Global Cybercrime Bank Heist snatches 45 Million Dollars
Ziemlich dicke Crime-Story über einen global übers Netz und Geldautomaten ausgeführten Bankraub, bei dem sie in 27 Ländern insgesamt 45 Millionen Dollar erbeutet haben.
Reuters: Huge cyber bank theft spans 27 countries: „In one of the biggest ever bank heists, a global cyber crime ring stole $45 million from two Middle Eastern banks by hacking into credit card processing firms and withdrawing money from ATMs in 27 countries, U.S. prosecutors said on Thursday.“
It was, prosecutors said, one of the largest heists in New York City history, rivaling the 1978 Lufthansa robbery, which inspired the movie “Goodfellas.”
Beyond the sheer amount of money involved, law enforcement officials said, the thefts underscored the vulnerability of financial institutions around the world to clever criminals working to stay a step ahead of the latest technologies designed to thwart them.
“In the place of guns and masks, this cybercrime organization used laptops and the Internet,” said Loretta E. Lynch, the United States attorney in Brooklyn. “Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City, with the defendants fanning out across Manhattan to steal millions of dollars from hundreds of A.T.M.’s in a matter of hours.”
NYTimes: In Hours, Thieves Took $45 Million in A.T.M. Scheme
Google Building hacked
Zwei Wissenschaftler haben sich in die Systeme von Googles Hauptquartier in Australien gehackt. Ein bisschen schade, dass sie nichts damit angestellt haben…
Two security researchers recently found that they could easily hack the building management system for the corporate giant’s Wharf 7 headquarters overlooking the water in the Pyrmont section of Sydney, Australia. […]
The panels showed buttons marked “active overrides,” “active alarms,” “alarm console,” “LAN Diagram,” “schedule,” and a button marked “BMS key” for Building Management System key.
There was also a button marked “AfterHours Button” with a hammer on it.
Researchers Hack Building Control System at Google’s Australian HQ
Jailbroken Google Glasses: Check.
#ifihadglass I would jailbreak it and modify the software (obviously). As Google actually sold me one; I did my part. cache.saurik.com/tinyimg/glassb…
— Jay Freeman (saurik) (@saurik) 26. April 2013
Jay Freeman, Entwickler von Cydia, hat Google Glasses gehackt. Natürlich hat er das. (via Reddit)
Derweil hat Robert Scoble auf G+ ein längeres Review der Glasses getippt. Man muss da natürlich den Web2.0-Guru-Hype-Bullshit abziehen, aber da stehen durchaus ein paar ziemlich interessante Sachen drin: „At NextWeb 50 people surrounded me and wouldn’t let me leave until they had a chance at trying them. I haven’t seen that kind of product angst at a conference for a while. This happened to me all week long, it is just crazy.“
Exposed Webcam Viewer
Nice, ein Webcam-Viewer. Ich krieg da sehr oft kaputte Cam-Feeds, die besten Ergebnisse habe ich mit einem Klick auf Random. Und Vorsicht: „Depending on where you live, using this viewer may be considered illegal for various reasons. However, the viewer itself uses no malicious exploits in order to produce an image.“
The viewer has a database of webcam feed URLs which is updated regularly. The feeds that are detected as online (i.e. accessible) are displayed in the viewer. The default layout ia a 4×4 grid, which you can alter at the bottom of the page. […]
A lot of cameras can be found using Google if you know which search string to use (and you have a lot of patience). I also used Shodan (a search engine created by John Matherly) to get a large number of potential webcam feeds. […] At the moment, I’m using a bash script with curl to check the HTTP response code of the webcam feed. This works 99% of the time. When it doesn’t work, I manually check the feed and update the database accordingly. The script runs regularly to ensure that offline cameras are not displayed in the viewer that often.
Kids Hackathon in Berlin:
„HacKIDemia, OpenTechSchool and Toywheel are bringing the hackathon format of working together on technology in interactive workshops to the world of Kids in Berlin with their first Kids Hackathon on Sunday, April 28th 2013.“
Eclectic Methods Hacker-Mashup
Johnny von Eclectic Method writes:
You don’t use the same password over and over right? Let’s be honest this is the day and age of the hacker. Eclectic Method brings you “Hackers” , Hollywood’s celebration of basement dwelling 128 bit encryption masters. They’ll shut down before you can trace them, hack into the mainframe and go straight for the kernel, hell they might even insert a worm on the back of a trojan. Keanu Reeves has been one, Angelina Jolie has been one and Matthew Broderick was one before he was Ferris Bueller.
Shall we play a game? Spot every movie in this hackisode….
Planes hacked while in Autopilot
Auf der Hack in the Box Security-Konference in Amsterdam hat Security-Berater Hugo Teso gezeigt, wie er mit einem Android Phone Flugzeuge im Autopilot hacken und soweit kontrollieren kann, dass er die Dinger steuern und die Sauerstoffmasken im Passagierraum runterlassen kann. Er hat das „nur“ mit Flugsimulatoren gezeigt, meint aber, das würde auch bei echten Flugzeugen funktionieren. Heavy!
Teso used ACARS to exploit and break into the airplane’s onboard computer system and then upload Flight Management System (FMS) data. FMS could be uploaded by software defined radio and ground service providers.
Once he was into the airplane’s computer, he was able to manipulate the steering of a Boeing jet while the aircraft was in “autopilot” mode. The only countermeasure available to pilots, if they even realized they were being hacked, would be to turn off autopilot. Yet many planes no longer have old analog instruments for manual flying. Teso said he could take control of most all airplane systems; he could even cause the plane to crash by setting it on a collision course with another plane. He could also give the passengers a serious adrenaline rush by making the oxygen masks drop down.
Hacker uses an Android to remotely attack and hijack an airplane, hier das PDF: Aircraft Hacking Practical Aero Series
[update] heise.de: App hackt Flugzeug
Teso hat als Proof-of-Concept ein System aus Hard- und Software zusammengestellt, um die Kommunikation zwischen Flugzeugen und Bodenkontrollsystemen realistisch simulieren zu können. Die nötigen Komponenten echter Flugzeug-Hardware kaufte er unter anderem bei eBay und von Schrotthändlern. Über Schwachstellen konnte Teslo sein selbstentwickeltes Angriffsframework namens SIMON in das FMS einschleusen. Damit kann er nach eigenen Angaben jederzeit neue Steuerbefehle an den Bordcomputer schicken. Ausgeführt werden diese allerdings nur, solange der Autopilot aktiv ist.
Der Angriff funktioniert bislang nur unter Laborbedingungen, soll sich aber prinzipiell auch auf echte Flugzeuge übertragen lassen.
[update] The Atlantic Wire: No, That German Hacker Probably Can’t Hijack an Airplane with Software
The FAA, for one, says, “The described technique cannot engage or control the aircraft’s autopilot system using the FMS or prevent a pilot from overriding the autopilot.” The agency assures America that this hack “does not pose a flight safety concern because it does not work on certified flight hardware.”
Typing E-Mails using a Guitar
E-Mails per Gitarre schreddern, die Noten werden in Keyboard-Signale umgesetzt. Mir fehlt da ja ein bisschen die Leoparden-Spandex zur Flying-V, aber der Schnurri gleicht das ja auch wieder aus.
WK recently allowed me some time to tackle a problem that plagues workers everywhere whether they are working in advertising or some other job that involves a lot of email typing. I’m talking about the problem of not being able to devote enough time practicing shredding the guitar.
The solution of hooking a guitar up so that you could use it like a computer keyboard had been in my head for a few years and it was a real joy to get to follow through on it.
W+K OPEN SOURCE: BRIDGING THE EMAIL-TYPING/GUITAR-SHREDDING GAP USING TECHNOLOGY (via Waxy)
Anonymous hacks North Koreas Twitter, Flickr, Social Networks
Anon legen sich mit Nord-Korea an. Bis gestern beschränkten sich die Attacken noch auf das in China gehostete Uriminzokkiri-Social Network, wo sie angeblich 15.000 Passwörter abgezogen haben wollen (was u.a. von der Washington Post bezweifelt wird). Die Twitter- und Flickr-Accounts wurden ebenfalls geknackt und auf Flickr haben sie obiges, ziemlich treffendes Portrait von Kim Jong Un hochgeladen. Popcorn!
North Korean government is increasingly becoming a threat to peace and freedom. Don’t misunderstand us: As well we disagree with the USA government too – these guys are crooks, USA is a threat to world peace too, and direct democracy (or any kind of democracy) doesn’t exist there. The American government is a target and enemy of Anonymous as well!
This is not about country vs country – This is about we, the people, the 99% (of USA and of North Korea) vs oppressing and violent regimes (like USA gov. and N.K. gov)! We, the people, are gathering together because we are stronger now and we won’t fight your wars anymore, we won’t eat your shit anymore!
PBS Offbook: Can Hackers Be Heroes?
Unterhaltsame Minidoku über Hacking mit unter anderem Steven Levy von Wired. Die Musik nervt fast schon extrem und insgesamt ist das Ding höchstens Prokrastinationsfutter für ADHS-Gestörte, aber als Einstieg für den Mainstream ist das durchaus zu gebrauchen.
