Archive for the ‘Computer Hacking Forensic Investigator’ Category


Karsten Nohl

A German computer boffin has worked out a way to crack code used to encrypt most of the world’s mobile Internet traffic. Karsten Nohl is going to publish a guide to prompt global operators to improve their safeguards.

Karsten Nohl and his team of 24 hackers began working on the security algorithm for GSM (Global System for Mobiles) in August.Developed in 1988, the system prevents the interception of calls by forcing phones and base stations to change frequencies constantly. Most of the UK’s mobile phones use the GSM system and the breach represents a potential threat to the security of mobile phone communication.

The discovery of a way to eavesdrop so-called General Packet Radio Service (GPRS) technology allows a user to read emails and observe the Internet use of a person whose phone is hacked, said Karsten Nohl, head of Security Research Labs.”With our technology we can capture GPRS data communications in a radius of 5 km,” he told the paper before heading to a meeting of the Chaos Computer Club, a group that describes itself as Europe’s largest hacker coalition.

Nohl, who has a doctorate in computer engineering from the University of Virginia, insisted his work was purely academic. “We have written advice from our lawyers stating that our research is within the legal realm,” he said. “Obviously the data we produce could of course be used for illegitimate purposes.”

His modified phone was used to test networks in Germany, Italy and other European countries. In Germany, decrypted and read data transmissions on T-Mobile, O2 Germany, Vodafone and E-Plus. This was pretty easy because the level of encryption was weak.

Nohl, makes his cash working for mobile operators who hire him to detect vulnerabilities in their systems. He said that many operators run unencrypted data networks because it allows them to more easily filter out competing, unwanted services like Skype.

Filed in: Featured News, Hacking News, Security News, Technical News Tags: , ,

Hacked in 60 SecondsForget your car keys? Soon it won’t make a difference, as long as you have your laptop. An interesting viral Web video (see below) making the rounds since the Black Hat cybersecurity conference earlier this month depicts two researchers from iSEC Partners(a San Francisco-based security firm) breaking into a 1998 Subaru Outback via their PC. In less than 60 seconds, they wirelessly find the car’s security system module, bypass it and start the engine remotely.

iSEC researchers Don Bailey and Mat Solnik claim to be able to hack their way into a securely locked car because its alarm relies on a cell phone or satellite network that can receive commands via text messaging. Devices connecting via a cellular or satellite network are assigned the equivalent of a phone number or Web address. If hackers can figure out the number or address for a particular car, they could use a PC to send commands via text messages that instruct the car to disarm, unlock and start.

One of the reasons this text-messaging approach is disconcerting is that text messages aren’t so easy to block, unless you don’t want to receive any texts (either to your car or phone). Google Voice, iBlacklist and a few others (including wireless carriers AT&T and Verizon) do offer some tools for filtering unwanted text messages.

The researchers acknowledge that stealing a particular car would be difficult because you would have to know that car’s number or address, neither of which are easy to find. What bothers them more is that wireless-enabled systems are showing up not just in cars but also in Supervisory Control and Data Acquisition  (SCADA) systems that control and secure power plants, water-treatment facilities and other components of the nation’s critical infrastructure, they told CNET.

iSEC isn’t the only research team to have caught on to the dangers of ubiquitous networking. As Scientific American reported in April, researchers from the University of California, San Diego (UCSD), and the University of Washington in Seattle likewise claimed that a hacker could insert malicious software onto a car’s computer system using the vehicle’s Bluetooth and cell phone connections, allowing someone to use a mobile phone to unlock the car’s doors and start its engine remotely. UCSD computer science professor Stefan Savage and Washington assistant computer science and engineering professor Tadayoshi Kohno had also previously demonstrated the ability to use a computer plugged into a car’s On-Board Diagnostic system (OBD–II) port to take control of the electronic control units to (among other things) disable the brakes, selectively brake individual wheels on demand, and stop the engine—all independent of the driver’s actions (pdf). This was not done wirelessly but did highlight vulnerabilities that car-makers might want to investigate as they continue to open up their vehicles to outside communications.


Hacking For The Presidency

Credible Outlets Are Alleging Hillary Stole New Hampshire Via Commissioned Hacking

Newspaper: “Computer hackers ‘may be behind Hillary Clinton’s shock new Hampshire victory'”

January 12. 2008

Is someone this desperate to win. Has someone lost their moral compass so. What am I saying, just looking at Hillary’s track record shows she never had it.

Many outlets are asking did Hillary Clinton hack her way to a New Hampshire win. Here’s why. Hand counted votes, meaning physical votes on paper, showed Obama won in New Hampshire. However, votes counted by computer, which is hackable, mysteriously showed Hillary Clinton winning New Hampshire. A few of the articles on this scandal are cited below.

Back on August 15, 2007 in my “Hillary Clinton Slams Barack Obama” article I wrote about Hillary’s affiliation with a dirty private investigator that also specialized in hacking. 

As a matter of fact, today when I Googled the words “Hillary Clinton” and “hackers” for info on this new scandal, my site article from months ago came up in addition to the items just written about over the past two days on this subject.

Anthony Pellicano Had 4 Hackers On Staff In His West Hollywood Office That Was Raided By The FBI

It is established fact that Hillary Clinton was a client of the now incarcerated Anthony Pellicano. She hired him regarding the Paula Jones scandal and the Jennifer Flowers one as well. Both women reported invasive Anthony Pellicano style harassment being leveled at them.

