Awkward! (Photo: Flickr, Rev Stan)

Well, here's some not-particularly-reassuring news about one of New York's finest: An NYPD detective named Edwin Vargas has been arrested for "computer hacking crimes."

The feds say Mr. Vargas shelled out $4,000 to an email hacking service to get log-in credentials for at least 43 email accounts belonging to at least 30 different people (21 of them affiliated with the NYPD). He's also alleged to have accessed the National Crime Information Center database.

By the time he was done, he had quite the dossier:

The Contacts section of his Gmail account included a list of at least 20 e-mail addresses, along with what appear to be telephone numbers, home addresses, and vehicle information corresponding to those e-mail addresses, as well as what appear to be the passwords for those e-mail addresses.

“Of all places, the police department is not a workplace where one should have to be concerned about an unscrupulous fellow employee," said FBI Assistant Director in Charge George Venizelos.

The official announcement studiously avoids any mention of motive, but the New York Times
says he believed his ex-girlfriend (also a cop) was seeing someone new (also also a cop) and wanted to know who. Isn't that what Facebook is for?

(Photo: KPCB)

Mystery hacker Guccifer has been terrorizing America's political elite by hacking into their email accounts and proving that even former presidents aren't really that great at their newfound painting hobby. Now, The Smoking Gun reports that Guccifer has begun targeting Silicon Valley. Ugh, guess that means tech really is cool now.

The Smoking Gun reports that venture capitalist and Kleiner Perkins partner John Doerr is the latest victim of Guccifer's exploits. The hacker was able to get into Mr. Doerr's AOL account (how are you a VC with an AOL account?) and send emails to The Smoking Gun from it. Guccifer also provided TSG with a screenshot of the inbox's contact list to further prove his successful hack.

“do you like my new face?” Guccifer wrote in an email to TSG. “i wear glasses right now an I have 2 zillion + in my bank accounts:))”

Aside from wearing glasses and being filthy rich, Mr. Doerr made headlines last year when he was named in a gender discrimination suit filed by Kleiner Perkins partner Ellen Pao. He vigorously denied the claims made in the suit.

Even Guccifer probably can't explain why a Google boardmember has an AOL account.

(h/t Daily Dot)

o_o (Photo: Twitter blog)

In light of the recent hacks of big brand Twitter accounts like Burger King and Jeep, Twitter has finally announced two-factor authentication. Haha JK, they just published a condescending blog post blaming their security vulnerabilities on your shitty passwords.

Screencap

For the love of Christ, will you social media gurus please learn to change your passwords once in a while? A scant 24 hours after someone hijacked Burger King's Twitter account and began pumping out pro-McDonald's sentiment, it appears Jeep's verified account has now been compromised.

The account's about page now reads: "The official Twitter handle for the Jeep® -- Just Empty Every Pocket, Sold To Cadillac =[ #OpMadCow #OpWhopper." The avatar is now a Cadillac logo, and the  background picture is now a low-rider with a McDonald's paint job. Jeep is now tweeting things like, "You'll never catch @50cent ridin in a Dirty Ass @Jeep !!!!#ForDaLuLz #FreeJeep."

It looks like it's the same perpetrators as yesterday and pretty much just a total rerun. This, for example, is an awfully similar joke to what we saw yesterday with Burger King:

We got sold to @cadillac because we caught our employees doing these in the bathroom =[ twitter.com/Jeep/status/30…

— Jeep (@Jeep) February 19, 2013

We can't wait for Elon Musk to connect this back to the New York Times.

(Update: 3:08 p.m.) Gizmodo suggests the guilty party is a DJ from New England (ain't it always?) named Tony Cunha, a.k.a. iThug. Hey, while we're dispensing digital survival tips, here's some advice for all you hackers out there: Don't start bragging about your exploits to cute girls on Facebook.

iThug followed up on one of those Twitter shoutouts by bragging to a girl (and pal from the Boston music scene) in question with his real-life Facebook account (deleted immediately after @Jeep was taken over, mind you). Using his real life name. He just had to show off (this post has also been deleted post-Jeep).

