Eideard

One of the display booths

The intelligence operative sits in a leather club chair, laptop open, one floor below the Hilton Kuala Lumpur’s convention rooms, scanning the airwaves for spies. In the salons above him, merchants of electronic interception demonstrate their gear to government agents who have descended on the Malaysian capital in early December for the Wiretapper’s Ball, as this surveillance industry trade show is called.

As he tries to detect hacker threats lurking in the wireless networks, the man who helps manage a Southeast Asian country’s Internet security says there’s reason for paranoia. The wares on offer include products that secretly access your Web cam, turn your cell phone into a location-tracking device, recognize your voice, mine your e-mail for anti-government sentiment and listen to supposedly secure Skype calls.

He isn’t alone watching his back at this cyber-arms bazaar, whose real name is ISS World.

For three days, attendees digging into dim sum fret about losing trade secrets to hackers, or falling prey to phone interception by rival spies. They also get a tiny taste of what they’ve unleashed on the outside world, where their products have become weapons in the hands of regimes that use the gear to track and torture dissidents…

Business is booming, with annual revenue of $3 billion to $5 billion growing as much as 20 percent a year, ISS organizer Jerry Lucas estimates…

Lucas, whose conference company TeleStrategies, Inc., is based in McLean, Virginia, makes the point that his marketplace serves police who conduct criminal investigations and intelligence services that prevent terror attacks. Virtually every communications network in the world includes wiretapping for prosecutors, or location tracking to rescue people in emergencies. And customers at ISS also include phone company executives…

“These guys can be your base station,” Lucas says.

RTFA. Long, detailed, the sort of complex dissection Bloomberg offers to business clients – and in the process offers the rest of the world a glance inside the dealings of a segment of the business world premised upon spying. Spying on you or me, spying wherever there is a profit to be acquired in information, cash or strategic outlook. Honesty, human rights and history have nothing to do with the process.

Federal officials said Wednesday they have found no evidence to support an initial state report that foreign hackers caused a water pump at an Illinois water plant to fail this month.

The preliminary report, collected by a statewide terrorist intelligence center in Illinois, had said that a Russian hacker had taken control of the operating system at the water plant in Springfield. The pump turned on and off repeatedly, burning out the motor, the report said…

But the Department of Homeland Security and FBI said they failed to confirm reports of a cyber­attack. DHS spokesman Chris Ortman called the Illinois state report nothing more than “raw, unconfirmed data.”

He said that the federal investigation also failed to confirm the report’s claim that hackers broke into a software company’s database and retrieved user names and passwords, which enabled access to the water plant system.

“In addition,” Ortman said, “DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as previously reported.”

Officials from the state intelligence center did not return phone calls seeking comment…

Please, let’s don’t start letting reality, verifiable conclusions or facts stand in the way of Cold Warriors who are required by that alien implant in their brain to transform every possible SNAFU into an assault upon God, Apple Pie and the American Way of Life.

Within weeks of when Nissan first began delivering the Leaf to buyers last December, do-it-yourselfers were looking for ways to make the new electric car — an engineering marvel from one of the world’s leading automakers — even better.

Phil Sadow, an independent engineering consultant…is the sort of innovator that makes such upheavals happen.

His contribution sounds innocent enough: he adapted the 120-volt charging cord that comes as standard equipment in the Leaf so it can handle a 240-volt charge. This reduces recharge times to less than eight hours, from about 20, and it lets Leaf drivers plug the Nissan charging cord into any 240-volt household outlet, typically used for appliances like clothes dryers.

Mr. Sadow’s project was inspired by his outrage over E.V. owners’ being billed as much as $6,000 to install 240-volt charging equipment. These home units, he says, with their fancy industrial designs and Wi-Fi capability, are more complex than necessary.

“If you look at your average Walgreens $10 hair dryer, it comes with almost all the same equipment as required by an E.V. cord,” he said…

With Mr. Sadow’s $239 modification, the charging cord that comes with the Leaf will replenish the battery pack at the full capacity of the car’s onboard 3.3-kilowatt charger. It can be plugged into a 240-volt outlet or combined with another device, called a Quick-220, that uses two 110-volt outlets on separate circuits…

“The E.V. cord should be as simple as a garden hose,” he said…

But are these electronic engineers hackers? Mr. Sadow rejects the term, seeing himself and others as helping to find more cost-effective solutions to building E.V. infrastructure — not to mention doing something Americans have done with their cars for more than a century.

“I don’t like the term hacking because it’s been portrayed by the media as something evil,” he said. “To me, hacking is actually very American. Go out to the garage. Take it apart. Make it better.”

Rock on, Mr. Sadow. Nissan has recognized the reality of his tweaks and reduced the cost of their “factory-approved” cord system by 70%. Of course, Americans will fiddle with factory settings – and those with the most technical skills will produce modifications that make systems run better. That’s what real hacking is all about.

