Original Story: NYTimes.com
A prominent hacker set to be
sentenced in federal court this week for breaking into numerous computer
systems worldwide has provided a trove of information to the
authorities, allowing them to disrupt at least 300 cyberattacks on
targets that included the United States military, Congress, the federal
courts, NASA and private companies, according to a newly filed
government court document.
The hacker, Hector Xavier Monsegur,
also helped the authorities dismantle a particularly aggressive cell of
the hacking collective Anonymous, leading to the arrest of eight of its
members in Europe and the United States, including Jeremy Hammond, who
the Federal Bureau of Investigation said was its top “cybercriminal
target,” the document said. Mr. Hammond is serving a 10-year prison
term.
The court document was prepared by prosecutors who are
asking a judge, Loretta A. Preska, for leniency for Mr. Monsegur because
of his “extraordinary cooperation.” He is set to be sentenced on
Tuesday in Federal District Court in Manhattan on hacking conspiracy and
other charges that could result in a long prison term.
It has
been known since 2012 that Mr. Monsegur, who was arrested in 2011, was
acting as a government mole in the shadowy world of computer hacking,
but the memorandum submitted to Judge Preska late on Friday reveals for
the first time the extent of his assistance and what the government
perceives of its value. It also offers the government’s first
explanation of Mr. Monsegur’s involvement in a series of coordinated
attacks on foreign websites in early 2012, though his precise role is in
dispute.
The whereabouts of Mr. Monsegur have been shrouded in
mystery. Since his cooperation with the authorities became known, he has
been vilified online by supporters of Anonymous, of which he was a
member. The memo, meanwhile, said the government became so concerned
about his safety that it relocated him and some members of his family.
“Monsegur
repeatedly was approached on the street and threatened or menaced about
his cooperation once it became publicly known,” said the memo, which
was filed by the office of Preet Bharara, the United States attorney in
Manhattan.
Born in 1983, Mr. Monsegur moved to the Jacob Riis
housing project on the Lower East Side of Manhattan at a young age,
where he lived with his grandmother after his father and aunt were
arrested for selling heroin. He became involved with hacking groups in
the late 1990s, drawn, he has indicated, to the groups’ anti-government
philosophies.
Mr. Monsegur’s role emerged in March 2012 when the
authorities announced charges against Mr. Hammond and others. A few
months later, Mr. Monsegur’s bail was revoked after he made
“unauthorized online postings,” the document said without elaboration.
He was jailed for about seven months, then released on bail in December
2012, and has made no further postings, it said.
The
memo said that when Mr. Monsegur (who used the Internet alias Sabu) was
first approached by F.B.I. agents in June 2011 and questioned about his
online activities, he admitted to criminal conduct and immediately
agreed to cooperate with law enforcement.
That night, he reviewed
his computer files with the agents, and throughout the summer, he daily
“provided, in real time, information” that allowed the government to
disrupt attacks and identify “vulnerabilities in significant computer
systems,” the memo said.
“Working sometimes literally around the
clock,” it added, “at the direction of law enforcement, Monsegur engaged
his co-conspirators in online chats that were critical to confirming
their identities and whereabouts.”
His primary assistance was his cooperation against Anonymous and its splinter groups Internet Feds and LulzSec.
“He
provided detailed historical information about the activities of
Anonymous, contributing greatly to law enforcement’s understanding of
how Anonymous operates,” the memo said.
Neither Mr. Bharara’s office nor a lawyer for Mr. Monsegur would comment about the memo.
Mr.
Monsegur provided an extraordinary window on the activities of LulzSec,
which he and five other members of Anonymous had created. The memo
describes LulzSec as a “tightly knit group of hackers” who worked as a
team with “complementary, specialized skills that enabled them to gain
unauthorized access to computer systems, damage and exploit those
systems, and publicize their hacking activities.”
The memo said
that LulzSec had developed an “action plan to destroy evidence and
disband if the group determined that any of its members had been
arrested, or were out of touch,” and it credits Mr. Monsegur for
agreeing so quickly to cooperate after being confronted by the bureau.
Had he delayed his decision and remained offline for an extended period,
the document said, “it is likely that much of the evidence regarding
LulzSec’s activities would have been destroyed.”
After his
arrest, Mr. Monsegur provided information that helped repair a hack of
PBS’s website in which he had been a “direct participant,” and helped
patch a vulnerability in the Senate’s website. He also provided
information about “vulnerabilities in critical infrastructure, including
at a water utility for an American city, and a foreign energy company,”
the document said.
The coordinated attacks on foreign government
websites in 2012 exploited a vulnerability in a popular web hosting
software. The targets included Iran, Pakistan, Turkey and Brazil,
according to court documents in Mr. Hammond’s case. The memo said that
“at law enforcement direction,” Mr. Monsegur tried to obtain details
about the software vulnerability but was unsuccessful.
“At the
same time, Monsegur was able to learn of many hacks, including hacks of
foreign government computer servers, committed by these targets and
other hackers, enabling the government to notify the victims, wherever
feasible,” the memo said.
The memo does not specify which of the foreign governments the United States alerted about the vulnerabilities.
But
according to a recent prison interview with Mr. Hammond as well as logs
of Internet chats between him and Mr. Monsegur, which were submitted to
the court in Mr. Hammond’s case, Mr. Monsegur seemed to have played a
more active role in directing some of the attacks. In the chat logs, Mr.
Monsegur directed Mr. Hammond to hack numerous foreign websites, and
closely monitored whether Mr. Hammond had success in gaining access to
the sites.
Sarah Kunstler, a lawyer for Mr. Hammond, said on
Saturday: “The government’s characterization of Sabu’s role is false.
Far from protecting foreign governments, Sabu identified targets and
actively facilitated the hacks of their computer systems.”
At his
sentencing in November, Mr. Hammond was prohibited by Judge Preska from
naming the foreign governments that Mr. Monsegur had asked him to hack.
But, according to an uncensored version of a court statement by Mr.
Hammond that appeared online that day, the target list included more
than 2,000 Internet domains in numerous countries.
Mr. Hammond’s
sentencing statement also said that Mr. Monsegur encouraged other
hackers to give him data from Syrian government websites, including
those of banks and ministries associated with the leadership of
President Bashar al-Assad.
SEO Blog. Organic SEO Blog. Search Marketing News. SEO Done Right examines search engine optimization, the most effective form of internet marketing. Breaking SEO news and emerging developments at Google, Yahoo, and Bing. Leading Organic SEO Consultants Peak Positions debunk the many myths, hype, and spin related to SEO and search marketing.
Showing posts with label hacker. Show all posts
Showing posts with label hacker. Show all posts
Wednesday, May 28, 2014
Thursday, June 07, 2012
LinkedIn Website Hacked
Story first appeared in USA Today.
In the latest blow to online confidence, the accounts of some users of business-networking site LinkedIn and dating site eHarmony were compromised after users' encrypted passwords were posted on the Internet.
Many of LinkedIn's 161 million members worldwide, who use the site to form professional connections, were also bombarded Wednesday by e-mail from unfamiliar parties urging them to click on links to verify e-mail addresses. LinkedIn and eHarmony join the list of several major websites, including retailer Zappos.com, that were hacked in recent months.
Wednesday's cyberattack on LinkedIn, which affects as many as 6.5 million users, came on the heels of a discovery that LinkedIn's mobile app on Apple devices tracked users' calendar events and synched them to its server without users' knowledge, a practice that could violate Apple's privacy regulations.
