Thursday, December 10, 2009

This is cool !

The U.S. Securities and Exchange Commission has filed civil charges against a young Pennsylvania man for computer hacking and identity theft in a scheme last July to dump worthless options for Cisco Systems stock.

The case against Van T. Dinh, 19, of Phoenixville, Pennsylvania, is the first time computer hacking and identity theft have both played a part in a fraud prosecution by the commission, the SEC said Thursday.

Dinh was arrested Thursday morning on the campus of Drexel University, where he claimed to be studying business, according to John Reed Stark, chief of the SEC Office of Internet Enforcement.
Stock Options

Dinh was motivated to commit the crime after being stuck with 7200 worthless options contracts for Cisco stock. Exercising the options would have resulted in a loss of approximately $37,000, the SEC said, citing court documents filed in July.

In June the Pennsylvania teenager paid $91,200 to buy more than 9000 put options on Cisco stock, which gave him the right to sell the shares at or below $15 per share before July 19, 2003, according to a statement released by the U.S Attorney's Office for the District of Massachusetts, which is also pursuing Dinh.

In the weeks following his purchase, however, Cisco stock hovered around $19 per share, making Dinh's put options worthless, Stark said.
Elaborate Scheme

Instead, Dinh allegedly set up an elaborate scheme to unload the shares in a bogus transaction. First, the teenager allegedly lured participants in an online stock-discussion group to download a key-logging program that he claimed was a stock-charting tool, the SEC said.

After using the program to monitor the information typed on victims' machines, Dinh allegedly obtained the log-in and password information for a TD Waterhouse Investor Services online brokerage account owned by a Westborough, Massachusetts, man.

With the victim's account information in hand, Dinh used his own online brokerage account to create orders to sell the worthless options, then hacked into the victim's online account and created corresponding buy orders for the options, the SEC said.

The transactions depleted around $46,986 from the victim's brokerage account, according to the U.S. Attorney's Office.

The SEC learned of the crime after being contacted directly by the victim, and launched an investigation that grew to include the Federal Bureau of Investigation and the U.S. Attorney's Office, Stark said.

Stark would not comment on how the 19-year-old obtained the money to buy the put options, but said that the SEC's investigation into him was ongoing.

Dinh was also charged by the U.S. Attorney's Office in Massachusetts with securities fraud, mail fraud, and wire fraud resulting from the illegal sale, the SEC said.
Under Investigation

The SEC used the case to trumpet its online investigative technique, noting that the commission identified Dinh as the alleged culprit within days of the crime, despite his attempts to cover his tracks online through the use of multiple e-mail accounts and Web sites that enable Internet users to shield their identity.

A trail of both money and digital communications led from the victim's computer back to Dinh, he said.

Unlike other kinds of transactions, those involving securities leave a detailed paper trail that is easy for investigators to track, Stark said.

In addition, key-logging software that Dinh installed sent out a steady stream of e-mail messages that could be traced back to accounts under Dinh's control. Ultimately, investigators were also able to trace the origin of both the sale and purchase of the options back to an IP address at the Phoenixville home of Dinh's parents, Stark said.

If found guilty, Dinh could face a maximum term of 30 years in jail and a $1 million fine for the securities, mail, and wire fraud charges, according to the U.S. Attorney's Office.

The agency also said that the case should serve as a warning to investors who use online brokerage services. Users should be suspicious of programs they are asked to download and install, and should use antivirus and firewall software to shield their computers from intrusions, the SEC said.

Mechanix my opinion:
I told you not to get caught!! They throw the book at you when you are smarter then they are!!!!!
An expert on cable modem hacking has been arrested by federal authorities on computer intrusion charges.

According to the U.S. Department of Justice (DOJ), Ryan Harris, 26, ran a San Diego company called TCNISO that sold customizable cable modems and software that could be used to get free Internet service or a speed boost for paying subscribers.

