The Register Columnists

Kevin Poulsen

Contact Mail Follow RSS feed
The Register breaking news

US moves towards anti-spyware law

A US House subcommittee on Thursday (17 May) approved what would be the first federal law to specifically target Internet spyware. The SPY Act, for "Securely Protect Yourself Against Cyber Trespass," would oblige companies and individuals to conspicuously warn consumers before giving them a program capable of automatically …
Kevin Poulsen, 20 Jun 2004
The Register breaking news

Court clips DirecTV piracy suits

A federal appeals court ruled Tuesday (15 June) that DirecTV cannot sue individuals for merely possessing technology useful for illegally intercepting the company's satellite signal, in the first significant legal victory for critics of DirecTV's aggressive anti-piracy campaign. A three-judge panel of the Eleventh Circuit Court …
Kevin Poulsen, 17 Jun 2004
The Register breaking news

Backdoor program gets backdoored

The author of a free Trojan horse program favored by amateur computer intruders found himself with some explaining to do to the underground last month, after his users discovered he'd slipped a secret backdoor password into his popular malware, potentially allowing him to re-hack compromised hosts. The program in question is …
Kevin Poulsen, 13 Jun 2004
The Register breaking news

Computer intrusion losses waning

Computer intrusions are on the decline for the third year in a row, at least among respondents to an annual survey conducted by the Computer Security Institute (CSI) and the FBI's computer crime squad. Nearly 500 computer security professionals in US corporations, government agencies, financial institutions, medical …
Kevin Poulsen, 11 Jun 2004
The Register breaking news

US wardriver pleads guilty to Wi-Fi hacks

In a rare wireless hacking conviction, a Michigan man entered a guilty plea last Friday in federal court in Charlotte, North Carolina for his role in a scheme to steal credit card numbers from the Lowe's chain of home improvement stores by taking advantage of an unsecured Wi-Fi network at a store in suburban Detroit. Brian …
Kevin Poulsen, 07 Jun 2004
The Register breaking news

DirecTV's anti-SLAPP slap to litigant

A Los Angeles court last week dismissed a lawsuit filed by a former enforcer in DirecTV's anti-piracy campaign who claimed he resigned rather than continue to prosecute the company's controversial war against buyers of hacker-friendly smart card equipment. John Fisher, a former police officer, alleged that he joined DirecTV as …
Kevin Poulsen, 03 Jun 2004
The Register breaking news

Federal agency faulted for weak security

The federal agency that insures US bank deposits suffers from network security holes that make it vulnerable to cyber thieves and saboteurs, a report by congressional investigators concluded Friday (28 May). Though the Federal Deposit Insurance Corporation (FDIC) has made significant progress in shoring up cybersecurity in …
Kevin Poulsen, 31 May 2004
The Register breaking news

Area 51 hackers dig up trouble

To the Area 51 buffs who journey to the Nevada desert in the hopes of catching a glimpse of unexplained lights in the sky or to bask in the mythic allure of the region, 58-year-old Chuck Clark is almost as much a part of the local color as the Black Mailbox. A resident of tiny Rachel, Nevada - 100 miles north of Las Vegas along …
Kevin Poulsen, 25 May 2004
The Register breaking news

Apple patches critical Mac OS X hole

Apple Computer on Friday (21 May) issued a patch for a security hole in Mac OS X that could have allowed hackers to take over vulnerable machines, but the company went out of its way to downplay the importance of the bug. The vulnerability in the operating system's Help View application allows attackers to craft a special URL …
Kevin Poulsen, 24 May 2004
The Register breaking news

'Deceptive duo' hacker pleads guilty

A Florida man pleaded guilty in federal court in Washington D.C. on Wednesday to charges stemming from his role as one half of the high-profile hacking team "The Deceptive Duo", responsible for obtaining sensitive information from government systems, and defacing dozens of governmental and private websites with patriotically- …
Kevin Poulsen, 20 May 2004
The Register breaking news

Sasser suspect fanclub launches appeal

The German teenager fingered as the author of the Sasser and NetSky worms may not be popular among IT professionals, but fans of the accused miscreant have already sprung to his defense and, apparently, opened their wallets. On Wednesday an anonymous post to the Full Disclosure security mailing list announced a new website …
Kevin Poulsen, 17 May 2004
The Register breaking news

Prison time for cyber stock swindler

A young investor with more wiles than trading luck was sentenced to 13 months in prison Wednesday for using a Trojan horse program and someone else's online brokerage account to sell thousands of worthless stock options to an unwilling buyer. Van T. Dinh, 20, was the first to be charged by the Securities and Exchange Commission …
Kevin Poulsen, 06 May 2004
The Register breaking news

