Man charged with website attacks

22 June 2011 Last updated at 12:31 ET

A 19-year-old Essex man has been charged with five computer offences, including attacking the Serious Organised Crime Agency's website.

Ryan Cleary, from Wickford, is alleged to have set up a distributed denial of service attack on Soca on 20 June.

It is alleged he attacked the website of the International Federation of the Phonographic Industry in November 2010.

He also allegedly attacked the British Phonographic Industry's website in October.

Mr Cleary was charged under the Criminal Law Act and Computer Misuse Act by the Met Police's e-crime unit and will appear at City of Westminster Magistrates court on Thursday.

A distributed denial of service typically involves flooding a target website with data, in an attempt to overwhelm it so it cannot serve its legitimate users.

The charges against Mr Cleary include conspiring with other unknown people on or before 20 June to construct a botnet - a collection of hijacked home computers - to conduct distributed denial of service attacks.

He is also charged with making, adapting, supplying or offering to supply a botnet, intending that it should be used to commit, or to assist in the commission of a distributed denial of service attack.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Bitcoin 'will recover' from crash

21 June 2011 Last updated at 19:11 ET

The virtual currency Bitcoin will "bounce back" after a hack attack caused its value to collapse, according to one of its senior developers.

Gavin Andresen said he hoped the crisis would lead to better security on sites where Bitcoins are bought and sold.

Prices on the main exchange, Mt.Gox, fell from $17.50 (�10.80) to almost zero when a large number of stolen Bitcoins were dumped on the market.

Trading was suspended and eventually rolled back to pre-crash rates.

Mt.Gox revealed details of the security breach on June 20 with an announcement on its website.

"It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database," the statement read.

Around the same time, an unidentified person accessed one of the compromised accounts and sold all of its Bitcoins.

They then attempted to buy the coins again and withdraw them in US dollars.

The fraudster was partially foiled when they hit Mt.Gox's $1000 daily limit.

The decision to reset the Bitcoin rate to a point just before the malicious trades were placed was criticised by some users who had taken the opportunity to buy low.

"Why should everyone who profited from the crash suffer your inability to secure the site?" wrote a user called Elments.

Questionable future

Although the problem was caused by security failings at Mt.Gox, it has raised wider questions about the viability of Bitcoin as a virtual currency.

Continue reading the main story

"Start Quote

Like any start-up, it could change the world but it could also be risk."

End Quote Gavin Andresen Bitcoin developer

"I am sceptical about its longer term prospects," said David Birch, director of Consult Hyperion, a consultancy specialising in electronic transactions.

"There were two things here - the specific bubble (caused by the dumping of stolen coins) and the exchange mechanism."

Bitcoin transactions are made by swapping anonymous, heavily encrypted codes which only a specific user can unlock.

Details of who owns each Bitcoin are distributed across a peer-to-peer network, with no central repository.

If an encrypted coin file is deleted, the money is lost.

The system has proved popular with online criminals, keen to keep their financial transactions secret, although it has a wider, legitimate, user base.

Mr Birch said the fact that so many Bitcoins were traded on a single exchange made it vulnerable to market shocks.

He also questioned the fundamental workings of the currency, saying that its emphasis on anonymity and decentralised nature meant there was little recourse for users when things go wrong.

Bitcoin developer Gavin Andresen conceded that current safeguards around the currency may be inadequate.

"I have been the person saying that Bitcoin is an experiment, so you can have confidence in it as much as you can have confidence in any start-up.

"Like any start-up, it could change the world but it could also be risk," he said.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Teenager held over website hacks

21 June 2011 Last updated at 08:53 ET

A teenager has been arrested in a joint Scotland Yard and FBI investigation into the hacking of websites.

The 19-year-old man was held during a raid at a house in Wickford, Essex.

On Monday the UK's Serious Organised Crime Agency (Soca) took its website offline after it was attacked by Lulz Security hackers.

Scotland Yard would not confirm the arrest was connected but did say that it followed a series of distributed denial of service (DDoS) attacks.

The raid in Essex had been a "pre-planned, intelligence-led" operation, it said.

The teenager was arrested under the Computer Misuse Act and Fraud Act and is being questioned at a central London police station.

He was arrested by the Metropolitan Police's e-crime unit.

