hacks
Latest
Leader of webcam spying ring 'Blackshades' pleads guilty
The Blackshades spying hack group may have come crashing down with a bang last year, but its alleged leader is going considerably more quietly. Alex Yucel has pleaded guilty to charges that he distributed Blackshades' remote control tool, which let creeps eavesdrop on webcams, track keyboard strokes and hold computers for ransom. Whether or not he faces a stiff penalty is still up in the air, however. Sentencing isn't until May 22nd, but Yucel has already said he won't appeal if he gets less than 7.25 years in prison. The court could easily throw the book at Yucel given that Blackshades violated the privacy of half a million people, but it may not be eager to spark a prolonged fight. [Image credit: Andrew Burton/Getty Images]
Personal information compromised on Raptr
Good news, Raptr users! Your personal information has been compromised! Wait, did that read "good news"? It's bad. It's pretty bad. Yes, in yet another hack of personal information of online services Raptr wound up being hacked, resulting in a stolen names, hashed passwords, and email addresses. Founder and CEO Dennis Fong noted that the two-factor authentication used for Raptr Rewards was not compromised, so users will be unlikely to see anything lost from their reward points. Fong appears confident that the risk for users is fairly minimal, but as with any security breach he advises users to change passwords and check accounts for anything using the same username, email, and/or password. Standard operating procedure, really. No word has been released on how many accounts may have been compromised, but to be on the safe side you should change your logins and such across the board if you're a Raptr user.
This portable laptop mod houses both a PS4 and Xbox One
Want a PS4 and an Xbox One, but don't have the space in your entertainment center? Enter the PlayBox. The laptop-style console mod, created by serial tinkerer Eddie Zarick, crams both systems into a single design, complete with a 22-inch, 1080p display. It's not sleek, but seems perfectly playable despite a few shortcomings. For instance, to keep its innards cool you can't have both consoles powered on simultaneously. Zarick says he's also had trouble with the PS4's capacitive power button, although you can always get around it by pressing the PS nub on Sony's DualShock 4 controller. Unfortunately, the Playbox was a special commission, so you're unlikely to lay your hands on one. Still, if you're desperate for something similar, you could always request a follow-up -- maybe challenge Zarick to throw a Wii U in there too?
Pro-Russian cyberattacks bring down German government websites
The digital war over Ukraine isn't about to cool down any time soon. A group of pro-Russian hackers calling itself CyberBerkut is taking credit for cyberattacks that brought down German government websites, including those for Chancellor Angela Merkel, the foreign ministry and the lower parliament. Officials aren't pointing any fingers, but CyberBerkut is claiming that the breach is in retaliation for German support of the "criminal regime in Kiev." The attack came soon before German and Ukrainian leaders were going to meet, so the timing of the incident at least lines up with the group's motivations.
Police reportedly arrest UK hacker behind gaming network attacks
Lizard Squad probably shouldn't have bragged about being impossible to track following its cyberattacks against the PlayStation Network and Xbox Live. According to both The Daily Dot and a Thames Valley Police report, law enforcement arrested alleged group member Vinnie Omari on December 29th -- not for the gaming network attacks themselves, but for stealing from PayPal accounts. Omari says that the cops haven't pressed formal charges (they released him on bail), but they also confiscated all his computing devices and storage to gather evidence.
The hackers who hit Sony Pictures also threatened CNN (update)
The Guardians of Peace didn't just threaten Sony Pictures and theaters that planned to show The Interview; it also shook its fist at the press, too. The Intercept has obtained an FBI alert noting that the group implied threats against a "news media organization" on December 20th. While the bulletin doesn't name the company, The Desk's Matthew Keys has copies of the Pastebin-based messages (since removed) showing that CNN was the target. The GOP sarcastically complimented CNN on its "investigation" of the hacking group and linked a video calling the TV network an idiot, but didn't warn of any specific consequences. Update: Writer David Garrett Jr. has stepped forward as the source of this particular posting. According to Garrett, he has no connection to North Korea or the Guardians of Peace group, and just wanted to point out media inaccuracies.
FBI wants to know if US banks launched revenge hacks against Iran
Your parents might have told you that revenge solves nothing, but it's not clear that American banks have learned the same lesson. Bloomberg sources understand that the FBI is investigating whether or not US financial institutions hired hackers to conduct retaliatory hacks against Iran, crippling the servers that had been used to attack the companies starting in 2012. There isn't any hard evidence banks acted on their anger, although they at least came close. JPMorgan Chase acknowledged that one of its officials proposed an offshore strike that would have knocked the Iranian servers out of commission. The staffer didn't offer a full-fledged plan, however, and nothing appears to have come out of the idea.
The Daily Grind: Have you ever been hacked in an MMO?
