Tag Archives: Hacker News

Chinese Hackers Hack U.S. Chamber of Commerce

The Wall Street Journal reports today, that a group of hackers from China have compromised the U.S. Chamber of Commerce computer systems. According to the report, the hackers had complete access to their systems including all information stored on the  three million members of the organization. The U.S. Chamber is a lobbying organization whose stated purpose it to  “fight for free enterprise before Congress, the White House, regulatory agencies, the courts, the court of public opinion, and governments around the world”.

Phishing for Information

The FBI tipped the Chamber back in May of 2010 and the issue was dealt with quietly according to the WSJ source. It is thought that the compromise was made possible through a tactic called “spearphishing”. Basically, the hacker targets an individual and tries to get them to open up a link or document which contains spyware. Once the spyware gets a foothold in the computer network, it is designed to sniff out user accounts and passwords and send them to the hackers so that they can gain further access into the computer networks.

The extent of what was stolen isn’t fully known. It appears that the breach could have lasted more than a year before being discovered. WSJ sources say that hackers focused mainly on four employees who worked on Asia policy. It is also thought that one of the hackers might have ties to the Chinese government.  Geng Shuang, spokesman for the Chinese embassy, said the accusation “lacks proof and evidence and is irresponsible”.

Are there lessons to be learned from this breach? Without fully knowing the facts of the situation it is hard for me to say, but I believe it is important for businesses to realize that there is a very real and hidden danger lurking out there on the web. Our world is interconnected and companies, as well as governments, all over the world are looking for intelligence. It may be for political reasons or simply could be to gain competitive advantage in the marketplace. Whatever the reason, businesses, even small ones, need to place priority on computer security. This is especially true if you electronically store information on your customers such as credit cards and the like.

For more information about this hack, you can view the Wall Street Journal article here. You can also reach the U.S. Chamber here.

Anonymous & LulzSec Tell FBI To Go Fish

Over the past couple of days the FBI has been making arrests in and around New York City with regards to the PayPal breach carried out by Anonymous back in December 2010. Over 14 people were arrested on Tuesday and several more searches are underway.

Back in December 2010, Anonymous had attacked PayPal because they had stopped or closed down accounts of . The shutdown was done because of the leak of classified U.S. documents by Wikileaks. After the PayPal breach, Anonymous continued destructing several other websites including those of MasterCard and Visa.

Also Read: Editorial: LulzSec, AntiSec and Why the Internet is a Sadder Place Now

The FBI had been on trail of suspects since a long time, but they final managed to make some arrests after almost 8 months. However, the arrests have hardly shaken Anonymous and the recently notorious LulzSec, who have grown in popularity over the past few months and had also recently attacked Rupert Murdoch’s newspapers because of the phone hacking scandal.

In a open letter to the FBI, Anonymous and LulzSec have basically asked the FBI to F*** Off. The response came after the deputy assistant FBI director Steven Chabinsky gave the following statement to NPR;

"We want to send a message that chaos on the Internet is unacceptable,  [even if] hackers can be believed to have social causes, it’s entirely  unacceptable to break into websites and commit unlawful acts."

The hacktivists replied to this message by arguing that Governments are lying to their citizens and trying to keep them into control and curtailing their freedom. Along with that, Corporations and lobbyists are conspiring with the Governments while collecting billions in funds for federal contracts.

They have also clearly stated that the "governments and corporations are their enemy" and they will continue to fight them. Additionally, Anonymous and LulzSec seem to have no fear in this world anymore and are claiming to be unstoppable;

We are not scared any more. Your threats to arrest us are meaningless to us as you cannot arrest an idea. Any attempt to do so will make your citizens more angry until they will roar in one gigantic choir. It is our mission to help these people and there is nothing – absolutely nothing – you can possibly to do make us stop.

This is definitely a direct attack on the FBI and their security and will ensure a cat-and-mouse game between the government and the hacktivists. It is definitely not the end and the authorities will have to fight a painful battle on the internet against people they might never be able to catch.

Also Read: LulzSec Takes Down CIA.gov Website, Forwards Prank Calls to FBI

The drama is yet to unfold. The next few months or years will show how this will pan out and who will win the battle. In the meantime, you can read the entire Anonymous & Lulz Security Statement below:

Hello thar FBI and international law authorities,

We recently stumbled across the following article with amazement and a certain amount of amusement:

http://www.npr.org/2011/07/20/138555799/fbi-arrests-alleged-anonymous-hackers

The statements made by deputy assistant FBI director Steve Chabinsky in this article clearly seem to be directed at Anonymous and Lulz Security, and we are happy to provide you with a response.

