Can You Hack It?

Calling all hackers, do you pack what it takes?

NSA is looking for a few good hackers

The National Security Agency has a challenge for hackers who think they’re hot stuff: Prove it by working on the “hardest problems on Earth.”

Computer hacker skills are in great demand in the U.S. government to fight the cyberwars that pose a growing national security threat — and they are in short supply.

For that reason an alphabet soup of federal agencies — DOD, DHS, NASA, NSA — are descending on Las Vegas this week for Defcon, an annual hacker convention where the $150 entrance fee is cash only — no registration, no credit cards, no names taken. Attendance is expected to top 10,000.

The NSA is among the keen suitors. The spy agency plays offense and defense in the cyberwars. It conducts electronic eavesdropping on adversaries, and it protects U.S. computer networks that hold super-secret material — a prime target for America’s enemies.

See also:
NSA Wants to Hire Hackers at DefCon
US gov’t building hacker army for cyber war
U.S. government hankers for hackers
U.S. Federal Agencies Look to Hire Hackers at Defcon; Cyber Criminals Offer Services to the Public
US government agencies scouting for computer hackers: report
Federal Agencies to Recruit Hackers at Defcon
R u h4X0R? n33d @ jo8? NSA wants you (locked up in a cubicle, not a cell)
The NSA Wants More Hackers for Their ‘Collection of Geeks’
Welcome to the National Security Agency – NSA/CSS
National Security Agency
Defcon
DEF CON

Would you rather work for them or be hunted down by them? If you’re good enough, it probably pays pretty well and beats sitting in a prison cell.

/don’t forget to bring your white hat

Advertisements

It’s Extra Special Patch Tuesday!

Yep, this gaping hole in Windows is so bad that Microsoft couldn’t even wait until next week’s regularly scheduled Patch Tuesday to try and fix it.

Microsoft issues emergency security patch for million dollar Windows flaw

Microsoft today rushed out an emergency patch for Windows Vista and Windows 7 PCs just eight days before its next Patch Tuesday.

The software giant issues security patches on the second Tuesday of each month, and only rarely issues so-called out-of-band patches. The company has never issued an emergency patch this close to Patch Tuesday, says Jason Miller, data and security team leader at patch management firm, Shavlik Technologies.

“Coming out with this patch this close to a Patch Tuesday is severe,” says Miller. “People should be paying attention to this one, and patch as soon as possible.”

Importantly, the emergency patch does nothing for hundreds of millions of PCs running Windows XP Service Pack 2 and Windows Server 2000, since Microsoft last month stopped issuing security updates for those older versions of its flagship operating system. The company continues to urge Windows XP SP2 users, in particular, to upgrade to Windows XP SP3, which will continue to get security updates, or to buy new Windows 7 PCs.

Update: To be clear, this patch will work on Windows XP SP3, Windows Server 2003 SP2; Windows Vista, Window Server 2008, Windows 7, Windows Server 2008 R2. It will not work on Windows XP SP2 or Windows Server 2000.

At the Black Hat and Def Con security conferences in Las Vegas last week, attendees referred to this Windows flaw as a $1 million vulnerability. Savvy hackers can tweak a basic component of all versions of Windows, called LNK. This is the simple coding that enables shortcut program icons to appear on your desktop.

No one in the legit world knew the LNK flaw existed until mid July, when security blogger Brian Krebs began reporting on a sophisticated worm spreading via USB thumb drives. That worm, known has Stuxnet, took advantage of the newly-discovered flaw to run a malicious program designed specifically to breach Siemens SCADA (supervisory control and data acquisition) software systems. Over a period of months the attackers had infected Siemens SCADA controls in power plants and factories in Iran, Indonesia, India and some Middle East nations, according to antivirus firm Symantec.

See also:
Microsoft Security Bulletin MS10-046 – Critical
Microsoft ships rush patch for Windows shortcut bug
Microsoft issues emergency patch for Windows shortcut link vulnerability
Microsoft Patches Windows Shell Vulnerability
Microsoft’s New Patch for Windows Shortcut Exploit
Emergency patch closes LNK hole in Windows
Microsoft sticks to plan, denies emergency patch for XP SP2

The new emergency patch is here, the new emergency patch is here!

