Tag Archives: Passwords

Google Begs Court to Reconsider Ruling That Wi-Fi Sniffing Is Wiretapping

Google Begs Court to Reconsider Ruling That Wi-Fi Sniffing Is Wiretapping

 

WIRED / Threat Level
by David Kravets
September 25, 2013

 

 

Google Begs Court to Reconsider Ruling That Wi-Fi Sniffing Is Wiretapping (Photo: dspain/Flickr)
Google Begs Court to Reconsider Ruling That Wi-Fi Sniffing Is Wiretapping (Photo: dspain/Flickr)

 

Google is asking a federal appeals court to reconsider a recent ruling finding Google potentially liable for wiretapping when it secretly intercepted data on open Wi-Fi routers.

The Mountain View-based company said the September 10 decision by the 9th U.S. Circuit Court of Appeals will create “confusion” (.pdf) about which over-the-air signals are protected by the Wiretap Act, including broadcast television.

The case concerns nearly a dozen combined lawsuits seeking damages from Google for eavesdropping on open Wi-Fi networks from its Street View mapping cars. The vehicles, which rolled through neighborhoods around the world, were equipped with Wi-Fi–sniffing hardware to record the names and MAC addresses of routers to improve Google location-specific services. But the cars also gathered snippets of content.

The search giant petitioned the San Francisco-based appeals court to reconsider its decision that allowed the case to proceed at trial — a ruling that upended Google’s defense.

Google claimed it is was legal to intercept data from unencrypted, or non-password-protected Wi-Fi networks. Google said open Wi-Fi networks are “radio communications” like AM/FM radio, citizens’ band and police and fire bands, and are “readily accessible” to the general public and exempt from the Wiretap Act — a position the appeals court rejected.

“This error is exceptionally important. It promises to have a substantial, long-lasting effect on the application of the Wiretap Act in an environment of rapid technological change. If allowed to stand, the panel’s ruling will create confusion about the Wiretap Act’s prohibitions, threaten the development of new radio-based technologies, and raise questions about whether activities that Congress intended to protect may now be deemed unlawful,” Google wrote the appeals court late Monday.

The court has the option of rejecting Google’s petition. Or, it could rehear the case with the same three-judge panel or decide the issue en banc with an 11-judge panel. The 9th Circuit is the nation’s largest appeals court, and covers Arizona, California, Montana, Alaska, Hawaii, Idaho, Oregon, Washington and Nevada.

Google said the decision makes it unclear whether intercepting broadcast television might be deemed wiretapping, as might the interception of “public safety communications” or “any marine or aeronautical communications systems.”

“That makes no sense, will create confusion about what radio-based signals can be lawfully received, and is not what Congress intended,” Google wrote in its petition.

Google was sniffing packets of data on unsecured Wi-Fi networks in about a dozen countries over a three-year period, until German privacy authorities began questioning in 2010 what data Google’s Street View cars were collecting. Google, along with other companies, use databases of Wi-Fi networks and their locations to augment or replace GPS when attempting to figure out the location of a computer or mobile device. Google had claimed the lawsuit was “without merit,” and has abandoned the practice of payload sniffing from open networks.

The flap, meanwhile, has wide-ranging implications for the millions who use open, unencrypted Wi-Fi networks at coffee shops, restaurants or any other businesses that try to attract customers by providing free Wi-Fi.

Hanni Fakhoury, an Electronic Frontier Foundation staff attorney, said the court’s decision had some pluses and minuses. One fallout is that security researchers face the risk of civil penalties or even criminal prosecution for intentionally capturing payload data traveling over open Wi-Fi networks.

 

On the other hand, the decision also provides a strong argument that the feds and other law enforcement agencies that want to spy on data transmitted over unencrypted Wi-Fi will need to get a wiretap order to do so. We’ve seen the government use a device called a ‘moocherhunter’ without a search warrant to read Wi-Fi signals to figure out who’s connecting to a particular wireless router. This decision suggests that to the extent the government uses a device like this (or even a ‘stingray’ to the extent it can capture Wi-Fi signals) to capture payload data — even if just to determine a person’s location—they’ll need a wiretap order to do so. That’s good news since wiretap orders are harder to get than a search warrant.

 

Ironically, the Federal Communications Commission last year cleared Google of wrongdoing in connection to it secretly intercepting Americans’ data on unencrypted Wi-Fi routers.

The commission said that, between 2008 and 2010, “Google’s Street View cars collected names, addresses, telephone numbers, URL’s, passwords, e-mail, text messages, medical records, video and audio files, and other information from internet users in the United States.”

The commission, however, fined Google $25,000 for stonewalling the investigation.

 

Direct Link:  http://www.wired.com/threatlevel/2013/09/google-wi-fi-do-over/

Ubisoft Database Hack Exposes Email Addresses, Passwords

Ubisoft Database Hack Exposes Email Addresses, Passwords

PC Magazine
by  Chloe Albanesius
July 2, 2013

 

Ubisoft Database Hack Exposes Email Addresses, Passwords
Ubisoft Database Hack Exposes Email Addresses, Passwords

 

Ubisoft today revealed that a hack of its systems exposed user names, email addresses, and encrypted passwords, but not financial data.

The attackers exploited one of Ubisoft’s websites “to gain unauthorized access to some of our online systems,” the company said in a statement. Ubisoft shut down the hackers’ access, but discovered that they had infiltrated the company’s account database.

“It’s important to note that no personal payment information is stored with Ubisoft, so fortunately all credit/debit card information was safe from this intrusion,” according to Ubisoft.

Ubisoft is recommending that all account holders change their passwords on ubi.com, as well as on other websites where they might have used the same password.

Although passwords were encrypted, they “could be cracked, in particular if the password chosen is weak. This is the reason we are recommending that our users change their password,” Ubisoft said.

Ubisoft declined to go into specifics about the attack “for security reasons,” but denied that it originated via any Uplay services. The company has alerted the necessary authorities and said it taking steps to shore up its systems. But “no company or organization is completely immune to these kinds of criminal attacks,” Ubisoft said. Access to Ubisoft games was not affected.

Ubisoft is one of several high-profile gaming firms that will be rolling out games for the upcoming Xbox One and PlayStation 4, including Watch Dogs, which ironically requires players to hack into various electronic systems. In May, Ubisoft revealed that it worked with Kaspersky Lab to make sure the hacking in the game looked authentic.

Direct Link:  http://www.pcmag.com/article2/0,2817,2421311,00.asp

Firefox 13 leaks ahead of release, plays catch-up to other browsers

Firefox 13 leaks ahead of release, plays catch-up to other browsers

 

Los Angeles Times

By Salvador RodriguezJune 4, 2012

 

 

Firefox 13 

 

Firefox 13, the latest version of Mozilla’s browser, leaked a day ahead of its official release. (Firefox / June 4, 2012)

 

 

Welcome to the 2010s, Firefox.

The latest version of Mozilla’s Web browser, Firefox 13, leaked onto the Internet a day ahead of its official release, and is available for download to anyone.

But unlike previous versions of Firefox that trail blazed new ways to surf the Web, this version is more about bringing Firefox up to par with its peers. It’s not a bad browser, but it’s nothing special either.

The official version will become available from Mozilla on Tuesday, but the early version, which is available here, appears to be the full, real thing.

The latest Firefox rendition, which has been available in Beta form for some time, brings a couple of new features with it to make the browser more helpful as well as faster.

The most notable changes will be visible to users on the browser’s default home page and its new tab page.

The default home page has been redesigned to include more than the Firefox logo and Google search bar. It now also includes thumbnail shortcuts to your downloads, bookmarks, history and other pages.

The new tab page is no longer a white, blank waste of real estate, but rather, it shows you your nine most visited websites, which as WebProNews notes, is nothing we haven’t seen before but something Firefox was definitely missing. And for those users who do like the blank page, there’s a button on the top right corner that brings it back.

Another addition to Firefox is a feature called Tabs on Demand, which is great for users who like to leave millions of tabs open. Tabs on Demand works when a user reloads a previous session that had numerous open tabs.

But rather than open each of them up simultaneously, inevitably making your computer crash or drag, Tabs on Demand only opens each tab as you get around to using it.

And there’s also Reset Firefox. This feature works when Firefox stops working by migrating your bookmarks, passwords, cookies and other data to a new profile while resetting everything else to default.

It’s a near-nuke option for when everything else fails to fix the problem.

So check out the latest version of Firefox or wait for Tuesday and get it officially from its makers. It’s nice and fresh, but it’s not a standout as Firefox once was.

ALSO:

Google Chrome becomes most used Web browser

Google Chrome heading to iPhone, analysts predict

Is Facebook going to buy Opera, make its own browser?

 

Direct Link:  http://www.latimes.com/business/technology/la-fi-tn-firefox-13-leaks-20120604,0,16098.story

Computer expert who stole eight million people’s personal details for an ‘intellectual challenge’ jailed for two and half years

 

Computer expert who stole eight million people’s personal details for an ‘intellectual challenge’ jailed for two and half years

 

  • Program scanned through 200,000 PayPal accounts
  • Part of Nokia internal network temporarily shut down
  • Girlfriend used stolen card details to try and pay for luxury hotels
  • Hacker hoarded enough personal details to fill 67,500 double-sided A4 pages

 

MAIL Online (UK)

By Phil Vinter

3 April 2012

 

 

A computer hacker illegally acquired enough credit and debit card details to carry out a potential £800,000 worth of fraud.

Edward Pearson, 23, of Lendale, York, used a trojan virus to download thousands of credit card details along with the postcodes, passwords, names and dates of birth of more than eight million people in the UK.

One of his programs scanned through 200,000 accounts registered to online payment service PayPal – identifying names, passwords and current balances.

Pearson, an ‘incredibly talented’ boarding school student who carried out the crime for an ‘intellectual challenge’, has been jailed for two years and two months.

Fraudster: Edward Pearson, 23, stole the personal details of more than eight million people. 

Fraudster: Edward Pearson, 23, stole the personal details of more than eight million people.

 

 

Pearson's girlfriend Cassandra Mennim, 21, tried to pay for luxury hotels using stolen credit card details 

Pearson’s girlfriend Cassandra Mennim, 21, tried to pay for luxury hotels using stolen credit card details

 

He also managed to shut down part of the mobile phone giant Nokia’s internal network for two weeks after hacking in and copying the details of over 8,000 members of staff, Southwark Crown Court heard.

His 21-year-old girlfriend, Cassandra Mennim, a sociology student at the University of York, triggered a police inquiry after she tried to pay for luxury hotel stays using stolen credit card details.

Pearson was arrested after investigators linked a web alias, ‘G-Zero’, which had appeared on hacking forums, to his personal email address.

On one of his computers officers found 8,110,474 names, dates of birth, and postcodes for adults living in the UK.

Police officers in the case said that if the details were printed onto double-sided A4 it would fill a staggering 67,500 sheets.

David Hughes, prosecuting, said the hacker had carried out a series of ‘sophisticated, planned frauds.’

He said: ‘Pearson used his considerable expertise for his criminal intentions.

‘When police examined other computers they found the details of 2,701 credit or debit cards.

‘Based on the average fraud used on a single card being £309, the potential gain to be made by him was £834,000.

‘In fact the actual fraud on these credit and debit cards attributed to Pearson amounted to £2,351, but the total on the cards was £39,832.’

The details were all stolen over an 18-month period between January 1, 2010, and August 30, 2011.

Pearson coded trojan viruses, called Zeus, SpyEye and Python, to automatically scour the internet in search of personal details.

