(Photo: Flickr)

One day after hacktivist collective Anonymous claimed to have stolen 15,000 membership records from the "semi-official" North Korea government outlet uriminzokkiri.com, the country's official Flickr and Twitter accounts have also been hacked. So far, the @uriminzokkiri account has tweeted five times to signal that several North Korean websites, including ryomyong.com and uriminzokkiri.com" had been hacked.

The country's Flickr page was also hacked and defaced, loaded with images of Guy Fawkes masks and Kim Jong Un photoshopped into a pig with the word "WANTED" above him.

#OpNorthKorea seeks to help usher the North Korean people on a "journey to freedom, democracy and peace" by hacking into and defacing its government's online properties. A second press release published to Pastebin claims that Anonymous has sources inside the North Korean intranet:

We have a few guys on the ground who managed to bring th real internet into the country using a chain of long distance WiFi repeaters with proprietary frequencies, so they're not jammed (yet). We also have access to some N.K. phone landlines which are connected to Kwangmyong through dial-ups. Last missing peace of puzzle was to interconnect the two networks, which those guys finally managed to do.

Of course, because this is Anonymous, the group plans to inject pictures of cats and porn into North Korea's network to prove their access, because "North Korean citizens wanna see lulzy kittehs and hawt pr0n too."

(Photo: Crimint.com)

Andrew Auernheimer, better known by his pseudonym "weev," was sentenced today to 41 months in prison for exploiting an AT&T security flaw that allowed him to collect and publish the email addresses of 114,000 AT&T iPad owners. He alerted AT&T to the flaw before sending the dataset to Gawker, which published it, leading to an FBI investigation.

Mr. Auernheimer is part of the grey hat hacker collective Goatse Security, a division of the Gay Nigger Association of America, recently responsible for trolling the Daily Mail and unleashing a torrent of malicious spam on Tumblr. Back in November, Mr. Auernheimer was found guilty of "one count of identity fraud and one count of conspiracy to access a computer without authorization" for his participation in Goatse Security's AT&T hack.

The case is a controversial one, as Goatse Security didn't technically have to hack anything to obtain the information--they simply were exploiting a security flaw with AT&T. Still, Mr. Auernheimer must serve approximately 3.5 years in jail with three years of supervised release and a $73,000 fine to be paid to AT&T for damages (because AT&T is the real victim here).

Mr. Auernheimer's legal defense team attempted to argue that he did not deserve hard time, and instead just six months probation for the offense, but that plea failed.

According to Gawker's Adrian Chen, prosecutors cited a Reddit AMA Mr. Auernheimer did last night as proof that he would reoffend following his release. In the AMA, Mr. Auernheimer stated that he would run for Congress once released, and because of "congressional immunity" this would allow him to "drop hacks on the floor of Congress and be completely immune for doing so."

For his part, Mr. Aeurnheimer seemed to show little remorse towards AT&T. "My regret is being nice enough to give AT&T a chance to patch before dropping the dataset to Gawker," he wrote. "I won't nearly be as nice next time."

https://twitter.com/AdrianChen/status/313649642057371649

(Photo: Instagram)

Can you hear me now? It's a cardinal rule of working outside the office that you absolutely must learn to use your inside voice. But it seems a few people in Silicon Valley haven't quite mastered that particular trick. "Stopped by a Starbucks on Sand Hill Road to use Wifi," Slate's Farhad Manjoo recently tweeted. "Surrounded by indiscreet start-up guys preparing for VC meetings." Remember guys: The walls have ears.

Boys on Girls CollegeHumor founder Ricky Van Veen has been known to drag his girlfriend, HBO star Allison Williams, around to tech events, but she’s not afraid to give him a taste of his own medicine. In Sunday night's episode of Girls, Mr. Van Veen had a cameo appearance which even earned him a credit at the end under "Also Starring."

(Photo: Screenshot)

Clad in a plaid shirt and jeans, Mr. Van Veen was present in the startup party scene for Charlie's new app, Forbid. "We hit 20,000 MAU, and then everyone was just like, 'Ohhh fuck we did it,'" Charlie says earlier in the episode when explaining why they're throwing the party. (MAUs are monthly active users, duh.)

When Marnie grabs the mic and decides to turn the party into her own private karaoke sesh, Mr. Van Veen can be seen rolling his eyes at his real life girlfriend. Inside jokes! He also has a short scene with Shoshanna, where he tells her, "Restaurants are like my passion. Just going out to things is who I am." We've never met Mr. Van Veen in real life, but his Girls character was definitely insufferable.

