Archive for the ‘Analysis’ Category


British Police Nab Two More LulzSec Hackers

London Metropolitan Police appear to be making solid progress finding and arresting the elusive leaders of the former hacktivist group LulzSec. Four more men were arrested and released on bail Thursday, two of them in connection to hacking offenses committed by the known LulzSec member “Kayla.” This caught the hacker community somewhat by surprise, as Kayla always identified herself as a 16-year-old girl. It turns out that Kayla’s bubbly online persona might have actually be the efforts of two 20-year-old and 24-year-old guys.

Kayla’s activity with LulzSec and Anonymous dates back to the infamous HBGary attack. In a profile written by Forbes‘ Parmy Olson, she claims to have played a key role in the hack and also shared some details about her paranoid lifestyle:

With just half a dozen close friends online, she has a strict regimen to remain invisible on the web. Each night she wipes every one of her web accounts and deletes every email in her inbox.  She has no physical hard drive and boots her computer from a microSD card. “I could hide this card anywhere or chew into a million pieces in a few seconds,” she says by e-mail. She keeps her operating system on a USB stick and uses a virtual machine (VM) to carry out her online shenanigans.

So paranoid is Kayla of being caught or hacked by others, that despite several requests she would not speak to me on Skype to verify an adolescent-sounding voice. Our only evidence: others in Anonymous vouch for her age, her emails are punctuated with smiley faces and “lols” and she is relatively well-known on hacking forums.

Of course, we don’t know if any of what she told Olson is true, but with all four men due to appear on bail in count on September 7, we might learn more about what really goes on within Anonymous.


Former CEO Steve Jobs handles the iPhone 4 at WWDC 2010. Photo: Jon Snyder/Wired.com

A little more light has been shed on the odd story of Apple losing another iPhone prototype in a Bay Area bar.

The man who’s home was searched by what he believed to be San Francisco Police Department officers was Bernal Heights resident Sergio Calderón, SF Weekly discovered. And the police officers? They may have been investigators working for Apple who were actually impersonating police officers.

Impersonating a police officer is a misdemeanor in California, and is punishable by up to a year of jail time. Another option is that Apple was working with police officers, and a proper report was never filed. When the SFPD has been called and asked about the Apple incident, representatives said they had no knowledge of the search.

“This is something that’s going to need to be investigated now,” SFPD spokesman Lt. Troy Dangerfield told SF Weekly. “If this guy is saying that the people said they were SFPD, that’s a big deal.”

On Wednesday CNET News.com reported that in late July an Apple representative lost a “priceless” next generation iPhone prototype in San Francisco bar Cava 22. Apple reportedly used GPS to track the phone to a Bernal Heights area home, where police officers were given permission to search the home for the device. The resident was offered money by Apple for the iPhone’s safe return, but it was not turned in. The phone was sold on Craigslist for $200, according to CNET, but no independent evidence of the post has surfaced.

The incident is reminiscent of what happened last year when an iPhone 4 prototype was left at a Redwood City bar, and purchased for $5,000 by Gizmodo.

Here’s what went down, according to the new report by SF Weekly:

Calderón said that at about 6 p.m. six people — four men and two women — wearing badges of some kind showed up at his door. “They said, ‘Hey, Sergio, we’re from the San Francisco Police Department.’” He said they asked him whether he had been at Cava 22 over the weekend (he had) and told him that they had traced a lost iPhone to his home using GPS.

They did not say they were there on Apple’s behalf, but they said that the “owner of the phone” would offer Calderón $300 for the phone.

Calderón told SF Weekly that he was threatened by the law-enforcement officers when they visited his house, and said that he has no knowledge of the prototype.

One of the officers who visited the Calderón household was a man named “Tony”. He left his phone number with Calderón in case he discovered any information about the lost phone. It turns out the phone number belongs to an ex-cop named Anthony Colon, who apparently now works for Apple. A search on LinkedIn found that Colon works as a special investigator for Apple and is a former San Jose police officer. That page is now removed from the site, but caches can still be viewed.

This tale keeps getting weirder and weirder. Apple hasn’t returned phone calls on the matter from Wired.com.


