.1 SDK and an older 5.1 version of iOS and is thus not redistributable. This issue was solved in the earlier “Spire” project I worked on with Grant Paul by building an installer that had the device fetch the appropriate files directly from Apple’s CDN, but it’s not clear that a similar approach would work here. There is no timeline on when it might be ready as I’m not certain this can be overcome.

Also, I’ve only gone through the effort to support the official Maps app and not the in-app MapKit views that are used in Foursquare and other apps. If the redistribution problem can be solved, I intend to add an option to bridge embedded map views over as well.

If you’re wondering who Grant Paul is, he’s another iOS hacker. His most recent achievement was yesterday, when he jailbroke the iPhone 5.

Pirate Bay Co-Founder Arrested For Alleged Tax Cybercrime

Last week, Gottfrid Svartholm was arrested. Again. If that name rings a vaguely Scandinavian bell, it’s because he’s the co-founder ofPirate Bay. Pirate Bay, founded less than 10 years again in Sweden, made news over the past ten years for its controversial – and generally illegal – file-sharing practices. Specifically, Svartholm and his co-founder Fredrik Neij became the the whipping boys for the Motion Picture Association of America (MPAA) – among other media companies – for copyright violations. Those copyright violation allegations eventually ended in a prison sentence and fees for Svartholm. Svartholm never showed up to serve his sentence and a warrant for his arrest has remained outstanding ever since.

The most recent arrest happened in Cambodia at the request of Swedish authorities. This time, however, the arrest isn’t tied to Pirate Bay but to something more serious: Svartholm is alleged to have hacked a Swedish IT company and leaked thousands of tax ID numbers. That company, Logica, provides services to the major tax offices in Sweden.

Two Swedes have already been identified as suspects and it would appear that Svartholm is the third.

Svartholm currently sits in Cambodia awaiting next steps. It was initially unclear as to what might happen since Cambodia does not have an extradition treaty with Sweden; extradition is the legal transfer of an accused person from one jurisdiction to another. Sources have indicated, however, that Cambodia appears to be cooperating with Swedish authorities.

BitTorrent Users Logged Within Hours

Do you share files with BitTorrent? If so, then say hello to Big Brother!

A study by researchers at Birmingham University reveals that most illegal file-sharers downloading the latest film or music releases are logged by a monitoring firm within three hours:

The three-year research was carried out by a team of computer scientists who developed software that acted like a BitTorrent file-sharing client and logged all the connections made to it. […]

The logs revealed that monitoring did not distinguish between hardcore illegal downloaders and those new to it.

“You don’t have to be a mass downloader. Someone who downloads a single movie will be logged as well,” said Dr Tom Chothia, who led the research.

“If the content was in the top 100 it was monitored within hours,” he said. “Someone will notice and it will be recorded.”

Gawker writer dons pink tutu in response to Anonymous demand

Adrian Chen in full regalia.

(Credit: Gawker)

All we can say to Adrian Chen is: thanks for taking a bullet for the rest of us.

Let’s hope this won’t become a regular demand before sources agree to speak with writers, but it did make for quite the sight as the tech world returned from the long Labor Day weekend: Gawker’s Adrian Chen published a picture of himself today resplendent in a a pink tutu with a shoe on his head after the shadowy group declared in a note left on the hacker document-sharing site Pastebin the following:

 to journalists: no more interviews to anyone till Adrian Chen get featured in the front page of Gawker, a whole day, with a huge picture of him dressing a ballet tutu and shoe on the head, no photoshop. yeah, man. like Keith Alexander. go, go, go.

(and there you ll get your desired pageviews number too) Until that happens, this whole statement will be the only thing getting out directly from us. So no tutu, no sources.

The demand came as an online hacker group associated with Anonymous claimed to have posted 1 million Apple Unique Device Identifiers after breaching FBI security. So far, Chen reports, he hasn’t heard back from Anonymous.

Security expert: Iran and North Korea teaming up to fight malware like Duqu, Flame, Stuxnet

Iran and North Korea have been in bed together for a long time, but recently they threw off the covers for the whole world to see. At least one security expert thinks there is a malware angle here that is worth underlining.

At the start of this month, news broke that Iran and North Korea have strengthened their ties, specifically by signing a number of cooperation agreements on science and technology. The two states signed the pact on Saturday, declaring that it represented a united front against Western powers. Ayatollah Ali Khamenei, Iran’s Supreme Leader, told Kim Yong Nam, North Korea’s ceremonial head of state, the two countries have common enemies and aligned goals.

On Monday, security firm F-Secure weighed in on the discussion. The company believes Iran and North Korea may be interested in collaborating against government-sponsored malware attacks such as DuquFlame, and Stuxnet.

“It’s highly likely that one of the reasons for this co-operation is for them to work together regarding their cyber defence and cyber offense strategies,” F-Secure security chief Mikko Hypponen told V3. “Both of these countries have clear interest in improving their cyber capability. And both of them have massive armies. Iran and North Korea have both armies that are among the 10 largest in the world.”

For the uninitiated, Stuxnet is a highly sophisticated piece of malware discovered in June 2010. It initially spreads via Windows, eventually targeting Siemens industrial software and equipment. Different variants of Stuxnet targeted five Iranian organizations, with the probable target widely suspected to be uranium enrichment infrastructure in the country. Duqu, which was discovered in September 2011, is very similar to Stuxnet, is believed to be created by the same authors, and is also related to the nuclear program of Iran.

Flame is the most recent such state-sponsored malware, and was discovered in May 2012. It is being used for targeted cyber espionage in Middle Eastern countries, but infections have also been reported in Europe and North America. It attacks Windows computers and can spread to other systems over a LAN or via USB stick. Flame is capable of recording audio, screenshots, keyboard activity, network traffic, Skype conversations, and can even download contact information from nearby Bluetooth-enabled devices.

It has been widely speculated that Israel and the US have been involved in the development of at least one of these pieces of malware, and possibly all three.

Pirate Bay co-founder Warg arrested in Cambodia

One of the founders of the popular file-sharing Pirate Bay website, has been arrested in Cambodia, the local police have announced.

Gottfrid Svartholm Warg was held in Phnom Penh after an international warrant was issued against him in April by his native Sweden.

Sweden acted after he had failed to show up for the start of his one-year jail term for copyright violations.

Warg and three other founders had said the website was within the law.

“His arrest was made at the request of the Swedish government for a crime related to information technology,” Cambodia’s police spokesman Kirth Chantharith told the AFP news agency.

“We don’t have an extradition treaty with Sweden but we’ll look into our laws and see how we can handle this case,” the spokesman added.

In Sweden, Warg’s former defence lawyer Ola Salomonsson confirmed the arrest, the Aftonbladet newspaper reports.

Warg and the site’s co-founders – Fredrik Neij and Peter Sunde, as well financier Carl Lundstroem – were convicted by a Swedish court of encouraging copyright violations in 2009.

Neij, Sunde and Lundstroem all had their one-year jail terms reduced to between four and 10 months following an appeal in 2010.

They were also ordered to pay nearly $7m (£4m) in damages for copyright infringement to music and movie companies.

However, Warg did not attend the appeal hearing, with his lawyer saying that he was too ill. The Swedish court then decided to uphold his sentence.

The operations of the Pirate Bay were largely shut down in Sweden six years ago, but the website has continued to function.

The site was founded in 2003, and claims to have more than 30m users worldwide.

No copyright content is hosted on the site’s web servers. Instead, it hosts “torrent” links to TV, film and music files held on its users’ computers.

Second accused LulzSec hacker arrested in Sony breach

A second suspected member of the LulzSec hacker group has been arrested for his alleged role in a 2011 network security breach at Sony Pictures Entertainment.

Raynaldo Rivera, 20, of Tempe, Ariz., surrendered to authorities today in Phoenix, the Federal Bureau of Investigation said in a statement. An indictment unsealed today charged Rivera with conspiracy and unauthorized impairment of a protected computer. He faces 15 years in prison if convicted.

Cody Kretsinger, of Phoenix, was indicted last September in connection with the attack and has pleaded guilty, the FBI said.