You state:

  "We want to send a message that chaos on the Internet is unacceptable,   [even if] hackers can be believed to have social causes, it’s entirely   unacceptable to break into websites and commit unlawful acts."

Now let us be clear here, Mr. Chabinsky, while we understand that you and your colleagues may find breaking into websites unacceptable, let us tell you what WE find unacceptable:

* Governments lying to their citizens and inducing fear and terror to keep them in control by dismantling their freedom piece by piece.

* Corporations aiding and conspiring with said governments while taking advantage at the same time by collecting billions of funds for federal contracts we all know they can’t fulfil.

* Lobby conglomerates who only follow their agenda to push the profits higher, while at the same time being deeply involved in governments around the world with the only goal to infiltrate and corrupt them enough so the status quo will never change.

These governments and corporations are our enemy. And we will continue to fight them, with all methods we have at our disposal, and that certainly includes breaking into their websites and exposing their lies.

We are not scared any more. Your threats to arrest us are meaningless to  us as you cannot arrest an idea. Any attempt to do so will make your citizens more angry until they will roar in one gigantic choir. It is our mission to help these people and there is nothing – absolutely nothing – you can possibly to do make us stop.

  "The Internet has become so important to so many people that we have to ensure that the World Wide Web does not become the Wild Wild West."

Let me ask you, good sir, when was the Internet not the Wild Wild West? Do you really believe you were in control of it at any point? You were not.

That does not mean that everyone behaves like an outlaw. You see, most people do not behave like bandits if they have no reason to. We become bandits on the Internet because you have forced our hand. The Anonymous bitchslap rings
through your ears like hacktivism movements of the 90s. We’re back – and we’re not going anywhere. Expect us.

Internet Explorer Critical Security Flaw – Early Present for Microsoft

malwareHave you opened all of your Christmas presents yet? Microsoft’s biggest present was a huge security headache that hit them just before Christmas. On December 22nd, Microsoft was forced to warn everyone that Windows users are now vulnerable to a flaw in all versions of Internet Explorer. This flaw, known to take advantage of specially formatted CSS (web page code), doesn’t have an easy fix.

metaploit-logoSo far, nobody has detected hackers using an exploit based on this zero-day CSS flaw. However, an exploit has been published and even included in the Metasploit security defense suite. That means that it’s only a matter of time before Microsoft’s problem becomes a problem for all users of Internet Explorer. Microsoft has promised that they are working in a fix for this flaw. Will it get here in time to save us from thousands of hacked home computers?

Here’s my suggestion to all of those using   Internet Explorer:

Download and install a different web browser such as Firefox, Chrome or Opera. Only use Internet Explorer if it’s absolutely needed. Once you’ve done that, you can patiently wait on Microsoft to fix this problem.

Affected Operating Systems: Windows XP, Vista, 7

Affected Browsers: IE6, 7, 8, 9

Bitly News Is a Hacker News Clone For Twitter

There are several ways to track popular stories on thanks to services like TweetMeme among others. However, the most common way of measuring popularity has usually been through the number of re-tweets a link has received.

Bitly News Hacker News Clone

Though using Retweets is a good measure, it in itself does not show the popularity of a shared article. For example there are thousands of users who automatically tweet a link using services such as Twitterfeed, so almost 50% or more of those retweets might be automated.

Bitly News is sort of a top news for Twitter which is pretty similar to how Hacker News is, however, instead of using crowd sourcing, the developer of Bitly News uses the Bit.ly API to source data and ranks articles based on the number of clicks it has generated. These kinds of lists definitely make sense since it takes actual measurement into consideration.

However, since Bitly News solely relies on bit.ly URL shortening don’t assume it to be 100% accurate or for that matter even 50% considering the number of alternative URL shortening services in use today on Twitter.

Bitly News was created by Jeff Miller as part of the Bit.ly API contest, for which he also won the first prize. It would be interesting to see how Jeff can take the project further to also include or source data from other URL shortening services to create a comprehensive snapshot of trending links on Twitter.

(Source: Tech Crunch)

Facebook and Twitter are Easy to Hack on Public Wifi

Have you ever used your Facebook or Twitter accounts on a public wifi? The next time you do, you’d better be prepared. It’s now easier than ever to hack into online accounts on unsecured wifi networks. I found out by reading an article recommended by Linda Lawrey.

