Feeds
The Register Columnists

Kevin Poulsen

Contact Mail Follow RSS feed
The Register breaking news

Nuclear cyber security debate hots up

Two companies that make digital systems for nuclear power plants have come out against a government proposal that would attach cyber security standards to plant safety systems. The 15-page proposal, introduced last December by the US Nuclear Regulatory Commission (NRC), would rewrite the commission's "Criteria for Use of …
Kevin Poulsen, 08 Mar 2005
The Register breaking news

Feds square off with organized cyber crime

Computer intruders are learning to play well with others, and that's bad news for the Internet, according to a panel of law enforcement officials and legal experts speaking at the RSA Conference in San Francisco last week. Christopher Painter, deputy director of the Justice Department's computer crime section, spoke almost …
Kevin Poulsen, 23 Feb 2005
The Register breaking news

T-Mobile hacker pleads guilty

A sophisticated computer hacker who penetrated servers at wireless giant T-Mobile pleaded guilty Tuesday to a single felony charge of intentionally accessing a protected computer and recklessly causing damage. Nicolas Jacobsen, 22, entered the guilty plea as part of a sealed plea agreement with the government, says prosecutor …
Kevin Poulsen, 17 Feb 2005
The Register breaking news

T-Mobile hacker pleads guilty

A sophisticated computer hacker who penetrated servers at wireless giant T-Mobile pleaded guilty Tuesday to a single felony charge of intentionally accessing a protected computer and recklessly causing damage. Nicolas Jacobsen, 22, entered the guilty plea as part of a sealed plea agreement with the government, says prosecutor …
Kevin Poulsen, 16 Feb 2005
The Register breaking news

US info-sharing initiative called a flop

Nearly a year after its launch, a federal office created as a conduit for corporate America to provide the government with sensitive information about critical vulnerabilities has been all but rejected by the technology industry that helped conceive it. The Protected Critical Infrastructure Information (PCII) program allows …
Kevin Poulsen, 15 Feb 2005
The Register breaking news

Hackers sued for tinkering with Xbox games

In the first case of its kind, a California video game maker is suing an entire community of software tinkerers for reverse engineering and modifying Xbox games that they legally purchased. Tecmo, Inc., a subsidiary of a Japanese company, announced a federal lawsuit Wednesday against Mike Greiling of Eden Prairie, Minn., and …
Kevin Poulsen, 10 Feb 2005
The Register breaking news

EU goes on biometric LSD trip

In December 2004, the European Commission adopted the biometric passports directive, a regulation that mandates the use of biometric facial images within 18 months and fingerprints within three years for all passports issued. Biometrics such as fingerprints have long been used as identifiers, albeit mainly for catching …
Kevin Poulsen, 03 Feb 2005
The Register breaking news

Hackers at mercy of US judges

A landmark U.S. Supreme Court decision last month giving judges more leeway in deciding federal prison terms could be good news for computer intruders who don't fit the classic criminal mold, legal experts say. In US v. Booker, decided 12 January, the court ruled 5-4 to overturn part of a 1984 law that required judges to …
Kevin Poulsen, 03 Feb 2005
The Register breaking news

Area 51 'hacker' charges dropped

Federal prosecutors formally dropped charges this month against an amateur astronomer who exposed a buried surveillance network surrounding the Air Force's mysterious "Area 51" air base in Nevada. Chuck Clark, 58, was charged in 2003 with a single count of malicious interference with a communications system used for the …
Kevin Poulsen, 28 Jan 2005
The Register breaking news

US to tighten nuclear cyber security

Federal regulators are proposing to add computer security standards to their criteria for installing new computerized safety systems in nuclear power plants. The US Nuclear Regulatory Commission (NRC) quietly launched a public comment period late last month on a proposed 15-page update to its regulatory guide "Criteria for Use …
Kevin Poulsen, 26 Jan 2005
The Register breaking news

FBI retires Carnivore

FBI surveillance experts have put their once-controversial Carnivore Internet surveillance tool out to pasture, preferring instead to use commercial products to eavesdrop on network traffic, according to documents released Friday. Two reports to Congress obtained by the Washington-based Electronic Privacy Information Center …
Kevin Poulsen, 15 Jan 2005
The Register breaking news

Hacker breaches T-Mobile systems, reads US Secret Service email

A sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor US Secret Service email, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities, SecurityFocus has learned. Twenty- …
Kevin Poulsen, 12 Jan 2005
The Register breaking news

Google exposes web surveillance cams

Blogs and message forums buzzed this week with the discovery that a pair of simple Google searches permits access to well over 1,000 unprotected surveillance cameras around the world - apparently without their owners' knowledge. Searching on certain strings within a URL sniffs out networked cameras that have Web interfaces …
Kevin Poulsen, 08 Jan 2005
The Register breaking news

