Hacks

Syria's Internet goes dark for several hours

After a more than seven-hour blackout, it appears the Internet has returned to Syria.

On Thursday morning several Internet monitoring firms began reporting a halt of online traffic in and out of the war-torn country. While it was clear something was amiss, it was unclear who or what was causing the outage.

In the past, divergent players such as the online hacking collective Anonymous or the Syrian Electronic Army -- a President Bashar Assad loyalist group -- have waged attacks on the country's Internet. However, Thursday's outage appears to have two different sources.

First, a group calling itself … Read more

Hackers transform EA Web page into Apple ID phishing scheme

Using some trickery, hackers were able to breach Electronic Arts' Web site and transform one of its pages into a bogus Apple log-in screen. Once users logged on to the fake site, they were prompted to input their credit card numbers, date of birth, and other personal information.

Security firm Netcraft discovered the breach and notified EA on Tuesday. The game maker told CNET that it investigated Netcraft's claims and as of Wednesday the phishing page is gone.

"We have found it, we have isolated it, and we are making sure such attempts are no longer possible," … Read more

Mt. Gox update lets users see their Bitcoin balances

Mt. Gox, the embattled Bitcoin exchange, has updated its Web site to allow its users to see account balances.

The Japan-based company opened user accounts for inquiry on Tuesday, but cautioned that the amount of bitcoins they seemingly have would not "constitute a filing of rehabilitation claims." The wording on the Mt. Gox web site is in place to protect Mt. Gox in its ongoing bankruptcy procedures and to ensure that its users don't misconstrue the balance as the actual amount they may or may not be owed.

The balances are based on data collected shortly before … Read more

Beware this big iOS flaw -- and it's not alone

VANCOUVER -- A change that Apple imposed to make iOS 7 more secure instead has dramatically weakened the security of devices running that mobile operating system, a security researcher has charged.

At the CanSecWest conference here last week, Azimuth Security researcher Tarjei Mandt said that Apple made a major mistake when it changed its random-number generator to make its kernel encryption tougher in iOS 7. The kernel is the most basic level of an operating system and controls things like security, file management, and resource allocation.

"In terms of security, it's much worse than iOS 6," Mandt … Read more

Ukrainian hackers claim takedown of NATO Web sites

Pro-Russian Ukrainian hackers claimed responsibility for a cyberattack that took down several NATO Web sites amid rising tensions over military incursions into the Crimean peninsula.

A hactivist group calling itself Cyber Berkut claimed to have launched attacks Saturday that took down NATO's main page and that of NATO's cyberdefense center. The group also claimed to have taken down the site for NATO's Parliamentary Assembly.

NATO spokesperson Oana Lungescu confirmed on Twitter that several NATO sites had been the target of a "significant" distributed-denial-of-service attack but said the integrity of the systems was unaffected and experts … Read more

All hacking eyes on the prize money at CanSecWest

VANCOUVER -- When it comes to hacking, it turns out that greed really is good.

All four of the major desktop browsers, plus two Adobe browser plug-in programs, succumbed to the predations of the hacker community in two different contests.

Pwn2Own, sponsored by Hewlett-Packard and organized by the HP-owned Zero-Day Initiative, featured up to $1.085 million in prizes, and security researchers going after Adobe Flash and Reader, Apple Safari, Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox.

Eight research teams earned $850,000, with another $82,500 going to charity for Pwn4Fun over the two-day competition, which concluded on … Read more

How Target detected hack but failed to act -- Bloomberg

The November data breach that affected as many as 110 million Target customers could have been stopped in its tracks, according to a story published Thursday by Bloomberg.

Speaking with more than ten former Target employees and eight people with knowledge of the hack, Bloomberg said that Target already had in place a sophisticated malware detection system designed by security firm FireEye. The $1.6 million system was set up specifically to identify hacks and cyberattacks before they had a chance to do real damage.

Highlighting the ingenuity of FireEye's detection system, Bloomberg explained that it creates a parallel … Read more

WhatsApp pooh-poohs report of security flaw

The people behind WhatsApp are rebutting a report contending that the app is vulnerable because your chats can be stored on an Android phone's SD card.

Earlier this week, DoubleThink chief technology officer Bas Bosschert posted a blog alleging that hackers could use a malicious app to tap into your WhatsApp conversations by uploading the database from the SD card to a Web site. To prove his point, Bosschert said he created an app that was able to snag and read the database files.

In response, a spokesperson for WhatsApp called the report "overstated" and issued the … Read more

NSA system designed to attack 'millions' of computers -- report

Through an operation called Turbine, the NSA crafted an automated system designed to hack "millions" of computers, new documents from Edward Snowden's leaks on government surveillance reveal.

According to documents published by The Intercept on Wedesday, Turbine created "implants" that let it gain access to peoples' computers. Getting the implants onto machines involved an array of deceptions: fake Facebook Web pages, spam emails with malicious links, and man-in-the-middle attacks that would "shoot" bogus data at a target's computer when the NSA detected it was visiting a Web site the NSA could spoof. … Read more

DDoS attack is launched from 162,000 WordPress sites

With some old-fashioned trickery, hackers were able to get more than 162,000 legitimate WordPress-powered Web sites to mount a distributed-denial-of-service attack against another Web site, security researchers said Monday.

Security firm Sucuri said hackers leveraged a well-known flaw in WordPress that allows an attack to be amplified by harnessing unsuspecting Web sites. It's unclear which site was the victim of the cyberattack, but Sucuri said it was a "popular WordPress site" that went down for many hours.

"It was a large HTTP-based (layer 7) distributed flood attack, sending hundreds of requests per second to their … Read more