Posts tagged Hackers at Switched

Posts with tag hackers

Citibank/7-Eleven ATMs Infiltrated, PINs Stolen

by Tim Stevens, posted Jul 3rd 2008 at 10:35AM

So you follow your bank's advice to the letter when it comes to ATM security: You don't let someone snoop over your shoulder why you're using it, you don't stand there to count your cash immediately after withdrawal, and, most importantly, you've chosen a PIN that isn't "1234."

Good for you, you're doing your part. Sadly, though, it seems that Citibank, and two companies that operate thousands of its ATMs, are not doing their's. Somehow hackers have found a way to infiltrate those ATMs and steal the PIN numbers of anyone who used them.

The automatic tellers affected are the Citi-branded ones found at 7-Eleven stores. These machines -- of which there are 5,700 in total -- are operated by Cardtronics Inc. and Fiserv Inc. The machines themselves were not affected, but it seems that both companies failed to encrypt PINs that were transmitted from the ATM to their central computers, so once the hackers were able to access those central servers, they were able to grab numbers without any hassle.

It's unclear just how they gained access to those supposedly secure central computers or how many bank accounts were compromised, but Citibank is taking steps to send new debit cards to those whose PINs, regardless of how complex, were stolen. Maybe it's time for you to ask your bank just how secure their ATM interactions are. [Source: AP]

Up to 200,000 Montgomery Ward Customer Records Hacked

by Tim Stevens, posted Jul 1st 2008 at 11:12AM

Did you do any shopping at the Montgomery Ward online store anytime during the end of last year? If so, we're sorry to inform you that there's a good chance your credit card number was stolen by a group of hackers, and then re-sold online to the highest bidder. What's that -- you didn't receive a notice from the company about the leak? Neither did anyone else, because, as it turns out, Montgomery Ward's Parent Company, Direct Marketing Services, has chosen to try and keep this quiet rather than go the full disclosure route.

According to the Associated Press, Direct Marketing Services was alerted of the leak by Citigroup in December, meaning the company was completely ignorant of the hole in its security. In the months following, the company made no effort to alert those whose numbers were compromised, instead working directly with the card company whose accounts were exposed to issue new accounts. Now that the story has gone public, however, Direct Marketing Services is sending notices to its customers in an attempt to save face -- just a little late. [Source: AP via The Consumerist]

Hacked Roomba RoboVac Mimics Pac-Man While Vacuuming

by Darren Murph, posted Jun 6th 2008 at 7:02AM

We were beginning to wonder if the Roomba hacking community had been sucked dry of ideas, but leave it to longjie0723 to give us hope yet. This Roomba hacker (yeah, he also rigged his up for Wiimote control) managed to solder 448 yellow LEDs onto a board and program said devices to move in such a way that a Pac-Man-type image is seen.

C'mon, who hasn't dreamed of having that ghost-inhaler work his magic on those forsaken floors? Check the video after the jump.

[Via Hack N Mod]

Continue reading Hacked Roomba RoboVac Mimics Pac-Man While Vacuuming

Eastern European Security Center to Defend Against Cyber Attacks

by Will Safer, posted May 16th 2008 at 2:45PM

Seven European members of NATO are banding together to create a cyber defense center in Estonia, following that country's experience with an overwhelming attack on its Internet structure last year, which it blamed on hackers in Russia who were been upset with the Estonian government's decision to move a statue of Vladimir Lenin in its capital city of Tallinn to a graveyard. In the end, it may have been an Estonian who staged some of the attacks but ethnic Russians living in the Baltic state and others in Russia itself were likely responsible.

More than 1 million remotely operated computers are estimated to have been involved in the attack. Actual riots occurred in the city after this event last April.

Germany, Slovakia, Latvia, Lithuania, Italy and Spain will provide staff for the center and the United States will send observers to watch how this group devises strategies to defend against cyber attacks, which can easily escalate into a national security problem for a country under fire.

