GTA 6 Hacker Found To Be Teen With Amazon Fire Stick In Small Town Hotel Room

August 26, 2023 by Jenny List 115 Comments

International cybercrime, as portrayed by the movies and mass media, is a high-stakes game of shadowy government agencies and state-sponsored hacking groups. Hollywood casting will wheel out a character in a black hoodie and shades, probably carrying a metallic briefcase as they board an executive jet.

These things aren’t supposed to happen in a cheap hotel room in your insignificant hometown, but the story of a British teen being nabbed leaking the closely guarded details of Grand Theft Auto 6 in a Travelodge room in Bicester, Oxfordshire brings the action from the global into the local for a Hackaday scribe. Bicester is a small town best known for a tacky outlet mall and as a commuter dormitory stop on the line to London Marylebone, it’s not exactly Vice City.

The teen in question is one [Arion Kurtaj], breathlessly reported by the BBC as part of the Lapsus$ gang, which is a sensationalist way of talking up a group of kids expert at computer infiltration but seemingly inept at being criminals. After compromising British telcos he was exposed by another group and nabbed by the authorities, before being moved to the hotel for his own safety.

Here the story becomes more interesting for Hackaday readers, because though denied access to a computer he purchased an Amazon Fire stick presumably at the Argos in the Sainsburys next door, and plugged it into the Travelodge TV. Using this he was able to access cloud services, we’re guessing a virtual Linux environment or similar, before continuing to compromise further organisations including Rockstar Games to leak that GTA 6 footage. He’s yet to be sentenced, but we’re guessing that he’ll continue to spend some time at His Majesty’s pleasure.

The moment of excitement in one’s hometown and the sensationalist reporting aside, we can’t help feeling sad that a teen with that level of talent evidently wasn’t given the support and encouragement by Oxfordshire’s education system necessary to put it to better use. Let’s hope when he’s older and wiser the teenage conviction won’t prevent him from having a useful career in the field.

Microsoft Discontinues Kinect, Again

August 26, 2023 by Donald Papp 17 Comments

The Kinect is a depth-sensing camera peripheral originally designed as a accessory for the Xbox gaming console, and it quickly found its way into hobbyist and research projects. After a second version, Microsoft abandoned the idea of using it as a motion sensor for gaming and it was discontinued. The technology did however end up evolving as a sensor into what eventually became the Azure Kinect DK (spelling out ‘developer kit’ presumably made the name too long.) Sadly, it also has now been discontinued.

The original Kinect was a pretty neat piece of hardware for the price, and a few years ago we noted that the newest version was considerably smaller and more capable. It had a depth sensor with selectable field of view for different applications, a high-resolution RGB video camera that integrated with the depth stream, integrated IMU and microphone array, and it worked to leverage machine learning for better processing and easy integration with Azure. It even provided a simple way to sync multiple units together for unified processing of a scene.

In many ways the Kinect gave us all a glimpse of the future because at the time, a depth-sensing camera with a synchronized video stream was just not a normal thing to get one’s hands on. It was also one of the first consumer hardware items to contain a microphone array, which allowed it to better record voices, localize them, and isolate them from other noise sources in a room. It led to many, many projects and we hope there are still more to come, because Microsoft might not be making them anymore, but they are licensing out the technology to companies who want to build similar devices.

This Week In Security: WinRAR, DNS Disco, And No Silver Bullets

August 25, 2023 by Jonathan Bennett 1 Comment

So what does WinRAR, day trading, and Visual Basic have in common? If you guessed “elaborate malware campaign aimed at investment brokers”, then you win the Internet for the day. This work comes from Group-IB, another cybersecurity company with a research team. They were researching a malware known as DarkMe, and found an attack on WinRAR being used in the wild, using malicious ZIP files being spread on a series of web forums for traders.

Among the interesting tidbits of the story, apparently at least one of those forums locked down the users spreading the malicious files, and they promptly broke into the forum’s back-end and unlocked their accounts. The vulnerability itself is interesting, too. A rigged zip file is created with identically named image file and folder containing a script. The user tries to open the image, but because the zip is malformed, the WinRAR function gets confused and opens the script instead.

Based on a user’s story from one of those forums, it appears that the end goal was to break into the brokers’ trading accounts, and funnel money into attacker accounts. The one documented case only lost $2 worth of dogecoin.

There was one more vulnerability found in WinRAR, an issue when processing malicious recovery volumes. This can lead to code execution due to a memory access error. Both issues were fixed with release 6.23, so if you still have a WinRAR install kicking around, make sure it’s up to date! Continue reading “This Week In Security: WinRAR, DNS Disco, And No Silver Bullets” →

Smart Garbage Trucks Help With Street Maintenance

August 24, 2023 by Lewin Day 42 Comments

If you’ve ever had trouble with a footpath, bus stop, or other piece of urban infrastructure, you probably know the hassles of dealing with a local council. It can be incredibly difficult just to track down the right avenue to report issues, let alone get them sorted in a timely fashion.