How is this possible?

firesheep-logoThere’s a new Firefox addon called FireSheep. This new addon makes it very easy to hack into many online services, such as Facebook and Twitter. However, it only works on unsecured networks, like most public wifi hotspots. It can also be defeated by using other methods that I’ll mention below.

Here’s a quick video showing how easy it is to capture accounts using Firesheep.

Wifi Safety Tips:

I don’t think you need to take the video’s advice and stop using public wifi. You just need to be more aware of the danger. If you always use HTTPS (Secure logins) when you sign onto a website, you’ll be able to defeat the majority of attacks like these. Look for a lock in your web browser’s address bar before you login.

https.facebook.login.chrome

Below are links to plugins for Firefox and Chrome that can help you stay secured while surfing.

Firefox browser

arrow-down-double-3 Force-TLS or HTTPS Everywhere

Google Chrome browser

arrow-down-double-3 KB SSL enforcer

Conclusion:

Be careful when using public or unsecured wifi hotspots. Always use HTTPS whenever possible. Another good method is to use VPN tunneling. There are some good tips from Ask-Leo for staying safe on public wifi.

Large Scale iTunes Fraud Underway, Once Again

iTunes Back in July, we reported that several iTunes accounts were compromised by hackers who went on to make fraudulent purchases on the user’s behalf. Although Apple clamped down on the hackers, and promised security improvements after widespread criticism from bloggers, hackers seem to have one-upped them once again.

TechCrunch is reporting that another large-scale iTunes scam is underway, and several iTunes account holders have already lost thousands of dollars. The problem seems to be due to a security hole in iTunes accounts linked to PayPal. One affected user, Joey Bruce tweeted, “Someone hacked my iTunes/PayPal acct and drained everything from my bank account. Life is kicking me in the balls while I’m down”.

Given iTunes’ abysmal security track record, we strongly recommend against permanently storing any financial information (i.e. linking with your credit card or PayPal). PayPal is aware of the issue; however, none of the involved parties have issued a statement.

In related news, 12 people have been charged with fraud and money laundering offences related to iTunes. Apparently, this gang uploaded tracks to Amazon and iTunes and used stolen credit cards to purchase them.

More iTunes Accounts Being Hacked For Fraudulent Purchases

Earlier this week, several users iTunes accounts were hacked to make app purchases. The hack turned out to be by a rogue developer who purchased his own apps from other users account to push it up the top rated apps section. If you thought that it was an isolated case, you are wrong since more users are now complaining of unwarranted purchases through their iTunes account.

iTunes WiiSHii Network Hacked Receipt

According to Ars Technica, a reader contacted them saying that fraudulent app purchases were made through his account to the tune of $168.89. However, only apps from a single developer WiiSHii Network were purchased. The apps in question are travel guides for Chinese cities.

Due to the fraudulent purchases the apps from WiiSHii Network are now gaining numbers in the travel category. Now the question here is how the hackers in question got hold of the passwords for users account, and if their passwords were so easy to guess, why didn’t Apple trigger an alert when a single user was purchasing the same apps over and over again?

So is this a case where any developers can go and access iTunes accounts for users who download their apps and make frivolous purchases. Why isn’t Apple acknowledging a problem at their end and continuing to blame users for having easy guessable passwords?

Even you iTunes account could be hacked, to ensure that nothing is wrong or no weird purchases have been made, open iTunes and Click on the "Account" link under the Quick Links section in the right hand side. You will be prompted to enter your password, do the needful and hit enter. In your account page, first check your purchase history, if you see some weird transactions, report the problem to Apple. Make sure to change your iTunes password even if you don’t see any problems with your account.

(Ars Technica via TechMeme)

Hacker News Bans Google And Other Search Engine Indexing

Hacker News a social news website based about computer hacking and startup companies has just blocked Google and other search engines from indexing their site.

Hacker News Google Block Twitter Update

Hacker News is a social news sharing community by Y Combinator which is a startup funding company and is similar to sites like Digg and Reddit, where users can comment and vote on stories submitted to the site.

However, in a recent turn of events, Y Combinator has blocked Google and all other search engines from crawling the site. The news was flashed to all users through a  update.

Hacker News Google Block

There is no official confirmation about why Hacker News blocked Google, however, the Hacker News community is definitely not happy about it since there is no official announcement on why the block was put in place.