— In early August, at the Def Con conference — a major annual gathering of computer hackers — someone apparently hacked into many of the attendees’ cell phones, in what may have been the first successful breach of a 4G cellular network. If early reports are correct, the incident was a man-in-the-middle (MITM) attack, so called because the attacker interposes himself between two other wireless devices.

Coincidentally, a week later, at the 20th Usenix Security Symposium, MIT researchers presented the first security scheme that can automatically create connections between wireless devices and still defend against MITM attacks. Previously, thwarting the attacks required password protection or some additional communication mechanism, such as an infrared transmitter.

Showcasing novel ways to breach security is something of a tradition at Def Con. In previous years, MITM attacks had been launched against attendees’ Wi-Fi devices; indeed, the MIT researchers demonstrated the effectiveness of their new scheme on a Wi-Fi network. But in principle, MITM attacks can target any type of wireless connection, not only between devices (phones or laptops) and base stations (cell towers or Wi-Fi routers), but also between a phone and a wireless headset, a medical implant and a wrist-mounted monitor, or a computer and a wireless speaker system.

Key change

Ordinarily, when two wireless devices establish a secure connection, they swap cryptographic keys — the unique codes they use to encrypt their transmissions. In an MITM attack, the attacker tries to broadcast his own key at the exact moment that the key swap takes place. If he’s successful, one or both of the devices will mistake him for the other, and he will be able to intercept their transmissions.

Password protection can thwart MITM attacks, assuming the attacker doesn’t know the password. But that’s not always a safe assumption. At a hotel or airport that offers Wi-Fi, for instance, all authorized users are generally given the same password, which means that any one of them could launch an MITM attack against the others. Moreover, many casual computer users find it so complicated to set up home Wi-Fi networks that they don’t bother to protect them; when they do, they often select passwords that are too simple to provide much security. That’s led to the marketing of Wi-Fi transmitters with push-button configuration: To establish a secure link, you simply push a button on top of the transmitter and a corresponding button (or virtual button) on your wireless device. But such systems remain vulnerable to MITM attacks.

“None of these solutions are quite satisfactory,” says Nickolai Zeldovich, the Douglas Ross (1954) Career Development Assistant Professor of Software Technology, who developed the new security scheme together with Dina Katabi, the Class of 1947 Career Development Associate Professor of Computer Science and Engineering, as well as postdoc Nabeel Ahmed and graduate student Shyam Gollakota, all of MIT’s Department of Electrical Engineering and Computer Science. “The cool thing about this work is that it takes some insight from somewhat of a different field, from wireless communication — actually, fairly low-level details about what can happen in terms of wireless signals — and observes that, hey, if you assume some of these properties about wireless networks, you can actually get stronger guarantees.”

Strength in silence

In an MITM attack, the attacker needs to drown out the signal from the legitimate sender. But the researchers’ new system ensures that any attempt to do so will be detected. The trick is that, after transmitting its encryption key, the legitimate sender transmits a second string of numbers related to the key by a known mathematical operation. But whereas the key is converted into a wireless signal in the ordinary way — it’s encoded as changes in the amplitude of a radio wave — the second string of numbers is encoded as alternating bursts of radiation and silences.

If an attacker tries to substitute his key for the legitimate sender’s, he’ll have to send the corresponding sequence of bursts and silences. But that sequence will differ from the legitimate one. Through the silences of one, the receiver will hear the bursts of the other. The overlapping sequences will look to the receiver like a wholly new sequence, which won’t match up with the transmitted key, indicating an MITM attack.

Of course, the attacker could try to drown out the entirety of the legitimate transmission and then send his own key. But that would require broadcasting a signal of such long duration that it, too, would alert the receiver to an attack.

The reports of an MITM attack on 4G phones are still being verified, and 4G itself is a vague term that encompasses many different technical approaches. But if the reports prove true, then cell phones, too, could benefit from the MIT researchers’ security scheme. “You could imagine that the same protocol could be used in cell phone networks as well,” Zeldovich says. “At the design level, the idea sounds like it should be applicable.”


— Researchers have found a weakness in the AES algorithm. They managed to come up with a clever new attack that can recover the secret key four times easier than anticipated by experts.

The attack is a result of a long-term cryptanalysis project carried out by Andrey Bogdanov (K.U.Leuven, visiting Microsoft Research at the time of obtaining the results), Dmitry Khovratovich (Microsoft Research), and Christian Rechberger (ENS Paris, visiting Microsoft Research).

The AES algorithm is used by hundreds of millions of users worldwide to protect internet banking, wireless communications, and the data on their hard disks. In 2000, the Rijndael algorithm, designed by the Belgian cryptographers Dr. Joan Daemen (STMicroelectronics) and Prof. Vincent Rijmen (K.U.Leuven), was selected as the winner of an open competition organized by the US NIST (National Institute for Standards and Technology). Today AES is used in more than 1700 NIST-validated products and thousands of others; it has been standardized by NIST, ISO, and IEEE and it has been approved by the U.S. National Security Agency (NSA) for protecting secret and even top secret information.

In the last decade, many researchers have tested the security of the AES algorithm, but no flaws were found so far. In 2009, some weaknesses were identified when AES was used to encrypt data under four keys that are related in a way controlled by an attacker; while this attack was interesting from a mathematical point of view, the attack is not relevant in any application scenario. The new attack applies to all versions of AES even if it used with a single key. The attack shows that finding the key of AES is four times easier than previously believed; in other words, AES-128 is more like AES-126. Even with the new attack, the effort to recover a key is still huge: the number of steps to find the key for AES-128 is an 8 followed by 37 zeroes. To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key. Note that large corporations are believed to have millions of machines, and current machines can only test 10 million keys per second.

Because of these huge complexities, the attack has no practical implications on the security of user data; however, it is the first significant flaw that has been found in the widely used AES algorithm and was confirmed by the designers.


Hacking For The Presidency

Credible Outlets Are Alleging Hillary Stole New Hampshire Via Commissioned Hacking

Newspaper: “Computer hackers ‘may be behind Hillary Clinton’s shock new Hampshire victory'”

January 12. 2008

Is someone this desperate to win. Has someone lost their moral compass so. What am I saying, just looking at Hillary’s track record shows she never had it.

Many outlets are asking did Hillary Clinton hack her way to a New Hampshire win. Here’s why. Hand counted votes, meaning physical votes on paper, showed Obama won in New Hampshire. However, votes counted by computer, which is hackable, mysteriously showed Hillary Clinton winning New Hampshire. A few of the articles on this scandal are cited below.

Back on August 15, 2007 in my “Hillary Clinton Slams Barack Obama” article I wrote about Hillary’s affiliation with a dirty private investigator that also specialized in hacking. 

As a matter of fact, today when I Googled the words “Hillary Clinton” and “hackers” for info on this new scandal, my site article from months ago came up in addition to the items just written about over the past two days on this subject.

Anthony Pellicano Had 4 Hackers On Staff In His West Hollywood Office That Was Raided By The FBI

It is established fact that Hillary Clinton was a client of the now incarcerated Anthony Pellicano. She hired him regarding the Paula Jones scandal and the Jennifer Flowers one as well. Both women reported invasive Anthony Pellicano style harassment being leveled at them.

While, Anthony Pellicano was arrested for illegal wiretapping, witness intimidation and identity theft, among other things,  he was known to have 4 hackers on staff.

One of his hackers destroyed the hard drive of Los Angeles Times writer Anita Busch. His hacker began hacking her computer when she started writing unflattering stories about Pellicano’s Hollywood clients.

Anita Busch

The hacker was even stupid enough to hack her computers and get advance copies of her work, forwarding it to Pellicano’s rich and famous clients.

One of his hackers even did an article with Maxim magazine bragging how she could hack and get your bank pin codes in minutes. People who hack bank info aren’t above hacking voter systems.

There’s even a documentary on it and it’s about the very type of machines (Diebold) that gave Hillary her New Hampshire victory, over Obama’s win via hand count.

Documentary “Hacking Democracy”

Pellicano paid them to hack into the computers of writers, journalists and entertainers for his perverted, nosy clients in Hollywood that paid large sums to get dirt on people or to copy and steal computer based intellectual property.

