Some hackers use software and hardware to express themselves creatively—either solving entirely novel technical challenges or finding new ways to skin the same old cats. Others are motivated by money, power, politics, or pure mischief. They steal identities, deface Web sites, and break into supposedly secure and certainly sensitive databases.

IEEE Spectrum has written dozens of stories about both—the Steampunkers and Arduino do-it-yourselfers, on the one hand, the Anonymous and Lulzsec ne’er-do-wells on the other. Inspired by New York Magazine’s Approval Matrix, they took 25 of the biggest and best stories and assessed them along two dimensions: innovation and impact.


read more

The Autistic Hacker

A few months after the World Trade Center attacks, a strange message appeared on a U.S. Army computer: “Your security system is crap,” it read. “I am Solo. I will continue to disrupt at the highest levels.”

Solo scanned thousands of U.S. government machines and discovered glaring security flaws in many of them. Between February 2001 and March 2002, Solo broke into almost a hundred PCs within the Army, Navy, Air Force, NASA, and the Department of Defense. He surfed around for months, copying files and passwords. At one point he brought down the U.S. Army’s entire Washington, D.C., network, taking about 2000 computers out of service for three days. U.S. attorney Paul McNulty called his campaign “the biggest military computer hack of all time.”


read more

Everything can be hacked — that’s an important detail to keep in mind as we start cramming wireless radios into our bodies attached to medical implants. Researchers have been working on ways to protect devices like pacemakers from ne’er-do-wells looking to cause, not just e-harm, but physical injury or even death. A new system developed jointly by MIT and UMass is much more sophisticated that earlier solutions, can be used with existing implants, and is worn outside the body allowing it to be removed in the event of an emergency. The shield, as it’s called, acts as a sort of medical firewall, protecting implants from unauthorized access — doctors send encrypted instructions to it which are decoded and relayed to device, while it blocks any signals not using the secret key. All that’s left to do is figure out what sort of person would mess with someone’s defibrillator.


read more

Followed by a numerous news count of hacker break-ins (link 1, link 2 and link 3), it looks as though hackers are inflaming a cyber war against major corporations and institutions. This time the International Monetary Fund, United States Senate and Central Intelligence Agency servers got hacked. Full coverage of these stories inside.


read more

Poor Sony — not again. Lulz Security has broken into SonyPictures.com, where it claims to have stolen the personal information of over 1,000,000 users — all stored (disgracefully) in plain text format. Lulz claims the heist was performed with a simple SQL injection — just like we saw the last time around. A portion of the group’s exploit is posted online in a RAR file, which contains over 50,000 email / password combos of unfortunate users. In addition to user information, the group has blurted out over 20,000 Sony music coupons, and the admin database (including email addresses and passwords) for BMG Belgium employees. Fresh off the heels of the PlayStation Network restoration, the fine folks in Sony’s IT department are now surviving solely on adrenaline shots.

Update 1: On the topic of clear-text passwords, Neflix, Foursquare, LinkedIn and Square are also spotted to expose your data. Therefore as a developer, please be careful developing apps with sensitive information; and as a user be even more careful sharing your sensitive information over the internet.

Update 2: 3rd of June 2011, Codemasters (UK game developer that brought us Dirt, GRID, Operation Flashpoint, etc) website got also hacked. The say tens of thousands accounts have been compromised exposing the names, addresses (both physical and email), birthdays, phone numbers, Xbox gamer tags, biographies, and passwords of its registered users. Payment information wasn’t compromised, but when you consider that almost everything else was, that feels like hollow consolation.


read more

Following a series of hackers break-ins on Sony (and several others), The black-hat group attacked an automobile manufacturer — Honda Canada. The company said the information accessed was related to a program in 2009 that encouraged customers to register at the myHonda website. In an alert posted on its website, Honda said details such as customer names, addresses, vehicle identification numbers and in some cases Honda Financial Services account numbers were accessed. The company said the information didn’t include data typically used for identity theft or fraud, such as birth dates, credit card numbers and bank account numbers.


read more

It didn’t manage to do it during the most recent Pwn2Own challenge, but VUPEN Security is now claiming that it has finally managed to hack Google’s Chrome browser and crack its so-called “sandbox.” According to the firm, the exploit relies on some newly discovered zero day vulnerabilities, works on all Windows operating systems (and only Windows, apparently), and could give malicious websites the ability to download code from a remote source and execute it on a user’s computer — the video below shows an example, in which the Windows Calculator application is downloaded and run automatically. For its part, Google says it has been unable to confirm the hack since VUPEN hasn’t shared any details with it — something the firm apparently doesn’t plan to do, as it says it only shares its vulnerability research with its “government customers for defensive and offensive security.”


read more

The names and e-mails of customers of Citigroup Inc and other large U.S. companies, as well as college students, were exposed in a massive and growing data breach after a computer hacker penetrated online marketer Epsilon.
A diverse swath of companies that did business with Epsilon stepped forward over the weekend to warn customers some of their electronic information could have been exposed.

Drugstore Walgreen, Video recorder TiVo Inc, credit card lender Capital One Financial Corp and teleshopping company HSN Inc all added their names to a list of targets that also includes some of the nation’s largest banks. The names and electronic contacts of some students affiliated with the U.S.-based College Board — which represents some 5,900 colleges, universities and schools — were also potentially compromised in what could be one of the biggest breaches in U.S. history.

No personal financial information such as credit cards or social security numbers appeared to be exposed, according to the company statements and e-mails to customers. Epsilon, an online marketing unit of Alliance Data Systems Corp, said on Friday that a person outside the company hacked into some of its clients’ customer files. The vendor sends more than 40 billion e-mail ads and offers annually, usually to people who register for a company’s website or who give their e-mail addresses while shopping.


read more

WikiLeaksAfter a Tuesday deadline to submit nominees for the Nobel Peace Prize, Norwegian parliamentarian Snorre Valen announced he had entered WikiLeaks as a candidate for the prestigious award. Nominations can be handed in by members of national assemblies and governments of states, members of international courts, university professors and directors of peace and foreign policy institutes. WikiLeaks’ work exposing government secrets has earned it the enmity of countries around the world, especially the US. But Valen told Deutsche Welle that WikiLeaks deserved the Nobel prize for contributing to world peace.


read more

Google will pay $20,000 to the first researcher who successfully exploits its Chrome browser at this year’s Pwn2Own hacking contest. The award is the largest ever for the annual challenge, which will kick off for the fifth time at the CanSecWest security conference in Vancouver, British Columbia, on March 9.

At this year’s Pwn2Own, researchers will pit exploits against machines running Windows 7 or Mac OS X as they try to bring down Microsoft’s Internet Explorer, Mozilla’s Firefox, Apple’s Safari and Chrome. The first researchers to hack IE, Firefox and Safari will receive $15,000 and the machine running the browser. The prizes are $5,000 more than those given for exploiting browsers at the last Pwn2Own contest, and three times more than the 2009 awards.


read more