MySpace users are very familiar with the visage of their first “friend” and MySpace cofounder [Tom Anderson], but did you ever wonder what he used to do before he became everyone’s friend? TechCrunch’s investigative reporting revealed that [Tom] was a hacker in the eighties who hacked into the Chase Manhattan Bank computer system, which attracted the attention of the FBI. Under the handle “Lord Flathead”, he became the leader of a black hat hacker group by the time he was fourteen. His activities (along with those of other hackers) led to one of the largest FBI raids in California history. Because he was a minor at the time, he was not arrested, but put on probation in exchange for an agreement to stop committing computer crimes. This definitely makes having [Tom Anderson] on your friends list just a bit more interesting, doesn’t it?
It looks like it’s time to update our event list. Here are some hacking related events happening through the rest of the year.
- ToorCon September 26-28 San Diego, CA – In its tenth year, ToorCon has always been one of our favorites. The conference is fairly small, but features great content like last year’s fuzzing talk.
- Arse Elektronika (NSFW) September 25-28 San Francisco, CA – Happening the same time as ToorCon, this conference covers the sexual side of human and machine interaction. The device list has gems like The Seismic Dildo, which only turns on if there is seismic activity in the world.
- Maker Faire October 18-19 Austin, TX – It’s Maker Faire! In Texas!
- Roboexotica December 4-7 Vienna, Austria – The premier festival for cocktail robotics is also back for the tenth time. They’re always looking for more exhibitors. Check out our Hackit for ideas.
- 25C3 December 27-30 Berlin, Germany I think we pretty much covered all the bases on this incredible conference yesterday.
Did we miss anything?
While we’re sure that just about everyone has heard about the conflict between Russia and Georgia, few have probably heard about the role of cyber attacks in the conflict. Shortly before Russia’s armed response, Georgian state web servers were attacked by individuals assumed to be Russian hackers. This attack almost completely obliterated Georgia’s online presence by shutting down the website for the Ministry of Defense, and the Central Government’s main site. The Russian attackers seem to be using some form of sustained DDoS to keep many Georgian sites offline. In an effort to preserve some web presence, the Georgian Government transferred [President Mikheil Saakashvili]’s site to a US hosting provider in Atlanta. The Ministry of Foreign Affairs even created a BlogSpot page after their website initially went down. While politically motivated DDoS attacks have not been rare in past months, this seems to be the first time where the attacking party can be clearly identified. This seems to be the start of a trend where the unconventional methods of cyber warfare are used to gain an advantage over the enemy.
British computer hacker [Gary McKinnon] lost his final appeal to block his extradition to the U.S. He stands accused of hacking into almost 100 U.S. military and NASA computers from his girlfriend’s aunt’s house in London over a four year period by the U.S. government. If convicted of the crimes in a U.S. court, he could face up to 70 years imprisonment. [Gary McKinnon] freely admitted to hacking into the computers, but claimed that he did it out of curiosity, not out of malice or any terroristic aims. He was looking for information on UFOs. The U.S. government claimed that in addition to hacking into the computers, he also stole 950 passwords and erased important files. [McKinnon’s] next move will be to appeal to the European Court, and if unsuccessful, he will have no other option but to stand trial in the U.S. court system.
In the aftermath of [Terry Childs], the jailed disgruntled software engineer who created a God password and effectively locked San Francisco officials out of their own computer system, IT Grind unveils its Techie Hall of Shame. The Hall of Shame highlights figures who give computer professionals a bad name. From [Roger Duronio], the systems administrator who wasn’t satisfied with his raise, to [Kenneth Kwak], who installed spyware on his boss’ computer in order to gossip, the wrath of the IT professional can wreak thousands to millions of dollars of damages for companies and corporations to clean up. As much as these figures seem to be singular figures, we think they also serve as cautionary tales. Always have backup. If you suspect you’ve got a disgruntled employee, you should probably at the very least keep another expert eye on him. And hire more than one person to manage your systems. [Deb Perelman] asks her readers who else they think would be worthy of the Hall of Shame. We’re curious to know what you think, too.
The court cases against high profile hackers [Gary McKinnon], [Gregory King], and [Robert Matthew Bentley] all had major developments last week, with [King] and [Bentley] sentenced to time in prison and [McKinnon] in a tenuous
state fighting extradition.
Both [King] (aka Silenz) and [Bentley] (aka LSDigital) will serve time for crimes related to botnets, but where [King] used one to stage DDOS attacks, [Bentley] used them to create spam. [King]’s botnet had 7,000 nodes, and though the court did not release the size of [Bentley]’s botnet, all of his bots were computers in the Rubbermaid company. [King] agreed to a two-year sentence, while [Bentley] was sentenced to 41 months.
[McKinnon] (aka Solo) who is of British origin, may serve up to 60 years in prison for mounting the “biggest military hack ever” on U.S. government computers. Between 2001 and 2002, he allegedly hacked into 97 computers in U.S. military and NASA networks. To be charged in American courts, though, he would have to be extradited first, and his extradition appeal to British courts is currently pending.