Karl's Weird News

An alarmed Iran asks for outside help to stop rampaging Stuxnet malworm

Tehran this week secretly appealed to a number of computer security experts in West and East Europe with offers of handsome fees for consultations on ways to exorcize the Stuxnet worm spreading havoc through the computer networks and administrative software of its most important industrial complexes and military command centers.

debkafile’s intelligence and Iranian sources report Iran turned for outside help after local computer experts failed to remove the destructive virus.

None of the foreign experts has so far come forward because Tehran refuses to provide precise information on the sensitive centers and systems under attack and give the visiting specialists the locations where they would need to work.

They were not told whether they would be called on to work outside Tehran or given access to affected sites to study how they function and how the malworm managed to disable them.

Iran also refuses to give out data on the changes its engineers have made to imported SCADA (Supervisory Control and Data Acquisition) systems, mostly from Germany.

The impression debkafile sources gained Wednesday, Sept. 29 from talking to European computer experts approached for aid was that the Iranians are getting desperate.

Not only have their own attempts to defeat the invading worm failed, but they made matters worse: The malworm became more aggressive and returned to the attack on parts of the systems damaged in the initial attack.

Stuxnet malware is ‘weapon’ out to destroy … Iran’s Bushehr nuclear plant?

Cyber security experts say they have identified the world’s first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.

The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown.

Some top cyber security experts now say Stuxnet’s arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.

At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran’s Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat.

Police nab porn hacker behind Moscow traffic mayhem

Russian police said on Tuesday they had arrested a prankster who hacked into a computer system to show a pornographic movie on a giant advertising screen, causing havoc on a busy Moscow thoroughfare.

The two-minute clip, displayed on a video screen above a main road south of the Kremlin, caused midnight traffic jams and a frenzy of excitement across the Russian blogosphere.

Police said the hacker gained control of the screen by breaking into an online company’s server in the volatile southern region of Chechnya as “he didn’t think the police would go looking for him there.”

“(The hacker) is a highly-educated, temporarily unemployed and extremely advanced Internet user,” police said.

“The scandalous film was the talk of the town.”

The 40-year-old man said he wanted to “give people a laugh,” the popular daily Kommersant reported.

Rossiya-24 television said an elderly motorist suffered a heart attack at the wheel after seeing the scenes.

Pro-porn protesters target government websites

An internet protest group has launched an attack on Government websites in a protest against the proposed internet filter and censorship of some pornography.

The attack, dubbed Operation Titstorm by the group known as Anonymous, brought down a number of Government websites this morning, with the Parliament House site remaining offline well into the afternoon.

Anonymous claimed the attack was to highlight moves by the Government to ban the import of films featuring female ejaculation (which was classified as urination) as well as films featuring small-breasted women, over fears such films were simulating child pornography.

“More importantly, Anonymous does not approve of the steps already undertaken by the Australian Government to control what their populous [sic] sees,” the statement said

“Claiming to be cracking down on ’simulated child pornography,’ many depictions of women with small breasts in pornography have been banned,” the group said in a statement.

Hackers target friends of Google workers:

Personal friends of employees at Google, Adobe and other companies were targeted by hackers in a string of recently disclosed cyberattacks, raising privacy concerns and pointing to a highly sophisticated operation, security experts said.

Cybersecurity experts analysing the attacks said the hackers spied on individuals and used other sophisticated techniques, making them extremely difficult to stop. The disclosures come amid renewed alarm over cybersecurity after Google said it had been the target of a series of cyberattacks from China.

The most significant discovery is that the attackers had selected employees at the companies with access to proprietary data, then learnt who their friends were. The hackers compromised the social network accounts of those friends, hoping to enhance the probability that their final targets would click on the links they sent.

Secret mobile phone code cracked:

Computer hackers this week said they had cracked and published the secret code that protects 80 per cent of the world’s mobile phones. The move will leave more than 3bn people vulnerable to having their calls intercepted, and could force mobile phone operators into a costly upgrade of their networks.

Karsten Nohl, a German encryption expert, said he had organised the hack to demonstrate the weaknesses of the security measures protecting the global system for mobile communication (GSM) and to push mobile operators to improve their systems.

“This shows that existing GSM security is inadequate,” Mr Nohl told an audience of about 600 people at the Chaos Communication Congress in Berlin, a four-day conference of computer hackers.

“We have given up hope that network operators will move to improve security on their own, but we are hoping that with this added attention, there will be increased demand from customers for them to do this,” he told the Financial Times.

Climate sceptics claim leaked emails are evidence of collusion among scientists | Environment | guardian.co.uk:

Hundreds of private emails and documents allegedly exchanged between some of the world’s leading climate scientists over the past 13 years have been stolen by hackers and leaked online.

The computer files were apparently accessed earlier this week from servers at the University of East Anglia’s Climate Research Unit, a world-renowned centre focused on the study of natural and anthropogenic climate change. Climate change sceptics who have studied the emails allege that they provide “smoking gun” evidence that some of the climatologists colluded in manipulating data to support the widely held view among the world’s climatologists that climate change is real and is being largely caused by the actions of mankind.

