117765158
submission
Sparrowvsrevolution writes:
In a lengthy article, Wired tells a newly detailed narrative of the cyberattack on the 2018 Winter Olympic games, which hit the Olympics network during the opening ceremony. The piece details how the malware used in that attack was designed to incorporate multiple sophisticated false flags, and how forensic analysts overcame those red herrings to eventually trace the attack to a specific unit of Russia's GRU military intelligence agency.
73247073
submission
Sparrowvsrevolution writes:
The dark web has become the go-to corner of the Internet to buy drugs, stolen financial data, guns...and counterfeit coupons for Clif bars and condoms?
On Thursday, the FBI indicted 30-year old Beauregard Wattigney, a Louisiana-based technician for ITT Technical Institute, on charges of wire fraud and trademark counterfeiting on the Dark Web marketplaces Silk Road and Silk Road 2. Wattigney is accused of being the online coupon kingpin known as ThePurpleLotus or TheGoldenLotus, who sold packages of coupons for virtually every consumer product imaginable including alcohol, cigarettes, cleaning supplies, beauty products, video games, and consumer electronics. The spoofed coupons—in most cases offering discounts just as effective as the real thing—were offered in packages that cost customers around $25 in bitcoin, but offered hundreds of dollars in total fraudulent discounts. Eventually he even sold a counterfeit coupon-making guide and access to a custom coupon-making fraud service.
The FBI accuses Wattigney of being responsible for more than $1 million total damages to the affected companies, which range from Sony to Crest to Kraft. But one fraud consultant who tracked Purple Lotus on the dark web for more than a year says the damage is likely far higher, in the tens of millions of dollars.
72513977
submission
Sparrowvsrevolution writes:
On Friday, WikiLeaks announced that it has finally relaunched a beta version of its leak submission system after a 4.5 year hiatus. That file-upload site, which once served as a central tool in WIkiLeaks' leak-collecting mission, runs on the anonymity software Tor to allow uploaders to share documents and tips while protecting their identity from any network eavesdropper, and even from WikiLeaks itself. In 2010 the original submission system went down amid infighting between WikiLeaks’ leaders and several of its disenchanted staffers, including several who left to create their own soon-to-fail project called OpenLeaks.
WikiLeaks founder Julian Assange says that the new system, which was delayed by his legal troubles and the banking industry blockade against the group, is the final result of “four competing research projects" WikiLeaks launched in recent years. He adds that it has several less-visible submission systems in addition to the one it's now revealed. “Currently, we have one public-facing and several private-facing submission systems in operation, cryptographically, operationally and legally secured with national security sourcing in mind,” Assange writes.
72064165
submission
Sparrowvsrevolution writes:
Over the last month, a marketplace calling itself TheRealDeal Market has emerged on the dark web, with a focus on sales of hackers’ zero-day attack methods. Like the Silk Road and its online black market successors like Agora and the recently defunct Evolution, TheRealDeal runs as a Tor hidden service and uses bitcoin to hide the identities of its buyers, sellers, and administrators. But while some other sites have sold only basic, low-level hacking tools and stolen financial details, TheRealDeal’s creators say they’re looking to broker premium hacker data like zero-days, source code, and hacking services, often offered on an exclusive, one-time sale basis.
Currently an iCloud exploit is being offered for sale on the site with a price tag of $17,000 in bitcoin, claiming to be a new method of hacking Apple iCloud accounts. “Any account can be accessed with a malicious request from a proxy account,” reads the description. “Please arrange a demonstration using my service listing to hack an account of your choice.” Others include a technique to hack WordPress’ multisite configuration, an exploit against Android’s Webview stock browser, and an Internet Explorer attack that claims to work on Windows XP, Windows Vista and Windows 7, available for around $8,000 in bitcoin. None of these zero days have yet been proven to be real, but an escrow system on the site using bitcoin's multisignature transaction feature is designed to prevent scammers from selling fake exploits.
71668775
submission
Sparrowvsrevolution writes:
It turns out all those critics of the controversial Tor router project Anonabox might have been on to something. Late last month, Anonabox began contacting the first round of customers who bought its tiny, $100 privacy gadget to warn them of serious security flaws in the device, and to offer to ship them a more secure replacement free of charge. While the miniature routers do direct all of a user’s Internet traffic over Tor as promised, the company says that its first batch lacked basic password protection, with no way to keep out unwanted users in Wi-Fi range. And worse yet, the faulty Anonaboxes use the hardcoded root password "admin," which allows any of those Wi-Fi intruders to completely hijack the device, snooping on or recording all of a user’s traffic.