Sims 2 hacks spread like viruses

Players of Electronic Arts' enormously popular simulated life game are complaining that their artfully-crafted homes and mansions are beginning to resemble the Twilight Zone, thanks to an artifact of the game's design that causes hacks to spread like viruses from user to unwitting user. Entire neighborhoods of Sims are being …
Kevin Poulsen, 06 Jan 2005
The Register breaking news

Groups fight internet wiretap push

Companies and advocacy groups opposed to the FBI's plan to make the internet more accommodating to covert law enforcement surveillance are sharpening a new argument against the controversial proposal: that law enforcement's Internet spying capabilities are just fine as it is. In comments filed with the FCC Tuesday, advocates …
Kevin Poulsen, 23 Dec 2004
The Register breaking news

DHS network vulnerable to attack

The US Department of Homeland Security is having some homeland cyber security issues on its systems providing remote access to telecommuters, according to a newly-released report by the DHS Inspector General's office. Earlier this year security auditors armed with ISS's Internet Scanner, @stake's L0phtCrack and Sandstorm …
Kevin Poulsen, 17 Dec 2004
The Register breaking news

Michigan Wi-Fi hacker jailed for nine years

A 21-year-old Michigan man was sentenced to nine years in federal prison yesterday in federal court in Charlotte, North Carolina for his role in a failed scheme to steal credit card numbers from the Lowe's chain of home improvement stores by taking advantage of an unsecured Wi-Fi network at a store in suburban Detroit. Brian …
Kevin Poulsen, 16 Dec 2004
The Register breaking news

Sprint sued over alleged vice hacks

A Las Vegas adult services operator is making a federal case of his longstanding claim that cyber security weaknesses at the local phone company have permitted hackers to hijack calls intended for his stable of in-room entertainers - reprising a complaint that state regulators rejected in 2002. Eddie Munoz is seeking $30m in …
Kevin Poulsen, 08 Dec 2004
The Register breaking news

Berkeley hack sparks legislative backlash

The research community would lose its access to sensitive information from California's state-run programs under proposed legislation announced this week, a reaction to the penetration earlier this year of a university system housing personal data on over 1m participants in a state program. But researchers warn the proposal …
Kevin Poulsen, 03 Dec 2004
The Register breaking news

Hacking tool 'draws FBI subpoenas'

The author of the popular freeware hacking tool Nmap warned users this week that FBI agents are increasingly seeking access to information from the server logs of his download site, insecure.org. "I may be forced by law to comply with legal, properly served subpoenas," wrote "Fyodor," the 27-year-old Silicon Valley coder …
Kevin Poulsen, 25 Nov 2004
The Register breaking news

Judge dismisses keylogger case

A federal judge in Los Angeles has dismissed charges against a California man who used a keystroke logger to spy on his employer, ruling that use of such a device does not violate federal wiretap law. Larry Ropp, a former claims adjuster for a US insurance company, was caught last year using a "KEYKatcher" brand surveillance …
Kevin Poulsen, 20 Nov 2004
The Register breaking news

Petco settles with FTC over cyber security gaffe

Pet supply retailer Petco Animal Supplies Inc. will be on a short cybersecurity leash for the next 20 years to settle a Federal Trade Commission action over a security hole on its e-commerce site that may have left as many as 500,000 customer credit card numbers exposed to hackers. The settlement stems from an incident first …
Kevin Poulsen, 18 Nov 2004
The Register breaking news

Defendant: Microsoft source code sale was a setup

A 27-year-old Connecticut man facing felony economic espionage charges for allegedly selling a copy of Microsoft's leaked source code for $20 says he's being singled out only because the software giant and law enforcement officials can't find the people who stole the code in the first place. "They're using me as an example, to …
Kevin Poulsen, 12 Nov 2004
The Register breaking news

Banks brace for cashpoint attack

An international group of law enforcement and financial industry associations hopes to prevent a new type of bank robbery before it gets off the ground: cyber attacks against automated teller machines. This fall the Global ATM Security Alliance (GASA) published what it says are the first international cyber security guidelines …
Kevin Poulsen, 11 Nov 2004
The Register breaking news

Alleged DDoS kingpin joins most wanted list

The fugitive Massachusetts businessman charged in the first criminal case to arise from an alleged DDoS-for-hire scheme has appeared on an FBI most wanted list, while the five men accused of carrying out his will are headed for federal court. Jay Echouafni, 37, is a fugitive from a five-count federal indictment in Los Angeles …
Kevin Poulsen, 06 Nov 2004
The Register breaking news

