Hack The Planet

This is quite possibly one of the funniest things I have seen in a while. The sad part is that it is an accurate portrayal of so many companies.

[youtube=http://www.youtube.com/watch?v=VjfaCoA2sQk]

When Google came out and said they had been hacked and that they had found that the hacks originated in China it seemed that all they could find was one compromised machine in Taiwan. Now with help from the NSA they have traced the attacks back to IP’s originating from two schools, Shanghai Jiaotong University and the Lanxiang Vocational School in China.

The evidence still doesn’t show who actually did the hacking, or if it even originated in China. Another country could even be using the school as a gateway to perform the attacks knowing that relations between China and America are strained. Of course, the fact that the US did so poorly in a recently simulated cyber attack doesn’t help matters either.

Then again, a school that Peng Yinan, one of the most prolific Chinese hackers, teaches at from time to time is a pretty likely candidate for an attack to come out of. It will be interesting to see if they can find any other evidence besides an IP.

A wily hacker in Russia thought it would be good fun to place a pornographic movie on the big screen along the city’s Garden Ring Road for any driver that needed a lesson in the Birds and the Bees to see. He was later arrested but explained his actions by stating he “originally wanted to stream the video on a commercial screen of a shopping mall in Moscow”, and didn’t imagine that “thousands of people would see the porn flick in the center of the city”.

Recently, Brian Krebs, has been posting a lot about companies losing money to hackers who have money mules transferring stolen funds all over the globe (mostly to Eastern Europe it seems). The hack is pretty simple. A user with a vulnerable endpoint gets hit with the Zeus Trojan or a variant by viewing a compromised site. The endpoint can then pass on the infection to other endpoints on the network. Once it infects an endpoint that accesses the companies bank accounts the fun begins. The hackers setup many sub $10,000 dollar transfers to the mule accounts and then have the mules wire them the money.

Recently one infected machine at a Michigan Insurance firm cost them $150,000. That is a lot of money to lose (they are working with their bank to recover it but that usually only ends poorly) for not having an up to date machine. One bad hack can make you realize that a good security setup is much cheaper in the long run.

The second part of the story that I found interesting is that the bank would use “two factor” authentication by having the customer enter their user name and password, and then answer a security question. The President of the Insurance firm says “They had some very detailed information. [The thieves] knew our patterns, they knew our passwords, my mother’s middle name, favorite sports team. And this is all information I don’t even have written down anywhere.” So what he is saying is that it is impossible to find out his mother’s middle name online doing a quick search? Or that he hasn’t worn a jersey of his favorite sports team in some picture that has been tagged with his name on facebook? And that is assuming that the hackers even entered that information. The bank says they see someone enter it but it could be from a compromised machine with someone legitimately logging in and the hackers are just piggy backing.

Hackers don’t play these elaborate bank heists that require years of training and some elite knowledge that only they possess. They just wait until some lazy user goes to a compromised web site and gets infected with their Trojan. Then it is game, set and match.

The Login Helper site has put out a great flow chart to help users determine if an email is risky to open or not. The nice part about this flow chart is that it is easy enough for anyone to follow.

We are in a new era of humanity where everything you do is being taped, recorded and broadcast for the world to see. Who is doing this? Is it some secret government cabal? Some clan of hackers so elite that they can capture your every movement? No, sadly it is just you and your computer.

I fought the Facebook battle for a long time. I finally succumbed to the madness to build up possible references and contacts for my career. It wasn’t long before everyone and their grandmother had requested to make me their friend even though I may not have known them personally or hadn’t spoken to them in over a decade. All of these people are opening up their lives and their families to me, and even to my “friends”. They aren’t concerned with this. Only 1 in 3 Facebook users even reviewed the changes to the privacy settings that Facebook pushed out. Only 1 in 3 people cared enough about their privacy to make sure that the entire (internet connected) world didn’t have full access to their lives. 1984 isn’t going to happen, it has and we have let it.

To me privacy and anonymity go hand in hand. Recently Bruce Schneier posted an article about anonymity on the internet and how certain people in the government are trying to abolish this by forcing every user everywhere to authenticate when they access the web. This is supposed to stop hackers and criminals from participating in the online world. The first commenter said it best “If you outlaw anonymity on the Internet, only outlaws will have anonymity on the Internet.”