The Register Columnists

Kevin Poulsen

Contact Mail Follow RSS feed
The Register breaking news

Website punts caller ID spoofing to the masses

A new website offer subscribers a simple web interface to a caller ID spoofing system that lets them appear to be calling from any number they choose. Called "Camophone", the service functions much like the site that struggled with an abortive launch last month: a user types in their phone number, the number they …
Kevin Poulsen, 28 Oct 2004
The Register breaking news

Feds probe huge California data breach

The FBI is investigating the penetration of a university research system that housed sensitive personal data on a staggering 1.4m Californians who participated in a state social program, officials said on Tuesday. The compromised system had the names, addresses, phone numbers, social security numbers and dates of birth of …
Kevin Poulsen, 20 Oct 2004
The Register breaking news

US air traffic control open to attack

The Federal Aviation Administration (FAA) has agreed to examine computer security at air traffic control centers around the country, following a government audit that found the systems insufficiently secured against cyber attacks. Auditors found that the FAA hadn't adequately secured computers running at the 20 "en route …
Kevin Poulsen, 15 Oct 2004
The Register breaking news

Patriot Act tour carried a hefty price tag

He may not have trashed any hotel rooms, but US Attorney General John Ashcroft spent over $200,000 of taxpayers' money in a four-week, 31-city tour last year promoting the controversial USA PATRIOT Act, according to a report by Congressional auditors released Tuesday. Ashcroft launched the PR effort in August 2003 in the face …
Kevin Poulsen, 13 Oct 2004
The Register breaking news

Shifting cyber threats menace factory floors

The factory floor of a modern paper manufacturing plant is a ballet of heavy machinery and razor-sharp blades, pressing, dying, rolling, unrolling and cutting dead tree pulp by the ton. To James Cupps, it's something else, too: a target rich environment for cyber attacks. Cupps came to this perspective about three years ago, …
Kevin Poulsen, 08 Oct 2004
The Register breaking news

LA warspammer guilty as charged

A Los Angeles man who used other people's Wi-Fi networks to send thousands of unsolicited adult-themed emails from his car pleaded guilty to a single felony Monday, in what prosecutors say is the first criminal conviction under the federal CAN-SPAM Act. In a plea agreement with prosecutors, Nicholas Tombros, 37, faces a likely …
Kevin Poulsen, 30 Sep 2004
The Register breaking news

Nuke watchdog issues cybergeddon alert

The United Nations' nuclear watchdog agency warned Friday of growing concern about cyber attacks against nuclear facilities. The International Atomic Energy Agency (IAEA) announced in a statement that it is developing new guidelines aimed at combating the danger of computerized attacks by outside intruders or corrupt insiders …
Kevin Poulsen, 28 Sep 2004
The Register breaking news

Feds invite comment on VoIP wiretaps

The Federal Communications Commission (FCC) on Thursday (23 Sept.) launched a public comment period on its plan to compel Internet broadband and VoIP providers to open their networks up to easy surveillance by law enforcement agencies. At issue is the 1994 Communications Assistance for Law Enforcement Act (CALEA), a federal law …
Kevin Poulsen, 26 Sep 2004
The Register breaking news

Senator calls for Patriot Act scale-back

A proposal in the US Senate would scale back a federal surveillance law that permits law enforcement agencies to electronically monitor a computer trespasser without a warrant with the consent of the victim. Under a provision of the 2001 USA Patriot Act intended to give system owners the ability to work with officials to combat …
Kevin Poulsen, 23 Sep 2004
The Register breaking news

Feds say Lamo inspired other hackers

The final act in the saga of Adrian Lamo's hacking adventures ended with a contrite message from the once brash cyber outlaw, and a grim denunciation from his prosecutor, who blamed the hacker for inspiring other computer intruders. In a hearing in New York last July, Lamo, 23, was sentenced to six months of house arrest …
Kevin Poulsen, 16 Sep 2004
The Register breaking news

Microsoft warns of poisoned picture peril

The old bromide that promises you can't get a computer virus by looking at an image file crumbled a bit further Tuesday when Microsoft announced a critical vulnerability in its software's handling of the ubiquitous JPEG graphics format. The security hole is a buffer overflow that potentially allows an attacker to craft a …
Kevin Poulsen, 15 Sep 2004
The Register breaking news

Mitnick movie comes to the US

Nearly six years after it was filmed, Hollywood's trouble-plagued movie version of the hunt for hacker Kevin Mitnick is headed for video stores in the US Originally titled Takedown, then Cybertraque, the film is set for a September 28th U.S. release on DVD with the new title, Track Down. The movie is from Miramax's horror and …
Kevin Poulsen, 09 Sep 2004
The Register breaking news

Plea deal in 'war spamming' prosecution

A Los Angeles man accused of using other people's Wi-Fi networks to send thousands of unsolicited adult-themed emails has entered into a plea agreement with prosecutors in a case filed under the criminal provisions of the federal CAN SPAM Act, officials confirmed Friday. Nicholas Tombros, 37, was scheduled to enter a guilty …
Kevin Poulsen, 04 Sep 2004
The Register breaking news

Appeals court slams garage door DMCA claim

A federal appeals court on Tuesday ruled that the maker of a universal garage door remote did not violate the anti-circumvention provisions of the DMCA, putting the brakes on one of the more adventuresome interpretations of the controversial copyright law. The US Court of Appeals for the Federal Circuit unanimously upheld a …
Kevin Poulsen, 02 Sep 2004

US website offers Caller ID falsification service

Overdue debtors beware: You may not be able to rely on Caller ID to screen out those annoying bill collectors much longer. A California entrepreneur has a plan to bring the hacker technique of Caller ID spoofing to the business world, beginning with collection agencies and private investigators. Slated for launch this week, …
Kevin Poulsen, 30 Aug 2004
The Register breaking news

Feds bust DDoS 'Mafia'

A Massachusetts businessman allegedly paid members of the computer underground to launch organized, crippling distributed denial of service (DDoS) attacks against three of his competitors, in what federal officials are calling the first criminal case to arise from a DDoS-for-hire scheme. Jay Echouafni, 37, is a fugitive from a …
Kevin Poulsen, 27 Aug 2004
The Register breaking news

South Pole 'cyberterrorist' hack wasn't the first

It's a tale Tom Clancy might have written. From their lair in distant Romania, shadowy cyber extortionists penetrate the computers controlling the life support systems at a Antarctic research station, confronting the 58 scientists and contractors wintering over at the remote post with the sudden prospect of an icy death. After …
Kevin Poulsen, 19 Aug 2004
The Register breaking news

Sluggish movement on power grid cyber security

One year after the worst blackout in US history drew attention to the fragility of the North American power grid, progress on protecting the grid from computer intrusions has been slow in coming. This week the North American Electric Reliability Council (NERC) - the not-for-profit industry group responsible for keeping …
Kevin Poulsen, 16 Aug 2004
The Register breaking news

US Emergency Alert System open to hack attack

The US Emergency Alert System (EAS) that lets officials instantly interrupt radio and TV broadcasts to provide emergency information in a crisis suffers from security holes that leave it vulnerable to denial of service attacks, and could even permit hackers to issue their own false regional alerts, federal regulators …
Kevin Poulsen, 13 Aug 2004
The Register breaking news

Michigan wardrivers await sentencing

In what prosecutors say is likely the first criminal conviction for wardriving in the US, a Michigan man plead guilty Wednesday to a federal misdemeanor for using the Internet through an open Wi-Fi access point at a Lowe's home improvement store in suburban Detroit. Paul Timmins, 23, pleaded guilty to a single count of …
Kevin Poulsen, 06 Aug 2004
The Register breaking news

FCC approves taps on broadband and VoIP

US regulators yesterday ruled tentatively in favor of an FBI and Justice Department proposal that would compel Internet broadband and VoIP providers to open their networks up to easy surveillance by law enforcement agencies. At issue is the 1994 Communications Assistance for Law Enforcement Act (CALEA), a federal law that …
Kevin Poulsen, 05 Aug 2004
The Register breaking news

The ATM keypad as security portcullis

Behold the modern automated teller machine, a tiny mechanical fortress in a world of soft targets. But even with all those video cameras, audit trails, and steel reinforced cash vaults, wily thieves armed with social engineering techniques and street technology are still making bank. Now the financial industry is working to …
Kevin Poulsen, 21 Jul 2004
The Register breaking news

VoIP hackers gut Caller ID

Hackers have discovered that implementation quirks in Voice over IP make it easy to spoof Caller ID, and to unmask blocked numbers. They can make their phone calls appear to be from any number they want, and even pierce the veil of Caller ID blocking to unmask an anonymous phoner's unlisted number. At root, the issue is one of …
Kevin Poulsen, 07 Jul 2004
The Register breaking news

Wi-Fi hopper guilty of cyber-extortion

A Maryland man with a grudge against a Connecticut-based patent firm used unsecured wireless networks at homes and businesses in the Washington DC area to penetrate the company's computers and deliver untraceable threats and extortion demands, until an FBI surveillance team caught him in the act. Myron Tereshchuk, 42, pleaded …
Kevin Poulsen, 26 Jun 2004
The Register breaking news

Feds urge secrecy over network outages

Giving the public too many details about significant network service outages could present cyberterrorists with a "virtual road map" to targeting critical infrastructures, according to the US Department of Homeland Security, which this month urged regulators to keep such information secret. At issue is an FCC proposal that …
Kevin Poulsen, 24 Jun 2004