Anonabox's parent company Sochutel says that only 350 of the devices lacked that password protection, and that it's fixed the gaping security oversights in newer version of the router.
The initial security criticisms of Anonabox helped to convince Kickstarter to freeze the proejct's $600,000 crowdfunding campaign in October. But Anonabox relaunched on Indiegogo and was later acquired by the tech firm Sochutel. Sochutel claims that the security flaws in the routers developed prior to its acquisition of Anonabox were out of its control, and that it's now hiring outside auditors to check its products' security.
70669555
submission
Sparrowvsrevolution writes:
A new Wired magazine story goes inside the North Korean rebel movement seeking to overthrow Kim Jong-un by smuggling USB drives into the country packed with foreign television and movies. As the story describes, one group has stashed USB drives in Chinese cargo trucks. Another has passed them over from tourist boats that meet with fishermen mid-river. Others arrange USB handoffs at the Chinese border in the middle of the night with walkie talkies, laser pointers, and bountiful bribes.
Even Kim assassination comedy The Interview, which the North Korean government allegedly hacked Sony to prevent from being released, has made it into the country: Chinese traders’ trucks carried 20 copies of the film across the border the day after Christmas, just two days after its online release.
55518145
submission
Sparrowvsrevolution writes:
For the last year Bram Cohen, who created the breakthrough file-sharing protocol BitTorrent a decade ago, has been working on a tool he calls DissidentX, a steganography tool that's available now but is still being improved with the help of a group of researchers at Stanford. Like any stego tool, DissidentX can camouflage users' secrets in an inconspicuous website, a corporate document, or any other, pre-existing file from a Rick Astley video to a digital copy of Crime and Punishment. But it uses a new form of steganography based on cryptographic hashes to make the presence of a hidden message far harder for an eavesdropper to detect than in traditional stego. And it also makes it possible to encode multiple encrypted messages to different keys in the same cover text.
50723419
submission
Sparrowvsrevolution writes:
The world’s first 3D-printed gun known as the Liberator has been treated as a technological marvel and a terrorist threat. Now it’s officially become a work of art. On Sunday, London’s Victoria & Albert museum of art and design announced that it’s buying two of the original Liberator printed guns from their creator, the libertarian hacker non-profit known as Defense Distributed, and will display them during its Design Festival. Cody Wilson, Defense Distributed's founder, calls the museum's acquisition of the gun a victory for his group: "It will now be this curated, permanent cultural provocation."
50402299
submission
Sparrowvsrevolution writes:
"It should come as no surprise to Bitcoin users that despite the pseudonymity the cryptocurrency offers, its transactions can be tracked. But University of California at San Diego researcher Sarah Meiklejohn proved that privacy problem more clearly than ever by showing a reporter that she could detect a specific point in Bitcoin's blockchain record of transactions where he had spent Bitcoins in exchange for marijuana on the Silk Road, the most popular online Bitcoin-based black market for drugs.
To simulate a law enforcement subpoena, the reporter for Forbes began by giving Meiklejohn a Bitcoin address associated with Forbes' account. But with just that information, Meiklejohn was able to draw on a "clustering" analysis she had performed to identify Silk Road addresses and match them with the one used in the .3 BTC drug buy. She admits that a user who took more efforts to obscure his or her Bitcoin address through a laundering service or other unidentified Bitcoin wallets would be harder to track."
49268553
submission
Sparrowvsrevolution writes:
At the Def Con hacker conference Saturday, MIT students David Lawrence and Eric Van Albert released a piece of code that will allow anyone to create a 3D-printable software model of any Schlage Primus key, despite Schlage’s attempts to prevent the duplication of the restricted keys. With just a flatbed scanner and their software tool, they were able to produce precise models of Primus keys that they uploaded to the 3D-printing services Shapeways and i.Materialise, who mailed them working copies of the keys in materials ranging from nylon to titanium. Primus high-security locks are used in government facilities, healthcare settings, and detention centers, and their keys are coded with two distinct sets of teeth, one on top and one on the side. That, along with a message that reads "do not duplicate" printed on the top of every key, has made them difficult to copy by normal means. With Lawrence and Van Albert's software, anyone can now scan or take a long-distance photo of any Primus key and recreate it for as little as $5.
48888141
submission
Sparrowvsrevolution writes:
At the Def Con hacker conference in Las Vegas early next month, security researchers Justin Engler and Paul Vines plan to show off the R2B2, or Robotic Reconfigurable Button Basher, a piece of hardware they built for around $200 that can automatically punch PIN numbers at a rate of about one four-digit guess per second, fast enough to crack a typical Android phone's lock screen in 20 hours or less.
Engler and Vines built their bot, shown briefly in a preview video, from three $10 servomotors, a plastic stylus, an open-source Arduino microcontroller, a collection of plastic parts 3D-printed on their local hackerspace's Makerbot 3D printer, and a five dollar webcam that watches the phone's screen to detect if it's successfully guessed the password. The device can be controlled via USB, connecting to a Mac or Windows PC that runs a simple code-cracking program. The researchers plan to release both the free software and the blueprints for their 3D-printable parts at the time of their Def Con talk.
In addition to their finger-like R2B2, Engler and Vines are also working on another version of their invention that will instead use electrodes attached to a phone’s touchscreen, simulating capacitative screen taps with faster electrical signals. That bot, which they’re calling the Capacitative Cartesian Coordinate Brute-force Overlay or C3BO, remains a work in progress, Engler says, though he plans to have it ready for Def Con.
47071997
submission
Sparrowvsrevolution writes:
At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger that they say can be used to invisibly install malware on a device running the latest version of Apple’s iOS.
A description of their talk posted to the conference website describes how they were able to install whatever malware they wished on an Apple device within a minute of the user plugging it into their malicious charger, which they’re calling “Mactans" after the scientific name of a Black Widow spider. The malware-loaded USB plug is built around an open-source single-board computer known as a BeagleBoard, sold by Texas Instruments for a retail price of around $45. The researchers have contacted Apple about their exploit but haven't heard back from the company and aren't sharing more details of their hack until they do.
46691993
submission
Sparrowvsrevolution writes:
When the high-tech gunmakers Defense Distributed demonstrated earlier this month that they could 3D print an entire working gun, it was only a matter time of before that printed weapon's price and practicality dropped into the realm of normal consumers. Just a few weeks later, a couple of Wisconsin hobbyist gunsmiths have already managed to adapt Defense Distributed's so-called Liberator firearm and print it on a $1,725 Lulzbot 3D printer, a consumer grade machine that's far cheaper than the industrial quality Stratasys machine Defense Distributed used. They then proceeded to record their cheaper gun (dubbed the "Lulz Liberator") firing nine .380 rounds without any signs of cracking or melting. Eight of the rounds were fired from a single plastic barrel. (Defense Distributed only fired one through its prototype.) In total, the Lulz Liberator's materials cost around $25 and were printed over just 48 hours.
46330279
submission
Sparrowvsrevolution writes:
The promise of a fully 3D-printable gun is that it can spread via the Internet and entirely circumvent gun control laws. Two days after that digital weapon's blueprint first appeared online, it seems to be fulfilling that promise. Files for the printable gun known as that "Liberator" have been downloaded more than 100,000 times in two days, according to Defense Distributed, the group that created it. Those downloads were facilitated by Kim Dotcom's startup Mega, which Defense Distributed is using to host the Liberator's CAD files. And it's also been uploaded to the Pirate Bay, where it's one of the most popular files in the filesharing site's uncensorable 3D printing category.
46224551
submission
Sparrowvsrevolution writes:
For the last eight months, a group called Defense Distributed has been seeking to create the world's first entirely 3D-printed handgun. Now they have. The "Liberator," as the group calls its printable firearm, is made of sixteen components, fifteen of which were printed in plastic on a Stratasys Dimension SST 3D printer. The only non-printed part is a common hardware store nail that serves as the gun's firing pin.
Last week, the Liberator was fired for the first time at a firing range and successfully shot a .380 caliber bullet using a remote firing setup. Over the weekend, Defense Distributed's founder, the anarchist and radical libertarian Cody Wilson, was bold enough to try firing it by hand. The results of that test, witnessed by a reporter, indicate that the era of the 3D-printed firearm may be upon us, for better or for worse.
