Hidden motion sensors in mobile phones can allow criminals to steal banking details and passwords, new research indicates.
Cyber experts believe hackers can access the information simply from the way a mobile phone tilts while being held.
Hidden motion sensors in mobile phones can allow criminals to steal banking details and passwords, new research indicates.
Cyber experts believe hackers can access the information simply from the way a mobile phone tilts while being held.
Hackers thought to be working for the Russian government breached the unclassified White House computer networks in recent weeks, sources said, resulting in temporary disruptions to some services while cybersecurity teams worked to contain the intrusion.
White House officials, speaking on the condition of anonymity to discuss an ongoing investigation, said that the intruders did not damage any of the systems and that, to date, there is no evidence the classified network was hacked.
“In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network,” said one White House official. “We took immediate measures to evaluate and mitigate the activity. . . . Unfortunately, some of that resulted in the disruption of regular services to users. But people were on it and are dealing with it.”
The FBI, Secret Service and National Security Agency are all involved in the investigation. White House officials are not commenting on who was behind the intrusion or how much data, if any, was taken.
“Certainly a variety of actors find our networks to be attractive targets and seek access to sensitive information,” the White House official said. “We are still assessing the activity of concern.”
U.S. officials were alerted to the breach by an ally, sources said.
Recent reports by security firms have identified cyber-espionage campaigns by Russian hackers thought to be working for the government. Targets have included NATO, the Ukrainian government and U.S. defense contractors. Russia is regarded by U.S. officials as being in the top tier of states with cyber-capabilities.
In the case of the White House, the nature of the target is consistent with a state-sponsored campaign, sources said.
The breach was discovered two to three weeks ago, sources said. Some staffers were asked to change their passwords. Intranet or VPN access was shut off for awhile, but the email system, apart from some minor delays, was never down, sources said.
White House officials said that such an intrusion was not unexpected.
“On a regular basis, there are bad actors out there who are attempting to achieve intrusions into our system,” said a second White House official. “This is a constant battle for the government and our sensitive government computer systems, so it’s always a concern for us that individuals are trying to compromise systems and get access to our networks.”
The Russian intelligence service was believed to have been behind a breach of the U.S. military’s classified networks, which was discovered in 2008. The operation to contain the intrusion and clean up the computers, called Buckshot Yankee, took months.
That incident helped galvanize the effort to create U.S. Cyber Command, a military organization dedicated to defending the country’s critical computer systems — including those in the private sector — against foreign cyberattack, as well as helping combatant commanders in operations against adversaries. The command is expected to have some 6,000 personnel by 2016, officials said.
When directed by the president or defense secretary, Cyber Command can undertake offensive operations.
A whole lot of people are about to have a very bad night.
The Daily Dot is currently working to verify the authenticity of the files and the user data they purportedly contain.
If the data is authentic, this could be the promised follow through after a headline-grabbing hack of the website took place last month by a group of hackers calling themselves Impact Team.
The hackers said the breach of the site came in response to what they describe as dishonest business practices by Ashley Madison and its parent company, Avid Life Media.
Release of the data may mean that more than 36 million members in 46 countries stand to have personal information revealed to the public. The data reportedly includes credit card info, login credentials, and of course, the intimate details of their possible affairs.
In some countries, adultery is more than embarrassing—it’s illegal, and exposed Ashley Madison users are at risk of criminal charges. Blackmailers, divorce attorneys, and others may profit off the data as well.
It will likely be difficult or impossible to verify the files, however. Reports are already circulating that the files include individuals from the U.K. government as well as world-famous people, like former British Prime Minister Tony Blair.
There’s no reason to believe Blair is actually on the site because anyone can create an account using names and email addresses from other individuals.
Even if the files are somehow verified, many argue that actually publicizing the details is the wrong move.
“It’s not up to a group of hackers—or the public—to dictate how these users’ relationships pan out, let alone force the issue of alleged cheating,” The Daily Dot’s Derrick Clifton argued. “Even if there’s one name on the list that belongs to someone we know, the manner in which we learn about their sexual behaviors matters as much as the act itself.”
