Hacker Attacked: Behind the Bars

“In just one day in 2008, an American credit card processor was hacked in perhaps one of the most sophisticated and organized computer fraud attacks ever conducted,” according to a release published by the FBI.

Sentenced. Slammed. Served.

Back in 2008, RBS WorldPay, an electronic payment processing service had fallen victim to a data breach.  An unauthorized user gained access into the companies computer system and obtained personal information of 1.5 million gift card and payroll cardholders. This included names, addresses, dates of birth, and social security numbers. A critical amount of personal data was compromised.

These cyber criminals used highly sophisticated hacking techniques to compromise the data encryption that was used to protect customers against potential hackers. Officials were determined to sentence the leader of this cyber attack, and eventually did, 6 years later.

An Estonian man, Sergei Tsurikov, has been sentenced to 11 years in prison for the role he played in the 9.4 million dollar data breach. The FBI has detailed the hacker’s involvement in this breach in a press release they published.

“A leader of one of the most sophisticated cyber crime rings in the world has been brought to justice and sentenced,” said United States Attorney Sally Quillian Yates.

Thanks to the corporation of various law enforcement agencies worldwide, this prosecution was successful. The FBI informs the public that on top of the 11-year sentence that Tsurikov must complete, he must top it off with three years of supervised release, as well as pay out a restitution fee of $8.4 million.

Let this be a lesson that Security cracking does not pay always pay off . . . sometimes you get caught.

http://www.scmagazine.com/an-estonian-man-who-hacked-rbs-worldplay-received-11-years/article/379555/

http://www.scmagazine.com/an-estonian-man-who-hacked-rbs-worldplay-received-11-years/article/379555/

http://www.fbi.gov/atlanta/press-releases/2014/international-hacker-sentenced

Hacker Magazine 2600

“Technology empowers individuals, it empowers voices, it empowers democracy in a way that can turn one man into a movement or a woman into a world power,” Snowden, a conference speaker from Russia once stated.

Technology is a powerful force.

This past summer, Dozens of hackers, journalists, and activists came together for the tenth biennial Hackers on Planet Earth  (H.O.P.E) conference, sponsored by the hacker magazine 2600.

This magazine is essential in building community within the hacker environment.  2600 provides key forums for hackers to come together and share insight regarding current issues.  Some of these include surveillance, Internet freedom, and even the security of the nation’s nuclear weapons.  Nothing is off limits.

Named after the frequency that allowed hackers to gain control of land-line phones in early years, this magazine is on its 13^th year.

In today’s world, hackers are typically looked down upon by society. They are the ones who break into these so-called secure systems and steal confidential information.  But, maybe there is something to be said about these hackers. They are the ones discovering loopholes in our security systems, and they are the ones who are consistently revealing the inconvenient truths. To clarify, I am not condoning illegal security cracking, but many times these cracks give us the push we need to enhance and evolve in the cyber world.

Now, my first impression of this magazine was not a good one, as I am sure many of you feel the same way. I could not understand why there needed to be a “how to” guide on hacking into someone’s secured systems.  In fact, Massachusetts Senator Ed Markey called the publication “a manual for computer crime.” How could anyone support this type of publication?

It wasn’t until I did some more research and found out that the magazine is less of a how-to guide, but more of a place for hackers to come together and stories be shared. Golsdstein, the founder of 2600, said that he wanted to create a place where these stories could be heard. 2600 strives on being known as a collection of intriguing stories, not on teaching the public how to hack into the cyber world.

The actual term, hacker, is a complex world itself.  It has only developed the stereotypical definition of a cyber criminal in more recent years. In fact, a hacker can have quite the different meaning. According to the New Yorker, the actual definition of a hacker is someone who is passionately obsessed with a hobby. An Olympic medalist is a hacker, a mountain climber is a hacker, even a good journalist earns the definition of a hacker.

So, who are we to judge these types of magazines, especially without performing the necessary research?

Committing cyber crimes is corrupt, and should never be done. However, is having a place to share information and empower one another with knowledge bad?

There are many questionable topics out there, but it is up to us as individuals to choose what information to take in and what information to disregard. As Snowden’s quote states “technology empowers individuals,” but it is up to the individual to choose the path in which they want to be empowered.

http://www.newyorker.com/tech/elements/print-magazine-hackers?int-cid=mod-latest

Hackers Have All The Fun!

 

Let’s think about that statement for a minute. Hackers in the movies (some movies at least) are cool, sexy people who live life in the fast lane without a care in the world!

“Never send a boy to do a woman’s job.”  A line from the classic movie “Hackers,” from the lips of Angelina Jolie, a.k.a. Kate Libby, a.k.a. Acid Burn.

This movie glorified the life and excitement of a hacker; cracking the code, getting the money, and taking down big business. Even though this movie is a bit dated in the current scheme of things the motives are still there.

In the modern world, there is a mix of hackers; some hackers do it for fun, some for glory, organized crime, to change grades, or just to prove a point. In a twisted way, it is the old adage of good vs. evil; however, depending on which side of the hacker attack you are on, your point of view of good or evil can change.

For groups like Anonymous they live by their own “code:”

“Knowledge is free.

We are anonymous.

We are legion.

We do not forgive.

We do not forget.

Expect us!”

When you read this mantra, it can sound much like the thoughts of any organized crime group. Let’s compare them to another group that believes that there should not be certain restrictions on items, the Mafia. The Mafia has been around for many, many years and can sometimes be invisibly involved in the background of your daily routine. Some of them believe that money should be made freely, without paying taxes or reporting anything to the government. In the movies and in real life, people identify with them and many look up to them as vigilante heroes. The John Gotti’s, Whitey Bulger’s, and Al Capone’s of the world are glorified criminals that inspired many books, movies, and TV shows like The Sopranos.

In the past the crimes that the Mafia committed were more in the physical form; however, organized crime now plays a huge part in the hacking business as well. But enough on the Mafia, the government now looks to combat hackers like they do the Mafia.

In a recent US News & Report article, they outline that many foreign countries actually sponsor the hackers to advance their countries economy, cracking into large, successful companies to steal trade secrets to build cheap knockoffs to sell on the black market. Within the past year, the FBI actually hired some hackers of their own to help track down, investigate, and capture cyber criminals much like the FBI did in the past by hiring members of organized crime to assist them.

But can the evil actually do something good?

In the battle of good vs. evil, Anonymous declared a cyber-war against the terrorist group ISIS. Their plan of attack is to go after the countries that harbor these terrorists:

“We plan on sending a straightforward message to Turkey, Saudi Arabia, Qatar and all other countries that evidently supply ISIS for their own gain,” the source said. “In the next few days we will begin defacing the government websites of these countries so that they understand this message clearly.”

This raises the question; does this make Anonymous more of a Robin Hood type of figure or is this a statement to the world’s Governments that they are a stronger unit than a country’s military?  

So let’s look at the statement again. “Hackers get to have all of the fun!” If you are a hacker you can be looked at as a potential to save the world from a terrorist group, get a sweet job with the FBI and assumingly take on a whole new identity, and you can get lucky with someone that looks like Angelina Jolie. So yeah, it does seem like they get to have all of the fun.

Unless of course you are one of those hackers who gets caught and sent to prison. 

Data Assassination

“Awful Event. President Lincoln Shot by an Assassin”

Thus read the headline of the New York Times on April 15, 1865, the morning after Abraham Lincoln was left unguarded, proving fatal and forever changing history. After researching Abraham Lincoln’s assassination, the fatal event begged this question in my mind “where was the Secret Service?!” Where was the security, the extra level of protection, the awareness of potential danger? For starters, the Secret Service does not take on the responsibility to protect the president until 1902, and at the time of Abraham Lincoln’s presidency, there is only a group of four police officers charged with protecting the president, each taking turns. Protecting the president was lax and often overlooked, the perfect storm for trouble.

On the night of Lincoln’s assassination at Ford’s Theater, there was only one charged with protecting the president, the unsuitable officer John Parker. Known for his fowl language and drunken behavior on duty, he seemed an unlikely candidate to protect anyone, let alone president Lincoln. Seeing his chance to grab a drink during the intermission of Our American Cousin, leaving the president unguarded and vulnerable to his assassinator, John Wilkes Booth.

Data assassination

“Today it’s hard to believe that a single policeman was Lincoln’s only protection, but 145 years ago the situation wasn’t that unusual,” truthfully stated by Smithonian.com author Paul Martin. In many ways, we can draw a similar parallel on data security in today’s society. I believe we will look back at this time in history and say something like, “it’s difficult to believe that a single password was our data’s only protection, but it was not uncommon for the general public to have only a password to login to their accounts.”

Just like the weak, half-hearted protection of the president left him vulnerable to being assassinated on that fateful night of April 14, 1865, leaving valuable information, aka our ingenious creativity, scantly protected with the smallest aura of apathetic concern does not make the cut. This laxity leads data assassination right before your eyes, helpless to do anything but watch as all is commandeered, ransomed, and plagiarized.

Apathy is a poison

Rotting the very foundations of the strongest beliefs and movements. Helen Keller said it best “science may have found a cure for most evils; but it has found no remedy for the worst of them all – the apathy of human beings.” Disregarding data breaches (no matter what kind of data is breached) as the sole responsibility and concern of large corporations is naïve and a sure path to disaster. The data we leave exposed to the assassin can never be regained as privately owned by ourselves alone.

Data is powerful

A case study by Harvard students Karim Lakhani, Robert Austin, and Yumi Yi on Data.gov points out the importance of data and how we as a people are empowered when we are able to use data to it’s fullest. “Encourage people to use the data-in any of the infinite number of inventive ways ingenious citizens might dream up, potentially unleashing new innovations and business ideas. Harness the wisdom of crowds . . . to achieve objects far beyond those government organizations.” Tim Berners-Lee also places data in a place of honor and strength by quoting, “Data is a precious thing and will last longer than the systems themselves;” therefore, data should and must be protected.

