Researcher Hacks Aircraft Controls With Android Smartphone

Via: The Register

By Iain Thomson in San Francisco
11th April 2013

A presentation at the Hack In The Box security summit in Amsterdam has demonstrated that it’s possible to take control of aircraft flight systems and communications using an Android smartphone and some specialized attack code.

Hugo Teso, a security researcher at N.Runs and a commercial airline pilot, spent three years developing the code, buying second-hand commercial flight system software and hardware online and finding vulnerabilities within it. His presentation will cause a few sleepless nights among those with an interest in aircraft security.

Teso’s attack code, dubbed SIMON, along with an Android app called PlaneSploit, can take full control of flight systems and the pilot’s displays. The hacked aircraft could even be controlled using a smartphone’s accelerometer to vary its course and speed by moving the handset about.

Read more: here

I knew they would come up with an app for that…
It’s only a matter of time….
-Moose

Advertisements

Judge Orders Prosecution to Prove That Bradley Manning Intended to ‘Aid the Enemy’

Via: RT

Published time: April 10, 2013 15:05
Reuters / Jose Luis Magana

A US military judge says the government must prove that Army Private Bradley Manning intended to aid the enemy when he released hundreds of thousands of sensitive files to WikiLeaks.
The official tribunal against the 25-year-old private first class is not slated to start until June, but during pretrial hearings on Wednesday morning, Col. Denise Lind ruled that the government has a burden to prove that the soldier aimed to inflect harm on the United States when he sent materials to the whistleblower site.

Reporting from the media center at Ft. Meade, Maryland, independent journalist Alexa O’Brien writes that the United States government must now prove that Pfc. Manning acted “with reason to believe such info could be used to the injury of the US or to advantage of any foreign nation.” By doing so, Lind is making it much harder for the government to convict Manning on the most serious of the charges: aiding the enemy. If convicted on this count, Manning could theoretically be sentenced to die. Prosecutors, however, have said they would settle for life in prison.

Although Manning admitted his role and pleaded guilty to a number of the specifications presented by the military this year, Army prosecutors were not satisfied with his plea. During that February hearing, the military said they would continue to go after Manning in hopes of prosecuting him under the Espionage Act of 1917 and UCMJ 104 — the Uniform Code of Military Justice statute of “aiding the enemy.”

With Wednesday’s decision, the prosecution will now be tasked with convincing Lind that Manning went to WikiLeaks with the intent of causing harm. The Army has already requested that a US NAVY Seal present during the execution of Osama bin Laden take the stand during the court-martial in order to attest that the slain al-Qaeda leader had WikiLeaks documents attributed to Manning in his possession at the time of his death.

Read more: here

When telling the truth and revealing how dishonest our government is, is wrong…
Things need to change…
-Moose

Resistance, Liberation Technology and Human Rights in the Digital Age

Via: Cryptome

1.1 Using Computers for the Pursuit of Political and Social
Changes and for the Benefit of All Mankind

The concrete possibility of using all the various types of technologies available to
mankind for the specific purposes of networking, of contributing to political and
social changes and of contrasting oppressive dictatorships, and even authority in
general, has always been, since the very first activities of university hackers in
California during the 1960s, a singularly fascinating and often inspiring issue.

Chapter 1
Opening Remarks: Hacking and Digital Dissidence

Read more: here

Mossad Hacked by Sector404 & Anonymous

Via: Leaksource

March 22, 2013

The Israeli Intelligence Agency has been attacked & hacked by hacktivist groups Sector404 & Anonymous.

Sector404 initiated a distributed denial of service attack on the mossad website (www.mossad.gov.il) whilst Anonymous hacked the site & leaked sensitive data from the database related to 30,000 mossad agents.

Leaked Data:
https://docs.google.com/file/d/0B_j9nHbEe0UUS2xNOGtOWUpqMlU/edit
https://anonfiles.com/file/d9f4c3eaec587f9c97bc8b6c1d91f23b
https://hotfile.com/dl/199414045/cccb1a1/OpIsrael.xlsx.html

The leaked data includes addresses, phone numbers & general contact information regarding Mossad Agents.

The attack was done under the banner #OpIsrael which is an operation involving various groups and individuals that will take place on the 7th April 2013 with the main objective being to remove Israel from cyber space. As its not the 7th of April yet I guess this attack is just the beginning.

Read more: here

Couldn’t have happened to a nicer bunch of people….
-Moose

Chase Denies Hacking in Vanishing Balances

Via: CBS News

By Sara Dover / CBS News/ March 18, 2013

Chase Bank experienced technical difficulties for over an hour Monday night, worrying customers who logged into their accounts and saw their balance at $0 or were unable to get any access to them at all.

A spokesman for the bank said it was strictly an internal technical issue and customers’ accounts were not in danger.

“The problems are an issue with the checking account portion of chase.com, nothing to do with mortgage or credit banking. We have a technology problem regarding customers balance information that we are working to resolve,” the spokesman to CBS News. “It has nothing to do with cyber threats or hacks. It is an internal issue. We are very sorry to our customers for the inconvenience.”

Within two hours, the bank tweeted that the issue was resolved. Customers reported seeing their balances once again.

Still, hundreds of Chase users expressed their frustration on Twitter and Facebook. Many reported seeing their account balances listed as “$0” on mobile devices, while others said they got a “System Unavail” message when logged into the bank’s website on their computers.

The hacking collective “Anonymous” said they were responsible for the vanishing balances on Twitter, but there is no evidence supporting their claim.

Read more: here

And you can believe a banker..very honest profession..lot’s of integrity…
-Moose

Pentagon Creates 13 Offensive Cyber Teams For Worldwide Attacks

Via: RT

Published time: March 13, 2013 17:27

The head of the United States Cyber Command says the US is developing 40 new teams of cyber-agents that will both protect America’s critical infrastructure from hackers and as well as launch attacks against the country’s adversaries.

Gen. Keith Alexander, who leads both the Cyber Command and the National Security Agency, told the US Senate Armed Services Committee on Tuesday that the 40 online support teams should be ready for action by 2015, with 13 of those units existing specifically to attack other countries.

Alexander has been reluctant to go into detail about how the newly-designed teams will engage in cyber battle with America’s enemies, but he did say that the 13 squads of offensive fighters won’t be sitting around waiting for hackers from abroad to strike first. The NSA chief described the groups as ‘‘defend-the-nation’’ teams but also stressed that their role will be one that puts them on both sides of the action.
“I would like to be clear that this team. . . is an offensive team,” he told reporters on Tuesday.

“The teams are analogous to battalions in the Army and Marine Corps — or squadrons in the Navy and Air Force,” said Alexander. “In short, they will soon be capable of operating on their own, with a range of operational and intelligence skill sets, as well as a mix of military and civilian personnel.”

Read more: here 

WTF? They just can’t stop..Endless war…Endless threats…
-Moose

Bradley Manning Takes ‘Full Responsibility’ for Giving WikiLeaks Huge Government Data Trove

Via: Wired

 
By Spencer Ackerman 
02.28.13

FORT MEADE, Md. — Wearing his Army dress uniform, a composed, intense and articulate Pfc. Bradley Manning took “full responsibility” Thursday for providing the anti-secrecy organization WikiLeaks with a trove of classified and sensitive military, diplomatic and intelligence cables, videos and documents.

In the lengthiest statement to a military tribunal Manning has provided since his nearly three-year long ordeal began, Manning, 25, said WikiLeaks did not encourage him to provide the organization with any information. But he also sketched out his emotionally fraught online interactions with his WikiLeaks handler, a man he knew as “Ox” or “Nathaniel” over Internet Relay Chat and Jabber, and whom the government maintains was Julian Assange.

Manning’s motivations in leaking, he said, was to “spark a domestic debate of the role of the military and foreign policy in general,” he said, and “cause society to reevaluate the need and even desire to engage in counterterrorism and counterinsurgency operations that ignore their effect on people who live in that environment every day.” Manning said he was in sound mind when he leaked, and did so deliberately, regardless of the legal circumstances.

Remarkably, Manning said he first tried to take his information to the Washington Post, the New York Times and Politico, before contacting WikiLeaks.