While some claim to have confirmed that certain leaked data belonged to legitimate Ashley Madison users, the journalist who broke the story of the site’s data breach, Brian Krebs, reports that Ashley Madison’s security experts have not yet confirmed the data’s authenticity.
Raja Bhatia, Ashley Madison’s chief technology officer, told Krebs that his team of devoted investigators has reviewed more than 100GB of data purporting to be from the site’s databases. Little of it, Bhatia said, has proved legitimate.
“The overwhelming amount of data released in the last three weeks is fake data,” Bhatia said.
Bhatia specifically points to the fact that the leaked data contains credit card transaction information—a detail the Daily Dot has confirmed—that Ashley Madison allegedly does not store on its servers.
“There’s definitely not credit card information, because we don’t store that,” Bhatia said. “We use transaction IDs, just like every other PCI-compliant merchant processor. If there is full credit card data in a dump, it’s not from us, because we don’t even have that.”
In a statement, Ashley Madison acknowledged the data dump, but neither confirmed nor denied whether the information came from its servers. The company further iterated that the hack, which is not in question, was “an act of criminality
He seems like an American success story: an ambitious Russian who came to the U.S. and went from business school to Wall Street to his own hedge fund.
But somewhere along the way, U.S. authorities say, Vitaly Korchevsky began orchestrating a new type of financial crime.
Korchevsky, 50, was one of several men arrested Tuesday morning in the biggest case of insider trading linked to the fast-growing threat of global cybercrime. Charges against him were unsealed Tuesday in Brooklyn, New York federal court.
The alleged scheme stretched from the affluent suburbs of Philadelphia, where Korchevsky ran a small investment fund, to the darkest realms of the Internet.
Working from Russia or Ukraine, hackers infiltrated several computer systems used by corporations to report sensitive information like earnings and then, allegedly with Korchevsky’s help, made millions of dollars trading on the confidential data, people familiar with the matter say.
Little that is known about Korchevsky seems to hint at his alleged role in bringing together these two illicit worlds. Less than prominent in financial circles, he has spent a decade and a half moving from one mid-level job to the next.
After completing university in Russia, Korchevsky collected an MBA in 1995 from Regent University, a private Christian institution founded by the televangelist Pat Robertson. He also passed the Chartered Financial Analyst exam, considered the gold standard among financial professionals.
By 1999 he was working in the asset management division of Morgan Stanley, where he helped manage several Invesco American Value funds, according to Morningstar.
From there he joined Victus Capital in New York and then Investment Counselors of Maryland in Baltimore. He left in 2009, two years before registering his own hedge fund, NTS Capital Fund, in Glen Mills, Pennsylvania.
Other than traffic violations, Korchevsky’s U.S. legal record appears clean, as is his official Wall Street record filed with the Financial Industry Regulatory Authority.
In an era of high-profile Wall Street scandals, the scheme laid out by prosecutors is relatively small in dollar terms. U.S. prosecutors said the nine men netted $30 million.
However, a broader, parallel lawsuit filed Tuesday by the Securities and Exchange Commission listed 17 men, including the nine charged, and 15 companies as defendants in a scheme that allegedly earned more than $100 million.
The regulator said Korchevsky made about $17.5 million in illicit profits. By comparison, the insider trading scheme hatched by Galleon Group LLC co-founder Raj Rajaratnam netted about $72 million, while the $275 million insider trading case of SAC Capital Advisors LP portfolio manager Mathew Martoma was called the biggest ever against a single person.
Nonetheless, the confluence of computer hacking and insider trading raises the stakes for investors and federal authorities.
Thought to be in Ukraine and possibly Russia, the hackers infiltrated the computer servers of PRNewswire Association LLC, Marketwired and Business Wire, a unit of Warren Buffett’s Berkshire Hathaway Inc., according to a person familiar with the matter. They stole more than 150,000 press releases over the duration of the scheme.
They then allegedly fed the information to Korchevsky and others in the U.S. who used it to buy and sell shares of dozens of big companies, including Panera Bread Co., Boeing Co., Oracle Corp., Hewlett-Packard Co. and Caterpillar Inc., ahead of the news.