(Update: 3:18 p.m.) Okay, now this is just getting goddamn ridiculous: There's a possibility the MTV and BET accounts have now been hacked, as well. One minute MTV was tweeting about sideboob at the Spring Breakers premiere; the next it was "ON A SCALE OF 1 TO RATCHET, HOW MUCH BETTER ARE THE @BET AWARDS THAN THE VMAS???" BET just has an MTV avatar and "this is a takeover!!!" on the about page.

How many brand accounts have to get hacked before we actually get two-factor authentication?

However, there's another, more excruciatingly stupid possibility, which is that this could all be some big Viacom viral marketing scheme, in which case fuck you, Viacom. Reuters' Matthew Keys points out that an MTV employee tweeted "Everyone watch @MTV right now... #MTVHACK" right before the takeover.

We've reached out to Twitter for comment and will update if we hear anything back.

(Update: 3:55 p.m.) MTV has now owned up to its attempt to bullshit the Internet:

We totally Catfish-ed you guys. Thanks for playing! <3 you, @bet. ;)

— MTV (@MTV) February 19, 2013

As this Betabeat reporter's mama is fond of saying: It's not funny and it's not cute, guys. It's also a hell of a note that hacked brand accounts are now common enough they're treated as their very own viral marketing opportunity.

(Photo: AnonRelations)

The hacktivist collective Anonymous has now set its sights on the State of the Union. In a call to arms published to one of Anonymous' websites, the group announced its intentions to launch #opSOTU, an operation intended to disrupt all livefeeds of the State of the Union address scheduled for tonight at 9 p.m. EST.

Though it did not detail how exactly it plans to take down the livefeeds, Anonymous says the hack is in response to the death of hacker activist Aaron Swartz, whose suicide last month has been a lightning rod for the controversy surrounding the free and open Internet. Anonymous also calls out the President's refusal to discuss the NDAA, military drones and Bradley Manning.

Reads the release:

The President of the United States of America, and the Joint Session of Congress will face an Army tonight.
We will form a virtual blockade between Capitol Hill and the Internet. Armed with nothing more than Lulz, Nyancat and PEW-PEW-PEW! Lazers, we will face down the largest superpower on Earth.

And we will win!

There will be no State of the Union Address on the web tonight.

In order to block all web feeds, Anonymous will have to successfully hack ABC News, Yahoo News and the White House's official channel, among others.

(h/t The Daily Beast)

(Photo: flickr.com/kla4067)

In a talk at DLD, Ben Horowitz revealed that his VC firm had closed (non-seed) investments in a mere 24 companies, most of them created by “college dropouts with insane ideas going after tiny markets with no way to monetize.” [TechCrunch]

France is considering creating an Internet tax, levied on the collection of personal information. As far as French ideas go, we prefer the croissant. [New York Times]

Speaking of Waterloo: Atari's U.S. arm has declared bankruptcy in an attempt to escape its French parent company. The second plank of this plan is presumably to time-travel back to the late 70s. [L.A. Times]

Some poor kid's been expelled from Montreal College for daring to discover a software vulnerability that left 250,000 students' information exposed. [National Post]

Graph search is a "privacy test" for Facebook. Given that users of the site freak out at phantom privacy crises, this'll be fun. [New York Times]

It was probably a bad idea to mess with this woman, honestly.

The AP reports that the so-called "Hollywood hacker," a creeper convicted of cracking the email accounts of starlets like Scarlet Johansson and Mila Kunis, has been sentenced to 10 years in prison. Mr. Chaney pled guilty to several charges, including wiretapping.

Just goes to show that crime doesn't pay--especially when you splash your wrongdoing all over the celebugossip blogs.

Between 2010 and 2011, Mr. Chaney went on a year-long tear, hacking into scores of Hollywood types' email accounts and leaking intimate photos across the Internet. Even for a population of people used to outlets like TMZ watching their every move, it was intrusive.

The judge delivered the news to Christopher Chaney after the court heard from Ms. Johansson in a videotaped statement described as "tearful." Another victim, Christina Aguilera, released her own statement saying, "That feeling of security can never be given back and there is no compensation that can restore the feeling one has from such a large invasion of privacy."

This from someone who's had tabloids producing fevered fantasies about her comings and goings since she was a tween.

We can't help but wonder what Hunter Moore makes of this dude.