While, Anthony Pellicano was arrested for illegal wiretapping, witness intimidation and identity theft, among other things,  he was known to have 4 hackers on staff.

One of his hackers destroyed the hard drive of Los Angeles Times writer Anita Busch. His hacker began hacking her computer when she started writing unflattering stories about Pellicano’s Hollywood clients.

Anita Busch

The hacker was even stupid enough to hack her computers and get advance copies of her work, forwarding it to Pellicano’s rich and famous clients.

One of his hackers even did an article with Maxim magazine bragging how she could hack and get your bank pin codes in minutes. People who hack bank info aren’t above hacking voter systems.

There’s even a documentary on it and it’s about the very type of machines (Diebold) that gave Hillary her New Hampshire victory, over Obama’s win via hand count.

Documentary “Hacking Democracy”

Pellicano paid them to hack into the computers of writers, journalists and entertainers for his perverted, nosy clients in Hollywood that paid large sums to get dirt on people or to copy and steal computer based intellectual property.

I know this stuff happens. I myself have personally experienced what commissioned hackers do, from hacking into computers, posting defamatory items on message boards and blogs, hackings web sites and the servers they sit on, disrupting many businesses  – and if paid by a person desperate enough – hacking voting systems. 

There is usually an intermediary when the person is rich and or famous. A person that communicates with the hacker(s) on behalf of the client and provides payment. That person is sometimes a private investigator or a manager.

The hacker hacks the info then passes it on to an intermediary via the internet or by mail, then it is sent to the person that commissioned it and provided payment to the intermediary. In the case of hacking to do damage to a system or changing/rigging computer data, nothing needs to be passed other than payment.  

While Pellicano is in prison, his hackers are not and there are others carrying on the invasive, illegal techniques he pioneered. There are other private investigators and hackers engaging in the same illegal activity he did on behalf of clients in Hollywood, New York and Washington.

These dirty private investigators and hackers are operating out of California, Florida, New York, Nevada and London.

This Hillary matter needs to be investigated because the last thing this country needs is people saying someone stole the election…again. This time through hacking. People don’t need to feel like their vote is not going to count.

And the last time I checked, 1 + 1 = 2, it didn’t equal 4. Voters don’t need to feel disenfranchised. It’s part of the reason I didn’t vote in the 2000 election. I got ready and was about to leave the house to go vote and saw on the news that there were significant voting problems at polls in Florida. I thought to myself, what’s the sense (I did vote in 2004 and 2006, though).

Once again, this is what I hate about politics, corruption and sometimes not really knowing where one stands until there is some scandal.


Hackers Against New World Order

Hackers Against New World Order

I recently came across this article while looking to see if I could find socalled hackers that are aware of the New World Order, and are fighting back, instead of the “patriotic” hackers who are attacking “terrorist” and arabic websites I keep reading about… This article is from 1993…

“…This article is written to educate fellow hackers/phreakers and software traders on what will be happening in the future in regards to computers and electronic communication. This is only a short article and only a few things have been included by varies sources etc… ”

                                ###     ###
                                 ###   ###
                      ###   ####  ### ###  ###   ####
                      ###    ###   #####   ###    ###
                      ###    ###    ###    ###    ###
                      ###    ###   #####   ###    ###
                      ##########  ### ###  ##########
                                 ###   ###
                                ###     ###

                         Underground eXperts United

                                 Presents...

         ####### ## ##      #######     # #    ####   #######  ####
         ##      ## ##      ##         #####     ##   ##         ##
         ####    ## ##      ####        # #      ##   #######    ##
         ##      ## ##      ##         #####     ##        ##    ##
         ##      ## ####### #######     # #    ###### #######  ######

      [Hackers Against The Governments New World Order]  [By FreeStyle]

    ____________________________________________________________________
    ____________________________________________________________________

      _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
     |_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|
     |_|                                                           |_|
     |_|      Hackers Against The Governments New World Order      |_|
     |_|                        Part I                             |_|
     |_|                                                           |_|
     |_|                   by : FreeStyle                          |_|
     |_|                                                           |_|
     |_|       CIA - Citizens Intelligence Agency Production.      |_|
     |_|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_|
     |_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|

                                Introduction
                                ^^^^^^^^^^^^  

       This  article is written to educate fellow hackers/phreakers  and
       software  traders  on  what will be happening in  the  future  in
       regards to computers and electronic communication. This is only a
       short article and only a few things have been included by  varies
       sources etc... It also involves the  recent busts which have been
       happening   Australia  wide  and the  tapping of the phone  lines
       on a number of  bulletin  boards.
           This  article  is not to be taken lightly and  also  involves
       details on how we "The people can fight back" against the system
       which is designed  to  suppress the individuals rights  to  learn,
       think, privacy.
           This is not a manual on how to hack a system or how to phreak
       without  getting caught, but rather a political  statement  about
       how  society is being manipulated by our very own government  and
       their  role in the total monitoring of all people in the  future.
       if  you would like detailed information on how to hack/phreak  or
       whatever  then  you can still obtain access to a  number  of  H/P
       bulletin  boards which are still operating in Australia and  also
       overseas's, there you will find what you require.

