Posts tagged Hackers
Hackers target celebrities’ nudie pics in email, mobile phones
Mar 22nd
Apparently, a lot of celebrities like to take nudie pics of themselves — ‘cuz hackers have stolen pics from dozens of them, various media are reporting.
I read about it on Fox News, but of course, this hot (ahem) news tip comes from TMZ.
Apparently I’ve been living in a cave and didn’t know that a big bunch of celebrity women have had their emails and mobile devices hacked, and nudie pics of themselves stolen. Some of the pics have appeared on a French blog, whose blogger has since gone underground. Defamer says the hacker goes by the online name: “Gook.”
Anywhere from 50 to 100 celebrities may have been hacked. Fox News says the celebrities, all female, include Selena Gomez, Demi Lovato Christina Aguilera, Vanessa Hudgens, Scarlett Johansson, Ali Larter, Busy Philipps, Miley Cyrus, Emma Caulfield, Addison Timlin and Renee Olstead,
Read more: http://www.foxnews.com/entertainment/2011/03/18/jessica-alba-christina-aguilera-added-hacked-nude-pic-probe/#ixzz1HLyM7xle
The FBI is on the case. This sounds really interesting from a technical perspective, especially if some interesting hacks were deployed on mobile devices to get access to these photos. And did the hacker(s) sell the pics for cash? Or were they using them for potential blackmail purposes
It also makes me wonder about the phenomenon of taking nudie pics of yourself and storing them on your phone or email. How common is this? Or is this an epidemic in Hollywood only?
I’m gonna bet there are a lot of “freaks” out there who do. My guess is that people end up with nudie pics of themselves on their phones and in their emails from engaging in “sexting” with another person. Right?
What’s the real deal, folks?
From weblogs.baltimoresun.com
Hackers using multiple attack vectors to breach mobile phones
Feb 12th
These compound security threats are designed to extract money from mobile users, with a secondary effect of damaging the reputation of mobile networks, the report found.
“2010 is the point at which the mobile threat has taken a step change in terms of the level of complexity and severity for cellular operators….We are seeing the emergence of what we term the ‘compound threat’, which takes advantage of multiple execution paths within an operator’s network”, Gareth Maclachlan, chief operating officer of AdaptiveMobile, told Infosecurity.
According to report, which is based on analysis of AdaptiveMobile customer’s network traffic, one of the most dangerous compound threats to emerge to date involves monitoring mobile users’ access to banking sites and harvesting log-in details through a combination of routes. The method uses existing PC malware that has been redesigned to record or forward conversations on smartphones.
One version of this malware is Zeus Mitmo, which combines a Zeus infection of the PC with a infection on the mobile phone installed through a bogus SMS, supposedly from the bank.
There are also 411-type spam attacks that are on the rise globally where users receive an SMS prompting a reply in response. In the most coordinated of such attacks, users also receive a matching email from criminals further validating the scam, the report explained.
Maclachlan explained that the SMS attacks have become much easier as the availability of unlimited messaging for mobile users has expanded. “It becomes very cheap to run these sorts of attacks.”
Another compound threat noted in the report is a device that sends email spam over mobile networks. The spam results in mobile devices becoming infected with malware and impacts the reputation of the mobile operator’s network.
Yet another mobile threat seeks to trick the subscriber into dialing a premium rate number. This threat uses malware, SMS and voice calling to make money from the attacks.
“What this means for cellular operators is that it is important for them to focus on putting trust into their network, recognizing that if subscribers don’t trust the charges that are made against their bills or the applications they are downloading, mobile operators are going to become no more than a bit pipe….Whereas, if they take advantage of their relationship with the subscriber, they have an opportunity to act as a guarantor within the mobile network, so that subscribers know that the sites they are accessing and the applications they are downloading are legitimate and that they are protected from exploitation of their privacy or credit”, Maclachlan said.
Mobile operators can turn the mobile security threats into a revenue source by serving as a network guarantor, he added.
From www.infosecurity-us.com
Hackers break into GSM network, can listen to your phone calls
Dec 31st
Hackers have broken into the mobile phone GSM network and can now eavesdrop on your calls using dirt cheap handsets, according to security researchers at the Chaos Computer Club Congress.