(Photo: MNN)

Worrying about having your email hacked is so 2012. Instead, the newest hacking trend researchers are examining is less about your online life than it is about your physical body: soon, blackhat badasses and government spies could hack into your brain. (Dun dun dun.)

Wired reports that brain-computer interface (BCI) technologies currently in development could result in full-scale mind-control that could turn even the most mild-mannered among us into a biological killing machine. While the positive outcomes of successful BCIs are manifold--take functional bionic limbs, for example--they're also vulnerable to malware attacks that could transform someone into a mind-controlled weapon.

Writes Wired:

The possibilities for damage, destruction, and chaos are very real. This could include manipulating a soldier’s BCI during conflict so that s/he were forced to pull the gun trigger on friendlies, install malicious code in his own secure computer system, call in inaccurate coordinates for an air strike, or divulge state secrets to the enemy seemingly voluntarily.

Your move, Michael Bay.

(Screenshot: HunterMoore.TV)

Anonymous claims it has gained access to files and photos on HunterMoore.TV, a new website from revenge porn king Hunter Moore. A faction of the hacker collective recently launched an operation to hold the “most hated man on the Internet” accountable. A source within Anonymous told Betabeat that the group has access to “all of the content he is going to release, some even from the old [Is Anyone Up] site apparantly because it still has their logos.”

Within the trove of files, Anonymous claims they have identified credit card numbers "on his site in plain text," as well as usernames and passwords. The source also told Betabeat that they are "dumping his databases," meaning that they plan to publish them online, most likely to Pastebin. It's unclear whether that includes publishing credit card information.

Anonymous also launched a DDOS attack against Mr. Moore's site, taking it down intermittently. Because Mr. Moore employs Cloudflare's Always Online technology, the error messages says users can "continue to surf a snapshot of the site."

The site appears to be back up now. However, the submit form continues to be down, serving the message "This form is currently unavailable" when you click on it.

Anonymous revealed its plans to take down the site just before a live broadcast of the BBC radio show "World Have Your Say," on which the two Anonymous operatives responsible for starting #OpHuntHunter are slated to appear to discuss the operation. Mr. Moore was invited to join the interview but declined.

Shortly after the program ended, KY Anonymous announced that the "DDOS against huntermoore.tv is ending, hope he enjoys those bandwidth costs." He also tweeted what he claims to be Mr. Moore's social security number.

(Screenshot: Twitter)

This is a breaking news story and will be updated as we learn more.

The spammy message. (Screencap: Tumblr)

Community managers all over town are dealing with what probably feels like the end of the world right now. We just logged onto our dashboard and discovered that quite a few Tumblrs--most prominently the Verge, as well as USA Today and the Daily Dot--seem to have been hijacked. Your dashboard, like ours, is probably being flooded with this charming message:

Dearest `Tumblr’ users,

We have taken the liberty of upgrading your (rather tasteless, we must say) blog to our premier GNAA Deluxe Gary Niger (pictured to the left) Signed Edition! This is in response to the seemingly pandemic growth and world-wide propagation of the most FUCKING WORTHLESS, CONTRIVED, BOURGEOISIE, SELF-CONGRATULATING AND DECADENT BULLSHIT THE INTERNET EVER HAD THE MISFORTUNE OF FACILITATING.

It goes on in that vein, suggesting emo Tumblr users drink bleach and die.

The language of the post seems to indicate that it's the work of hacker group "Gay Nigger Association of America." Plus, here they are on Twitter:

3,800 unique tumblr users (and counting) show their support for the GNAA: tumblr.com/tagged/bronies

— Gary Niger - GNAA (@Gary_Niger) December 3, 2012

Betabeat has covered the group's antics before, when they tricked several publications into believing people were looting following Superstorm Sandy. Wikipedia calls them an "anti-blogging Internet-trolling organization."

The hack is fairly benign, though widespread. It's a Javascript exploit that immediately reblogs the post to your Tumblr if you hit Okay or Cancel on the dialogue box that pops up. You can get rid of the posts by going into your Tumblr's mass post editor and deleting them; you'll also want to change your password as an extra security precaution.