Read more: here

Bradley Manning Takes ‘Full Responsibility’ for Giving WikiLeaks Huge Government Data Trove

Via: Wired

 
By Spencer Ackerman 
02.28.13

FORT MEADE, Md. — Wearing his Army dress uniform, a composed, intense and articulate Pfc. Bradley Manning took “full responsibility” Thursday for providing the anti-secrecy organization WikiLeaks with a trove of classified and sensitive military, diplomatic and intelligence cables, videos and documents.

In the lengthiest statement to a military tribunal Manning has provided since his nearly three-year long ordeal began, Manning, 25, said WikiLeaks did not encourage him to provide the organization with any information. But he also sketched out his emotionally fraught online interactions with his WikiLeaks handler, a man he knew as “Ox” or “Nathaniel” over Internet Relay Chat and Jabber, and whom the government maintains was Julian Assange.

Manning’s motivations in leaking, he said, was to “spark a domestic debate of the role of the military and foreign policy in general,” he said, and “cause society to reevaluate the need and even desire to engage in counterterrorism and counterinsurgency operations that ignore their effect on people who live in that environment every day.” Manning said he was in sound mind when he leaked, and did so deliberately, regardless of the legal circumstances.

Remarkably, Manning said he first tried to take his information to the Washington Post, the New York Times and Politico, before contacting WikiLeaks.

Read more: here

Symantec discovers 2005 US Computer Virus Attack on Iran Nuclear Plants

Via: theguardian

Internet security firm finds early ‘Stuxnet O.5’ version revealing espionage and sabotage virus released under George W Bush…

Charles Arthur, technology editor
Tuesday 26 February 2013

An alleged uranium-enrichment facility near Qom, Iran. Symantec have discovered a ‘missing link’ 2005 version of a computer virus ‘Stuxnet 0.05’ believed to be used the US and Israel against Iran’s nuclear programme. Photograph: Digital Globe/Reuters

Researchers at the security company Symantec have discovered an early version of the “Stuxnet” computer virus that was used to attack nuclear reprocessing plants in Iran, in what they say is a “missing link” dating back to 2005.

The discovery means that the US and Israel, who are believed to have jointly developed the software in order to carry out an almost undetectable attack on Iran’s nuclear bomb-making ambitions, were working on the scheme long before it came to public notice – and that development of Stuxnet, and its forerunner, began under the presidency of George W Bush, rather than being a scheme hatched during Barack Obama’s first term.

The older version of the virus, dubbed “Stuxnet 0.5” – to distinguish it from the “1.0” version – also targeted control systems in Iran’s Natanz enrichment facility, the researchers said.

Read more: here

Apple, Macs Hit by Hackers Who Targeted Facebook

Via: Reuters

By Jim Finkle and Joseph Menn

BOSTON/SAN FRANCISCO | Tue Feb 19, 2013 4:50pm EST

(Reuters) – Apple Inc was recently attacked by hackers who infected Macintosh computers of some employees, the company said Tuesday in an unprecedented disclosure describing the widest known cyber attacks targeting Apple computers used by corporations.

Unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers.

Read more: here

APT BISCUIT

Via: Cryptome

As a 30 second background; years ago, circa 2005-2007 I worked for a FLA (four letter acronym) on this exact subject and recognize a lot of the tools in question. Amusingly, I tried to give a talk that was essentially a sanitized appendix of their report at 25C3 (‘we got owned by the (rhymes-with-unease) and didn’t even get a lessons learned’) and was visited by the FBI who ‘encouraged’ me to not perform the talk.

At any rate, a new age has dawned and another page has turned and we’re apparently far more open on this subject these days. In particular, I note one of the tools that Mandiant identifies as “BISCUIT”; I worked on what appears to be earlier variants of this tool. There are *a lot* of variants as it morphed over the years. Initially it operated as a DLL named “wauserv.dll”, which was supposed to look like the Windows Update DLL “wuauserv.dll” (windows update automatic update server dll). They would change a registry key and point the DLL loaded by Windows Update to their DLL and effectively hijack the Windows Update service (+1 point, clever).

