Language Selection

English French German Italian Portuguese Spanish

Hackers Demonstrate Their Skills in Vegas

Filed under
Misc

Even the ATM machines were suspect at this year's Defcon conference, where hackers play intrusion games at the bleeding edge of computer security.

With some of the world's best digital break-in artists pecking away at their laptops, sending e-mails or answering cell phones could also be risky.

Defcon is a no-man's land where customary adversaries - feds vs. digital mavericks - are supposed to share ideas about making the Internet a safer place. But it's really a showcase for flexing hacker muscle.

This year's hot topics included a demonstration of just how easy it may be to attack supposedly foolproof biometric safeguards, which determine a person's identity by scanning such things as thumb prints, irises and voice patterns.

Banks, supermarkets and even some airports have begun to rely on such systems, but a security analyst who goes by the name Zamboni challenged hackers to bypass biometrics by attacking their backend systems networks. "Attack it like you would Microsoft or Linux he advised.

Radio frequency identification tags that send wireless signals and that are used to track a growing list of items including retail merchandise, animals and U.S. military shipments_ also came under scrutiny.

A group of twentysomethings from Southern California climbed onto the hotel roof to show that RFID tags could be read from as far as 69 feet. That's important because the tags have been proposed for such things as U.S. passports, and critics have raised fears that kidnappers could use RFID readers to pick traveling U.S. citizens out of a crowd.

RFID companies had said the signals didn't reach more than 20 feet, said John Hering, one of the founders of Flexilis, the company that conducted the experiment.

"Our goal is to raise awareness," said Hering, 22. "Our hope is to spawn other research so that people will move to secure this technology before it becomes a problem."

Erik Michielsen, an analyst at ABI Research, chuckled when he heard the Flexilis claims. "These are great questions that need to be raised," he said, but RFID technology varies with the application, many of which are encrypted. Encryption technology uses an algorithm to scramble data to make it unreadable to everyone except the recipient.

Also on hand at the conference was Robert Morris Sr., former chief scientist for the National Security Agency, to lecture on the vulnerabilities of bank ATMs, which he predicted would become the next "pot of gold" for hackers.

The Internet has become "crime ridden slums," said Phil Zimmermann, a well-known cryptographer who spoke at the conference. Hackers and the computer security experts who make a living on tripping up systems say security would be better if people were less lazy.

To make their point, they pilfered Internet passwords from convention attendees.

Anyone naive enough to access the Internet through the hotel's unsecured wireless system could see their name and part of their passwords scrolling across a huge public screen.

It was dubbed the "The Wall of Sheep."

Among the exposed sheep were an engineer from Cisco Systems Inc., multiple employees from Apple Computer Inc. and a Harvard professor.

An annual highlight of the conference is the "Meet the Feds" panel, which this year included representatives from the FBI, NSA, and the Treasury and Defense departments. Morris and other panel members said they would love to hire the "best and brightest" hackers but cautioned that the offer wouldn't be extended to lawbreakers.

During the session, Agent Jim Christy of the Defense Department's Cyber Crime Center asked the audience to stand.

"If you've never broken the law, sit down," he said. Many sat down immediately - but a large number appeared to hesitate before everyone eventually took their seats.

OK, now we can turn off the cameras, Christy joked.

Some federal agents were indeed taking careful notes, though, when researcher Michael Lynn set the tone for the conference by publicizing earlier in the week a vulnerability in Cisco routers that he said could allow hackers to virtually shut down the Internet.

Lynn and other researchers at Internet Security Systems had discovered a way of exploiting a Cisco software vulnerability in order to seize control of a router. That flaw was patched in April, but Lynn showed that Cisco hadn't quite finished the repair job - that the same technique could be used to exploit other vulnerabilities in Cisco routers.

Cisco and ISS went to court to try to stop Lynn from going public, but Lynn quit ISS and spoke anyway. In the wake of his decision, Lynn has become the subject of an FBI probe, said his attorney Jennifer Granick.

Many at the conference praised Lynn.

"We're never going to secure the Net if we don't air and criticize vulnerabilities," said David Cowan, a managing partner at venture capital firm Bessemer Venture Partners.

And the vulnerabilities are plenty.

During his session on ATM machines, Morris said thieves have been able to dupe people out of their bank cards and passwords by changing the software in old ATM machines bought off eBay for as little as $1,000 and placing the machines out in public venues.

Associated Press

More in Tux Machines

Zorin OS 10 Core & Ultimate have arrived

We are excited to finally announce the release of Zorin OS 10 with the availability of the Zorin OS 10 Core and Ultimate editions. Zorin OS 10 is our best, most beautiful release yet. We have made major strides with the visual styling in Zorin OS. In addition to the refined & perfected desktop theme and the new default FreeSans desktop font, we have introduced a stunning new icon theme, based on the elementary and elementary-add icon themes. This is its first major overhaul since Zorin OS 2.0. Read more

Zidoo's 'X1' is a $59 Android media box that touts its 4K prowess

Bottom line, the Zidoo X1 checks all the boxes when it comes to streaming and playing local media. The X1 is affordable with an MSRP of $59 USD and comes with a one year warranty. Despite its paltry specifications, the X1 was able to handle pretty much all movie files and streaming duties. The only concern would be how well Zidoo would continue to support the device via software updates. While this doesn't quite beat pricing from the likes of the Chromecast or the MK808B it does provide more features. While this is my first time with an true Android media box, I found that the experience as pretty seamless when it was all set up. While the X1 was able to stand up the challenge of 4K, the real question is: when will see more 4K UHD content that is easily accessible. Read more

today's leftovers

  • Dawn of the data center operating system
    How microservices architecture and Linux containers will tame distributed computing for developers and ops
  • 30 Sys Admins to Follow on SysAdmin Day
    Systems administrators: They keep our high-tech world up and running. From capacity planning, to 3 a.m. phone calls, to retiring that 10-year-old server that uses more power than your whole house, sys admins do it all. Open source communities would not be able to thrive without the networks, services, and tools that allow for communication and collaboration, and sys admins are the ones who work thanklessly year-round to keep them going. July 31 is System Administrator Appreciation Day, a day for all of us to express our undying gratitude for sys admins. Sure, you could buy your favorite sys admin cake and ice cream, or perhaps a nice gift card. You could even go as far as not breaking the server for just one day. You also can follow these 30 sys admins.
  • See What Systemd 223 Brings New
  • Sparkfun's pcDuino Acadia Benchmarks Against Other ARM SBCs
    Sparkfun's pcDuino Acadia os a $119 USD development board powered by a Freescale i.MX6 quad-core Cortex-A9 SoC with Mali 400 graphics. There's 1GB of RAM and other connectivity options for this board.
  • Linux Based Solus OS Now Boots in Flat 1.2 Seconds
    Solus OS is a Linux distro that was built from scratch and uses a new desktop environment called Budgie. You can consider it as the next version of the Solus OS as it was built by the same developer team, so they didn’t bother changing the name for a new operating system.
  • Arch Linux 2015.08.01 Has Been Released. Upgrade Now!
    Arch Linux 2015.08.01 has been released and is powered by Kernel 4.1 and includes all the update patches since the 1st of July 2015.
  • uReadIt 3 – The Best Reddit Client For Ubuntu Touch
    As you may know, uReadIt is an open-source Reddit client for Ubuntu Touch, being one of the best native apps for Ubuntu mobile.
  • You Can Now Watch Flash Content With MPV On Ubuntu
    As you may know, Adobe Flash is not the safest thing on the internet this days. Mozilla even disabled it from the Firefox browser a while, due to the vulnerabilities found lately.
  • Ubuntu MATE 15.04 Running on the Rikomatic MK808B
    Ubuntu MATE, the latest member of the Ubuntu family, has been spotted running on the MK808B Plus Quad-Core mini TV box device. The device runs with Android 4.4 by default, but a third party developer has tweaked it to run Ubuntu.
  • LEGO Smart Home
    We spoke to Bhavana Srinivas and Geremy Cohen from PubNub about their LEGO Smart Home model, a proof of concept project that shows how you can use the Raspberry Pi with communication platform PubNub in order to automate your household electronics and other Internet of Things devices. You can read the full piece in the latest issue.
  • Compact module runs Linux on quad-core Braswell
    Congatec announced a compact, low power computer-on-module based on Intel’s 14nm “Braswell” SoCs, and featuring triple display outputs, and up to 4K video.

Leftovers: Software