The center will be fully staffed by the end of August and fully operational in 2009. [Source: BBC]

Top Net Threats Right Now

by Evan Shamoon, posted Apr 9th 2008 at 7:12PM

While it may not feel quite like the Wild West anymore, the Internet is still full of people looking to rip you off -- the anonymity and secretive nature of online dealings makes them much more prone to fraud than in the real world. We've compiled a list of the top threats to your security lurking around the Internet -- and what you can do to avoid them.

The threat: The upcoming presidential election

The problem: All of the presidential candidates accept donation contributions online -- but be careful. Extremist supporters have been using "typo-domains" that mimic the Web site of a political rival; when the contributions come in, they're either pocketed or contributed to someone else's campaign. GOP Presidential nominee Ron Paul's campaign received funds from five hundred stolen credit cards, which were stolen from Frost bank; investigators discovered overseas thieves used Paul's site to test the stolen cards with $5 contributions.

How to protect yourself: Don't reply to the email -- and don't click the links inside it, either. Want to make an online donation? Google the name of your candidate of choice, go to his or her official site, and donate away ...

Next >>

Thieves Snag 4.2 Million Credit Card Numbers from Supermarket Chain

by Terrence O'Brien, posted Mar 18th 2008 at 11:12AM

Since December of 2007, the massive grocery store chains Hannaford Brothers and Sweetbay were hit by one of the largest incidents of credit and debit card data theft the U.S. has ever seen. Hannaford Bros., which owns the supermarket chains in the Northeast United States and Florida, announced on Monday that thieves had snagged an estimated 4.2 million card numbers and expiration dates, though not names or addresses. The thefts occurred during the authorization process that takes place when users are buying groceries at the the checkout counter with a credit or debit card.

The Associated Press reports that 1,800 incidences of fraud have been associated with the theft, as well as some occurrences of identity theft. Hannaford doesn't associate credit card numbers with names and addresses, which has lessened the impact of the data theft, but it has also made it impossible for the company to identify and contact those affected. Customers seeking help or information are encouraged to call the company at 1-866-591-4580.

Though this is one of the largest instances of data theft in the country, it pales in comparison to the largest which took place in 2005, when hackers gained access to the systems of TJX Companies, the owners of Marshall's, TJ Maxx, and Bob's. In that theft, over 94 million credit and debit card numbers were compromised.

The most unsettling detail is that Hannaford seems to have little indication as to when or how the theft occurred. The company became aware of the theft on February 27, after reports of suspicious credit activity. The numbers were stolen sometime between December and that date, but Hannaford was unable, or unwilling to divulge further details. If major companies can't even be sure when or how their systems are compromised truly secure Internet transactions may be nothing more than a pipe-dream.

From InfoWorld and AOL News/AP

Related Links:

Canada's Largest Hacker Bust Ever Rounds Up 17 Perps

by Terrence O'Brien, posted Feb 22nd 2008 at 3:21PM

Guess what, Canada has hackers too! It's true, the country isn't all maple leaves and mounties. Now the only question is whether Canada has anymore hackers after Wednesday's raid that snatched up 17 of these young whippersnappers in 12 towns across the winter-swept country.

The suspects ranged from 17 to 26 years-old, and with one exception, all male. The 17 tech-savvy young men and woman formed a hacking ring accused of trafficking in identity and data theft, denial of service attacks (cutting off Internet access), and spamming. The criminal hackers used the standard tools of the trade -- viruses, spyware, and bots to hijack victims' PCs and servers.

The attacks are estimated to have caused $45 million in damages to governments, businesses and individuals around the world. Each hacker is thought to be responsible for hijacking 5,000 computers, most outside of Canada.

From National Post

Related Links:

Teen Hacker Pleads Guilty to Infecting Military Computers

by Evan Shamoon, posted Feb 12th 2008 at 5:15PM

A young man accused of helping to bring more than 400,000 computers into a money-making botnet has pleaded guilty to the charges. Among other things, he has admitted guilt in damaging US military computers, which as we all know is a big no-no.

