Thursday, June 2, 2011

Hackers attack Sony network again

A hacker group has claimed it has attacked the Sony network and stolen more than one million passwords, email addresses and other information.

Lulz Security said it broke into servers that run SonyPictures.com.

Sony said it was aware of Lulz Security's statement and was investigating, the Associated Press reported.

In April, hackers broke into Sony's PlayStation Network and stole data from more than 77 million accounts.

That attack was considered the biggest in internet history and led to Sony shutting down the PlayStation Network and other services for almost a month.

The company has estimated the data breach will result in a $170m (�104m) hit to its operating profit.

Since then, Sony's networks have become targets for hackers and the company has confirmed at least four other break-ins prior to the claimed attack on Sony Pictures.

Lulz Security claims to be behind one of those attacks: an assault on Sony Music Japan.

The latest alleged attack will come as a blow to the Japanese firm, 24 hours after it announced the PlayStation Network would be fully restored in the US and Europe, and said it had beefed up its security systems.

'Asking for it'

In a statement on Thursday, Lulz Security said it had hacked into a database that included unencrypted passwords as well as names, addresses and dates of birth of Sony customers.

"From a single injection, we accessed EVERYTHING," it said. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"

"What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plain text, which means it's just a matter of taking it.

"This is disgraceful and insecure: they were asking for it."

The group also recently claimed responsibility for hacking the website of the PBS network and posting a fake story in protest at a new programme about WikiLeaks.

Are you affected by any of the issues raised in this story? Send us your comments and experiences using the form below.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Future mobile to hit digital TV

Interference from future mobile signals might make digital TV unwatchable for some Britons, Ofcom has said.

The telecoms watchdog is starting a research program to find out how to help people affected when future mobile technology is switched on.

About 3% of TV-watching Britons could suffer interference from fourth-generation (4G) mobile, said Ofcom.

Filters will solve the problem for some, said Ofcom, but others may have to use other ways to get TV signals.

The problem of mobile and digital TV signals interfering with each other will arise because the chunk of spectrum reserved for 4G sits next to that used for broadcasting terrestrial digital TV signals.

The auction for the 800Mhz band is due to take place in 2012 and 4G services are expected to follow soon after. The rollout of 4G mobile will mean faster download and browsing speeds for handsets.

However, signals from base stations handling 4G services might cause interference in set-top boxes and digital televisions in homes nearby, said Ofcom in a briefing document.

Up to 3% of viewers of digital terrestrial television, about 760,000 people, might see interference if no action is taken, it warned.

In a bid to limit how many people suffer from poor picture quality, Ofcom has proposed running an education campaign to alert viewers about the possibility of interference.

Companies who buy a licence for part of the 800MHz spectrum will be expected to contribute to the costs of the education program.

For the vast majority of affected viewers, filters will strip out the interfering signals.

However, said Ofcom, in 0.1% of cases, filters will not help and it is considering how best to handle those instances. Some viewers may have to find alternative ways to watch digital TV.

A consultation exercise which will consider ways to tackle the interference issue is being started at Ofcom and will run until 11 August.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

E-mail hack attacks an 'epidemic'

The targeted attack used by hackers to compromise e-mail accounts of top US officials is reaching 'epidemic' proportions, say security experts.

The scam, known as spear phishing, was used in a bid to get passwords of Gmail accounts so they could be monitored.

Via a small number of customised messages it tries to trick people into visiting a web page that looks genuine so users type in login names.

Such attacks are often aimed at top officials or chief executives.

Such attacks are not new, say security professionals, but they are becoming more commonplace.

"What is happening more and more is the targeting of a couple of high value individuals with the one goal of acquiring valuable information and valuable data," said Dan Kaminsky, chief scientist at security firm DKH.

"The most interesting information is concentrated in the accounts of a few people," he said. "Attackers using information to impersonate the users is at epidemic proportions and why computer security is in the state it is in."

In March, security firm RSA was hit by a sophisticated spear-phishing attack that succeeded despite only two attacking e-mails being sent. The phishing e-mail had the subject line "2011 Recruitment Plan" and contained a booby-trapped spreadsheet.

