Alleged Scarlett Johansson hacker didn’t plan to profit, FBI says

Celebrities are accustomed to stalkers trying to get too close.

But the FBI on Wednesday accused a man of gleaning intimate details from the lives of several top actresses and singers — including nude photos — from 3,000 miles away.

Working from his home computer in Jacksonville, Fla., authorities say, Christopher Chaney, 35,allegedly hacked into the email accounts of such big names as Mila Kunis, Christina Aguilera and Scarlett Johansson.

And authorities say he did it the hard way. Mining details of the stars’ personal lives in celebrity magazine and websites as well as Twitter and Facebook posts, Chaney looked for potential passwords that would give him access to their accounts, the FBI said.

Document: Read the indictment

Once he cracked the password, officials charged, he hit a gold mine, gaining access to the stars’ address books as well as any photos and other files saved in their email accounts.

He used an email forwarding program that automatically sent a duplicate of any messages the stars received to his own account. So, even when the celebrities changed their passwords, he would know about it, officials said.

Chaney was arrested this week in Jacksonville on various hacking charges and faces up 121 years in prison if found guilty on all counts.

The arrest caps a yearlong FBI probe into celebrity hacking that has generated much interested in the Hollywood tabloid world. There were many theories about the identity of the hacker, with some speculating it was someone trying blackmail or embarrass the stars — or make money off the information.

But federal officials said Chaney appears to have acted alone and seemed to have no plans to contact the stars or sell his information.

FBI officials said the case underscores the changing nature of celebrity stalking in the computer age.

“The case brings us to a new word in expanding lexicon of cybercrime — ‘hackerrazzi,’ ” said Steven Martinez, assistant director in charge of the FBI’s Los Angeles field office. “We continue to receive complaints involving the targeting of high-profile figures.”

Find IT Security Pros or IT Security Companies at Managed.com

Website Vulnerability Scanner  website security

 

Facebook’s Timeline will be boon for hackers

Facebook’s new Timeline will make it even easier for criminals and others to mine the social network for personal information they can use to launch malicious attacks and steal passwords, a researcher said today.

Timeline, which Facebook unveiled yesterday at a developer conference and plans to roll out to users in a few weeks, summarizes important past events in a one-page display.

According to Facebook CEO Mark Zuckerberg, Timeline is “the story of your life,”

That has experts at U.K.-based Sophos concerned. Cybercriminals often unearth personal details from social networking sites to craft targeted attacks, noted Wisniewski, and Timeline will make their job simpler.

 

“Timeline makes it a heck of a lot easier [for attackers] to collect information on people,” said Chet Wisniewski, a Sophos security researcher. “It’s not that the data isn’t already there on Facebook, but it’s currently not in an easy-to-use format.”

“And Facebook encourages people to fill in the blanks [in the Timeline],” said Wisniewski, referring to the new tool’s prompting users to add details to sections that are blank.

Because people often use personal information to craft passwords or the security questions that some sites and services demand answered before passwords are changed, the more someone adds to Timeline, the more they put themselves at risk, said Wisniewski.

“Remember the hack of [former Alaska governor] Sarah Palin’s account?” asked Wisniewski. “That hacker found the answers to her security questions online.”

A former University of Tennessee student who bragged it took him just 45 minutes of research to reset Palin’s Yahoo Mail account password was convicted on multiple federal felony countslast year.

Hackers can also use what they find on Facebook and elsewhere to craft convincing emails that include malware or links to malicious sites, noted Wisniewski, even if the individual is not the target.

“It may be about the fact that you work for RSA [Security],” he said, referring to the emails sent to low-level employees at that firm earlier this year. Those emails, which included malware embedded in Excel spreadsheets , gave attackers a foothold on RSA’s network. The criminals then scoured RSA’s systems and stole confidential information about its popular SecurID authentication token technology.

Others, not strictly hackers, could use Timeline to quickly dig up dirt as well, said Wisniewski.

“Someone could use it to gather information to harass you, or someone at work competing for your job could use it,” he said.

“The more you put in there to make it complete — and we’ve been conditioned to finish forms — the easier it is for someone with ill intent to gather information about you,” said Wisniewski.

Although current Facebook privacy settings will apply to the Timeline — letting users decide who sees what — and the Timeline can be edited to remove an embarrassing past, Wisniewski was pessimistic about users’ decision making.

In an unscientific survey Sophos ran on its website today, nearly 50% agreed that the Facebook Timeline worried them, while about 17% said they liked the idea or would get used to it.

“Call us paranoid or prudent — we’re paid to worry about this — but for 99% of people, the danger doesn’t even cross their mind,” said Wisniewski. 

Wisniewski admitted that the poll probably doesn’t reflect most Facebook users’ opinions. “They’re doubly self-selected,” he acknowledged, “first for taking the survey and second because they’re concerned enough about security to go to our website.”

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , or subscribe toGregg’s RSS feed . His e-mail address is gkeizer@ix.netcom.com .

 

Homeless hacker ‘Commander X’ pleads not guilty [VIDEO]

by Graham Cluley on September 24, 2011 | Comments (1)

FILED UNDER: Featured, Law & order, Malware, Vulnerability

The FBI believes that the homeless man theyarrested on Thursday was “Commander X”, a member of the People’s Liberation Front (PLF) associated with Anonymous hacktivism.

47-year-old Christopher Doyon has entered a not guilty plea to charges of “conspiracy to cause intentional damage to a protected computer, causing intentional damage to a protected computer, and aiding and abetting”.

According to an indictment filed against Christopher Doyon and another man, Joshua John Covelli, the charges specifically relate to a denial-of-service attack against the servers of Santa Cruz County in December 2010, after the city put in place a law prohibiting camping inside the city.

The indictment gives Doyon the aliases “PLF”, “Commander Adama” (clearly a Battlestar Galactica fan) and “Commander X”. Covelli meanwhile is alleged to use the pseudonyms “Absolem” and “Toxic”. 26-year-old Covelli waspreviously named in connection with internet attacks on PayPal.

Someone calling themselves “Commander X” gave an interview to CBS News earlier this year, claiming responsibility for denial-of-service attacks by Anonymous.

 

According to a CBS News report, “Commander X” told their reporter that he had no fear about being caught:

"We're not going to turn ourselves in. They can come and get us is what I say. Bring it on. Until then, we run... We will remain free and at liberty and at large for as long as we can, and when the time comes that each and every one of us eventually will be brought to justice, we will hold our head high in any court of law and we will defend our actions."

Doyon is scheduled to appear on September 29th for a bail hearing.

Web 2.0 or a relabeling of the original intent?

Web 2.0 – Wikipedia, the free encyclopedia

Whether Web 2.0 is qualitatively different from prior web technologies has been challenged by World Wide Web inventor Tim Berners-Lee, who called the term a “piece of jargon”,[4] precisely because he intended the Web in his vision as “a collaborative medium, a place where we [could] all meet and read and write”. He called it the “Read/Write Web”.[5]

 

Find Managed Hosting Pros or Managed Hosting Providers at Managed.com

 

Mobile Interactive Group (MIG) this morning announced that it has acquired global mobile payments business Zaypay, a startup based in Amsterdam, The Netherlands. MIG says it will continue to operate Zaypay as a standalone business, but declined to disclose financial terms of the agreement, other than to reveal that it was an all-cash deal.

Zaypay enables third-party developers to process international micropayments through SMS, phone calls, in-app and other alternative payment methods. ZayPay was founded by Dutch entrepreneur Adriaan Mol (27) in 2006 and is currently operational in 44 countries.

 

 

 

• ZAYPAY.COM
• MOBILE INTERACTIVE GROUP

Company:
Zaypay.com

Website:
zaypay.com

Launch Date:
January 6, 2007

 

Zaypay offers gaming companies a unique portfolio of billing methods
including: premium sms, premium rate numbers and content
billing.

Using Zaypay avoids the complexity of dealing with different
mobile operators, technologies, and transaction management
methods. Merchants receive extensive financial and technical
data on their platform, leaving the hassle of processing,
checking and collecting to Zaypay.

With our innovative payment gateway, merchants can bill
customers worldwide directly on their mobile or fixed line
phone.

 

 

Learn more

 

Company:
Mobile Interactive Group

Website:
migcan.com

 

Mobile Interactive Group (MIG) is an integrated mobile and digital communications business. Comprising a unique combination of businesses, MIG specialist disciplines include mobile advertising, mobile marketing, mobile billing, mobile messaging, mobile technology and services provision, multi channel digital solutions, mobile internet publishing, experiential design and application development.

There are five companies within MIG, see products, and each has its own areas of expertise

 

Go to Managed.com Find IT Security Pros or IT Security Companies  

Your Car’s Next Enemy: Malware

The increasing sophistication and network connectivity of automotive electronics will leave cars vulnerable to malware, McAfee says.

By Thomas Claburn InformationWeek
September 08, 2011 09:55 AM

In the event you’re insufficiently concerned about protecting your five- or six-figure automobile investment from clueless drivers, your own driving habits, and car thieves, feel free to inflate your paranoia further with fears of automotive malware.

While it may be early still to worry about surreptitiously placed hardware or software that’s monitoring your in-vehicle handsfree calls or crashing code to crash your car, security companies are already preparing for the day that car buyers will opt for an automotive security plan.

Wednesday published a report on the potential security issues that carmakers and car owners will have to confront in the years ahead.

Citing a Frost and Sullivan estimate that cars will require some 200 million to 300 million lines of software code in the years to come, the report sees a rising level of risk.

“Caution: Malware Ahead” extrapolates from the work done by researchers at various universities on the vulnerabilities in automobile systems and concludes that the increasing amount of digital technology in vehicles will lead to security threats,

“The increasing feature set, interconnectedness with other embedded systems, and cellular networking or Internet connectivity can also introduce security flaws that may become exploitable,” the report states.

The report contemplates the possibility that cybercriminals may be able to remotely unlock, start, or disable cars via cellphone, track a driver’s location, steal data via Bluetooth, or disrupt navigation or communication systems.

The basis for these worries is largely academic research that demonstrates vulnerabilities in car systems, through there have been a few actual car-related security exploits of note.

For example, a disgruntled former employee of a Texas car dealership was reportedly able to gain access to the dealership’s remote vehicle immobilization system and misuse it to make customers’ car horns honk and also alter car lease records to give the vehicles to deceased rapper Tupac Shakur.

While such concerns may take a backseat to more immediate automotive worries–like those who text and drive at the same time–they shouldn’t be dismissed as industry fear-mongering, at least not entirely.

“Many examples of research-based hacks show the potential threats and depth of compromise that expose the consumer,” said McAfee SVP and general manager Stuart McClure in a statement. “It’s one thing to have your email or laptop compromised but having your car hacked could translate to dire risks to your personal safety.”

– a new way to protect your business.mp4- A Short Video

 

Find IT Security Pros or IT Security Companies at Managed.com

Globally myocardinate principle-centered paradigms whereas proactive methods of empowerment. Appropriately facilitate next-generation products through resource maximizing best practices. Authoritatively evolve alternative value vis-a-vis just in time e-business. Efficiently maximize team.

 

Go to Managed.com Find IT Security Pros or IT Security Companies  

A new IT hero – A Short Video

 

Find IT Security Pros or IT Security Companies at Managed.com

Continually conceptualize just in time partnerships whereas robust networks. Continually conceptualize efficient quality vectors vis-a-vis low-risk high-yield applications. Compellingly restore holistic interfaces whereas sticky ideas. Assertively embrace unique niches without.

 

Go to Managed.com Find IT Security Pros or IT Security Companies  

– A Short Video

 

Find IT Security Pros or IT Security Companies at Managed.com

Objectively integrate high-quality human capital rather than professional initiatives. Compellingly exploit quality paradigms vis-a-vis cross-media initiatives. Intrinsicly engineer interactive synergy without top-line services. Progressively communicate low-risk high-yield e-business with high-payoff.

 

Go to Managed.com Find IT Security Pros or IT Security Companies  

Got cloud security.mp4 – A Short Video

 

Find IT Security Pros or IT Security Companies at Managed.com

Competently matrix functional e-business via emerging leadership. Holisticly synergize resource maximizing strategic theme areas without magnetic e-commerce. Monotonectally disseminate high standards in methods of empowerment before client-based outsourcing. Objectively enable.

 

Go to Managed.com Find IT Security Pros or IT Security Companies