So far the veracity of the emails has not been confirmed and the scientists involved have declined to comment on the story which broke on a blog called The Air Vent. The files, which in total amount to 61Mb of data, were first uploaded onto a Russian server, before being widely mirrored across the internet.

The emails were accompanied by the anonymous statement, “We feel that climate science is, in the current situation, too important to be kept under wraps. We hereby release a random selection of correspondence, code, and documents. Hopefully it will give some insight into the science and the people behind it.”

A spokesperson for the University of East Anglia said: “We are aware that information from a server used for research information in one area of the university has been made available on public websites. Because of the volume of this information we cannot currently confirm that all of this material is genuine. This information has been obtained and published without our permission and we took immediate action to remove the server in question from operation. We are undertaking a thorough internal investigation and we have involved the police in this enquiry.”

Social Security Numbering System Is Vulnerable to Fraud, Researchers Say

The nation’s Social Security numbering system has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual’s date and location of birth.

The findings, published Monday in The Proceedings of the National Academy of Sciences, are further evidence that privacy safeguards created in the era before powerful computers and ubiquitous networks are increasingly failing, setting up an “architecture of vulnerability” around personal digital information, the researchers said.

The researchers, Alessandro Acquisti, an associate professor of information technology and public policy, and Ralph Gross, a postdoctoral researcher, noted that there was a range of implications from the research, including that it was now possible to routinely reconstruct sensitive personal information from the type of online postings frequently found on social networking sites and other public sources.

Hacker named to Homeland Security Advisory Council

Jeff Moss, founder of the Black Hat and Defcon hacker and security conferences, was among 16 people sworn in on Friday to the Homeland Security Advisory Council.

The HSAC members will provide recommendations and advice directly to Secretary of Homeland Security Janet Napolitano.

Moss’ background as a computer hacker (aka “Dark Tangent”) and role as a luminary among young hackers who flock to Defcon in Las Vegas every summer might seem to make him an odd choice to swear allegiance to the government. (Although before running his computer conferences, Moss also worked in the information system security division at Ernst & Young.)

 I’d like to hear some of the banter as he rubs elbows with the likes of former CIA (Bill Webster) and FBI directors (Louis Freeh), Los Angeles County sheriff, Miami mayor, New York police commissioner, governors of Maryland and Georgia, former Colorado Sen. Gary Hart, and the president of the Navajo Nation.

In an interview late on Friday, Moss, who is 39, said he was surprised when he got the call and was asked to join the group.

“I know there is a newfound emphasis on cybersecurity and they’re looking to diversify the members and to have alternative viewpoints,” he said.

“I think they needed a skeptical outsider’s view because that has been missing.”

Sweden’s Pirate Party captures Euro seat

Sweden’s Pirate Party, striking a chord with voters who want more free content on the Internet, won a seat in the European Parliament, early results showed on Sunday.

The Pirate Party captured 7.1 percent of votes in Sweden in the Europe-wide ballot, enough to give it a single seat.

The party wants to deregulate copyright, abolish the patent system and reduce surveillance on the Internet. “This is fantastic!” Christian Engstrom, the party’s top candidate, told Reuters.

“This shows that there are a lot of people who think that personal integrity is important and that it matters that we deal with the Internet and the new information society in the right way.”

Previously an obscure group of single-issue activists, the party enjoyed a jump in popularity after the conviction in April of four men behind The Pirate Bay, one of the world’s biggest free file-sharing website.

Space: U.S. Navy Satellites Hijacked:

Brazil and the U.S. have been arresting people who have been illegally using obsolete, but still functioning, U.S. Navy FLTSATCOM communications satellites. The FLTSATCOM (Fleet Satellite Communications System) were eight communications satellites launched between 1978-89. Two of the launches failed, and FLTSATCOM was replaced by the UFO in the 1990s.

Although the FLTSATCOM birds were built to last for seven years, two of them are still operational twenty years later. As the navy stopped using FLTSATCOM in the late 1990s (shifting over to the more efficient UFO satellites), ham radio users in Brazil discovered that the FLTSATCOM satellites had no security on them. If you knew the frequency and had a satellite dish, you could send a signal to the FLTSATCOM satellite, that would then automatically be rebroadcast by the satellite over a wide area below.

While the navy sent encrypted messages (which sound like static, for anyone picking it up below on ham radio gear), the Brazilians found that they could simply use FLTSATCOM to communicate over a wide area (the interior of the country) that lacked telephones. FLTSATCOM birds had multiple transponders, making several simultaneous conversations possible. There was no security because, back in the 1970s, the remote possibility of homemade satellite dishes using FLTSATCOM, did not seem to warrant the additional hassle of adding passwords to transmit from the satellites.

Conficker begins stealthy update:

The Conficker worm has started to update infected machines with a mystery package of data.

Computer security firms watching the malicious program noticed that it sprang into life late on 8 April. The activity on its update system delivered encrypted software to compromised machines. It is not yet clear what the payload contains.

The Conficker virus variants are thought to be present on millions of PCs around the world.

U.S. electrical grid penetrated by spies:

Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, the Wall Street Journal reported on Wednesday.

The spies came from China, Russia and other countries, and were believed to be on a mission to navigate the U.S. electrical system and its controls, the newspaper said, citing current and former U.S. national security officials.

The intruders have not sought to damage the power grid or other key infrastructure but officials said they could try during a crisis or war, the paper said in a report on its website.

FBI Investigating ‘X-Men Origins: Wolverine’ Leak

“X-Men Origins: Wolverine” isn’t due in theaters until next month, but the prequel has already hacked its way online.

A high-quality, full-length work print of the 20th Century Fox film, which is set for release May 1, appeared online Tuesday. The film focuses on the beginnings of Hugh Jackman’s clawed Marvel superhero Wolverine.

Fox said in a statement Wednesday the version of the film posted online was not complete and vowed that the source would be prosecuted. It said the FBI is investigating.

Spam Volumes Drop by Two-Thirds After Firm Goes Offline

The volume of junk e-mail sent worldwide plummeted on Tuesday after a Web hosting firm identified by the computer security community as a major host of organizations engaged in spam activity was taken offline. (Note: A link to the full story on McColo’s demise is available here.) scmc.jpg Experts say the precipitous drop-off in spam comes from Internet providers unplugging McColo Corp., a hosting provider in Northern California that was the home base for machines responsible for coordinating the sending of roughly 75 percent of all spam each day.

Palin?s E-Mail Account Hacked, Published on Web Site 

In the latest of a series of invasions into Sarah Palin?s personal life, hackers have broken into the Republican vice presidential candidate?s private e-mail account, and a widely read Web site has published screen grabs from it.

An article Wednesday in Gawker.com posts family photos and snapshots of e-mail exchanges the Alaska governor had with colleagues. Gawker says the-email account has since been shut down, but it will leave the images up on its site for all to see.

Report: Hackers Break Into ‘Big Bang Machine’ Computer Network

Hackers have broken into one of the computer networks of the Large Hadron Collider (LHC). A group calling itself the Greek Security Team left a rogue Web site describing the technicians responsible for computer security at the giant atom smasher as ?schoolkids? ? but reassuring scientists that they did not want to disrupt the experiment. The hackers gained access to a Web site open to other scientists on Wednesday as the LHC passed its first test, sending its protons off on their dizzying journey through time and space, close to the speed of light.

Shoot the Piano Player

IT seemed almost too good to be true, and in the end it was. A conscientious pianist who had enjoyed an active if undistinguished career in London falls ill and retreats to a small town. Here she undertakes a project to record virtually the entire standard classical repertoire. Her recordings, CDs made when she was in her late 60s and 70s, are staggering, showing a masterful technique, a preternatural ability to adapt to different styles and a depth of musical insight hardly seen elsewhere.
…
Now it has become brutally clear that “passing along” is exactly what she was up to. Earlier this month, a reader of the British music magazine Gramophone told one of its critics, Jeremy Distler, that something odd happened when he slid Ms. Hatto’s CD of Liszt’s “Transcendental Études” into his computer. His iTunes library, linked to a catalogue of about four million CDs, immediately identified it as a recording by the Hungarian pianist Laszlo Simon. Mr. Distler then listened to both recordings, and found them identical.

Fake terror message goes out to Connex customers

Thousands of Melbourne commuters were last night sent a chilling SMS from Connex telling them that ticket inspectors loved killing people and would help bomb a train.

Connex says it will prosecute those who hacked into its computer system and texted the message. The rail operator was swamped by calls from subscribers to its SMS which usually informs them when trains are cancelled or delayed. They were surprised to get the message: “ALLAHU AKBR FROM CONNEX!” which flashed across their phone screens about 9.45pm.

Ex-judge Kline gets prison:

Police caught onto Kline after a Canadian computer whiz hacked into the judge’s Irvine home computer and discovered sexually explicit images of young boys and a diary that revealed Kline’s fantasies involving young boys. A subsequent search of his court computer revealed more images and more Web sites. Brad Willman, the Canadian hacker, forwarded the information to an anti-pedophile watchdog group, which then sent the information to Irvine police detectives.

Hackers Attack Key Net Traffic Computers

 Hackers briefly overwhelmed at least three of the 13 computers that help manage global computer traffic Tuesday in one of the most significant attacks against the Internet since 2002.

Experts said the unusually powerful attacks lasted as long as 12 hours but passed largely unnoticed by most computer users, a testament to the resiliency of the Internet. Behind the scenes, computer scientists worldwide raced to cope with enormous volumes of data that threatened to saturate some of the Internet’s most vital pipelines.

Hacker Cracks High-Def DVD Encryption System:

The movie industry may rue the day it challenged hackers to break its new encryption system for high-def DVDs, claiming it was bulletproof. The day after Christmas, a hacker known only as Muslix64 posted a hack to a Doom 9 forum that appears to shoot holes in their claim. The hack consists of a program, BackupHDDVD, and a set of encryption keys that would allow users to decrypt, and thus copy, high-definition movies protected by the Advanced Access Content System (AACS), such as Full Metal Jacket, The Last Samurai, and The Fugitive.

You can find his video announcement on YouTube.

Source code and executable can be found here.