ThinkProgress Logo

Stories tagged with “Hackers

Security

The ‘Scariest Search Engine On The Internet’ Has Been Around For 3 Years And Is Used For Good

By Andrea Peterson on Apr 9, 2013 at 11:00 am

CNNMoney posted an ominously titled column “Shodan: The scariest search engine on the Internet” yesterday about a search application that discovers unprotected technology connected to the internet that was promptly aggregated by other outlets like FastCompany – but not until the last third of the article did the author mention two key facts: Shodan has existed for three years and is “almost exclusively used for good.”

Make no mistake, the things Shodan can uncover are scary: It’s essentially a way find technology currently online that was never intended to be networked in the first place, or networked with such laughably thin security protocols like using default admin logins and passwords that it’s child’s play to compromise — with the vulnerable tech ranging from the seemingly mundane like home printers and garage doors to the sort of things you really don’t want to be connected to the outside world, such as citywide traffic systems and nuclear command and control centers.

And as we move closer to a world where everything from our refrigerators to our pacemakers are connected to the Internet in one way or another, these problems will only multiply: An “Internet of things” that lacks security built into the devices that join together to create that network could potentially put everyone at risk. The issue is that these vulnerabilities exist in the first place, not that Shodan can uncover them — as previous coverage of Shodan by Dave Maass in San Diego CityBeat* notes:

“The fact that somebody is basically shining a flashlight into a dark room shouldn’t be the part people are afraid of,” says Dan Tentler, a San Diego-based information-security consultant. “The part people should be afraid of is the fact that some genius decided to take, for example, a five-megawatt hydroelectric plant in France, put its control computer on the Internet and allowed everybody that knew about the IP address to connect to it and make changes to this dam, with no encryption or authentication to speak of.

As with almost all technological developments, Shodan is neutral. In fact, the bad guys have a vested interest in keeping these types of vulnerabilities quiet so their exploitation will go unnoticed. With Shodan, security experts have a simpler way of identifying what networks are at risk and potentially taking them offline or improving security thus bettering the entire system. And security experts does mean hackers: While the word has taken on a lot of negative connotations in the media, hacking is a process of discovering vulnerabilities that is neutral. Just as it’s questionable to call Shodan scary because the things it uncovers are settling, decrying the process of hacking and all people that do it because they reveal problems with systems is equally objectionable.

There are certainly bad hackers, but there are also good hackers: Just ask Peiter Zatko (better known as Mudge) who spent the last few years as a program manager at the Defense Advanced Research Projects Agency (DARPA) focusing on cybersecurity projects. When he left last week he tweeted that he didn’t know which was neater: “getting Office of SecDef highest award, OR the positive use of ‘hackers’ in the letter!”

Update

*An earlier version of this piece misidentified Dave Maass and the source of this quote.

Security

U.S. Considers Stronger Action Over Chinese Cyber-Espionage After Major Newspapers Breached

By Andrea Peterson on Feb 1, 2013 at 11:45 am

Wen Jiabao

The Associated Press reports the U.S. is weighing a tougher response to Chinese cyber-espionage following the revelation this week that both the New York Times and the Wall Street Journal were hacked — allegedly by hackers backed by the Chinese government:

“Two former U.S. officials said the administration is preparing a new National Intelligence Estimate that, when complete, is expected to detail the cyberthreat, particularly from China, as a growing economic problem. One official said it also will cite more directly a role by the Chinese government in such espionage.

The official said the NIE, which reflects the views of the nation’s various intelligence agencies, will underscore the administration’s concerns about the threat, and will put greater weight on plans for more pointed diplomatic and trade measures against the Chinese government. The two former officials spoke on condition of anonymity because they were not authorized to discuss the classified report.”

A New York Times story on Wednesday revealed a four month assault against the company starting after a Times investigation into the billions accumulated by Chinese Prime Minister Wen Jiabao’s family during his tenure. The Times systems were compromised, with hackers obtaining all Times employee passwords and access to 53 employee personal computers. One Times journalist, John Schwartz, noted that story explained a lot of recent security measures, including random password resets.

The hackers typically worked regular Beijing hours, according to Mandiant, the security company hired by the Times to investigate, and while chief security officer Richard Bejtlich cautions “If you look at each attack in isolation, you can’t say, ‘This is the Chinese military,’” the Times analysis identifies the Chinese government as the likely culprit.

The Wall Street Journal announced it was the victim of a similar series of attacks Thursday, noting that the hackers appeared interested in sources and information, not financial details. Chinese Embassy spokesman Geng Shuang responded to the allegations made in both stories. “It is irresponsible to make such an allegation without solid proof and evidence,” he said. “The Chinese government prohibits cyberattacks and has done what it can to combat such activities in accordance with Chinese laws.”

Read more

LGBT

Anonymous Hacks Ugandan Government In Retaliation For Anti-LGBT Policies

By Zack Ford on Aug 14, 2012 at 5:02 pm

This image was posted as part of Anonymous' hack.

The hacking group Anonymous hacked two websites of the Ugandan government today, objecting to its anti-gay policies, including continued consideration of a “Kill The Gays” bill that would elevate the punishment for homosexuality to the death penalty. Attacking the website of the prime minister and Justice Law and Order Sector, the hackers issued the following statement about their motivations:

Today’s hack and deface of the Ugandan Prime Minister’s site was the latest in a long list of actions against the government and infrastructure of Uganda for crimes against LGBT people. [...]

We will not stand by while LGBT Ugandans are victimized, abused and murdered by a ruthless and corrupt government. #TheEliteSociety and #Anonymous will continue to target Ugandan government sites and communications until the government of Uganda treats all people including LGBT equally and with respect, dignity and immediately ends the arrest and harassment of LGBT.[...]

The government of Uganda will not stop us or LGBT people from standing up to their hatred and fighting against their abuses. To: Uganda → Equal treatment for ALL people, or you can expect us again.

Another message appeared on the Office of the Prime Minister, including an image from Uganda’s recent celebration of Pride:

You have been warned, repeatedly to expect us.

Your violations of the rights of LGBT people have disgusted us. ALL people have the right to live in dignity free from the repression of someone else’s political and religious beliefs. You should be PROUD of your LGBT citizens, because they clearly have more balls than you will ever have.

Real Ugandan Pride is demonstrated in standing up to oppression despite fearing the abuse, torture and murder inflicted on LGBT at the hands of the corrupt government.

Politics

Corporate Hacking Firm That Targeted ThinkProgress Now Markets Services Against ‘Politically Motivated’ Attacks

By Lee Fang and Scott Keyes on Oct 27, 2011 at 1:00 pm

Earlier this year, ThinkProgress exposed a plot concocted by a set of military contractors, working on behalf of the law firm for the corporate lobbying group called the U.S. Chamber of Commerce, to hack and sabotage progressive organizations, including, to our surprise, ThinkProgress. The ploy was made public by hacktivists known as Anonymous, who stole a batch of e-mails from one of the military contractors involved, HB Gary Federal, and dumped them online for all to see (the dump revealed a separate conspiracy, on behalf of Bank of America, to destroy WikiLeaks and journalists like Glenn Greenwald). One of the corporate hackers involved in the scheme, Aaron Barr, has moved on to another firm.

But during a visit to Las Vegas for a political conference last week, ThinkProgress came across HB Gary’s booth at a McAfee cyber security summit occurring in the same hotel — and found that HB Gary is shamelessly marketing its ability to protect against the very same illicit tactics they plotted to use against us and other liberal organizations.

ThinkProgress picked up a pamphlet HB Gary distributed at the McAfee conference for potential clients that warns ominously that a new wave of “politically motivated” hackers are using targeted data-stealing techniques and deceitful social networking exploits. HB Gary seems to be playing both sides of the equation. HB Gary essentially describes the same hacking strategy the firm planned to use against U.S. Chamber of Commerce critics like U.S. Chamber Watch, the SEIU, and ThinkProgress — then advertises itself as the only company capable of combating such attacks:

– HB Gary warns that hackers will “research targets of interest using ‘open source intelligence’ (OSINT)” to target employees through “networking sites such as LinkedIn, Facebook, and Twitter.” According to documents obtained by ThinkProgress, HB Gary’s hacking plot against progressive organizations included an “intelligence” phase which called for scrubbing websites like LinkedIn and Facebook for information about the Chamber’s critics. The HB Gary effort, which began its initial phase before hacktivists shut it down, started targeting families and children of the Chamber’s critics.

– HB Gary warns that hackers will use “sophisticated…spearphishing attacks” and “zero day” exploits to steal information. HB Gary should be familiar with targeted computer viruses designed to steal user information; they offered to sell such services to the U.S. Chamber of Commerce for use against its critics.

View a copy of the pamphlet here: Read more

Media

British MP Investigating News Corp Weighs In On Alleged Hacking In U.S.

By Lee Fang on Oct 24, 2011 at 2:45 pm

ThinkProgress filed this story from Los Angeles, California.

Tom Watson, a Member of Parliament leading an investigation into the News Corp hacking scandal, shows up at a protest in Los Angeles against the company. (AP)

Today, a British parliamentary commission announced that it will summon James Murdoch for a second time to question him about News Corp.’s phone-hacking scandal. So far, the British inquiry has not yet initiated similar investigations in the United States.

In September, ThinkProgress followed up on a report by the Guardian that detailed the story of Robert Emmel, a former News Corp. employee. Emmel gave the U.S. Senate a 58-page whistleblower tip alleging that his company carried out a vicious hacking campaign against its competitors, including a company called Floorgraphics. We found that Sen. Chuck Grassley’s (R-IA) staffer had received the document (and said he would act on it), but never followed through with a referral to the Justice Department or a congressional inquiry. Emmel was subsequently crushed with a legal harassment campaign and the victims of News Corp.’s domestic hacking were silenced with $655 million in settlements and buyouts.

Tom Watson, a British member of Parliament, helped break open the News Corp. phone-hacking scandal. Watson traveled to Los Angeles on Friday to attend the News Corp. shareholder meeting and rally demonstrators against the company. A few hours after sparring with Rupert Murdoch, Watson told ThinkProgress in an interview that in his opinion, “when you’ve got a concern that the law is being breached,” the matter should be always be reported to police authorities:

FANG: Speaking of computer hacking, ThinkProgress broke the story that an employee at News Corp gave a 58-page dossier detailing the different computer hacking that News Corp used against its United States competitors, including Floormarketing, a company based in New Jersey. He gave that to the United States Senate, including Republican Senator Chuck Grassley. They sat on it. It’s been five years now, there’s been no action. They never referred it to the Justice Department; they haven’t opened their own investigation. What’s your message to the United States Senate? What should they be doing?

WATSON: Look it’s not up to me to tell the United States Senate what they should do. I’m a UK lawmaker and the Senate can make its own decisions. I just know with my own experience in the UK with the hacking scandal, there’s a lot of whistleblowers that come forward. You have to sift through serious concerns and those that are erroneous. But when you’ve got a concern that the law is being breached, then I’ve always taken a view that I should report it to the police as quickly as I can.

Watch it here:

Watson said he was unfamiliar with the specifics of the case, and had been under the impression that the Emmel tip had eventually found its way to American authorities. Unfortunately, that is not the case.

Not only has the Senate refused to refer the Emmel tip to the Department of Justice or open its own investigation, but the Department of Justice failed to act even on the advice of the FBI. New York Times media reporter David Carr noted that FBI agents, after reviewing the “excellent paper trail” left by News Corp. while allegedly breaking into the computers of competitor Floorgraphics, contacted the U.S. Attorney’s Office in New Jersey to consider a criminal investigation. At the time, the U.S. attorney was a Bush appointee named Chris Christie, now the governor of the state. Christie was a confidant of Roger Ailes, the head of News Corp. subsidiary Fox New, and as Carr noted, the FBI case “died a slow death” in Christie’s office.

Politics

Revealed: Fake Facebook Identity Used By Military Contractors Plotting To Hack Progressive Organizations

By Lee Fang on Aug 18, 2011 at 12:05 pm

Corporate hacker Aaron Barr draws inspiration from Maxim magazine for his fake persona army.

Earlier this year, ThinkProgress obtained 75,000 private emails from the defense contractor HBGary Federal via the hacktivist group called Anonymous. The emails led to two shocking revelations. First, that an assortment of private military firms collectively called “Team Themis” had been tapped by Bank of America to conduct a cyber war against reporters sympathetically covering the Wikileaks revelations. And second, that late in 2010, the same set of firms began work separately for the U.S. Chamber of Commerce, a Republican-aligned corporate lobbying group, to develop a similar campaign of sabotage against progressive organizations, including the SEIU and ThinkProgress.

In presentations obtained by ThinkProgress from the e-mail dump detailing the tactics potentially used against progressives, HBGary Federal floated the idea of using “fake insider personas” to infiltrate left-leaning groups critical of the U.S. Chamber of Commerce’s policies. As HBGary Federal executive Aaron Barr described in several emails, his firm could work with partner companies Palantir and Berico Technologies to manipulate fake online identities, using networks like Facebook, to gain access to private information from his targets. Other presentations are more specific and describe efforts to use social media to hack computers and find vulnerabilities among even the families of people who work at organizations critical of the Chamber.

In one email from the dump, Barr discusses a fake persona he created called “Holly Weber.” She would be born in Portland in 1984, attend Reynolds High School, and work for Lockheed Martin after a stint in the Air Force. Earlier this week, Twitter users actually identified the phony account. Before it was taken down, ThinkProgress snagged screen shots of the fake persona’s Facebook and LinkedIn accounts. (Barr also described his strategy for pretending to be teenagers online). View a screenshot of the fake account below:

Profile for "Holly Weber," a fake identity created by defense contractors to manipulate their targets

Barr, who sold his illicit talents to the highest bidder, appears to be drawing on Maxim for inspiration. A Maxim covergirl named Holly Weber was also born in 1984. Unlike Barr’s creation, the Maxim one is real.

Hunton and Williams, the law firm representing the U.S. Chamber of Commerce, had been immersed in talks with HBGary Federal, Palantir, and Berico to deliver on a $2 million deal to move forward with the hacking plot against the Chamber’s critics. However, after Anonymous leaked HBGary’s emails and a few reporters picked up on the story, the Chamber distanced itself from the deal. The emails show that HBGary Federal had also worked to sell “persona management” solutions to the U.S. government for cyber intelligence work.

Related Posts

NEWS FLASH

Hackers Target Law Enforcement, Dumping 10 Gigs Of Private Data | An Anonymous-affiliated group called AntiSec hacked more than 70 small-town sheriff’s departments and other law enforcement agencies, downloading more than 10 gigabytes of e-mail messages, passwords, social security numbers, credit card numbers, and messages from confidential informants. In a statement following the cyberattack, the hackers said they targeted law enforcement “in solidarity with” hackers currently facing criminal charges in court, “as well as all other political prisoners who are facing the gun of the crooked court system,” and that they “stand in support of all those who struggle against the injustices of the state and capitalism using whatever tactics are most effective, even if that means breaking their laws in order to expose their corruption.”

Alyssa

Pop Culture Figures Out The Internet, Part II: Sound And Fury In ‘Hackers’

By Alyssa Rosenberg on Aug 3, 2011 at 4:08 pm

I’m taking a little time this week to look at some of the earliest pop culture examinations of the Internet. Yesterday, Erica Newland wrote about the extreme prescience of Ghostwriter. Up today: Hackers.

Hackers, which came out in 1995, is not exactly what you’d call a good movie. It’s got ridiculous animations that are meant to make the Internet seem comprehensible to the legions of Americans who were beginning to sign up for web access as the Internet went commercial. Jonny Lee Miller seems so gummed up by the complexities of pulling off an American accent that when Angelina Jolie asks his character, early in the film, “Do you speak English?” the correct answer is really “No, but he’s trying very hard.” The hacker glam is ridiculous in the extreme. But I got obsessed with the movie in high school, Hackers was the perfect aspirational movie for angry smart kids everywhere who spent a lot of time on the Internet, whether they were hacking corporations or spending lots of time talking to teenagers from other states who participated in the same dorkily intellectual after-school activities that they did. And even though I no longer sign into chat programs under my deeply embarrassing first handle, Hackers had some real sense of where the Internet was going — and where we were going with it.

PCWorld gives Hackers credit for having at least some sense of hacker canon:”Before the core crew of hackers allows Jonny Lee Miller’s Dade to enter their group, they challenge him to identify a series of technical manuals considered essential reading among real hackers in the early 1980s. Dade aces the test, which culminates with the Ugly Red Book That Won’t Fit on a Shelf.” But Hackers gets its longevity less from specific demonstrations of technical foresight—the hardware the characters drool over is laughably antiquated today — and more from its portrayal of what would become the dominant attitudes about the Internet and the way we live our lives on it.
Read more

Switch to Mobile
ThinkProgress Signup Overlay Skip and Continue to ThinkProgress Skip and Continue to ThinkProgress

Sign Up