/so, if your Windows didn’t automatically update, you’d better do it now

Let’s Play ATM Or Slot Machine?

Barnaby Jack is at it again.

Researcher Demonstrates ATM ‘Jackpotting’ at Black Hat Conference

In a city filled with slot machines spilling jackpots, it was a “jackpotted” ATM machine that got the most attention Wednesday at the Black Hat security conference, when researcher Barnaby Jack demonstrated two suave hacks against automated teller machines that allowed him to program them to spew out dozens of crisp bills.

The demonstration was greeted with hoots and applause.

In one of the attacks, Jack reprogrammed the ATM remotely over a network, without touching the machine; the second attack required he open the front panel and plug in a USB stick loaded with malware.

Jack, director of security research at IOActive Labs, focused his hack research on standalone and hole-in-the-wall ATMs — the kind installed in retail outlets and restaurants. He did not rule out that bank ATMs could have similar vulnerabilities, though he hasn’t yet examined them.

The two systems he hacked on stage were made by Triton and Tranax. The Tranax hack was conducted using an authentication bypass vulnerability that Jack found in the system’s remote monitoring feature, which can be accessed over the Internet or dial-up, depending on how the owner configured the machine.

Tranax’s remote monitoring system is turned on by default, but Jack said the company has since begun advising customers to protect themselves from the attack by disabling the remote system.

To conduct the remote hack, an attacker would need to know an ATM’s Internet IP address or phone number. Jack said he believes about 95 percent of retail ATMs are on dial-up; a hacker could war dial for ATMs connected to telephone modems, and identify them by the cash machine’s proprietary protocol.

The Triton attack was made possible by a security flaw that allowed unauthorized programs to execute on the system. The company distributed a patch last November so that only digitally signed code can run on them.

Both the Triton and Tranax ATMs run on Windows CE.

Using a remote attack tool, dubbed Dillinger, Jack was able to exploit the authentication bypass vulnerability in Tranax’s remote monitoring feature and upload software or overwrite the entire firmware on the system. With that capability, he installed a malicious program he wrote, called Scrooge.

Scrooge lurks on the ATM quietly in the background until someone wakes it up in person. It can be initiated in two ways — either through a touch-sequence entered on the ATM’s keypad or by inserting a special control card. Both methods activate a hidden menu that allows the attacker to spew out money from the machine or print receipts. Scrooge will also capture track data embedded in bank cards inserted into the ATM by other users.

To demonstrate, Jack punched the keys on the typed to call up the menu, then instructed the machine to spit out 50 bills from one of four cassettes. The screen lit up with the word “Jackpot!” as the bills came flying out the front.

To hack the Triton, he used a key to open the machine’s front panel, then connected a USB stick containing his malware. The ATM uses a uniform lock on all of its systems — the kind used on filing cabinets — that can opened with a $10 key available on the web. The same key opens every Triton ATM.

Two Triton representatives said at a press conference after the presentation that its customers preferred a single lock on systems so they could easily manage fleets of machines without requiring numerous keys. But they said Triton offers a lock upgrade kit to customers who request it — the upgraded lock is a Medeco pick-resistant, high-security lock.

. . .

Jack said that so far he’s examined ATMs made by four manufacturers and all of them have vulnerabilities. “Every ATM I’ve looked at allows that ‘game over.’ I’m four for four,” he said at the press conference. He wouldn’t discuss the vulnerabilities in the two ATMs not attacked on Wednesday because he said his previous employer, Juniper Networks, owns that research.

Jack said his aim in demonstrating the hacks is to get people to look more closely at the security of systems that are presumed to be locked down and impenetrable.

See also:
Bunker-busting ATM attacks show security holes
Hacker breaks into ATMs, dispenses cash remotely
Security researcher demonstrates ATM hacking
Black Hat: Hacker Tricks ATMs Into Raining Cash
Researcher shows how to hack ATMs with “Dillinger” tool
Armed with exploits, ATM hacker hits the jackpot
Powered By Microsoft Windows
IOActive Labs
Tranax Technologies
Triton Systems

All your ATMs are belong to Barnaby Jack!

