Password guessing, ping of death, and fake phone calls counts as 'Hacking' these days?
Jeez. Kids these days.
A Surrey man has been charged with hacking offences related to the attack on the Mumsnet website last year. David Gerrard Buchanan, 18, of Haslemere, Surrey, was charged on Saturday with three offences under the Computer Misuse Act following an investigation by the Met’s Cyber Crime Unit (MPCCU). Two of the alleged offences …
"No, because most of them are babysat by the TV and everyone knows in real life you can get shot 3 dozen times and get up, then still fight 300 baddies with your bare hands"
It has definitely got worse since I was a kid because back then the good & bad guys on tv would shoot at each other all day long and nobody got hit.
"If you have a problem... if no one else can help... and if you can find them... "
"That doesn''t entitle him to smash the site up, or 'swat' its owners. Bernie Madoff had talent too, should he have been "given" a job in a bank instead of being jailed?"
Totally different situations. Frank Abagnale was committing fraud for years (even flew a plane, he can't fly a plane but he pretended he could). He was eventually caught, what happened to him? Given a job by the government to help them on fraud cases. The bloke hasn't done too badly for himself on the right side of the law since then.
This country has a fetish for punishing kids and young adults for crimes that the judge has absolutely no clue about and that the "victims" are embarrassed by the offender. In this case, the admins who swore blind they secured the site.
Prisons are seen by the public as places to be punished, when actually yes they are there to do time at Her Majesty's pleasure but they're also places to be rehabilitated and integrate the prisoner in to public life afterwards.
The problem though is that once the offender has came out of prison after doing their time, they try and integrate back in to society. They apply for jobs, but because you have to declare criminal convictions they won't get the job because the employer doesn't want an ex-con working for them. So what happens? The offender gets a really thankless job with no hope of improving their situation, or re-offend.
It's insane to ruin a kid or young adults life like this. There are plenty of things I did when I was 18 that 10 years on I would cringe at doing. And it's all well and good saying "Well when I was 18 I knew not to do X or what would happen if I do Y" - fair enough that's you. You aren't the rule.
And it's all well and good saying "Well when I was 18 I knew not to do X or what would happen if I do Y" - fair enough that's you. You aren't the rule.
That's a depressing point of view. I rather think that, despite what you might see on EastEnders, people who knew how to behave themselves even when they were only 18 are the rule. Do you have kids? If so, have you brought them up to behave like that?
At 18 years of age I was shown how to kill a person with my bare hands, in fact IIRC it was by the age of 17.
All done by my government and my choice......
So you cannot use the history fuckin excuse on that one, yes we were probably "brung up better" but it was still there...
Sorry you just got my goat on that comment. Oh and by the way I am just coming up to my 60'th so an old fart in real live and getting even more seeing as how this here interwebnet stuff is going, can we not go back to BB please?
Whilst I agree that it's terrible to waste young lives, we do (as a society) need some level at which we send people to jail. I'm not convinced that he is going to jail just yet (what with the need for a trial and sentencing first), but from what is reported I do think he needs to change his approach. Which may require jail.
I also did stuff at 18 which I cringe over. I even did stuff at 28 that I cringe over... But making such a scene is foolish. It's likely to attract attention and the heavy hand of the law.
Just a quick note - it's not the courts that will ruin this blokes life. It was the bloke himself. He is clearly stupid enough to get caught, and stupid enough to do the crime in the first place.
I've always liked the phrase, if you cannot do the time, don't do the crime.
I did stupid things when I was 18, but I didn't break the law.
Oh I do wish this was true, what I did in my teens ( many years ago ) I regret.
But it still sticks around, I used to have full military clearance to work on nukes etc....
Now I cannot even get a job due to a little indiscretion when I was younger. ( in this younger jargon, joy riding. )
Ah well I am glad I will be retiring this year and just tinkering with computers rather than fixing them. Keep on keeping on guys, love the commentards on here.
"The kid has a talent"
What are you basing that on? It doesn't say how they got in, for all you know the total skill applied involved downloading an exploit kit, pointing it at Mumsnet and going and hanging out at the local bus stop for a few hours.
It doesn't say whether he's a skilled cracker or brainless skiddie, but I suspect the latter, because:
1. he got caught
2. he targetted Mumsnet
3. he thought this was a good idea
Even when I was that age I knew the phrase "you do it once, you do it big, you disappear and never do it again". Hitting Mumsnet stinks of skiddie.
