Every Monday, Lifehacker brings in an expert for an hour to answer questions via chat. Next Monday, November 12, 2012 at 3pm, Lifehacker will be kicking off “Spy Week,” dedicated to all things James Bond and mystery. ICORP Investigations Vice President, Steven Santarpia, will be joining Lifehacker to answer your questions pertaining to private investigations. Licensed Private Investigator Steven Santarpia has been a private detective for over 10 years and has worked many different types of investigations including infidelity/cheating spouse, industrial espionage, skip tracing and insurance claims.
More information to come including the link to join the chat session on Monday. To view past chats, visit Lifehacker.com.
For more information regarding ICORP Investigations, please visit their website.
245 Park Ave, 24th Floor
New York, NY 10167
Publicly available code allows hackers to disable Wi-Fi in a range of products.
by Dan Goodin – Oct 26 2012, 1:50pm EDT
The iPhone 4 and a slew of older devices from Apple, Samsung, HTC, and other manufacturers are vulnerable to attacks that can make it impossible to send or receive data over Wi-Fi networks, a security researcher said.
Proof-of-concept code published online makes it trivial for a moderately skilled hacker to disable older iPhones, HTC Droid Incredible 2s, Motorola Droid X2s, and at least two-dozen other devices, including Edge model cars manufactured by Ford. The Denial-of-Service vulnerability stems from an input-validation error in the firmware of two wireless chips sold by Broadcom: the BCM4325 and theBCM4329. The US Computer Emergency Readiness Team has also issued an advisory warning of the vulnerability.
“The only requirement to exploit the vulnerability is to have a wireless card that supports [the] raw inject of 802.11 frames,” Andrés Blanco one of the researchers from Core Security who discovered the vulnerability, told Ars. “The Backtrack Linux distribution has almost everything you need to execute the POC provided in the advisory.”
The Core Security advisory said that Broadcom has released a firmware update that patches the “out-of-bounds read error condition” in the chips’ firmware. Device manufacturers are making it available to end users on a case-by-case basis since many of the affected products are older and already out of service.
Blanco said the exploit makes it impossible for an affected device to send or receive data over Wi-Fi for as long as the DoS attack lasts. Once the malicious packets subside, the device will work normally. Other device functions are unaffected by the Wi-Fi service interruption. He said it’s possible the bug could be exploited to do more serious things.
“We are not sure that we could retrieve private user data but we are going to look into this,” he said.
By Michael Gregg
Celebrities are a perfect target for hackers — they’re highly visible, spend lots of time on their smartphones and they know next to nothing about security. It’s no wonder they’re often victimized by hackers — from lone hackerazzis like the alleged Christopher Chaney to hacker groups like the Anonymous offshoot ‘Hollywood Leaks.’
But how do these hackers actually hack a cell phone?
Many people seem to think it requires a great deal of computer skill to hack a phone; that you have to be some type of hacker mastermind. But the reality is, it’s not that hard.
Here are a few ways:
# 1 — Physical Access to the Phone — Obviously, if a person can get physical access to a cell phone, even for a few seconds, it’s game over. The person can clone it, place a remote spying tool on the phone or download the pictures and information directly to their own account.
TIPS — Make sure your phone has a strong password lock to prevent unauthorized access. Sign up for a mobile phone recovery service — like Where’s My Droid, Find My iPhone, McAfee’s WaveSecure, etc. — that offers GPS tracking, remote freeze and remote wiping in case the phone is ever lost or stolen.
#2 — Hacking Email, Twitter and Apps — Most celebrities are hacked through email, Twitter and other accounts that they use on their phones. This is what happened to Scarlett Johanson, Kreayshawn, Mila Kunis and Christina Aguillera, among others — and it may also be the reason for the more recent hacks on Heather Morris and Christina Hendricks.
Hackers get in by guessing a weak password or bypassing the password altogether by answering a series of cognitive security questions such as mother’s maiden name or what high school they attended. This technique is what is alleged to have been used by Chris Chaney and Hollywood Leaks.
To beat a password, hackers can use special password cracking programs that attempt to “dictionary attack” or “brute force” the account, or they can simply do their homework on the celebrity and use that to guess the passphrase or security questions. Once the hacker gets in to one account, especially email, he can use it to get into other accounts (for example, request the Twitter password reminder be sent to Gmail or other web-based email account).
TIPS — Use a unique password for each online account. Make sure it’s at least 10 characters long and doesn’t make up a real word — use letters, numbers and symbols. Give fake answers to the security questions to make it hard for others to guess. To be extra safe, consider using “two-factor authentication” and PGP encryption with the email account as well.
#3 — Social Engineer the Phone Company — In 2005, hackers stole nude pictures of Paris Hilton by getting access to her T-Mobile Sidekick II, a precursor to today’s smartphones. How did they do it? Theyimpersonated a T-Mobile support tech over the phone and tricked T-Mobile employees into giving them access to the carrier’s intranet site that contained a list of user accounts, which allowed them to reset the password to her account and steal photos and contacts. Today, there’s still a risk hackers could reset accounts or permissions by conning the phone company, but it’s more likely they’ll simply target a person’s accounts directly online.
TIPS — Check your online phone accounts periodically to make sure there haven’t been any unauthorized changes.
#4 — Wi-Fi Spies — Movie stars do a lot of traveling, and while they’re roaming about they’re often connecting their phones to open Wi-Fi networks — whether it’s at the airport, hotel or Starbucks. This puts them at greater risk of being hacked. Using public Wi-Fi puts all of your online accounts, Internet searches, emails and usernames/passwords out in the open where they can be read, copied and hacked by any person with moderate computer skills. In fact, there are special tools available online that do this.
TIPS — Don’t use public Wi-Fi. Stick with 3G or 4G service, as it’s harder to hack. If you must use a public wireless network, only use websites or apps from your phone that offer encryption (‘https’ in the address bar) and don’t save your passwords in a cache. Even better, setup a virtual private network (VPN) that will encrypt your online activity no matter where you are.
#5 — Spyware — Stars who spend a lot of time using open Wi-Fi and chatting with friends or followers on social networks and clicking on shared links are also at risk of spyware. Spyware is malicious software that can infect your phone in order to record the things you type — like usernames and passwords — and it can also be used to steal items from your phone, like photos, contacts and banking data. “FakeToken” is one example of spyware that is currently being found on some Android phones. There’s a good chance some celebrity phones have been infected by spyware.
TIPS — Don’t use public Wi-Fi. Don’t click on suspicious links, whether they’re in email, text messages or tweets.
The bottom line is that most celebrities fall victim to hacks because they use weak passwords and share too much information — and images — through easily hacked accounts. A few basic precautions would fix the problem for many of them; hopefully they’ll learn their lesson.
Do you feel like your phone or house is bugged? Are there hidden camera’s at your workplace of residence? Are you wondering if there is a GPS on your vehicle? Icorp Investigations private investigators can help! Our physical inspection will give you peace of mind you deserve. We can detect digital signals of Bluetooth, WLAN, Wi-Fi, Cellular phone, GPS and Digital Spread Spectrum wireless products. Call Toll Free 866.984.2677 or visit Icorp Investigations New York private investigators website.
WASHINGTON/BOSTON | Wed Apr 13, 2011 6:55pm EDT
(Reuters) – U.S. authorities claimed one of their biggest victories against cyber crime as they shut down a ring they said used malicious software to take control of more than 2 million PCs around the world, and may have led to theft of more than $100 million.
A computer virus, dubbed Coreflood, infected more than 2 million PCs, enslaving them into a “botnet” that grabbed banking credentials and other sensitive data its masters used to steal funds via fraudulent banking and wire transactions, the U.S. Department of Justice said on Wednesday.
The government shuttered that botnet, which had operated for a decade, by seizing hard drives used to run it after a federal court in Connecticut gave the go-ahead.
“This was big money stolen on a large scale by foreign criminals. The FBI wanted to stop it and they did an incredibly good job at it,” said Alan Paller, director of research at the SAN Institute, a nonprofit group that helps fight cyber crime.
The vast majority of the infected machines were in the United States, but the criminal gang was likely overseas.
“We’re pretty sure a Russian crime group was behind it,” said Paller.
Paller and other security experts said it was hard to know how much money the gang stole. It could easily be tens of millions of dollars and could go above $100 million, said Dave Marcus, McAfee Labs research and communications director.
A civil complaint against 13 unnamed foreign nationals was also filed by the U.S. district attorney in Connecticut. It accused them of wire and bank fraud. The Justice Department said it had an ongoing criminal investigation.
The malicious Coreflood software was used to infect computers with keylogging software that stole user names, passwords, financial data and other information, the Justice Department said.
“The seizure of the Coreflood servers and Internet domain names is expected to prevent criminals from using Coreflood or computers infected by Coreflood for their nefarious purposes,” U.S. Attorney David Fein said in a statement.
In March, law enforcement raids on servers used by a Rustock botnet were shut down after legal action against them by Microsoft Corp. Authorities severed the Rustock IP addresses, effectively disabling the botnet.
Rustock had been one of the biggest producers of spam e-mail, with some tech security experts estimating they produced half the spam that fills people’s junk mail bins.
A botnet is essentially one or more servers that spread malicious software and use the software to send spam or to steal personal information or data that can be used to empty a victim’s bank account.
U.S. government programmers shut down the Coreflood botnet on Tuesday. They also instructed the computers enslaved in the botnet to stop sending stolen data and to shut down. A similar tactic was used in a Dutch case, but it was the first time U.S. authorities had used this method to shut down a botnet, according to court documents.
Victims of the botnet included a real estate company in Michigan that lost $115,771, a South Carolina law firm that lost $78,421 and a Tennessee defense contractor that lost $241,866, according to the complaint filed in the U.S. District Court for the District of Connecticut.
The government plans to work with Internet service providers around the country to identify other victims.
Private Investigator New York and New Jersey. Let ICORP Investigations help you with your Infidelity Investigation. We’ve helped many, many individuals find out the truth about their spouses. We’ll be happy to answer any questions you might have and assist you with the most cost efficient way to proceed with your case. Call ICORP Investigations for a Free Consultation. 866.984.2677. You’ll be glad you did.
Licensed in New York #11000133551 and New Jersey #8387 – Specializing in Family Law, Infidelity and Insurance Surveillance Investigations.