Known by the handle "SoBe" (yes, like the beverage) in hacker chat rooms, he appeared in US District Court in Los Angeles on Monday, pleading guilty to two counts of juvenile delinquency. Apparently, among the computers infected were those belonging to the Defense Information Security Agency as well as machines maintained by Sandia National Laboratories.

SoBe faces a maximum sentence of 15 years in custody, although as a juvenile he can't be incarcerated beyond the age of 21. His plea agreement contemplates a sentence of one year to 18 months in prison.

"I just hope this stuff lasts a while so I don't have to get a job right away," SoBe once told his hacker accomplice in an online conversation.

Looks like he'll be avoiding the workforce for awhile, anyway.

From The Register

Related links:

Hackers Take Out Scientology Web Site

by Terrence O'Brien, posted Jan 29th 2008 at 11:30AM

Well, it looks like the war is on. The Church of Scientology's attempts to squash circulation of a video of Tom Cruise last week seem to have been the final straw for a group that calls itself "Anonymous." According to a recent report in Wired, the cryptically-named organization recently stated that its main goal is to destroy the leadership of the Church of Scientology.

The first public salvo was launched over the past couple of days as a group of hackers claiming affiliation with Anonymous took down the home page of the Church with repeated distributed denial of service (DDOS) attacks. DDOS attacks flood target servers with requests, so that they become overwhelmed with data and shut down. This results in a site that doesn't work, which is exactly what visitors to the Scienology Web site experienced during the attack. The attacks flooded Scientology's Web servers with as much as 220 megabits per-second, which security experts claim is a mid-sized attack.

While this attack is not the largest of its kind ever seen, it does show some level of organization, "It's not just one or two guys hanging out in the university dorms doing this," said Jose Nazario, a senior security engineer with Arbor Networks. The church has since moved its site to servers run by Prolexic Technologies, a company that specialized in protection from DDOS attacks.

From Wired (via InfoWorld)

Related Links:

Bush To Request $6 Billion to Combat Cyber-Terrorism

by Tim Stevens, posted Jan 29th 2008 at 10:41AM

Bush Wants $6 Billion for Cyberterrorism Protection

Just last week it was revealed that the group that perpetrated the cyber-attacks on Estonian networks, escalating the already high tension between that nation and its neighbor Russia, wasn't really a group at all. It was a 20-year-old hacker from within Estonia itself. That revelation was a bit of a wake-up call for the global community -- that a strong-minded individual could create an international incident without much trouble. President Bush seems to have been paying attention and is reportedly ready to propose a $6 billion project to create some sort of National Security Agency for American networks.

It's unclear just what the plan would entail at this point. And, knowing the government's penchant for secrecy, it's unlikely that we'll get any more details after it is formally proposed next month as part of Bush's budget. However, you can be sure that it will to some degree focus on the passive monitoring of Internet traffic, something that will frustrate privacy advocates to no end.

The question now is, of course, what amount of privacy lost and money spent is a worthy trade for the prevention of American networks from attack? An outage here caused by an attack like that seen in Estonia would have a devastating effect on our already soft economy. That is, of course, assuming there's a group of malicious hackers out there powerful enough to do such a thing here. Our networks are, after all, a bit more redundant than those in Estonia.

From WSJ.com

Related Links:

Hacked Alicia Keys MySpace Page Could Leave You With a Virus

by Terrence O'Brien, posted Nov 9th 2007 at 6:01PM

MySpace is a minefield. Time magazine even put the social-networking site on its list of 'Five Web Sites to Avoid.' Even we here at Switched have posted endless coverage of the sexual predators, spammers, and hackers that have made the MySpace risky at times for anybody not browsing with a sandboxed Firefox browser.

Now, the hackers have managed to expand their attacks beyond the usual faux profiles or hijacks of your friends pages. They're starting to hit the MySpace pages of celeb musicians such as Alicia Keys.