The encrypted password hash codes, which can be deciphered to uncover users' passwords, could give the hacker access to users' accounts once the codes are cracked, according to an IDC tech industry analyst.
Some of the passwords that were compromised correspond to LinkedIn accounts, the company confirmed in a blog post on its site Wednesday. In another post, LinkedIn urged users never change your password by following a link in an e-mail, since those links might be compromised and redirect you to the wrong place. The company also said it would send users of the affected accounts instructions on how to reset their passwords and that these instructions would be devoid of any links.
Late Wednesday, eHarmony said the passwords of a "small fraction" of its users had also been compromised. The site, which says it has more than 20 million registered online users, did not say how many had been affected. But tech news site Ars Technica said it found about 1.5 million passwords leaked online that appeared to be from eHarmony users.
It's unclear who was behind the hacking, but several tech analysts encouraged users to change passwords on the sites and create unique passwords for every social-media account. If you have the same password on multiple accounts, change them right now. If the hackers get one password and all of your passwords are the same, they're going to have access to all your information.
The LinkedIn incident underscores the importance of passing data-protection legislation and that it forecasts a shaky future for online consumerism. How many times is this going to happen before Congress finally wakes up and takes action? More people are becoming antsy about providing their personal information online, and that's not good for the future.
In the latest blow to online confidence, the accounts of some users of business-networking site LinkedIn and dating site eHarmony were compromised after users' encrypted passwords were posted on the Internet.
Many of LinkedIn's 161 million members worldwide, who use the site to form professional connections, were also bombarded Wednesday by e-mail from unfamiliar parties urging them to click on links to verify e-mail addresses. LinkedIn and eHarmony join the list of several major websites, including retailer Zappos.com, that were hacked in recent months.
Wednesday's cyberattack on LinkedIn, which affects as many as 6.5 million users, came on the heels of a discovery that LinkedIn's mobile app on Apple devices tracked users' calendar events and synched them to its server without users' knowledge, a practice that could violate Apple's privacy regulations.
The encrypted password hash codes, which can be deciphered to uncover users' passwords, could give the hacker access to users' accounts once the codes are cracked, according to an IDC tech industry analyst.
Some of the passwords that were compromised correspond to LinkedIn accounts, the company confirmed in a blog post on its site Wednesday. In another post, LinkedIn urged users never change your password by following a link in an e-mail, since those links might be compromised and redirect you to the wrong place. The company also said it would send users of the affected accounts instructions on how to reset their passwords and that these instructions would be devoid of any links.
Late Wednesday, eHarmony said the passwords of a "small fraction" of its users had also been compromised. The site, which says it has more than 20 million registered online users, did not say how many had been affected. But tech news site Ars Technica said it found about 1.5 million passwords leaked online that appeared to be from eHarmony users.
It's unclear who was behind the hacking, but several tech analysts encouraged users to change passwords on the sites and create unique passwords for every social-media account. If you have the same password on multiple accounts, change them right now. If the hackers get one password and all of your passwords are the same, they're going to have access to all your information.
The LinkedIn incident underscores the importance of passing data-protection legislation and that it forecasts a shaky future for online consumerism. How many times is this going to happen before Congress finally wakes up and takes action? More people are becoming antsy about providing their personal information online, and that's not good for the future.
Tuesday, May 01, 2012
Google Street View Engineer Identified
Story first appeared on The Register.
The 'Engineer Doe', who designed Google's Street View Wi-Fi software to collect personal data, has been named by an American newspaper.
The engineer is reportedly the developer of the popular NetStumbler wardriving program for Windows, who describes his occupation as a "hacker" on his LinkedIn page.
Google initially denied collecting personal information using its street-mapping camera-car fleet, then admitted it had captured unsecured Wi-Fi traffic but blamed a lone slurper: a so-called "rogue engineer" who wrote the software in his "20 per cent time permitted for self-directed projects".
An investigation by the Federal Communications Commission demolished this theory, however. The FCC found Google guilty of obstructing its investigation but concluded that collecting personal data from unsecured wireless networks did not breach the US Wiretap Act.
Privacy group EPIC says the FCC report undercuts the company's prior statements that a rogue engineer was responsible for the payload data collection. Instead, it indicates that Google intentionally intercepted payload data for business purposes and that many supervisors and engineers within the company reviewed the code and the design documents associated with the project.
Google itself released the FCC's report into its Street View data collection activities on Saturday, with most of the details readable - some portions remain redacted. Groups including EPIC and Consumer Watchdog have filed Freedom of Information requests to access all of the documents in the case.
An independent source code analysis of the engineer's work, commissioned by Google, is now available.
A little business context, missing from most press reports on this story, is useful to remember here. It concerns a firm called SkyHook and a Top SEO Company.
SkyHook is a Boston-based company that had already compiled a nationwide database of Wi-Fi access points. The biz merely collected SSID and signal strength - not personal data. SkyHook's database was used by licensees of Google's Android operating system for locations services. Eighteen months ago, SkyHook filed a suit claiming that Google had strong-armed Android licensees to use Google's location database instead of SkyHook's.
Far from being the work of a "lone slurper" tinkering in his own time, the software could be seen as creating an essential component of the Street View software stack. Google's Wi-Fi access point database was considered to be of enormous strategic significance.
Google's strategy after the data-slurp is proving to be much more interesting than the actual packet sniff.
For more organic SEO and web optimization related news, visit the SEO Done Right blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the Commercial and Residential Real Estate blog.
For technology and electronics related news, visit the Electronics America blog.
The 'Engineer Doe', who designed Google's Street View Wi-Fi software to collect personal data, has been named by an American newspaper.
The engineer is reportedly the developer of the popular NetStumbler wardriving program for Windows, who describes his occupation as a "hacker" on his LinkedIn page.
Google initially denied collecting personal information using its street-mapping camera-car fleet, then admitted it had captured unsecured Wi-Fi traffic but blamed a lone slurper: a so-called "rogue engineer" who wrote the software in his "20 per cent time permitted for self-directed projects".
An investigation by the Federal Communications Commission demolished this theory, however. The FCC found Google guilty of obstructing its investigation but concluded that collecting personal data from unsecured wireless networks did not breach the US Wiretap Act.
Privacy group EPIC says the FCC report undercuts the company's prior statements that a rogue engineer was responsible for the payload data collection. Instead, it indicates that Google intentionally intercepted payload data for business purposes and that many supervisors and engineers within the company reviewed the code and the design documents associated with the project.
Google itself released the FCC's report into its Street View data collection activities on Saturday, with most of the details readable - some portions remain redacted. Groups including EPIC and Consumer Watchdog have filed Freedom of Information requests to access all of the documents in the case.
An independent source code analysis of the engineer's work, commissioned by Google, is now available.
A little business context, missing from most press reports on this story, is useful to remember here. It concerns a firm called SkyHook and a Top SEO Company.
SkyHook is a Boston-based company that had already compiled a nationwide database of Wi-Fi access points. The biz merely collected SSID and signal strength - not personal data. SkyHook's database was used by licensees of Google's Android operating system for locations services. Eighteen months ago, SkyHook filed a suit claiming that Google had strong-armed Android licensees to use Google's location database instead of SkyHook's.
Far from being the work of a "lone slurper" tinkering in his own time, the software could be seen as creating an essential component of the Street View software stack. Google's Wi-Fi access point database was considered to be of enormous strategic significance.
Google's strategy after the data-slurp is proving to be much more interesting than the actual packet sniff.
