Tag Archives: wonder

[ISN] The British Punk Rocker Widow Who Wants to Run ISIS’s Hackers

http://www.thedailybeast.com/articles/2015/09/27/the-british-woman-who-wants-to-run-isis-hackers.html By Nancy A. Youssef The Daily Beast 09.27.15 A navel-baring British punk rocker turned Islamic State widow is now aiming for a leadership role in the terror group’s cadre of hackers and online recruiters, U.S. officials believe. Should she succeed, Sally Ann Jones, 45, would become ISIS’s most public European national to openly threaten the United States and UK’s networks. She also would likely become the most influential woman in ISIS, transforming her into a key operational figure. “She appears to have picked up the flag of her late husband and is actively working to incite attacks and recruit new members,” a U.S. military official told The Daily Beast. But other Western observers wonder whether Jones has the technical chops for such a role—and whether ISIS would allow a Western woman to rise so high in the organization. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hackers Killed a Simulated Human By Turning Off Its Pacemaker

http://motherboard.vice.com/read/hackers-killed-a-simulated-human-by-turning-off-its-pacemaker By Jason Koebler Staff Writer Motherboard.vice.com Sept 7, 2015 We’ve wondered a couple of times what might happen if a hacker were to decide to compromise your pacemaker, your bionic arm, or maybe your brain implant. Thanks to some students at the University of South Alabama, we now have a reasonably good idea: You die! There are shades of gray here, of course. But a group of undergraduate students at the university recently spent a few hours hacking a medical grade human simulation to see what, exactly would happen. The results were about what you’d expect. iStan, the guy you see above, is “the most advanced wireless patient simulator on the market, with internal robotics that mimic human cardiovascular, respiratory, and neurological systems,” according to its manufacturer, CAE Healthcare. iStan costs about $100,000 and is regularly used by hospitals to teach medical school students how to perform procedures without murdering people. “They sweat, they cry, they talk,” Mike Jacobs, director of the simulations program at University of South Alabama, told me. “It responds to 300 different types of simulated medications and procedures, and the physiological response is identical to that of a human.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Lizard Squad Hacker Who Shut Down PSN, Xbox Live, And An Airplane Will Face No Jail Time

http://www.forbes.com/sites/insertcoin/2015/07/09/lizard-squad-hacker-who-shut-down-psn-xbox-live-and-an-airplane-will-face-no-jail-time/ By Paul Tassi Contributor Forbes.com 7/09/2015 Last Christmas, a hacking collective known as the “Lizard Squad” managed to take down PSN and Xbox Live right as everyone was attempting to play their consoles during holiday, creating one of the worst outages in the history of either network. The attacks soon evolved into a more personal nature, targeting then-president of Sony Online Entertainment, John Smedley, which included posting his personal details and actually grounding an American Airlines flight he was on with a Twitter TWTR -1.15%-issued bomb threat. Since then, everyone has been wondering just who the members of Lizard Squad were and if they’d ever be brought to justice. Recently, one individual, 17 year-old Julius “zeekill” Kivimaki was identified, and after standing trial in his native Finland, has just been convinced of an incredible 50,700 charges of computer-related crimes. He will serve a two-year suspended sentence, and effectively face no jail time. If you imagine the general public might be upset about such a lax sentence, you’d be right, but no one is more angry than John Smedley himself, now leading Daybreak, the studio responsible for games like H1Z1 and Planetside 2. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Tallinn 2.0 and a Chinese View on the Tallinn Process

http://www.lawfareblog.com/2015/05/tallinn-2-0-and-a-chinese-view-on-the-tallinn-process/ By Ashley Deeks LAWFARE May 31, 2015 This past week, the NATO Cooperative Cyber Defense Center of Excellence put on its annual Cyber Conflict conference in Tallinn, Estonia. The conference boasted a number of experienced cyber-hands, including Adm. Mike Rodgers, DefCon founder Jeff Moss, and law of armed conflict expert Mike Schmitt. One of the most interesting sessions, which included a presentation by Mike, focused on aspects of the Tallinn Manual versions 1.0 and 2.0. Version 1.0, produced by an independent group of experts, came out in 2013. It proffered what the experts saw as current black letter law on jus ad bellum and jus in bello rules relevant to cyber operations. The Manual includes both crisp articulations of the rules and more extensive commentary setting out the legal basis for the rule and any differences that arose among the experts. Version 2.0 picks up where Version 1.0 left off, and will set forth the experts’ views on what international law applies to cyber activity that falls below the level of armed conflict or the use of force. Mike previewed some of the topics that 2.0’s group of experts will discuss, including customary rules related to sovereignty. As Mike notes, sovereignty is not simply a factor restricting a state’s activities in other states’ territory. It also is the basis for states to regulate and exercise jurisdiction within their territory over people, hardware, and cyber operations. One challenge for the experts will be to achieve consensus on what types of activities by one state violate another state’s sovereignty: what level of damage, intrusion, or alteration of data suffices? Other norms up for discussion relate to due diligence obligations by states to stop actions that produce adverse consequences for other states, and the applicability of state responsibility (including counter-measures and the use of “necessity” arguments). Tallinn 2.0 has the potential to be even more influential than Tallinn 1.0, because it systematically will address activities that are far more prevalent in the cyber realm than uses of force or armed attacks. Bill Boothby, a former Deputy Director of Legal Services for the UK Royal Air Force, then provided a retrospective look at Tallinn 1.0. Mike Schmitt had asked Bill to review all of the literature that offered reviews or critiques of Tallinn 1.0, to assess whether to consider certain modest amendments to the Manual’s commentary (though not to its black letter rules) or to take up certain issues that Tallinn 1.0 did not cover. Bill assessed that there has been huge interest in the Manual since it came out, but that the Manual reflected “all reasonable positions” on the issues it took up and that there were only a few amendments worth pondering. In particular, Bill wondered whether the definition of what constitutes a “cyber attack” might need to expand to include “major disruptions” that nevertheless do not produce physical harm to the affected state. He also asked whether the jus in bello rule on precautions was ill-suited to cyber, given that states utterly have failed to segregate their military cyber infrastructure from civilian cyber infrastructure. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] An unapologetic history of plane hacking: Beyond the hype and hysteria

http://www.zdnet.com/article/a-practical-history-of-plane-hacking-beyond-the-hype-and-hysteria/ By Violet Blue Zero Day May 21, 2015 Headlines and infosec pros alike have been going mental over security researcher Chris Roberts’ alleged mid-flight hacking of a commercial airplane, and his subsequent detainment by the FBI in April. Things got hysterical last weekend when a month-old FBI search warrant application surfaced in headlines hyping the FBI’s belief that Roberts tried to fly the plane by hacking in through the in-flight entertainment system. It remains to be seen whether or not a hacker can make a 747 “do a barrel roll” a la the maddeningly impossible fantasies of CSI Cyber. But as a result, the world is openly wondering whether there’s truth to the assurances from manufacturers and officials that aviation systems are as secure as claimed


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Why I Hope Congress Never Watches Blackhat

http://www.wired.com/2015/01/why-i-hope-congress-never-watches-blackhat/ By Kevin Poulsen Threat Level Wired.com 01.16.15 What a strange time. Last week I was literally walking the red carpet at the Hollywood premiere of Michael Mann’s Blackhat, a crime thriller that I had the good fortune to work on as a “hacker adviser” (my actual screen credit). Today, all I’m thinking is, please, God, don’t let anybody in Congress see the film. I’ll explain my anxiety in a minute. First, the movie: Mann, the legendary director of hardboiled crime films like Heat, Collateral, and Miami Vice, always has been a stickler for authenticity, and he brought me into Blackhat as an adviser early on, before it had a title or a lead actor. If you’re wondering how one gets involved in a Michael Mann film, here’s how it works: Mann calls you on the phone. You think, “Why is Michael Mann calling me?” After a phone conversation and an interview in Los Angeles, you’re officially invited on board as a consultant. It turned out Blackhat’s screenwriter had read my cybercrime book Kingpin, and he’d suggested me to Mann. When I showed up for my first consulting meeting, I expected to find a roomful of people crowded around a long conference table. Instead, it was just me and Mann, sitting in his office for five hours at a time. He had questions about malware, hacking, how modern computer intrusions play out. For subsequent meetings, I was given the current iteration of the screenplay (watermarked with my name, lest I leak it to the Pirate Bay), and we went over it line by line, looking at dialogue, discussing tweaks to the hacking and forensics scenes, and working on some of the procedural elements in the plot. Later, Mann brought in a second computer consultant, OkCupid hacker Chris McKinley, to write code for the movie and train leading man Chris Hemsworth in Linux basics, making Hemsworth officially the best-looking human to ever use a command line. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Sony hack was good news for INSURERS and INVESTORS

http://www.theregister.co.uk/2015/01/15/sony_hack_was_good_news_for_insurers_and_investors/ By Mark Pesce The Register 15 Jan 2015 Whoever hacked Sony Entertainment at the end of November changed information security forever. Where once hackers had been most concerned to gain access to the honeypots of credit cards and bank accounts, this theft had a different goal, one that became clear with the steady release of Sony’s most intimate secrets throughout December. This wasn’t about money. This was all about humiliation. We now know way too much about the inner workings of one of the ‘Big Four’ film studios. The magic of cinema looks weak and ugly under close examination. Everything that once seemed lofty and businesslike has been exposed as little more than high school politics and juvenile name-calling. In the back of our heads, we wonder if the rich and powerful talk always trash outside the spotlight. Is Sony the exception


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Heartbleed Superbug Found in Utility Monitoring Systems

http://www.nextgov.com/cybersecurity/2014/05/heartbleed-superbug-found-utility-monitoring-systems/84637/ By Aliya Sternstein NextGov.com May 16, 2014 Software that monitors utility plants and other operations at several military installations has been found to be affected by the recently discovered superbug Heartbleed, when configured a certain way, according to the Homeland Security Department and the software’s manufacturer. “The latest release of Schneider Electric Wonderware Intelligence Version 1.5 SP1 is not susceptible to the OpenSSL vulnerability. However, users have been known to reinstall Tableau Server, the vulnerable third-party component that is affected. Therefore, Schneider Electric Wonderware has issued a patch and a security bulletin addressing this vulnerability in all versions,” states a bulletin from the DHS Cyber Emergency Response Team. Exploits made by hackers “that target this vulnerability are known to be publicly available” on the Web, DHS said. Heartbleed is a defect in common Web encryption software that researchers discovered in early April. Wonderware servers, made by Schneider Electric, collect and analyze plant performance data through the Web. The company’s cyber team identified the bug in the third-party component. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail