Posts Tagged ‘hacker’

Hacktivists change the Global Warming Debate

Recent News | Posted by Dave
Nov 23 2009

Unless you have been living under a rock during the past 20 years you know that Man made Global Warming has been a very hot topic (no pun intended :) ).  Recently it seemed that the Pro-Global Warming team had been making the most ground.  As the inventor of the Internet Al Gore put it “The debate is over”..  Is it???

It appears that a group of Hacktivist may have pulled some skeletons out of the closet, for the whole world to see.  A Hacktivist is a Hacker who hacks for a cause.  We have seen many far-leaning ideologue groups around the world, on both sides of the debate, who have employed various attacks against their enemy.  The attacks have included defacing websites, Dos/DDoS, and other destructive attacks.  This attack however was different. 

hacktivism

Hacktivist stole over 4000 documents from  the Climatic Research Unit of the University of East Anglia in Britain, which included over 1000 emails.  Many of these emails were correspondents between high profile Global Warming “Alarmist”, and it seems a few of these emails included some of their deepest secrets such as how to manipulate data to hide discrepancies between their cause and the actual data (There is growing data that Global Warming may have stopped in the late 90s.).  The university has acknowledged the breech and the authenticity of the documents, many of which are available on the internet.

Score one for the Hacktivists it seems,  but what does this mean for the future?  If these really are a smoking gun, which all indications point to yes, then this will definitely embolden others who believe they can expose their opponent’s agenda by breaking the law.     

The lessons to take from this?  Not all malicious attacks are Dollar driven.  Some people will go to extremes to prove a point. And finally, if you want something to be kept a secret do not put it in an email.

 

- Dave

 

Link to an article about the attack  http://www.washingtonpost.com/wp-dyn/content/article/2009/11/20/AR2009112004093_pf.html

Tags: , ,
No Comments »

Pink Floyd star David Gilmour joins fight to halt extradition to US of hacker Gary McKinnon

Passwords, Recent News | Posted by Dave
May 27 2009

This isn’t really security news. But I am a big Dave Gilmour fan and I love UFO stories so this is a great story for me.  As far as Gary McKinnon’s actions, I believe if NASA had UFO information they would most likely bury it.  But again hacking is still illegal.

Speaking of mysteries, does anyone remember this Floyd mystery?

~~Dave

PS.. If Mr Gilmour by chance reads this, I am free to jam whenever you are :)

Musicians from such diverse groups as Pink Floyd and Boyzone have joined forces in a last-ditch campaign to halt the extradition to the US of north London computer hacker Gary McKinnon.

The family and friends of McKinnon, who has Asperger’s syndrome, are hoping that a campaign also supported by well-known names including Terry Waite, Boris Johnson, Sting, Lord Carlile and Jane Asher, will finally bear fruit.

Next month, McKinnon is due to have what is likely to be his final legal appearance in a judicial review over the decision of home secretary,Jacqui Smith, to send him to stand trial in the US for hacking into the US defence department and Nasa computer systems in a search for evidence about UFOs.

An earlier judicial review ruled that Smith had failed to take adequate consideration of evidence of McKinnon’s medical condition. If McKinnon failed in this bid for a reconsideration of the extradition decision, he could be sent immediately for trial in the US and face a lengthy jail sentence.

To help the case, Graham Nash has authorised a reworking of his song Chicago, written when he was part of Crosby, Stills and Nash in the wake of the violent 1968 Democratic party convention in Chicago and the subsequent trial of the so-called Chicago Seven.

David Gilmour, the Pink Floyd musician and political activist, has agreed to produce a fresh recording of the song to publicise McKinnon’s plight.

Boyzone singer Keith Duffy has also expressed his support for McKinnon. “As the parent of a child with autism I know only too well that getting support at the right time can be crucial,” said Duffy

http://www.guardian.co.uk/uk/2009/may/25/gary-mckinnon-extradition-pink-floyd-hacker-us

Tags: , ,
No Comments »

The FAA was successfully attacked

compliance, Recent News | Posted by Dave
May 08 2009

Note from Dave:  Soon I hope to start writing some more original content, until then I will continue to post hacker related news on here.  The reason I am post these articles is simple, Cyber Security is not an option.  Many businesses get it, others not so much.  If the FAA and the Pentagon can be successfully hacked,  how safe do you think you really are?  Better to understand your weaknesses and try to mitigate those vulnerabilities than to put you head back in the sand.

 

Dave

 

Hackers have broken into the air traffic control mission-support systems of the U.S. Federal Aviation Administration several times in recent years, according to an Inspector General report sent to the FAA this week.

In February, hackers compromised an FAA public-facing computer and used it to gain access to personally identifiable information, such as Social Security numbers, on 48,000 current and former FAA employees, the report said.

Last year, hackers took control of FAA critical network servers and could have shut them down, which would have seriously disrupted the agency’s mission-support network, the report said. Hackers took over FAA computers in Alaska, becoming “insiders,” according to the report dated Monday.