Total access

Google said it uncovered the deception through a combination of cloud based security measures, abuse detections systems and user reports. It also cited work done by a website called contagio dump.

The founder of the site is technologist and researcher Mila Parkour who said the method used in this attack was "far from being new or sophisticated".

She told the BBC she was first alerted to the problem by one individual back in February. She would not reveal their name or position.

Google said that among those targeted were senior US government officials, military personnel, journalists, Chinese political activists and officials in several Asian countries, predominately South Korea.

"Someone shared the incident with me," she said. "I did a mini research and analysis and posted the findings as I heard it happened to other people in the military and US government. I just wanted them to be aware and be safe."

Ms Parkour said attackers got access to the entire mailboxes of victims.

"I did not read the contents of the mailbox so not sure if anything extra interesting was there," she said. "I hope not."

Chinese connection

Cyber attacks originating in China have become common in recent years, said Bruce Schneier, chief security technology officer at telecoms firm BT.

"It's not just the Chinese government," he said. "It's independent actors within China who are working with the tacit approval of the government."

China has said repeatedly it does not condone hacking, which remains a popular hobby in the country, with numerous websites offering cheap courses to learn the basics.

In 2010 Google was the victim what it called a "highly sophisticated and targeted attack on our corporate infrastructure originating from China" that it said resulted in the theft of intellectual property.

Last year, US. investigators said there was evidence suggesting a link between the Lanxiang Vocational School in Jinan and the hacking attacks on Google and over 20 other firms. The school denied the report.

This time Google is stressing that the security of its products was never compromised and that it was users who were scammed into unwittingly giving away their passwords.

"It's important to stress that our internal systems have not been affected - these account hijackings were not the result of a security problem with Gmail itself," said Eric Grosse, engineering director of the company's security team.

"But we believe that being open about these security issues helps users better protect their information online."

The White House has said it is investigating the issue.

Easy access

Security experts said spear phishing attacks were easy to perpetrate because of the amount of information people put on the internet about themselves on social networking sites such as Facebook and Twitter.

The mountain of data lets canny hackers piece together enough information to make e-mails they concoct appear convincing and genuine.

In this attack, some Gmail users received a message that looked like it came from a work colleague or was linked to a work project.

On Ms Parkour's site, she shows some of the spoof e-mails indicating how easy it was for people to be hoodwinked.

"It makes sense these bad guys would go that way given the amount of time, effort and investment they have to make in orchestrating an attack," said Dr Hugh Thompson, chief security strategist at People Security who also teaches at Columbia University.

People tend to trust messages that look like they come from people bearing details of where they last met or what they did, he said.

"I can then point you to a site that looks very much like Gmail and you are not going to question that because I already have your trust," he said.

While security experts criticised user behaviour, some also said the combination of login and passwords was at fault too.

"Passwords don't work as an authentication technology," said Mr Kaminsky.

"They are too flexible, too transferable and too easy to steal," he said. "However, we are stuck with them for now due to technical limitations and because users find them easy to use."



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Windows 8 'sneak previews' given

Microsoft has shown off early releases of the next version of Windows.

Demonstrations of Windows 8 running on tablets, phones and desktop computers were given at separate conferences in the US and Taiwan.

As expected, the software can be used via either traditional keyboard and mouse or by gestures on a gadget's touchscreen.

No date has been given for the release of Windows 8 but it is expected to be available before October 2012.

The start screen for Windows 8 seen at the demonstrations closely resembles the tiled layout seen on Microsoft's newest mobile operating system. The live tiles, that link to popular applications and data streams, can be manipulated via pressing on a screen.

The demo suggests that Windows 8 will have a unified look even though it will run on phones and tablets as well as portable and fixed computers.

The system has been designed first and foremost around touch and gesture, said Microsoft, but would also be manipulable by more traditional methods.

Despite rival Apple's success with its iPad tablet, Microsoft declared that it was not "out of the game" in that market.

