Language Selection

English French German Italian Portuguese Spanish

Hackers Demonstrate Their Skills in Vegas

Filed under

Even the ATM machines were suspect at this year's Defcon conference, where hackers play intrusion games at the bleeding edge of computer security.

With some of the world's best digital break-in artists pecking away at their laptops, sending e-mails or answering cell phones could also be risky.

Defcon is a no-man's land where customary adversaries - feds vs. digital mavericks - are supposed to share ideas about making the Internet a safer place. But it's really a showcase for flexing hacker muscle.

This year's hot topics included a demonstration of just how easy it may be to attack supposedly foolproof biometric safeguards, which determine a person's identity by scanning such things as thumb prints, irises and voice patterns.

Banks, supermarkets and even some airports have begun to rely on such systems, but a security analyst who goes by the name Zamboni challenged hackers to bypass biometrics by attacking their backend systems networks. "Attack it like you would Microsoft or Linux he advised.

Radio frequency identification tags that send wireless signals and that are used to track a growing list of items including retail merchandise, animals and U.S. military shipments_ also came under scrutiny.

A group of twentysomethings from Southern California climbed onto the hotel roof to show that RFID tags could be read from as far as 69 feet. That's important because the tags have been proposed for such things as U.S. passports, and critics have raised fears that kidnappers could use RFID readers to pick traveling U.S. citizens out of a crowd.

RFID companies had said the signals didn't reach more than 20 feet, said John Hering, one of the founders of Flexilis, the company that conducted the experiment.

"Our goal is to raise awareness," said Hering, 22. "Our hope is to spawn other research so that people will move to secure this technology before it becomes a problem."

Erik Michielsen, an analyst at ABI Research, chuckled when he heard the Flexilis claims. "These are great questions that need to be raised," he said, but RFID technology varies with the application, many of which are encrypted. Encryption technology uses an algorithm to scramble data to make it unreadable to everyone except the recipient.

Also on hand at the conference was Robert Morris Sr., former chief scientist for the National Security Agency, to lecture on the vulnerabilities of bank ATMs, which he predicted would become the next "pot of gold" for hackers.

The Internet has become "crime ridden slums," said Phil Zimmermann, a well-known cryptographer who spoke at the conference. Hackers and the computer security experts who make a living on tripping up systems say security would be better if people were less lazy.

To make their point, they pilfered Internet passwords from convention attendees.

Anyone naive enough to access the Internet through the hotel's unsecured wireless system could see their name and part of their passwords scrolling across a huge public screen.

It was dubbed the "The Wall of Sheep."

Among the exposed sheep were an engineer from Cisco Systems Inc., multiple employees from Apple Computer Inc. and a Harvard professor.

An annual highlight of the conference is the "Meet the Feds" panel, which this year included representatives from the FBI, NSA, and the Treasury and Defense departments. Morris and other panel members said they would love to hire the "best and brightest" hackers but cautioned that the offer wouldn't be extended to lawbreakers.

During the session, Agent Jim Christy of the Defense Department's Cyber Crime Center asked the audience to stand.

"If you've never broken the law, sit down," he said. Many sat down immediately - but a large number appeared to hesitate before everyone eventually took their seats.

OK, now we can turn off the cameras, Christy joked.

Some federal agents were indeed taking careful notes, though, when researcher Michael Lynn set the tone for the conference by publicizing earlier in the week a vulnerability in Cisco routers that he said could allow hackers to virtually shut down the Internet.

Lynn and other researchers at Internet Security Systems had discovered a way of exploiting a Cisco software vulnerability in order to seize control of a router. That flaw was patched in April, but Lynn showed that Cisco hadn't quite finished the repair job - that the same technique could be used to exploit other vulnerabilities in Cisco routers.

Cisco and ISS went to court to try to stop Lynn from going public, but Lynn quit ISS and spoke anyway. In the wake of his decision, Lynn has become the subject of an FBI probe, said his attorney Jennifer Granick.

Many at the conference praised Lynn.

"We're never going to secure the Net if we don't air and criticize vulnerabilities," said David Cowan, a managing partner at venture capital firm Bessemer Venture Partners.

And the vulnerabilities are plenty.

During his session on ATM machines, Morris said thieves have been able to dupe people out of their bank cards and passwords by changing the software in old ATM machines bought off eBay for as little as $1,000 and placing the machines out in public venues.

Associated Press

More in Tux Machines

Ubuntu: Logic Supply and Linux 4.15/Linux 4.16

  • Tiny Apollo Lake based mini-PCs run Ubuntu
    Logic Supply unveiled two 116 x 83 x 34mm mini-PCs built around a Celeron N3350: a CL200 with 3x USB ports and a CL210 that doubles memory to 2GB LPDDR4 and 32GB eMMC, and adds a second mini-DP and GbE port. Logic Supply announced its smallest mini-PCs to date with CL200 and CL210 models that measure just 116 x 83 x 34mm. The CL200 ships with Ubuntu 16.04 while the more advanced CL210 also offers Windows 10 IoT. Both of these “IoT Edge Device” mini-PCs tap Intel’s dual-core, 1.1GHz Celeron N3350 with 6W TDP from the Apollo Lake generation, and support digital media, data acquisition, automation, and network gateway applications.
  • Ubuntu 18.04 LTS Continues Prepping With The Linux 4.15 Kernel
    There were various calls by independent end-users voicing their two cents that Ubuntu 18.04 "Bionic Beaver" should ship with Linux 4.16 instead of Linux 4.15, but that isn't going to happen. In several different places the past few weeks I've seen various remarks made of how "Ubuntu 18.04 should ship with Linux 4.16" on the basis of either better Spectre/Meltdown support, Linux 4.16 will be out in time and neither 4.15 or 4.16 are even LTS releases, better hardware support, or users simply wanting all the goodies in Linux 4.16. But that's simply foolish given Ubuntu 18.04 is being a Long Term Support release and how close the timing ends up being as is.
  • Kernel Team summary: March 21, 2018
    On the road to 18.04 we have a 4.15 based kernel in the Bionic repository.

Graphics: mesa 17.3.7, mesa 18.0.0-rc5, VGA_Switcheroo and More

  • mesa 17.3.7
    Mesa 17.3.7 is now available.
  • Mesa 17.3.7 Released With A Bunch Of Fixes
    While Mesa 18.0 should finally be out on Friday as the major quarterly update to the Mesa 3D drivers, Mesa 17.3.7 is out today and it's a rather big update for being just another point release to last month's 17.3 series. Last week marked the release candidate of Mesa 17.3.7 with 50+ changes and then on Monday came a second release candidate given all the extra patches.
  • mesa 18.0.0-rc5
    The fifth and final release candidate for Mesa 18.0.0 is now available.
  • Mesa 18.0-RC5 Released, Mesa 18.0 Should Finally Be Out On Friday
    Nearly one and a half months since Mesa 18.0-RC4 and nearly one month since last seeing any Git activity on the "18.0" Mesa Git branch, it's finally been updated today with the availability of Mesa 18.0-RC5. Mesa release manager Emil Velikov announced this long-awaited release candidate today. He says this is the fifth and final release candidate. Given the month plus since the last RC, there are many fixes/changes in this release: In fact, more than 80 changes in total for Mesa 18.0-RC5.
  • Improved VGA_Switcheroo Going Into Linux 4.17
    Google's Sean Paul has sent in the final drm-misc-next pull request to DRM-Next of new feature material for the upcoming Linux 4.17 kernel cycle. Most notable with this final drm-misc-next update is the recent VGA_Switcheroo improvements by Lukas Wunner. This is the device link
  • AMD Posts Open-Source Driver Patches For Vega 12
    It's been a while since last hearing anything about the rumored "Vega 12" GPU but coming out this morning are a set of 42 patches providing support for this unreleased GPU within the mainline Linux kernel. Alex Deucher of AMD's Linux driver team sent out the 42 patches this morning providing initial support for Vega 12 within the AMDGPU DRM kernel driver.
  • DXVK Now Has An On-Disk Shader Cache
    DXVK, the exciting project implementing the Direct3D 11 API over Vulkan for Wine gamers, now has an on-disk shader cache.
  • Freedreno's MSM DRM Driver Continues Prepping For Adreno 600 Series Support
    Rob Clark has submitted the MSM DRM driver changes to DRM-Next for the Linux 4.17 kernel for benefiting Qualcomm SoC owners. Changes this cycle for the open-source MSM DRM driver include DSI updates, fixing some race conditions, DebugFS enhancements, MDP5 fixes, and refactoring/prep work for the Adreno 600 series support.
  • NVIDIA's Jetson TK1 Is Being EOL'ed Next Month
    Easily one of our favorite ARM single-board computers ever, the Jetson TK1 from NVIDIA, will be facing retirement next month. A Phoronix reader has tipped us off that NVIDIA has sent out their EOL notice that shipments of the Jetson TK1 developer kits will be ending by the end of April. Following that, it will just live on until distributors run out of their inventory.

Slax Linux Distribution Begins Planning For Its First 2018 Release

Arriving last Christmas was a rejuvenated release of Slax, the long-running, lightweight Linux distribution with its development restarting last year and having shifted from being a Slackware derivative to Debian and moving from KDE to Fluxbox+Compton. Those involved are working on a new Slax release for 2018. Slax lead developer Tomas Matejicek has announced work is underway on the next version of this modern Slax OS with Debian+Fluxbox. Read more Original: Work in progress on next version

Games: The Pillars of the Earth, Steam, Mighty Fight Federation, Civilization VI: Rise and Fall