A Scotland Yard spokesman said: "The arrest follows an investigation into network intrusions and distributed denial of service attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.

"Searches at a residential address in Wickford, Essex, following the arrest last night have led to the examination of a significant amount of material. These forensic examinations remain ongoing."

Scotland Yard is co-operating with the FBI as well as Essex Police.

An FBI spokesman said it had no comment "at this time".

Channel 4 News claimed LulzSec may have succeeded in hacking into the database of the 2011 Census, which holds details of every UK citizen who filled out the survey earlier this year.

But the Office for National Statistics has released a statement saying: "We are aware of the suggestion that Census data has been accessed. We are working with our security advisers and contractors to establish whether there is any substance to this.

"The 2011 Census placed the highest priority on maintaining the security of personal data. At this stage we have no evidence to suggest that such a compromise has taken place."

When Lulz Security, or LulzSec, first appeared in May, the group portrayed itself as a light-hearted organisation, bent on creating online fun and Lulz (laughs).

But LulzSec is said to have been planning to establish itself as a rival to Anonymous, the hacking group embroiled in the WikiLeaks fallout.

LulzSec initially targeted US broadcasters PBS and Fox and gaming firms.

But the Twitter page @LulzSec then declared its intention to break into government websites and leak confidential documents.

LulzSec is also suspected of hacking into CIA, Sony and NHS websites.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Mobile firms can trade spectrum

21 June 2011 Last updated at 06:08 ET

UK regulator Ofcom has given phone operators the green light to trade spectrum in a move intended to increase mobile network capacity.

Available bandwidth is becoming a huge issue as smartphones put increasing demand on networks.

The trading of airwaves comes ahead of a crucial spectrum auction next year that will usher in 4G data services.

Both the auction and the decision to allow operators to trade existing spectrum have caused controversy.

Spectrum trading allows operators to sell off the airwaves they own in the 900MHz, 1800MHz and 2100MHz frequency bands.

Historically the 900MHz slice of spectrum has belonged exclusively to O2 and Vodafone because they were the only two mobile operators on the market when it was handed out.

While other nations have reallocated this spectrum to offer a more level-playing field ahead of 4G auctions, this has not happened in the UK.

Ofcom had originally planned to redistribute the spectrum allocated to O2 and Vodafone, but was met with a legal action, initiated by the two operators.

Lifeblood

Ofcom dropped its plans following the merger of T-Mobile and Orange.

Everything Everywhere (EE), the parent company of T-Mobile and Orange will be the biggest beneficiary of spectrum trading.

It was required to sell off about 19 percent of its spectrum frequencies as a condition of the merger.

Three is unhappy as it has the least spectrum to trade.

"Spectrum is the lifeblood of smartphones and the mobile internet and for those with surplus holdings it is also a strategic asset, so voluntary trading is the exception," it said in a statement.

"This move simply allows those who have been gifted access to public spectrum to profit from it, with no benefit for UK taxpayers."

Three will voice its concerns later today at a Department of Culture select committee hearing set up to discuss the way spectrum is being allocated.

Further delays

O2 and Vodafone are unlikely to sell off any of their assets, according to Mr Howett.

"It is simply too valuable to them and they would only trade it if they were forced to," he said.

What may force their hand is the upcoming 4G auction in which Ofcom has set caps on the amount that can be bought.

It will mean the operators with more existing spectrum will be able to buy less of the more valuable 4G airwaves.

Ofcom has also ring-fenced some of the spectrum for new entrants such as Three.

"It has done this because it recognised that 3 might not be able to survive and it values the disruptive nature of a player like 3," said Mr Howett.

But O2 said it was tantamount to "state aid" and has threatened legal action.

Any further delays to the auction could put the UK behind other European countries in the roll-out of 4G services, said Mr Howett.

4G will be crucial as the market continues to grow.

According to Ofcom there are now 80 million mobiles in the UK, 12.8 million of which are smartphones.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

LulzSec attacks UK crime agency

20 June 2011 Last updated at 12:29 ET

Hacking group Lulz Security has said it was responsible for taking offline the website of the UK Serious Organised Crime agency (Soca).

Www.soca.gov.uk was unavailable on Monday afternoon, with an intermittent service restored later in the day.