For more organic SEO and web optimization related news, visit the SEO Done Right blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the Commercial and Residential Real Estate blog.
For technology and electronics related news, visit the Electronics America blog.
Monday, April 23, 2012
Infected PCs May Lose Internet In July
Story first appeared in USA Today.
For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.
This image provided by The DNS Changer Working Group (DCWG) shows the checkup webpage. It will only take a few clicks of the mouse. But for hundreds of thousands of computer users, those clicks could mean the difference between staying online and losing their connections this July.
Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.
The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org, that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.
Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.
Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.
The FBI started to realize that there might have a little bit of a problem on our hands because if they just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service. The average user would open up Internet Explorer and get 'page not found' and think the Internet is broken.
On the night of the arrests, the agency brought in the chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn't enough time. A federal judge in New York extended the deadline until July.
Now, the full court press is on to get people to address this problem. And it's up to computer users to check their PCs.
Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system.
The DNS system is a network of servers that translates a web address — such as www.ap.org — into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.
The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.
When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.
The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.
Most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers. Many corporations utilize Managed IT Services that provide quality control and Security Solutions to avoid situations such as these.
FBI officials said they organized an unusual system to avoid any appearance of government intrusion into the Internet or private computers. And while this is the first time the FBI used it, it won't be the last.
Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, the FBI will have to go down these paths, trail-blazing if you will, on these types of investigations.
Now, every time the agency gets near the end of a cyber case, they get to the point where they say, how are we going to do this, how are we going to clean the system" without creating a bigger mess than before.
For organic SEO and web optimization related news, visit the SEO Done Right blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the Commercial and Residential Real Estate blog.
For technology and electronics related news, visit the Electronics America blog.
For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer.
This image provided by The DNS Changer Working Group (DCWG) shows the checkup webpage. It will only take a few clicks of the mouse. But for hundreds of thousands of computer users, those clicks could mean the difference between staying online and losing their connections this July.
Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down.
The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org, that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet.
Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems.
Last November, the FBI and other authorities were preparing to take down a hacker ring that had been running an Internet ad scam on a massive network of infected computers.
The FBI started to realize that there might have a little bit of a problem on our hands because if they just pulled the plug on their criminal infrastructure and threw everybody in jail, the victims of this were going to be without Internet service. The average user would open up Internet Explorer and get 'page not found' and think the Internet is broken.
On the night of the arrests, the agency brought in the chairman and founder of Internet Systems Consortium, to install two Internet servers to take the place of the truckload of impounded rogue servers that infected computers were using. Federal officials planned to keep their servers online until March, giving everyone opportunity to clean their computers. But it wasn't enough time. A federal judge in New York extended the deadline until July.
Now, the full court press is on to get people to address this problem. And it's up to computer users to check their PCs.
Hackers infected a network of probably more than 570,000 computers worldwide. They took advantage of vulnerabilities in the Microsoft Windows operating system to install malicious software on the victim computers. This turned off antivirus updates and changed the way the computers reconcile website addresses behind the scenes on the Internet's domain name system.
The DNS system is a network of servers that translates a web address — such as www.ap.org — into the numerical addresses that computers use. Victim computers were reprogrammed to use rogue DNS servers owned by the attackers. This allowed the attackers to redirect computers to fraudulent versions of any website.
The hackers earned profits from advertisements that appeared on websites that victims were tricked into visiting. The scam netted the hackers at least $14 million, according to the FBI. It also made thousands of computers reliant on the rogue servers for their Internet browsing.
When the FBI and others arrested six Estonians last November, the agency replaced the rogue servers with clean ones. Installing and running the two substitute servers for eight months is costing the federal government about $87,000.
The number of victims is hard to pinpoint, but the FBI believes that on the day of the arrests, at least 568,000 unique Internet addresses were using the rogue servers. Five months later, FBI estimates that the number is down to at least 360,000. The U.S. has the most, about 85,000, federal authorities said. Other countries with more than 20,000 each include Italy, India, England and Germany. Smaller numbers are online in Spain, France, Canada, China and Mexico.
Most of the victims are probably individual home users, rather than corporations that have technology staffs who routinely check the computers. Many corporations utilize Managed IT Services that provide quality control and Security Solutions to avoid situations such as these.
FBI officials said they organized an unusual system to avoid any appearance of government intrusion into the Internet or private computers. And while this is the first time the FBI used it, it won't be the last.
Until there is a change in legal system, both inside and outside the United States, to get up to speed with the cyber problem, the FBI will have to go down these paths, trail-blazing if you will, on these types of investigations.
Now, every time the agency gets near the end of a cyber case, they get to the point where they say, how are we going to do this, how are we going to clean the system" without creating a bigger mess than before.
For organic SEO and web optimization related news, visit the SEO Done Right blog.
For national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the Commercial and Residential Real Estate blog.
For technology and electronics related news, visit the Electronics America blog.
Tuesday, August 31, 2010
Police Bust Russian Hacker Gang who made $30M in one Month
Russia Times
Russian police have detained ten people who managed to get one billion roubles, approximately $30 million, through a clever scheme involving a computer virus, blackmail and SMS billing.
Website Lifenews.ru reported on Tuesday that ten members of the criminal group had been detained in Moscow. Operatives of the city police directorate for fighting economic crimes have told journalists that the suspects created a computer virus that blocked all programs on the users’ computers and put a pornographic picture on the screen together with a demand to send an SMS to a certain number to receive a code that would supposedly unblock the computer. For the SMS the victims were billed about 300 roubles or $10. However, sending the SMS never led to any results and some users have sent it repeatedly.
According to the police, the suspects made about one billion roubles from the scam, or $33 million in just one month.
Although the virus extortion scheme is widespread in the world (it even has the special title of “ransomware”), Russians were probably first to invent the virus that blocks the Windows operating system completely.
Website Lifenews.ru reported on Tuesday that ten members of the criminal group had been detained in Moscow. Operatives of the city police directorate for fighting economic crimes have told journalists that the suspects created a computer virus that blocked all programs on the users’ computers and put a pornographic picture on the screen together with a demand to send an SMS to a certain number to receive a code that would supposedly unblock the computer. For the SMS the victims were billed about 300 roubles or $10. However, sending the SMS never led to any results and some users have sent it repeatedly.
According to the police, the suspects made about one billion roubles from the scam, or $33 million in just one month.
Although the virus extortion scheme is widespread in the world (it even has the special title of “ransomware”), Russians were probably first to invent the virus that blocks the Windows operating system completely.
Tuesday, August 24, 2010
Hacker’s Arrest Offers Glimpse Into Crime in Russia
NY Times
On the Internet, he was known as BadB, a disembodied criminal flitting from one server to another selling stolen credit card numbers despite being pursued by the United States Secret Service.
And in real life, he was nearly as untouchable — because he lived in Russia.
BadB’s real name is Vladislav A. Horohorin, according to a statement released last week by the United States Justice Department, and he was a resident of Moscow before his arrest by the police in France during a trip to that country earlier this month.
He is expected to appear soon before a French court that will decide on his potential extradition to the United States, where Mr. Horohorin could face up to 12 years in prison and a fine of $500,000 if he is convicted on charges of fraud and identity theft.
For at least nine months, however, he lived openly in Moscow as one of the world’s most wanted computer criminals.
The seizing of BadB provides a lens onto the shadowy world of Russian hackers, the often well-educated and sometimes darkly ingenious programmers who pose a recognized security threat to online commerce — besides being global spam nuisances — who often seem to operate with relative impunity.
Law enforcement groups in Russia have been reluctant to pursue these talented authors of Internet fraud, for reasons, security experts say, of incompetence, corruption or national pride.
In this environment, BadB’s network arose as “one of the most sophisticated organizations of online financial criminals in the world,” according to a statement issued by Michael P. Merritt, the assistant director of investigations for the Secret Service, which pursues counterfeiting and some electronic financial fraud.
As long ago as November 2009, the United States attorney’s office in Washington, in a sealed indictment, identified BadB as Mr. Horohorin, a 27-year-old residing in Moscow with dual Ukrainian and Israeli citizenship.
But it was not until Aug. 7 this year that Mr. Horohorin, who was traveling from Russia to France, was detained on a warrant from the United States as he boarded a plane to return to Russia at an airport in Nice, in southern France.
The Secret Service released a statement on Aug. 11, when the indictment was unsealed. Max Milien, a Secret Service spokesman in Washington, said the agency could not comment about the decision to arrest Mr. Horohorin in France.
Olga K. Shklyarova, spokeswoman for the Russian bureau of Interpol, said no American law enforcement agency had requested Mr. Horohorin’s arrest in her country. “We never received such a request,” she said by telephone.
According to the Secret Service statement, Mr. Horohorin managed Web sites for hackers who were able to steal large numbers of credit card numbers that were sold online anonymously around the globe.
Those buyers would do the more dangerous work of running up fraudulent bills.
The numbers were exchanged on Web sites called CarderPlanet — carder.su and badb.biz — according to the Secret Service, and payment was made indirectly through accounts at a Russian online settlement system known as Webmoney, an analogue to PayPal.
Underscoring the nationalistic tone of much of Russian computer crime, one site featured a cartoon of the Russian prime minister, Vladimir V. Putin, awarding medals to Russian hackers.
“We awaiting you to fight the imperialism of the U.S.A.” the site said, in approximate English.
Mr. Horohorin lived openly in Moscow. As a foreign citizen, he registered with the police, according to Dmitri Zakharov, a spokesman for the Russian Association of Electronic Communication, an industry lobby for legitimate Russian Internet businesses, who cited a database of such registries.
A phone number for Mr. Horohorin was out of service Thursday.
Arrests in Russia for computer crimes are rare, even when hackers living in Russia have been publicly identified by outside groups, like Spamhaus, a nonprofit group in Geneva and in London that tracks sources of spam.
The F.B.I. in 2002 resorted to luring a Russian suspect, Vasily Gorshkov, to the United States with a fake offer of a job interview (with a fictitious Internet company called Invita), rather than ask the Russian police for help.
To obtain evidence in the case, F.B.I. computer experts had hacked into Mr. Gorshkov’s computer in Russia. When this was revealed, Russian authorities expressed anger that the F.B.I. had resorted to a cross-border tactic.
Online fraud is not a high priority for the Russian police, Mr. Zakharov said, because most of it is aimed at computer users in Europe or the United States. “This is a main reason why spammers are not arrested,” he said.
Politics may also play a role.
Vladimir Sokolov, deputy director of the Institute of Information Security, a Russian research organization, said the United States and Russia were still at odds on basic issues of computer security, although the differences were narrowing.
The United States tends to view computer security as a law enforcement matter. Russia has pushed for an international treaty that would regulate the use of online weapons by military or espionage agencies.
Last year the United States opened talks on a treaty, but it has continued to press for closer law enforcement cooperation, Mr. Sokolov said.
Computer security researchers have raised a more sinister prospect: that criminal spamming gangs have been co-opted by the intelligence agencies in Russia, which provide cover for their activities in exchange for the criminals’ expertise or for allowing their networks of virus-infected computers to be used for political purposes — to crash dissident Web sites, perhaps.
Sometimes, the collateral damage for online business is immediate.
A year ago, for example, hackers used a network of infected computers to direct huge amounts of junk traffic at the social networking accounts of a 34-year-old political blogger in Georgia, a country that fought a war with Russia in 2008.
The attack, though, spun out of control and briefly crashed the global service of Twitter and slowed Facebook and LiveJournal, affecting tens of millions of computer users worldwide. The Russian authorities have repeatedly denied that the state has any connection to such attacks.
Spamhaus says 7 of the top 10 spammers in the world are based in the former Soviet Union, in Ukraine, Russia and Estonia.
More ominously, Western law enforcement agencies have traced a code intended for breaking into banking sites to Russian programming.
In 2007, Swedish experts identified a Russian hacker known only by his colorful sobriquet — the Corpse — as the author of a virus that logged keystrokes on personal computers to capture passwords for Nordea, a Swedish bank, and the accounts were drained of about $1 million.
For a time, these rogue programs were openly for sale on a Russian Web site. The home page displayed an illustration of Lenin making a rude gesture.
Since Mr. Horohorin’s arrest, the badb.biz Web site has gone dark.
But through Monday, at least, its CarderPlanet counterpart, the Russian site carder.su, was still open for business.
And in real life, he was nearly as untouchable — because he lived in Russia.
BadB’s real name is Vladislav A. Horohorin, according to a statement released last week by the United States Justice Department, and he was a resident of Moscow before his arrest by the police in France during a trip to that country earlier this month.
He is expected to appear soon before a French court that will decide on his potential extradition to the United States, where Mr. Horohorin could face up to 12 years in prison and a fine of $500,000 if he is convicted on charges of fraud and identity theft.
For at least nine months, however, he lived openly in Moscow as one of the world’s most wanted computer criminals.
The seizing of BadB provides a lens onto the shadowy world of Russian hackers, the often well-educated and sometimes darkly ingenious programmers who pose a recognized security threat to online commerce — besides being global spam nuisances — who often seem to operate with relative impunity.
Law enforcement groups in Russia have been reluctant to pursue these talented authors of Internet fraud, for reasons, security experts say, of incompetence, corruption or national pride.
In this environment, BadB’s network arose as “one of the most sophisticated organizations of online financial criminals in the world,” according to a statement issued by Michael P. Merritt, the assistant director of investigations for the Secret Service, which pursues counterfeiting and some electronic financial fraud.
As long ago as November 2009, the United States attorney’s office in Washington, in a sealed indictment, identified BadB as Mr. Horohorin, a 27-year-old residing in Moscow with dual Ukrainian and Israeli citizenship.
But it was not until Aug. 7 this year that Mr. Horohorin, who was traveling from Russia to France, was detained on a warrant from the United States as he boarded a plane to return to Russia at an airport in Nice, in southern France.
The Secret Service released a statement on Aug. 11, when the indictment was unsealed. Max Milien, a Secret Service spokesman in Washington, said the agency could not comment about the decision to arrest Mr. Horohorin in France.
Olga K. Shklyarova, spokeswoman for the Russian bureau of Interpol, said no American law enforcement agency had requested Mr. Horohorin’s arrest in her country. “We never received such a request,” she said by telephone.
According to the Secret Service statement, Mr. Horohorin managed Web sites for hackers who were able to steal large numbers of credit card numbers that were sold online anonymously around the globe.
Those buyers would do the more dangerous work of running up fraudulent bills.
The numbers were exchanged on Web sites called CarderPlanet — carder.su and badb.biz — according to the Secret Service, and payment was made indirectly through accounts at a Russian online settlement system known as Webmoney, an analogue to PayPal.
Underscoring the nationalistic tone of much of Russian computer crime, one site featured a cartoon of the Russian prime minister, Vladimir V. Putin, awarding medals to Russian hackers.
“We awaiting you to fight the imperialism of the U.S.A.” the site said, in approximate English.
Mr. Horohorin lived openly in Moscow. As a foreign citizen, he registered with the police, according to Dmitri Zakharov, a spokesman for the Russian Association of Electronic Communication, an industry lobby for legitimate Russian Internet businesses, who cited a database of such registries.
A phone number for Mr. Horohorin was out of service Thursday.
Arrests in Russia for computer crimes are rare, even when hackers living in Russia have been publicly identified by outside groups, like Spamhaus, a nonprofit group in Geneva and in London that tracks sources of spam.
The F.B.I. in 2002 resorted to luring a Russian suspect, Vasily Gorshkov, to the United States with a fake offer of a job interview (with a fictitious Internet company called Invita), rather than ask the Russian police for help.
To obtain evidence in the case, F.B.I. computer experts had hacked into Mr. Gorshkov’s computer in Russia. When this was revealed, Russian authorities expressed anger that the F.B.I. had resorted to a cross-border tactic.
Online fraud is not a high priority for the Russian police, Mr. Zakharov said, because most of it is aimed at computer users in Europe or the United States. “This is a main reason why spammers are not arrested,” he said.
Politics may also play a role.
Vladimir Sokolov, deputy director of the Institute of Information Security, a Russian research organization, said the United States and Russia were still at odds on basic issues of computer security, although the differences were narrowing.
The United States tends to view computer security as a law enforcement matter. Russia has pushed for an international treaty that would regulate the use of online weapons by military or espionage agencies.
Last year the United States opened talks on a treaty, but it has continued to press for closer law enforcement cooperation, Mr. Sokolov said.
Computer security researchers have raised a more sinister prospect: that criminal spamming gangs have been co-opted by the intelligence agencies in Russia, which provide cover for their activities in exchange for the criminals’ expertise or for allowing their networks of virus-infected computers to be used for political purposes — to crash dissident Web sites, perhaps.
Sometimes, the collateral damage for online business is immediate.
A year ago, for example, hackers used a network of infected computers to direct huge amounts of junk traffic at the social networking accounts of a 34-year-old political blogger in Georgia, a country that fought a war with Russia in 2008.
The attack, though, spun out of control and briefly crashed the global service of Twitter and slowed Facebook and LiveJournal, affecting tens of millions of computer users worldwide. The Russian authorities have repeatedly denied that the state has any connection to such attacks.
Spamhaus says 7 of the top 10 spammers in the world are based in the former Soviet Union, in Ukraine, Russia and Estonia.
More ominously, Western law enforcement agencies have traced a code intended for breaking into banking sites to Russian programming.
In 2007, Swedish experts identified a Russian hacker known only by his colorful sobriquet — the Corpse — as the author of a virus that logged keystrokes on personal computers to capture passwords for Nordea, a Swedish bank, and the accounts were drained of about $1 million.
For a time, these rogue programs were openly for sale on a Russian Web site. The home page displayed an illustration of Lenin making a rude gesture.
Since Mr. Horohorin’s arrest, the badb.biz Web site has gone dark.
But through Monday, at least, its CarderPlanet counterpart, the Russian site carder.su, was still open for business.
Saturday, February 20, 2010
College Kids in China Responsible For First Successful Google Hack
Hackers attacked Google from China schools
Hackers attacked Google from China schools
SAN FRANCISCO (AP) - The Internet attacks that may end up driving Google Inc. out of China originated from two prominent schools in the country, according to a story published late Thursday.
The New York Times reported security investigators have traced the hacking to computers at Shanghai Jiaotong University and Lanxiang Vocational School in China. The newspaper attributed the information to unnamed people involved in the investigation.
Google didn't immediately respond to requests for comment.
The company revealed on Jan. 12 that digital thieves had stolen some of its computer code and tried to break into the accounts of human rights activists opposed to China's policies. The sophisticated theft also targeted the computers of more than 30 other companies, according to security experts. A security weakness in Microsoft Corp.'s Internet Explorer Web browser is believed to have created an opening for the hackers.
The digital assault was serious enough to prompt Google to confront China's government about censorship rules that weed out politically and culturally sensitive topics from search results in the country. Google says it's prepared to shut down its China-based search engine and possibly shut down all of its offices in the country unless the ruling party loosens its restrictions on free speech.
Google and the government are still discussing a possible compromise.
The threat to leave China triggered speculation that Google suspected the country's government might have been involved in the computer attacks. Google has only said it believes the attack originated from within China.
China's government has denied any involvement while continuing to insist publicly that Google must obey its restrictions against showing links deemed to be subversive or pornographic.
The National Security Agency and other specialists in digital forensics have been trying to identify the source of the attacks against Google and the other companies for weeks. The inquiry led to computers at the two schools, with some evidence suggesting the attacks may have started 10 months ago, the Times reported.
Jiaotong University boasts one of China's top computer science programs, according to the Times' story. Lanxiang is a large vocational school that trains some computer scientists for the Chinese military, the Times said.
Spokesmen for the two schools told the Times that they hadn't heard U.S. investigators had implicated them in the attacks.
The New York Times reported security investigators have traced the hacking to computers at Shanghai Jiaotong University and Lanxiang Vocational School in China. The newspaper attributed the information to unnamed people involved in the investigation.
Google didn't immediately respond to requests for comment.
The company revealed on Jan. 12 that digital thieves had stolen some of its computer code and tried to break into the accounts of human rights activists opposed to China's policies. The sophisticated theft also targeted the computers of more than 30 other companies, according to security experts. A security weakness in Microsoft Corp.'s Internet Explorer Web browser is believed to have created an opening for the hackers.
The digital assault was serious enough to prompt Google to confront China's government about censorship rules that weed out politically and culturally sensitive topics from search results in the country. Google says it's prepared to shut down its China-based search engine and possibly shut down all of its offices in the country unless the ruling party loosens its restrictions on free speech.
Google and the government are still discussing a possible compromise.
The threat to leave China triggered speculation that Google suspected the country's government might have been involved in the computer attacks. Google has only said it believes the attack originated from within China.
China's government has denied any involvement while continuing to insist publicly that Google must obey its restrictions against showing links deemed to be subversive or pornographic.
The National Security Agency and other specialists in digital forensics have been trying to identify the source of the attacks against Google and the other companies for weeks. The inquiry led to computers at the two schools, with some evidence suggesting the attacks may have started 10 months ago, the Times reported.
Jiaotong University boasts one of China's top computer science programs, according to the Times' story. Lanxiang is a large vocational school that trains some computer scientists for the Chinese military, the Times said.
Spokesmen for the two schools told the Times that they hadn't heard U.S. investigators had implicated them in the attacks.
Friday, February 19, 2010
Corporations, Agencies Infiltrated by Botnet
AP
SAN FRANCISCO (AP) - Security experts have found a network of 74,000 virus-infected computers that stole information from inside corporations and government agencies. The unusual thing about the incident is not that it happened but that it was discovered, and it is a reminder of the dangers of having computers with sensitive data connected to the open Internet.
More than 2,400 organizations, including financial institutions and energy companies and federal agencies, were infiltrated by the "botnet," according to the NetWitness Corp. security firm, which discovered it.