Website punts caller ID spoofing to the masses

A new website offer subscribers a simple web interface to a caller ID spoofing system that lets them appear to be calling from any number they choose. Called "Camophone", the service functions much like the Star38.com site that struggled with an abortive launch last month: a user types in their phone number, the number they …
Kevin Poulsen, 28 Oct 2004
The Register breaking news

Feds probe huge California data breach

The FBI is investigating the penetration of a university research system that housed sensitive personal data on a staggering 1.4m Californians who participated in a state social program, officials said on Tuesday. The compromised system had the names, addresses, phone numbers, social security numbers and dates of birth of …
Kevin Poulsen, 20 Oct 2004
The Register breaking news

US air traffic control open to attack

The Federal Aviation Administration (FAA) has agreed to examine computer security at air traffic control centers around the country, following a government audit that found the systems insufficiently secured against cyber attacks. Auditors found that the FAA hadn't adequately secured computers running at the 20 "en route …
Kevin Poulsen, 15 Oct 2004
The Register breaking news

Patriot Act tour carried a hefty price tag

He may not have trashed any hotel rooms, but US Attorney General John Ashcroft spent over $200,000 of taxpayers' money in a four-week, 31-city tour last year promoting the controversial USA PATRIOT Act, according to a report by Congressional auditors released Tuesday. Ashcroft launched the PR effort in August 2003 in the face …
Kevin Poulsen, 13 Oct 2004
The Register breaking news

Shifting cyber threats menace factory floors

The factory floor of a modern paper manufacturing plant is a ballet of heavy machinery and razor-sharp blades, pressing, dying, rolling, unrolling and cutting dead tree pulp by the ton. To James Cupps, it's something else, too: a target rich environment for cyber attacks. Cupps came to this perspective about three years ago, …
Kevin Poulsen, 08 Oct 2004
The Register breaking news

LA warspammer guilty as charged

A Los Angeles man who used other people's Wi-Fi networks to send thousands of unsolicited adult-themed emails from his car pleaded guilty to a single felony Monday, in what prosecutors say is the first criminal conviction under the federal CAN-SPAM Act. In a plea agreement with prosecutors, Nicholas Tombros, 37, faces a likely …
Kevin Poulsen, 30 Sep 2004
The Register breaking news

Nuke watchdog issues cybergeddon alert

The United Nations' nuclear watchdog agency warned Friday of growing concern about cyber attacks against nuclear facilities. The International Atomic Energy Agency (IAEA) announced in a statement that it is developing new guidelines aimed at combating the danger of computerized attacks by outside intruders or corrupt insiders …
Kevin Poulsen, 28 Sep 2004
The Register breaking news

Feds invite comment on VoIP wiretaps

The Federal Communications Commission (FCC) on Thursday (23 Sept.) launched a public comment period on its plan to compel Internet broadband and VoIP providers to open their networks up to easy surveillance by law enforcement agencies. At issue is the 1994 Communications Assistance for Law Enforcement Act (CALEA), a federal law …
Kevin Poulsen, 26 Sep 2004
The Register breaking news

Senator calls for Patriot Act scale-back

A proposal in the US Senate would scale back a federal surveillance law that permits law enforcement agencies to electronically monitor a computer trespasser without a warrant with the consent of the victim. Under a provision of the 2001 USA Patriot Act intended to give system owners the ability to work with officials to combat …
Kevin Poulsen, 23 Sep 2004
The Register breaking news

Feds say Lamo inspired other hackers

The final act in the saga of Adrian Lamo's hacking adventures ended with a contrite message from the once brash cyber outlaw, and a grim denunciation from his prosecutor, who blamed the hacker for inspiring other computer intruders. In a hearing in New York last July, Lamo, 23, was sentenced to six months of house arrest …
Kevin Poulsen, 16 Sep 2004
The Register breaking news

Microsoft warns of poisoned picture peril

The old bromide that promises you can't get a computer virus by looking at an image file crumbled a bit further Tuesday when Microsoft announced a critical vulnerability in its software's handling of the ubiquitous JPEG graphics format. The security hole is a buffer overflow that potentially allows an attacker to craft a …
Kevin Poulsen, 15 Sep 2004
The Register breaking news

Mitnick movie comes to the US

Nearly six years after it was filmed, Hollywood's trouble-plagued movie version of the hunt for hacker Kevin Mitnick is headed for video stores in the US Originally titled Takedown, then Cybertraque, the film is set for a September 28th U.S. release on DVD with the new title, Track Down. The movie is from Miramax's horror and …
Kevin Poulsen, 09 Sep 2004
The Register breaking news