/I’ll bet Barnaby is really well paid and gets plenty of job offers from the Black Hats as well as the White Hats

Lots More Trouble For ACORN

The hits just keep on coming.

ACORN May Face Trial for First Time as Nevada Prosecutors Allege ‘Widespread’ Criminal Policies

When ACORN took to Las Vegas and started playing “Blackjack” and “21,” the activist group was making a far bigger gamble than it ever guessed, according to Nevada prosecutors.

There’s nothing wrong with playing the tables in Vegas, but authorities say ACORN was using the names of those casino games as a cover to illegally pay workers to sign up voters as part of an illegal quota system.

A preliminary hearing Tuesday in the downtown Clark County courthouse has put ACORN on trial for the first time as a criminal defendant.

Until now, prosecutions for voter registration fraud have focused on ACORN workers, and authorities have secured guilty pleas from several who admitted to falsifying voter registration forms.

But when investigators from Nevada Secretary of State Ross Miller’s office raided the ACORN Las Vegas office, Ross says they found a paper trail that implicated the ACORN organization itself.

“We came across policy manuals that outline their policy of creating a quota system, which is against the law,” Miller told FOX News in an interview. “This, in fact, was something that was widespread and something the organization itself knew about, and it’s important to hold the organization criminally accountable as opposed to the individual field directors.”

ACORN denies it had a quota for the number of voter registration forms that its workers were required to turn in every day. Instead, the organization says there were “performance standards” — an expectation that workers would find 20 new voters a day.

But prosecutors say ACORN paid a $5 bonus per day to workers who would sign up 21 or more voters per shift, hence the name “21” or “Blackjack,” an alleged quota system that Ross says is the first step toward corrupting the democratic system.

“These charges strike at the heart of having integrity of the electoral process. That’s something that is important in Nevada and the entire country,” he told FOX News.

“By filing these charges we are sending a clear message we are not going to tolerate these kinds of activities. We have seen voter registration abuse before and we are holding these people accountable.

Affidavits: Ballot abuse rampant

Dozens of forged and fraudulent absentee ballots from people registered to vote on the Working Families Party line were filed in the Sept. 15 primary elections in Troy, the Times Union has learned.

Many of the questionable ballots were filed under the names of students and people who live in government-subsidized housing and other downtown areas. Still others were submitted on behalf of voters who were alleged to have signed the ballots earlier this month, but those people have not lived in New York state for at least a year, records show.

Documents at the county Board of Elections show the fraudulent ballots were handled by or prepared on behalf of various elected officials and leaders and operatives for the Democratic and Working Families parties. A Troy housing authority employee, Anthony Defiglio, who sources said oversees vacant properties for the Troy Housing Authority, also handled many of the fraudulent ballots, according to public records and interviews with voters who said they were duped.

With No Fanfare, Senate Hits ACORN, Again

With no fanfare and no roll call vote, not even a speech — the Senate on Tuesday unanimously approved an amendment by Sen. Mike Johanns, R-NE, that bars any funds from the Defense spending bill from going to ACORN.

Johanns promised to introduce a similar amendment on every spending bill Congress considers this year, until the chamber takes up his broader bill that would impose permanent ban on ACORN receiving any federal funds.

It took the Senate a little over one minute to consider the measure.

Bank of America pulls ACORN funding

Troubled community organizing group ACORN suffered another setback on Monday, when Bank of America announced it is pulling its funding of ACORN Housing.

In a statement, Bank of America said that is it “suspending current commitments to ACORN Housing and will not enter into any further agreements with ACORN or any of its affiliates” until it is satisfied that all issues related to the organization have been resolved.

