WSJ website hacked, data offered for sale for 1 bitcoin | Ars Technica

A screenshot posted by “w0rm” showing he had dumped the user table from a Wall Street Journal database.

Dow Jones & Co. took two servers that store the news graphics for The Wall Street Journal website offline yesterday evening after a confirmed intrusion by a hacker calling himself “w0rm.” The hacker was offering what he claimed was user information and server access credentials that would allow others to “modify articles, add new content, insert malicious content in any page, add new users, delete users, and so on,” Andrew Komarov, chief executive officer of cybersecurity firm IntelCrawl, told The Wall Street Journal.

via WSJ website hacked, data offered for sale for 1 bitcoin | Ars Technica.

NSA loves The Bahamas so much it records all its cellphone calls | Ars Technica

Documents obtained by former National Security Agency contractor Edward Snowden show that the NSA has covertly intercepted and recorded nearly all of the calls made to, from, or between cell phones in The Bahamas. The surveillance, reported by The Intercept, used legal monitoring access obtained by the Drug Enforcement Administration.

via NSA loves The Bahamas so much it records all its cellphone calls | Ars Technica.

Photos of an NSA “upgrade” factory show Cisco router getting implant | Ars Technica

A document included in the trove of National Security Agency files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) unit and other NSA employees intercept servers, routers, and other network gear being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they’re delivered.

These Trojan horse systems were described by an NSA manager as being “some of the most productive operations in TAO because they pre-position access points into hard target networks around the world.”

The document, a June 2010 internal newsletter article by the chief of the NSA’s Access and Target Development department (S3261) includes photos (above) of NSA employees opening the shipping box for a Cisco router and installing beacon firmware with a “load station” designed specifically for the task.

via Photos of an NSA “upgrade” factory show Cisco router getting implant | Ars Technica.

Posted in NSA

US sends its giant spy drone to look for kidnapped Nigerian girls | Ars Technica

The drone that the United States Air Force sees as the replacement for the venerable U-2 spy plane is now flying surveillance missions over Nigeria as part of the search for 276 schoolgirls kidnapped by the Boko Haram terrorist group. A Northrop Grumman RQ-4 Global Hawk flew a mission over Nigeria on Tuesday, according to an NBC News report.

The Global Hawk, which first flew in 1998, can stay airborne for up to 28 hours and has a range of 8,700 miles. It has a wingspan close to that of a Boeing 747, weighs more than 32,000 pounds, and carries the Hughes Integrated Surveillance and Reconnaissance (HISAR) sensor system, a down-market version of the infrared, optical, and synthetic aperture radar gear Hughes developed for the U-2.

via US sends its giant spy drone to look for kidnapped Nigerian girls | Ars Technica.

Iran claims to clone US stealth drone, but it looks fake | Ars Technica

The Iranian military claims to have successfully duplicated the RQ-170 Sentinel drone that was captured in Iran in 2011, and it has put the drone on display alongside the original. The home-built version, Islamic Revolutionary Guard officers claim, could be used to attack US Navy ships in the Persian Gulf. But outside observers believe the copy is about as capable of that as the mock-up of a US aircraft carrier Iran built, allegedly for a movie set.

On May 11, Iranian television broadcast a report from an exhibition by the Islamic Revolutionary Guard Corps Aerospace Force in Tehran, where Ayatollah Ali Khamenei was shown the two unmanned aircraft by military officers. “Our engineers succeeded in breaking the drone’s secrets and copying them,” an officer said in the video broadcast. “It will soon take a test flight.”

The RQ-170, built by Lockheed Martin, is a turbofan-powered unmanned aircraft flown by the 30th Reconnaissance Squadron, part of the Air Force’s 432nd Wing (the Air Force’s drone command). The aircraft first gained notoriety as the secretive “beast of Kandahar” during operations in Afghanistan in 2007. The Air Force is believed to have purchased 20 Sentinels.

Little is known about their operational role, though their “flying-wing” airframe appears to have been designed for stealthy reconnaissance and surveillance missions. It’s believed that the aircraft captured in 2011 by the Iranians was being used to conduct surveillance of nuclear facilities.

The Iranians claimed that they were able to jam the Air Force’s data link to the drone and take control of it, bringing it down for an almost soft landing. They also claimed that the drone was recovered nearly intact and that the Revolutionary Guard was able to download data from its onboard systems. While the US government disputed those claims, later reports indicated that it was within the realm of possibility that the Iranians had managed to take over control of the drone.

