11.5 C
London
Saturday, October 21, 2017
Home Tags Hacking

Tag: Hacking

In computer security, a hacker is someone who focuses on security mechanisms of computer and network systems. While including those who endeavor to strengthen such mechanisms, it is more often used by the mass media and popular culture to refer to those who seek access despite these security measures. That is, the media portrays the ‘hacker’ as a villain. Nevertheless, parts of the subculture see their aim in correcting security problems and use the word in a positive sense. White hat is the name given to ethical computer hackers, who utilize hacking in a helpful way. White hats are becoming a necessary part of the information security field. They operate under a code, which acknowledges that breaking into other people’s computers is bad, but that discovering and exploiting security mechanisms and breaking into computers is still an interesting activity that can be done ethically and legally. Accordingly, the term bears strong connotations that are favorable or pejorative, depending on the context.

Device rotates ATM cards, prevents skimmers from stealing data.
Lulzsec hacker group handed jail sentences LulzSec hacker Jake Davis: 'The internet is a world devoid of empathy' British hackers who were behind a series of high profile cyber-attacks in 2011 have been sentenced. The four men, Ryan Cleary, Jake Davis, Mustafa al-Bassam and Ryan Ackroyd, were part of the Lulzsec hacking group. Cleary was jailed for 32 months, Davis for two years...
Saudi telecom seeks help monitoring encrypted Twitter data according to e-mails.
Love it or hate it, Windows 8 is the bellwether for PCs. Where Microsoft goes, PCs follow.And now Microsoft is making a grab for the mobile market, too. The latest version of Windows is designed with touchscreens in mind, and one bright side of that evolution is the addition of features that make Windows more intuitive and easier to use...
The Inventors of Tokenless® Authentication SecurEnvoy is the trusted global leader of tokenless® two-factor authentication. As the pioneers of mobile phone based tokenless® authentication; SecurEnvoy lead the way with ground breaking solutions that others aspire too. Our innovative approach to the tokenless® market now sees thousands of users benefitting from our solutions all over the world. With users deployed across five continents,...
There's an old adage that on the internet, nobody knows you're a dog. It's been previously used to demonstrate that it's hard, if not impossible at times, to determine whether someone really is who they say they are — be it man, woman, or dog — but it equally applies to hackers. Although offline, it's easy enough to connect with someone's day-to-day personality, it doesn't offer any insight into who they are and how they act online. Let's face it, as much as Hollywood might lead us to believe that hackers gain their street cred from hacking via sophisticated 3D-modelled file systems, or that two people typing on one keyboard doubles a computer's hacking abilities, the more boring reality is that it's mostly done by typing commands into a terminal shell (and I don't mean "access security"). Just as image is everything for some people offline, so too is it online. It's why sites like Zone-H exist, showcasing what websites online attackers have defaced.

And just like in the offline world, many will take credit for others' work, make up successful attacks, or twist simple attacks into what seem like more nobler causes. Which is what may have happened with the Commonwealth Bank of Australia (CBA) recently.

A hacking group going by the name LatinHackTeamReborn, presumably trading off the name of the former LatinHackTeam group, claimed to have breached CBA's UK site. It posted the alleged email addresses, hashed passwords, and names of users on the site, stating that it made its attack by "rerouting after attacking the firewall", and that it was "striking back after what you did to us". The only problem is, it's not CBA's data. "We have done a thorough investigation, and we can confirm that no Commonwealth Bank systems have been hacked and no customer data has been compromised.

The CBA customer information is safe and secure," a spokesperson for the bank told us. It's clear from the leaked data that it's not banking information. CBA uses numerical codes for it online banking system, not email addresses, and the passwords, while hashed, were done using MD5 with no salt.

If such a method of securing passwords was used on a live banking system, it would certainly raise eyebrows, but CBA denies that it belongs to it. But the email addresses do appear to be valid, and, worryingly, of a UK and Australian nature. It's not unheard of for a hacked organisation to lie to the media, and for the information to actually be from a lesser-known and not mission-critical system (we might as well throw "developed by a third party" in here as well). But, digging deeper, I'd be more inclined to trust CBA's word. That's not just because of the damage to its reputation should it be proved that it lied, but because it would really mean trusting a hacker group that only created its Twitter account a few hours prior to the attack, which for some reason decided to include the #stopglobalwarning (yes, warning) hashtag in its attack, and opted for the cryptic, Hollywood-esque method of "rerouting" after attacking a firewall. Wherever this data came from, it didn't happen by picking different routes. It most likely resulted from improper access to a database, probably by using SQL injection. And what has CBA got to do with whatever happened to LatinHackTeam anyway? Nothing, as far as I can tell. It's a bank — and hackers breaking into banks is a sure-fire way to improve your image and gain credibility. Which is probably why the hacking group also claimed to have attacked the Bank of Israel. That would be a significant feat itself; only the email addresses, hashed passwords, and organisations named have nothing to do with the Bank of Israel.

They are actually from leaks posted by others, on previously compromised websites; in this case, the Ontario Imported Wine-Spirit-Beer Association. It runs its site off WordPress, which, if not maintained to the current version, is an easy target for even the most novice attackers, thanks to the wealth of information freely available online. Most of the time, impersonators are going to get away with it because there are few consequences for being named and shamed, and fewer who have the time or inclination to do it ("Bank not hacked" is not a headline, after all).

Even when it does happen, this is the internet, where creating a new alter ego is as simple as a few clicks, and a teenager, or an industry veteran, can be born again as a political greenie against global warning, a freedom fighter, a North Korean official, or perhaps all of them at once. It's true that on the internet, nobody knows if you're a dog, but also, most times nobody knows you're really a dog pretending to be some sort of bank-robbing hacker.