The Massively tip line frequently receives notes from MMO gamers who are upset about being hacked in one MMO or another. Sometimes it's the result of a serious security flaw in the game, but sometimes it's just a lapse in a player's personal security. One way or another, it sucks. I've never had an MMO account of mine hacked, but a guildie or two of mine has in the past, which has resulted in our guild vault being cleaned out. Fortunately, the studio (Blizzard, in this case) restored the accounts and every scrap of loot and gold that was taken. But I know not all studios respond that way when it's not their fault but ours, and some folks find they've lost their accounts and characters forever. Have you ever had an MMO account hacked? How did the studio handle it? And what did you do to safeguard yourself afterward? Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!
Why North Korea's Sony hack made 'The Interview' required viewing
Congratulations, Guardians of Peace (and North Korea!) -- you've successfully prevented a "dangerous" Seth Rogen/James Franco comedy from getting released. But guess what? You've also made The Interview, which appeared to be just another slacker comedy from the Freaks and Geeks alums, vastly more important than it ever would have been on its own. That's what we in America call delicious irony. Sony, in a move President Barack Obama has called "a mistake," has vowed never to release the film in any form -- no VOD, no special digital download -- but it's only a matter of time until it's on every torrent and illegal video-streaming site on the web. And how long do you think it'll be until it makes its way into North Korea? You've won this battle, but you've also ignited a war against censorship that could end up dismantling your fascist control of information. Also, didn't you realize people always want what they can't have?
Hackers won't release Sony workers' personal info if they object
Here's an odd twist to the Sony Pictures hack: the attackers are becoming courteous... relatively speaking, of course. The Guardians of Peace are threatening to release yet more of the studio's data as a "Christmas gift," but they're also offering to withhold personal information if employees ask to keep it out of the public eye. It's not clear what prompted the sudden concern for privacy, although it may come from a realization that the leaks are hurting ordinary workers, not just actors and executives. It's a half-hearted gesture -- real privacy wouldn't involve leaks in the first place, after all -- but it suggests that the hacking group won't just dump everything it has. Not that Sony will take much comfort in this, mind you. The Guardians claim that the future data release will be "more interesting," which is no mean feat when previous posts have included movie scripts and celebrity conversations. Update: And now Sony is sending legalese notes to news organizations, demanding that they stop reporting on the leaks and delete any data that media has received from the hackers. And if they don't comply? Sony said it will have "no choice but to hold you responsible from any damage or loss resulting from such use or dissemination by you." [Image credit: Toshifumi Kitamura/AFP/Getty Images]
North Korea treats its state-sponsored hackers like royalty
There's still a dispute as to whether or not North Korean hackers broke into Sony Pictures' network, but one thing is clear: the country spoils its cyberwarriors rotten. A defector tells Reuters that Bureau 121, the spy division responsible for at least some state-sponsored internet attacks, gives hackers "very strong" financial incentives. They get giant apartments in posher parts of town, and they're relatively wealthy; one Bureau member could pay to move his entire rural family to the capital if he wanted. Many North Koreans see one of these jobs as an honor.
Russian police need help hacking the iPhone, will pay $37,000
It's been a rough day for the iPhone in Russia; A large, iPhone-style tribute to Steve Jobs is being sold off because Tim Cook is gay, a lawmaker is calling for a ban on iPhones amongst government officials, and now a law enforcement agency in the country is shopping around for a company that can help them hack iOS devices. As RT reports, a regional police force in the Ural region recently placed the request with an offer of roughly US$37,000 to anyone who can come through. The agency noted the desire to break the security of iOS devices to aid in criminal investigations, though no other specific brands or devices were mentioned in the request. This might not be entirely shocking considering even FBI director James Comey has come out against Apple's data encryption, suggesting that it's too secure for the small segment of the population who may use it for nefarious purposes.
Trion removing illicit gold from ArcheAge
Trion is serving notice to gold buyers that some of their ill-gotten gains are being removed from ArcheAge. "If you bought or were gifted gold from [a gold seller], you may see it disappear," the company wrote on its official forums. "We do have the ability to trace coin, and that's the gold that's being cleaned up right now." [Thanks Direpath!]
Trion explains why ArcheAge uses Hackshield
Ever since ArcheAge's launch, Massively has been deluged with queries about Trion's use of Hackshield, an anti-cheating toolkit created by Korean company AhnLab, Inc. Western gamers aren't traditionally fond of such security programs; as of the time of this writing, even Hackshield's meager entry under AhnLab's English Wikipedia entry has been vandalized, presumably by disgruntled internet denizens. ArcheAge's Hackshield implementation recently provoked one Redditor to issue an open letter essentially accusing Trion of illegally and secretively installing a third-party rootkit on every computer that runs Glyph. We spoke to Trion about the legalities and efficacies of the program. Specifically, we asked about five topics: Whether the program is being installed without permission, Whether it is legal to install it in in this way around the globe, Whether it is causing technical problems for users as claimed, Whether it is fully uninstalling when ArcheAge/Glyph are uninstalled, And whether it actually works, given weekend reports about exploits.
Man runs Telnet BBS on an Apple IIe using Raspberry Pi because he can
When life hands you old technology you can either throw it away, store it, or try and make it work again. Thanks to the invention of powerful and easily adapted micro computers like Raspberry Pi it's now easier than make your own Frankenstein machine. YouTube user Lon Seidman figured out how to check his email on a 1986 Apple IIe modified with just such a Raspberry Pi device. With the help of a serial to USB connector the IIe thinks sees the Pi device as a modem. Using the modified IIe Seidman is able to check his email from his laptop even when he's away from home. Here's his fascinating video showing exactly how he was able to rig up the computer to his Raspberry Pi. Enjoy.
Researchers crack iPad, iPhone PINs
"Shoulder surfing" refers to the practice of looking over someone's shoulder to watch them enter a PIN on a mobile device, like an iPad. It's not the most sophisticated hack ever, but it works, as long as the interloper has a line of sight. However, researchers from Lowell, Massachusetts have removed that restriction. The group at UMass Lowell has devised a way to reliably capture a user's four-digit passcode without seeing his or her iPad's screen. Using a camera and the knowledge that the lock screen's keyboard is static, the group's software can reference finger movements to estimate the passcode as it's typed. In fact, they were able to accurately guess a target PIN 83% of the time. When targeting the iPhone 5, the success rate jumped to 100%. That doesn't mean you've got to run into a broom closet whenever you unlock your iPhone or iPad. Just exercise a little caution. Meanwhile, the group is working on a way to randomize the Android keypad, to help prevent this very type of snooping. Hopefully Apple's Touch ID technology will make it to more devices soon, making this type of hack a moot point for Apple users.
Sit back and watch hacks around the world in real time
Want to feel anxious about your internet connection? The security firm Norse is more than happy to oblige. It's running a live hacking map that shows the attacks against a worldwide honeypot (that is, purposefully vulnerable) network as they happen. While this isn't representative of the full internet, it does act like a microcosm to some degree -- the bulk of attacks originate from China or the US, while Americans almost always serve as the punching bag. You'll even see large-scale (and surprisingly pretty-looking) assaults if you tune in at the right time. Now if you'll excuse us, we're going to double-check on our firewalls... this map isn't exactly reassuring.
Yo iPhone app hacked
Yo, the pointless app that lets you message the word "Yo" to your contacts (and nothing else) has been hacked by a college student and his two roommates. The trio has been able to acquire any Yo user's phone number and spam them with multiple messages, though they opted not to abuse the latter discovery. Yo has confirmed the hack and promised a fix. Meanwhile, a Vine video has appeared showing the app playing Rick Astley's "Never Gonna Give You Up" instead of its typical notification sound, and a post on Instagram supposedly shows an unauthorized message being pushed through the service. So it turns out an app that was built in eight hours and has access to personal information can be hacked. At least it's free.
How to turn a dead iPod into an upgraded budget music player
When a beloved piece of technology dies, it's often hard to let go. We've all seen basements and closets cluttered with the corpses of burned-out hardware that once served us well. Perhaps you've got a drawer somewhere with your dead USB sticks or an iPod that's given up the ghost. Well, there's good news for anyone who has an old 5th-generation iPod sitting around the house. For just about $40 to $50 in parts you can resurrect your old machine into a brand new budget music/gaming device. Utilizing a compact flash adapter and a camera memory card, you can easily replace the dead iPod hard drive, bringing the iPod back to the land of the living. In the video below, YouTube user Tinkernut shows how to easily open, repair, and refresh your old MP3 player into the perfect device for a young child or elderly relative who doesn't need modern bells and whistles. Tinkernut even walks you through the process of installing Rockbox, a iPod friendly operating system that comes with a large number of simple games for the device. Beyond giving new life to a wonderful piece of old technology, this is the perfect weekend project for curious tinkerers of all ages. Have fun.
New Kinect for Windows drops the Xbox One logo, adds a power cable
Last year, Microsoft said that the next-gen version of Kinect was coming to Windows, but has been relatively quiet since. That changes now, as Redmond has lifted the curtain on the new sensor and it looks... a lot like the Xbox One version. The unit is missing the Xbox logo power-indicator of its console-tethered counterpart, but as the Kinect for Windows Blog points out, that's about all that's different between the two. The software giant also says this reveal is a sign that we're getting "closer and closer" to launch, but didn't give any other release details. For the nitty gritty specs about power supplies and voltage ratings, check the source.