As far as the accuracy of the scene when compared to an actual startup party? We'd give it a 7/10. Needed more neckbeards.

Spamalot Looks like even New York Times editors aren't immune to the occasional Twitter hack. Earlier this week, Times public editor fell pray to a little vanity when she clicked a spam link, which caused her profile to tweet out the same link:

(Photo: Twitter)

Ms. Sullivan seemed to take it all in stride. "Now I know I've had the complete Twitter experience, with account briefly hacked," she tweeted shortly after. "Thanks to all for help and sorry for the unintended spam!"

#freegooglereader Budding bloggers who rely heavily on RSS to find stuff to write about aren't the only people lamenting the imminent shuttering of Google Reader. Turns out ex-Today Show host Ann Curry was also a fan. Larry, can you hear her?

https://twitter.com/AnnCurry/status/312022545975111681

https://twitter.com/AnnCurry/status/312019199503523840

FYI Lo Bosworth would like the world to know that she finally, finally got Mailbox:

(Screencap: MIT.edu)

Hackers have defaced the MIT.edu website in response to the death of Internet activist Aaron Swartz, who was being prosecuted with the cooperation of M.I.T for illegally downloading JSTOR files over the university's network and uploading them for free use by the public. Mr. Swartz hung himself in his Brooklyn apartment 10 days ago, and a memorial was held for him at Cooper Union in New York on Saturday.

The MIT website has been defaced to display a black screen with the text of a blog post from Mr. Swartz's blog superimposed overtop. "R.I.P. Aaron Swartz," reads bolded white text in the middle of the site. "Hacked by grand wizard of Lulzsec, Sabu. God Bless America. Down with Anonymous." (Please also note that it says "Reddit sucks k" in the righthand corner. Lulz.)

Betabeat has been unable to confirm whether or not the hack was indeed the responsibility of the hacker crew Lulzsec, though we have to guess it wasn't done by Sabu, since the former LulzSec operative was outed as an FBI informant last year.

Upon refresh, it appears the website has been taken offline, serving the message "This website is offline. No cached version is available."

Update: Aaaaand we're back.

Not all clouds are security threats. (flickr.com/kky)

Researchers at North Carolina State University and the University of Oregon have discovered a way to turn cloud computing into hacker heaven.

Disguising data transfers with URL-truncating services like TinyURL or Bit.ly, researchers found that cloud-based processing power intended to shift computing tasks from laptops, tablets and mobile devices could be converted to crack encoded passwords or used for a large scale denial-of-service attack.

WhiteHat Security's Jeremiah Grossman told Dark Reading that cloud browser providers need to "ensure adequate security controls are in place to prevent their end users from abusing the system."

N.C. State researcher William Enck said one key is awareness:

NC State's Enck says there are ways for cloud-based browsing providers to better monitor their traffic -- namely, by associating accounts with the users so they can detect possible abuse or rogue traffic. Just like blacklisting offending IP addresses in a DDoS attack, for example, he says, this would allow cloud browser providers to quash abuse. "It's similar: You can say, 'Here are the clients from where [the traffic] is coming from and the IP addresses.'"

Dark Reading notes that users of the Silk browser on Amazon's Kindle Fire have to register with the service, and each tablet has a unique key that identifies that user and device to the browsing service. The university researchers who discovered these vulnerabilities believe Amazon's strategy is a sound way to keep cloud users honest. They also recommend using CAPTCHAs so potentially malicious cloud users can't write scripts that will automatically create multiple accounts they could later use in large-scale hacks or cyber-attacks.

We're not really looking forward to the day we can say hackers have maliciously used the cloud to "make it rain."

Hackers at MIT's Model Railroad Club

The word hacker has been everywhere recently, splashed across the front page for weeks as the “Phone Hacking” scandal at News of the World engulfed Rupert Murdoch and his media empire. There is a sensational mystique to the term that makes it irresistible to journalists. But typing the default password “1111” into the voicemail box of a murdered girl is not hacking. Neither is bribing the police for the phone numbers of celebrities and crime victims. Unless we’re ready to call smashing the window on my Honda Civic “car hacking,” nothing in the News. Corp scandal fits the bill.
“If it had been me, I would have broken into the phone company system, so I could have had direct access to the messages of all their customers,” said Kevin Mitnick, who was for several years the most wanted computer criminal in America, after hacking into the voicemail computers at Pacific Bell. “What News Corp. did, guess pin codes, spoofing voicemails, that is amateur script kiddie stuff.”

Mr. Mitnick, who now works as a security consultant and is publishing his first book in August, said he’s disappointed to see what passes for hacking these days. “I can remember writing a program in high school that was supposed to calculate 100 digits of the Fibonacci Sequence. It did that, but of course, it also stole passwords from my professor and classmates. But I didn’t get in trouble for that, I got an A, because my teacher recognized it was smart. That’s what hacking is supposed to be about, not crime, but innovation and creativity.”

In the 1950s, on the campus of The Massachusetts Institute of Technology, a great “hack” meant a  practical joke; covering the campus dome in tin foil, for example. Among the nerdy members of the Model Railroad Club, a hack came to mean a feat of technical skill, a particularly sweet switching station or miniature drawbridge. As these young geeks moved from laying track to working with computers, training massive IBM mainframes to make music and play chess, they took this attitude and vernacular with them.

Ruining it for the rest of us

The word hacker began to mutate, like a quartet of teen turtles, during the late 1980s and early 1990s. What had been a compliment among programmers and engineers became a byword for cyber-crime. Hollywood played a big role: films like WarGames and the eponymous Hackers made the word synonymous with mischief and mayhem.

The laws that sprung up to combat the rising tide of cyber-crime followed suit. “Hacking is breaking into computer systems, frequently with intentions to alter or modify existing settings,” according to the National Conference of State Legislators. “Sometimes malicious in nature, these break-ins may cause damage or disruption to computer systems or networks.”

A Google Trends chart of the period between 2004 and today shows the prevalence  of hacking in the press isn't just anecdotal,  news coverage of hacking over the last three years has grown by leaps and bounds. Some of this coverage has been about real hacking. The attacks that penetrated Google’s systems in China and caused the search giant to pull it business out of the country. The infiltrators who stole sensitive data from hundreds of thousands of Sony customers. And the hack-tavism by Anonymous and Lulzsec that defaced websites of major governments and corporations.

via Google Trends

But just as often hackers have been convenient boogeymen. For example it turned out to be Rep. Anthony Weiner, not a hacker, who posted a photo of the congressman’s package to Twitter.  When Pfc. Bradley Manning was arrested for passing classified military documents to Wikileaks, publications like Wired and CNN speculated  Pfc. Manning had learned the dark arts from MIT students he partied with at a hack spaces in Boston. The banal truth was that an angry young man with access to information downloaded sensitive files and burned them to a CD. Writing Lady Gaga on the disc was a nice bit of misdirection, but hacking it was not.

The sad reality is that cyber-crime is on the rise. And in fact News Corp has engaged in computer hacking. As The New York Times recently pointed out, the company paid $29.5 million back in 2009 to settle charges that it hacked into the computer system of New Jersey based company called Floorgraphics and stole information for a smear campaign that cost the the small advertising company several major clients. There were no 9/11 victims involved, no celebrities or young murder victims, and so the story went largely untold. Hell, the head of U.S. cyber-security, Randy Vickers, resigned on Monday in the aftermath of hacking assaults on the Senate, FBI and CIA websites. Yet only the only major publications to carry the story so far have been foreign outlets, Reuters and The Guardian.

Hackers are like Jedi, wielding mysterious powers that enable them to peer into the private lives of normal folks. Just as there are Jedis on the light and dark side, so hackers are divided into white and black hat, a porous boundary which contributes to confusion around the term. Before he built computers, Steve Jobs and his partner Woz built blue bloxes that helped phone phreakers hack their way to free long distance calls. And the most widely known and admired young entrepreneur of this generation, Mark Zuckerberg, has dark hacking in his DNA. He didn’t ask for permission when he took the names and faces of his classmates and put them together into Facemash, an early experiment at Harvard that nearly got him expelled.

But when Zuckerberg sat down earlier this year with Leslie Stahl for a 60 minutes interview, he tried to explain to her that Facebook was strictly white hat. “The graffiti is largely gone,” Stahl said to Zuckerberg, during her tour Facebook’s fancy new offices, “except for one word, you just can’t miss. I see hack everywhere. Hack! It has a negative connotation, doesn’t it?”

“When we say hacker, there is this whole definition that engineers have for themselves, it’s very much a compliment,” said Zuckerberg. “To hack means to build something very quickly. In one night you can sit down and churn out a lot of code and at the end you have a product. Hackathons are these things where all of the Facebook engineer get together and stay up all night building things, and I do too, usually I code alongside everyone.”