The global battle between hacker activists and police has intensified with 32 arrests in Turkey and an admission from Spanish police that the group Anonymous had successfully attacked their website in response to arrests made there.

Turkish police arrested 32 suspected local members of Anonymous, including eight minors, according to state news agency Anatolian. The arrests followed a complaint from Turkey’s directorate of telecommunications, whose website was taken down on Thursday…

Turkey is due to introduce an obligatory nationwide internet filtering system in August that will see users forced to sign up to one of four filters.

These are labelled “domestic”, “family”, “children” or “standard”, but hacker activists gathered under the Anonymous umbrella claim they will lead to state control of individual internet use, and allow authorities to keep records of such use.

The police operation in Turkey followed the arrest of three alleged leaders of the so-called Anons in Spain on Friday…

The group says it is not involved in credit-card fraud, but has been held responsible for attacks on the servers of both Mastercard and Amazon.

I wonder how many will do serious time, how many will cooperate and become agents for the Federales in a couple more countries?

The underground world of computer hackers has been so thoroughly infiltrated in the US by the FBI and secret service that it is now riddled with paranoia and mistrust, with an estimated one in four hackers secretly informing on their peers, a Guardian investigation has established.

Cyber policing units have had such success in forcing online criminals to co-operate with their investigations through the threat of long prison sentences that they have managed to create an army of informants deep inside the hacking community.

In some cases, popular illegal forums used by cyber criminals as marketplaces for stolen identities and credit card numbers have been run by hacker turncoats acting as FBI moles. In others, undercover FBI agents posing as “carders” – hackers specialising in ID theft – have themselves taken over the management of crime forums, using the intelligence gathered to put dozens of people behind bars.

So ubiquitous has the FBI informant network become that Eric Corley, who publishes the hacker quarterly, 2600, has estimated that 25% of hackers in the US may have been recruited by the federal authorities to be their eyes and ears. “Owing to the harsh penalties involved and the relative inexperience with the law that many hackers have, they are rather susceptible to intimidation,” Corley told the Guardian…

The best-known example of the phenomenon is Adrian Lamo, a convicted hacker who turned informant on Bradley Manning, who is suspected of passing secret documents to WikiLeaks. Manning had entered into a prolonged instant messaging conversation with Lamo, whom he trusted and asked for advice. Lamo repaid that trust by promptly handing over the 23-year-old intelligence specialist to the military authorities. Manning has now been in custody for more than a year…

The latest challenge for the FBI in terms of domestic US breaches are the anarchistic co-operatives of “hacktivists” that have launched several high-profile cyber-attacks in recent months designed to make a statement. In the most recent case a group calling itself Lulz Security launched an audacious raid on the FBI’s own linked organisation InfraGard. The raid, which was a blatant two fingers up at the agency, was said to have been a response to news that the Pentagon was poised to declare foreign cyber-attacks an act of war…

Kevin Poulsen, senior editor at Wired magazine, believes the collective is classically vulnerable to infiltration and disruption. “We have already begun to see Anonymous members attack each other and out each other’s IP addresses. That’s the first step towards being susceptible to the FBI.”

Gee. Wouldn’t you think that all those shining principles of freedom and transparency would be enough to protect the cult of script-kiddies and individual anarchist heroes?

Sony lost $450 million last year – paid Stringer $4.5 million + stock options
Daylife/Reuters Pictures used by permission

Sony PlayStation gamers expressed shock and disappointment on Wednesday at a massive data hack in which their names, addresses and credit-card details might have been stolen from the PlayStation Network.

Shoppers at London video-games stores said they might leave the network, PSN, which allows them to play games with 77 million other members and buy games online, while some gamers writing in online forums called for a boycott of Sony products…

Sony warned earlier that unidentified hackers had stolen the personal details of its 77 million user accounts, in one of the biggest-ever Internet security break-ins.

The Japanese electronics giant advised users, almost 90 percent of whom are based in Europe and the United States, to change any common passwords they also used for other services.

It said children with accounts established by their parents might have had their data exposed.

“If you think the gamers are pissed over at playstation blog, wait until the Mums get wind of this,” wrote senior member barrybarryk on the PS3news.com online forum…

Sony pulled the plug on the network eight days ago but did not tell the public about the stolen data until Tuesday.

Phew! I don’t know of any industry guaranteed safe from attack. I have some experience with procedures that appear to work – when enforced with diligence and consistency. I’m not certain about any IT departments other than those I personally could vouch for, though.

Oh yeah – just discussing this with another geek in the family – remember all the crap that’s happened at Sony from the closing of research centers to failed security to snooping on users has happened on Stringer’s watch.

U.S. prosecutors have charged two men with stealing and distributing email addresses for about 120,000 users of Apple’s popular iPad.