See also:
Ex-ACORN worker details blackjack voter registration bonuses
Ex-ACORN organizer describes voter signup bonuses
Ex-ACORN official outlines alleged illegal voter registration plan
Massive Voter Fraud in NY Linked to ACORN
WORKING FAMILIES PARTY = ACORN; What Will AG Cuomo Do?
REDSTATE EXCLUSIVE: A Review of ACORN CEO Bertha Lewis’s Rolodex Suggests Strong White House Ties
Inside The ACORN Rolodex: ACORN Has Its Own Political Party Other Than the Democrats
Senate votes to ban ACORN — again
Johanns keeps aim on ACORN
Effort to defund ACORN faces hurdles
Bank suspends dealings with ACORN housing entity
BofA severs ACORN ties
Acorn Housing Board Member Steps Down
ACORN, A Toxic Organization?
Cracking down on ACORN
East Bay ACORN chapters feel impacts of national brouhaha
Preliminary ACORN probe by end of October

/keep up the pressure, ACORN needs to be totally unraveled and its rampant corruption brought to an end

Powered By Microsoft Windows

With Bill Gates and crew protecting our ATMs with Windows, just thank God your bank accounts are insured by the FDIC up to $250,000.

ATM Vendor Halts Researcher’s Talk on Vulnerability

An ATM vendor has succeeded in getting a security talk pulled from the upcoming Black Hat conference after a researcher announced he would demonstrate a vulnerability in the system.

Barnaby Jack, a researcher with Juniper Networks, was to present a demonstration showing how he could “jackpot” a popular ATM brand by exploiting a vulnerability in its software.

Jack was scheduled to present his talk at the upcoming Black Hat security conference being held in Las Vegas at the end of July.

But on Monday evening, his employer released a statement saying it was canceling the talk due to the vendor’s intervention.

“Juniper believes that Jack’s research is important to be presented in a public forum in order to advance the state of security,” the statement read. “However, the affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected. Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack’s presentation until all affected vendors have sufficiently addressed the issues found in his research.”

In the description of his talk on the conference web site, Jack wrote that, “The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves. Rarely do we see any targeted attacks on the underlying software. This presentation will retrace the steps I took to interface with, analyze, and find a vulnerability in a line of popular new model ATM’s. The presentation will explore both local and remote attack vectors, and finish with a live demonstration of an attack on an unmodified, stock ATM.”

Jack did not disclose the ATM brand or discuss whether the vulnerability was found in the ATM’s own software or in its underlying operating system. Diebold ATMs, one of the most popular brands, runs on a Windows operating system, as do some other brands of ATMs.

Diebold did not respond to a call for comment.

Earlier this year, Diebold released an urgent alert (.pdf) announcing that Russian hackers had installed malicious software on several of its Opteva model ATMs in Russia and Ukraine. A security researcher at SophosLabs uncovered three examples of Trojan horse programs designed to infect the ATMs and wrote a brief analysis of them. Last month another security research lab, Trustwave’s SpiderLabs, provided more in-depth analysis of malware used to attack 20 ATMs in Russia and Ukraine of various brands.

According to SpiderLabs, the attack required an insider, such as an ATM technician or anyone else with a key to the machine, to place the malware on the ATM. Once that was done, attackers could insert a control card into the machine’s card reader to trigger the malware and give them control of the machine through a custom interface and the ATM’s keypad.

The malware captured account numbers and PINs from the machine’s transaction application and then delivered it to the thief on a receipt printed from the machine in an encrypted format or to a storage device inserted in the card reader. A thief could also instruct the machine to eject whatever cash is inside the machine. A fully loaded ATM can hold up to $600,000.

It’s unclear if the talk Jack was scheduled to give addresses the same vulnerability and malware or a new kind of attack.

See also:
Juniper Nixes ATM Security Talk
ATM vendor gets security talk pulled from conferences
Researcher barred from demoing ATM security vuln
Jackpotting ATM Machines courtesy of the Jolly Roger
Barnaby Jack
Barnaby Jack
Embedded Problems
Exploiting Embedded Systems, Blackhat 2006 (Barnaby Jack)
Black Hat ® : The World’s Premier Technical Security Conference
Black Hat ® Technical Security Conference: USA 2009
Juniper Networks
SophosLabs
SpiderLabs — About Us — Trustwave
Diebold

Jackpotting ATMs, kind of like playing a slot machine where you win first time, every time and it pays out in twenties.

/all I can say is that I’m sure glad Barnaby Jack is one of the good guys