The hack is actually quite sophisticated and involves multiple avenues of infection. Just visiting Keys' page prompts spyware to attempt to install itself on your PC.

If that fails, the page will then ask you to install a codec to allow you to view a video. The codec is fake and if you accept the installation, you will get instant spyware infection! If that fails, the entire background image of the page is a link. Miss any of the legitimate links on the page and you'll be taken to a Web site registered by a Chinese company Xiamen Hua Shang Sheng Shi Network Co. Ltd. That Web site also tries to install malicious code on your computer.

It's a big mess!

Security experts at Exploit Prevention Labs, a company that tracks pages containing malicious code, spotted the hack when Keys' s MySpace page was flagged by users of the company's LinkScanner system.

Keys's page has been confirmed as being cleaned by MySpace and LinkScanner.com, but all that could change in a matter of days.

From PC World

Related links:

Ann Coulter's Website Hacked

by Joshua Fruhlinger, posted Oct 16th 2007 at 12:45PM

After saying some regretable things about Jews, Ann Coulter's site has been hacked. The hackers have posted a fake letter from her, proclaiming her "retirement" from all things media. Here's the note before it goes down:

An Open Letter to Readers
by Ann Coulter
October 15, 2007

Dear Readers,

I've been participating in a charade for nearly eleven years, now. Quite frankly, I'm sick of it. You have all been a part of a sick joke that I began considering shortly after first getting on the air. At first, it was quite interesting to see how people would react when I would use twisted logic and poorly masked bigotry.

But eleven years is a long time to be living a fake life, and I can no longer tolerate this falsity. Even someone as fake as I tires out eventually.

Here's the truth, I don't care what people believe. Jews don't need to be "made perfect" as I so arrogantly proclaimed to Editor & Publisher not a half week ago. I don't even care if people are Muslim. Granted, I don't know much about the religion or the people, but they are people. This is something that we cannot forget, they are in an abhorrent situation. These people are in need of education. Perhaps if we did not participate in causing them misery, they would not hate us so.

In fact, does it really matter whether we are Christian, Jewish, Muslim, Atheist, or even Pagan? We are one nation. One. We should not let petty differences separate us, we are all American, and should act in that manner.

And with that, my precious viewers, I bid you adieu. My career as a media figurehead is over.

Signed,

Ann Coulter

P.S. - Oh, and Bill O'Reilly is also just acting.

[From the hackers:] Haha, did it again. Oh, those silly web admins...they just embarrass themselves.

(Admins, check for an e-mail address in the CMS. Find it. I know you will.)

And the wait to see when her admins figure this one begins...now.

Thanks, Adam!

Related Links:

Monster.com Hacked, User Info Compromised

by Terrence O'Brien, posted Aug 23rd 2007 at 12:29PM

Monster.com has recently come under attack from hackers, spammers and phishers (people who send phony e-mails to lure users into providing login info to banking and other personal accounts). The casualties of war: your personal information. After stealing the usernames and passwords of legitimate recruiters on Monster, the hackers were able to craft personalized phishing e-mails to job seekers based upon information gleaned from their resumes. The more specific and believable the e-mails are, the more likely they are to succeed. Success in this case is either getting the target to open an e-mail loaded with spyware or a virus, or better yet, hand over personal information like credit card details.

A server in the Ukraine used by the scammers was discovered to contain the personal details of 1.6 million people. Because of duplicate entries, security firms believe the server may actually only hold the personal information of "several hundred thousand" to 1.2 million people, as if that's any more comforting.

Symantec, makers of Norton AntiVirus, alerted Monster.com to the vulnerabilities, but also warned users to be careful of what they post online. A quick look around a social networking site like Facebook reveals plenty of people willing to post their full names, e-mail addresses, AIM screen names, birthdays, and in some particularly careless cases, home mailing addresses. Security experts suggest that personal information hosted on sites like Monster and Facebook be kept to a minimum, only revealing more after a contact proves legitimate.