'Deceptive Duo' hacker charged

A Florida man has been charged in federal court in Washington DC for his alleged role as one half of the high-profile hacking team "The Deceptive Duo" - responsible for defacing dozens of governmental and private websites with patriotically-themed messages exhorting the US to shore up cyber defenses. Benjamin Stark, 22, faces a …
Kevin Poulsen, 04 May 2004
The Register breaking news

Mitnick busts bomb hoaxer

Ex-hacker Kevin Mitnick is a hero to the small town of River Rouge, Michigan, after using his tech skills to help officials nab the culprit behind a harrowing series of bomb threats. The trouble began a few months ago, when staff members at River Rouge High School began receiving threatening phone calls at home from an …
Kevin Poulsen, 03 May 2004
The Register breaking news

US defends cybercrime treaty

Critics took aim this week at a controversial international treaty intended to facilitate cross-boarder computer crime probes, arguing that it would oblige the US and other signatories to cooperate with repressive regimes - a charge that the Justice Department denied. The US is one of 38 nations that have signed onto the …
Kevin Poulsen, 24 Apr 2004
The Register breaking news

Tower Records settles charges over hack attacks

Music retailer Tower Records on Wednesday settled charges with federal investigators arising from a security gaffe on the company's ecommerce site, which for a time made the buying habits of online customers accessible to outsiders. The settlement requires Tower to establish and maintain a comprehensive information security …
Kevin Poulsen, 22 Apr 2004
The Register breaking news

Former anti-piracy 'bag man' turns on DirecTV

A one-time enforcer in DirecTV's anti-piracy campaign is suing his ex-employer for wrongful discharge, after he allegedly resigned rather than continue to prosecute the company's controversial war against buyers of hacker-friendly smart card equipment. John Fisher, a former police officer, alleges in a complaint filed in Los …
Kevin Poulsen, 18 Apr 2004
The Register breaking news

Webtapping battle lines drawn

The public comment period on a Justice Department proposal to make the Internet easier to wiretap ended on Monday with most of the filed comments tracing a clean line between two opposing camps. On the government's side, federal, state and local law enforcement agencies who perform wiretaps, allied with companies who sell …
Kevin Poulsen, 15 Apr 2004
The Register breaking news

NY Times hacker sentencing delayed

Adrian Lamo's sentencing hearing for his 2002 intrusion into the New York Times internal network was postponed this week. The 22-year-old hacker appeared with his attorney in federal court in New York Thursday for what was originally scheduled to be his sentencing. Instead, federal judge Naomi Buchwald agreed to put off the …
Kevin Poulsen, 10 Apr 2004
The Register breaking news

Tracking the Blackout bug

A number of factors and failings came together to make the August 14th northeastern blackout the worst outage in North American history. One of them was buried in a massive piece of software compiled from four million lines of C code and running on an energy management computer in Ohio. To nobody's surprise, the final report on …
Kevin Poulsen, 08 Apr 2004
The Register breaking news

Interview with the keystroke caperist

A former claims adjuster for a US insurance company is the first to be charged under federal wiretap law for the covert use of a hardware keystroke logger, after he was caught using the device while secretly helping consumer attorneys gather information to use against his own company. Larry Ropp, 46, was indicted Tuesday by a …
Kevin Poulsen, 25 Mar 2004
The Register breaking news

Phishing attacks ‘on the rise’

Despite a handful of successful criminal prosecutions and an increase in public awareness, February saw a marked increase in the number of new variations of the spam-borne swindle called "phishing". The Anti-Phishing Working Group charted 282 unique attacks last month, a 60 per cent increase above the 176 attacks spotting in …
Kevin Poulsen, 21 Mar 2004
The Register breaking news

Anti-piracy vigilantes stalk file sharers

A pair of coders nurturing a deep antipathy for software pirates set off a controversy last Thursday when they went public with a months-old experiment to trick file sharers into running a Trojan horse program that chastises users and reports back to a central server. As of Thursday, the crime-busting duo's server had logged …
Kevin Poulsen, 19 Mar 2004
The Register breaking news

US hosting company reveals hacks, citing disclosure law

Citing California's security breach disclosure law, Texas-based Allegiance Telecom notified 4,000 Web hosting customers this week of a recent computer intrusion that exposed their usernames and passwords, in a case that experts say illustrates the security sunshine law's national influence. The law, called SB 1386, took effect …
Kevin Poulsen, 13 Mar 2004
The Register breaking news

Feds: email subpoena ruling hurts law enforcement

A federal appeals court has declined to reverse last year's decision that the issuance of an egregiously overbroad subpoena for email can qualify as a computer intrusion in violation of anti-hacking laws. This is despite an argument by the Justice Department that a side-effect of the ruling has already made it harder for law …
Kevin Poulsen, 06 Mar 2004
The Register breaking news

