Language Selection

English French German Italian Portuguese Spanish

Hackers Demonstrate Their Skills in Vegas

Filed under
Misc

Even the ATM machines were suspect at this year's Defcon conference, where hackers play intrusion games at the bleeding edge of computer security.

With some of the world's best digital break-in artists pecking away at their laptops, sending e-mails or answering cell phones could also be risky.

Defcon is a no-man's land where customary adversaries - feds vs. digital mavericks - are supposed to share ideas about making the Internet a safer place. But it's really a showcase for flexing hacker muscle.

This year's hot topics included a demonstration of just how easy it may be to attack supposedly foolproof biometric safeguards, which determine a person's identity by scanning such things as thumb prints, irises and voice patterns.

Banks, supermarkets and even some airports have begun to rely on such systems, but a security analyst who goes by the name Zamboni challenged hackers to bypass biometrics by attacking their backend systems networks. "Attack it like you would Microsoft or Linux he advised.

Radio frequency identification tags that send wireless signals and that are used to track a growing list of items including retail merchandise, animals and U.S. military shipments_ also came under scrutiny.

A group of twentysomethings from Southern California climbed onto the hotel roof to show that RFID tags could be read from as far as 69 feet. That's important because the tags have been proposed for such things as U.S. passports, and critics have raised fears that kidnappers could use RFID readers to pick traveling U.S. citizens out of a crowd.

RFID companies had said the signals didn't reach more than 20 feet, said John Hering, one of the founders of Flexilis, the company that conducted the experiment.

"Our goal is to raise awareness," said Hering, 22. "Our hope is to spawn other research so that people will move to secure this technology before it becomes a problem."

Erik Michielsen, an analyst at ABI Research, chuckled when he heard the Flexilis claims. "These are great questions that need to be raised," he said, but RFID technology varies with the application, many of which are encrypted. Encryption technology uses an algorithm to scramble data to make it unreadable to everyone except the recipient.

Also on hand at the conference was Robert Morris Sr., former chief scientist for the National Security Agency, to lecture on the vulnerabilities of bank ATMs, which he predicted would become the next "pot of gold" for hackers.

The Internet has become "crime ridden slums," said Phil Zimmermann, a well-known cryptographer who spoke at the conference. Hackers and the computer security experts who make a living on tripping up systems say security would be better if people were less lazy.

To make their point, they pilfered Internet passwords from convention attendees.

Anyone naive enough to access the Internet through the hotel's unsecured wireless system could see their name and part of their passwords scrolling across a huge public screen.

It was dubbed the "The Wall of Sheep."

Among the exposed sheep were an engineer from Cisco Systems Inc., multiple employees from Apple Computer Inc. and a Harvard professor.

An annual highlight of the conference is the "Meet the Feds" panel, which this year included representatives from the FBI, NSA, and the Treasury and Defense departments. Morris and other panel members said they would love to hire the "best and brightest" hackers but cautioned that the offer wouldn't be extended to lawbreakers.

During the session, Agent Jim Christy of the Defense Department's Cyber Crime Center asked the audience to stand.

"If you've never broken the law, sit down," he said. Many sat down immediately - but a large number appeared to hesitate before everyone eventually took their seats.

OK, now we can turn off the cameras, Christy joked.

Some federal agents were indeed taking careful notes, though, when researcher Michael Lynn set the tone for the conference by publicizing earlier in the week a vulnerability in Cisco routers that he said could allow hackers to virtually shut down the Internet.

Lynn and other researchers at Internet Security Systems had discovered a way of exploiting a Cisco software vulnerability in order to seize control of a router. That flaw was patched in April, but Lynn showed that Cisco hadn't quite finished the repair job - that the same technique could be used to exploit other vulnerabilities in Cisco routers.

Cisco and ISS went to court to try to stop Lynn from going public, but Lynn quit ISS and spoke anyway. In the wake of his decision, Lynn has become the subject of an FBI probe, said his attorney Jennifer Granick.

Many at the conference praised Lynn.

"We're never going to secure the Net if we don't air and criticize vulnerabilities," said David Cowan, a managing partner at venture capital firm Bessemer Venture Partners.

And the vulnerabilities are plenty.

During his session on ATM machines, Morris said thieves have been able to dupe people out of their bank cards and passwords by changing the software in old ATM machines bought off eBay for as little as $1,000 and placing the machines out in public venues.

Associated Press

More in Tux Machines

Leftovers: Ubuntu

  • Canonical, Snappy and the marketing value of collaboration
    Canonical implies it is collaborating with nearly every major Linux distro for its Snappy project. It is not. And what could have been a marketing win for it is now a loss.
  • How to install MongoDB community edition on Ubuntu Linux
    MongoDB is a NoSQL database that avoids the traditional structure of relational databases in favor of document-oriented JSON-like objects. What this translates to is the integration between application and data is faster and easier. If that's not enough, consider this: MongoDB is one the databases preferred by big data and large enterprise companies, including Adobe, Craigslist, eBay, FIFA, Foursquare, and LinkedIn.
  • No WhatsApp, but fixes set to come for Ubuntu Phone
    Users of the Ubuntu Phone will have to get used to the fact that popular Android apps like WhatsApp are unlikely to be made available for the platform, at least not in in the short term. Facebook owns WhatsApp and the communications app now has more than a billion users.
  • Ubuntu Developers Discuss Again About Dropping Support For 32-bit x86
    Ubuntu developers are once again pondering the possibility of dropping support for i386 (32-bit x86) as installation media for their Linux distribution. The matter of dropping Ubuntu i386 ISOs has been brought up many times the past few years, but ultimately it's kept getting pushed back for users still running Ubuntu Linux on old hardware and other reasons. Dropping Ubuntu for i386 keeps getting brought up namely for the installer media rather than the i386 package archive itself.

Sabayon 16.07 Ships with Linux Kernel 4.6.3, Introduces the First LXQt Flavor

Today, June 28, 2016, the developers of the Gentoo-based Sabayon Linux computer operating system have had the great pleasure of announcing the general availability of new respin ISO images for the month of July 2016. Right on the schedule, Sabayon 16.07 Live ISO images are now available for download, switching the OS to the latest Linux 4.6.3 kernel from the deprecated Linux 4.5 branch that shipped with the May ISO respins of the GNU/Linux distribution, Sabayon 16.05. Read more

Android Apps Turn Chromebooks Into Macbook Killers

  • Android Apps Turn Chromebooks Into Macbook Killers
    When Chromebooks launched in the summer of 2011, they seemed destined to fail, much like the underpowered, internet-dependent netbooks that came before them. But in the five years since, Chromebooks have defied expectations, becoming the most used device in US classrooms and even outselling Macs for the first time this year. Still, people complain about their inability to run useful software, but that’s all about to change.
  • Android apps could turn Chromebooks into MacBook killers

today's leftovers

  • Permabit Debuts Only Complete Data Reduction for the Linux Storage Stack
    Permabit Technology Corporation, the leader in data reduction technology, today announced the latest release of its Virtual Data Optimizer (VDO) software, VDO 6. The newest release of VDO delivers the company's patented deduplication, HIOPS Compression™ and thin provisioning in a commercial software package for Linux, expanding availability beyond the OEM marketplace to include the leading Professional Services organizations that are enabling today's modern Hybrid Cloud data centers.
  • My KIWI/OBS talk from oSC'16
    Last Friday, at openSUSE Conference 2016, I was giving a talk together with Christian Schneemann about KIWI and OBS (the events.opensuse.org software is not able to manage "two speakers for one talk", this is why I am not listed in the schedule).
  • AppliedMicro Announces the Availability of its Mudan Storage Platform at Red Hat Summit 2016
  • AsteroidOS smartwatch OS wants you, developers
    AsteroidOS is a new open source operating system specifically designed to serve software application development on smartwatches. The project is now gaining some traction and has been reported to now be looking for developer and community contribution engagement.