I know this stuff happens. I myself have personally experienced what commissioned hackers do, from hacking into computers, posting defamatory items on message boards and blogs, hackings web sites and the servers they sit on, disrupting many businesses  – and if paid by a person desperate enough – hacking voting systems. 

There is usually an intermediary when the person is rich and or famous. A person that communicates with the hacker(s) on behalf of the client and provides payment. That person is sometimes a private investigator or a manager.

The hacker hacks the info then passes it on to an intermediary via the internet or by mail, then it is sent to the person that commissioned it and provided payment to the intermediary. In the case of hacking to do damage to a system or changing/rigging computer data, nothing needs to be passed other than payment.  

While Pellicano is in prison, his hackers are not and there are others carrying on the invasive, illegal techniques he pioneered. There are other private investigators and hackers engaging in the same illegal activity he did on behalf of clients in Hollywood, New York and Washington.

These dirty private investigators and hackers are operating out of California, Florida, New York, Nevada and London.

This Hillary matter needs to be investigated because the last thing this country needs is people saying someone stole the election…again. This time through hacking. People don’t need to feel like their vote is not going to count.

And the last time I checked, 1 + 1 = 2, it didn’t equal 4. Voters don’t need to feel disenfranchised. It’s part of the reason I didn’t vote in the 2000 election. I got ready and was about to leave the house to go vote and saw on the news that there were significant voting problems at polls in Florida. I thought to myself, what’s the sense (I did vote in 2004 and 2006, though).

Once again, this is what I hate about politics, corruption and sometimes not really knowing where one stands until there is some scandal.


Hackers infiltrated 72 world organisations including United Nations and IOC, security company McAfee discover.
Cyber-hacking: prolonged series of attacks by one country uncovered
Computer user

Hackers from one country have systematically targeted 72 global companies and organisations over the past five years, McAfee have found. Photograph: AP

Dozens of countries, companies and organisations, ranging from the US government to the UN and the Olympic movement, have had their computers systematically hacked over the past five years by one country, according to a report by a leading US internet security company.

The report, by McAfee, did not openly blame any country but hinted strongly that China was the most likely culprit, a view endorsed by analysts.

China has previouslybeen implicated in a range of alleged incidents of cyberspying – a practice Beijing vehemently denies – including a concerted attack on Google and several attempts to prise secrets from computers at the Foreign Office. But the McAfee report is among the most thorough attempts yet to map the scale and range of such data-theft efforts.

The study traced the spread of one particular spying malware, usually spread by a “phishing” email which, if opened, downloaded a hidden programme on to the computer network. Through tracing this malware and also gaining access to a “command and control” computer server used by the intruders, McAfee identified 72 compromised companies and organisations. Many more had been hacked but could not be identified from the logs.

“After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organisations and were taken aback by the audacity of the perpetrators,” said Dmitri Alperovitch, the company’s head of threat research and the author of the report.

Of the hacking victims 49 were US-based, among them various arms of federal, state and local government, as well as defence contractors and other industries. There were two targets in the UK, a defence company and a computer security firm, while other governments included those of Taiwan, South Korea, and India.

Also found on the logs were records from the United Nations, the International Olympic Committee and two national Olympic committees – one of which was accessed by the hackers for more than two years continuously.

McAfee was at pains not to identify the suspected culprit. However, it did little to disguise its suspicions, noting that the targeting of the Olympic groups, and the sport’s anti-doping agency, immediately before and after the 2008 Beijing Games was “particularly intriguing” and pointed to a country being to blame.

China has been accused in the past. After Google came under a so-called “advanced persistent attack” in 2009 which it said originated in China, the US secretary of state, Hillary Clinton, asked Beijing for an explanation. This year William Hague said a “hostile state intelligence agency” – identified by UK sources as China – had penetrated the Foreign Office’s internal communications system.

While a high proportion of media attention on cybersecurity focuses on the loss of personal data, such as the recent security breaches at Sony, and the activities of hacking collectives such as LulzSec, analysts say this is often minor when compared with the methodical, industrial-scale attempts to seize commercial and state secrets, presumed to be carried out by many countries, chief among them China. Alperovitch said state-orchestrated hacking was so endemic and ambitious it could reshape the workings of the global economy.

“What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth,” he said. If only a fraction of the stolen data was used to gain commercial or technological advantage “the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth in a suddenly more competitive landscape and the loss of jobs in industries that lose out to unscrupulous competitors in another part of the world”.

Beyond even this, he added, were the national security implications of stolen intelligence or defence files. Such was the endemic scale of this problem, Alperovitch said, that he divided large corporations into two camps: “Those that know they’ve been compromised and those that don’t yet know.”

He said: “This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organisations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing.”

When Google accused China last year the ministry of industry and information technology told the state news agency Xinhua: “Any accusation that the Chinese government participated in cyber-attacks, either in an explicit or indirect way, is groundless and aims to denigrate China. We are firmly opposed to that.”

No one was available for comment at the foreign ministry in Beijing. Chinese officials have previously said that China has strict laws against hacking and is itself one of the biggest victims.

Dave Clemente, a cybersecurity analyst from the Chatham House thinktank, said it was likely China was also targeted by hackers acting on behalf of other countries.

“It’s going in both directions, but probably not to the same extent,” he said. “China has a real motivation to gain these types of industrial secrets, to make that leapfrog. There’s probably less motivation for the US to look to China for industrial secrets or high technology. But certainly there’s things China has which they’re interested in, maybe not for commercial advantage but in a geopolitical sense.”

Clemente said McAfee’s characterisation of such hacking efforts as a wholesale theft of intellectual property and secrets was “fairly reasonable”: “It’s confirmed not just by this report but by so many dozens of other incidents which build up to an overall picture.”

The effects, however, were harder to quantify: “The blueprints are only part of the picture. The technology for, say, how to build a sophisticated jet engine is one thing, but there’s a whole set of other processes – the logistics, how to manage the supply chain to build more than one, the long-term management of a really advanced manufacturing process.”

While basic security or human errors often made hacking easier than it should be, Clemente said, even the biggest organisations struggle to stop sophisticated attacks: “There’s not much even Google can do if China’s really determined to get inside its networks. It’s not a fair fight in that sense.”


Beware the hackers who take over your Gmail account

Your friend emails you from holiday saying he’s been mugged and could you urgently wire him cash? But it’s a scam – hackers are controlling his Gmail.

Google

Are you sure scammers are not watching your Gmail account? Photograph: Dominic Lipinski/PA

Here at Guardian Money we’ve seen pretty much every scam email going. There are the “phishing” ones that purport to come from your bank; the ones saying you’re due a tax refund; the “you’ve won the lottery” ones; and, of course, the ones from wealthy foreigners in Africa who need help moving squillions of dollars out of the country.

However, the email we received recently from Ned Beale, a solicitor who wrote a series of articles for Money two years ago, stopped us in our tracks. It said Beale had been robbed during a trip to Athens – all his belongings were stolen at gunpoint, and he was desperate for help.

“It’s a terrible experience for me. I need your help flying back home as I am trying to raise some money. I have made contact with my bank but the best they can do is to mail me a new card which will take two to four days to arrive here. I need you to lend me money, will pay back once I get this over with,” said the email. It went on to say that Western Union was the fastest option for wiring funds. “Let me know if you need my details (full names/location) to effect a transfer. You can reach me via email [a “ymail” address in his name] or the hotel’s desk phone 0030 698 083 7647. Thanks, Ned Beale.”

Our immediate reaction was: poor Ned – what a nightmare. But something smelled fishy. The email address was indeed his, but the use of the word “cellphone” jarred slightly, and surely there would be other more obvious candidates to help – close friends, relatives, work colleagues etc – than us? We have to admit that we did nothing.

You will have realised by now this was a scam – albeit one of the most convincing we have encountered. It’s a nasty one, too. As well as hacking into people’s accounts to send out the fake message, the fraudster deletes every one of their victim’s emails and contacts, presumably to stop them quickly getting hold of their contacts to tell them to ignore the previous message.

Beale wasn’t the only victim of this hi-tech hacking attack. Far from it. Up and down the country, people with Google email accounts have been affected by this scam, which is a little more persuasive than it might be as a result of coinciding with the summer holidays, when it is perfectly plausible that someone might be visiting Greece.

Beale, of course, hadn’t been to Athens and hadn’t been robbed. “Some people did believe it,” he told Money. “It went to everybody in my Gmail account. I was sitting in the Royal Courts of Justice when I got a call from my secretary saying ‘come back to the office – all these people are ringing us asking if you’re OK’.”

While he could access his account, everything had been deleted, “so there was no way for me to send an email to everyone to say that it was fake”.

The scam email asks people to get in touch with the “sender” via a “ymail” account that is almost identical to their Gmail address. “Apparently the hacker started corresponding with people, trying to get money out of them,” says Beale. “I think some people actually spoke to him on the phone.”

In some of his emails, the crook – rather carelessly – signed himself as “Keith”. As far as Beale is aware, no one has handed over any money.

Beale, who has now changed all his passwords, has no idea why he was targeted – “I was assuming they have some sort of computer programme”.

It doesn’t sound as if Google was much help. Beale says: “I tried to get hold of Google [but] you’re not able to. They don’t have a number or email address.”

Chris Corrigan, a newspaper sub-editor, is another victim of the “mugged in Athens” email. The email sent in his name was identical to the one sent in Beale’s name – even down to the same “hotel” phone number. Corrigan, who lives in south London, says he was surprised at how many people were nearly taken in by it.

The fake email was sent to an array of people, “from family and friends and contacts, to people who used to mend my car in 2009, a solicitor from two years back etc”. The scammers then deleted all the addresses from his Gmail account – both his inbox and sent mail – about 2,000 messages.

Corrigan thinks he might have an idea how it all started. “Several weeks previously I’d received emails from two friends containing nothing in the way of a usual greeting, just a nondescript link to click on. With one of them, I stupidly did click on the link but nothing coherent happened. I phoned the friend, who said he hadn’t sent me a message.”

He says that after the scam came to light he looked in his Googlemail settings and found a ymail.com address as well as his own Gmail.com address. “The ymail.com address was forwarding all my mail to somewhere else and was central to the scam. I didn’t put it there. I’ve since killed it, but is my computer still infected? I don’t know. The experience caused turmoil for a lot of people. Many fear their own email accounts have been infected. As for me, it has caused electronic havoc because I have lost two years’ records of various conversations, including a large number important to my work.”

It didn’t take long for Money to find other recent examples of people who have been hit. A former Guardian Money writer, now living in the US, was a recent victim. Lynne Bateson’s Gmail address was hacked and a desperate request for help sent to all her contacts. It said: “I’m writing this mail with tears in my eye. I came to London, England, on a vacation, unfortunately I got mugged at the park of the hotel I lodged, all my cash, credit card and telephone were stolen from me but luckily for me I still have my travel passports with me. I am in panic now and I don’t know what to do.”

Lynne BatesonLynne Bateson, whose email account was hacked.Bateson, who now lives in Pasadena, California, says: “In one fell swoop the scam reminded me how wonderful and also how daft people are. I was woken up at 6.01am Californian time by a guy from a pension company telling me he could not release funds. The calls then came thick and fast.

“One very high-powered UK-based executive called my US number. He had been alarmed and had cash ready and was going to hop in a taxi, but then thought he should ring our US home first. One US friend even rang the Department of Homeland Security!

“My lovely US doctor and US bank manager rang. They had embryonic plans to help. The doctor is Russian and the bank manager Chinese so maybe they did not notice the terrible grammar in the same letter. (I do hope they don’t think that is how I write.) But this underlines an interesting point. It is helpful to scammers that we are an increasingly multi-cultural world where people communicate in a language not their first language.”

Bateson says that some friends were alarmed to get the email and were anxious that their own emails might have been compromised. “People did not want to email me. I don’t think anyone was fooled but if the email had gone to an elderly relative …”

She adds: “The scammers stole my emails, which meant I lost many contact addresses, and it was fiddly to reopen my Gmail account. My Facebook account was also closed down despite the fact that I had different passwords for Gmail and Facebook and always made sure I did not enter the second directly from the first. (Some scammers use software that monitors your keystrokes).