Zuckerberg’s comment highlights an interesting divide. “The word now has two branches, the one used among computer progammers and the one used in the media,” said author Stevy Levy, whose 1984 book Hackers, first introduced the term to the mainstream.” On one hand it means “to create”; on the other “to steal.”

“There was a time when hacker had lost almost all of it positive connotation,” said Mr. Levy, who wrote in the update to the 2005 edition of his book that he considered dropping the word altogether. “But the community seems to have really reclaimed it for themselves, and that has spread, to the point where people talk about hacking healthcare or hacking education, and they mean working to make it better.”

LulzSec Twitter Avatar

Few hackers groups in the history of the internet age have claimed responsibility for attacks on so many prominent targets in such a short period of time.

"For the past month and a bit, we've been causing mayhem and chaos throughout the internet," wrote LulzSec today,  "attacking several targets including PBS, Sony, Fox, porn websites, FBI, CIA, the U.S. government, Sony some more, online gaming servers (by request of callers, not by our own choice), Sony again, and of course our good friend Sony."

What follows is a diatribe on the nature of public hacking and the insatiable appetite of netizens for entertainment, no matter how cruel of illegal the source.

At first it seems like LulzSec is making a case for hacking and disclosing big security vulnerabilities. "This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn't released something publicly. We're sitting on 200,000 Brink users right now that we never gave out. It might make you feel safe knowing we told you, so that Brink users may change their passwords. What if we hadn't told you? No one would be aware of this theft, and we'd have a fresh 200,000 peons to abuse, completely unaware of a breach."

But quickly the tone of the message shifts to a more unapologetic, anarchic one. "Yes, yes, there's always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011. This is the lulz lizard era, where we do things just because we find it entertaining. Watching someone's Facebook picture turn into a penis and seeing their sister's shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos to because he can't secure his Amazon password is priceless. You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it."

A hacker with a public Twitter account is a dangerous and novel thing. It means an immediate feedback loop between their mischief and their fans (and enemies). It encourages them to keep moving from project to project and connects them with an army of thrill seekers who make prank phone calls and exploit compromised accounts. Just as #weinergate showed us the new breed of political scandal, LulzSec is internet chaos moving at Twitter speed and scale.

Turns out the Grey Lady had long term access to Fab's emails. Was it through some crack investigative reporting?

Nope, turns out an artist found his laptop in the trash and, after seeing Fab's name in the paper, started handing the correspondence over to The NYT.

This led Felix Salmon to ask the question: does this constitute hacking by The New York Times?

It's a big black eye for Goldman, which likes to be known for running a tight ship, that secure emails were streaming into a laptop left for dead in a "garbage area".

But, since all The Times did was to work off materials passed to them by a source, and since all this source did was to open up a laptop they found in the trash, the answer seems to be no.

Salmon tries to compare this to News Corps. recent hacking debacle, or to a reporter finding a key and using it to enter someone's office. But it's more like a source found an unlocked briefcase and after reading the contents, tipped a reporter.

Admittedly the whole thing has an air of misdirection that is setting the heads at Zero Hedge wild, but, but there is nothing to suggest hacking in the narrative as it stands.

Dennis Crowley often says that the intention of Foursquare is to get people to interact with the real world, and the the check in is not a means to an end, but a jumping off point for inspiring new behaviors. This study is sort of the opposite, testing to see if users will limit their activity based on negative inputs.

After checking in, users are show data about how many robberies, violent crimes and "anti-social" crimes occurred in that vicinity over the most recent one month period. And just like Foursquare, users can see where they rank on leaderboard, in this case measuring the total number of fear points they have collected from checking in to dangerous locales.

There have been some interesting Foursquare hacks in NY that worked along similar themes. Max Stoller's DontEat.at, which lets users know about any health code violations when they check into a restaurant, took home the student prize at this year's Big Apps competition.

via Mike Melanson at Read Write Web

Hmmm, what was my mother's maiden name?

The hacker group Gnosis brought down the Gawker Media empire over the weekend.

As part of their attack, they revealed sensitive data from hundreds of thousands of Gawker users.

For the security specilialists at Duo, this was a golden opportunity to practice their craft.

"As it's not very often that we get a glimpse into the human psychology of password selection, let's dig deeper into the password dump!" founder Jon Oberheide wrote on the company blog.

The result reveals a readership of nerds, idiots, lovers and philistines seriously lacking in imagination.

Here, in order, are the top 25 most common passwords on Gawker.