       " The people are the power, bring back the power to the people "

       We  live  in  a  society which  is  dominated  by  computers  and
       electronic  gadgets  to  help  us  in  our  everyday  lives.  New
       technology  is  being  invented  or  improved  upon  every  year.
       Computers are being widely used in nearly every business, school,
       and  the home, in fact nearly everything you can think  of.  With
       computers  we are faced with new crimes such as  Fraud,  Hacking,
       phreaking,  theft  etc..  These  laws were made  up  by  our  own
       government  to protect the rights of it's people in  society,  or
       where they ?
           The  question  must  be asked , are  the  governments  really
       protecting  our lives, rights etc.. The answer to  that  question
       will be determined by you the reader of this article, but let  us
       face the facts for now. Documents have been obtained to what  the
       government is really up to and how society fits into their  plan.
       These  documents explain conspiracy up to the highest  levels  of
       the  government  in stopping certain knowledge falling  into  the
       publics view. The ultimate goal is the monitoring of every single
       individual and also a one world government, economy and in effect
       a total system of control over it's people. All these things  are
       being  slowly brought to our attention and migrated into our  way
       of  life every year. The UN which we now read about in  the  news
       papers are going to be the one world government in the future. In
       effect  this  means that the united states government  will  have
       total  control, After all the UN headquarters is located  in  New
       York.  Big business will play a vital role in the  monitoring  of
       the  people as well as government  agencies,  telecommunications,
       large  mining corporations, banks etc.. have more power over  the
       people that what we are lead to believe.

                         Australian Governments Role
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^

          Australia  is one of the leading countries operating  secretly
       towards  the New World Order.  Monitoring  of  the  people  of
       Australia has increased dramatically over the pass 10 years.  The
       government  tried to introduce the I.D card but too  many  people
       rejected  their  plans, so they brought out the tax  file  number
       instead.  Everyone  has a large file about  themselves  which  is
       linked  up to the government agencies across Australia.  Students
       are  monitored with either the Tax file number, Austudy  or  just
       applications you must fill out to enter a course. It is very easy
       to   monitor  large  numbers  of  people  now  because   of   the
       introduction  of  large computers and also  their  networks.  Our
       government is actively co-operating with other governments around
       the  world and exchanging data on it's people. This  is  illegal,
       but know one seems to care or notice, after all the key to  power
       is knowledge.
           Camera's  are  everywhere  nowadays, not only  are  we  being
       monitored by shop camera's but we also have speed, red light, and
       even  football camera's which are a nice means of  raising  money
       and  also  gathering  information.  Should  we  believe  our  own
       government  when it is common knowledge that they lie to  us  and
       that even our police force is very corrupt and are able to  kill,
       bash, drink and drive, etc.. and then turn around and say that we
       must obey their laws. Our government is using the media to play a very important role in advertising to us killings, rappings, etc.. so that we the people then turn around and say that "We need tighter laws etc.." This is exactly what the government wants and needs to implement it's plan of total control.
       Documents  obtained  form varies sources on Milnet  show  clearly
       what  the  United  states  and also  other  countries  have  been
       researching  for  many  years  and that  is  ELF  (Extremely  Low
       Frequency) weapons against certain people. This research  project
       is  so  well  advanced  that it will be  for  the  normal  person
       unbelievable.  Research has been done and put into affect on  how
       ELF  affects  the brain waves of people, animals and  all  matter
       itself.  This  research  has also been used  to  change  people's
       thought patterns and is being used to manipulate people in varies
       ways.
           Cellular phones have been introduced for many years now,  and
       are  a  great form of monitoring society. Everytime you  turn  on
       your  cellular phone telecom know exactly where you are  all  the
       time,  also how long you have used the phone for etc... The  same
       also goes for normal house, business phones. Customer details are
       all  processed by large computer data bases and are passed on  to
       governments  agencies when needed. People are using credit  cards
       all  the  time  nowadays  which makes  it  much  easier  for  the
       governments to keep track on what people are buying etc.. Noticed
       how  we  are slowly losing our 1c 2c coins ? also other  coins  ?
       this  is  a slow process of weaning out coins and taking  on  the
       credit   cards  as  normal.  Why  ?   well  it's  because   every
       transaction you make using credit cards go into a large  computer
       in  banks etc.. and therefore it is much easier to store data  on
       the people who use them. Cash payments are the biggest worry  for
       the  government, because they don't have much control over  thing
       like that - but in the future their will be no cash anyway. Large
       corporations  buy data off other agencies. E.g. - each  time  you
       use  your credit card, your purchase is logged and also how  much
       you payed etc.. Now the product companies come along and buy this
       information  off  banks, super markets etc... to  see  who  buy's
       there  products  and also how their products are going.  This  is
       also  illegal  because  it is invading your  privacy,  don't  you
       worry,  the  government knows EVERYTHING about you.  What  colour
       hair   you   have,   Size,  dental  records,   car   you   drive,
       working/studying, food you eat, animals you own, phones you have,
       money, house's, etc... We pay rates on almost everything now  and
       all  that  information about us goes into a  government  agencies
       computer  data base. They are even trying to see what garbage  we
       throw out now. (they are trying to put electronic monitors on our
       bins)     The   government  are  the  real   criminals.   Private
       information about it's people are being given to other  countries
       and  also  other agencies, companies etc.. Information  is  being
       withheld from the public, special deals are going on secretly all
       the  time. We even have a corrupt police force who love to  kill,
       bash,  and  also drink drive. (it seems they  are  different  law
       enforcement,  their law).  We now have news in the paper that  we
       even  have  to get our cats registered. Is this a form  of  money
       raising for the government as well as monitoring. Anyone who  has
       been pulled over by the police will know how many questions  they
       have  to  answer  before being let go. Even if you  are  not  the
       driver  of the car etc.. you are forced to tell them  everything.
       You are under no legal means to do so, but they WILL enforce you.
       Also  isn't  it  quite strange that the head  of  government  run
       Telecom was one of the bosses of At&t (The US company). maybe  he
       is teaching Telecom a thing or to about how to monitor people and
       organize  the control much better. We all know that 0014  numbers
       and  008  numbers  are being logged, but are unsure  as  to  what
       reasons. If their reasons of phreakers, hackers were valid,  then
       why not just put filters on the line etc.. to stop these  people.
       Ahhh  they have to monitor the lines and see who is calling  what
       companies.  Also the the American NSA (National Security  Agency)
       owns  over three quarters of the cray super computers, these  are
       the  biggest, fastest computers in the world. Why on earth  would
       they  need to own even half of these computers ??  Monitoring  of
       all  people  in society is the answer. They  even  sold  computer
       software  to  countries  all around the world  which  had  trojan
       horses in them, so they could access it remotely themselves.  The
       software  was also one of the fastest, most capable  software  on
       the market for the purpose of monitoring large amounts of  people
       in  society.  The middle east has remained so unstable  for  many
       years due to the fact of other nations pouring millions into  the
       countries  to de-stabilize the whole of the middle east,  why  ??
       The answer is simple, the first biggest bankers in the world came
       from  the middle east, because of the oil wells etc..  They  held
       the  balance of power within the banking world. America  did  not
       like  that, and also the other countries in the New World Order
       didn't  like  that  either, so the whole  middle  east  has  been
       de-stabilize and are fighting one another. YET who are  supplying
       these  countries  with  the arms to fight  ???  America,  France,
       Germany,  Australia,  etc..  most of the countries  who  are  now
       against them. I will not go into any of this political side of it
       as it would take far to long to explain about it. Anyway we  have
       in  Australia a special police task force which is setup  by  the
       government   to   look  into  the  so   called   "Normal   police
       corruption", isn't this crazy, we have the police monitoring  the
       police  !!   They have shown themselves to be so  corrupt  anyway
       that it's a joke. Look at all the current affair shows of how the
       police  have  bashed people, have drunk  and  driven  themselves,
       etc..  It's like the blind leading the blind..  We all  know  how
       corrupt  the police are in NSW and also WA, so what makes it  any
       different in Vic or NT (anywhere) only they have not been  caught
       enough YET !! Many police have told me that once your out of  the
       public  view  your history.. But these days they do not  seem  to
       even  care  about  bashing you behind their walls.  Look  at  the
       Rodney  King  bashing, and also many others.. they take  the  law
       into  their own hands and the government is letting them.   Never
       trust  a  politician, they are the biggest liars on  this  earth.
       They  say  they are going to do this and that and  end  up  doing
       something  different, or not doing it at all. The  last  election
       was proof of that, (no promise has been kept)
       Who  do  we  have   monitoring   the governments actions ?
       no one really, so that's where the hackers role will have to come
       in.