“Thankfully, I had a secondary email account which meant that I had a line of communication with Google and Facebook. You can’t phone these guys and website advice is difficult to follow particularly when you are stressed.

After her experience Bateson says she would advise everyone to get a secondary email account. “I would also advise people that when their emails are up and running again to check what happens to the emails they send when they hit respond. Mine were still going to the scammers. I had to change the settings, which had been reconfigured by the scammers. And keep a printout of email addresses.”

We asked Google for a response and a spokesman replied: “We take these issues very seriously, but it’s important to remember that these do not represent hacking attempts on the Gmail service directly. Account hijacking often occurs due to issues with phishing and malware, or when users reuse their email password with another site that becomes compromised.

“We communicate regularly with users about account security topics, and we develop technologies like our suspicious account activity alert to help protect user accounts. As always, we recommend users follow good account security hygiene, including enabling features like 2-step verification.”


3 hours ago

Anyone else seeing an influx of blog headlines that go “Updated: [Thing That We Just Wrote About] Is A Hoax”?

While Internet hoaxes have been around since the Soviet Union wanted to join Usenet in 1984 (remember LonelyGirl15?), we’ve had quite a few doozies this week, from the woman who got a tattoo of 152 of her Facebook friends on her arm, to the eHarmony user tearing upover her love of cats, to the kidnapped lesbian Syrian blogger turning out to be a not kidnapped married guy in Scotland. Heh.

People have always been gullible, and gullible people having access to methods of dissemination like Facebook and Twitter only turns their folly up to eleven. But aren’t we as reporters paid to be filters of news, in essence paid to know better? Then why the rampant media coverage of every single one of these hoaxes?

The only answer I can come up with is that the demands of churnalism (or the recently dubbed “hamsterization” of journalism) and the quest for advertising traffic are only increasing for bloggers as more and more readers spend more and more time and money online.  This begs the question: How many of us uncritically posting on incredulous rumors and unverified viral stories are cynically calculating how even more traffic will inevitably come from our correction posts (“Update: This Was A Hoax, Again”)?

Perhaps the more innocent among us are fooled by the fact that the Internet has also increased the amount of ridiculous but true news. Media frenzies like #Weinergate and Sarah Palin’s description of Paul Revere’s ride remind us that there is plenty of bona fide news that people wish was fake, making the tech media landscape pretty much a crapshoot for bloggers focused on speed.

Even we covered that Facebook Friends tattoo story as if it were serious news. And how I wished that that story were real, letting me transform it into some bloated pseudo-intellectual weekend think piece about the ephemerality of online friendships and the quest for permanence in a digital age. Instead you guys get this.

It was only after I discovered that the  YouTube user account only had uploaded one video prior to “My Social Tattoo” and any kind of identifying details about the poster were nowhere to be found did I drop it as a viable source for reblogging, moving on (quickly as always) to the next source of news. But man, like everybody else, I wanted to believe that some idiot got this breathtakingly dumb tattoo. I mean it could happen, right?

In 2011 a retweet can function as the online equivalent of gawking at a car crash, even when the story seems too good (or more likely, bad) to be true. Perhaps this is why the hashtag#SeriouslyMcDonalds was a trending topic this morning, after a sign mandating African American McDonald’s patrons pay a $1.50 surcharge went viral.  Even McDonald’s Twitter account quickly declared this a “hoax”, but the #SeriouslyMcDonalds hashtag continues to appear in around 20 tweets a second.

Perhaps the most interesting hoax story to come out of an slow summer week  otherwise filled with Apple news, was the tale of a David Voelkert, who was arrested after his ex-wife lured him into revealing his plans to murder her, by posing as a teen admirer on Facebook.

While the initial wave of stories were along the lines of “Man Arrested After Wife’s Facebook Teen Ruse SHOCKER ,” the updates to the story provided a very interested interesting twist, as it turns out that Voelkert suspected that his wife was behind the fake profile and went to a notary in order to prove himself innocent before sending the otherwise incriminating messages.