From AOL News

Related Links:

U.N. Site Defaced By Hackers

by Terrence O'Brien, posted Aug 13th 2007 at 10:04AM

"Hacked By kerem125 M0sted and Gsy That is CyberProtest Hey Ysrail and Usa dont kill children and other people Peace for ever No war." Sure, it's barely English, but nevertheless it's the nearly-incomprehensible message of a hacker who infiltrated the official web site of U.N. Secretary General Ban Ki-moon on Sunday.

Several pages within the Secretary General's site were replaced with this message criticizing Israeli and U.S. policies. The hackers have unleashed their 'CyberProtests' on other sites, including those of Toyota and Harvard. At least one of the attackers has previously claimed to be from Turkey.

After the attack was spotted, the original pages containing speeches and statements from Ban Ki-moon were restored within hours.

From The BBC

Related links:

Hacker Penetrates Pentagon E-mail System

by Evan Shamoon, posted Jun 25th 2007 at 7:09AM

In yet another case of "the kids are smarter than the adults," a hacker has broken into one of the Pentagon's e-mail servers, prompting officials to take up to 1,500 accounts offline.

While the email system did not contain classified information relating to military operations, Defense Secretary Robert Gates (pictured) said that a "variety of precautionary measures" were being taken.

But here's the strangest part: Asked if his own e-mail account was affected, Mr. Gates said: "I don't do e-mail. I'm a low-tech person."

Our Secretary of Defense is too low-tech to use email? Our Nanas uses email, and they're, like, a million years old.

From The BBC

Related Links:

Older Posts →

Joyswag: C&C 3: Kane's Wrath (Xbox 360) giveaway, Day Five Confront the SOCOM: Confrontation trailer Burnout Paradise 'Cagney' update for Xbox 360 delayed until July 14	FormatFactory Kicks Media Conversion Ass and Takes Names Download Squad Week in Review Evri.com: Zeitgeist for news
TUAW Best of the Week Apple posts Japanese iPhone guided tour Found Footage: Waiting in line for an iPhone 3G	Earnings highlights: BP, Discover, Corel, Citigroup, WD-40, MSCI and others Is Merrill shopping its Bloomberg stake? Florida coast shows promise for oil drilling
Airplanes in Burnout Paradise? Burnout's Cagney update delayed a few days MK VS DC new screens, plus "Brutalities"	Dissolution of Mercedes-McLaren partnership confirmed Forbes lists top 10 family cars Spy Shots: 2011 BMW 5 Series
Live outside in Sunny Day Sky Will Fallout 3 be banned in Australia? We'll trade you a Heavy for two Demomen . . .	Ana Ivanovic Appears on August FHM Cover Another Win Goes to Busch in Crazy Finish UFC 86 Classic Slugfest: Forrest Griffin Beats Quinton 'Rampage' Jackson

Citibank/7-Eleven ATMs Infiltrated, PINs Stolen

Up to 200,000 Montgomery Ward Customer Records Hacked

Hacked Roomba RoboVac Mimics Pac-Man While Vacuuming

Eastern European Security Center to Defend Against Cyber Attacks

Top Net Threats Right Now

Thieves Snag 4.2 Million Credit Card Numbers from Supermarket Chain

Canada's Largest Hacker Bust Ever Rounds Up 17 Perps

Teen Hacker Pleads Guilty to Infecting Military Computers

Hackers Take Out Scientology Web Site

Bush To Request $6 Billion to Combat Cyber-Terrorism

Hacked Alicia Keys MySpace Page Could Leave You With a Virus

Ann Coulter's Website Hacked

Monster.com Hacked, User Info Compromised

U.N. Site Defaced By Hackers

Hacker Penetrates Pentagon E-mail System

Breaking news Feed

Featured stories Feed

AOL Tech Network

Resources

Categories

cnet reviews

downloads

Features

Hot Topics

Latest Reviews from CNET.com

Top Product Reviews

Weblogs, Inc. Network