1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  12  |  13  |  14  |  15  |  16  |  17  |  18  |  19  |  20  |  21  |  22  |  23  |  24  |  25  |  26  |  27  |  28  |  29  |  30  |  31  |  32  |  33  |  34  |  35  |  36  |  37  |  38  |  39  |  40  |  41  |  42  |  43  |  44  |  45  |  46  |  47  |  48  |  49  |  50  |  51  |  52  |  53  |  54  |  55  |  56  |  57  |  58  |  59  |  60  |  61  |  62  |  63  |  64  |  65 

January 26, 2012

The New French Hacker-Artist Underground

The New French Hacker-Artist Underground | Magazine
Thirty years ago, in the dead of night, a group of six Parisian teenagers pulled off what would prove to be a fateful theft. They met up at a small caf� near the Eiffel Tower to review their plans—again—before heading out into the dark. Lifting a grate from the street, they descended a ladder to a tunnel, an unlit concrete passageway carrying a cable off into the void. They followed the cable to its source: the basement of the ministry of telecommunications. Horizontal bars blocked their way, but the skinny teens all managed to wedge themselves through and ascend to the building’s ground floor. There they found three key rings in the security office and a logbook indicating that the guards were on their rounds. But the guards were nowhere to be seen. The six interlopers combed the building for hours, encountering no one, until they found what they were looking for at the bottom of a desk drawer—maps of the ministry’s citywide network of tunnels. They took one copy of each map, then returned the keys to the security office. Heaving the ministry’s grand front door ajar, they peeked outside; no police, no passersby, no problem. They exited onto the empty Avenue de S�gur and walked home as the sun rose. The mission had been so easy that one of the youths, Natacha, seriously asked herself if she had dreamed it. No, she concluded: “In a dream, it would have been more complicated.” This stealthy undertaking was not an act of robbery or espionage but rather a crucial operation in what would become an association called UX, for “Urban eXperiment.” UX is sort of like an artist’s collective, but far from being avant-garde—confronting audiences by pushing the boundaries of the new—its only audience is itself. More surprising still, its work is often radically conservative, intemperate in its devotion to the old. Through meticulous infiltration, UX members have carried out shocking acts of cultural preservation and repair, with an ethos of “restoring those invisible parts of our patrimony that the government has abandoned or doesn’t have the means to maintain.” The group claims to have conducted 15 such covert restorations, often in centuries-old spaces, all over Paris. What has made much of this work possible is UX’s mastery, established 30 years ago and refined since, of the city’s network of underground passageways—hundreds of miles of interconnected telecom, electricity, and water tunnels, sewers, catacombs, subways, and centuries-old quarries. Like computer hackers who crack digital networks and surreptitiously take control of key machines, members of UX carry out clandestine missions throughout Paris’ supposedly secure underground tunnels and rooms. The group routinely uses the tunnels to access restoration sites and stage film festivals, for example, in the disused basements of government buildings. . . .

December 27, 2011

Hackers have been skimming credit card numbers from SUBWAY since at least 2008

It looks like the point of sale systems in many stores either had default passwords or easy to guess passwords (like "password") set. The thieves were able to guess the passwords and then load on some keylogger software to the Subway registers. How hackers gave Subway a $3 million lesson in point-of-sale security
For thousands of customers of Subway restaurants around the US over the past few years, paying for their $5 footlong sub was a ticket to having their credit card data stolen. In a scheme dating back at least to 2008, a band of Romanian hackers is alleged to have stolen payment card data from the point-of-sale (POS) systems of hundreds of small businesses, including more than 150 Subway restaurant franchises and at least 50 other small retailers. And those retailers made it possible by practically leaving their cash drawers open to the Internet, letting the hackers ring up over $3 million in fraudulent charges. In an indictment unsealed in the US District Court of New Hampshire on December 8, the hackers are alleged to have gathered the credit and debit card data from over 80,000 victims. "This is the crime of the future," said Dave Marcus, director of security research and communications at McAfee Labs in an interview with Ars. Instead of coming in with guns and robbing the till, he said, criminals can target small businesses, "root them from across the planet, and steal digitally." The tools used in the crime are widely available on the Internet for anyone willing to take the risks, and small businesses' generally poor security practices and reliance on common, inexpensive software packages to run their operations makes them easy pickings for large-scale scams like this one, Marcus said. While the scale of this particular ring may be significant, the methods used by the attackers were hardly sophisticated. According to the indictment, the systems attacked were discovered through a targeted port scan of blocks of IP addresses to detect systems with a specific type of remote desktop access software running on them. The software provided a ready-made back door for the hackers to gain entry to the POS systems. The PCI Security Standards Council, which governs credit card and debit card payment systems security, requires two-factor authentication for remote access to POS systems—something the applications used by these retailers clearly didn't have.