The demos were given at the D9 conference in California and Computex in Taipei.

In a bid to speed up its efforts to get more tablets running Windows in the hands of consumers, Microsoft has reportedly demanded that hardware firms work with a single chip maker as they produce their gadgets.

Typically, laptop and notebook makers take chipsets from different suppliers as they build up a product range.

Firms expected to be producing chipsets for tablets include Qualcomm, Texas Instruments, Nvidia, Intel and others.

The news did not go down well with computer firms.

"This industry doesn't belong to Microsoft or Google, it belongs to all the participants," said Jim Wang, president of Acer, at a Computex press conference. "So they can't make the decision for all of us. That's the problem."



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

China rejects Gmail spying claims

China has rejected allegations of involvement in a cyber-spying campaign targeting the Google e-mail accounts of top US officials, military personnel and journalists.

A foreign ministry spokesman said it was "unacceptable" to blame China.

Google has not blamed the Chinese government directly, but says the hacking campaign originated in Jinan.

The US company said its security was not breached but indicated individuals' passwords were obtained through fraud.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Software clues unravel Mac theft

California police recovered a stolen laptop after a software program sent its owner the suspect's location and photograph taken on the Mac's camera.

Joshua Kaufman, an Oakland interaction designer, reported the theft in March.

But police only acted on Tuesday after Mr Kaufman's blog on the theft attracted news media attention.

Cab driver Muthanna Aldebashi, 27, was charged with felony possession of stolen property. A police spokesman said an initial reported was misfiled.

"I'm excited I was able to get it back," Mr Kaufman told the BBC, "very happy and relieved that I don't have to sit and watch someone else use my old computer."

On 21 March, during the day when Mr Kaufman was not at home in his Oakland flat, a thief broke into the apartment through a window.

'Hidden' software

Mr Kaufman immediately reported the crime to Oakland police and the officer who took the report noted he said he had tracking software installed, Officer Holly Joshi told the BBC.

The software, called Hidden, supplies to the owner the computer's location, photographs taken on the Mac's internal camera and shots of the Mac's screen display.

The program immediately began sending Mr Kaufman photographs of a bearded man with shaggy dark hair sleeping on a couch, sitting shirtless on a bed in front of the computer, and driving.

"It wasn't really that interesting," he said. "Most of the photos were pretty boring - just some guy staring into a screen or sleeping or watching Youtube videos on his bed."

The software also sent Mr Kaufman a screen shot showing the man logging into his own e-mail account - information investigators later used to lure him into an arrest.

Mr Kaufman says he handed the evidence to Oakland investigators but did not get a response. Meanwhile, he began blogging about the theft on a site called thisguyhasmymacbook.

Marketing campaign rumour

His ordeal - and Oakland police's apparent disinterest in the case, even though Mr Kaufman said he could provide clues - soon attracted attention from the US news media.

"People started saying it was a viral campaign from us," Hidden chief Toby De Havilland told the BBC.

On Tuesday, a producer with ABC television's Good Morning America news and entertainment programme contacted Officer Joshi to inquire about the case.

Ms Joshi contacted investigators and learned Mr Kaufman's initial report had been filed in error with theft reports for which no leads existed to aid the investigation.

About three hours after ABC's call, Oakland police arrested Mr Aldebashi, who made "admission statements" indicating he knew the laptop was stolen, Ms Joshi said.

Police have not charged Mr Aldebashi with the initial burglary, and Mr Kaufman said he believes Mr Aldebashi bought the stolen laptop on the street.

"Law enforcement is always looking at technology as a way to be smarter with capturing criminals and solving crimes," Officer Joshi told the BBC.

"And this does represent technology that could be useful for us."

Suspect lured

Mr Kaufman wrote on his blog that investigators used information he provided - an e-mail address linked to a car service for which Mr Aldebashi was a driver - to lure the suspect into an arrest by pretending to hire a cab.

Meanwhile, Mr De Havilland said the notoriety has driven interest in his product.

"We've definitely noticed a spike," he said.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials