Tag Archive for: turned

Pioneering hacker Kevin Mitnick, FBI-wanted felon turned security guru, dead at 59

/in


Kevin Mitnick, whose pioneering antics tricking employees in the 1980s and 1990s into helping him steal software and services from big phone and tech companies made him the most celebrated U.S. hacker, has died at age 59.

Mitnick died Sunday in Las Vegas after a 14-month battle with pancreatic cancer, said Stu Sjouwerman, CEO of the security training firm KnowBe4, where Mitnick was chief hacking officer.

His colorful career — from student tinkerer to FBI-hunted fugitive, imprisoned felon and finally respected cybersecurity professional, public speaker and author tapped for advice by U.S. lawmakers and global corporations — mirrors the evolution of society’s grasp of the nuances of computer hacking.

Through Mitnick’s professional trajectory, and what many consider the misplaced prosecutorial zeal that put him behind bars for nearly five years until 2000, the public has learned how to better distinguish serious computer crime from the mischievous troublemaking of youths hellbent on proving their hacking prowess.

“He never hacked for money,” said Sjouwerman, who became Mitnick’s business partner in 2011. He was mostly after trophies, chiefly cellphone code, he said.

Much fanfare accompanied Mitnick’s high-profile arrest in 1995, three years after he’d skipped probation on a previous computer break-in charge. The government accused him of causing millions of dollars in damages to companies including Motorola, Novell, Nokia and Sun Microsystems by stealing software and altering computer code.

But federal prosecutors had difficulty gathering evidence of major crimes, and after being jailed for nearly four years, Mitnick reached a plea agreement in 1999 that credited him for time served.

Upon his January 2000 release from prison, Mitnick told reporters his “were simple crimes of trespass.” He said ”I wanted to know as much as I could find out about how phone networks worked.”

He was initially barred for three years from using computers, modems, cell phones or anything else that could give him internet access — and from public speaking. Those requirements were…

Source…

Pioneering hacker Kevin Mitnick, felon turned security guru, dead at 59 | National

/in


Kevin Mitnick, whose pioneering antics tricking employees in the 1980s and 1990s into helping him steal software and services from big phone and tech companies made him the most celebrated U.S. hacker, has died at age 59.

Mitnick died Sunday in Las Vegas after a 14-month battle with pancreatic cancer, said Stu Sjouwerman, CEO of the security training firm KnowBe4, where Mitnick was chief hacking officer.

His colorful career — from student tinkerer to FBI-hunted fugitive, imprisoned felon and finally respected cybersecurity professional, public speaker and author tapped for advice by U.S. lawmakers and global corporations — mirrors the evolution of society’s grasp of the nuances of computer hacking.

Through Mitnick’s professional trajectory, and what many consider the misplaced prosecutorial zeal that put him behind bars for nearly five years until 2000, the public has learned how to better distinguish serious computer crime from the mischievous troublemaking of youths hellbent on proving their hacking prowess.

“He never hacked for money,” said Sjouwerman, who became Mitnick’s business partner in 2011. He was mostly after trophies, chiefly cellphone code, he said.

Much fanfare accompanied Mitnick’s high-profile arrest in 1995, three years after he’d skipped probation on a previous computer break-in charge. The government accused him of causing millions of dollars in damages to companies including Motorola, Novell, Nokia and Sun Microsystems by stealing software and altering computer code.

But federal prosecutors had difficulty gathering evidence of major crimes, and after being jailed for nearly four years, Mitnick reached a plea agreement in 1999 that credited him for time served.

Upon his January 2000 release from prison, Mitnick told reporters his “were simple crimes of trespass.” He said ”I wanted to know as much as I could find out about how phone networks worked.”

He was initially barred for three years from using computers, modems, cell phones or anything else that could give him internet access — and from public speaking. Those requirements were gradually eased but he wasn’t allowed back online until December 2002.

Mitnick’s forte…

Source…

Hitting the Books: How hackers turned cybercrime into a commercial service

/in


As anyone who regularly games online can attest, DDoS (dedicated denial of service) attacks are an irritatingly common occurrence on the internet. Drawing on the combined digital might of a geographically diffuse legion of zombified PCs, hackers are able to swamp game servers and prevent players from logging on for hours or days at a time. The problem has metastasized in recent years as enterprising hackers have begun to package their botnets and spamming tools into commercial offerings, allowing any Tom, Dick, and Script-kiddie rental access to the same power. 

It’s a big internet out there, and bad actors are plentiful. There are worse things than spammers and scammers swimming in the depths of the Dark Web. In his new book, Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks, Dr. Scott J Shapiro, Professor of Law and Philosophy at Yale Law School traces the internet’s illicit history through five of the biggest attacks on digital infrastructure ever recorded.

portrait-oriented oil painting of a smirking bear in a purple suit, black text on red background top third of the space.

Farrar Straus Giraux

FANCY BEAR GOES PHISHING: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro. Published by Farrar, Straus and Giroux. Copyright © 2023 by Scott J. Shapiro. All rights reserved. 

Crime as a Service

Not all Denial of Service attacks use botnets. In 2013, the Syrian Electronic Army (SEA)—the online propaganda arm of the brutal Bashar al-Assad regime—hacked into Melbourne IT, the registrar that sold the nytimes.com domain name to The New York Times. The SEA altered the DNS records so that nytimes.com pointed to SEA’s website instead. Because Melbourne IT contained the authoritative records for the Times’ website, the unauthorized changes quickly propagated around the world. When users typed in the normal New York Times domain name, they ended up at a murderous organization’s website.

Conversely, not all botnets launch Denial of Service attacks. Botnets are, after all, a collection of many hacked devices governed by the attacker remotely, and those bots can be used for many purposes. Originally, botnets were used for spam. The Viagra and Nigerian Prince emails that used to clutter inboxes were sent from thousands…

Source…

HP LaserJet Pwned By Hackers Gets Turned Into An AC/DC Cranking Boombox

/in


hero laserjet acdc
It’s easy to think of hackers in the colloquial sense as being the enemies of society. People who break into computer systems and sabotage electronics to gain control of them or steal data; how could someone like that be of benefit to society at large? The answer is that a great many so-called “hackers” are in fact security experts who know from experience where to look for security holes, and are also often consulted for help in closing them.

These “white hat” hackers hunt for security holes and application exploits, then report them to vendors to claim bug bounties, but some vendors are either unwilling to pay for such services or are simply difficult to contact. Back in 2005, Trend Micro set up the Zero Day Initiative for exactly that reason. It’s a group that works with security researchers to identify “zero-day” vulnerabilities in tech products and then act as an intermediary with the vendors to see them fixed.

The Zero Day Initiative sponsors multiple yearly events called Pwn2Own, where hackers gather to make time-limited attempts to exploit specific products. This year’s event in Austin was the largest-ever, with 58 total entries from 22 different security teams. Contestants have 30 minutes to deploy their exploit and gain unapproved privileges, remote code execution, or other unauthorized access to their targets.

The Initiative has a list up on its blog of all of the entries and their results, and there’s some good stuff in there, but by far the most entertaining result has to be F-Secure Labs’ 11:00 submission on Thursday where the three experts hacked an HP Color Laserjet Pro MFP M283fdw and turned it into a jukebox, playing AC/DC’s “Thunderstruck” through its tiny (and tinny) speaker. You can see/hear a brief clip of that in action, in the tweet below…
Other targeted devices at this year’s Pwn2Own event include NAS devices from WD, routers and home gateways from Netgear, Cisco, and TP-Link, printers from Canon and Lexmark, the Sonos One speaker, and notably, Samsung’s Galaxy S21 smartphone. All of these devices were running the latest firmware and security patches, yet all of them were hacked.

Not to worry, though; the ZDI doesn’t disclose or publish the exploits…

Source…