A password alone is not enough

Whether that is through a Single Sign-on solution with a second-factor for your login or anit-malware software for your desktop, you must protect your data from those that would seek to destroy or plagiarize our data. Our innovations and ideas combined, as a whole, is more powerful than a government at large. Don’t let the data that empowers us or our innovations be assassinated!

http://www.data.gov/sites/default/files/attachments/hbs_datagov_case_study.pdf

http://www.yeomansmarketing.co.uk/27-thoughts-about-the-importance-of-data/1009/

http://www.smithsonianmag.com/history/lincolns-missing-bodyguard-12932069/?no-ist

http://www.nytimes.com/learning/general/onthisday/big/0414.html

The Men Behind the Alias

The world of hackers is a mysterious and many times an intriguing place. Groups like Anonymous and Legion of Doom are made up of many faces, faces that have no names, no real names at least. Before they are caught and exposed to the public, we know many of the hacktivists by alias names, and like so many comic book characters, there are both the good and the bad. So, I ask you . . . what’s in a name? Who are the people behind the hacker pseudonyms? Let’s take a small peek into the lives of those that have posed under an alias, made their way into some of the biggest organizations in the world, and exposed weaknesses or wreaked havoc.

John Daper

First on my list is John Draper or better known as “Captain Crunch.” He is known for his hack on the telephone system in 1977. By mimicking the tone with a whistle, he opened up the telephone systems long distance line, making long distance calls free of charge. Draper later showed future owners of Apple, Steve Jobs and Steve Wozniak, how to create a box that imitates this sound. This technology would later be used to create voice mail, tone-activated calling menus, and more. It is also believed that while serving time in jail he wrote the first word processor, EasyWriter, for Apple II.

Kevin Poulsen

Next on my list is Kevin Poulsen posing as the “Dark Dante.” It would seem that hackers have a thing for the phone systems. To ensure that he was the 102nd caller and win a Porsche 944 S2, he hacked the Los Angeles radio station, KIIS-FM telephone lines. Paulsen served 5 years in prison and was the first American to be banned from using computers or the Internet. In 2004, he was allowed to use the Internet under certain restrictions. Poulsen has since come clean and has written for Wired, helped design and develop SecureDrop, and helped track down sex offenders on MySpace.

Jonathan James

Coming in as the youngest on my list is NASA stopping teenager Jonathan James or as he called himself . . . “c0mrade.” At the age of 15, he hacked into Bell South, Miami-Dade, U.S. Department of Defense, and NASA. NASA was forced to shut down all their computers for 3 weeks in January 2000 to figure out how the International Space Station’s source code was stolen. This source code controlled critical life-sustaining elements of the space station, costing a cool $41,000 to track and exposed the intruder. James’s house was raided and James placed under house arrest till 18 years old. Seven years later, the James was thought to be apart of the group that hacked TJX, to this James pleaded innocent. Convinced that he would be persecuted for a crime he did commit, James committed suicide on May 18,2008 with a note pleading his innocence and claiming this route was the only way to gain control over the situation.

Gary McKinnon

American’s just love that British accent! But maybe not the British hacker Gary McKinnon, also known to the world as “Solo.” McKinnon is responsible for the largest military computer attack by any hacker or hacktivists group. From his girlfriend’s house in London, between February 2001 and March 2002, McKinnon managed to hack into the United States Military and NASA. After years of court cases over whether McKinnon should serve out his sentence in the US or Britian, McKinnon was diagnosed with Asperger’s Syndrome and clinical depression, and claimed his reason for his hacking was to get information on free energy suppression and expose a cover-up by the United States of UFO activity. Eventually, McKinnon’s extradition order to the United States was terminated.

Adrian Lamo

Appropriately named “the homeless hacker,” the last hacker on my list is Adrian Lamo. Lamo couch hoped, lived in abandoned buildings, and did all of his hacking from coffee shops, Internet café, and libraries. This did not deter him from hacking into the Ney York Times, Microsoft, Yahoo, and others. Hacking into The New York Times website, Lamo added his name to the list of expert sources. That’s one way to get on the list. Facing time in prison and hefty fees, Lamo stated remorse for the chaos he had caused, and later disclosed Bradley Manning, to the U.S. Army authorities, the man who “leaked” the “collateral Murder” video. It is also believed that Lamo worked with Project Vigilant as a security specialist. To this day, Lamo takes stands for the hacktivists group Anonymous, making claims that they are not as indestructible as the news makes them out to be and overly mythologized.

It is undeniable that all of these men committed crimes, but many of them turned from black hacking to ethical hacking, helping U.S. organizations protect their data with stronger authentication, increase cyber security, and expose dangerous hackers before more damage can be done. Hackers: many helping strengthen our defenses others malicious to the end. These are the men behind the aliases.

http://www.discovery.com/tv-shows/curiosity/topics/10-famous-hackers-hacks.htm

http://www.telegraph.co.uk/technology/6670127/Top-10-most-famous-hackers.html

http://list25.com/25-most-notorious-hackers-to-ever-get-caught/

http://betabeat.com/2011/08/ten-of-historys-greatest-hackers/#slide5

http://www.sptimes.com/Hackers/history.hacking.html