Just what sort of “secrets” the RQ-170 surrendered to the Iranians is not clear. But aviation industry analysts who saw the footage of the Iranian clone of the RQ-170 have said it appears to be a fake—nothing more than a cheap fiberglass mockup put together for propaganda purposes, similar to the mockup of a stealth fighter the Iranians displayed last year. (Footage of that plane “flying” appeared to actually be of a small radio-controlled model.)

“It seems their fiberglass work has improved a lot,” an industry source familiar with the RQ-170 told US Naval Institute News. “It also seems that if it were a functional copy, versus a detailed replica, it wouldn’t necessarily have the exact same landing gear, tires, etc. They would probably just use whatever extra F-5 parts or general aviation parts they had lying around.”

via Iran claims to clone US stealth drone, but it looks fake | Ars Technica.

NSA routinely tapped in-flight Internet, intercepted exported routers | Ars Technica

In his new book No Place to Hide, Glenn Greenwald revealed a number of additional details on the “craft” and tools used by the NSA and its British counterpart, the GCHQ. While many of the capabilities and activities Greenwald details in the book were previously published in reports drawing from Edward Snowden’s vast haul of NSA documents, a number of new pieces of information have come to light—including the NSA’s and GCHQ’s efforts to use airlines’ in-flight data service to track and surveil targeted passengers in real time.

The systems—codenamed “Homing Pigeon” by the NSA and “Thieving Magpie” by the GCHQ—allowed the agencies to track which aircraft individuals under surveillance boarded based on their phone data.

via NSA routinely tapped in-flight Internet, intercepted exported routers | Ars Technica.

After 17-year march, Army still drags its boots on buying high-tech radios | Ars Technica

The US Army and other military services began development of software-defined radios to replace aging analog systems in 1997—long before Wi-Fi, broadband cellular, and high-definition television were even on the drawing board. The Joint Tactical Radio System (JTRS) program was supposed to revolutionize battlefield communications, turning soldiers and vehicles into nodes in an all-digital network that allowed data and video to flow as easily as voice traffic.

Little did the people working on the JTRS program know that the product of their labors would take 20 years to start being deployed in volume to troops—and how little of the original scope of the program would ever make it into service. The Army just announced this month its roadmap for rolling out JTRS-based Handheld, Man-Pack, and Small Form Factor (HMS) program radio systems in volume—three years from now. That means it may be 2018 before most soldiers see the radios in the field.

On May 2, at Fort Bliss, Texas, the Army’s HMS program team conducted its first “terrain walk-around” test of the AN/PRC-155 Manpack Radio, General Dynamics’ backpack offering for the program. The tests were in advance of a Network Integration Evaluation test at White Sands—the same evaluation exercise where, in 2011, the Ground Mobile Radio program met its Waterloo. The Army cancelled the GMR program after those tests and after an investment of $6 billion.

via After 17-year march, Army still drags its boots on buying high-tech radios | Ars Technica.

Massachusetts “Romneycare” site killed after rejecting Obamacare transplant | Ars Technica

 

The Massachusetts Health Connector is getting its plug pulled.

Nevada, Maryland, Massachusetts, Minnesota, and Oregon are members of a club that no one wants to join—all of these states have largely failed at getting their electronic health insurance exchange sites to work properly (or, in some cases, at all). Given the legislatively mandated deadline, the delays in delivery of requirements by the federal government, and the scale of the task that faced states developing their own healthcare exchange sites under the Affordable Care Act, people familiar with government information technology projects might tell you that it’s surprising that any of the websites worked at all.

But if any state had a greater shot at success, it was Massachusetts—the state that served as the model upon which the Affordable Care Act was based. Now, Massachusetts’ health exchange has decided to shutter its own site at least temporarily, switching to the federal exchange to buy time for a better fix.

States running their own exchanges need to be ready by November 15 for the next round of open enrollment for health plans. That has put a number of states with floundering exchange sites in a pinch. Oregon was the first state with its own exchange to completely abandon its own website after spending more than $300 million in federal grants on the project.

Oregon officials have publicly blamed the database giant Oracle, the state’s primary contractor for the site, for its failure. In March, the Government Accountability Office announced that it would conduct an investigation of the Cover Oregon exchange project; last week, The Wall Street Journal reported that the FBI is now conducting its own investigation.