The backdoor traffic at the time would contact C&C servers via domains that were hardcoded into the DLL, although over time this changed and remote updating functionality was included. Every X minutes (random timeframe that was something like mod 10 minutes) the service would do a DNS lookup of the C&C domain name and most of the time it would receive a reply that resolved to a loopback IP address (something in the 127.0.0.0/8 subnet; the TTL for the DNS records were low, like 1 minute IIRC). Whenever the intruders were ready to access the backdoors, they would switch the DNS records to make it resolve to a new IP.

This is a tactic that I imagine still occurs to this day, and so SOCs (security operation centers) and similar might find IPS (intrusion prevention system) rules that detect DNS replies resolving to loopback IPs with low-TTLs; from memory, this had some false positives that needed to be worked out in particular this sort of DNS reply sometime although semi-rarely legitimately occurs and rules written too loosely on the TTLs will flag on many many public DNS servers.

Read more: here

Top 15 Security/Hacking Tools & Utilities

Via: Dark Net

1. Nmap

I think everyone has heard of this one, recently evolved into the 4.x series.

Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

Can be used by beginners (-sT) or by pros alike (–packet_trace). A very versatile tool, once you fully understand the results.

Read more: here

China Biggest, But Not the Only Country Engaged in Cyberespionage

Via: Computer World

Sensitive U.S. data and technologies are targets for state-sponsored entities around the world

By Jaikumar Vijayan
February 20, 2013 06:00 AM ET

Computerworld – China is by far the most aggressive, but not the only, country attempting the sort of extensive cyberespionage described in security firm Mandiant’s dramatic report, released this week.

Several other countries, most notably Russia, are involved in similar campaigns against U.S. companies from a wide range of industries, security experts said.

Companies in the information technology and communications sectors, as well as those in the marine systems, aerospace, clean technologies, healthcare, pharmaceuticals and agricultural industries have all been targets of such campaigns in recent years, they said.

“We are now in an era where global intelligence regimes within many countries are capable of extracting data and intelligence from across the world with very little effort and almost complete impunity,” said Lawrence Pingree, an analyst with Gartner. “The most important aspect of these developments is that these capabilities can now be targeted and persistent at the individual actor-level with unprecedented precision.”

China has attracted the most effort not only because it has been the most aggressive actor, but also because it is widely perceived as having the most to gain from such campaigns. But the fact is that other countries almost certainly have similar capabilities, Pingree said.

Read more: here

Jeep Twitter Account Hacked – is it Twitter’s Fault?

Via: ZD Net

On Monday Burger King’s Twitter account was hacked, today Jeep’s account was compromised. Are brands taking enough care of their social properties?

 Tweets from the Burger King compromised account included references to the hacker group Anonymous and LulzSec. The hashtag #OpMadCow was used to refer to the takeover.

On Tuesday, the Twitter account for Jeep was taken over by presumably the same hackers that hacked the Burger King account. The hashtag #OpMadCow was again used.

Jeep’s Twitter description was modified to “The official Twitter handle for the Jeep – Just Empty Every Pocket, Sold to Cadillac –[#OpMadCow #OpWhopper.

Cadillac moved to state that it was not connected to the hack:

Read more: here

WikiLeaks is a Rare Truth-teller. Smearing Julian Assange is Shameful

Via: ICH

WikiLeaks is a rare example of a newsgathering organisation that exposes the truth. Julian Assange is by no means alone.

By John Pilger

February 14, 2013 “Information Clearing House” – Last December, I stood with supporters of WikiLeaks and Julian Assange in the bitter cold outside the Ecuadorean embassy in London. Candles were lit; the faces were young and old and from all over the world. They were there to demonstrate their human solidarity with someone whose guts they admired. They were in no doubt about the importance of what Assange had revealed and achieved, and the grave dangers he now faced. Absent entirely were the lies, spite, jealousy, opportunism and pathetic animus of a few who claim the right to guard the limits of informed public debate.

These public displays of warmth for Assange are common and seldom reported. Several thousand people packed Sydney Town Hall, with hundreds spilling into the street. In New York recently, Assange was awarded the Yoko Ono Lennon Prize for Courage. In the audience was Daniel Ellsberg, who risked all to leak the truth about the barbarism of the Vietnam War.

Like the philanthropist Jemima Khan, the investigative journalist Phillip Knightley, the acclaimed film-maker Ken Loach and others lost bail money in standing up for Julian Assange. “The US is out to crush someone who has revealed its dirty secrets,” Loach wrote to me. “Extradition via Sweden is more than likely… is it difficult to choose whom to support?”

No, it is not difficult.

Read more: here

WikiLeaks is a Rare Truth-teller. Smearing Julian Assange is Shameful

Via: ICH

WikiLeaks is a rare example of a newsgathering organisation that exposes the truth. Julian Assange is by no means alone.

By John Pilger

February 14, 2013 “Information Clearing House” – Last December, I stood with supporters of WikiLeaks and Julian Assange in the bitter cold outside the Ecuadorean embassy in London. Candles were lit; the faces were young and old and from all over the world. They were there to demonstrate their human solidarity with someone whose guts they admired. They were in no doubt about the importance of what Assange had revealed and achieved, and the grave dangers he now faced. Absent entirely were the lies, spite, jealousy, opportunism and pathetic animus of a few who claim the right to guard the limits of informed public debate.

These public displays of warmth for Assange are common and seldom reported. Several thousand people packed Sydney Town Hall, with hundreds spilling into the street. In New York recently, Assange was awarded the Yoko Ono Lennon Prize for Courage. In the audience was Daniel Ellsberg, who risked all to leak the truth about the barbarism of the Vietnam War.

Like the philanthropist Jemima Khan, the investigative journalist Phillip Knightley, the acclaimed film-maker Ken Loach and others lost bail money in standing up for Julian Assange. “The US is out to crush someone who has revealed its dirty secrets,” Loach wrote to me. “Extradition via Sweden is more than likely… is it difficult to choose whom to support?”

No, it is not difficult.

Read more: here

As Secretive "Stingray" Surveillance Tool Becomes More Pervasive, Questions Over Its Illegality Increase

Via: Electronic Frontier Foundation

February 12, 2013 | By Trevor Timm

A few months ago, EFF warned of a secretive new surveillance tool being used by the FBI in cases around the country commonly referred to as a “Stingray.” Recently, more information on the device has come to light and it makes us even more concerned than before.
The device, which acts as a fake cell phone tower, essentially allows the government to electronically search large areas for a particular cell phone’s signal—sucking down data on potentially thousands of innocent people along the way. At the same time, law enforcement has attempted use them while avoiding many of the traditional limitations set forth in the Constitution, like individualized warrants. This is why we called the tool “an unconstitutional, all-you-can-eat data buffet.”

Recently, LA Weekly reported the Los Angeles Police Department (LAPD) got a Department of Homeland Security (DHS) grant in 2006 to buy a stingray. The original grant request said it would be used for “regional terrorism investigations.” Instead LAPD has been using it for just about any investigation imaginable.

In just a four month period in 2012, according to documents obtained by the First Amendment Coalition, the LAPD has used the device at least 21 times in “far more routine” criminal investigations. The LA Weekly reported Stingrays “were tapped for more than 13 percent of the 155 ‘cellular phone investigation cases’ that Los Angeles police conducted between June and September last year.” These included burglary, drug and murder cases.

Of course, we’ve seen this pattern over and over and over. The government uses “terrorism” as a catalyst to gain some powerful new surveillance tool or ability, and then turns around and uses it on ordinary citizens, severely infringing on their civil liberties in the process.

Read more: here

Arghhhh!
-Moose

Audacious Hack Exposes Bush Family Pix, E-Mail

Via: The Smoking Gun

FEBRUARY 7–The apparent hack of several e-mail accounts has exposed personal photos and sensitive correspondence from members of the Bush family, including both former U.S. presidents, The Smoking Gun has learned.

The photos and e-mails were uploaded yesterday to an online account that appears to have been hacked for the purpose of hosting the material.

In e-mail exchanges with the person who claimed responsibility for the hack, the individual claimed to have swiped “a lot of stuff,” including “interesting mails” about George H.W. Bush’s recent hospitalization, “Bush 43,” and other Bush family members.

Included in the hacked material is a confidential October 2012 list of home addresses, cell phone numbers, and e-mails for dozens of Bush family members, including both former presidents, their siblings, and their children. The posted photos and e-mails contain a watermark with the hacker’s online alias, “Guccifer.”

Read more: here