The defendants traded in personal brokerage accounts and then siphoned the money offshore through Estonian banks, the person said.
Korchevsky was taken into custody at his home in Glen Mills, where he operated NTS Capital. NTS has made no filings since its initial one four years ago, and it’s unclear if the fund is still in operation. Korchevsky is now facing securities fraud and conspiracy charges by federal prosecutors in Brooklyn.
He is scheduled to make his first court appearance Tuesday afternoon in Philadelphia federal court.
Computer hackers stole 1 billion email addresses from US marketing companies in what federal authorities called one of the largest reported data breaches in history.
Three people were indicted on federal charges after they allegedly netted US$2 million in commissions from millions of spam emails that routed recipients to websites selling software and other products.
That means the defendants would have averaged just a fraction of a penny for each of the stolen email addresses. Still, authorities said the case is significant because of the scale of the information stolen.
John Horn, the acting US attorney based in Atlanta, said hackers targeted marketing companies that send bulk emails to customers of their commercial clients. They gained access to the firms’ computer systems by sending emails with hidden malware to the marketing companies’ employees.
The hackers not only stole hundreds of millions of email addresses, Horn said, but they also succeeded in using the marketing firms’ own systems to send the hackers’ spam messages.
One of the defendants, 25-year-old Vietnamese citizen Giang Hoang Vu, pleaded guilty to a single count of conspiracy to commit computer fraud before a federal judge last month. He has not been sentenced.
A second Vietnamese citizen, 28-year-old Viet Quoc Nguyen, has been indicted on 29 counts including charges of wire fraud and computer fraud. David-Manuel Santos Da Silva, 33, of Montreal, Canada, is charged with taking part in a money-laundering conspiracy. Prosecutors say he entered into a marketing agreement with the others that enabled them to profit from sales generated by the spam emails.
Officials said Da Silva was arrested in Florida last month. Nguyen remains a fugitive.
U.S. District Court records Friday did not have a defense attorney listed for Da Silva.
The case is being prosecuted in Georgia because that’s where computer servers were located for two of the marketing firms that got hacked. Nguyen and Vu were indicted in October 2012, but those charges were sealed from public view until after the case against Da Silva was filed Wednesday.
Thanks to a few prominent attacks, the word “hacker” has likely shown up in your news feed pretty often in the last year. And it’s likely to pop up a lot more.
Hackers can target bank information, PIN numbers, passwords—like they did with Target and other retail giants—but they also can stroke mayhem by shutting down a widely-used site or service.
There’s others types of sensitive information that can also be targeted: last year Hollywood celebrities had their iCloud accounts hacked, and their nude photos were released to the public.
Additionally, Sony’s emails and other documents were leaked, allegedly by hackers from North Korea. These types of attacks were done by “Black hat” hackers. Why the nickname?
Because not all hackers are in it for the destruction. “Black hat” hackers hack to exploit data, “White hat” hackers hack to make systems more secure (and make money legally), and “Grey hat” hackers fall somewhere in between. The ones that make the 5 o’clock news are likely going to be black hat.
Here are 15 of the most dangerously skilled hackers to have taunted governments, brought down websites, and made millions for themselves—before finally getting caught.
Alias: The Homeless Hacker
Adrian Lamo gained recognition by breaking into the computer networks of The New York Times, Google, Yahoo!, and Microsoft before he was arrested in 2003. He was known as the “Homeless Hacker” because of his habit of using coffee shops and libraries as his command centers. His hacking caught up to him when he attacked the Times in 2002, gaining access to the personal information of people who’ve written for the paper, and adding his name to their database of expert sources. After a 15-month investigation by prosecutors, a warrant was placed for his arrest and Lamo surrendered in California. He negotiated a plea bargain that gave him six months of house arrest, and he avoided serving jail time.
His life after this point hasn’t been pretty. He was accused of using a gun on a girlfriend, and was placed in a psychiatric hold in an unrelated incident and was diagnosed with Asperger syndrome. But the biggest controversy of all is that Lamo was the one who reported Chelsea Manning to U.S. authorities after she leaked hundreds of thousands of government documents. His nickname amongst hackers after that was “snitch.”
