TweakTown NewsRefine News by Category:
Officials from the United States Federal Reserve have confirmed that hackers stole information from its servers. The information, which was released by Anonymous, was gleaned from a security vulnerability in a website vendor product. The hole has since been patched and never gave access to any critical data.
The information apparently came from a contact database that was kept in case of a natural disaster. A breach of the Federal Reserve servers will certainly shine a spotlight on the agency and cause the public's trust in the Federal Reserve to decline. Furthermore, this should cause the public to question security measures of other top agencies.
The Federal Reserve has actually been compromised before this occasion. Back in 2010, Malaysian hacker Lin Mun Poo hacked into the US Reserve and stole data with the intent to use it to steal money.
Anonymous target bank executives in their latest attack, unleash personal information of over 4000 executives
Anonymous have struck again, this time into the hearts of US banking executives - over 4000 of them. These 4000+ bankers have had their personal information leaked in Anonymous' latest campaign dubbed Operation Last Resort.
Anonymous' campaign is designed to provoke computer crime law reform after the suicide of Internet activist and Reddit co-founder Aaron Swartz. Anonymous have reportedly hacked into the Alabama Criminal Justice Information Center's website over the weekend, where they used the site to host the spreadsheet of the executives' information. This spreadsheet includes the information of bankers' names, phone numbers, computer log-in credentials and IP addresses.
The Twitter account of Anonymous talked about getting the information from Federal Reserve computers, and when contacted for a comment by the Huffington Post, a spokesperson refused to comment on Anonymous' claims, nor would they confirm if a statement was on its way.
In another example of the future being cyber terror and cyber warfare, the US Department of Energy has announced that it was hacked mid-January. The hack reportedly affected several hundred employees, though the agency says that "no classified data was compromised."
This story comes on the heels of The New York Times announcing that they had been the target of Chinese hackers after running a story about the new president of China. The hack appears to have only provided the hackers with personal data of employees, though there is cause for concern as the Department of Energy oversees the US's nuclear research.
The hackers have not been identified, though it appears that they may not be connected with any countries that have previously been accused of hacking.
Just over 24 hours ago we reported that Twitter was experiencing a global outage, but more information has been released by Twitter where they've announced that they were actually victims of some attacks this week.
Twitter took to their company blog where they said during the week they had detected "unusual access patterns" that led them to see that unauthorized attempts to access users' data was made. Twitter actually discovered one attack as it was happening, where they were able to quickly shut it down shortly after.
The social networking site said that the attackers may have had access to information for close to 250,000 different users. Twitter added "usernames, email addresses, session tokens and encrypted/salted versions of passwords" would have been available.
Twitter have since reset the passwords and revoked session token for all affected accounts, with affected users to expect an email notifying them of the reset. Because of the hack, Twitter have taken the time to "echo" the recent advisory by the Department of Homeland Security, who have told users to disable Java on their systems for the best security.
We hope you're brushed up on your hacking skills, as Mega founder (we can't really keep saying MegaUpload founder now, can we?) is offering up a bounty for the first person to break into Mega.
Dotcom is offering a very tidy 10,000 euros (or roughly $13,580) for the first person to break into Mega, where he has offered up the prize for enterprising hackers after the site was criticized for the way it handles security. Mega launched just under two weeks ago now and has since taken 50 million files from users.
Dotcom's bounty offer is a good way to get hackers to break through their security so that they know what to patch up, but we should expect this from a 'beta' of a cloud storage site.
The Pentagon has approved an increase in cyber security staff that would see an increase in the number of staff from around 900 to roughly 4,900. The 4,900 staff members would be composed of both military and civilian personnel and is possibly in response to events such as Anonymous' attack on the US DOJ or the finding of malware on power plants' computers.
Future wars are likely to be conducted in cyber space rather than on the ground with traditional troops and weapons, so it will be important for the US to have a large enough security force that is well trained to protect itself from these future threats. Defense Secretary Leon Panetta acknowledges that the US hasn't invested enough in cyber security:
"We've got good people that are involved in it, but, very frankly, if we're going to stay on the cutting edge of what's happening with regards to the chances that are occurring, we have to invest more in that area," Panetta said in a speech last November.
Google wants hackers to compromise Chrome OS at Pwnium 3 competition, $3.14159M in prizes offered up
Google is one of the leaders when it comes to offering bug bounties. At Pwnium 3, Google has brought lots of money to the table to ensure that Chrome OS is the most secure it can possibly be. By offering up $3.14159 million in prizes, Google hopes to entice the world's best hackers to compromise Chrome OS before someone with bad intentions can.
Prizes will be in two different levels:
- $110,000: browser or system level compromise in guest mode or as a logged-in user, delivered via a web page.
- $150,000: compromise with device persistence - guest to guest with interim reboot, delivered via a web page.
If a hacker is unable to do that, Google isn't hanging them out to dry. Partial awards will be offered for incomplete or unreliable exploits. Attacks must work against a Samsung Series 5 550 Chromebook running the latest Chrome OS if the hacker wishes to collect the prize.
Pwnium 3 will be held at CanSecWest in Vancouver, BC, on March 7. The competition will run at the same time as Pwn2Own, which is taking place at the same place from March 6-8.
Aaron Swartz took his life a couple of weeks ago and we have now seen hacktivist collective Anonymous making a strategic move by hacking a US government website related to the justice system.
They posted on the site informing everyone they would begin leaking a cache of government documents if the justice system is not reformed. Anonymous hacked the website for the United States Sentencing Commission late Friday, where they posted a message about what they're calling "Operation Last Resort", which included a bunch of downloadable, but encrypted files that they say contain sensitive information.
Anonymous' statement reads:
Two weeks ago today, a line was crossed. Two weeks ago today, Aaron Swartz was killed. Killed because he faced an impossible choice. Killed because he was forced into playing a game he could not win -- a twisted and distorted perversion of justice -- a game where the only winning move was not to play.
The United States is again the best at something, though this probably isn't something we want to be the best at. According to data from McAfee, the United States is home to the largest number of botnet servers in the world. Botnet servers are the servers that send commands and receive data back from computers that have been compromised by attackers.
The list may not be completely accurate as often times owners of these botnet C&C servers try to mask their location by using proxies and other methods. However, McAfee's data shows that 631 C&C servers are located in the United States, which is more than two and a half times greater than the British Virgin Islands.
The British Virgin Islands is second on the list with 237 servers. Netherlands, Russia, Germany, and Korea follow with 154, 125, 95, and 81 servers, respectively. The map above shows the number of botnet servers around the world, according to McAfee's data. In the US, it appears the servers are mainly located in Los Angeles, California and Washington DC.
US government declares June 1st and 2nd "National day of Civic Hacking", invites hackers to help improve the country
June 1st and 2nd have officially been named National Day of Civic Hacking. NDCH is a national event in which citizens of all schools of hacking are invited to collaborate with developer and entrepreneurs from all corners of the nation to create, build, and invent new solutions using pubically released code, data and technology to better their community.
The National Day of Civic Hacking will give American's a chance to get back to their roots, roll up our sleeves, and create solutions to problems in their communities. The event will utilize the expertise, knowledge and DIY spirit of those outside of federal, state and local governments.
The source listed below includes a list of participating cities, and even if you are not near one of those, there most likely will be many web based events where you can participate. My local metropolis of Augusta, GA will be one of the host cities and I am sure my local Maker Space, The Clubhouse, will be hosting something as well. So check with your local Hacker Spaces, Maker Spaces, and Tech Clubs to see if they too will be hosting an event.