This post has been deleted by its author
RSA Conference An ambitious project spearheaded by the World Economic Forum (WEF) is working to develop a map of the cybercrime ecosystem using open source information.
The Atlas initiative, whose contributors include Fortinet and Microsoft and other private-sector firms, involves mapping the relationships between criminal groups and their infrastructure with the end goal of helping both industry and the public sector — law enforcement and government agencies — disrupt these nefarious ecosystems.
This kind of visibility into the connections between the gang members can help security researchers identify vulnerabilities in the criminals' supply chain to develop better mitigation strategies and security controls for their customers.
Updated A former Seattle tech worker has been convicted of wire fraud and computer intrusions in a US federal district court.
The conviction follows the infamous 2019 hack of Capital One in which personal information of more than 100 million US and Canadian credit card applicants were swiped from the financial giant's misconfigured cloud-based storage.
Paige Thompson (aka "erratic") was arrested in July 2019 after data was leaked between March and July of that year. The data was submitted by credit card hopefuls between 2005 and early 2019, and Thompson was able to get into Capital One's AWS storage thanks to a "misconfigured web application firewall."
A US task force aims to prevent online harassment and abuse, with a specific focus on protecting women, girls and LGBTQI+ individuals.
In the next 180 days, the White House Task Force to Address Online Harassment and Abuse will, among other things, draft a blueprint on a "whole-of-government approach" to stopping "technology-facilitated, gender-based violence."
A year after submitting the blueprint, the group will provide additional recommendations that federal and state agencies, service providers, technology companies, schools and other organisations should take to prevent online harassment, which VP Kamala Harris noted often spills over into physical violence, including self-harm and suicide for victims of cyberstalking as well mass shootings.
Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe.
In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement officials from 76 countries raided 1,770 call centers suspected of running fraudulent operations such as telephone and romance scams, email deception scams, and financial crimes.
Among the 2,000 people arrested in Operation First Light 2022 were call center operators and fraudsters, and money launderers. Interpol stated that the operation also saw 4,000 bank accounts frozen and 3,000 suspects identified.
RSA Conference Living off the land is so 2021. These days, cybercriminals are living off the cloud, according to Katie Nickels, director of intelligence for Red Canary and a SANS Certified Instructor.
"It's not enough to pay attention to the operating systems, the endpoints, said Nickels, speaking on a SANS Institute panel about the most dangerous new attack techniques at RSA Conference. "Adversaries, a lot of their intrusions, are using cloud services of different types."
And yes, living off the land (or the cloud), in which intruders use legitimate software and cloud services to deploy malware or spy on corporations and other nefarious activities, isn't a new type of attack, Nickels admitted. "But what's new here is the levels to which using cloud services [for cyberattacks] has risen."
Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India.
The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs.
"Bohrium actors create fake social media profiles, often posing as recruiters," said Amy Hogan-Burney, GM of Microsoft's Digital Crimes Unit. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."
An Interpol-led operation code-named Killer Bee has led to the arrest and conviction of a Nigerian man who was said to have used a remote access trojan (RAT) to reroute financial transactions and steal corporate credentials. Two suspected accomplices were also nabbed.
The trio, aged between 31 and 38, were detained as part of a sting operation involving law enforcement agencies across 11 countries: Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nigeria, Philippines, Singapore, Thailand, and Vietnam.
The suspects were arrested in the Lagos suburb of Ajegunle and in Benin City, Nigeria. At the time of their arrests, all three men were in possession of fake documents, including fraudulent invoices and forged official letters, it is claimed.
The Feds have warned organizations about a lesser-known extortion gang Karakurt, which demands ransoms as high as $13 million and, some cybersecurity folks say, may be linked to the notorious Conti crew.
In a joint advisory [PDF] this week, the FBI, CISA and US Treasury Department outlined technical details about how Karakurt operates, along with actions to take, indicators of compromise, and sample ransom notes. Here's a snippet:
FluBot, the super-spreader Android malware that infected tens of thousands of phones globally, has been reportedly squashed by an international law enforcement operation.
In May, Dutch police disrupted the mobile malware's infrastructure, disconnecting thousands of victims' devices from the FluBot network and preventing more than 6.5 million spam text messages propagating the bot from reaching potential victims, according to Finland's National Bureau of Investigation on Wednesday.
The takedown followed a Europol-led investigation that involved law enforcement agencies from Australia, Belgium, Finland, Hungary, Ireland, Spain, Sweden, Switzerland, the Netherlands and the US.
Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.
According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.
"The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.
Biting the hand that feeds IT © 1998–2022