Briton accused of hacking Fox, PBS websites

LOS ANGELES (AP) – A 20-year-old Briton suspected of links to the hacking group Lulz Security is accused of cracking into websites for a Fox reality TV show, a venerable news show and other sites to deface them or steal personal information, federal prosecutors said Wednesday.

A federal grand jury indicted Ryan Cleary on conspiracy and hacking charges for allegedly hacking sites for the talent competition The X-Factor, the site for PBS NewsHour, Sony Pictures and others.

The indictment filed Tuesday alleges Cleary and his co-conspirators would identify security vulnerabilities in companies' computer systems and use them to gain unauthorized access and, often, cause mayhem.

In a separate and similar case filed against Cleary in theUnited Kingdom in 2011, he faces allegations that he and others hacked a law enforcement agency, the Serious Organized Crime Agency, and various British music sites — all while he was still a teenager.

Cleary was taken into custody in March and remains in custody in the United Kingdom, said Laura Eimiller, FBI spokeswoman.

In one instance, the U.S. indictment alleges, Cleary conspired to steal the confidential information of people who registered to get information on auditions for the Fox talent competition The X-Factor.

That hack was the first to be claimed by LulzSec, an offshoot of the larger hacking group Anonymous, in tweets about its international hacking spree that began in May 2011.

Later that month, LulzSec claimed to have hacked the website of the Public Broadcasting Service, where a phony news story was posted claiming the dead rapperTupac Shakur was alive and living in New Zealand.

The post caused a stir on the site for PBS NewsHour, an award-winning broadcast news show, and came after the network aired a documentary on WikiLeaks founder Julian Assange that was deemed critical. PBS' ombudsman at the time defended the program's treatment of Assange as "tough but proper."

The indictment also alleges LulzSec and Cleary hacked into the computer systems of Sony Pictures Entertainment Inc. in June 2011 to steal confidential information of users who had registered on the company's website.

Cleary faces a maximum of 25 years if convicted on all charges.

Calls and emails to Fox, Sony and The NewsHour seeking comment and confirmation were not immediately returned Wednesday.

An after-hours call to Cleary's legal representative in London was not returned. It was not immediately clear who would represent him in the United States.

LulzSec also has claimed responsibility for hacking incidents not listed in Cleary's indictment, including hacking the CIA's public-facing website and the Atlanta chapter of an FBI partner organization called InfraGard.

Copyright 2012 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Plenty Of Fish Hacked. Usernames and passwords compromised, says founder

Popular dating site Plenty of Fish was hacked last week, exposing users’ email addresses, usernames and passwords, according to a blog post today from its founder and CEO.

In what he calls “an incredibly well planned and sophisticated attack”, Markus Frind writes that “Plentyoffish was hacked last week and we believe emails usernames and passwords were downloaded. We have closed the security hole that allowed them to enter.”

Frind says that an official announcement from the company will follow shortly so at present, the extent of the breach is unknown. However, the story behind the hack is interesting.  Frind lays the blame on an Argentinian hacker. He claims that after breaking into Plenty of Fish’s database, the hacker contacted Frind’s wife claiming that “Russians have taken over his computer and are trying to kill him, and his life is in extreme danger and they are currently downloading plentyoffish’s database”.

Frind alleges that the hacker claimed a widespread, Russian-led hack on major dating sites was underway and the gang responsible planned to steal $30 million dollars from them. Frind says that he believes that this was an extortion attempt by the hacker who later introduced himself as part of a security company that could help solve the problem.

In the comments to Frind’s post, the “hacker” concerned denies the accusation, saying that he simply got in contact to offer a solution and wasn’t responsible for any data breach himself.

Meanwhile, over on Hacker News, an in-depth discussion is taking place into the security (or otherwise) of Plenty of Fish’s method of storing passwords. It appears that the passwords have been stored in an unencrypted form, thus leading to their easy exposure to hackers.

So, extortion attempt or a legitimate security analyst trying to help? We’re still unpicking the facts behind this, but one thing’s for sure – if you’re a Plenty of Fish user, it’s best to change your password right now.

City of Chicago website hacked, back online

May 20, 2012|By Hal Dardick | Tribune reporter

Officials say the city's website was hacked today, though users were able to access most online services.

Federal authorities and Chicago police are investigating the attack, according to a source familiar with the incident. Authorities are also exploring whether the attacks are linked to a threat to hack NATO's website in Europe.

Hackers claimed credit for bringing down the cityofchicago.org site, according to Twitterfeeds this morning. The cityofchicago.org appeared to be back to normal by 2 p.m.

A group using the name antis3curityops sent out a message on Twitter at 6:17 a.m. directing people to “fire” on chicagopolice.org and chicagoseargeants.org.

A Twitter user who claims affiliation with Anonymous, an international hacker community, tweeted a little later "Tango Down," with a link to cityofchicago.org -- shorthand used on the Internet to indicate a site has been hacked or targeted. That site was also unresponsive as of noon.

The group antis3curityops posted a video saying it was "actively engaged in actions against the Chicago Police Department," and it encouraged "anyone to take up the cause and use the AntiS3curityOPS Anonymous banner. For those able, chicagopolice.org should be fired upon as much as possible. We are in your harbor Chicago, and you will not forget us."

Referring to clashes between police and protesters during marches in the Loop Saturday night, the video said "let us unite and show the violent Chicago police and the government big brother tactic’s (sic) that we are not gonna take this."

A Twitter account claiming to represent Anonymous cited "violation of humanrights" as a reason for the cyberattack against the police site.

LinkedIn Password Hack: Check To See If Yours Was One Of The 6.5 Million Leaked

LinkedIn user data was jeopardized Wednesday when reports surfaced that 6.5 million passwords were leaked and posted on a Russian hacker site. Websites offering a LinkedIn password hack check likeLeakedIn quickly popped up so users could find out if their password was one of the 6.5 million -- or more -- leaked.

Don't fret, all may not be lost if you're one of the many who use the same password or a variant for your email and social networking logins. LeakedIn and LastPass, which also features a LinkedIn password check tool, enable users to check if their password was leaked. The sites change their LinkedIn password to a SHA-1 hash, which is then automatically compared to the 6.5 million-password database to determine if the password was hacked.

While users may be skeptical of handing over their LinkedIn password to one of these sites, the hash algorithm function converts the password into a series of characters. The process is extremely difficult to reverse, so the original password cannot be reconstructed from the hash outcome.

However, LastPass notes, it is possible to reconstruct the original from a SHA-1 hash if the password is relatively simple, such as a word in a dictionary. At this point, you probably want to beef up your security anyway by trading that weak password for amore complex one with numbers and special characters.

Although LeakedIn and LastPass were created to enable users to check if their password was hacked, the sites serve a secondary function for bored web surfers -- entertainment. Type any potential password in the field and the sites will confirm if it was leaked. But, while confirming the leak, the tool also verifies that the password was once used by a LinkedIn user.

Actual passwords range from words that could be easily guessed -- resume and jobhunt -- to some that are pretty weird -- pussywillow and monkeysex. Gizmodorounded up some of the funnier ones, while BuzzFeed provided a list of 23 passwordsthat are just sad.

Norweigan IT website Dagens IT was the first to report the massive leak to a Russian hacker site. LinkedIn responded to the claims later in the day, confirming that some passwords were compromised without specifying how many.

However, the leak may be larger than suspected. Data security company Imperva saidmore than 6.5 million passwords may have been leaked due to the fact that each unique password was only listed once in the file, so any two accounts sharing the same password would only appear as one.

UPDATE:
LastPass also features a password check tool for eHarmony users, whose logins may also have been compromised.

RELATED ON HUFFPOST:

Supreme Court website hacked in response to TPB, Vimeo block

It's now confirmed news that Indian ISPs are blocking torrent sites like The Pirate Bay and websites like Vimeo following a court order pushed for by Copyright Labs, a Chennai-based firm at the Madras High Court. A copy of the John Doe order, dated 29th of March, 2012 now confirms that the Chennai-based firm secured the John Doe order in the light of two movies - Dhammu (Telugu) and 3 (Tamil). The court order, which can be read at this link lists the Indian ISPs which will block these sites completely. These ISPs include - BSNL, MTNL, Bharti Airtel, Aircel Cellular, Hathway Cable and Dotcom, Sistema Shyam Teleservices, Vodafone India, Idea Cellular, Reliance Communications, Tata Teleservices, O-Zone Networks, Tikona Digital Networks, BG Broadband India, Sify Technologies, among others. Quoting the CEO of Copyright Labs, Harish Ram, the report states, "We have been fighting for this for long and it seems the ISPs are finally responding."


News of Indian ISPs targeting torrent sites like The Pirate Bay and some other websites like Vimeo,came earlier this month. Back then, however, not only had the news not been confirmed, but it was also suspected that it was Reliance Entertainment who had secured the John Doe order for their upcoming, release - Dangerous Ishhq. After speaking with a representative from Reliance Entertainment who are the official producers and distributors for the film, an earlier report on the topic had found that the court order was issued to get Indian ISPs to ensure that the company's movie, Singham, which was scheduled to be released then, be blocked from pirated release on filesharing websites. Although there are reports of ISPs blocking access to these websites, some of us are still able to access them, hence the mode of blocking access is not clear at the moment.


Tweets coming in by the hacker group, opindia confirm that the security of the official websites of the Supreme Court of India and the All India Congress Committee has been compromised. Even as you're reading this, the websites - http://supremecourtofindia.nic.in, dot.gov.in and aicc.org.in have been rendered inaccessible. In a series of tweets that have been appearing on the micro-blogging site, opindia have stated - "#Government must understand. #INTERNET belongs to us! #TANGODOWN --> http://supremecourtofindia.nic.in & http://aicc.org.in", and in another tweet stated - "@Anon_Central Another #TANGODOWN -->> http://www.dot.gov.in Department of telecom, You should've expected us! ~ #opindia".