                     Hackers & Phreakers can fight back.
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

            Many bulletin boards have been raided by the federal  police
       recently,  also  many boards have there telephones  tapped  in  a
       controlled  affect  to  close down the threat  of  the  future  -
       Hacking,  Phreaking,  Anarchy Information. The  governments  have
       realized that as computers grow bigger and networks expand a  lot
       further, there must be a need to protect THEIR privacy (which  is
       really  all the data collected on us) and that is why  there  has
       been a sudden push forward to catch the hackers, etc..  Criminals
       are  just starting to realize that their old methods  of  getting
       information  etc.. are out of date. It is the computer  age  now,
       and  that is why hackers (good ones) are in upmost demand by  the
       most  criminals  in  jail/outside these days.  Image  the  damage
       hackers  can do by breaking into government /  military  computer
       systems.  We  are  able with the right  knowledge  and  equipment
       infiltrate these networks and obtain the information on what  the
       government  is  up  too. We can see  what  the  governments  have
       acquired  information about us. Police computers would be a  very
       useful  tool  in  the  hackers  arsenal.  Hackers  can  find  out
       information  regarding everyone, put out warrants for the  arrest
       of  people  etc.. Drug enforcement computer systems would  be  an
       advantage  for the drug dealers etc.. Military systems  would  be
       helpful  to certain hackers to obtain classified  information  on
       the latest technology and use it to there advantage. Hackers  can
       break into media computer systems and change the news etc..  This
       is  why  hackers are going to become the next  generation  of  SO
       CALLED   criminals.  Hackers  have  the  power  to  monitor   the
       government - and they don't like it !!!
           That is why the governments realize to stop the threat of the
       hackers  spying  on them, then first of all they  must  stop  the
       hackers  at  the  very heart on the situation, and  that  is  the
       telephone  (dialing  out.. why wait until the hacker  has  logged
       into a system before you catch him/her. Get him/her when he makes
       the  call).  AT&T  is in the middle of trying  to  clean  up  the
       european  countries at the moment, and they will be in  Australia
       in  the near future. Telecom is doing a great job  in  monitoring
       the phreakers etc.. they are currently investigating hundreds  of
       overseas's  callers and also local callers and are informing  the
       government  of  these people activities. The 0014 -  direct  dial
       U.S.A number is being monitored, and most calls are being logged.
       Also  most  008 numbers are logged and cli monitors  are  on  the
       line.  Some  0014 numbers are logged out of every ten  people  it
       will  record the last one. Also the federal police have  quite  a
       few  informers  who have accounts on top boards who  are  feeding
       then information on certain users etc.. Also I have heard a rumor
       (not  reliable) that there are some federal police who operate  a
       board in N.S.W and also Victoria and that they are operating  it,
       just like a normal BBS, but when certain users get too big,  they
       get  busted. The future looks bad for the hacker at the moment  -
       or is it ?  We hackers phreakers, software traders must not  back
       stab  each other, compete against each other, etc.. BUT  we  must
       form a united information network against the government, we must
       collect information, trade information between ourselves. We must
       realize  that  we  have the power and  technology  to  watch  the
       government  and  see what they are REALLY up too.  We  must  form
       global  networks, such as future net, HSI etc.. and email  across
       the  world with our friends. Only by realizing this power can  we
       start  to break down the walls of the governments of our  society
       and bring them back into reality, and let them see for themselves
       that  the  people  do  have  a voice and  that  we  will  not  be
       suppressed manipulated for any longer.