NetWitness didn't name the companies or agencies whose computers were compromised. The Wall Street Journal said the affected companies included Merck & Co., Cardinal Health Inc., Paramount Pictures and Juniper Networks Inc. Merck and Cardinal Health said in statements Thursday that one computer in each company was among those in the botnet but no sensitive information was taken. The other two companies didn't return messages from The Associated Press seeking comment Thursday.
The victims don't appear to have been specifically targeted, unlike the recent computer attacks on Google Inc. that prompted the Internet search leader to threaten to pull its business out of China. That's an important distinction, because it shows how online secrets can fall into the wrong hands even when criminals aren't necessarily looking for them.
"This kind of stuff is out there and it's pervasive," said Amit Yoran, CEO of NetWitness and former cybersecurity chief at the U.S. Department of Homeland Security. Parts of the botnet discovered by his firm likely are still active. He said the network appears to be run from computers in Eastern Europe and China, but it's not certain the perpetrators are there.
Botnets are networks of poisoned PCs that are remotely controlled by hackers and behave like their criminal robots. The PCs are often infected when their owners visit bad Web sites or open malicious e-mail attachments.
Botnets are a major tool for cybercrime. They help criminals amass troves of stolen data that they can sell on the black market or use for their own schemes, such as yanking money from victims' bank accounts.
The biggest on record is the one created by the Conficker worm. That infected anywhere from 3 million to 12 million PCs running Microsoft Corp.'s Windows operating system and is still active.
The botnet NetWitness discovered used malicious software called "ZeuS" that steals passwords and other online credentials. It's primarily focused on poaching Internet banking credentials and is well known in the security community.
The fact that so many companies and government agencies were hit generally appears to have been incidental. Yoran said the attackers were targeting specific information rather than specific organizations.
Still, they were very successful, snatching more than 68,000 credentials over four weeks. Most of those credentials were login details for Facebook and Yahoo and other personal e-mail services. On the face of it those aren't the most sensitive pieces of information, but they can hold the keys to unlocking other types of online accounts and private data.
Security experts who weren't part of the NetWitness report said the findings illustrate the growing risk from the ZeuS software, whose authors are constantly updating it to evade detection by antivirus software and other security measures.
Don Jackson, researcher with the Counter Threat Unit of SecureWorks, said millions of computers are infected with ZeuS. Perhaps half a million of those are being milked by professional operators running the latest versions of the software.
He said the botnet NetWitness found was a "major threat" but added that the criminals behind it appeared to be using an older version of the software that is easier to detect.
"There are dozens of these types of operations ongoing every day that just aren't named," he said.
A bigger concern, Jackson said, is a new version of ZeuS that has appeared in the last few months and is more powerful and even harder to detect.
One of its features is that it gives a hacker the ability to conduct financial transactions directly from a compromised computer. Otherwise the criminal would have to steal the login credentials and use them on another computer. Some banks have put up extra security measures to detect and stop that.
More than 2,400 organizations, including financial institutions and energy companies and federal agencies, were infiltrated by the "botnet," according to the NetWitness Corp. security firm, which discovered it.
NetWitness didn't name the companies or agencies whose computers were compromised. The Wall Street Journal said the affected companies included Merck & Co., Cardinal Health Inc., Paramount Pictures and Juniper Networks Inc. Merck and Cardinal Health said in statements Thursday that one computer in each company was among those in the botnet but no sensitive information was taken. The other two companies didn't return messages from The Associated Press seeking comment Thursday.
The victims don't appear to have been specifically targeted, unlike the recent computer attacks on Google Inc. that prompted the Internet search leader to threaten to pull its business out of China. That's an important distinction, because it shows how online secrets can fall into the wrong hands even when criminals aren't necessarily looking for them.
"This kind of stuff is out there and it's pervasive," said Amit Yoran, CEO of NetWitness and former cybersecurity chief at the U.S. Department of Homeland Security. Parts of the botnet discovered by his firm likely are still active. He said the network appears to be run from computers in Eastern Europe and China, but it's not certain the perpetrators are there.
Botnets are networks of poisoned PCs that are remotely controlled by hackers and behave like their criminal robots. The PCs are often infected when their owners visit bad Web sites or open malicious e-mail attachments.
Botnets are a major tool for cybercrime. They help criminals amass troves of stolen data that they can sell on the black market or use for their own schemes, such as yanking money from victims' bank accounts.
The biggest on record is the one created by the Conficker worm. That infected anywhere from 3 million to 12 million PCs running Microsoft Corp.'s Windows operating system and is still active.
The botnet NetWitness discovered used malicious software called "ZeuS" that steals passwords and other online credentials. It's primarily focused on poaching Internet banking credentials and is well known in the security community.
The fact that so many companies and government agencies were hit generally appears to have been incidental. Yoran said the attackers were targeting specific information rather than specific organizations.
Still, they were very successful, snatching more than 68,000 credentials over four weeks. Most of those credentials were login details for Facebook and Yahoo and other personal e-mail services. On the face of it those aren't the most sensitive pieces of information, but they can hold the keys to unlocking other types of online accounts and private data.
Security experts who weren't part of the NetWitness report said the findings illustrate the growing risk from the ZeuS software, whose authors are constantly updating it to evade detection by antivirus software and other security measures.
Don Jackson, researcher with the Counter Threat Unit of SecureWorks, said millions of computers are infected with ZeuS. Perhaps half a million of those are being milked by professional operators running the latest versions of the software.
He said the botnet NetWitness found was a "major threat" but added that the criminals behind it appeared to be using an older version of the software that is easier to detect.
"There are dozens of these types of operations ongoing every day that just aren't named," he said.
A bigger concern, Jackson said, is a new version of ZeuS that has appeared in the last few months and is more powerful and even harder to detect.
One of its features is that it gives a hacker the ability to conduct financial transactions directly from a compromised computer. Otherwise the criminal would have to steal the login credentials and use them on another computer. Some banks have put up extra security measures to detect and stop that.
Hackers Find New Paths Through Facebook And Social Media
Reuters
A new type of computer virus is known to have breached almost 75,000 computers in 2,500 organizations around the world, including user accounts of popular social network websites, according Internet security firm NetWitness.
Reuters
A new type of computer virus is known to have breached almost 75,000 computers in 2,500 organizations around the world, including user accounts of popular social network websites, according Internet security firm NetWitness.
The latest virus -- known as "Kneber botnet" -- gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information back to hackers, NetWitness said in a statement.
A botnet is an army of infected computers that hackers can control from a central machine."
The company said the attack was first discovered in January during a routine deployment of NetWitness software.
Further investigation by the Herndon, Virginia-based software security firm revealed that many commercial and government systems were compromised, including 68,000 corporate login credentials and access to email systems, online banking sites, Yahoo, Hotmail and social networks such as Facebook.
"Conventional malware protection and signature-based intrusion detection systems are, by definition, inadequate for addressing Kneber or most other advanced threats," Chief Executive Amit Yoran said in a statement.
A botnet is an army of infected computers that hackers can control from a central machine."
The company said the attack was first discovered in January during a routine deployment of NetWitness software.
Further investigation by the Herndon, Virginia-based software security firm revealed that many commercial and government systems were compromised, including 68,000 corporate login credentials and access to email systems, online banking sites, Yahoo, Hotmail and social networks such as Facebook.
"Conventional malware protection and signature-based intrusion detection systems are, by definition, inadequate for addressing Kneber or most other advanced threats," Chief Executive Amit Yoran said in a statement.