Rivera, who is allegedly known by the monikers “neuron” and “royal,” is accused of participating in an SQL injection attack on Sony Picture’s Web site in June 2011 and downloading thousands of names, birth dates, addresses, e-mails, phone numbers, and passwords. The information for was then posted to Pastebin, and the attack was announced on the group’s Twitter feed.

The hacking group taunted the studio on Twitter, saying it was the “beginning of the end” for Sony.

“Hey @Sony, you know we’re making off with a bunch of your internal stuff right now and you haven’t even noticed?” LulzSec tweeted. “Slow and steady, guys.”

The group boasted on Twitter that it had made off with the personal information for more than a million people, but Sony said the actual number was closer to 37,000.

How to Identify a Scam Email

Remember the good-old days, when a Nigerian Prince would offer you riches beyond belief if you’d just help him get some of his ill-gotten gains out of the country? That prince hasn’t e-mailed me in years. He’s been replaced by a wide variety of scam tales, all of them just as hell-bent on making you do things you’re sure to regret later on.

Just the other day, a new scam e-mail arrived in my inbox. Though it was from someone I didn’t know, the subject line didn’t give it away. It said simply, “ATL INVITATION.” No misspellings, no histrionics. The capitalization, though, did the trick and got my attention.

On the other hand, the email itself was ridiculously brazen, almost laughably so: In it “Mr. Carney Mark Edward” explained that there was a package for me at an Atlanta airport. Officials scanned it and found there may be as much as $5 million inside. I could get my hands on the money if I just gave them enough information to steal my identity, fleece me of my life savings and possibly ruin my life.

So, yes, the ruse was dead obvious to me, but I’ve been in this game a long time; I’ve got my guard up. Not everyone does.

I thought it might be interesting to dig into the guts of a scam email like this one. Do they serve up any obvious clues? What makes this e-mail so dangerous?

“While this email is a phishing attack with its immediate purpose to gain person information, it is actually a classic Advance Fee scam (commonly called a Nigeria 914 scam or the more historically accurate name of The Spanish Prisoner),” Kevin Haley, Director Norton Security Response wrote me in an e-mail.

Haley blogs about security for the security software company Symantec (makers of the Norton family of security software products), and has written more than once about these scams. He offered to pick apart my email, which he called “bait,” to see if we could learn any truths about the heart of a digital flimflam.

Below is the original email with Haley’s comments about the tell-tale signs of a scam inserted. Enjoy

Anatomy of a Scam Email

From: Mr. Carney Mark Edward.

[This is an interesting choice of name. Carny (without the e) is slang for a carnival employee, a place where many con games are known to have occurred. Mark is slang for the victim in a con.]

CarneyMark@grace.ocn.ne.jp

[Notice the .jp, indicating Japan. Why is Mr. Edward using a mail box in Japan? The address is no longer working. ]

Date: Mon, Aug 20, 2012 at 9:49 AM
Subject: ATL INVITATION
To:

[The Set-Up: An official looking email from a real place.]

Atlanta Hartsfield/Jackson International Airport

[Actual name of the airport is Hartsfield-Jackson Atlanta International Airport. Close enough.]

Service Port-Atlanta
Port Information
Port Code:1704
Location Address:157 Tradeport Drive
Atlanta, GA 30354.
Operational Hours: 8:00 AM-5:00 PM(Eastern)
Seven Days A Week (7)

[This is correct, copied word for word from the CBP.gov website I found it on. A Service Port is where cargo is processed and inspected. It’s run by the Dept. of Homeland Security, which certainly does not use mailboxes in Japan for communication.]

Attn: Consignee,

We Intercepted your Consignment Box Tagged personal effect on Transit.

[The Tale: The Service Port thinks they have your box. You know it’s not your box. And you would probably at this point just delete the message, or send them a nice note back telling them the mistake. That is, unless you are the classic mark, someone greedy and or willing to be at least a little dishonest if you see an advantage to you. And that’s The Hook. The con man is going to give you a big incentive to be dishonest.]

When scanned it is estimated that the consignment contains valuable cash between $4.5 to $5Million Dollars.

[The Hook: 5 million dollars could be useful.]

The consignment was intercepted and deposited in our restricted bonded store because it was not properly declared.