The focal point of the spam began with the Tumblr brony tag, where fans of My Little Pony congregate (hence the fact that The Daily Dot was one of the first Tumblrs to get hit). In a press release, GNAA writes:

An elite team of GNAA ubernigger supersoldier commandos (each packing 9-to-11 inches of black power) stormed the DHX Media Vancouver headquarters under cover of darkness late last night to commemorate the release of My Little Pony: Friendship is Magic Season 3.

"The New Release of My Little Pony: Friendship is Magic Season 3 marks the third anniversary of this perverse Jewish abomination. The ‘Brony’ movement is an illogical fetish for manchildren. While our previous ‘Brony Outreach’ had been a success", stated GNAA Founder and CEO Niger, "we quickly grew tired of these perverted repugnant manchildren within our ranks."

Tumblr spokesperson Katherine Barna told Betabeat:

There is a viral post circulating on Tumblr which begins "Dearest 'Tumblr' users". If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible.

Tumblr also tweeted the following message:

We are aware that there is a viral post circulating on Tumblr. We are working to resolve the issue as swiftly as possible. Thank you.

Well, that seems a little like an understatement.

Meanwhile, Tumblr is responding with--what else?--GIFs. From ILoveCharts:

Update (12:27): Looks like the total number of users affected is at least 8,600, though the account @Gary_Niger appears to have deleted tweets boasting about the hack. Might it have something to do with GNAA publicity account @LiteralKa getting suspended from Twitter?

Update (12:33): Gawker reports that GNAA claims to have warned Tumblr about the security exploit weeks ago. GNAA spokesperson Literal Ka told Adrian Chen:

We contacted Tumblr about this weeks ago and nothing came of it. This was a serious issue that needed to be fixed. Someone would have done a lot worse than just posting a message over and over if they didn't fix it right away...

Betabeat also received a comment from Leon Kaiser, the head of GNAA. He confirms that @Gary_Niger deleted tweets relating to the hack for fear of being suspended by Twitter, elaborating:

The tweets were indeed deleted because we are worried about being suspended from Twitter....This was just another part of our "anti-blogging" campaign. GNAA's stance on blogging in general has always been a negative one: in short, blogging is lowering journalistic standards to the point where the number of friends a murderer has on Facebook has become news.

Mr. Kaiser also told The Guardian that Tumblr consistently "puts the safety of their users second to their revenue."

Update (12:59): Naked Security has more on the hack: Anyone who was logged into Tumblr automatically reblogged GNAA's post upon visiting an infected page. If you weren't logged in, you were simply redirected to the standard log-in page. You can get a more granular look at the hack here.

Update (1:20): As we mentioned earlier, Mr. Kaiser, the president of the GNAA, told The Guardian that today's hack was designed to send a message to Tumblr about prioritizing revenue above security:

"Tumblr is a blogging website whose employees we have found, time and time again, to put the safety of their users second to their revenue. Instead of hiring competent, dedicated staff, they hire part-time programmers who can't even defend against the most basic of security issues, such as XSS. I mean, for chrissake, they don't even throttle (or the threshold is ridiculously high) the number of posts per minute a user is allowed to make! Blogging services everywhere need to step up and hire people who know what they're doing."

Considering that Tumblr employs at least 47 engineers (according to current employees on LinkedIn) and is trying to hire at least 8 more, we asked Mr. Kaiser to elaborate on GNAA's stated motivations for the hack. "If 47 engineers can't prevent simple security issues, then I have serious concerns about who they're hiring," Mr. Kaiser responded by email. (We have reached out to Tumblr to get a total engineer count and will update the post when we hear back.)

Update (1:30): "Tumblr engineers have resolved the issue of the viral post attack that affected a few thousand Tumblr blogs earlier today," Tumblr spokeswoman Katherine Barna told Betabeat in an email. "Thank you for your patience."

Update (2:47): Information about what exactly went wrong for Tumblr continues to trickle out. Slate's Future Tense talked to GNAA's interim VP, who pointed to problems in mobile posting:

@Ms_meepsheep says it exploits vulnerabilities in “multiple fields, including all mobile post fields.” He or she continued, “Lazy developers, far too incompetent to sanitize input, are the ones to blame. As long as web developers do not care about their users, hackers (or script kiddies depending on point if view) will be there to exploit their errors."

Of course, as with everything else from GNAA, this is worth taking with a grain of salt.

Nitasha Tiku contributed reporting to this article.