Friday, January 29, 2010
Nebraska Man to Plead Guilty in Scientology Site Hack
USA Today
USA Today
Federal prosecutors in California say a Nebraska man will plead guilty to participating in a cyber attack on Church of Scientology websites in January 2008.
Thom Mrozek, a spokesman for the U.S. attorney's office in Los Angeles, says Brian Thomas Mettenbrink agreed to plead guilty Monday to the misdemeanor charge of unauthorized access of a protected computer. He faces a year in federal prison.
Court records say Mettenbrink attacked Scientology websites as part of Anonymous, an underground group that protests the Church of Scientology, accusing it of Internet censorship.
Prosecutors say hackers conducted a "denial of service" attack, in which computers flood a target website with malicious Internet traffic, making it unavailable to legitimate users.
Prosecutors say Mettenbrink, of Grand Island, Nebraska, is expected to enter his plea next week in Los Angeles, where the Church of Scientology is based.
Thom Mrozek, a spokesman for the U.S. attorney's office in Los Angeles, says Brian Thomas Mettenbrink agreed to plead guilty Monday to the misdemeanor charge of unauthorized access of a protected computer. He faces a year in federal prison.
Court records say Mettenbrink attacked Scientology websites as part of Anonymous, an underground group that protests the Church of Scientology, accusing it of Internet censorship.
Prosecutors say hackers conducted a "denial of service" attack, in which computers flood a target website with malicious Internet traffic, making it unavailable to legitimate users.
Prosecutors say Mettenbrink, of Grand Island, Nebraska, is expected to enter his plea next week in Los Angeles, where the Church of Scientology is based.
Monday, January 18, 2010
Foreign Reporter's G-mail Hacked in China
AP
BEIJING (AP) - International journalists in China said Monday that their Google e-mail accounts have been hacked in attacks similar to the ones against human rights activists that the search giant cited as a reason for considering pulling out of the country.
In announcing a possible exit from China last week, Google did not specify how the accounts with its Gmail e-mail service were hacked into or by whom. Information since then has trickled out.
The Foreign Correspondents' Club of China sent an e-mail Monday to its members warning that reporters in at least two news bureaus in Beijing said their Gmail accounts had been broken into, with their e-mails surreptitiously forwarded to unfamiliar accounts.
Although the warning did not name the organizations, one of the accounts belonged to an Associated Press journalist.
John Daniszewski, senior managing editor for international news at the news cooperative in New York, deplored the breach and said the AP will be investigating to determine if any vital information was compromised.
The foreign correspondents' club asked its members to be vigilant in protecting their e-mail accounts and computers from attack.
"We remind all members that journalists in China have been particular targets of hacker attacks in the last two years," the club's message read. "Please be very careful what you click on, and run virus checks regularly."
Google's announcement Tuesday that it might quit the huge Chinese market shocked the international business community and cheered many free-speech advocates. Google said a sophisticated attack in December from China targeted the Mountain View, California-based company's infrastructure and at least 20 other major companies from the Internet, financial services, technology, media and chemical industries.
Google said only two e-mail accounts were infiltrated in the attacks, with basic information such as subject lines and the dates that the individual accounts were created accessed. In its investigation, Google said it found that dozens of accounts of human rights advocates in China, the U.S. and Europe were routinely accessed by third parties, not due to a security breach at Google, but through viruses and spy software secretly placed on the users' computers.
The tactics used against the journalists are similar to those described by one human rights activist. After Google's announcement, Beijing law professor and human-rights lawyer Teng Biao wrote on his blog that someone broke into his Gmail account and forwarded e-mails to another account. The attack made use of a service that Gmail and other Web-based e-mail services offer, allowing users to set e-mail addresses to which their mail can be forwarded automatically.
Another activist said she was notified by David Drummond, Google's top lawyer, on Jan. 7 about an intrusion into her account. Tenzin Seldon, a Tibetan rights activist and sophomore at Stanford University, said she allowed her laptop to be inspected by Google's security experts, who found no viruses on the machine.
China-based international correspondents have seen their e-mail accounts hit by periodic waves of cyberattacks and snooping from undetermined sources over the past two years. The AP, Agence France-Presse, Dow Jones, Reuters and other news organizations were targeted in September in an attack in which viruses were implanted in ordinary looking e-mails.
The e-mails, which appeared to be from an editor of an English-language paper in Singapore, bore an attachment that once opened would install malware - malicious software - on computers, said a report late last year by computer security experts McAfee Inc.
In announcing a possible exit from China last week, Google did not specify how the accounts with its Gmail e-mail service were hacked into or by whom. Information since then has trickled out.
The Foreign Correspondents' Club of China sent an e-mail Monday to its members warning that reporters in at least two news bureaus in Beijing said their Gmail accounts had been broken into, with their e-mails surreptitiously forwarded to unfamiliar accounts.
Although the warning did not name the organizations, one of the accounts belonged to an Associated Press journalist.
John Daniszewski, senior managing editor for international news at the news cooperative in New York, deplored the breach and said the AP will be investigating to determine if any vital information was compromised.
The foreign correspondents' club asked its members to be vigilant in protecting their e-mail accounts and computers from attack.
"We remind all members that journalists in China have been particular targets of hacker attacks in the last two years," the club's message read. "Please be very careful what you click on, and run virus checks regularly."
Google's announcement Tuesday that it might quit the huge Chinese market shocked the international business community and cheered many free-speech advocates. Google said a sophisticated attack in December from China targeted the Mountain View, California-based company's infrastructure and at least 20 other major companies from the Internet, financial services, technology, media and chemical industries.
Google said only two e-mail accounts were infiltrated in the attacks, with basic information such as subject lines and the dates that the individual accounts were created accessed. In its investigation, Google said it found that dozens of accounts of human rights advocates in China, the U.S. and Europe were routinely accessed by third parties, not due to a security breach at Google, but through viruses and spy software secretly placed on the users' computers.
The tactics used against the journalists are similar to those described by one human rights activist. After Google's announcement, Beijing law professor and human-rights lawyer Teng Biao wrote on his blog that someone broke into his Gmail account and forwarded e-mails to another account. The attack made use of a service that Gmail and other Web-based e-mail services offer, allowing users to set e-mail addresses to which their mail can be forwarded automatically.
Another activist said she was notified by David Drummond, Google's top lawyer, on Jan. 7 about an intrusion into her account. Tenzin Seldon, a Tibetan rights activist and sophomore at Stanford University, said she allowed her laptop to be inspected by Google's security experts, who found no viruses on the machine.
China-based international correspondents have seen their e-mail accounts hit by periodic waves of cyberattacks and snooping from undetermined sources over the past two years. The AP, Agence France-Presse, Dow Jones, Reuters and other news organizations were targeted in September in an attack in which viruses were implanted in ordinary looking e-mails.
The e-mails, which appeared to be from an editor of an English-language paper in Singapore, bore an attachment that once opened would install malware - malicious software - on computers, said a report late last year by computer security experts McAfee Inc.
Wednesday, December 30, 2009
Hacker Pleads Guilty To Credit Card Theft
USA Today
A computer hacker who helped orchestrate the theft of tens of millions of credit and debit card numbers from major retailers in one of the largest such thefts in U.S. history pleaded guilty Tuesday in the last of three cases brought by federal prosecutors.
Albert Gonzalez, a one-time federal informant from Miami, faces a prison sentence of up to 25 years under the terms of separate plea agreements. He is tentatively scheduled for sentencing in March.
