Entries Tagged "spoofing"

Page 3 of 6

Brian Krebs

Nice profile of Brian Krebs, cybersecurity journalist:

Russian criminals routinely feed Mr. Krebs information about their rivals that they obtained through hacks. After one such episode, he began receiving daily calls from a major Russian cybercriminal seeking his files back. Mr. Krebs is writing a book about the ordeal, called “Spam Nation,” to be published by Sourcebooks this year.

In the meantime, hackers have been competing in a dangerous game of one-upmanship to see who can pull the worst prank on Mr. Krebs. They often steal his identity. One opened a $20,000 credit line in his name. Admirers have made more than $1,000 in bogus PayPal donations to his blog using hacked accounts. Others have paid his cable bill for three years with stolen credit cards.

The antics can be dangerous. In March, as Mr. Krebs was preparing to have his mother over for dinner, he opened his front door to find a police SWAT team pointing semiautomatic guns in his direction. Only after his wife returned home from the grocery store to find him handcuffed did the police realize Mr. Krebs had been the victim of “swatting.” Someone had called the police and falsely reported a murder at their home.

Four months after that, someone sent packets of heroin to Mr. Krebs’s home, then spoofed a call from his neighbor to the police. But Mr. Krebs had already been tipped off to the prank. He was tracking the fraud in a private forum—where a criminal had posted the shipment’s tracking number ­- and had alerted the local police and the F.B.I.

Posted on February 20, 2014 at 4:09 PMView Comments

GPS Spoofers

Great movie-plot threat:

Financial institutions depend on timing that is accurate to the microsecond on a global scale so that stock exchanges in, say, London and New York are perfectly synchronised. One of the main ways of doing this is through GPS, and major financial institutions will have a GPS antenna on their main buildings. “They are always visible because they need a clear view of the sky,” Humphreys told Wired.co.uk.

He explains that someone who directed a spoofer towards the antenna could cause two different problems which could have a major impact on the largely automated high-frequency trading systems. The first is simply causing confusion by manipulating the times—a process called “time sabotage”—on one of the global stock exchanges. This sort of confusion can be very damaging.

Posted on March 2, 2012 at 6:11 AMView Comments

More on the Captured U.S. Drone

There’s a report that Iran hacked the drones’ GPS systems:

“The GPS navigation is the weakest point,” the Iranian engineer told the Monitor, giving the most detailed description yet published of Iran’s “electronic ambush” of the highly classified US drone. “By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain.”

The “spoofing” technique that the Iranians used—which took into account precise landing altitudes, as well as latitudinal and longitudinal data—made the drone “land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the US control center, says the engineer.

More stories

The Aviationist has consistently had the best analysis of this, and here it talks about the Tehran Times report that Iran has four Israeli and three U.S. drones.

My original blog post.

Posted on December 16, 2011 at 12:01 PMView Comments

Hacking Cars Through Wireless Tire-Pressure Sensors

Still minor, but this kind of thing is only going to get worse:

The new research shows that other systems in the vehicle are similarly insecure. The tire pressure monitors are notable because they’re wireless, allowing attacks to be made from adjacent vehicles. The researchers used equipment costing $1,500, including radio sensors and special software, to eavesdrop on, and interfere with, two different tire pressure monitoring systems.

The pressure sensors contain unique IDs, so merely eavesdropping enabled the researchers to identify and track vehicles remotely. Beyond this, they could alter and forge the readings to cause warning lights on the dashboard to turn on, or even crash the ECU completely.

More:

Now, Ishtiaq Rouf at the USC and other researchers have found a vulnerability in the data transfer mechanisms between CANbus controllers and wireless tyre pressure monitoring sensors which allows misleading data to be injected into a vehicle’s system and allows remote recording of the movement profiles of a specific vehicle. The sensors, which are compulsory for new cars in the US (and probably soon in the EU), each communicate individually with the vehicle’s on-board electronics. Although a loss of pressure can also be detected via differences in the rotational speed of fully inflated and partially inflated tyres on the same axle, such indirect methods are now prohibited in the US.

Paper here. This is a previous paper on automobile computer security.

EDITED TO ADD (8/25): This is a better article.

Posted on August 17, 2010 at 6:42 AMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.