Harris, also known as DerEngel, was charged on Aug. 16, but the grand jury indictment was not unsealed until Monday, several days after his Oct. 23 arrest. He faces a maximum sentence of 20 years in prison and a US$250,000 fine, the DOJ said. The six-count indictment charges him with conspiracy, computer intrusion and wire fraud.
Hackers have known for years that certain models of cable modem, such as the Motorola Surfboard 5100, can be hacked to run faster on a network, a process known as uncapping. However, the question of whether uncapping a modem is illegal is "not clear," according to Bill Pollock, founder of No Starch Press, which published Harris's 2006 how-to book Hacking the Cable Modem.

Cable modems can also be configured to use a paying customer's MAC (Media Access Control) address to steal service. According to the indictment, Harris helped develop tools that could be used to sniff MAC addresses in order to get on the network free.

Harris isn't the first person to be charged with this type of activity. In January, Thomas Swingler was charged with selling cable modems that could be customized to get free Internet service.

See what happens when ya' get caught being smart :{ bummer So DON"T GET CAUGHT!!

Long ago I had situation where I was sailing internet Wireless I had bought A large router from the phone company and got dedicated line T1 and I would broad cast across my neighborhood. Went door to door like newspaper salesman and had twenty accounts . I would issue them all Email accounts. But I think this should be legal but I found out that It's not . I also planned to use sat dishes pointed from my house to A distant mountain top cabin where I had a larger one . I wanted to supply the entire valley but that's where I realized the Situation I was creating ...I finally quit after a while. Got scared when I started reading about shit like this going down.
What I finally did was instead of sailing it I would just give it away for free.
You can purchase A larger router and get all the bandwidth you need just call and be ready to get your credit card handy! What do you think!

Monday, December 07, 2009

Hackers attack antivirus firm’s tech-support site

February 16, 2009 (Computerworld) A Kaspersky Lab technical support site was hacked late last month, exposing private customer information for 11 days, the Moscow-based security company admitted last week. The company learned of and closed the breach on Feb. 7 after it was notified by the Romanian hackers.

“This is not good for any company, especially for a company dealing with security,” acknowledged Roel Schouwenberg, a senior antivirus researcher at Kaspersky, in a conference call last week. “This should not have happened.”

The company had revamped the U.S. support site and relaunched it on Jan. 28. From that point until Feb. 7, the support database was open to attack, Schouwenberg said. The revamped site has now been replaced by the old version.

In a blog post, the hackers claimed that they were able to access a customer database that held e-mail addresses and software-activation codes by launching a SQL injection attack.

Schouwenberg confirmed that the database was hacked via SQL injection, but he contended that only the database’s table labels were accessed, not the customer data. However, the e-mail addresses of about 2,500 customers and some 25,000 activation codes were at risk, he noted.

Schouwenberg said the hack was made possible by a combination of vulnerable code crafted by an unnamed third-party vendor and poor code review by Kaspersky.

Kaspersky hired Next Generation Security Software Ltd.’s David Litchfield, an expert on SQL injection attacks, to audit the systems. His report, delivered Feb. 12, confirmed Kaspersky’s findings.

HA HA HA HA you can stop one of us but you can't stop us all ! This is the funniest shit I have read all day. Good job Anon hacker

The websites of two major providers of security products have been hit by hackers.

A new Valentine’s Day spam email has been detected by Websense as containing a Waledac variant. Websense Security Labs has reported to have seen several fake Valentine’s Day sites serving up malware recently, with an increase in adult dating and ‘healthcare’ related email spam released to mark the occasion. Carl Leonard, Websense threat research manager, claimed that it works by the user opening the URL in the spammed message and being redirected to a site with two puppies and a love heart to give a Valentine’s theme. The user is then enticed to download a Valentine’s kit to prepare a present for a loved one, which is a new Waledac variant.

Leonard said: The usual suspects have emerged as expected, with Valentine spam emails and Trojans. The public are becoming more aware of these and it is getting harder to trick people this way. Cyber criminals are also taking their efforts to social networks, given its rising popularity and potential to manipulate the user through ‘friend’ messages.

A €œOrganized criminal units have a long history of timing their attacks to coincide with popular occasions in order to achieve maximum success. Valentine’s Day 2009 is a day that is similarly marked on the criminals’ calendar for targeted attacks.”