Two researchers, Karsten Nohl and Sylvain Munaut, showed off a toolkit they developed over the last year for getting access to other people’s calls.
They were able to demonstrate how they could locate and seize a uniquely identified phone, along with intercepting call and text data sent from the phone to the base station.
A vital part of the process is using cheap Motorola phones, costing only €10 ($13) which can have their firmware replaced by an unfiltered open source alternative, the duo told the BBC. This new firmware allows the user to see all of the data being broadcast from a base station.
The ability to make this attack requires intimate knowledge of the technology and software involved, preventing an Average Joe from spying on his neighbours, but there are some concerns raised about the ability to target a unique phone, which could lead to eavesdropping on high-profile targets, such as politicians and celebrities.
The toolkit will not be released to the public, but it’s likely that hackers will figure out the missing pieces of the puzzles for themselves. Mobile operators were prompted to improve their security to combat the gaping hole in their networks.
With an estimated five billion GSM mobile phones in the world, that’s a lot of phone calls that are now at risk. If only Coulson had known.
French police bust SIM card hackers
Sep 29th
French police have arrested a number of SIM card hackers, a group whose members included employees of mobile phone companies, MSNBC is reporting. The thieves bought codes from wireless carrier employees in on the deal, and resold as many as 30,000 stolen codes per month for $40 a pop. The codes allowed the hackers to place unauthorized phone calls or even steal identities. The group was able to pull in about $675,000 per month selling the stolen codes.
What does that mean for the end user? “It’s as if the thief owns the phone, but none of the responsibility that goes with it,” author of “Think Like a Spy: Identity Theft Protection and Recovery,” John Sileo, told MSNBC. Unfortunately, most users don’t realize their information, or SIM, has been compromised until they’re told by an outside source that unauthorized calls are being made.
Sileo says that, if you suspect your SIM card has been hacked, you should take it out of your phone and visit your wireless carrier. The safest bet is to get a new SIM card if this happens.
French Police Bust Mobile Phone Hackers
Sep 27th
Security Featured Article
French Police Bust Mobile Phone Hackers
By Beecher Tuttle, TMCnet Web Editor
Following a near year-long investigation, French police arrested nine people on Sunday who are allegedly responsible for bilking phone companies out of millions of dollars over the last decade.
The scheme, which is said to be the largest of its kind in France, involved several high-ranking mobile phone company employees who had access to private databases.
French investigators told the AFP that organizers of the crime syndicate paid insiders around $4 apiece for codes that unlock SIM cards. The fraudsters then turned around and sold these numbers on the Internet for around $35 each. People who purchased the codes were able to access any SIM card for their mobile phone, no matter where they were in the world.
“From there ensued a cascade of fraud,” said one of the chief investigators. “The pirates work for the (phone company) operators, they do whatever they want.”
He further noted that the “impressive” operation was “very well set up,” allowing the hackers to wire millions of dollars into tax-free accounts over nearly 10 years.
One of the employees who had been involved in the fraud since it began had been making more than $33,000 a month for the last decade, according to the news source.
French authorities began investigating the matter in 2009 after several phone companies started to notice issues with their security systems. Later this week, a local Marseille prosecutor will detail the charges that the nine criminals will face.
In related news, a group of leading mobile phone operators have recently agreed to accept a deal that will improve transparency for consumers, the Wall Street Journal reports.
The agreement will limit contract termination fees and force telecom operators to be more upfront about other penalties.
“The measures taken by electronic communications operators mark a first positive step toward strengthening consumer protection,” said officials with Arcep, a French telecommunications regulator.
Beecher Tuttle is a Web Editor for TMCnet. He has extensive experience writing and editing for print publications and online news websites. He has specialized in a variety of industries, including health care technology, politics and education. To read more of his articles, please visit his columnist page.
Edited by Tammy Wolf
Hackers Targeting Smartphone Apps
Jul 31st
Hackers Targeting Smartphone Apps
Posted on: Saturday, 31 July 2010, 06:10 CDT
Software security experts are warning that mobile phones make enticing targets for hackers, as many people eagerly download unfamiliar applications onto their handsets that are packed with personal data.
Briefings at a Black Hat computer security conference on Thursday were devoted to threats to smartphones used for anything from banking to shopping.
“Right now, it is one of the hottest topics there is,” John Hering, founder and chief executive of Lookout Mobile Security, told the AFP news agency.
Most smartphone owners are seldom far from their devices, which they increasingly trust with passwords, phone numbers, Web browsing, banking, shopping, and more. Apple’s online App Store has kicked off a trend of developers making mini-programs that add fun, interactive features to mobile phones of all types.
“Users are downloading apps at a furious pace and, generally, have not been thinking about security,” said Hering. “If you download an app you are trusting the developers so it is important to be careful.”
Lookout Mobile Security studied nearly 300,000 mobile phone apps and found that many programs accessed more data than users might expect.
One application for changing background wallpaper images on mobile phone screens fed telephone numbers from smartphones to a computer server owned by a Chinese software developer, according to Lookout.
“If you want to put a picture of your kid, your dog, or Star Wars as background, it doesn’t make sense that the application needs your phone number,” Hering said.
Some data-collecting by applications could be unintentional side effects of developers quickly creating software in a hurry to be the next must-have smartphone app. Developers are constantly trying to write apps that will make them “the next million dollars at the App Store,” Hering said.
Hackers use Trojan Horses to slip malicious codes into software apps, Mikko Hypponen, chief resource officer at F-Secure, told AFP. F-Secure recently followed a trail that led to malicious code hidden in an anti-terrorist shooter game program for smartphones.
A hacker from Russia cracked into a legitimate game, planted a virus and then offered the infected app for free at a copycat website, according to Hypponen.
Hypponen explained that the game was actually a very good game that suddenly became free. “Download sites thought it was the real deal.”
The software app was modified to make the smartphone call eight telephone numbers that charged premium rates and then channeled most of the charges back to the hacker. The calls added a total of $12 to a smartphone owner’s monthly bill. The software was programmed to repeat the calls once per billing cycle.
The hack tactic was called “short-stopping.” It would call international numbers and route them only a fraction of the way, but still bill the full rate. The call doesn’t go all the way through, but the phone owner is charged for the full rate, and the virus writer gets the money.
Lookout Mobile Security also said that more than 80 Google Android wallpaper apps were collecting mobile phone numbers and personal data, including unique subscriber numbers.
One app, called Jackeey Wallpaper, was downloaded over a million times and sent data back to China, according to Kevin MaHaffey, Lookout’s chief technology officer.
The Jackeey Wallpaper app provided themed Star Wars and My Little Pony wallpaper, Lookout said, but it also collected information about the user’s phone number, unique identifier and voicemail number, and then beamed the data back to a server in China. Lookout, however, stressed that there was no evidence that the data collected was used for malicious purposes.
“While this sort of data collection from a wallpaper application is certainly suspicious, there’s no evidence of malicious behavior,” said MaHaffey. “There have been cases in the past on other mobile platforms where well-intentioned developers are simply overzealous in their data gathering, without having malicious intent.”
Google said it had suspended the app while it investigated the issue. Lookout said that even apps that seemed legitimate may be modified with malicious code.
“The revelation that apps in the Android Market are gathering user data will come as an embarrassment to Google, but it should also serve as a warning to users that they need to be sure about the provenance of apps they are downloading,” Ben Wood, an analyst at CCS Insight, told the UK’s Telegraph newspaper.
Although these types of hacks could be the future of mobile phone attacks, hackers still prefer to attack personal computers, Hypponen said.
F-Secure reported that there around 40 million known pieces of malicious code targeting personal computers and only 500 designed to attack mobile phones. “Eventually, virus writers will realize it is easier to make money by infecting phones than it is by infecting computers,” said the researcher.
People should be wary of downloading apps they are not sure of, and should always set strong passwords and install anti-virus software on their phones.
—
On the Net:
Black HatLookout Mobile SecurityLookout Release – Lookout Mobile Security Announces App Genome Project, Largest Study of Mobile Application Security Ever Conducted with Nearly 300k ApplicationsF-SecureCCS Insight
Source: RedOrbit Staff & Wire Reports
More News in this Category