As the agency launched an investigation, LulzSec tweeted: "Tango down - in the name of #AntiSec".

The group has hit a number of high-profile websites in recent weeks, including the CIA and US Senate.

Soca appeared to be the victim of a distributed denial of service (DDoS) attack, where a number of computers, under malicious control, overload their target with web requests.

A later LulzSec twitter posting seemed to confirm that.

"DDoS is of course our least powerful and most abundant ammunition. Government hacking is taking place right now behind the scenes," it said.

Over the weekend, the shadowy organisation declared that it would begin targeting government systems, calling the campaign Antisec.

In an online posting, LulzSec set out its agenda: "Top priority is to steal and leak any classified government information, including e-mail spools and documentation. Prime targets are banks and other high-ranking establishments."

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Web primed for domain name surge

20 June 2011 Last updated at 02:43 ET

A global internet body has voted to allow the creation of new website domain suffixes, the biggest change for the online world in years.

The Internet Corporation for Assigned Names and Numbers (Icann) plans to dramatically increase the number of domain endings from the current 22.

Internet address names will end with almost any word and be in any language.

Icann will begin taking applications next year, with corporations and cities expected to be among the first.

"Icann has opened the internet's addressing system to the limitless possibilities of the human imagination," said Rod Beckstrom, president and chief executive officer for Icann.

"No one can predict where this historic decision will take us."

There will be several hundred new generic top-level domain names (gTLDs), which could include such addresses as .google, .coke, or even .BBC.

There are currently 22 gTLDs, as well as about 250 country-level domain names such as .uk or .de.

It will cost $185,000 (�114,000) to apply for the suffixes, and companies would need to show they have a legitimate claim to the name they are buying.

Analysts say it is a price that global giants might be willing to pay - in order to maximise their internet presence.

The vote completes a six-year negotiation process and is the biggest change to the system since .com was first introduced 26 years ago.

Icann said it was beginning a global communications programme to raise awareness of the new domain names.

Applications will start on 12 January.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Sega hack hits 1.29 million users

19 June 2011 Last updated at 06:47 ET

Sega has confirmed that the personal data of 1.29 million of its customers was stolen in an attack on its systems.

It comes after the computer games firm said on Friday that e-mail addresses and dates of birth stored on the Sega Pass database were accessed by hackers.

However, Sega continues to say that payment information, such as credit card numbers, remained safe.

Sega spokeswoman Yoko Nagasawa said: "We are deeply sorry for causing trouble to our customers."

She added: "We want to work on strengthening security."

Ms Nagasawa added that it was not yet known when the Sega Pass online network could be restarted.

'Investigation'

In an e-mail sent to Sega Pass users on Friday, the company wrote: "Over the last 24 hours we have identified that unauthorised entry was gained to our Sega Pass database.

"We immediately took the appropriate action to protect our consumers' data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems."

Sega explained that it had reset all passwords and urged customers to change their log-on details on other services and websites where they used the same credentials.

It added that password details had not been stored in plain text, suggesting that they may have been secured by some kind of encryption.

Sega is the latest in a line of games companies to suffer hacking and denial of service attacks on their online services.

Nintendo, Sony and several multi-player gaming communities have been hit in recent months.

The hacker group Lulz Security, which has been involved in a number of high profile attacks, including one against Sega rival Nintento, has denied involvement in the Sega case.

Instead it showed some sympathy for the company on its Twitter feed.

"We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down," it said.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

US builds net for cyber war games

17 June 2011 Last updated at 10:07 ET

The United States government is building its own "scale model" of the internet to carry out cyber war games.

Several organisations, including the defence company Lockheed Martin, are working on prototypes of the "virtual firing range".

The system will allow researchers to simulate attacks by foreign powers and from hackers based inside the US.

More than $500m (�309m) has been allocated by the Department of Defense to develop "cyber technologies".

The National Cyber Range project is being overseen by the Defense Advance Research Projects Agency (Darpa), which was also involved in early network research that led to the internet.

When ready, it will function as a test-bed for defensive and possibly offensive technologies such as network protection systems.

Having a controllable mini-internet would allow researchers to carry-out experiments "in days rather than the weeks it currently takes," Darpa spokesman Eric Mazzacone told the Reuters news agency.