Voelkert did what we bloggers should be doing more of, taking what happens online with a grain of salt. Granted, he probably had way more time.


After venting out their ire against Sony PlayStation Network and Sony Pictures, hackers have pointed their guns at the Federal Bureau of Investigation.

The group LulzSec has hacked an FBI-affiliated website called InfraGard and siphoned off with the details of around 180 users. The attack was on their Atlanta chapter.

InfraGard is a government and private sector alliance which provides actionable intelligence to protect critical national information infrastructure. The website defines its role as: “InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.” The site has over 42,026 members.

The recently-drafted cyber strategy of the U.S. Department of Defense (DoD) that termed hacking as an “act of war” was cited by LulzSec as the primary reason for attacking the government site.

LulzSec stole username, e-mail IDs, and passwords of users from the website. The hackers further stated that most of the users stood in contradiction to FBI rule under which they are not supposed to use the same password on other websites — an anomaly which is “heavily frowned upon in the FBI and Infragard handbook.”

This glitch led the hackers to lay bare the email id of one of the InfraGard users Karim Hijazi. He re-used his password for InfraGard website to access his personal Gmail account. Using details from Hijazi’s account, the hackers were able to enter into his company called “Unveillance”, a whitehat firm that holds expertise in data breaches and botnets.

The hackers then contacted Hijazi, who they claimed was willing to offer them funds to eliminate his competitors in the market. Hijazi was also reportedly willing to part with the “inside info” in return for hackers’ silence.

LulzSec also warned that Unveillance was formulating an operation to seize control of Libyan cyberspace through unlawful means. It states that the U.S. government is funding the CSFI to attack Libya’s cyberspace. The hackers also published e-mails of 23 people who are supposedly involved in the project.

LulzSec claims that it recently hacked Sony Pictures and stole personal details of over 1,000,000 users. The information stolen included passwords, email address, home address and date of birth. They also stole admin details which included 75,000 music codes and 3.5 million music coupons.

In the SonyPictures fiasco the hacker group claims that Sony stored user password in plain text instead of encrypting the information. LulzSec said that this loophole meant Sony was “asking for it”.

Since they mentioned Libya and NATO in their message, will NATO be the next target?


Graphics Algorithm Becomes 8-Bit Vector Perfecter

    Old-school videogame artwork gets turned into vector graphics using a new algorithm.
    Photo: Hudson Soft/Nintendo. Click to enlarge.

    Two computer science researchers have come up with an algorithm that can take a low-resolution piece of pixel art and upscale it accurately to vector graphics.

     

    wireduk

    Microsoft’s Johannes Kopf and Dani Lischinski from the Hebrew University of Jerusalem built the algorithm by blending a number of approaches, including pixel analysis and spline curves. These are already used in the vectorization of bitmaps, but as the new algorithm focuses solely on 8-bit pixel art, it can take the art form’s particular quirks into account and produce results with far fewer graphical artifacts than more generalized approaches. 

    In the research paper (.pdf) — offline at the time of writing but handily mirrored at Imgur — the pair say:

    Because of the hardware constraints at the time, artists were forced to work with only a small indexed palette of colors, and meticulously arrange every pixel by hand, rather than mechanically downscaling higher-resolution artwork. For this reason, classical pixel art is usually marked by an economy of means, minimalism and inherent modesty, which some say is lost in modern computer graphics.

    As a result, says the paper, every pixel can be a feature on its own, or carry important meaning. Other vectorization algorithms tend to lose detail when they’re given pixel art as an input. The researchers claim their approach is “well-suited to pixel art graphics with features at the scale of a single pixel.”

    You can see some of the results in Wired UK’s gallery. The algorithm doesn’t always work perfectly, admit Kopf and Lischinski, especially when it comes to the anti-aliased Doom face, and there’s also the question of whether certain aspects of pixel art — like Space Invaders — should have nice rounded edges.

    It remains a research project for now, but how awesome would it be to see SNES games upscaled to HD resolution on the forthcoming Wii 2? We hope someone at Nintendo is paying attention.