http://www.makepovertyhistory.org

Wednesday, December 14, 2005

Notable intruder and criminal hackers

Note that many of these have since turned to fully legal hacking.

Jonathan James (a.k.a. comrade) was most notably recognized for the theft of software which controlled the International Space Station's life sustaining elements, as well as intercepting dozens of electronic messages relating to U.S. nuclear activies from the Department of Defense

Eric Corley (a.k.a Emmanuel Goldstein) — Long standing publisher of 2600: The Hacker Quarterly and founder of the H.O.P.E. conferences. He has been part of the hacker community since the late '70s.

Mark Abene (a.k.a. Phiber Optik) — Inspired thousands of teenagers around the country to "study" the internal workings of the United States phone system. One of the founders of the Masters of Deception group.

Dark Avenger — Bulgarian virus writer that invented polymorphic code in 1992 as a mean to circumvent the type of pattern recognition used by Anti-virus software, and nowadays also intrusion detection systems.

John Draper (a.k.a. "Captain Crunch") — Draper is widely credited with evangelizing the use of the 2600 hertz tone generated by whistles distributed in Captain Crunch cereal boxes in the 1970's, and sometimes inaccurately credited with discovering their use. Draper served time in prison for his work, and is believed to have introduced Steve Wozniak to phone phreaking through the 2600hz tone. Draper now develops anti-spam and security software.

Zeljko Vidas a.k.a. Stoney is one of the two people who wrote the viral decomposer Titanic, which has brought down over 70 companies and is one of the most destructable viruses in cyberspace. Known for his fast, smooth operating and his disaperance in cyberspace. Tom Letinov tried to capture him but with no results. Cracked into Croatias police dept. and deleted some records. It is still not known how he did it.

Markus Hess — A West German, he hacked into United States Military sites and collected information for the KGB; he was eventually tracked down by Clifford Stoll.

Adrian Lamo — Lamo surrendered to federal authorities in 2003 after a brief manhunt, and was charged with nontechnical but surprisingly successful intrusions into computer systems at Microsoft, The New York Times, Lexis-Nexis, MCI WorldCom, SBC, Yahoo!, and others. His methods were controversial, and his full-disclosure-by-media practices led some to assert that he was publicity-motivated.

Vladimir Levin — This mathematician allegedly masterminded the Russian hacker gang that tricked Citibank's computers into spitting out $10 million. To this day, the method used is unknown.

Kevin Mitnick — Held in jail without bail for a long period of time. Inspired the Free Kevin movement. Once "the most wanted man in cyberspace," Mitnick went on to be a prolific public speaker, author, and media personality. Mitnick Security Consulting, LLC is a full-service information security consulting firm. Founded by Kevin Mitnick, Mitnick Security Consulting offers a comprehensive range of services to help businesses protect their valuable assets.

Robert Tappan Morris — In 1988 while a Cornell University graduate student was the writer of the first worm, Morris Worm, which used buffer overflows to propagate.

Nahshon Even-Chaim (a.k.a. Phoenix) — Leading member of Australian hacking group The Realm. Targeted US defence and nuclear research computer systems in late 1980s until his capture by Australian Federal Police in 1990. He, and fellow Realm members Richard Jones (a.k.a. Electron) and David Woodcock (a.k.a. Nom) were the world's first computer intruders prosecuted based on evidence gathered from remote computer intercept.

Kevin Poulsen — In 1990 Poulsen took over all telephone lines going into Los Angeles area radio station KIIS-FM to win an automobile in a call-in contest. Poulsen went on to a career in journalism, including several years as editorial director at SecurityFocus.

David L. Smith — In 1999 Smith launched the Melissa Worm, causing $80 million dollars worth of damage to businesses. Originally sentenced to 40 years, he eventually served only 20 months when he agreed to work undercover for the FBI.

Craig Neidorf — In 1990, Neidorf (a co-founder of Phrack) was prosecuted for stealing the E911 document from BellSouth and publicly distributing it online. BellSouth claimed that the document was worth $80,000; they dropped the charges after it was revealed that copies of the document could be freely ordered for 13$.

Tuesday, December 13, 2005

Security breach at Sam's Club exposes credit card data

DECEMBER , 2005 (COMPUTERWORLD) - Sam's Club, a division of Wal-Mart Stores Inc., is investigating a security breach that has exposed credit card data belonging to an unspecified number of customers who purchased gas at the wholesaler's stations between Sept 21 and Oct2.
In a brief statement released Dec. 2, the Bentonville, Ark.-based company said it was alerted to the problem by credit card issuers who reported that customers were complaining of fraudulent charges on their statements.
It's still not clear how the data was obtained, according to the statement. But "electronic systems and databases used inside its stores and for Samsclub.com are not involved," the company said.
Sam's Club is currently working with both Visa International Inc. and MasterCard International Inc. to investigate the breach. The company also has notified the U.S. Attorney's Office for the Western District of Arkansas and the U.S. Secret Service .
Sam's Club officials didn't respond to calls for comment.
In a statement, Visa said it has alerted all of the affected financial institutions, asked them to provide independent fraud-monitoring services to affected customers and requested that they issue new cards as needed.
"Visa will continue working with its member financial institutions, merchants and appropriate authorities to do whatever is necessary to protect cardholders," Visa said.
Kayce Bell, chief operating officer at Alabama Credit Union (ACU) in Foley, Ala., said the company is reissuing cards to about 500 credit card and debit card holders as a result of the breach. The credit union was alerted to the problem last week by Credit Union National Association Inc., she said.
"We received information through our national reporting service that there had been a very large breach of data at Sam's Club," Bell said. About 500 debit cards and credit cards issued by ACU were among the accounts compromised in this incident, she said.
This isn't the first time this year the credit union has had to block and reissue credit and debit cards at Visa's request. Earlier this year, the ACU had to deactivate and reissue about 1,550 cards after Visa notified it that cards compromised in a CardSystems Inc. breach in June were being used fraudulently.
The Sam's Club breach is the latest in a string of data compromises this year at organizations that have included Bank of America Corp., ChoicePoint Inc. , the University of California and CardSystems. Those breaches have fueled consumer concern about data protection and talk of legislative action to make companies more accountable for the data they own. The breaches have also resulted in Visa and MasterCard requiring all companies that handle payment-card information to comply with their Payment Card Industry (PCI) data-protection standard.
"Visa is aggressively partnering with entities across the nation to broaden adherence to these standards," the company said in its statement regarding the Sam's Club breach. "As Visa has said before, it's important that every entity that handles payment card information adhere to the highest data protection standards, such as the PCI standard, to protect the security and privacy of their customers."