(Photo: Deviant Art)

Devices like security cameras, traffic light systems, and high tech temperature controls can all be connected to the web, but they aren’t indexed by Google, which makes them difficult to find without deep computer expertise. Now SHODAN, a search engine that crawls the web for devices like routers, webcams and servers, is helping to expose some of the security flaws inherent to these devices.

Called the "Google for hackers" by ZDNet, SHODAN provides a powerful search platform for those looking for security holes in web-connected devices. According to CNN:

Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.

Many of these devices are ill-equipped to handle hackers: since they're rarely indexed, there hasn't been a need to set up typical security controls. Many can even be accessed via default passwords like "1234."

A researcher at the cybersecurity conference DEFCON recently demonstrated just how easy it is to access the devices found on SHODAN. Writes CNN:

Dan Tentler demonstrated how he used Shodan to find control systems for evaporative coolers, pressurized water heaters, and garage doors.

He found a car wash that could be turned on and off and a hockey rink in Denmark that could be defrosted with a click of a button. A city's entire traffic control system was connected to the Internet and could be put into "test mode" with a single command entry.

We smell a Michael Bay-style infrastructure hacking movie on the horizon.

A typical hacker. (Photo: Tumblr)

A new study published by a professor at the University of Montreal has yielded earth-shattering conclusions that are sure to rock the public's fundamental understanding of "hackers." Largely considered to be clean-shaven, upstanding adults residing in beautifully-kept apartments and boasting impressively high emotional IQs, the study has revealed a seedier side of the hacker persona: that of a Cheeto-dusted manchild whose skin will melt at the first sign of sunlight.

According to the study, “the typical hacker is male, in his 20s, and is usually socially immature.” How did researchers arrive as this generalization of the subspecies? By interviewing the statistically insignificant group of 10 hackers ages 17 to 27 years old.

Furthermore, about one third of hackers (so, like, three dudes?) reside with their parents, shattering the longstanding belief that computer hackers live in spacious, light-filled houses purchased with their own legitimately obtained money.

Can't wait to hear about how mean high school girls are after talking to Lindsay Lohan.

The high school years!

It's hard being the Department of Homeland Security. Foreign agents are constantly trying to slip inside the D.H.S.'s computer systems. But America's  hotshot hackers either go for the private sector ($$$) or somewhere you can go on the offensive, like the N.S.A. (which, let's face it, sounds super-badass).

So, according to the New York Times, the agency, desperate for recruits, is now making like a college football program and hunting for recruits at high school hacking competitions.

For example: Security experts in Virginia have created the Governor's Cup Cyber Challenge, in an attempt to funnel talented teens into the public sector. Participants spent the weekend cracking passwords and that sort of thing.  It was all meant to lure them into a stint at the agency:

“We have to show them how cool and exciting this is,” said Ed Skoudis, one of the nation’s top computer security trainers. “And we have to show them that applying these skills to the public sector is important.”

Still, it's pretty hard to sell a bunch of teenagers on a life of civil service:

“Everything’s slower, there’s budget cuts and bureaucracy everywhere and you can’t talk about what you do,” the Times quoted hacker Arlan Jaska as saying. “It just doesn’t seem like as much fun.”

Let's hope there aren't any important secrets on the D.H.S's servers!

Hackin'

Even as Guccifer goes on a tear, releasing Hova's credit reports and Hillary Clinton's emails, our friends in South Korea are having some computer problems of their own. Earlier today (in the middle of the afternoon, Seoul-time), computer networks at two of the country's banks and three TV stations shut down out of the blue, in what looks like the work of a malicious virus. That'll ruin an IT Department's day, all right.

The BBC reports:

"Staff at the three broadcasters said their computers crashed and could not be restarted, with screens simply displaying an error message, although they have continued to make television broadcasts, our correspondent said.

There were also reports of skulls popping up on some computer screens, which could indicate that hackers had installed malicious code in the networks, the Korean Internet Security Agency said."