The California native became the first hacker to be charged with controlling an army of hijacked computers—called botnets—to send large quantities of spam across the Internet. He used the worm “rxbot” in 2004 to take control of 500,000 computers (which included U.S. military computers) and used their combined strength to take down major sites. He then put out ads for his services, and offered clients the opportunity to take down any website they wanted, for a price. Ancheta was caught in 2005 when one of his clients turned out to be an undercover FBI agent. He had to give up the $58,000 he made from hacking, pay back $16,000, give up his BMW, and serve 60 months in prison.
The hacker known as “ASTRA” was never publicly identified, but is said to have been a 58-year-old mathematician when he was arrested in 2008. Greek authorities said that he hacked into the systems of the aviation company, Dassault Group, for about half a decade. In that time, he stole weapons technology information about the company’s jet fighters and other military aircraft, and sold it to different countries. It’s said that he sold this data to nearly 250 people in the Middle East, Brazil, France, Germany, Italy, and South Africa, all for $1,000 a pop. The damages to Dassault amounted to more than $360 million.
In 2008, 18-year-old Owen Thor Walker pleaded guilty to six charges of cyber crime. He led an international hacker network that broke into 1.3 million computers, and infiltrated bank accounts to take more than $20 million. He was only 17 when the thefts began, but because he was homeschooled starting at 13, this left him time to learn programming and encryption. Overall he only made $32,000 from his hacking efforts, since he only wrote the code that the other members in the network used to steal the money. He pleaded guilty, wasn’t convicted, and only had to payback $11,000. He’s now advising companies on online security.
Alias: Dark Dante
Kevin Poulsen was the first American to be banned from the Internet and computers after being released from prison. In the late ’80s and early ’90s, Poulsen hacked into phone lines. He became famous when he hacked into the lines of L.A. radio station KIIS FM so that he would be the 102nd caller—winning him a Porsche. When the FBI went looking for him, he went on the run (and when he appeared on the show Unsolved Mysteries, the phone lines for the television station crashed by, you know, coincidence). When he was caught, he served five years in prison and was banned for three years from using the Internet or computers.
He’s now a writer for Wired, and wrote an article about sex offenders on MySpace that got one person arrested. Tweet him here.
Alias: CumbaJohnny, Segvec, SoupNazi, KingChilli
Albert Gonzalez founded, which amassed some 4,000 members. Members of the site could buy or sell stolen bank account numbers or fakepassports, drivers’ licenses, Social Security cards, credit cards, debit cards, birth certificates, college student identification cards, and health insurance cards. It’s said that more than 170 million credit and debit cards were swapped on the site from 2005 to 2007.
Gonzalez, from Florida, wasn’t low-key about spending his money; he was known for booking stays in high-class hotels for days and once throwing a $75,000 party. He was charged with having 15 fake bank cards while in New Jersey, but avoided serving time when he gave evidence to the Secret Service about 19 other ShadowCrew members.
He then returned to Miami and, with a team of 10 others, hacked TJX Companies (which own T.J. Maxx and a bunch of other stores), and stole 45 million credit and debit card numbers over 18 months until 2007. He was arrested in May 2008 and won’t be out of prison until 2025. There’s a great The New York Times Magazine profile of him here.
Alias: The Condor, The Darkside Hacker
Kevin Mitnick didn’t refer to what he was doing as hacking—instead, he liked to call it “social engineering.”
He started “social engineering” when he was 15, when he learned how to bypass the punch card system for Los Angeles city buses by finding tickets in a dumpster and getting a bus driver to tell him where he could buy his own ticket punch. Later he graduated to the big time by breaking into the networks of Pacific Bell, Nokia, IBM, Motorola, and a few other companies.
When he was arrested in 1995, his skills were so threatening to the judge ruling over his case that he was placed in solitary confinement because it was thought he could start a nuclear war by whistling codes into a payphone. After serving 12 months in prison and going on three years of supervised release, he continued hacking, and went on the run for almost three years using cloned cell phones to hide his location. He was sentenced to prison for four years in 1999, and was the most-wanted computer criminal in the country at the time.