Investigators accused Daniel Spitler and Andrew Auernheimer of using an “account slurper” to conduct a “brute force” attack over five days last June, to extract data about iPad users who accessed the Internet through AT&T’s 3G network.

Among the possible victims were celebrities, businesses executives and government officials such as New York City Mayor Michael Bloomberg, ABC News anchor Diane Sawyer, movie mogul Harvey Weinstein and perhaps then-White House Chief of Staff Rahm Emanuel, prosecutors said.

Spitler, 26, and Auernheimer, 25, were taken into custody by FBI agents on Tuesday morning, U.S. Attorney Paul Fishman in New Jersey said in a statement.

Prosecutors said both defendants are associated with Goatse Security, a group of “self-professed Internet ‘trolls’” who try to disrupt online content and services. They said Auernheimer bragged in published interviews about his trolling…

The defendants were each charged with one count of fraud and one count of conspiracy to access a computer without authorization. Each charge carries a maximum punishment of five years in prison plus a $250,000 fine…

The defendants then supplied stolen data to gossip website Gawker, which published some details, the complaint said.

Nothing like cooperating with scumballs, eh?

A security expert said he has devised a simple and relatively inexpensive way to snoop on cellphone conversations, claiming that most wireless networks are incapable of guaranteeing calls won’t be intercepted.

Law enforcement has long had access to expensive cell-phone tapping equipment known as IMSI catchers that each cost hundreds of thousands of dollars. But Chris Paget, who does technology security consulting work, says he has figured out how to build an IMSI catcher using a $1,500 piece of hardware and free, open-source software.

Paget will teach other hackers how to make their own IMSI catchers on Saturday during in a presentation at the annual Defcon security conference in Las Vegas.

His technique only works with wireless systems based on GSM technology, which is used by most of the world’s wireless carriers. In the United States, AT&T and T-Mobile USA, a unit of Deutsche Telekom AG operate on GSM systems.

Thousands of hackers will attend the Defcon conference in Las Vegas that starts on Friday, where researchers like Paget will disclose security vulnerabilities in systems from cell phones and business software to systems that run the electrical grid.

They will all swear fealty to the vaguely religious rationale that they’re only involved in proving to hardware and software manufacturers better ways to provide security.

One would hope that advances in contemporary sophistry might eventually provide them with more believable rationales. Something better than the usual crap copouts.

Black hat hackers have exploited a security flaw on AT&T’s web servers which enabled them to obtain email addresses from the SIM card addresses of iPad 3G users.

The breach, profiled in a report by Gawker, described the event as “another embarrassment” for Apple and outlined a variety of high profile individuals whose email addresses were obtained by automated script attacks on AT&T’s web server based on their iPad 3G SIM addresses (ICC ID).

Why is this an embarrassment for Apple? Is Gawker fueled entirely by sophistry?

The publication claimed that the identifying information meant that thousands of iPad 3G users “could be vulnerable to spam marketing and malicious hacking,” while also pointing out that many users have actually already published their iPad ICC ID numbers in Flickr photos. Presumably, many of them also have public email addresses and therefore already receive spam like the rest of us.

The attack on AT&T’s web servers resulted in at least 114,000 iPad 3G users’ emails being leaked to the hackers, who were coy about wether or not they were planning to enable others to access the data. The security leak, which returned a user’s email address when their ICC-ID was entered via a specially formatted HTTP request, has since been patched.

No other information was discovered…

RTFA.

Aside from predictable whines – and an icy dagger pointed straight at the heart of of dimwits at AT&T who apparently skipped the class about online security – it really does appear that the threat to iPad owners tethered to AT&T contains nothing more than an incremental increase in spam.

Since 2007, every new U.S. passport has been outfitted with a computer chip. Embedded in the back cover of the passport, the “e-passport” contains biometric data, electronic fingerprints and pictures of the holder, and a wireless radio frequency identification (RFID) transmitter.

Although the system was designed to operate at close range, hackers were able to access it from afar — until research by Prof. Avishai Wool of Tel Aviv University’s School of Electrical Engineering helped ensure that the computer chip in American e-passports could be read only when the passport is opened. The research has been cited by organizations including the Electronic Frontier Foundation.

Now, a new study from Prof. Wool finds serious security drawbacks in similar chips that are being embedded in credit, debit and “smart” cards. The vulnerabilities of this electronic approach — and the vulnerability of the private information contained in the chips — are becoming more acute. Using simple devices constructed from $20 disposable cameras and copper cooking-gas pipes, Prof. Wool and his students Yossi Oren and Dvir Schirman have demonstrated how easily the cards’ radio frequency (RF) signals can be disrupted…

RTFA. How to win friends and influence elections, border crossings and other security-conscious installations – with just a little investment and ingenuity.