Then, taking advantage of interconnected networks, hackers later stole an administrator’s password in Oklahoma, installed “malicious codes” with the stolen password and compromised the FAA domain controller in the Western Pacific Region, giving them the access to more than 40,000 FAA user IDs, passwords, and other data used to control a portion of the mission-support network, the report said.

And in 2006, a virus spread to the air traffic control (ATC) systems, forcing the FAA to shut down a portion of its systems in Alaska, according to the report.

The attacks so far have primarily disrupted mission-support functions, but attacks could spread over network connections from those areas to the operational networks where real-time surveillance, communications and flight information is processed, the report warned.

“In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, ATC systems encounter attacks that do serious harm to ATC operations,” the report concluded.

 

An audit of the FAA’s air traffic control cybersecurity protection measures finds them lacking and says there have been several breaches by hackers and a virus.

(Credit: U.S. Department of Transportation, Office of Inspector General)

 

The breaches were possible because Web applications that support the air traffic control system operations are not properly secured to prevent unauthorized access and network intrusion-detection software is not adequately being used to monitor and detect cyberattacks, the report concluded.

The FAA’s increasing use of commercial software and Internet Protocol-based technologies as part of an effort to modernize the air traffic control systems poses a higher security risk to the systems than when they relied primarily on proprietary software, the report said.

“Now, attackers can take advantage of software vulnerabilities in commercial IP products to exploit ATC systems, which is especially worrisome at a time when the Nation is facing increased threats from sophisticated nation-state-sponsored cyber attacks,” the report said.

In general, the nation’s critical infrastructure is increasingly at risk as previously isolated and closed systems are moved to the Internet and commercial software, like Windows, is used, security experts have said.

The air traffic control system auditors said they discovered more than 760 high-risk vulnerabilities in the Web applications tested, including holes that provided “front-door access” to the systems and could allow attackers to inject malicious code onto FAA user computers. Web applications were not adequately configured and the applications with known vulnerabilities were not patched in a timely manner, auditors found.

Meanwhile, intrusion detection systems (IDS) are deployed at only 11 of hundreds of air traffic control facilities and none of the IDS sensors is installed to monitor operational systems at those sites, the report said. Cyber incidents are not effectively monitored or fixed quickly, the report concluded.

In 2008, more than 870 cyber incident alerts were issued to the organization responsible for air traffic control operations and by the end of the year 17 percent (more than 150 incidents) had not been remediated, “including critical incidents in which hackers may have taken over control” of operations computers, the report said.

The FAA is “identifying and fixing weaknesses,” FAA spokeswoman Laura Brown told The Wall Street Journal. “We are working on developing security architecture for that whole system.”

However, Brown dismissed the notion that hackers could get access to critical air traffic control operational systems.

The audit of the air traffic control systems was requested by the ranking minority members of the House Committee on Transportation and Infrastructure and its Aviation Subcommittee.

 

http://news.cnet.com/8301-1009_3-10236028-83.html

Tags: , , , , , , ,
No Comments »

DDoS attacks on the rise.

Recent News | Posted by Dave
May 04 2009

(WEB HOST INDUSTRY REVIEW) — The past few months has seen a rise in large distributed denial of service attacks which threaten to send entire countries offline, raising concerns among Internet security experts in the Internet infrastructure that help contribute to these attacks, according to a report by The Washington Post.

These DDoS attacks use botnets to send large amounts of spam to websites to the point where it cannot handle incoming traffic from its regular visitors.

In the past six months, DDoS monitoring firm Arbor Networks (www.arbornetworks.com) says it has witnessed a rise in the number, sophistication and size of these attacks, while perpetrators seem to be targeting larger ISPs.

Earlier this month, domain registrar Register.com was hit by a major DDoS attack that caused causing intermittent outages for about 48 hours.

The Post article also cites recent DDoS attacks against dedicated managed hosting provider The Planet, which it says was hit by a “massive” DDoS attack on April 6 and 7, as well as Brazillian ISP Telefonica, which lasted for several days.

Though DDoS attacks are typically seen as the work of cyber criminals who are seeking some kind of financial compensation in exchange for retreating these attacks.

All three of the aforementioned companies were performed in precise intervals over a period of days, according to The Post.

Experts say that the nature of these attacks suggest that the hackers were just showing off their malicious capabilities to attract media coverage in an effort to draw interest from criminals that would hire them for their services.

The domain name system contains many DDoS assault attack weaknesses, which is a key component of the Internet.

Since the global DNS system does not yet have a widely deployed system in place to confirm the location of an individual requesting a site’s location, it makes it harder to block DDoS attackers that lie about their location, according to The Post.

Additionally, there has also been a rise in the number of botnets used to attack networks has largely increased because of globally-spreadl viruses like the Conficker worm.

These attacks are significantly easier to defend against as inffective individuals can work with their ISP to find and drop traffic from the Internet source.

ISPs can also improve their defense against DDoS attacks by adopting long-established Internet best practices.

 

Source http://www.thewhir.com/web-hosting-news/050109_Internet_Sees_Rise_in_DDoS_Attacks

Tags: , ,
No Comments »