Now he’s a security consultant (aka: White hat) and is the author of two books. You can tweet him here.
Age: 24 (at the time of his death)
Jonathan James was the first juvenile to be convicted and jailed for hacking in the United States. Starting at 15, he hacked into Bell South, the Miami-Dade school system, NASA, and the Department of Defense, and stole software said to have been worth $1.7 million from the government. He intercepted the source code of the International Space Station, which, when discovered, caused NASA to shut down its computers for three weeks, costing $41,000. He was sentenced to six months of house arrest and probation until he turned 18. Even worse? The court required him to write letters of apology to NASA and the Department of Defense.
After Albert Gonzalez’s hacker team stole credit and debit card information from TJX in 2007, the Secret Service investigated James, who claimed he had nothing to do with the thefts. Out of fear of being prosecuted for crimes he didn’t commit, James killed himself in his shower in May 2008. “I have no faith in the ‘justice’ system,” his suicide note said. “Perhaps my actions today, and this letter, will send a stronger message to the public. Either way, I have lost control over this situation, and this is my only way to regain control.”
Levin’s story is like Casino Royale in real life; working with three others, the hacker transferred a portion of $10.7M to his bank account from a handful of large Citibank accounts from all over the world—all while sitting in his apartment in St. Petersburg. Yet, he didn’t use the Internet; instead he usedtelecommunications systems, and listened to customers phone calls to get their account numbers and PINs. Authorities were able to recover only $400,000 from Levin’s theft after his accomplices gave him up when they were arrested. In 1998 he was ordered to pay back $240,000 to Citibank and sentenced to three years in jail. His whereabouts are unknown today.
Gary McKinnon hacked nearly 100 American military and NASA servers from February 2001 to March 2002. What’s even crazier is he did it all from his girlfriend’s aunt’s house in London. He managed to delete sensitive data, software, and files, and the U.S. government spent over $700,000 to recover from the damage. He taunted the military while he was at it, posting this message to their website: “Your security system is crap. I am Solo. I will continue to disrupt at the highest levels.”
McKinnon is an interesting guy. He’s said his main inspiration for the attack was The Hacker’s Handbook by Hugo Cornwall. While hacking NASA, he purposely looked for files that contained evidence of extraterrestrials. He told Wired in 2006 that he found them, too. “A NASA photographic expert said that there was a Building 8 at Johnson Space Center where they regularly airbrushed out images of UFOs from the high-resolution satellite imaging,” he said. “I logged on to NASA and was able to access this department. They had huge, high-resolution images stored in their picture files. They had filtered and unfiltered, or processed and unprocessed, files.” He currently still lives in Britain.
To ring in the new millennium, Michael Calce launched denial-of-services attacks against Amazon, CNN, eBay, Yahoo!, and Dell. Back then, Yahoo! was the world’s leading search engine before Google, and Calce’s attack—which he dubbed ProjectRivolta—caused it to go down for about an hour. President Bill Clinton convened acybersecurity task force and the country was on the hunt for “Mafiaboy.” He was caught a short time later after he bragged about the attacks in a chat room. In 2001, he was sentenced to eight months of open custody, restricted use of the Internet, and a small fine. A little lenient for such a big attack, no? Well, yeah it was, because Calce was still in high school at the time. “The sense of power I felt was overwhelming,” he wrote. “It was also addictive.”
Alias: Kuji (Bevan) and Datastream Cowboy (Pryce)
Age: 41 (Bevan) and 35 (Pryce)
This British hacking duo took the U.S. government for a ride when they attacked the Pentagon’s network for several weeks in 1994. They copied battlefield simulations from Griffiss Air Force Base in New York, intercepted messages from U.S. agents in North Korea, and got access into a Korean nuclear facility. Pryce was a 16-year-old then, and Bevan was 21 (he’s thought to have been tutoring Pryce).
