The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

A computer hacker linked to the group known as Anonymous and LulzSec  pleaded guilty on Tuesday to breaking into Stratfor , a global intelligence company.  Hammond, 28, was arrested last March and charged with hacking into the computers of Stratfor. Jeremy Hammond and other members of AntiSec , stole confidential information, defaced websites and temporarily put some victims out of business. Authorities say their crimes affected more than 1 million people. Hammond was charged under the controversial 1984 Computer Fraud and Abuse Act, the same law used to charge the late Aaron Swartz and other cyber-activists. The plea agreement could carry a sentence of as much as 10 years in prison, as well as millions of dollars in restitution payments, though Hammond's official sentence won't be handed down until September. Beyond Stratfor, Hammond took responsibility for eight other hacks, all of which involved either law enforcement, intelligence firms or defense c...

According to report published by for the Defense Department and government and defense industry officials, Chinese hackers have gained access to the designs of many of the nation's most sensitive advanced weapons systems. The compromised U.S. designs included those for combat aircraft and ships, as well as missile defenses vital for Europe, Asia and the Gulf, including the advanced Patriot missile system, the Navy's Aegis ballistic missile defense systems, the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the F-35 Joint Strike Fighter. The report comes a month before President Obama meets with visiting Chinese President Xi Jinping in California. The report did not specify the extent or time of the cyber-thefts, but the espionage would give China knowledge that could be exploited in a conflict, such as the ability to knock out communications and corrupting data. For the first time, the Pentagon specifically named the Chinese government a...

In the constant battle between illegal file sharers (Pirates) and the entertainment industry (Hollywood) supplying the protected digital materials, the pirates have been staying one step ahead, although the industry may soon have a powerful new weapon in their arsenal. A new report released by the Commission on the Theft of American Intellectual Property suggests the use of malware to fight piracy. In a report, the Commission on the Theft of American Intellectual Property proposed many ways piracy can be combated, including infecting alleged violators' computers with malware that can wreck havoc, including and up to destroying the user's computer. It would also give the entertainment industry the advantage of tracking those who commit IP theft on-line no matter their location. Though it sounds reasonable on the surface, it is really a bad idea due to the challenge of correctly identifying a cyber attacker, as well as the unavoidable risk of collateral damage. If you want to read ...

When coders and online security researchers find errors in websites or software, the companies behind the programs will often pay out a bounty to the person who discovered the issue. The programs are intended to create an incentive for researchers to privately report issues and allow vendors to release fixes before hackers take advantage of flaws. A 17-year-old German student says he found a security flaw in PayPal's website but was denied a reward because he's too young. On PayPal's website, the company lists the terms for rewarding people who find bugs, but mentions nothing about the age of the discoverer.  The details of the vulnerability, i.e cross-site scripting flaw (XSS), is posted on Full Disclosure section. In Past we have seen that many times PayPal tried to cheat with new security researchers by replying various reasons on reporting bugs i.e "already reported by someone else", "domain / sub-domain is not under bounty program", ...

Researchers at the Technion-Israel Institute of Technology in Haifa have created an advanced biological computer using only bio molecules such as DNA and enzymes.  There's no traditional CPU or hard drive powering the bio-computer, no hardware or software, nor is there any tangible interface to the system. The computing devices having ability to interact directly with biological systems and even living organisms. No interface is required since all components of molecular computers, including hardware, software, input and output, are molecules that interact in solution along a cascade of programmable chemical events. Researchers believe that a sufficiently advanced biological computer could have the computational power of a universal Turing machine, able to simulate other computers. This would allow for simple customization of such processors. In addition to enhanced computation power, this DNA based transducer offers multiple benefits, including the abili...

Secret and highly sensitive and $630 million building blueprints outlining the layout of Australia's top spy agency's new headquarters have been stolen by Chinese hackers. According to a report by the ABC 's Four Corners, the blueprints included floor plans, communications cabling, server locations and the security systems. The cyber attack, launched on a contractor involved in work at the site, is one of the reasons completion of the new building has been delayed. Companies including BlueScope Steel and Adelaide-based Codan, which makes radios for military and intelligence agencies, are also said have been targeted by the Chinese. Under this major hacking operations, hackers successfully breached the Defence Department's classified email system, the Department of Prime Minister and Cabinet, and the Department of Foreign Affairs and Trade. A separate attack on the Defence Department involved an employee sending a highly classified document from his des...

For all the talk about China and the Syrian Electronic Army, it seems there's another threat to U.S. cyber interests i.e Iran. Series of potentially destructive computer attacks that have been targeting American oil, gas and electricity companies tracked back to Iran. Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines. Malware have been found in the power grid that could be used to deliver malicious software to damage plants. The targets have included several American oil, gas and electricity companies, which government officials have refused to identify. The officials stated that the goal of the Iranian attacks is sabotage rather than espionage . Whereas, The cyber attacks from China however, are more aimed at stealing information from the U.S. government that is confidential, as well as from private business.  Mandiant announced that the Chinese government was backing the attacks. However, of...

