http://www.databreaches.net/?p=7087
Hacker Gonzalez Pleads Guilty to 20 Charges
September 11, 2009 by admin Filed under Hack, Of Note
Grant Gross of IDG News Service reports:
Hacker Albert Gonzalez, accused of masterminding the massive data thefts at BJ’s Wholesale Club, TJX and several other retailers, has pleaded guilty to 19 charges related to computer hacking and credit card fraud, the U.S. Department of Justice said.
Gonzalez, 28, of Miami, was a member of a group of hackers that stole more than 40 million credit and debit card numbers from TJX, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority, the DOJ said. He pleaded guilty Friday to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft in U.S. District Court for the District of Massachusetts.
Read more on PC World.
The press release from the Department of Justice:
[I'll skip the 'patting-myself-on-the-back' parts Bob]
According to the indictments to which Gonzalez pleaded guilty, he and his co-conspirators broke into retail credit card payment systems through a series of sophisticated techniques, including “wardriving” and installation of sniffer programs to capture credit and debit card numbers used at these retail stores. Wardriving involves driving around in a car with a laptop computer looking for accessible wireless computer networks of retailers. Using these techniques, Gonzalez and his co-conspirators were able to steal more than 40 million credit and debit card numbers from retailers. Also according to the indictments, Gonzalez and his co-conspirators sold the numbers to others for their fraudulent use and engaged in ATM fraud by encoding the data on the magnetic stripes of blank cards and withdrawing tens of thousands of dollars at a time from ATMs. According to the indictments, Gonzalez and his co-conspirators concealed and laundered their fraud proceeds by using anonymous Internet-based currencies both within the United States and abroad, and by channeling funds through bank accounts in Eastern Europe.
Based on the terms of the Boston plea agreement, Gonzalez faces a minimum of 15 years and a maximum of 25 years in prison. Based on the New York plea agreement, Gonzalez faces up to 20 years in prison, which the parties have agreed should run concurrently. He also faces a fine of up to twice the pecuniary gain, twice the victims’ pecuniary loss or $250,000, whichever is greatest, per count for the Boston case and a maximum fine of $250,000 for the New York case. Gonzalez also agreed to an order of restitution for the loss suffered by his victims, and forfeiture of more than $2.7 million as well as multiple items of real estate and personal property, including a condo in Miami, a 2006 BMW 330i, a Tiffany diamond ring and Rolex watches. Included in the forfeited currency is more than $1 million in cash, which Gonzalez had buried in a container in his backyard. [What? He didn't trust the banks? Can't imagine why... Bob] Sentencing is scheduled for Dec. 8, 2009.
Gonzalez remains under indictment for charges brought in August 2009 by the U.S. Attorney’s Office for the District of New Jersey of conspiring to hack into computer networks supporting major U.S. retail and financial organizations and steal credit and debit card numbers from those entities. Among the corporate victims named in that indictment are Heartland Payment Systems, a New Jersey-based card payment processor; 7-Eleven Inc., a Texas-based nationwide convenience store chain; and Hannaford Brothers Co. Inc., a Maine-based supermarket chain. Charges in that case remain pending.
If you take this posture, you had better be right...
http://www.databreaches.net/?p=7095
RBS WorldPay downplays database hack reports
September 11, 2009 by admin Filed under Breach Incidents, Financial Sector, Hack, Non-U.S.
John Leyden reports:
RBS WorldPay and a hacker are at loggerheads over the seriousness of a supposed breach on websites run by the payment processing firm.
Security shortcomings - since blocked - on RBS WorldPay website exposed confidential information, including admin passwords and the contact details of partners, according to blog posts by Romanian hacker Unu.
The grey-hat hacker previously exposed similar problems on the websites of the UK parliament and HSBC France, among many others. As before he published screenshots to back up his latest claims.
[...]
In a statement issued on Friday afternoon, RBS WorldPay said that a security audit has established that access to either merchants or cardholder accounts was not possible via any of the reported vulnerabilities.
Read more on The Register.
(Related) Much better! A true “We care about our customers” approach. This tack leaves you plenty of wiggle room. You can always use the “previously unknown vulnerability” card later, if needed.
http://www.databreaches.net/?p=7093
Hilton Grand Vacations uncertain whether customer data was viewed or compromised
September 11, 2009 by admin Filed under Breach Incidents, Business Sector
On September 3, Hilton Grand Vacations notified (pdf) the New Hampshire Attorney General’s Office that they
… recently became aware that certain information submitted to Hilton Grand Vacations as part of credit applications or Vacation Introduction Program purchases may have been viewed by an unauthorized person. Although we do not know for certain, it is possible that name, social security number, and date of birth may have been viewed and possibly compromised. It appears that unauthorized access to this information could have begun as early as February 2009.
The company said that it would be notifying 2,304 individuals, 7 of whom are New Hampshire residents. Those notified were offered free credit monitoring services.
Doesn't the White House have a FriendFeed account? Perhaps now you could really nuke your enemies...
http://www.techcrunch.com/2009/09/11/a-nice-little-friendfeed-bug-impersonate-anyone/
A Nice Big FriendFeed Bug: Impersonate Anyone!
by MG Siegler on September 11, 2009
This should be interesting. The Judge here is the one who excoriated lawyers for the Dept of Interior on several occasions for lame arguments and a poor understanding of the facts & technology.
http://www.wired.com/threatlevel/2009/09/classified-material
Attorneys Can See Classified Info in Coffee Table Spy Suit
By Kim Zetter Email Author September 11, 2009 3:28 pm
A federal judge in Washington has ordered the government to grant security clearances to lawyers on both sides of a lawsuit claiming illegal spying against a DEA agent, in a ruling that challenges the government’s long-held claim that the executive branch alone has the authority to determine who can access classified material.
The attorneys in the case, which was noted by Secrecy News, need the security clearances to obtain classified knowledge held by their clients so they can adequately argue the lawsuit, the judge said, in an August 26 ruling supported by attorneys on both sides of the lawsuit, but bitterly opposed by the government.
… Judge Lamberth was, until 2002, presiding judge for the Foreign Intelligence Surveillance Court, which is responsible for approving government requests for wiretaps and other types of surveillance in the U.S. in cases involving foreign intelligence.
(Related) and timely?
http://yro.slashdot.org/story/09/09/12/1123204/A-History-of-Wiretapping?from=rss
A History of Wiretapping
Posted by Soulskill on Saturday September 12, @09:16AM from the i-blame-the-telegraph dept.
ChelleChelle writes
"Wiretapping technology has grown increasingly sophisticated since the police first began to utilize it as a surveillance tool in the 1890s. What once entailed simply putting clips on wires has now evolved into building wiretapping capabilities directly into communications infrastructures (at the government's behest). In a modern society, where surveillance is often touted as a way of ensuring our safety, it is important to take into consideration the risks to our privacy and security that electronic eavesdropping presents. In this article, Whitfield Diffie and Susan Landau examine these issues, attempting to answer the important question: does wiretapping actually make us more secure?"
Is there an ethical consideration? Hardware is often treated as licensed (a la software) rather than sold, with manufacturers suing if users (not owners?) attempt to make changes (hack their cellphones, for example) While recovering your PhD Dissertation on a laptop might be important to you, to the manufacturer, it is a waste of time and resources.
Tracking Stolen Gadgets — Manufacturers' New Dilemma
Posted by Soulskill on Friday September 11, @09:59PM from the big-brother-is-on-call dept.
heptapod sends in a story from the NY Times about a growing problem for the makers of high-tech gadgets: deciding when and how it's appropriate to track a stolen device. With the advent of ubiquitous GPS and connections to services like the Kindle book store, the companies frequently have a way to either narrow down a user's location or impede use of the device. But some, like Amazon, are drawing a hard line when it comes to establishing that the device was actually stolen.
"Samuel Borgese, for instance, is still irate about the response from Amazon when he recently lost his Kindle. After leaving it on a plane, he canceled his account so that nobody could charge books to his credit card. Then he asked Amazon to put the serial number of his wayward device on a kind of do-not-register list that would render it inoperable — to 'brick it' in tech speak. Amazon's policy is that it will help locate a missing Kindle only if the company is contacted by a police officer bearing a subpoena. Mr. Borgese, who lives in Manhattan, questions whether hunting down a $300 e-book reader would rank as a priority for the New York Police Department."
Encouraging. The White House admits it doesn't always get it right the first time.
http://www.bespacific.com/mt/archives/022296.html
September 11, 2009
Opposition to Single Financial Risk Regulator Sways White House
WSJ: "The White House's top economic adviser, facing stiff opposition in Congress to giving the Federal Reserve more power, suggested Friday that other federal regulators could join the central bank in regulating systemic risk to the nation's financial system."
Free is good! New and Improved free is even better!!
http://news.cnet.com/8301-1001_3-10350967-92.html?part=rss&subj=news&tag=2547-1_3-0-20
IBM offers Lotus with extra widgets
by Tom Espiner September 11, 2009 1:13 PM PDT
IBM on Friday announced a new version of its Lotus Symphony office suite, with extra features aimed at Microsoft Office users, as part of the "ferocious competition" the company says it is in with Microsoft. At the same time, the company said it is phasing out Microsoft Office internally wherever possible.
"Users can easily drag and drop widgets directly into Lotus Symphony, distinguishing it from static office productivity tools such as Microsoft Word," said IBM in a statement.
… Symphony now integrates with Google Gadgets, Lotus Sametime, Lotus Quickr, Lotus Connections, Microsoft SharePoint, and MSN, all via widgets.
The new IBM widgets include a Team Marketplace widget that allows teams to work collaboratively on IBM and Microsoft documents; a chart-share widget; and a Symphony-to-wiki widget...
I wonder if they Googled to find all of the articles?
http://www.bespacific.com/mt/archives/022293.html
September 11, 2009
Summary of opposition and support for Google Books Project
Via Out of the Jungle, insightful commentary and content from a fee based Chronicle of Higher Education article, Choosing Up Sides to Hate or Love the Google Books Deal: "...And—this is what intrigues me the most—how will Judge Chin decide what role the federal courts can and should play in the creation and oversight of what almost everyone agrees will be a digital library the likes of which we have never seen before? Will he agree with Marybeth Peters, the U.S. Register of Copyrights, who told a late-to-the-game House Judiciary Committee hearing on Thursday that the settlement "inappropriately creates something similar to a compulsory license for works, unfairly alters the property interests of millions of rights holders of out-of-print works without any Congressional oversight, and has the capacity to create diplomatic stress for the United States" because of other countries' objections? (I wonder what the judge will make of the suggestion that Congress has a role to play here.)"
Related postings on Google Book Search
[From the I-School link:
"This is likely to be the last library," said School of Information adjunct professor Geoffrey Nunberg. Google's massive head start in scanning the books, and the costs involved in such work, mean it's likely that no one else will ever try to duplicate its effort, Nunberg contended — "hence the urgency of [the] questions."
Google has already scanned more than 7 million books held in private and university libraries, including many of UC's, with the intent of making them available online. An estimated two-thirds are out of print but still in copyright, and many fall into a category called "orphan books" because the copyright holder cannot be identified.
For my Security class (my Hackers already knew this) Note that the research was done in China, where the state has at least a full division of hackers.
http://www.newscientist.com/article/mg20327255.900-how-to-shortcircuit-the-us-power-grid.html
How to short-circuit the US power grid
11 September 2009 by Paul Marks Magazine issue 2725.
PREDICTING how rumours and epidemics percolate through populations, or how traffic jams spread through city streets, are network analyst Jian-Wei Wang's bread and butter. But his latest findings are likely to spark worries in the US: he's worked out how attackers could cause a cascade of network failures in the US's west-coast electricity grid - cutting power to economic powerhouses Silicon Valley and Hollywood. [Hollywood? Bob]
Wang and colleagues at Dalian University of Technology in the Chinese province of Liaoning modelled the US's west-coast grid using publicly available data on how it, and its subnetworks, are connected (Safety Science, DOI: 10.1016/j.ssci.2009.02.002).
Tools & Techniques 'Cause you never know when you might need one...
Microsoft Word Templates
A comprehensive collection of Microsoft Word Templates, Resources and Tips
For my Computer Forensics students (and for e-Discovery?)
http://html-to-pdf-converter.com/
HTML to PDF Converter
Tools & Techniques For my hackers, to keep track of their ill-gotten gains. (Okay, it's really for my Small Business Management students.)
http://www.makeuseof.com/tag/tas-free-easy-to-use-financial-accounting-software/
TAS – Free Easy To Use Financial Accounting Software
Sep. 11th, 2009 By Dean Sherwin
… This is aimed at self-employed people, small businesses and start-ups. It’s incredibly easy to use. And when I say ‘easy’ I mean animated instructions, pictures and tutorials that will still result in professional-looking accounts ready to be filed away.
Firstly, download TAS Books basic for free here.