Summer Software Hacking Roundup
Just when you thought that this would be another lazy summer, early August bestowed upon us some serious hacks that affected the national media and a prominent tech writer. What both of these cases have in common is the absolute need for businesses to keep their technology updated and for us common folk to make sure we are up-to-date on the latest security protocols to protect our identity.
Of course, hacking doesn’t always need to be so nefarious, and to highlight that fact, I’ve included two examples in this story that show how hacking can lead to increased security and, in the case of a once-young hacker hooligan, a change of heart.
Read on to see what’s been going on with hacking during the past month:
1. Reuters Gets Hacked; Fake News Stories Ensue
What happens when a prominent international news service decides to use an old version of WordPress for its bloggers? You guessed it—it gets hacked, as ZDNet reports. According to a WordPress lead developer named Mark Jaquith, Reuters was using version 3.1.1 of the blogging platform (the current version is 3.4.1), thus leaving it prime for an attack. As a result of the hack, fake news stories were posted, including “an alleged interview with a Syrian rebel leader.”
And the fun didn’t stop there, as The Christian Science Monitor reports. Reuters’s Twitter account was then hacked and flooded with fake tweets that contained extremely non-biased reports like: "FSA source confirms heavy losses within their ranks due to the superiority and sheer force of the Syrian army."
Let this be an important lesson to every organization: Make sure all your platforms and technology are updated to the latest version, especially if you know that thousands of people are either using or viewing your product. There’s no excuse now for not being aware of potential security issues.
2. Wired Writer Gets Identity Stolen through Hacking Scheme
Mat Honan’s terrifying ordeal of identity theft would make Sandra Bullock’s character in “The Net” shiver with fright. The Wired writer shocked the tech world with his detailed account of how lax security methods in the customer service systems of Amazon and Apple led to hackers gaining access to all of his personal data and then deleting it. What makes this hack so interesting was that there didn’t seem to be any sort of software virus or technique that allowed for someone to steal Honan’s data.
It was just a classic case of someone calling up a customer service center and pretending to be someone else in order to deceive and obtain information that otherwise would not be available. All the hackers had in this case was “just enough” information on Honan to convince customer service personnel to hand over control of Honan’s Apple account. With that access, the hackers were able to do serious damage, even getting into Honan’s Google account with the info from his Apple account.
Of course, no matter how much protection a company can promise, sometimes it’s simply up to people themselves to ensure that their data is properly stored and protected.
From Wired :
In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.
Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.
Those security lapses are my fault, and I deeply, deeply regret them.
3. Mozilla Software Developer Discovers How to Pick Locks through Hacks
Let’s all take a deep sigh of relief that Cody Brocious, a software developer for Mozilla, has not yet used his programming powers for evil. PCWorld reports that Brocious created a fifty-dollar device that allowed him to “unlock door locks manufactured by Onity.” In case you are not familiar with Onity, Forbes reports that Onity “devices are installed on the doors of between four- and five-million hotel rooms around the world according to the company’s figures.”
From Forbes :
Brocious’s exploit works by spoofing a portable programming device that hotel staff use to control a facility’s locks and set which master keys open which doors. The portable programmer, which plugs into the DC port under the locks, can also open any door, even providing power through that port to trigger the mechanism of a door lock in which the battery has run out.
4. Confessions of a Teenage Hacker
While this is technically not an actual hack that occurred this summer, it’s still worth noting. Jeff Atwood, a software developer who writes the blog Coding Horror, recently wrote about his experiences as a young computer outlaw. Atwood takes us all the way back to 1988 where he documents his exploits and shares an amusing tale of how he created software that would “tell the modem to dial over and over and try different combinations.”
From Coding Horror:
Using my own software got me in trouble with the law. And deservedly so; what I wrote the software to do was illegal. I hired a local lawyer who represented me...It was quite clear at preliminary hearings that the Chesterfield County court system did not see any computer crime cases, and they had absolutely no idea what to make of me, or what this was all about. All they saw was a smart kid with a bit of bad judgment who loved computers and was headed to the University of Virginia, most likely not a life as a career criminal. So the case was dismissed for the cost of lawyer's fees. Which, for the record, I had to pay myself, using my income as a Safeway cashier.