His Python program successfully downloaded the details of 200,000 PayPal accounts.

Mr Hughes added that Pearson had hacked into the systems of Nokia and web giant AOL to gain access to their employees’ details, as well as other sensitive information.

‘This had a significant negative impact on the company, which had to shut its networks down for two weeks while checks were carried out on it,’ he said.

Mennim was caught after booking rooms at the Cedar Court Grand Hotel and Lady Anne Middleton Hotel, both in York, using stolen credit card details and PayPal accounts.

Andrew Bodnar, defending Pearson, said his hacking had not been for financial gain, but more as an intellectual challenge.

‘This is a young man who has very advance computer skills, but has put them to the wrong use, but he is not the criminal mastermind that everyone claims he is.

‘The total amount of money he fraudulently amounted, is the figure of £2,351.

Pearson's girlfriend Cassandra Mennim tried to pay for a luxury hotel stay at the Cedar Court Grand Hotel in York 

Pearson’s girlfriend Cassandra Mennim tried to pay for a luxury hotel stay at the Cedar Court Grand Hotel in York

 

Mennim also used PayPal details to tell staff she would pay for an expensive stay at Lady Anne Middleton's Hotel, in York 

Mennim also used PayPal details to tell staff she would pay for an expensive stay at Lady Anne Middleton’s Hotel, in York

 

‘These have been done using the Paypal accounts, to order pizza and other takeaway foods, and to pay for mobile phone accounts.

‘It is fair to say that he produced the Trojan, Zeus and other software as an intellectual challenge, and he hacked into Nokia to see if he could.’

He added that although he had shared some of the details, he had never sold them.

 

Shut down: Mobile phone giant Nokia was shut down by Pearson for two weeks after he hacked in to their network and copied the details of more than 8,000 members of staff, Southwark Crown Court heard 

Shut down: Mobile phone giant Nokia was shut down by Pearson for two weeks after he hacked in to their network and copied the details of more than 8,000 members of staff, Southwark Crown Court heard

 

Stephen Grattage, defending Mennim, who gained 9 A’s and 4 A*’s at GCSEs, said she was a vulnerable young women who had found comfort in Pearson following a difficult previous relationship.

‘She stands before the court, saying she is ashamed of herself, and she is ashamed of her actions and is very sorry.

‘She says she will pay back the money that she owes to the hotel.’

‘This was a very sophisticated crime, in which you managed to access highly confidential information and put many individuals at risk of attack.’
MS RECORDER ANN MULLIGAN

Sentencing Pearson to two years and two months and handing Mennim a 12 month supervision order the judge Ms Recorder Ann Mulligan said: ‘It is extremely regrettable that you two promising young individuals find yourself in the dock.

‘This was a very sophisticated crime, in which you managed to access highly confidential information and put many many individuals at risk of attack.

‘You had a staggering amount of personal details, 8.1 million, which included names, dates of births, credit and debit card details and security codes, the use of which they could have been used for, is hard to imagine.

‘Your computers and software were a devastating tool kit.

‘I accept that you didn’t sell this information, but you shared it with other computer programmers, and you had no way of knowing how they might use this information.

Victim: Online payment provider PayPal was hacked into by computer expert Edward Pearson 

Victim: Online payment provider PayPal was hacked into by computer expert Edward Pearson

 

‘This stupendous criminality was not about financial gain, but about an intellectual challenge.’

Pearson, originally from Blandford Forum, Dorset, and now of Lendale, York, admitted making an article for use in fraud and two counts of possession of an article for use in fraud.

Mennim, of Balmoral Terrace, South Gosforth, Newcastle upon Tyne, admitted two counts of obtaining services dishonestly.

 

 

Direct Link:  http://www.dailymail.co.uk/news/article-2124114/Computer-hacker-Edward-Pearson-Lendale-York-stole-million-people-s-personal-details-jailed-half-years.html