In the suburban streets of one Australian city, though, that’s changing somewhat. New smart garbage trucks are becoming instruments of infrastructure surveillance, serving a dual purpose that could reshape urban management. Naturally, though, this new technology raises issues around ethics and privacy.

Continue reading “Smart Garbage Trucks Help With Street Maintenance” →

India Makes History With Chandrayaan-3 Landing

August 24, 2023 by Tom Nardi 33 Comments

Yesterday, the Indian Space Research Organization’s (ISRO) Chandrayaan-3 spacecraft performed a powered soft-landing on the Moon, officially making India the fourth country to achieve a controlled descent to the lunar surface. Up to this point, only the United States, China, and the Soviet Union could boast successful landings on our nearest celestial neighbor.

What’s more, Chandrayaan-3 has positioned itself closer to the Moon’s south pole than any other mission in history. This area is of great interest to scientists, as there is evidence that deep craters in the polar region contain considerable deposits of frozen water. At the same time, the polar highlands receive almost constant sunlight, making it the perfect location to install solar arrays. These factors make the Moon’s south pole an ideal candidate for a future human outpost, and Chandrayaan-3 is just one of several robotic craft that will explore this area in the coming years.

But as is usually the case with space exploration, the success of Chandrayaan-3 didn’t come easy, or quickly. The ISRO started the Chandrayaan program in 2003, and launched the Chandrayaan-1 mission in 2008. The craft successfully entered lunar orbit and surveyed the surface using a wide array of instruments, many of which were provided by foreign space agencies such as NASA and the ESA. In 2019 the far more ambitious Chandrayaan-2 mission was launched, which included a lander and small rover. While the orbiter component of Chandrayaan-2 was a complete success, the lander crashed into the Moon’s surface and was destroyed.

With Chandrayaan-3 now safely on the surface of the Moon, there’s much work to be done in the coming days. The planned mission lifetime for both the lander and rover is a single lunar day, which equals just about two weeks here on Earth. After that, the vehicles will be plunged into a long stretch of frigid darkness which they likely won’t survive.

Continue reading “India Makes History With Chandrayaan-3 Landing” →

Pen Plotter Uses Polar Coordinates

August 23, 2023 by Bryan Cockfield 12 Comments

To keep track of a location in a two-dimensional space, two measurements are needed. Most of the time, we would naturally think to do this by the Cartesian method, measuring position along one axis and then again along a second axis. But this isn’t the only way of keeping track of position. Polar coordinates, where the distance from the origin and an angle are used as the two measurements, works just as well, and sometimes can be a preferred method. This pen plotter tosses the expected Cartesian methodology we would typically expect in favor of this polar system.

The first prototype that [André] built was a good proof of concept. A pen attached to a movable carriage on a single rotating arm produced passable drawings, but as all prototypes go this one needed some refinement. Limit switches at the ends of the table, as well as within the arm, served to orient the plotter so that it didn’t manually need to be zeroed out every time. A linear actuator was added to give finer control over the pen’s pressure on the table, and finally an encoder was added to the base of the plotter to more accurately correct positional errors in the rotating arm mechanism.

With everything said and done, the polar coordinate plotter seems to work just as well as its Cartesian cousins might, orienting it like this has some advantages as well. Specifically, it is more adapted to drawing curves or circles than an X-Y device might be able to, like we saw with this similar sand-drawing plotter. Also, if allowed to rotate its entire 360-degree reach instead of just the 90 degrees shown in the video, a machine like this could theoretically reach a wider workspace more easily than other plotters.

Continue reading “Pen Plotter Uses Polar Coordinates” →

Liberté, égalité, Fraternité: France Loses Its Marbles On Internet Censorship

August 22, 2023 by Jenny List 77 Comments

Over the years we’ve covered a lot of attempts by relatively clueless governments and politicians to enact think-of-the-children internet censorship or surveillance legislation, but there’s a law from France in the works which we think has the potential to be one of the most sinister we’ve seen yet.

It flew under our radar so we’re grateful to [0x1b5b] for bringing it to our attention, and it concerns a proposal to force browser vendors to incorporate French government censorship and spyware software in their products. We’re sure that most of our readers will understand the implications of this, but for anyone not versed in online privacy and censorship this is a level of intrusion not even attempted by China in its state surveillance programme. Perhaps most surprisingly in a European country whose people have an often-fractious relationship with their government, very few French citizens seem to be aware of it or what it means.

It’s likely that if they push this law through it will cause significant consternation over the rest of the European continent. We’d expect those European countries with less liberty-focused governments to enthusiastically jump on the bandwagon, and we’d also expect the European hacker community to respond with a plethora of ways for their French cousins to evade the snooping eyes of Paris. We have little confidence in the wisdom of the EU parliament in Brussels when it comes to ill-thought-out laws though, so we hope this doesn’t portend a future dark day for all Europeans. We find it very sad to see in any case, because France on the whole isn’t that kind of place.

Header image: Pierre Blaché CC0.