           " Bring back the power to the people "

            - Stop the New World Order, before it's too late -

  ----------------------------------------------------------------------------
  uXu #151             Underground eXperts United 1993                uXu #151
                       Call RIPCO ][ -> +1-312-528-5020
  ----------------------------------------------------------------------------

Hackers infiltrated 72 world organisations including United Nations and IOC, security company McAfee discover.
Cyber-hacking: prolonged series of attacks by one country uncovered
Computer user

Hackers from one country have systematically targeted 72 global companies and organisations over the past five years, McAfee have found. Photograph: AP

Dozens of countries, companies and organisations, ranging from the US government to the UN and the Olympic movement, have had their computers systematically hacked over the past five years by one country, according to a report by a leading US internet security company.

The report, by McAfee, did not openly blame any country but hinted strongly that China was the most likely culprit, a view endorsed by analysts.

China has previouslybeen implicated in a range of alleged incidents of cyberspying – a practice Beijing vehemently denies – including a concerted attack on Google and several attempts to prise secrets from computers at the Foreign Office. But the McAfee report is among the most thorough attempts yet to map the scale and range of such data-theft efforts.

The study traced the spread of one particular spying malware, usually spread by a “phishing” email which, if opened, downloaded a hidden programme on to the computer network. Through tracing this malware and also gaining access to a “command and control” computer server used by the intruders, McAfee identified 72 compromised companies and organisations. Many more had been hacked but could not be identified from the logs.

“After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organisations and were taken aback by the audacity of the perpetrators,” said Dmitri Alperovitch, the company’s head of threat research and the author of the report.

Of the hacking victims 49 were US-based, among them various arms of federal, state and local government, as well as defence contractors and other industries. There were two targets in the UK, a defence company and a computer security firm, while other governments included those of Taiwan, South Korea, and India.

Also found on the logs were records from the United Nations, the International Olympic Committee and two national Olympic committees – one of which was accessed by the hackers for more than two years continuously.

McAfee was at pains not to identify the suspected culprit. However, it did little to disguise its suspicions, noting that the targeting of the Olympic groups, and the sport’s anti-doping agency, immediately before and after the 2008 Beijing Games was “particularly intriguing” and pointed to a country being to blame.

China has been accused in the past. After Google came under a so-called “advanced persistent attack” in 2009 which it said originated in China, the US secretary of state, Hillary Clinton, asked Beijing for an explanation. This year William Hague said a “hostile state intelligence agency” – identified by UK sources as China – had penetrated the Foreign Office’s internal communications system.

While a high proportion of media attention on cybersecurity focuses on the loss of personal data, such as the recent security breaches at Sony, and the activities of hacking collectives such as LulzSec, analysts say this is often minor when compared with the methodical, industrial-scale attempts to seize commercial and state secrets, presumed to be carried out by many countries, chief among them China. Alperovitch said state-orchestrated hacking was so endemic and ambitious it could reshape the workings of the global economy.

“What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth,” he said. If only a fraction of the stolen data was used to gain commercial or technological advantage “the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth in a suddenly more competitive landscape and the loss of jobs in industries that lose out to unscrupulous competitors in another part of the world”.

Beyond even this, he added, were the national security implications of stolen intelligence or defence files. Such was the endemic scale of this problem, Alperovitch said, that he divided large corporations into two camps: “Those that know they’ve been compromised and those that don’t yet know.”

He said: “This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organisations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing.”

When Google accused China last year the ministry of industry and information technology told the state news agency Xinhua: “Any accusation that the Chinese government participated in cyber-attacks, either in an explicit or indirect way, is groundless and aims to denigrate China. We are firmly opposed to that.”

No one was available for comment at the foreign ministry in Beijing. Chinese officials have previously said that China has strict laws against hacking and is itself one of the biggest victims.

Dave Clemente, a cybersecurity analyst from the Chatham House thinktank, said it was likely China was also targeted by hackers acting on behalf of other countries.

“It’s going in both directions, but probably not to the same extent,” he said. “China has a real motivation to gain these types of industrial secrets, to make that leapfrog. There’s probably less motivation for the US to look to China for industrial secrets or high technology. But certainly there’s things China has which they’re interested in, maybe not for commercial advantage but in a geopolitical sense.”

Clemente said McAfee’s characterisation of such hacking efforts as a wholesale theft of intellectual property and secrets was “fairly reasonable”: “It’s confirmed not just by this report but by so many dozens of other incidents which build up to an overall picture.”

The effects, however, were harder to quantify: “The blueprints are only part of the picture. The technology for, say, how to build a sophisticated jet engine is one thing, but there’s a whole set of other processes – the logistics, how to manage the supply chain to build more than one, the long-term management of a really advanced manufacturing process.”

While basic security or human errors often made hacking easier than it should be, Clemente said, even the biggest organisations struggle to stop sophisticated attacks: “There’s not much even Google can do if China’s really determined to get inside its networks. It’s not a fair fight in that sense.”


Beware the hackers who take over your Gmail account

Your friend emails you from holiday saying he’s been mugged and could you urgently wire him cash? But it’s a scam – hackers are controlling his Gmail.

Google

Are you sure scammers are not watching your Gmail account? Photograph: Dominic Lipinski/PA

Here at Guardian Money we’ve seen pretty much every scam email going. There are the “phishing” ones that purport to come from your bank; the ones saying you’re due a tax refund; the “you’ve won the lottery” ones; and, of course, the ones from wealthy foreigners in Africa who need help moving squillions of dollars out of the country.

However, the email we received recently from Ned Beale, a solicitor who wrote a series of articles for Money two years ago, stopped us in our tracks. It said Beale had been robbed during a trip to Athens – all his belongings were stolen at gunpoint, and he was desperate for help.

“It’s a terrible experience for me. I need your help flying back home as I am trying to raise some money. I have made contact with my bank but the best they can do is to mail me a new card which will take two to four days to arrive here. I need you to lend me money, will pay back once I get this over with,” said the email. It went on to say that Western Union was the fastest option for wiring funds. “Let me know if you need my details (full names/location) to effect a transfer. You can reach me via email [a “ymail” address in his name] or the hotel’s desk phone 0030 698 083 7647. Thanks, Ned Beale.”

Our immediate reaction was: poor Ned – what a nightmare. But something smelled fishy. The email address was indeed his, but the use of the word “cellphone” jarred slightly, and surely there would be other more obvious candidates to help – close friends, relatives, work colleagues etc – than us? We have to admit that we did nothing.

You will have realised by now this was a scam – albeit one of the most convincing we have encountered. It’s a nasty one, too. As well as hacking into people’s accounts to send out the fake message, the fraudster deletes every one of their victim’s emails and contacts, presumably to stop them quickly getting hold of their contacts to tell them to ignore the previous message.

Beale wasn’t the only victim of this hi-tech hacking attack. Far from it. Up and down the country, people with Google email accounts have been affected by this scam, which is a little more persuasive than it might be as a result of coinciding with the summer holidays, when it is perfectly plausible that someone might be visiting Greece.

Beale, of course, hadn’t been to Athens and hadn’t been robbed. “Some people did believe it,” he told Money. “It went to everybody in my Gmail account. I was sitting in the Royal Courts of Justice when I got a call from my secretary saying ‘come back to the office – all these people are ringing us asking if you’re OK’.”

While he could access his account, everything had been deleted, “so there was no way for me to send an email to everyone to say that it was fake”.

The scam email asks people to get in touch with the “sender” via a “ymail” account that is almost identical to their Gmail address. “Apparently the hacker started corresponding with people, trying to get money out of them,” says Beale. “I think some people actually spoke to him on the phone.”

In some of his emails, the crook – rather carelessly – signed himself as “Keith”. As far as Beale is aware, no one has handed over any money.

Beale, who has now changed all his passwords, has no idea why he was targeted – “I was assuming they have some sort of computer programme”.

It doesn’t sound as if Google was much help. Beale says: “I tried to get hold of Google [but] you’re not able to. They don’t have a number or email address.”

Chris Corrigan, a newspaper sub-editor, is another victim of the “mugged in Athens” email. The email sent in his name was identical to the one sent in Beale’s name – even down to the same “hotel” phone number. Corrigan, who lives in south London, says he was surprised at how many people were nearly taken in by it.

The fake email was sent to an array of people, “from family and friends and contacts, to people who used to mend my car in 2009, a solicitor from two years back etc”. The scammers then deleted all the addresses from his Gmail account – both his inbox and sent mail – about 2,000 messages.

Corrigan thinks he might have an idea how it all started. “Several weeks previously I’d received emails from two friends containing nothing in the way of a usual greeting, just a nondescript link to click on. With one of them, I stupidly did click on the link but nothing coherent happened. I phoned the friend, who said he hadn’t sent me a message.”

He says that after the scam came to light he looked in his Googlemail settings and found a ymail.com address as well as his own Gmail.com address. “The ymail.com address was forwarding all my mail to somewhere else and was central to the scam. I didn’t put it there. I’ve since killed it, but is my computer still infected? I don’t know. The experience caused turmoil for a lot of people. Many fear their own email accounts have been infected. As for me, it has caused electronic havoc because I have lost two years’ records of various conversations, including a large number important to my work.”

It didn’t take long for Money to find other recent examples of people who have been hit. A former Guardian Money writer, now living in the US, was a recent victim. Lynne Bateson’s Gmail address was hacked and a desperate request for help sent to all her contacts. It said: “I’m writing this mail with tears in my eye. I came to London, England, on a vacation, unfortunately I got mugged at the park of the hotel I lodged, all my cash, credit card and telephone were stolen from me but luckily for me I still have my travel passports with me. I am in panic now and I don’t know what to do.”

Lynne BatesonLynne Bateson, whose email account was hacked.Bateson, who now lives in Pasadena, California, says: “In one fell swoop the scam reminded me how wonderful and also how daft people are. I was woken up at 6.01am Californian time by a guy from a pension company telling me he could not release funds. The calls then came thick and fast.

