beforeyoukillyourcomputer.com Saving computers one at a time from their owners

SANTA ANA, California (Reuters) - A computer hacker testified on Wednesday that a News Corp unit hired him to develop pirating software, but denied using it to penetrate the security system of a rival satellite television service.

Christopher Tarnovsky — who said his first payment was $20,000 in cash hidden in electronic devices mailed from Canada — testified in a corporate-spying lawsuit brought against News Corp’s NDS Group by DISH Network Corp.

The trial could result in hundreds of millions of dollars in damage awards.

NDS, which provides security technology to a global satellite network that includes satellite TV service DirecTV, denies the claims, saying it was only engaged in reverse engineering — looking at a technology product to determine how it works, a standard in the electronics industry.

After an introduction by plaintiff’s attorney Chad Hagan as one of the “two best hackers in the world,” Tarnovsky told the court that he was paid on a regular basis by Harper Collins, a publishing arm of News Corp, for 10 years.

Tarnovsky said one of his first projects was to develop a pirating program to make DirectTV more secure.

But lawyers for DISH Network claim Tarnovsky’s mission was to hack into DISH’s satellite network, steal the security code, then flood the market with pirated smart cards costing DISH $900 million in lost revenue and system-repair costs.

Source /Full Story

Unknown miscreants had a good time two weekends ago when they posted hundreds of flashing animated images onto discussion boards hosted by the Landover, Md.-based Epilepsy Foundation. Flashing lights or bold moving patterns can trigger often violent seizures among 3 percent of the estimated 50 million epileptics worldwide.”I was on the phone when it happened, and I couldn’t move and couldn’t speak,” RyAnne Fultz, who has epilepsy, told Wired News about her reaction to viewing one of the images on March 23.

Fultz’s 11-year-old son walked over and closed the browser window after about 10 seconds. Fortunately, she suffered nothing more than a bad headache.

By then, the second day of vandalism on EpilepsyFoundation.org, the jerks had moved on to hijacking the browsers of anyone who clicked on certain forum posts, filling the screens with bright, flashing colors.

Technically, none of this was hacking, since it didn’t involve breaking into anyone’s Web site, and any snotty kid with a rudimentary knowledge of JavaScript could do it.

The Epilepsy Foundation shut off the discussion board on Sunday for about 12 hours, and the attacks stopped.

“This was clearly an act of vandalism with the intent to harm people,” said Eric R. Hargis, the foundation’s president and CEO in a statement released Monday.

However, it doesn’t seem to have been the first instance. A Texas-based discussion Web site called Coping With Epilepsy said it suffered a similar attack last November.

Source

Over the past month, a new type of malicious software has emerged, using a decades-old technique to hide itself from antivirus software.

The malware, called Trojan.Mebroot by Symantec, installs itself on the first part of the computer’s hard drive to be read on startup, then makes changes to the Windows kernel, making it hard for security software to detect it.

Criminals have been installing Trojan.Mebroot, known as a master boot record rootkit, since mid-December, and were able to infect nearly 5,000 users in two separate attacks, staged on Dec. 12 and Dec. 19, according to Verisign’s iDefense Intelligence Team. In order to install the software on a victim’s computer, attackers first lure them to a compromised Web site, which then launches a variety of attacks against the victim’s computer in hopes of finding a way to run the rootkit code on the PC.

Once installed, the malware gives attackers control over the victim’s machine…

“It’s not some new attack vector that’s going to be hard to prevent,” he said. “It’s just something that people haven’t really paid attention to.”

Source/Full Story

WASHINGTON (CNN) — Hackers compromised dozens of Department of Homeland Security computers, moving sensitive information to Chinese-language Web sites, congressional investigators said Monday.

Investigators pointed a finger at a government contractor, saying the firm hired to protect DHS computers tried to hide the incidents from the department.

The FBI is investigating the incidents, a congressional staffer said, and two members of Congress have asked the department’s inspector general to also launch an investigation.

“The results of our [committee] investigation suggest that the department is the victim not only of cyber attacks initiated by foreign entities, but of incompetent and possibly illegal activity by the contractor charged with maintaining security on its networks,” Democratic Reps. Bennie Thompson of Mississippi and James Langevin of Rhode Island said in a written statement.