In an official statement in April, an Oracle spokesperson said that “Oracle looks forward to providing any assistance the state needs in moving parts of Oregon’s health care exchange to the Federal system if it ultimately decides to do so.” Last week, the board of the exchange voted to move to the federal exchange.

via Massachusetts “Romneycare” site killed after rejecting Obamacare transplant | Ars Technica.

FAA fines ’80s band bassist for violating NYC airspace with quadrocopter | Ars Technica

The Federal Aviation Administration has slapped a camera-equipped quadrocopter operator with a $2,200 fine after he “endangered the safety of the national airspace system” with his three-pound aircraft last September. The fine comes just a few weeks after a federal administrative judge ruled in another case that the FAA has no jurisdiction over small remote-controlled aircraft—a ruling the FAA has appealed. The fine was levied on David Zablidowsky, a 34-year old Brooklynite and bassist for the 1980s cover band Rubix Kube, who flew his camera-equipped DJI Phantom quadrocopter off of a building on East 38th Street in Manhattan on September 30, 2013. In the process, he crashed the aircraft into multiple nearby buildings before it plummeted more than 20 stories to a sidewalk below, crashing 20 feet from a pedestrian. The pedestrian then took the drone and reported the incident to police. via FAA fines ’80s band bassist for violating NYC airspace with quadrocopter | Ars Technica.

In his words: How a whitehat hacked a university and became an FBI target | Ars Technica

David Helkowski stood waiting outside a restaurant in Towson, Maryland, fresh from a visit to the unemployment office. Recently let go from his computer consulting job after engaging in some “freelance hacking” of a client’s network, Helkowski was still insistent on one point: his hack, designed to draw attention to security flaws, had been a noble act.

The FBI had a slightly different take on what happened, raiding Helkowski’s home and seizing his gear. Helkowski described the event on reddit in a thread he titled, “IamA Hacker who was Raided by the FBI and Secret Service AMAA!” Recently Ars sat down with him, hoping to get a better understanding of how this whitehat entered a world of gray. Helkowski was willing to tell practically everything—even in the middle of an ongoing investigation.

Until recently, Helkowski worked for The Canton Group, a Baltimore-based computer consulting firm serving, among other clients, the University of Maryland. Helkowski’s job title at The Canton Group was “team lead of open source solutions,” but he began to shift his concerns toward security after identifying problems on a University of Maryland server.

Read more at Ars Technica: In his words: How a whitehat hacked a university and became an FBI target | Ars Technica.

My PGP Public Key

I’ve now registered PGP keys through GPGtools for both my work and personal email addresses. If you’re trying to reach me on a sensitive topic, you can reach out to me at sean.gallagher at arstechnica dot com using the following public key to encrypt your message:

Short ID: 332B13CF
Key ID: E0A93113332B13CF
Fingerprint: 00FF E0BB B114 1A97 7A47 06F4 E0A9 3113 332B 13CF

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
Comment: GPGTools - https://gpgtools.org

