Articles about Hacking

Q in James Bond

UK.gov state of the nation report: Infosec's very important, mmmkay

The UK government’s first annual report on the implementation of the 2015 National Security Strategy has reaffirmed that cyber-security remains a key priority. The 39 page report (pdf) lists cyber-security alongside Russia’s actions in Syria and Ukraine and terrorism as among the greatest threats Britain faces. The range of …
John Leyden, 09 Dec 2016

Moscow says writing infrastructure attack code is a thought crime

Malware writers whose wares are used by separate attackers to pop Russian national infrastructure could end up fined and in jail, if a new Russian bill become law. The bill (Number 47571-7, Russian) reported by local media threatens those involved in the manufacture of malware subsequently used in damaging attacks against …
Darren Pauli, 09 Dec 2016

Expedia support tech raided his CFO to rack up insider trades

Former Expedia worker Jonathan Ly has admitted to hacking his own chief financial officer and investor relations head to commit US$331,000 in insider stock-trading. Ly, 28, of San Francisco, plead guilty to securities fraud in a Seattle District Court and faces up to 25 years prison and a US$375,907 settlement including some …
Team Register, 09 Dec 2016
ThyssenKrupp industrial plant

Real deal: Hackers steal steelmaker trade secrets

German steel maker ThyssenKrupp AG on Thursday said trade secrets were stolen in a cyber-attack earlier this year. The company characterized the incursion in a statement as "a professional attack, apparently from the Southeast Asian region." The attackers sought to steal technological and research data related to ThyssenKrupp …
Thomas Claburn, 08 Dec 2016

Stealing, scamming, bluffing: El Reg rides along with pen-testing 'red team hackers'

Feature "Go to this McDonald's," Chris Gatford told me. "There's a 'Create Your Taste' burger-builder PC there and you should be able to access the OS. Find that machine, open the command prompt and pretend to do something important. "I'll be watching you." Gatford instructed your reporter to visit the burger barn because he …
Darren Pauli, 08 Dec 2016

Silver screen script hacker and dox douche gets 5 years in US cooler

Bahamas man Alonzo Knowles has been sentenced to five years jail for hacking the email accounts of celebrities to steal and sell unreleased television and movie scripts, music, financial documents, and pornographic self footage. Knowles plead guilty to criminal copyright infringement and identity theft in May and was sentenced …
Darren Pauli, 08 Dec 2016
Image by infografick https://www.shutterstock.com/g/infografick

Need Xmas ideas? Try CVE-2015-7645, a Flash gift that keeps on giving

A Flash vulnerability subject to emergency patching by Adobe has been used in all major exploit kits to compromise users not already updated. The vulnerability (CVE-2015-7645) patched in October last year was the first zero day since Adobe implemented more hardened security. It was also the most pervasive among the …
Darren Pauli, 08 Dec 2016

Could this be you? Really Offensive Security Engineer sought by Facebook

Facebook is hiring an Offensive Security Engineer, and not the sort inclined to disparage the length of your keys or your choice of encryption algorithm. "Facebook's Security team is looking for an offensive security engineer that can deliver technical leadership for our offensive security team and execute tactical, offensive …
Thomas Claburn, 07 Dec 2016

Crims turn to phishing-as-a-service to slash costs and max profits

Prefab phishing campaigns cost less to run and are twice as profitable as traditional phishing attacks, according to a new study by security vendor Imperva. Cybercriminals are lowering the cost and increasing the effectiveness of email phishing by buying complete packages of compromised servers and all the other components …
John Leyden, 07 Dec 2016
airplane just kidding shot

Hackers actively stealing Wi-Fi keys from vulnerable routers

Hackers have graduated from planting malware on the vulnerable routers supplied to consumers by various ISPs towards stealing Wi-Fi keys. Andrew Tierney, a security researcher at UK consultancy Pen Test Partners, noticed the switch-up in tactics in attacks against its honeypot network over the weekend. Customers of UK ISP …
John Leyden, 06 Dec 2016

