Tag Archive for 'computer security'

Finally proper sanctions for identity theft

Alberto Gonzales has been sentenced for 20 years in the slammer for stealing credit and debit card information from an unsecured wireless network of T.J. Maxx and then pilfering the accounts for millions of dollars at ATMs around the country.

Hopefully this is a first of many hard sentences against credit card scammers.


Congressional aide to U.S. Rep. Denny Rehberg (R-MT) commits a felony crime

Todd Shriber, 28-year-old communications director for Representative Denny Rehberg (R-MT), has been exposed to have solicited two computer hackers to commit felony crimes.

It appears Mr. Shriber felt his college grades weren’t good enough and engaged two well known operators of the website attrition.org in an email conversation about hacking into the computer system of Mr. Shriber’s College to alter his grades. The school he went to: Texas Christian University. Thou shalt not steal, Mr. Shriber?

What Mr. Shriber didn’t know is that attrition.org operators are white-hat hackers and had no intention of going through with the plan. Instead they strung him along and finally posted the entire Email conversation on their website. A reporter investigating the story then found out Mr. Shriber’s true identity.

Mr. Shriber was fired from his congressional aide position.

There is no word, as of yet, on any possible arrest warrant issued for him. Soliciting someone to commit a felony crime is a crime in itself. Federal guidelines state soliciting felony crimes should be punishable by half the sentence of the crime being solicited.

The email conversation is posted on attrition.org website.

More links to the press coverage on the story:
Talking Points Memo


Jeanson James Ancheta goes to jail for 57 months

Jeanson James Ancheta has been sentenced to 57 month prison sentence for his botmaster activities. He ran a zombie network that was used to attack several DOD computers, which is probably why he’s in the slammer for such a long time.

He was basically selling timeshares on his zombie network to whoever had a need for a DDOS, hack-by-proxy or spam activities.


What goes on in the mind of a father of a botnet operator

“I told my dad I had made an Internet worm that infected people, and then I used their computers to make money, and he just shook his head and was, like, ‘I hope you don’t go to jail for that . . .’ and . . . ‘I hope it wasn’t underage porn you was doing.'”

That’s what goes on in the mind of a father of one of FBI’s most wanted cyber criminals. No wonder his son is a criminal. He just doesn’t give a fuck his son is breaking several laws in multiple countries.

Nuke the double-wide they live in and all their other offspring, too. That’d solve the disease.

Update: The story on 0x80 in Washington Post had a photo. Before publishing the photo on the washingtonpost.com, they forgot to clean out the metadata on it. Here’s the metadata:

SLUG: mag/hacker
DATE: 12/19/2005
id#: LOCATION: Roland, OK
PICTURED: Canon Canon EOS 20D
Adobe Photoshop CS2 Macintosh 2006:02:16 15:44:49 Sarah L. Voisin

Roland, OK has a population of less than 3000 people. This guy is going to get caught. Bragging always gets these assholes in trouble.

Links related to the metadata revelation:

The Inquirer
Slashdot discussion


Sony in the virus manufacturing business

The first trojan to exploit Sony’s wonderful DRM scheme has been spotted in the wild. Some enterprising virus writer sent spam overnight with a modified trojan that takes advantage of Sony’s DRM security holes.

Apparently the trojan was coded in too much of a hurry because it’s not working as intended. Nothing’s preventing someone from doing a better job at it though.

More information about the trojan by Sophos


Rootkits are a-ok by Sony

NPR recently interviewed Thomas Hesse, president of Sony BMG’s Global Digital Business division, regarding the DRM scheme Sony BMG is using on some of their music CDs.

Mr. Hesse had this to say about their rootkits:

“Most people I think don’t even know what a root kit is so why should they care about it”

That comment shows a complete lack of understanding regarding computer security issues. It’s not “most people” you have to worry about, it’s the bad actors, who are the ones who WOULD know about exploiting the security hole created by Sony. “Most people”, precisely because they don’t know what a rootkit is, would never know how to protect themselves against exploits helped by Sony’s cluelessness.

Here’s further evidence of Sony’s cluelessness. Mark Curtis’ daughter bought a Sony BMG music cd from Walmart. The CD does not play on any music player, including stereo equipment, the family owns. The DRM software is causing the family computer to BSOD immediately after bootup. Walmart is refusing a refund. Sony is saying to install a patch to get rid of the DRM program. How would one do that, if the computer doesn’t boot up any more?


Microsoft to reimburse for damage caused by their faulty software

So you download the new anti-spyware tool from Microsoft cause your wife has installed every bargain hunting spyware, pop-up ad, get rich scheme application on the family computer.

You run the application and it destroys your files, including the collection of mp3s you bought from allofmp3.com for 10 billion rubles.

Fear not, Microsoft will reimburse you for the damage. Up to $5 USD.

Oh my god, I’m, like, so going to install that application. Awesome!


T-Mobile – more holes than in swiss cheese

The scorecard so far:

Paris Hilton cracks: 2
Fred Durst cracks: 1

T-Mobile customers lost: ???

I wouldn’t choose T-Mobile as my cellphone provider, if I was a celebrity.

Incidentally I did switch from T-Mobile over their handling of the big cracking incident late last year. They had known the cracker had access to their customer information for months, yet failed to plug the hole and notify impacted customers, except Paris Hilton, who apparently was important enough.


Financial supporters of spyware

Looks like some VC firms really like aiding and abetting spyware companies. Here’s a list:

Spectrum Equity Investors
U.S. Venture Partners
Crosslink Capital
Garage Technology Ventures
Rosewood Stone Group
Investor AB
Technology Crossover Ventures
Insight Venture Partners
Technology Investment Capital Corp


T-Mobile does not inform customers their customer database cracked

Apparently a cracker gained full access to the entire T-Mobile customer database sometime in 2003. The feds got a wind of the breach by March 2004, because the crackpot was selling confidential Secret Service documents online. T-Mobile was made aware of it by the feds in July 2004, although it is possible they also knew of the breach earlier.

What did T-Mobile do to protect the identity and confidential information of its customers? Nothing. Not a single warning was sent to customers, they did not force customers to change their passwords, they simply wished customers didn’t notice. This, btw, is illegal (civil) in California provided a law enforcement agency did not ask the company to postpone notifying the customers.

As a T-Mobile customer I’m amazed by the irresponsibility of T-Mobile. Thankfully my one-year contract with them is already expired and I’m free to switch to any provider I choose.

1/13/05 Edit: T-Mobile claims cracker only had access to 400 customers and all those customers were notified as soon as T-Mobile found out about the breach. I wonder, if T-Mobile knew at 2003, why the cracker still had access to a Secret Service agent’s account in March 2004.