"This is a young kid who did some reckless things and he's going to pay a price for it," said Gonzalez's attorney, Martin Weinberg, after his 28-year-old client calmly answered guilty to charges of conspiracy and wire fraud.
Weinberg said Gonzalez was remorseful and that he would ask two federal judges hearing the cases to sentence Gonzalez to the lower end of the 17- to 25-year sentencing range spelled out in the plea agreements.
Tuesday's plea stemmed from a case that was originally brought by federal prosecutors in New Jersey, but later transferred to Boston. It charged Gonzalez with conspiracy to gain unauthorized access to computer servers at Hannaford Brothers, a Maine-based supermarket chain; convenience store giant 7-Eleven.; Heartland Payment Systems, a New Jersey-based processor of credit and debit cards; and two unnamed companies.
Gonzalez pleaded guilty in September in two other cases that were combined in Boston. Those cases included charges that he hacked into the computers of prominent retailers such as TJX Cos., BJ's Wholesale Club, OfficeMax, BostonMarket, Barnes & Noble and Sports Authority.
Under questioning Tuesday by U.S. District Court Judge Douglas Woodlock, Gonzalez indicated that he had used alcohol and a number of drugs, including marijuana, cocaine and LSD, prior to his arrest in May 2008.
Federal prosecutors have agreed to seek concurrent sentences in the cases, meaning that Gonzalez would serve no more than 25 years in prison. Weinberg, however, said he would argue for a lesser sentence based on factors including the prior drug abuse and a psychiatrist's report that Gonzalez exhibits behavior consistent with Asperger's syndrome, a form of autism.
The defense-commissioned report by Dr. Barry Roth described Gonzalez as an Internet addict with an "idiot-Savant-like genius for computers and information technology," but socially awkward.
"His personal life has been characterized most of all by awkwardness, impairment, troubles connecting to people, with an overarching preference and predilection to machines and technology," Roth wrote.
Authorities said Gonzalez, who said he had worked as a computer security consultant, was the ringleader of a group that targeted large retailers.
In 2003, Gonzalez was arrested for hacking but was not charged because he became an informant, helping the Secret Service find other hackers. But authorities said he continued to use his talents for illegal activities.
Over the next five years, he hacked into the computer systems of retailers even while providing assistance to the government.
He lived lavishly during that time. Authorities said he amassed $2.8 million and bought a Miami condo and a BMW. Under the plea deals, Gonzalez must forfeit more than $2.7 million, plus his condo, car, a Tiffany ring he gave to his girlfriend and Rolex watches he gave to his father and friends.
Before accepting the plea Tuesday, Woodlock heard Assistant U.S. Attorney Stephen Heymann outline the sophisticated hacking scheme, which also involved an individual identified only as "P.T." and two individuals identified in the indictment as Hacker 1 and Hacker 2. Heymann said they remain fugitives.
Gonzalez identified potential corporate victims by poring through lists of Fortune 500 companies and by going to retail stores to probe for potential vulnerabilities, Heymann said.
"It was foreseeable to defendant Gonzalez that the losses resulting from unauthorized access into the servers of the corporate victims identified in the indictment would exceed $20 million," Heymann said.
Albert Gonzalez, a one-time federal informant from Miami, faces a prison sentence of up to 25 years under the terms of separate plea agreements. He is tentatively scheduled for sentencing in March.
"This is a young kid who did some reckless things and he's going to pay a price for it," said Gonzalez's attorney, Martin Weinberg, after his 28-year-old client calmly answered guilty to charges of conspiracy and wire fraud.
Weinberg said Gonzalez was remorseful and that he would ask two federal judges hearing the cases to sentence Gonzalez to the lower end of the 17- to 25-year sentencing range spelled out in the plea agreements.
Tuesday's plea stemmed from a case that was originally brought by federal prosecutors in New Jersey, but later transferred to Boston. It charged Gonzalez with conspiracy to gain unauthorized access to computer servers at Hannaford Brothers, a Maine-based supermarket chain; convenience store giant 7-Eleven.; Heartland Payment Systems, a New Jersey-based processor of credit and debit cards; and two unnamed companies.
Gonzalez pleaded guilty in September in two other cases that were combined in Boston. Those cases included charges that he hacked into the computers of prominent retailers such as TJX Cos., BJ's Wholesale Club, OfficeMax, BostonMarket, Barnes & Noble and Sports Authority.
Under questioning Tuesday by U.S. District Court Judge Douglas Woodlock, Gonzalez indicated that he had used alcohol and a number of drugs, including marijuana, cocaine and LSD, prior to his arrest in May 2008.
Federal prosecutors have agreed to seek concurrent sentences in the cases, meaning that Gonzalez would serve no more than 25 years in prison. Weinberg, however, said he would argue for a lesser sentence based on factors including the prior drug abuse and a psychiatrist's report that Gonzalez exhibits behavior consistent with Asperger's syndrome, a form of autism.
The defense-commissioned report by Dr. Barry Roth described Gonzalez as an Internet addict with an "idiot-Savant-like genius for computers and information technology," but socially awkward.
"His personal life has been characterized most of all by awkwardness, impairment, troubles connecting to people, with an overarching preference and predilection to machines and technology," Roth wrote.
Authorities said Gonzalez, who said he had worked as a computer security consultant, was the ringleader of a group that targeted large retailers.
In 2003, Gonzalez was arrested for hacking but was not charged because he became an informant, helping the Secret Service find other hackers. But authorities said he continued to use his talents for illegal activities.
Over the next five years, he hacked into the computer systems of retailers even while providing assistance to the government.
He lived lavishly during that time. Authorities said he amassed $2.8 million and bought a Miami condo and a BMW. Under the plea deals, Gonzalez must forfeit more than $2.7 million, plus his condo, car, a Tiffany ring he gave to his girlfriend and Rolex watches he gave to his father and friends.
Before accepting the plea Tuesday, Woodlock heard Assistant U.S. Attorney Stephen Heymann outline the sophisticated hacking scheme, which also involved an individual identified only as "P.T." and two individuals identified in the indictment as Hacker 1 and Hacker 2. Heymann said they remain fugitives.
Gonzalez identified potential corporate victims by poring through lists of Fortune 500 companies and by going to retail stores to probe for potential vulnerabilities, Heymann said.
"It was foreseeable to defendant Gonzalez that the losses resulting from unauthorized access into the servers of the corporate victims identified in the indictment would exceed $20 million," Heymann said.
Wednesday, March 11, 2009
Three More Criminal Charges For Governor Palin's Hacker
As Originally Posted at PC Mag
David Kernell is not having a good week.
The college student who is accused of hacking into the private Yahoo e-mail account of Alaska governor and former vice presidential candidate Sarah Palin is now facing three additional charges.
Kernell, a 20-year-old student at the University of Tennessee and the son of state Rep. Mike Kernell, has already been charged with gaining unlawful access to stored communications and obtaining information from a protected computer via interstate communication – charges that could carry up to five years in prison and a $250,000 fine.
A grand jury has now added wire fraud, identity theft, and obstruction of justice to the list, according to a March 6 filing. In addition, the count alleging unlawful access to a computer "has been significantly changed," though the filing did not go into detail.
Kernell's legal team intends to file a motion to dismiss the additional charges. As a result, the trial date has been pushed from May 19 until late September or early October.
Kernell turned himself into authorities on Oct. 8. He is accused of hacking into Palin's "gov.palin@yahoo.com" e-mail account on Sept. 16 by successfully navigating Yahoo's password recovery system.
Subscribe to:
Posts (Atom)