The UK's Investigatory Powers Act allows the State to tell lies in court

Analysis Blighty's freshly passed Investigatory Powers Act, better known as the Snoopers' Charter, is a dog's dinner of a law. It gives virtually unrestricted powers not only to State spy organisations but also to the police and a host of other government agencies. The operation of the oversight and accountability mechanisms in the IPA …
Gareth Corfield, 06 Dec 2016
Image by Sergey Nivens http://www.shutterstock.com/gallery-461077p1.html

Microsoft's 'Samaritan' refuses help to hackers doing Win 10 recon

Microsoft hacker Itai Grady has created a tool to help prevent blackhat scouts from stealing Windows credentials, an effort the firm hopes will make network compromises harder to achieve. The SAMRi10 PowerShell script (it's pronounced as samaritan) eliminates the easy username information hackers seek in initial reconnaissance …
Darren Pauli, 02 Dec 2016
Pacemaker

Fatal flaws in ten pacemakers make for Denial of Life attacks

A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims. Eduard Marin and Dave Singelée, researchers with KU Leuven University, Belgium, began examining the pacemakers under black box testing conditions in …
Darren Pauli, 01 Dec 2016

Wow. What a shock. The FBI will get its bonus hacking powers after all

Three last-ditch legislative efforts to block the changes to Rule 41 of the Federal Rules of Criminal Procedure have failed, and from tomorrow the Feds will find hacking your PC a lot less of a hassle. The rule change was introduced by the Supreme Court in April. It will allow the FBI and police to apply for a warrant to a …
Iain Thomson, 30 Nov 2016

UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor

Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors. As the bill was passing through Parliament, several organizations …
Kieren McCarthy, 30 Nov 2016

If you have a problem, if no one else can help – and if you can find them – maybe you can hire DARPA's A-Teams

The Defense Advanced Research Projects Agency (DARPA), the research arm of the US military, has today announced a new program aimed at using AI to bring together skills from humans and machines to solve problems more effectively. The use of AI is seeping through to all areas of technology, including the military. But don’t …
Katyanna Quach, 29 Nov 2016
Tesla Model X

Grand App Auto: Tesla smartphone hack can track, locate, unlock, and start cars

A smartphone app flaw has left Tesla vehicles vulnerable to being tracked, located, unlocked, and stolen. Security experts at Norwegian app security firm Promon were able to take full control of a Tesla vehicle, including finding where the car is parked, opening the door and enabling its keyless driving functionality. A lack …
John Leyden, 25 Nov 2016
police hacking

London cops' tech slammed for failing abused kids – report

A broken police information system hampered efforts to protect children at risk of sexual exploitation in the UK, according to Her Majesty's Inspectorate of Constabularies (HMIC). Published today, the watchdog's the 113-page report [PDF] details an HMIC inspection into national child protection. It reveals how London's …

Drops the mic... Hang on, hackers could be listening through my headphones?

Experimental malware has highlighted the possibility that hackers might be able to turn headphones into microphones in order to snoop on computer users. Research by computer scientists at Ben-Gurion University, Israel, has revealed that both headphones and loudspeakers present a potential bugging risk. The boffins put together …
John Leyden, 25 Nov 2016
Plane. Image via shutterstock

Melbourne man arrested for broadcasting fake messages to pilots

Melbourne man Paul Sant has been charged with unauthorised broadcasting over to pilots over radio bands restricted to aviation users, causing one plane to abort a landing to Tullamarine Airport. Sant, 19, is alleged to have placed 16 separate transmissions to pilots at Tullamarine and Avalon airports between 5 September and 3 …
Darren Pauli, 24 Nov 2016
Election hacking

CompSci Prof raises ballot hacking fears over strange pro-Trump voting patterns

Donald Trump's surprise win in the United States' presidential election could conceivably be attributed to illegal hacking and needs to be investigated, according to a security expert. A statistical analysis by J Alex Halderman, professor of computer science at the University of Michigan's Center for Computer Security and …
Iain Thomson, 24 Nov 2016
police

FYI: The FBI is being awfully evasive about its fresh cyber-spy powers

Senior US senators have expressed concern that the FBI is not being clear about how it intends to use its enhanced powers to spy on American citizens. Those are the spying powers granted by Congressional inaction over an update to Rule 41 of the Federal Rules of Criminal Procedure. These changes will kick in on December 1 …
Iain Thomson, 23 Nov 2016
Gloved hand holds dismantled bug/listening /audio device. Photo by Shutterstock

Hack the Army: US military begs white hats to sweep it for bugs

Security experts reckon the US government’s newly unveiled "Hack the Army" bug bounty programme may usher in greater co-operation across the whole arena of security research. The US Army will offer cash rewards to hackers who find vulnerabilities in selected, public-facing Army websites under the scheme, which builds on the US …
John Leyden, 22 Nov 2016
Ryan (left) and Jeremy. Image: Darren Pauli / The Register.

Hackers electrocute selves in quest to turn secure doors inside out

Kiwicon Not every demo at security cons goes off without a hitch: Badass hackers Ryan and Jeremy electrocuted themselves when building what could have been the first device capable of wirelessly exploiting door-opening push buttons. The pair demonstrated the trial and terror process of building the box at the Kiwicon hacking event in …
Darren Pauli, 21 Nov 2016
Michele Orru. Image: Darren Pauli / The Register.

Hacker dishes advanced phishing kit to hook clever staff in 10 mins

Kiwicon Michele Orru has released an automated phishing toolkit to help penetration testers better exploit businesses. The well-known FortConsult hacker, better known as Antisnatchor (@antisnatchor), dropped the phishing kit at the Kiwicon hacking event in Wellington New Zealand last week, offering hackers tips to more successfully …
Darren Pauli, 21 Nov 2016
Three store maidenhead

Three CEO confirms hack, 133,827 customers were exposed

The CEO of UK carrier Three Mobile has confirmed that a customer database was compromised by hackers and more than 130,000 customers have had their account data exposed. David Dyson says that the hackers, believed to be two men from Kent and Manchester, had indeed accessed the customer directory and used the information – …
Shaun Nichols, 18 Nov 2016
Shubham Shah and Moloch. Image: Darren Pauli / The Register.

Hackers' modular worm builder hoses popular team web chat apps

KIWICON Hackers everywhere can now more easily compromise popular chat apps to steal users' webcam and audio feeds using a worm framework published online - and they even have a new zero day to help the plundering. The framework, dubbed "Little Doctor" after the planet-annihilating super weapon of Ender's Game will compromise …
Darren Pauli, 18 Nov 2016
shutterstock_mobile_theft_648

Three Mobile, two alleged hackers, one big customer database heist

UK carrier Three Mobile was the victim of a hacking scheme that has reportedly left the records of millions of customers exposed. According to multiple UK media reports citing both Three and the National Crime Agency (NCA), hackers gained access to a Three database containing the account details of possibly six million …
Shaun Nichols, 18 Nov 2016
Melbourne, Australia -May 19, 2016: Blue and white Police tape cordoning off a building site like a crime scene, Australia 2016. Editorial Credit: STRINGER Image / Shutterstock.com   Editorial Use Only.

The case for a police-civilian cyber super-agency in Australia

Opinion The Australian Federal Government is wasting millions of dollars on redundant cyber-capabilities. It should scupper its competing agencies and strip powers from others, and hand the lot to a resuscitated Australian High Tech Crime Center police-civilian super-agency that would be distributed across Australian capital cities. …
Mark Arena, 17 Nov 2016

US Director of National Intelligence legs it

Videos James Clapper, who as Director of National Intelligence was economical with the truth when it came to acknowledging US domestic surveillance activities subsequently revealed by NSA whistleblower Edward Snowden, has announced his resignation. Clapper isn't resigning over lies, but instead because it's traditional for heads like …
Iain Thomson, 17 Nov 2016
Dan Tentler. Image: Darren Pauli / The Register.

Hacker's Mac pwning expedition: 'Help, I've got too many shells!'

Kiwicon When Dan Tentler hacked writer Kevin Roose's Mac, his chief problem wasn't trying to pop the shell; it was trying to rein in the hundreds of shells he spawned. Tentler had been tasked with breaching Roose's computer for a documentary showcasing penetration testers' ability to compromise users. Tentler, also known as "Viss", …
Darren Pauli, 17 Nov 2016
Kamkar's RPi Zero-based attack

PoisonTap fools your PC into thinking the whole internet lives in an rPi

How do you get a sniff of a locked computer? Tell it you're its gateway to the entire Internet IPv4 routing space. That's the basic principle behind a demo from brainiac cracker Samy Kamkar. Plugged into a victim, his Raspberry Pi Zero-based "PoisonTap" isn't just a network sniffer, it's a backdoor-digger. MacOS users can …
Google  security engineer Darren Bilby. Image: Darren Pauli, The Register.

Antivirus tools are a useless box-ticking exercise says Google security chap

Kiwicon Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort on tools like antivirus and intrusion detection to instead research more meaningful defences such as whitelisting applications. The incident responder from Google's Sydney office, who is charged with researching very advanced attacks …
Darren Pauli, 17 Nov 2016
Her Majesty the Queen. Crown copyright/MoD

British politicians sign off on surveillance law, now it's over to the Queen

The UK's Investigatory Powers Bill has completed its passage through parliament and now only awaits Her Majesty's stamp of approval before becoming law. Also known as the Snoopers' Charter, the legislation has been criticised as being among the most onerous in the world upon the civilian population, and will require British …
Dido Harding, Chief Executive of TalkTalk

TalkTalk teen hacker pleads guilty as firm reveals £22m profit jump

TalkTalk has unveiled a healthy jump in post-tax profits on the same day a 17-year-old boy pleaded guilty to hacking the British telco. This morning the teenager, who because of his age cannot be named, pleaded guilty at Norwich Youth Court to seven charges under the Computer Misuse Act. He will be sentenced on 13 December, …
Gareth Corfield, 15 Nov 2016

'Ultimate Team' scheme: EA hackers charged for stealing in-game coins

A US man is facing felony wire fraud charges for allegedly stealing and reselling in-game currency for EA Sports' FIFA console games. Anthony Clark has been charged by the Northern Texas District Court with a count of Conspiracy to Commit Wire Fraud for his role in a scheme to automatically generate and then re-sell the …
Shaun Nichols, 14 Nov 2016
Extradition

UK Home Secretary signs off on Lauri Love's extradition to US

It appears that appeals for clemency have come to naught after the UK Home Office confirmed that the extradition order for Lauri Love has been signed off by Home Secretary Amber Rudd. Love is facing charges that he was part of #OpLastResort, which stole large amounts of data from targets like the US Federal Reserve, the …
Iain Thomson, 14 Nov 2016
Russian hacking

Russian banks floored by withering DDoS attacks

At least five Russian banks weathered days-long DDoS attacks this week. A wave of assaults began on Tuesday afternoon and continued over the next two days. Victims include Sberbank and Alfabank, both of which confirmed DDoS attacks on their online services, RT reports. The attacks were powered by compromised IoT devices, …
John Leyden, 11 Nov 2016
Batman. Credit: DC Comics.

Google Pixel pwned in 60 seconds

Power of Community The Google Pixel fell to a team of Chinese hackers alongside Apple Safari and Adobe Flash at the PwnFest hacking competition in Seoul on Friday. Mountain View's latest offering was smashed by white-hat friendlies from Qihoo 360, who used an undisclosed vulnerability to gain remote code execution for $120,000 cash prize. The …
Darren Pauli, 11 Nov 2016
Junghoon Lee. Image: Darren Pauli / The Register

Reg meets 'Lokihardt', quite possibly the world's best hacker

Power of Community If Jung Hoon Lee is not the world's best hacker, he can't be far from the top of the dais: the 22 year-old South Korean better known as Lokihardt has an uncanny knack for finding zero-day exploits in the world's most popular and most secure systems. Lee is a fixture at global hacking competitions like Pwn2Own and PwnFest where …
Darren Pauli, 11 Nov 2016
phishing

Make phishing great again: Hackers prod US think tanks, NGOs amid Trump win shockwaves

With half of America celebrating the victory of the Republicans and President-elect Trump, and the other half mourning the result, a targeted phishing campaign engulfed various US think tanks and NGOs the week. Security firm Volexity spotted the attack, which began around six hours after the President-elect clinched the …
Iain Thomson, 11 Nov 2016

Hackers cook god-mode remote exploits against Edge, VMware in world-first

Power of Community Hackers have twice completely compromised Microsoft Edge operating on Windows 10 Red Stone 1 and for the first time twice broken VMWare Workstation without user interaction. The bugs landed via SYSTEM-level remote code execution while the second VMware hacks could also be performed remotely. The four hacks were demonstrated …
Darren Pauli, 10 Nov 2016
clinton vs Trump poster illustration. Photo by Shutterstock/editorial use only

Was IoT DDoS attack just a dry run for election day hijinks?

Comment The distributed denial of service attack that took down DNS provider Dyn, and with it access to a chunk of the internet, was one of the largest such assaults seen. The attack exploited Internet of Things devices – notably webcams built by XiongMai Technologies. The gadgets had default login passwords that allowed them to be …
John Oates, 08 Nov 2016

UK spying law delayed while Lords demand Leveson amendments

IPBill The UK's Investigatory Powers Bill will not receive royal assent for at least another week as the Houses of Parliament disagree on an amendment regarding the regulation of the press. Despite widespread concerns, the bill – popularly known as the Snoopers' Charter – finished its passage through the House of Lords last week, but …
Image by Alexander_P http://www.shutterstock.com/gallery-493324p1.html

Password reset warrior arrested for popping 1050 student accounts

An Arizona man has been arrested for hacking 1050 email accounts at two united States universities, plus attempts to do so at some 75 other educational institutions. Jonathan Powell, 29, is alleged to have used password reset features to change logins for some 1050 accounts at the universities before breaching connected social …
Darren Pauli, 07 Nov 2016
hacker

NullCrew's Canadian telco hacker thrown in the clink for four years

A member of the NullCrew group has been jailed for 45 months after pleading guilty to bag a reduced sentence. Timothy Justin French, aka Orbit, 22, was part of NullCrew – itself an offshoot of Anonymous. The gang gained notoriety with a series of high-profile hacks in 2012 and 2013, when French was 17, including hitting …
Iain Thomson, 02 Nov 2016
Printer

Want to spy on the boss? Try this phone-mast-in-an-HP printer

An engineer has shown how you can sneak a tiny cellphone base station into an innocuous office printer. The idea is the brainchild of New Zealand's Julian Oliver, who was inspired by the Stingray cellphone snooping technology now in widespread use by the cops and FBI. He was looking to see how such tech could be hidden and …
Iain Thomson, 02 Nov 2016

Teen UK hacker pleads guilty after earning $385k from DDoS tool

A 19 year-old Hertfordshire man has pled guilty to running the Titanium Stresser booter service that offered distributed denial of service (DDoS)-as-a-service. Such services are often marketed as innocuous and legitimate stress testing tools, but are instead often used for cheap and effective attacks of websites. Prosecutors …
Darren Pauli, 02 Nov 2016

America has one month to stop the FBI getting its global license to hack

In one month, an obscure procedural rule tweak will come into effect allowing US cops and federal agents to potentially hack any computer in the world using a single warrant issued anywhere in America. No one in Congress has voted on this legal update. It means a warrant granted somewhere within the US can be executed on the …
Iain Thomson, 31 Oct 2016

Shadow Brokers leak systems hacked by NSA – mostly mail and uni servers in India, China

The Shadow Brokers crew has dumped online a list of servers apparently compromised by NSA hackers. The list contains historic targets of the NSA-linked Equation Group. The date stamps suggest the systems were compromised around 2001 and 2003, and they appear to be used as bases from which US snoops could carry out surveillance …
John Leyden, 31 Oct 2016