mQENBFIvaxgBCAC3gqHjEWiBGLv9dwW9tBcG/uuz/bXSxEpOBMAHJQJeZsOpJZ4N
ckxzgBepchgmuQpWH4MBmIkk7MQuP/6gDMPRBnxFknl0z3R4+AoOzhKtbgekSrSN
GktkEBo1HwUPlZFtiVQs32kFpSTel7s1mJvMOq5NdV2e0+DbEuuNeMQjrpurABta
Tjg04rBHFhxOL9v4uej2lxo3cDIoOPCCTVZcePWeyRrKK8SA4Z4CZJGJgDLvig+h
Jj36ZIRoR9OkpBuKlnTnj5dOLrV4+Vii2tL+RiPMgeckO1+Bodef+jFjtCJ2i5qM
meEBxZPbjruHpgi6csc57ZgG1Z+D5hcSNKJBABEBAAG0L1NlYW4gR2FsbGFnaGVy
IDxzZWFuLmdhbGxhZ2hlckBhcnN0ZWNobmljYS5jb20+iQE9BBMBCgAnBQJSL2sY
AhsvBQkHhh+ABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEOCpMRMzKxPPG3UH
/AlDqR2Z+j86imlArze7XfVbgj21pk7b4jKlsntjDFYngWfoSyQAKqDfZc/jbRPA
/UMQdQEC5K3hwJkQCriaCcpOImx+QQ9Ur5Qgwn12yEn6wM6Il7ynC7BoiMbL2F/o
kVQzcXAvlk2wBleY7RtslEiHJODhdrXSTX8pAirC9LrB6im7CHkhKQhel4JaK9DD
lB2EBsrFdMKJQJvnET6F39pueLRTbKLyV6oNC1/LmQGf97Hs01ptYApCUcfAfDeA
i4cmSwWdH5oxbcue9cSizk3q0buq3yf5lEV/T63htH7H/vmvb3iXzcrJuyt23c3m
r/kcPRDpfwyQq7nID1b2wOa5AQ0EUi9rGAEIAOXAZs6r+btLmR9ilp+vC3TTN/Oz
wjnJo0N3CRRnJpKyd7On/zKGslfHrskKVt6pOhuuVXSU3uPryS/zad5O/NFtQ5m4
Yi7wMSOr62f5xitrRR+CJGU7sOfmU1tRyHop7BoOcvhMwlVDL4KW5W5wrblmWlG9
fLQw9Lm+2B/21fLRcFFE7TiauFNsFp/zrLPruKOtMip2N67/QYMLZRt8nIIOqUnG
HfVWMNdEaUf8WyINoW1IaRn4jEm3/0rTX1wk+jJjg0qs6U8DcI52KJDd0XWoXQyl
WQp7CQbgBnxys3hP44Ch+YPB1mBw6ihHXE/s8KPqOPRqNHtWxfNls/8vRQsAEQEA
AYkCRAQYAQoADwUCUi9rGAIbLgUJB4YfgAEpCRDgqTETMysTz8BdIAQZAQoABgUC
Ui9rGAAKCRAPunomXvB3Xxc7B/wO/vvpcrAnNWysRweH1+Sr3uEaNEKk58Lz+uaY
BDL4ORyMkdI+lvXz1ZCVdj4kTQSdXlx1qqvgQRxxwdn5KOzD1qrGpMPT715B9a+d
ddqI53Ewumtt0X8k2Lb725nQwoTZuK1JrMfOPa/XPkmDgZPhKfgyJMvCbeX6HSeU
Lq5NSI1OWQhChmk5Tfub7p09+yIHHIPqdG4942pVxwrk+R0gUe3Fan8M2HRs+KaH
PY1jOlHsZcyhpDBi5LIFg/aiN0wVbEAkyVYw00TEQMbJve0m/fsGPpj2PO8FkdFg
JO9yA4Y84Z963qlYe0E9pzy80f9wQ+As0IGu41WmGGAjkbk4ozkH/RHbjVr8dz+K
XmrFbBoQpKAEz2iYdcv14yWU8MCFEiPw9BfGMlXw+WJ/qLsGwblXqcyi7i5i6Im/
DAq0XLy/wQPjRVpZh23WxZS/gFVYlIfWXQbtiy0AahwuLcjK9wTF//ogZc2lo15A
TF4br48lbPqhwgb7LmvRj3i+gUPoVI+u59RP1GjAGKGF/4bmDHVKgiuHSd2rFvH4
jpIY+heWSj0GGeS0tOxVz5KHFYk2WnGachkxzVXwbw7kyfLKR1wDAYr4kuigM2pc
CmQ1yNAcwHGUB217tsWBXEmzxQ/AxuvIy6oMNJrXXqRJg03RIp32Ck+qFXRg+b8I
cg06DjP3/NA=
=5a+d
-----END PGP PUBLIC KEY BLOCK-----

NSA hacker in residence dishes on how to “hunt” system admins | Ars Technica

If you spend enough time perusing the Internet for helpful information on how to build a botnet or hack an online game, you’ll inevitably end up on a discussion board site filled with posts from various hackers eager to share that knowledge and build up their street cred. But even if you use Tor to explore the “dark Web” for such boards, you’ll never reach the 1337est board of them all—the discussion board hosted on the National Security Agency’s NSAnet.

The latest data dump from the archive of NSA webpages leaked by Edward Snowden contains a sampling of posts from the NSA’s internal hacker board by one author in particular—an NSA employee that The Intercept’s Ryan Gallagher and Peter Mass claim is the person who wrote presentations on attacking the Tor network. In one of his posts, the author outlines approaches to gaining access to networks used by individuals targeted for surveillance.

 

Read more of this post at Ars Technica: NSA hacker in residence dishes on how to “hunt” system admins | Ars Technica.

Posted in NSA