Plea deal in 'war spamming' prosecution

A Los Angeles man accused of using other people's Wi-Fi networks to send thousands of unsolicited adult-themed emails has entered into a plea agreement with prosecutors in a case filed under the criminal provisions of the federal CAN SPAM Act, officials confirmed Friday. Nicholas Tombros, 37, was scheduled to enter a guilty …
Kevin Poulsen, 04 Sep 2004
The Register breaking news

Appeals court slams garage door DMCA claim

A federal appeals court on Tuesday ruled that the maker of a universal garage door remote did not violate the anti-circumvention provisions of the DMCA, putting the brakes on one of the more adventuresome interpretations of the controversial copyright law. The US Court of Appeals for the Federal Circuit unanimously upheld a …
Kevin Poulsen, 02 Sep 2004

US website offers Caller ID falsification service

Overdue debtors beware: You may not be able to rely on Caller ID to screen out those annoying bill collectors much longer. A California entrepreneur has a plan to bring the hacker technique of Caller ID spoofing to the business world, beginning with collection agencies and private investigators. Slated for launch this week, …
Kevin Poulsen, 30 Aug 2004
The Register breaking news

Feds bust DDoS 'Mafia'

A Massachusetts businessman allegedly paid members of the computer underground to launch organized, crippling distributed denial of service (DDoS) attacks against three of his competitors, in what federal officials are calling the first criminal case to arise from a DDoS-for-hire scheme. Jay Echouafni, 37, is a fugitive from a …
Kevin Poulsen, 27 Aug 2004
The Register breaking news

South Pole 'cyberterrorist' hack wasn't the first

It's a tale Tom Clancy might have written. From their lair in distant Romania, shadowy cyber extortionists penetrate the computers controlling the life support systems at a Antarctic research station, confronting the 58 scientists and contractors wintering over at the remote post with the sudden prospect of an icy death. After …
Kevin Poulsen, 19 Aug 2004
The Register breaking news

Sluggish movement on power grid cyber security

One year after the worst blackout in US history drew attention to the fragility of the North American power grid, progress on protecting the grid from computer intrusions has been slow in coming. This week the North American Electric Reliability Council (NERC) - the not-for-profit industry group responsible for keeping …
Kevin Poulsen, 16 Aug 2004
The Register breaking news

US Emergency Alert System open to hack attack

The US Emergency Alert System (EAS) that lets officials instantly interrupt radio and TV broadcasts to provide emergency information in a crisis suffers from security holes that leave it vulnerable to denial of service attacks, and could even permit hackers to issue their own false regional alerts, federal regulators …
Kevin Poulsen, 13 Aug 2004
The Register breaking news

Michigan wardrivers await sentencing

In what prosecutors say is likely the first criminal conviction for wardriving in the US, a Michigan man plead guilty Wednesday to a federal misdemeanor for using the Internet through an open Wi-Fi access point at a Lowe's home improvement store in suburban Detroit. Paul Timmins, 23, pleaded guilty to a single count of …
Kevin Poulsen, 06 Aug 2004
The Register breaking news

FCC approves taps on broadband and VoIP

US regulators yesterday ruled tentatively in favor of an FBI and Justice Department proposal that would compel Internet broadband and VoIP providers to open their networks up to easy surveillance by law enforcement agencies. At issue is the 1994 Communications Assistance for Law Enforcement Act (CALEA), a federal law that …
Kevin Poulsen, 05 Aug 2004
The Register breaking news

The ATM keypad as security portcullis

Behold the modern automated teller machine, a tiny mechanical fortress in a world of soft targets. But even with all those video cameras, audit trails, and steel reinforced cash vaults, wily thieves armed with social engineering techniques and street technology are still making bank. Now the financial industry is working to …
Kevin Poulsen, 21 Jul 2004
The Register breaking news

VoIP hackers gut Caller ID

Hackers have discovered that implementation quirks in Voice over IP make it easy to spoof Caller ID, and to unmask blocked numbers. They can make their phone calls appear to be from any number they want, and even pierce the veil of Caller ID blocking to unmask an anonymous phoner's unlisted number. At root, the issue is one of …
Kevin Poulsen, 07 Jul 2004
The Register breaking news

Wi-Fi hopper guilty of cyber-extortion

A Maryland man with a grudge against a Connecticut-based patent firm used unsecured wireless networks at homes and businesses in the Washington DC area to penetrate the company's computers and deliver untraceable threats and extortion demands, until an FBI surveillance team caught him in the act. Myron Tereshchuk, 42, pleaded …
Kevin Poulsen, 26 Jun 2004
The Register breaking news

Feds urge secrecy over network outages

Giving the public too many details about significant network service outages could present cyberterrorists with a "virtual road map" to targeting critical infrastructures, according to the US Department of Homeland Security, which this month urged regulators to keep such information secret. At issue is an FCC proposal that …
Kevin Poulsen, 24 Jun 2004