Jailed Hackers, ICS Honeypots, and Krebs SWATing
Currently, I’m attending a security expo in Helsinki, Finland, so I had to produce this week’s episode quickly, while on the road. Nonetheless, it’s still been a busy security week so far, and there’s a lot of InfoSec news to cover
Today’s episode includes two unrelated stories that share a cyber-law theme, some interesting research about an ICS/SCADA honeypot that attracted a lot of attention from nation-state cyber attackers, and a story about a popular security journalist being targeted by a SWAT attack. Watch the video below for the full scoop, and check out the Reference section below if you’d like more details (and links to some extra InfoSec stories I didn’t have time to cover).
(Episode Runtime: 9:46)
Direct YouTube Link: http://www.youtube.com/watch?v=Lvv-KgcsI0w
Episode References:
- Weev sentenced to 41 months in prison for AT&T/iPad hack – The Register
- Greyhat “researcher” illegally infects victims for research project (carna) – The Register
- Kreb’s blog post on his SWAT attack – Krebs on Security
- Trend Micro’s ICS/SCADA honeypot research – Trend Micro
- High-profile Microsoft employee Xbox Live accounts hijacked – The Verge
- Vulnerability in EA’s Origin service can allow attackers to install malware – Threat Post
- Extras:
- Another iOS lock screen flaw, despite the recent fix – Mac Rumors
- Ignorant U.S. Congress man believes in extreme strikeback – Techdirt
- NATO report is ok with killing certain hackers – Gizmodo
- Cisco IOS device password encryption weakness – WGSC
- Hacks against South Korean broadcast and bank sites – ReadWrite.com
- Adware “trojan” affects OS X (some say it’s only badware) – CRN
- Breaking News: Apple’s password reset mechanism suffers a major flaw – The Next Web
— Corey Nachreiner, CISSP (@SecAdept)
1. Cinematograph showed us “hard-hacking private life” in 1995, in “Hackers” movie with Angelina Jolie and Jonny Lee Miller. But it was just a movie. But than it comes to SWATing in real life – it simply may lead to things like stuttering, heart attack or something like, as a “hacked” person – not always “tough guy”. Glad that nothing real bad happened with Brian Krebs.
2. Unbelievable results the author of Carna botnet has got. Considered to be obvious, that default password should be changed at a first configuration page/script; no doubt that Internet users are become smarter, and getting smarter from year to year. But than 420 000 Linux (!) devices, connected to Internet not by ordinary housewifes (presumed by IT-guys), can be taken under control with admin/admin root/root password guessing script – I do not know what to say…
Yeah, being the victim of SWATing could certainly freak most ppl out. I’m sure if the police ever knocked at my door, expecting that something was going down, I’d probably be a little nervous about the experience. That said, it sounded like Krebs was prepared for the potentiality of SWATing. I think I read that he’d called the police long ago, and warned them to expect that sort of thing due to his reporting. So this incident could have been worse if he hadn’t warned them.
Yeah. It is flabbergasting how many devices this greyhat researcher was able to hijack due to simple silly settings. If people just did basic security best practices they’d avoid many problems.
I really love your website.. Very nice colors & theme.
Did you build this site yourself? Please reply back as I’m looking to create my own site and would like to learn where you got this from or exactly what the theme is called. Many thanks!
I am extremely impressed with your writing skills as well as with the layout on your weblog.
Is this a paid theme or did you modify it yourself? Anyway keep up the excellent quality writing,
it’s rare to see a great blog like this one these days.
Hey there! I’ve been following your web site
for a long time now and finally got the courage to go ahead and give you a shout out from Austin Texas!
Just wanted to mention keep up the good work!
I was recommended this website by my cousin. I’m not sure
whether this post is written by him as no one else know such detailed about my trouble.
You are incredible! Thanks!