The hacking attacks were especially troublesome for the U.S. government because they couldn’t tell if the duo was using their system to hack into a South or North Korea—if it were North Korea, the attacks could’ve been seen as an act of war. Luckily, South Korea was the hackers’ target, and after an international investigation, they were arrested in the following year.
The Syrian Electronic Army is a unique group. They sprung up in 2011, and backed the regime of Syrian President Bashar al-Assad (it’s thought they could be supported by the Syrian government). While the group isn’t very sophisticated, they’ve attacked a large number of high-profile organizations and hundreds of websites. They primarily use spamming, malware, phishing, and denial of service attacks. Their first two years of existence saw just a handful of attacks, but in 2013 and 2014 the group launched dozens each year.
Of course, they even have their own Twitter account.
If you’re a gamer, you’re likely familiar with Lizard Squad. The Black hat group took down both the PlayStation and Xbox gaming networks on Christmas Day last year. The crew formed in August 2014, and claimed to be behind outages of gaming networks that support League of Legends and Destiny, by using denial-of-service attacks (if you can’t tell, this happens to be most hacker groups’ favorite kind of attack.) In fact, they’re currently selling the DDoS attack on their website for use by anyone willing to shell out the money.
Lizard Squad is as well known for making false hacking claims as they are for taking down video game networks. They’ve claimed to have taken down Tinder, Facebook, and Instagram, and have said they would release nude pictures of Taylor Swift. Two people have been arrested as alleged members of the group, Vinnie Omari, a 22-year-old from Britain, and a 17-year-old known as “Ryan.”
By far the best hacking group to have gotten its style cues from a comic book character, Anonymous is comprised of “hacktivists” who get involved in political and international events. The group originated on 4chan around 2003, when members posting under the alias “anonymous” started the joke that there was a single person with the name Anonymous who’s been talking to himself the whole time.
The collective was associated with pranks and trolling until 2008, when they launched a coordinated attack on the Church of Scientology under the name “Project Chanology.” They’ve since gotten involved with the aftermath of the shooting of Michael Brown, Tamir Rice, and Charlie Hebdo, by leaking documents or taking down the websites. They launched an attack on the KKK in November, which saw them releasing identities and taking down their social media accounts.
Natalie Portman, Tom Hanks, Daniel Craig, and other A-list (and B-list) stars are the latest to feel the effects of Sony’s hackers.
In new documents obtained by Fusion, aliases that actors used to protect themselves while working on Sony projects have been revealed to the public.
The documents were leaked by the “Guardians of Peace” hacker group, which earlier Monday posted a message online demanding that Sony pull “The Interview,” a James Franco and Seth Rogen comedy about two journalists recruited by the CIA to assassinate North Korean leader Kim Jong-un.
Ahead of the film’s Dec. 25 release, Sony has experienced a series of scary cyberattacks.
Check out some of the fake names used by actors below revealed in the latest leak (via Fusion):
Tom Hanks: goes by “Harry Lauder” and “Johnny Madrid” (the former of which was the name of a famous Scottish comedian, and the latter of which may be a reference to a character on “Lancer,” a 1960s Western series)
Tobey Maguire: goes by “Neil Deep”
Natalie Portman: goes by “Lauren Brown”
Clive Owen: goes by “Robert Fenton” (his wife’s name is Sarah-Jane Fenton)
Rob Schneider: goes by “Nazzo Good” (not so good – get it?)
Jude Law: goes by “Mr. Perry”
Daniel Craig: goes by “Olwen Williams” (an homage to his grandfather, Olwyn Williams)
Jessica Alba: goes by “Cash Money” (her husband’s name is Cash Warren)
Ice Cube: goes by “Darius Stone” and “O’Shea Jackson” (the former of which was his character’s name in XXX: State of the Union, and the latter of which is his actual name)
On Monday, Sony CEO Michael Lynton sent a company-wide memo in which he said the studio was doing everything it could to protect employees after a series of cyberattacks that revealed their personal information, including Social Security numbers and addresses.
Lynton, whose $3 million salary was revealed in one of the leaks by hackers, promised staffers the FBI “have dedicated their senior staff to this global investigation” and that “recognized experts are working on this matter and looking out for our security.”