Liberty Reserve , a payment processor similar to Paypal was down on Saturday after the founder of Liberty Reserve, Arthur Budovsky Belanchuk , 39, on Friday was reportedly arrested in Spain by Costa Rican authorities after his they raided suspect´s home and offices in San José and Heredia. Mr. Belanchuk, a Costa Rican citizen of Ukrainian origin, was under investigation since 2011 after authorities flagged his firm for money laundering . Investigators say that Budovsky's businesses in Costa Rica , including Liberty Reserve , were used to launder money for child pornography websites and drug trafficking. Liberty Reserve is a largely unregulated money transfer business that allows customers to open accounts using little more than a valid email address, and this relative anonymity has attracted a huge number of customers from underground economies, particularly cyber crime . It allowing users to nearly anonymously open accounts with limited documentation of identity. Dep...

Skype … once upon a time a VOIP application considered very secure and wiretap-proof, it was the common belief that no one could intercept such communications due a complex mechanism for the management of audio / video and text streams. One day, Microsoft decided to buy the product, according to many to catch a significant portion of users fond of Skype, but according many experts the company of Redmond wasn't interested only to acquire new market share. The architecture of the popular VOIP infrastructure was improved according Microsoft, in reality it is common thought that it was implemented the possibility to intercept every conversation, as requested by US government to major service providers. The claim is that Law enforcement and intelligence agencies are today able to access the communications exchanged by Skype users and Microsoft has still not been adequately answered to various question on the matter. The German associates to H security magazine at heise Security have be...

A Google security engineer has not only discovered a Windows zero-day flaw, but has also stated that Microsoft has a knack of treating outside researchers with great hostility. Tavis Ormandy , a Google security engineer, exposed the flaw on Full Disclosure , that could be used to crash PCs or gain additional access rights. The issue is less critical than other flaws as it's not a remotely exploitable one. Ormandy said on Full Disclosure, " I don't have much free time to work on silly Microsoft code, so I'm looking for ideas on how to fix the final obstacle for exploitation. ". He's been working on it for months, and according to a later post, he has now a working exploit that " grants SYSTEM on all currently supported versions of Windows. "  " I have a working exploit that grants SYSTEM on all currently supported versions of Windows. Code is available on request to students from reputable schools ," Ormandy adds. Microsoft acknowledged...

A new type of Android malware that can intercept text messages and forwarding to hackers is discovered by  the Russian firm Doctor Web . This is a very serious threat to users, because using this malware attackers can easily get two factor authentication code of your Email or bank accounts. The malware, dubbed as Android.Pincer.2.origin , is the second form of the original Android.Pincer  malware and is distributed as security certificates that the user must install. Upon launching Android.Pincer.2.origin , the user will see a fake notification about the certificate's successful installation but after that, the Trojan will not perform any noticeable activities for a while.  Android.Pincer.2.origin connects to a server and send text messages in addition to the other information as the smartphone model, serial, IMEI and phone number and the Android version is used. To malware then receive instructions from commands in the following format:  start_sms_f...

For millions of low income families, the federal government's Lifeline program offers affordable phone service. But an online security lapse has exposed tens of thousands of them to an increased risk of identity theft, after their Social Security numbers, birth dates and other pieces of highly sensitive information were included in files posted publicly online. Reporters with Scripps were investigating Lifeline, a government benefit-program that provides low-income Americans with discounted phone service, when they came across the sensitive data. They discovered 170,000 Lifeline phone customer records online through a basic Google search that contained everything needed for identity theft. They asked for an interview with the COO of TerraCom and YourTel, which are the telcos who look after Lifeline,but they threatened reporters who found a security hole in their Lifeline phone system with charges under the Computer Fraud and Abuse Act. Then, the blame-the...

The Hacker Conference partnered up with CTF365 to provide the best CTF experience during the conference. While trying to find out more about their product and also about their CTF surprise, I got an interview with Marius Corici Co-founder and CEO for CTF365. Q: November 2012 was when you first announced about this project which was supposed to start at the begin-ning of 2013. What happened that made you delay the starting date? A: Well, we're definitely enthusiastic about making CTF365 the greatest CTF platform out there, and this proves to be much more difficult than initially anticipated. I won't get into detail, because, as it happens, the story is like something pulled out from the theater of the absurd. If we would ever get a chance to make a making-of- CTF365 movie, I'm sure it would be amusing and tragic at the same time. What I will say [and repeat], is that we are putting our best efforts into making CTF365 work, we are a small and committed team, which is a problem [for...