Websense has warned of three key signs of fake sites: ‘Broken Hearts’ sites show colourful images such as puppy dogs or a picture of 12 pretty hearts and ask ‘Guess, which one is for you?’. The web page however is one big image and a single click from a tricked user commences the download of Trojans named “onlyyou.exe” or “youandme.exe”, which can connect to remote websites to receive commands and send information about the compromised system.

€˜I am your friend’ uses social networking tricks to get users to visit fake sites, with Websense claiming that a popular technique at the moment is spam email pretending to originate from social networking sites – complete with love hearts and cartoon characters. Clicking through to the link would download a Trojan designed to steal log in credentials for banking sites.

Seventy per cent of the top 100 most popular websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites. Specially created malicious sites are in decline as cybercriminals switch to compromising ‘trusted’ websites. Websense claimed that as there is increased confidence in shopping and researching online - a lot of which happens whilst in the office – people are turning to the internet to order flowers, chocolates and other gifts and cybercriminals are compromising these sites and stealing data.

Leonard said: The underground economy is positively flourishing as companies fail to keep up with security technology. Criminals are taking advantage of the growing number of Web 2.0 properties, which allows user generated content. More than ever we’re seeing websites injected with links to direct users to malicious and compromised sites.

€œSince many email security systems lack web intelligence, spammers have also stepped up email campaigns which contain links to malicious web pages. It’s clear that businesses need security with real-time protection, but until this becomes the norm – cybercriminals will continue stealing data and breaking hearts.


It has been 4 ever sense I wrote in this blog . I thought they ( GOOGLE ) had deleted it by now but they must have better things to do. NE way I thought I would continue on with the rambling I had always done . Oh if there are people that do read my blog Please forgive the absence. I will start posting new stuff and some old useless stuff if you are new here thrn you have to go to my previous postings .

Sunday, April 19, 2009

TiVo UI control via internet . No hacking required!!!

As many of you may have already heard, TiVo added support for Crestron systems back in software version 9.1 but there isn't a whole lot of information available about from TiVo or from Crestron.

After thinking about it for a small while, my curiosity was piqued, and I decided to try and figure out the protocol Crestron was using to talk to an unhacked TiVo, and how we non-Crestron users could somehow harness it.

As it turns out both the TiVo HD and Series3 units now listen on port 31339 for connections from a Crestron device. What is really interesting about this discovery is that this service is enabled and accessible by default on a stock Series3 running software 9.1 and up. There is NO HACKING REQUIRED to use this interface.

The protocol and its commands aren't published, but some heavy digging on Crestron and debugging the tivoapp binary resulted in some interested finds.

If you telnet into your TiVo on port 31339, you will be presented with the following:

This prompt reflects the current status of the TiVo and will tell you the current channel being watched, and if it's being recorded.

Once the telnet session is started, the following commands are available:

KEYBOARD - The current purpose and syntax of this command is unknown.

TELEPORT - I'm not sure why this command exists, because I believe anything that TELEPORT does can also be accomplished via IRCODE. That said, the four currently known places you can "teleport" to are TIVO, LIVETV, GUIDE, and NOWPLAYING.

SETCH - This command will change the channel on the current tuner being watched to the channel number defined. If the current tuner is recording a program, it will change the other tuner. If both tuners are recording, the channel will not change and the TiVo will respond with "CH_FAILED RECORDING "Show Title". Using this command when a recording is being played back will result in "CH_FAILED NO_LIVE".

FORCECH - This command will force the current tuner to the tune the desired channel regardless of what it's doing. If a recording is being recorded it will cancel the recording and change the channel without confirmation.

IRCODE - IRCODE seems to mimic the old "sendkey" command in almost every way. While it can't handle multiple commands on one line, almost all of the commands listed in sendkey.tcl are valid and working.

The following is a list of IRCODE commands that I have verified as working:

If take too long to type a command, it will result in COMMAND_TIMEOUT since the interface was designed to receive whole and complete commands, and was not designed to be used manually via telnet.

That's all I've found for now, but I'll be sure to post updates as they come along.