Tag Archives: hacking

How the NSA Spies on Smartphones Including the BlackBerry

Posted on by

All the images were apparently taken with smartphones. A photo taken in January 2012 is especially risqué: It shows a former senior government official of a foreign country who, according to the NSA, is relaxing on his couch in front of a TV set and taking pictures of himself — with his iPhone. To protect the person’s privacy, SPIEGEL has chosen not to reveal his name or any other details.

The access to such material varies, but much of it passes through an NSA department responsible for customized surveillance operations against high-interest targets. One of the US agents’ tools is the use of backup files established by smartphones. According to one NSA document, these files contain the kind of information that is of particular interest to analysts, such as lists of contacts, call logs and drafts of text messages. To sort out such data, the analysts don’t even require access to the iPhone itself, the document indicates. The department merely needs to infiltrate the target’s computer, with which the smartphone is synchronized, in advance.

via How the NSA Spies on Smartphones Including the BlackBerry – SPIEGEL ONLINE.

Hacking RFID Tags Is Easier Than You Think

Posted on by

The RFID output that the Arduino gets is a 10-digit hexadecimal. With that in hand, Brown said it’s simple to replicate the remotely stolen information using a Proxmark device.

The unfortunate reality, according to Brown, is that with most of the building security badges that are running at 125KHz, there is no secure authentication mechanism.

via Hacking RFID Tags Is Easier Than You Think: Black Hat.

iPhone Hacked in Under 60 Seconds Using Malicious Charger

Posted on by

Once the charger is plugged in and the user inputs their PIN code, the charger silently and invisibly removes the target app, in this case the official Facebook app. It then replaces it – in exactly the same position on your iPhone/iPad homescreen – with what looks like a perfect replacement.

In actual fact this is malware and once you launch it, your phone/tablet has been compromised. This malware could be used to capture passwords, take screenshots, access your contacts, messages and phone calls, or even make premium rate calls.

via iPhone Hacked in Under 60 Seconds Using Malicious Charger – IBTimes UK.

College students hijack $80 million yacht with GPS signal spoofing

Posted on by

A group of students at the University of Texas at Austin built and successfully tested a GPS spoofing device to remotely redirect an $80 million yacht onto a different route, the Houston Chronicle reports. The project, which was completed with the permission of the yacht’s owners in the Mediterranean Sea this past June, is explained in the video below.

via College students hijack $80 million yacht with GPS signal spoofing.

True tales of mostly white-hat hacking

Posted on by

Here are five true tales of bringing down the baddies. I can’t say I’m proud of all the things I did, but the stories speak for themselves. Got one of your own to pass along? Send it my way, or share it in the comments.

via True tales of mostly white-hat hacking | Security – InfoWorld.

Posing as a regular customer, we complained that we thought someone was attacking our cable box and asked if the technician could take a look at our device’s firewall log to confirm. A few minutes later up popped the technician’s shadow and passwd password files. When executed, our encoded malicious JavaScript packet would look for various password and configuration files and, if found, send them back to us. The technician had viewed the firewall log, the XSS had launched, and we ended up with the company’s enterprise-wide root password. All of this hacking occurred in about six hours. In less than a day we had fatally compromised the set-top box and pwned the whole company.

Hacking into the Indian Education System

Posted on by

Technically put, I merely needed to write a script to iterate through the various school IDs, check the different servers, and start with a student ID of 1 yet have a way to detect when there were no more students for a given school. I had to retrieve the resultant html files and parse them to extract all the useful information – Name, Date of Birth, ID, School, Marks.

via Hacking into the Indian Education System – On the Stepping Stone – Quora.

Several hours later, I had all the ISC and ICSE results on my very own computer, in a bunch of comma-separated value files. It was truly incredible. 26 megabytes of pure, magnificent data. An Excel file I couldn’t scroll to the bottom of. Just for kicks, I Ctrl+F’d a few names I knew and what do you know? There they were. Line after line of names, subjects and numbers. It was truly mesmerizing.

Reporters use Google, find breach, get branded as “hackers”

Posted on by

Call it security through absurdity: a pair of telecom firms have branded reporters for Scripps News as “hackers” after they discovered the personal data of over 170,000 customers—including social security numbers and other identifying data that could be used for identity theft—sitting on a publicly accessible server. While the reporters claim to have discovered the data with a simple Google search, the firms’ lawyer claims they used “automated” means to gain access to the company’s confidential data and that in doing so the reporters violated the Computer Fraud and Abuse Act with their leet hacker skills.

via Reporters use Google, find breach, get branded as “hackers” | Ars Technica.

Goldman Sachs employees concerned Bloomberg news reporters are using terminals to snoop

Posted on by

Goldman later learned that Bloomberg staffers could determine not only which of its employees had logged into Bloomberg’s proprietary terminals but also how many times they had used particular functions, insiders said.

via EXCLUSIVE: Goldman Sachs employees concerned Bloomberg news reporters are using terminals to snoop – NYPOST.com.

I doubt this will end well for some people.

Dutch police may get right to hack in cyber crime fight

Posted on by

Under a new bill, investigators would be able to hack into computers, install spyware, read emails and destroy files.

They could also break into servers located abroad, if they were being used to block services.

via BBC News – Dutch police may get right to hack in cyber crime fight.

This is no threat to a properly secured system.  AV software is not a panacea for securing a system.

Ketchikan students trick teachers to access computers

Posted on by

Students fooled teachers by asking them to enter account information to update their computer’s software, which they regularly do. Teachers were presented with a display that looked “exactly like” it does when prompted for a software update, but instead it was a request for administrative access, according to district technology supervisor Jurgen Johannsen.

via KETCHIKAN, Alaska: Ketchikan students trick teachers to access computers | State News | ADN.com.