“One very high-powered UK-based executive called my US number. He had been alarmed and had cash ready and was going to hop in a taxi, but then thought he should ring our US home first. One US friend even rang the Department of Homeland Security!

“My lovely US doctor and US bank manager rang. They had embryonic plans to help. The doctor is Russian and the bank manager Chinese so maybe they did not notice the terrible grammar in the same letter. (I do hope they don’t think that is how I write.) But this underlines an interesting point. It is helpful to scammers that we are an increasingly multi-cultural world where people communicate in a language not their first language.”

Bateson says that some friends were alarmed to get the email and were anxious that their own emails might have been compromised. “People did not want to email me. I don’t think anyone was fooled but if the email had gone to an elderly relative …”

She adds: “The scammers stole my emails, which meant I lost many contact addresses, and it was fiddly to reopen my Gmail account. My Facebook account was also closed down despite the fact that I had different passwords for Gmail and Facebook and always made sure I did not enter the second directly from the first. (Some scammers use software that monitors your keystrokes).

“Thankfully, I had a secondary email account which meant that I had a line of communication with Google and Facebook. You can’t phone these guys and website advice is difficult to follow particularly when you are stressed.

After her experience Bateson says she would advise everyone to get a secondary email account. “I would also advise people that when their emails are up and running again to check what happens to the emails they send when they hit respond. Mine were still going to the scammers. I had to change the settings, which had been reconfigured by the scammers. And keep a printout of email addresses.”

We asked Google for a response and a spokesman replied: “We take these issues very seriously, but it’s important to remember that these do not represent hacking attempts on the Gmail service directly. Account hijacking often occurs due to issues with phishing and malware, or when users reuse their email password with another site that becomes compromised.

“We communicate regularly with users about account security topics, and we develop technologies like our suspicious account activity alert to help protect user accounts. As always, we recommend users follow good account security hygiene, including enabling features like 2-step verification.”


Spain Detains 3 in PlayStation Cyberattacks

The Spanish police said on Friday that they had apprehended three men suspected of computer hacking in connection with recent attacks on Sony’s PlayStation Network as well as corporate and government Web sites around the world.

The National Police identified the three as the local leadership of the shadowy international network of computer hackers known as Anonymous, which has claimed responsibility for a wide variety of attacks.

Anonymous is composed of people from various countries organized into cells that share common goals, the police said, with activists operating anonymously in a coordinated fashion.

One of the three suspects, a 31-year-old Spaniard, was detained in the southern Spanish city of Almería sometime after May 18, the police said. He had a computer server in his apartment in the northern Spanish port city of Gijón, where the group is believed to have attacked the Web sites of the Sony PlayStation online gaming store.

The same computer server was also believed to have been used in coordinated attacks against two Spanish banks, BBVA and Bankia; the Italian energy company Enel; and government sites in Algeria, Chile, Colombia, Egypt, Libya, Iran, Spain and New Zealand, the police said.

The two other men, both also Spaniards in their early 30s, were picked up in Barcelona and Valencia. The police statement did not make clear the timing of those detentions, but a police spokeswoman said all had occurred recently.

The spokeswoman, who did not want to be identified in accordance with department policy, said all three were subsequently released, without bail, pending formal charges.

They were expected to be charged with forming an illegal association to attack public and corporate Web sites, a charge that carries a potential sentence of up to three years in prison.

The police opened their investigation last October, after hackers overwhelmed the Spanish Ministry of Culture’s Web site to protest legislation increasing punishments for illegal downloads.

It was not immediately clear how much of a role the group may have played in the recent attacks on Sony. About a dozen Sony Web sites and services around the world have been hacked; the biggest breaches forced the company, which is based in Tokyo, to shut down its popular PlayStation Network for a month beginning in April.

The Japanese company has acknowledged that hackers compromised the personal data of tens of millions of user accounts. Earlier this month, a separate hacker collective called Lulz Security, or LulzSec, said it had breached a Sony Pictures site and released vital source code.

Sony has estimated that the hacker attacks will cost it at least 14 billion yen ($175 million), in damages, including spending on information technology, legal costs, lower sales and free offers to lure back customers.

Mami Imada, a Sony spokeswoman in Tokyo, said she had no information on the detentions and declined to comment.

The police said that they had analyzed more than two million lines of chat logs since October, as well as Web pages used by the group to identify the leadership in Spain “with the capacity to make decisions and direct attacks.” Members of Anonymous used a computer program called L.O.I.C. to crash Web sites with denial-of-service attacks, the police said.

Among recent attacks, the hackers also brought down the site of the Spanish National Electoral Commission last month before regional and municipal elections. It was that attack, on May 18, that led to the detention of the suspect in Almería.

The movement against the antipiracy law has been closely linked to the broader youth-led political movements that have occurred in Puerta del Sol, the central square in Madrid, and in other city squares since May 15.

These protests have called for a complete overhaul of Spain’s political system and laws aimed at stopping illegal downloading.

Hiroko Tabuchi contributed reporting.


After venting out their ire against Sony PlayStation Network and Sony Pictures, hackers have pointed their guns at the Federal Bureau of Investigation.

The group LulzSec has hacked an FBI-affiliated website called InfraGard and siphoned off with the details of around 180 users. The attack was on their Atlanta chapter.

InfraGard is a government and private sector alliance which provides actionable intelligence to protect critical national information infrastructure. The website defines its role as: “InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.” The site has over 42,026 members.

The recently-drafted cyber strategy of the U.S. Department of Defense (DoD) that termed hacking as an “act of war” was cited by LulzSec as the primary reason for attacking the government site.

LulzSec stole username, e-mail IDs, and passwords of users from the website. The hackers further stated that most of the users stood in contradiction to FBI rule under which they are not supposed to use the same password on other websites — an anomaly which is “heavily frowned upon in the FBI and Infragard handbook.”

This glitch led the hackers to lay bare the email id of one of the InfraGard users Karim Hijazi. He re-used his password for InfraGard website to access his personal Gmail account. Using details from Hijazi’s account, the hackers were able to enter into his company called “Unveillance”, a whitehat firm that holds expertise in data breaches and botnets.

The hackers then contacted Hijazi, who they claimed was willing to offer them funds to eliminate his competitors in the market. Hijazi was also reportedly willing to part with the “inside info” in return for hackers’ silence.

LulzSec also warned that Unveillance was formulating an operation to seize control of Libyan cyberspace through unlawful means. It states that the U.S. government is funding the CSFI to attack Libya’s cyberspace. The hackers also published e-mails of 23 people who are supposedly involved in the project.

LulzSec claims that it recently hacked Sony Pictures and stole personal details of over 1,000,000 users. The information stolen included passwords, email address, home address and date of birth. They also stole admin details which included 75,000 music codes and 3.5 million music coupons.

In the SonyPictures fiasco the hacker group claims that Sony stored user password in plain text instead of encrypting the information. LulzSec said that this loophole meant Sony was “asking for it”.

Since they mentioned Libya and NATO in their message, will NATO be the next target?


Phishing Site Discovered on Sony Server

Sony Phish

by @xbee30

Oh, Sony. Capping off a week that saw Sony disable logins across some of its PlayStation Network properties thanks to a password exploit, F-Secure identified a phishing site running on one of Sony’s servers.

Today’s incident, however, “has nothing to do with the Sony PSN hack,” F-Secure’s Mikko Hypponen wrote in a blog post.

“We know you’re not supposed to kick somebody when they’re already down … but we just found a live phishing site running on one of Sony’s servers,” Hypponen said. “Basically this means that Sony has been hacked, again. Although in this case the server is probably not very important.”

Hypponen posted screen shots of the official homepage of Sony Thailand, as well as a phishing site using the URL hdworld.sony.co.th (above), which appears to target an Italian credit card company.

He notified Sony of the problem and later tweeted that “I can confirm that Sony has just minutes ago cleaned their site and removed the phishing site from hdworld.sony co.th.”

When asked via Twitter if the site was hosted on Sony’s servers or just a DNS hijack, Hypponen said it was hosted on Sony’s servers.

This latest problem comes days after Sony started putting its PlayStation network back online after an extended downtime. It hasn’t been completely smooth sailing; an influx of users trying to change their passwords prompted Sony to temporarily halt the process earlier this week; the password exploit later took down log-ins, but Sony denied it was a new hack.


Final Fantasy maker Square Enix hacked

Deus Ex Human Revolution image The Deus Ex website was one of those hit. Hackers may have stolen users’ e-mail addresses.

Hackers have broken into two websites belonging to Japanese video games maker Square Enix.

The company confirmed that the e-mail addresses of up to 25,000 customers who had registered for product updates may have been stolen as a result.

Resumes of 350 people applying for jobs in its Canadian office could also have been copied from the web servers.

Square Enix, which makes the popular Final Fantasy, Deus Ex and Tomb Raider games, apologised for the breach.

In a statement, it said: “Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites.

“We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again.”

It is understood that the websites affected were Eidosmontreal.com, run by Square Enix’s subsidiary Eidos, and Deusex.com, a promotional site for the forthcoming game, Deus Ex: Human Revolution.

Scammer’s dream

Graham Cluley, a consultant at security firm Sophos, warned that both leaks could cause problems for the individuals concerned.

“With the e-mail there is a danger that gamers could be e-mailed by someone pretending to be from the company who gets them to click on a link or run some malicious software,” he told BBC News.

“The resumes are a blueprint for identity theft. They have everything that scammers want. The only thing missing is credit card information.”

Mr Cluley pointed out that there was also the potential for huge embarrassment as it was unlikely those who had applied for jobs would want their current employers to know.

Square Enix said there was no evidence that the information had been distributed.

It also emphasised that the company does not hold customers’ credit card data on its web servers.

Mr Chippy

Shortly after the attack, both websites displayed the message “Owned by Chippy1337”, as well as several other known hacker names, including Xero, XiX and Venuism.

However, it appears that some or all of those names may have been misappropriated by the real attackers.

Lara Croft Tomb Raider maker Eidos owned one of the hacked sites. The company is owned by Square Enix

Logs of Internet Relay Chat (IRC) conversations have appeared on the online, which appear to show the perpetrators discussing the hack as they carried it out.

In one section, the individuals taking part wrote: “We put it in the name of chippy1337 and write the names ryan, dfs, xero, nikon, xix, venuism and evilhom3r.

The same person then added the comment, “lol [laugh out loud]”.

Security in the video games industry has been in the spotlight in recent weeks after the hacking attacks on Sony’s PlayStation Network and SOE online multiplayer system.

The personal details of around 100 million users were stolen from the company’s servers.

Investigations into the source of the data breach are continuing, with specialist computer forensic teams and the FBI getting involved.

The PlayStation Network remains offline, more than three weeks after the intrusion was discovered.

follow at xbee30 on twitter