Many people think of hackers as cyber criminals, breaking into computer systems with ill-intent. Though there are plenty of destructive hackers in the world, there have always been people who hack with a different purpose. Some define hacking as “finding creative solutions to technical problems.” To them, hacking means having an exploratory mindset about technology, and a willingness to “get under the hood” to tinker and see what happens. Other groups, like Anonymous, employ more subversive hacking practices to forward social and political causes, embedding a social consciousness into the traditionally murky dark-side of security hacking. Looking beyond the media hype and scare tactics, it is clear that “hacking” is a term whose meaning should be up for debate, and that some hackers could in fact be heroes, and not just villains.
DDoS slows global Net
Nur falls sich wer wundert, dass das Netz heute etwas langsamer ist, als sonst: „The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history.“
Mr Linford said the attack’s power would be strong enough to take down government internet infrastructure. “If you aimed this at Downing Street they would be down instantly,” he said. “They would be completely off the internet.”
He added: “These attacks are peaking at 300 gb/s (gigabits per second). “Normally when there are attacks against major banks, we’re talking about 50 gb/s.”
NSAs Secret Inhouse-Mag
Die NSA hat ihr internes Cryptolog-Magazin als PDF online gestellt, in Ausgabe 117 (PDF) gibt’s ein Review zu Clifford Stolls Buch über den KGB-Hack, den er in den 80ern aufdeckte, Mirror der Mags gibt’s hier. (via Fefe)
Ich find’s ja bemerkenswert, dass die Hauszeitung der NSA auch nur zusammenkopierte Schreibmaschinenseiten mit ausgeschnittenen Grafikschnippseln war. Fast wie Punk-Fanzines.
Exploding the Phone
Habe ich mir grade auf meine Kindle geladen, Phil Lapsleys Buch über die Geschichte des Phone-Phreaking:
Before smartphones, back even before the Internet and personal computer, a misfit group of technophiles, blind teenagers, hippies, and outlaws figured out how to hack the world’s largest machine: the telephone system. Starting with Alexander Graham Bell’s revolutionary “harmonic telegraph,” by the middle of the twentieth century the phone system had grown into something extraordinary, a web of cutting-edge switching machines and human operators that linked together millions of people like never before. But the network had a billion-dollar flaw, and once people discovered it, things would never be the same.
“Exploding the Phone” tells this story in full for the first time. It traces the birth of long-distance communication and the telephone, the rise of AT&T’s monopoly, the creation of the sophisticated machines that made it all work, and the discovery of Ma Bell’s Achilles’ heel. Phil Lapsley expertly weaves together the clandestine underground of “phone phreaks” who turned the network into their electronic playground, the mobsters who exploited its flaws to avoid the feds, the explosion of telephone hacking in the counterculture, and the war between the phreaks, the phone company, and the FBI.
Website zum Buch, hier das Blog von Phil Lapsley, io9 hat einen längeren Auszug aus dem Buch.
Amazon-Partnerlinks:
Kindle: Exploding the Phone: The Untold Story of the Teenagers and Outlaws who Hacked Ma Bell
Hardcover: Exploding the Phone: The Untold Story of the Teenagers and Outlaws Who Hacked Ma Bell
Playing Super Marios RAM-Timeline as a Music-Instrument
Großartig! Chris Novello zeichnet Images des NES-RAMs für jeden Frame aus Super Mario auf und spielt die Images wie ein Musikinstrument über einen Controller. Nennt er Super mario spacetime Organ und die Technik bezeichnet er als Code-Bending. Toll!
Mario’s universe is held in RAM, which the NES uses to draw his world for each frame of the game. By recording the entire state of the NES memory for every frame, I’m able to go back to any moment in Mario’s life. So then I use the X-axis of the Soundplane to sweep through the timeline of Mario’s universe.
Not only that, but the Soundplane is multitouch, so I use a second finger to specify start and endpoints in a playback loop. Technically, this is similar to the way samplers and granular synths work in audio.. but with the entire memory state of the NES. Conceptually, it is like Super Mario meets Groundhog Day. Mario’s universe computer/time machine gets caught in hellish loops.
Bitcoin-Mining on a NES
Manche kaufen sich einen eigenen, auf Bitcoins spezialisierten Rechner, andere hacken dafür ihr NES und schicken die errechneten Hashes per Raspberry Pi ins Netz:
I’m using bitcoind to do the network communication. This is pretty standard for bitcoin mining, the mining software focuses on doing the hashing and lets bitcoind do the p2p network stuff. There’s a few standard protocols for those two pieces to communicate with varying levels of efficiency, but I’m using the most basic ‘getwork’ protocol because, heh, this isn’t going to be the bottleneck in this operation.
For the portions of computing that do not happen on the NES, I’ve got a raspberry pi housed in a Makerbot Replicator2 3D printed case. I believe I am now fully 2013 Hack Project compliant.