The lawmakers said committee investigators found dozens of DHS computers were compromised and the incidents “were not noticed until months after the initial attacks.”

The extent of the damage is unclear, but a House Homeland Security Committee staff member said the hackers “took significant amounts of information.”

“We know where it [the information] was taken from, but we don’t know what was taken. We only know how many megabytes was taken,” the staff member said. “Everything was on the LAN A, which was an unclassified network. To the best of our knowledge there was no classified information [taken].”

Full Story and Source

We have seen quite a few stories lately of governments reportedly hacking into other governments but, surprisingly, these stories get little media attention. No blood, no violence, no sex… no interest. Disappointing. This is a new battleground and our government better defend it vigorously. If not, it’s the media’s responsibility to bring it to light for correction. For now, we’ll reserve judgement on whether or not our media or government is “doing their job” but I hope someone’s not asleep at the switch when it’s important to act.

WASHINGTON (AFP) — Several nations and groups are trying to break into the US military’s computer system, the Pentagon said Tuesday after reports China’s military had successfully hacked into the network.

The Chinese military’s cyber-attack was carried out in June following months of efforts, the London-based Financial Times reported Tuesday, citing unnamed current and former US officials.

Officials had told the paper the attack was by China’s People’s Liberation Army (PLA) and that it led to the shutdown of a computer system serving the office of Defense Secretary Robert Gates.

Patrick Ryder, a US Defense Department spokesman, declined to comment on the reported Chinese attack but said the Pentagon “aggressively monitors its networks for intrusions and has appropriate procedures to address” them.

“We know that a number of nations and groups are actively developing these capabilities,” he told AFP.

“We have seen attempts by a variety of state and non-state sponsored organizations to gain unauthorized access to, or otherwise degrade, DoD (Department of Defense) information systems,” he said without identifying them.

Source

The FBI today is urging local wireless network owners to secure their networks in light of a new hacking vulnerability. Network owners who use Wireless Encryption Protocol, or WEP, could have their systems compromised within a minute, starting on Saturday, the FBI’s Birmingham office said at an afternoon press conference.

A new hacking vulnerability is being demonstrated on Saturday by two European researchers, said Dale Miskell, supervisory special agent for the Cyber Crimes Squad. Local networks in particular are in danger from this vulnerability because many are not secure or are running WEP. Miskell said there are almost 500 wireless networks in the area from downtown Birmingham to Interstate 459 and only 5 percent are currently considered secure from this vunerability.

Owners who use Wireless Encryption Protocol, or WEP are being encouraged to change to a more secure protocol, such as WPA2, TKIP or AES. The techniques for changing to a more secure protocol should be easily accessible on the Web site of a user’s wireless router manufacturer, the FBI said.

“These are easy steps people can do to protect themselves,” Miskell said.

Source

Computerworld is reporting that a researcher at Juniper has discovered an interesting vulnerability that can be used to compromise ARM and Xscale based electronic devices such as many popular routers and mobile phones. According to the article, the vulnerability would allow hackers to execute code and compromise personal information or re-direct internet traffic at the router level. Juniper plans to demonstrate not only the researcher’s discovery, but also how he managed to use a common JTAG developed Boundary Scan to discover the vulnerability at this month’s CanSecWest conference in hopes of shifting more of the black hat community to looking at devices instead of software.

Source

“I’m looking forward to getting on the first plane to the United States,” Mitnick, 42, said Wednesday from his hospital room in the Colombian capital, where he said he’d been laid up for about three days with a bad flu…

Mitnick blamed Bogota’s 8,700-foot (2,650-meter) elevation and a prescription drug he was taking for that trip to the hospital.

This time it was simply a nasty flu, accompanied by a fever reaching 40 degrees centigrade (104 degrees Fahrenheit), that prevented Mitnick from attending a big weekend hacker’s conference in New York.

“I tried to get to the airport to get to the plane to New York and just couldn’t make it,” he said.

What an intriguing story; a man with the flu. Well, it is freaking Kevin Mitnick. Anyway, I guess I’m glad he’s getting better as when I first began reading I wondered if he had died and felt a small sense of loss for it.

Source