The details on the consignment tagged.

Type: SUITCASE
Wheels: 4 wheels
Handles: Trolley handle with top & side handles
Approximate Dimensions: Height: 3.20 ft, Width: 2.50 ft, Depth: 1.90 ft.
Weight: 180lbs.

[More of The Tale: It’s these details that are used to convince you that this is all real. By the time you’re done you may even be convinced that that is your box with the “valuable cash” in it. Would anyone ever ship a box full of cash? What kind of cash isn’t valuable? What are they saying? At this point the hooked mark doesn’t care. Greed has made them gullible. ]

We need;

1. Your Full Name.
2. Home phone & Cell Phone
3. Home delivery address
4. Any form of Identification either Drivers license or International Passport.

[The Sting: Here is what the con man wants. Getting your identity and contact information seems pretty reasonable. After all they have to get the money to you somehow.]

You are expected to come or assign an Attorney who will come for the normalization of

[You just allowed them to steal your identity. But they are not done with you yet. You’ve just shown that you’re greedy and gullible. So this will not be the last thing they ask you for. There will be fees, fines and other costs before you can pick up that box of valuable cash.]

your Bill of Entry and pick up of your Consignment.

Best Regard

Mr. Carney Mark Edward.

Your Tales

Take a look at your own inbox. How many scam emails do you receive each week? Have you ever responded (did that $5M ever arrive?)? Share your tale in the comments. We promise not to judge. Also, if you have additional tips for identifying this dastardly missives, share them, as well.

Google Doubles Down On Rewards For Bug Reports With $2 Million In Hacking Prizes

If Google hadn’t made the message clear enough already: It really, really wants you to hack its software.

On Wednesday the companyannounced that it’s holding another competition for hackers to target its Chrome browser, following the Pwnium competition it held in Vancouver last March, where it offered a total of $1 million in hacking prizes. This time the company’s putting a total of $2 million in rewards on the table for anyone who can find bugs in its browser, exploit them, and tell Google’s security team the details of their techniques.

“The first Pwnium competition held earlier this year exceeded our expectations,” Google security engineer Chris Evans wrote in a blog post. “Most importantly, we were able to make Chromium [the open-source code base on which Chrome is built] significantly stronger based on what we learned.”

The contest will be held in October at the Hack in the Box security conference in Kuala Lumpur, Malaysia. “We hope this gives enough time for the security community to craft more beautiful works, which we’d be more than happy to reward and celebrate,” Evans wrote.

Google is offering up to $60,000 for a single working Chrome exploit. While several other companies including Mozilla, PayPal and Facebook offer bug bounties, none publicly offers such a high sum.

In another blog post Tuesday, Google wrote that it had already paid out $1 million in total bounties, and would be adding small bonuses for certain categories of exploits.

Bumping its total payout for the competition, which it’s calling Pwnium 2, may be more of a marketing stunt than a significant change. In the last Pwnium contest (whose name comes from the word “pwn,” hacker jargon for compromising or taking over a target) Google only found two hackers willing and capable of winning its $60,000 prize and gave out only a small fraction of its $1 million bounty.

Even with $60,000 rewards, it’s not clear that hackers able to take Chrome apart will come forward to claim the prizes. Google’s bounties likely can’t match the sums offered by government intelligence and law enforcement agencies who buy similarly rare exploits with the intention of using them for spying on and tracking targets rather than helping software vendors fix their security flaws.

At the Vancouver conference where Google’s last Pwnium competition was held, for instance, French security firm Vupen demonstrated an exploit for Chrome at the simultaneous Pwn2Own competition, which unlike Google’s contest doesn’t require hackers to share all the details of their methods. Vupen’s chief executive Chaouki Bekrar told me that he had no intention of participating in Google’s competition if it meant revealing an exploit it could instead keep secret and sell to its government customers. “We wouldn’t share this with Google for even $1 million,” he said at the time.

In his Twitter feed Wednesday, Bekrar suggested that a bigger total reward pool wouldn’t convince Vupen to share its tricks with Google.

“Pwnium 2!” he wrote. “Expect me on Forbes saying: ‘We won’t give our pwn even for $2 millions.”