A Defense spokesman told the BBC it was too early to point fingers: "We do not rule out the possibility of North Korea being involved, but it's premature to say so." (Just last week, actually, North Korea accused the U.S. of attacking its very, very limited Internet capabilities.) The Guardian says:

"Warnings reportedly appeared on some computer screens from a previously unknown group calling itself the 'WhoisTeam', showing skulls and a message stating it was only the beginning of 'our movement'."

But South Korea's rowdy northern neighbor is blamed for attacks in 2009 and 2011 and tensions are running high right now, so we're just surprised the hack didn't look like this:

(Know Your Meme)

Pretty sure she's waving to the Street View team.

A report suggests Google is going to unite all its various chat products under the name "Babble." We sincerely hope this is not part of another effort to make us all use Google+. [Geek.com]

"Sanders and Armstrong share something with the startup world as a whole: the arrogance of naivete. They see what they think is a problem. They think they’re the ones to solve it." [Melville House]

Wait 'til the mayor sees this: There's a couple of teens who review cigarettes on YouTube. Gross. [Daily Dot]

You can now climb every mountain with Google Street View. [L.A. Times]

Security researcher Brian Krebs tracked down the hacker who completely wrecked Mat Honan's digital life. BRB, double-checking my two-factor authentication. [Ars Technica]

Mr. Keys (Photo: Twitter)

Matthew Keys, the 26-year-old social media editor at Reuters who was indicted by the Department of Justice yesterday for collaborating with the hacktivist collective Anonymous, has been suspended from Reuters with pay. Now, reporters are working to cobble together details of his checkered online past.

BuzzFeed reports that along with building a dedicated Twitter following of over 20,000 people and creating popular Twitter parody accounts like PendingLarry, Mr. Keys established himself in the early aughts as an infamous LiveJournal troll, who went by several usernames, the most popular being "madrigalskylark." His presence on the online diary site was so well-known that it warranted its own entry on Encyclopedia Dramatica, a Wikipedia-type platform that chronicles the goings-on of 4chan and hacker culture.

Madrigalskylark's entry reads:

Obsessive LiveJournal user madrigalskylark is known for his attention whore antics, leaving phony suicide notes, passive-aggressive bitchiness, and use of the victim role to earn sympathy from naive, unsuspecting morons. Or gluttons for punishment, depending on how you look at it.

BuzzFeed also links to a fully fleshed out Wikipedia page that user edit history indicates Mr. Keys wrote about himself. The page chronicles everything from the details of his early childhood (he split time between Vacaville, CA, Germany and El Paso, TX) and his past relationships. ("In May 2006, Matthew began dating 'Jeffrey' from the Sacramento area. In early July, Matthew broke up with 'Jeffrey' after discovering 'Jeffrey' was cheating and moving to Los Angeles. Matthew is currently single.")

The entry also contains a detailed trivia section with gems such as, "In high school, Matthew was known as 'The Guy Who Likes John Mayer'" and the factoid that he previously maintained "eight LiveJournal accounts, five Xanga accounts and three Blogger accounts."

"Once again, loser gay boys with way too much time on their hands are discussing me on LiveJournal," reads one of the quotes on Mr. Keys' self-built Wikipedia page. The page also states that Mr. Keys "may have had the first ides of a social networking website on the Internet similar to MySpace."

On a post about Mr. Keys on Gizmodo, commenters chimed in to share their experiences with him. A handful claimed that when they turned Mr. Keys down for romantic relationships, he would create "defamatory (and 90% falsified) websites" or Craigslist postings about them. One commenter wrote on Gawker:

He would make life hell for people who refused to date him. He would stalk and use his tenuous grasp of early social networking to create shitty websites and Craigslist posts full of lies and material created to defame people he didn't like.

He did this to me, he kept trying to get me to go out with him. I refused. Instead of attacking me he went after one of my friends (who he thought was my Boyfriend). He posted fake profiles on dating sights, and posts on Craigslist with his image, with copy that stated that he had herpes, HIV and other diseases.

He would go online and impersonate him, furthering these lies. This got so bad that my friend left the state, his job, and all of his friends almost over night. Everywhere he went people would come up and ask him if he was "that guy form the Craigslist posts" or "the herpes dude". My friend was one of several people that Matthew did this to. Most of them were targeted because they refused to date him, still there were others that he attacked for reasons unknown to me.

Another Gawker commenter wrote that when he asked Mr. Keys to stop talking to him, "he tried to blackmail me with (what he thought were) nude pics of me. Threatened to send them to all of my coworkers, all of my Facebook friends, etc."

Despite his alleged involvement with Anonymous, Mr. Keys actively leaked information to websites like Gawker about the goings-on in hacker IRC rooms. He also used the information gleaned from his conversations with Anonymous members to inform reporting he did for Reuters.

Sabu, the LulzSec hacker turned FBI informant, tweeted about Mr. Keys back in March 2011, but the tweet flew under the press radar. The AP reports that one day after it was announced that Sabu was an FBI informant, Mr. Keys wrote a story for Reuters about how he had "infiltrated" the hacker group. It's unclear whether this is a coincidence, or if Mr. Keys believed Sabu would snitch on him and made an attempt to cover his tracks by publicly claim to have infiltrated Anonymous instead of copping to collaborating with them.

An anonymous source told Betabeat that Mr. Keys said the day before news of the indictment broke that he was worried he would be fired. Mr. Keys has since claimed on Twitter that statement was unrelated to the indictment.

The AP reports that the former KTXL Fox 40 producer, who allegedly shared login credentials with members of Anonymous so that they could deface articles on the Los Angeles Times website, is scheduled for arraignment in Sacramento on April 12th. "Reuters spokesman David Girardin said the company was 'aware' of the indictment when Keys was hired last year, but he declined further comment," wrote the AP. The story has since been altered to reflect the official Reuters statement:

“We are aware of the charges brought by the Department of Justice against Matthew Keys, an employee of our news organization. Thomson Reuters is committed to obeying the rules and regulations in every jurisdiction in which it operates. Any legal violations, or failures to comply with the company’s own strict set of principles and standards, can result in disciplinary action. We would also observe the indictment alleges the conduct occurred in December 2010; Mr. Keys joined Reuters in 2012, and while investigations continue we will have no further comment.”

Mr. Keys claimed to have found out about the indictment on Twitter. Shortly after news broke of the indictment, Mr. Keys tweeted the following:

https://twitter.com/TheMatthewKeys/status/312348676448219137

A Reuters employee told Reuters (yup) that Mr. Keys' work station was being dismantled and his security key card had been deactivated.

The Ventura, California based law firm Jay Leiderman announced on Twitter that they plan to represent Mr. Keys. "We fight the man for you," reads the firm's Twitter bio.

Update: A tipster who spoke under condition of anonymity provided Betabeat with the following screenshots from Mr. Keys' Facebook profile. Since news broke of his indictment last night, he's addressed the issue twice on his page:

The first post, published shortly after news of the indictment broke on Twitter.

The second post, shows Mr. Keys taking issue with (or making a joke about) a sentence in an AP story about him.

This is the best pic. (Photo: Indian Colleges)

If you're a computer-savvy college student, one way to illustrate that your university wifi network is terribly insecure is to write letters to the dean expressing your concerns. Another way is to simply hack the network and have all traffic redirect to gay porn.

The News Herald reports that a 26-year-old student attending Florida State University Panama City is now facing felony charges after hacking into the school's wifi network and sending everyone who accessed it to notorious shock site Meatspin.com. The student, Benjamin Blouin, wanted to make a point about the dangers of having an open wifi network. Now that he subjected scores of students and faculty to the horror of Meatspin, the university has decided to require students to login in order to use the network.

Mr. Blouin was quite satisfied with this outcome, despite the fact that he's facing jail time. "“That’s how it should be,” he told The News Herald. “That’s how it is on every campus.”

Just another story for @_FloridaMan.

(Screenshot: Amazon)

Amazon.com's homepage appears to be temporarily down, showing a "service unavailable" message to users. Links within Amazon are still functional, but the homepage is inaccessible.

As TechCrunch notes, the site is serving a 503 error, indicating that "the server powering the site is down due to maintenance or overloading," which can mean the server is being DDOS'd. Amazon Web Services' dashboard says all hosting services appear to be operating normally.

The hacker group Nazi Gods is claiming responsibility for the attack. "This is what happens amazon when you support censorshiphttp://amazon.com  #TangoFuckingDown," tweeted @NaziGods this afternoon, adding, "I may release a pastebin later explaining how and why we took out amazon."

In response to a user who asked if they DDOS'd Amazon, @NaziGods responded "we used a 7kbotnet running hoic 100 threads each. 80servers in botnet and a 16gbps booter." That means 700,000 separate web request getters running are running at once. This method would send scores of requests over and over again to the server, causing it to overload and temporarily knock the site offline. The hackers claim only the homepage is down because it is hosted on a different server than the rest of the site.

Betabeat has been unable to independently verify if the site is down due to the work of hackers like NaziGods or due to something else entirely. We've reached out to Amazon and will update when we know more.

Update 3:33 pm EST

The Amazon.com homepage appears to be back up.

Update 5:36 pm EST

Amazon has provided Betabeat with the following statement:

 “The gateway page of Amazon.com was offline to some customers for approximately 49 minutes.  Other pages of the site were accessible and AWS was not impacted.”

This is a developing story and we will update as we learn more.

(Screencap: Twitter)

An anonymous hacker going by the Twitter handle @TylerSec has published a post on PasteBin claiming to have released 33 GB of JSTOR documents via his own leak network, Tyler Leaks. If the documents are in PDF format and are around 50-75 pages each, that's about 22,500 academic papers dumped. The leak comes in response to the death of hacker hero Aaron Swartz who was facing a federal sentence for "stealing" academic papers from JSTOR.

Gawker writer Adrian Chen notes that the leak could be of the same documents released by Wikimedia contributor Greg Maxwell in 2011. "There's a good chance that this Anonymous leak of JSTOR documents is an old dump from last year," he tweeted.

In the Pastebin post, TylerSec claims to have released the "First leak from the Anonymous Tyler Network: 33 GB of the JSTOR files that Aaron Swartz died to bring to the world." He included a link to his Tumblr where users can download software used to access the documents, as well as a link to the documents themselves.

"The people you are after are the people that society depends on: we write songs, we create art, we build, we invent, we feel love and laugh, we will defend our freedom to our last breath," reads the Pastebin post. "Do not fuck with us."

Anonymous has been vocal in avenging Mr. Swartz's death, recently launching an operation called #OpAngel in his memory.

(Screencap: Twitter)

In the wake of the suicide of hacker hero Aaron Swartz, his friends and family released a statement placing the onus for his death on "a criminal justice system rife with intimidation and prosecutorial overreach." U.S. Attorney Carmen Ortiz was responsible for prosecuting Mr. Swartz, and has come under fire along with Assistant U.S. Attorney Stephen Heymann for what many see as overreach in cases against hackers.

A petition immediately began circulating asking for Ms. Ortiz's resignation following Mr. Swartz's death. The petition has already received over 25,000 signatures, guaranteeing it a response from the White House.

Now, Ms. Ortiz's husband, an IBM executive named Tom Dolan, has taken to Twitter to defend his wife's actions in the prosecution of Mr. Swartz. (As the account is not verified, Betabeat was unable to independently confirm that it is Mr. Dolan's Twitter, but he possesses over 700 followers and has his account tied to a fleshed-out LinkedIn page.)

In the tweets, Mr. Dolan responds to various public figures tweeting about Mr. Swartz and arguing that he was not facing life in prison, but instead refused to take a six month plea bargain.

Many on Twitter are outraged by Mr. Dolan's remarks, particularly after the U.S. Attorney's office declined to make a statement regarding Mr. Swartz out of respect for his family's privacy. "US attorney's office won't make public statement bc 'respect' to family's privacy'. US a''s husband @tomjdolan criticises family on twitter," tweeted one user.

"Ortiz's husband, @tomjdolan, thinks public anger is over potential prison time, not the fact the fed ruined his life over a TOS violation," added Daily Dot writer Kevin Morris.