Wags hijack TV channel's on-screen ticker

A cable news channel in Raleigh, North Carolina shut down a Web application designed to allow local schools and businesses to report weather-related closures last week, after a handful of puckish university students discovered they could use it to add textual graffiti to the station's newscast. Before the system was pulled, …
Kevin Poulsen, 05 Mar 2004
The Register breaking news

Gates ‘optimistic’ on security

RSA Microsoft chairman Bill Gates is grateful to the independent security researchers who routinely punch holes in his company's software. Really. "We really appreciate the relationship we have with these security experts," said Gates in a keynote address at the RSA Conference in San Francisco on Tuesday. But, "the unfortunate fact …
Kevin Poulsen, 25 Feb 2004
The Register breaking news

US vuln info-sharing plan draws fire

A long-anticipated program meant to encourage companies to provide the federal government with confidential information about vulnerabilities in critical systems took effect Friday, but critics worry that it may do more harm than good. The so-called Protected Critical Infrastructure Information (PCII) program allows …
Kevin Poulsen, 22 Feb 2004

Software bug contributed to blackout

A previously-unknown software flaw in a widely-deployed General Electric energy management system contributed to the devastating scope of the August 14th northeastern U.S. blackout, industry officials revealed this week. The bug in GE Energy's XA/21 system was discovered in an intensive code audit conducted by GE and a …
Kevin Poulsen, 12 Feb 2004
The Register breaking news

Cable modem hackers conquer the co-ax

A small and diverse band of hobbyists steeped in the obscure languages of embedded systems has released its own custom firmware for a popular brand of cable modem, along with a technique for loading it -- a development that's already made life easier for uncappers and service squatters, and threatens to topple long-held …
Kevin Poulsen, 05 Feb 2004
The Register breaking news

eBay hacker pleads guilty

Jerome Heckenkamp pleaded guilty Thursday to defacing the online auction house eBay and penetrating systems at the San Diego-based telecommunication equipment maker Qualcomm, ending years of pre-trial court wrangling and casting considerable doubt on his public claims of innocence. Under the terms of his plea deal with …
Kevin Poulsen, 03 Feb 2004
The Register breaking news

DARPA-funded Linux security hub withers

Two years after its hopeful launch, a U.S.-backed research project aimed at drawing skilled eyeballs to the thankless task of open-source security auditing is prepared to throw in the towel. Initially funded by a research grant from the Pentagon's Defense Advanced Research Projects Agency (DARPA), the Sardonix project aspired …
Kevin Poulsen, 01 Feb 2004
The Register breaking news

Warspying San Francisco

Striding through San Francisco's busy financial district after dusk, 20-year-old Jake Appelbaum is an odd sight. His left hand is clutching the handle of a two-foot-long fiberglass pole wrapped in a metal spiral, which he holds high like a lance. The device is a directional antenna: a thin cable hangs between it and what looks …
Kevin Poulsen, 29 Jan 2004
The Register breaking news

Online fraud, ID theft soars

American consumers filed more that half-a-million fraud reports last year adding up to over $437 million in losses, with Internet fraud for the first time accounting for more than half of the complaints, according to a report released by the Federal Trade Commission this week. Identity theft was the most prevalent form of fraud …
Kevin Poulsen, 24 Jan 2004
The Register breaking news

Prison time for unlucky phisher

An Ohio woman who used forged e-mails from "AOL security" to swindle America Online subscribers out of their credit card numbers was sentenced to 46 months in prison Tuesday, after a federal judge in Virginia rejected her plea for a reduced sentence. Helen Carr, 55, pleaded guilty last October to one count of conspiracy for her …
Kevin Poulsen, 22 Jan 2004
The Register breaking news

Feds seek input on spammer sentencing

A formula that would sentence deceptive spammers to more time in prison for each e-mail address spammed is among the proposals under consideration by the presidentially-appointed commission responsible for setting federal sentencing rules, which this week sought the public's input on how to punish violators of the newly-enacted …
Kevin Poulsen, 17 Jan 2004
The Register breaking news

No relief from Microsoft phishing bug

Tuesday's edition of Microsoft's monthly bundle of security advisories features an omission that should keep online fraud artists and identity thieves happy: over one month after its discovery, there is no official patch available for a bug in Internet Explorer that lets swindlers pass off counterfeit websites as the real thing …
Kevin Poulsen, 14 Jan 2004
The Register breaking news

Lamo pleads guilty to NY Times hack

Hacker Adrian Lamo plead guilty Thursday to federal computer crime charges arising from his 2002 intrusion into the New York Time internal network, and faces a likely six to twelve months in custody when he's sentenced in April. In a plea deal with prosecutors, Lamo, 22, admitted to cracking the Times network and recklessly …
Kevin Poulsen, 09 Jan 2004
The Register breaking news

Online crime up in 2003

It seems 2003 was a productive year for phishers, online auction scammers and Nigerians professing a deep sense of purpose and utmost sincerity, judging from the latest stats from the Internet Fraud Complaint Center. The center reports receiving over 120,000 online fraud complaints through its website this year -- an increase …
Kevin Poulsen, 06 Jan 2004
The Register breaking news

Chats led to Acxiom hacker bust

A Cincinnati man who plead guilty Thursday to cracking and cloning giant consumer databases was only caught because he helped out a friend in the hacker community. Daniel Baas, 25, plead guilty Thursday to a single federal felony count of "exceeding authorized access" to a protected computer for using a cracked password to …
Kevin Poulsen, 21 Dec 2003
The Register breaking news

US Secret Service airbrushes aerial photos

Call it the case of the missing White House. Users of Mapquest's free aerial photo database recently noticed that details of several Washington D.C. government buildings were no longer discernable in overhead images of the U.S. capital. A comparison of old and new images posted on the government secrecy watchdog site Cryptome …
Kevin Poulsen, 18 Dec 2003
The Register breaking news

Spooks seek right to snoop on Internet phone calls

If a rapid-fire series of announcements from cable and telecom bigwigs last week confirms that Voice over IP (VoIP) has a future as a mainstream consumer technology, it's worth noting that the electronic surveillance mavens in the FBI and Justice Department saw it coming. On Thursday, AT&T announced plans to deliver consumer …
Kevin Poulsen, 15 Dec 2003
The Register breaking news

FTC probes security hole

Pet supply retailer PetCo disclosed this week that its security and privacy practices are the target of an investigation by the U.S. Federal Trade Commission (FTC), which is following up on an e-commerce security gaffe that left as many as 500,000 credit card numbers accessible from the Web earlier this year. In October the FTC …
Kevin Poulsen, 07 Dec 2003
The Register breaking news

eBay ‘hacker’ challenges PC ban

Accused eBay hacker Jerome Heckenkamp is back in federal court in California this month, but it isn't for his ever-slipping trial date. His attorneys are mounting a constitutional challenge to court-ordered pre-trial restrictions that have kept him from computers and the Internet since his indictment nearly three years ago. …
Kevin Poulsen, 04 Dec 2003
The Register breaking news

Nachi worm infected Diebold ATMs

The Nachi worm compromised Windows-based automated teller machines at two financial institutions last August, according to ATM-maker Diebold, in the first confirmed case of malicious code penetrating cash machines. The machines were in an advanced line of Diebold ATMs built atop Windows XP Embedded, which, like most versions of …
Kevin Poulsen, 25 Nov 2003
The Register breaking news

Exploit Code on Trial

Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any public disclosure is made. But there was pronounced …
Kevin Poulsen, 24 Nov 2003
The Register breaking news

Michigan Wi-Fi hackers ‘try to steal credit card details’

Federal officials this week accused a third Michigan man of conspiring to steal credit card numbers from the Lowe's chain of home improvement stores by taking advantage of an unsecured wi-fi network at store in suburban Detroit. The new defendant, Brian Salcedo, 20, was named by the original suspects, Paul Timmins, 22, and Adam …
Kevin Poulsen, 22 Nov 2003
The Register breaking news

Court limits in-car FBI spying

An appeals court this week put the brakes on an FBI surveillance technique that turns an automobile driver's on-board vehicle navigation system into a covert eavesdropping device, after finding that the spying effectively disables the system's emergency and roadside assistance features. The case arose from a 2001 FBI …
Kevin Poulsen, 20 Nov 2003
The Register breaking news

Garage door DMCA case dismissed

A federal judge in Illinois this week ruled that the maker of a universal garage door remote didn't violate the anti-circumvention provisions of the DMCA, in a closely watched case that offers hope to critics of the controversial copyright law. Judge Rebecca Pallmeyer dismissed part of a civil suite brought by the Chamberlain …
Kevin Poulsen, 17 Nov 2003
The Register breaking news

Wireless hacking bust in Michigan

In a rare wireless hacking prosecution, federal officials this week accused two Michigan men of repeatedly cracking the Lowe's chain of home improvement stores' nationwide network from a 1995 Pontiac Grand Prix parked outside a suburban Detroit store. Paul Timmins, 22, and Adam Botbyl, 20, were charged Monday with penetrating …
Kevin Poulsen, 13 Nov 2003