Unlike the real internet, the in-house version could be wiped or reset between tests, explained Mr Mazzacone.

Development of the National Cyber Range is currently in the hands of several organisations, including Johns Hopkins University in Baltimore and Lockheed Martin.

One of their prototypes will be selected to go into operation later in the year.

Act of war

The United States has been gradually increasing funding for internet security-related projects.

In 2008, the US military was the subject of a serious cyber attack when part of its network became infected by a worm known as agent.btz.

President Obama, in May 2009, declared the cyber threat to be one of the "most serious" challenges facing the country.

Since then, his government claims to have been the subject of several attempted attacks, originating from overseas.

Lockheed Martin, one of the contractors involved in the National Cyber Range project was itself the subject of a security breach in May 2011.

Earlier this month, the Pentagon said it planned to publish proposals to categorise cyber attacks as acts of war.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Teen hacker stole Lady Gaga songs

Lady Gaga was one of the artists who had details stolen. <!-- Empty - Wide embedded hyper -->

An 18-year-old computer hacker who stole songs from artists including Lady Gaga has been sentenced to 18 months detention in Germany.

The court heard how the teenager, who called himself DJ Stolen, earned more than 15,000 euros (�13,260) by breaking copyright laws and hacking personal information from a number of singers.

The hacker used phishing emails and Trojan horse software to steal unpublished songs and then offer them for sale on the internet.

Anti-piracy teams in the UK and Germany noticed a growing number of pre-release tracks being leaked much earlier than normal.

Tracks were stolen from Lady Gaga, Justin Timberlake, Leona Lewis, Kesha and Mariah Carey in 2009 and 2010.

Singer Kesha had private photos stolen from her computer

The teenager, referred to in court as 'Deniz A' because of his age, was also found guilty of downloading explicit private photos from Kesha's computer.

Apology to Gaga

The court in the German city of Duisburg also heard how a letter of apology was published in Daily Bild, a German tabloid newspaper, from the teenager saying:

"Dear Lady Gaga, I am ashamed of what I have done. I did not think about the consequences."

The judge ruled that the teen was "driven more by a desire for recognition than by criminal intent".

The 18-year-old was also ordered to have therapy for an addiction to the internet.

Another hacker, 23, whose name wasn't released, was also given an 18 months suspended sentence.

Jeremy Banks, from the International Federation of the Phonograhic Industry (IFPI), which helped with the investigation said the sentences acted as a "deterrent" to others.

He said the crimes caused "huge damage to artists and record companies".

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

Virgin tackles infected customers

17 June 2011 Last updated at 03:27 ET

About 1500 customers of internet service provider Virgin Media have been warned that their PCs are infected with a malicious virus.

The targeted customers had fallen victim to the SpyEye trojan that steals logins for online bank accounts.

Letters have been sent to those affected, giving them advice on how to clean up their computers.

Virgin is understood to be the first UK ISP to give specific warnings to customers about viruses on their PCs.

The other major service providers tackle malware at the individual computer level, offering free anti-virus software and advice.

Virgin said it had received information about the SpyEye infections from the Serious and Organised Crime Agency.

Early warning

The company stressed that it had not been monitoring user activity, rather some of their customers' IP addresses were found by law enforcement while investigating criminal botnets.

"It's a small number compared to the four million customers we have," said a spokesman, "but regardless of that, because of the seriousness it's still important to communicate with our customers."

The letters stress the seriousness of the situation and urge customers to update their security software and scan their machine to find and remove the malicious program. Alternatively, customers can sign up for a help service that allows a Virgin to remotely find and fix problems.

The spokesman added that the Virgin campaign started in August 2010 and since then it had sent letters to "several thousand" customers about a serious infection on their home computer.

"The category we are looking at are the ones that put our customers at most risk or the ones that will steal from them," he said.

SpyEye first appeared in early 2010 and has steadily gathered victims ever since. Some machines are infected via booby-trapped webpages or by tricking people into clicking on links that lead to the trojan being installed.

The SpyEye trojan and its many variants are being produced with a software kit that allows novices to put together their own versions of the malware. The kit, which costs $500 (�310), also comes with a tool to help control all the PCs that are infected.

Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials