It turns out the guy in charge of fighting online crime was nearly conned by online criminals: Mueller told a San Francisco audience today that he once began entering his personal information into a scammer's Web form in response to what appeared a "perfectly legitimate" email from his bank, The Register reports. Then, after being asked for his password, Mueller realized he'd made a huge mistake and changed all his passwords and eventually turned to his wife, and was like, ha ha, "teachable moment."

But she replied: "It is not my teachable moment. However, it is our money. No more internet banking for you!"

The point is, stop trying to use the internet for any sort of important business, people, because if Robert Mueller can't figure this crazy thing out, who can? Other than hackers, terrorists, children, and most humans outside of U.S. banks, credit card companies and the federal government?

The maker of one password tool estimates it can crack 55 to 65 percent of passwords out there — and that's not even particularly impressive, says security writer Bruce Schneier in an in-depth look at picking a secure password. You won't read that, so here's a very short guide. Summary: Use a password manager, don't use words from the dictionary, don't use the same password on every site.

And try not to be the Hotmail user who picked the reasonably secure password "lafaroleratropezoooooooooooooo," only to then go and enter it in a stupid phishing website.

(Pic: by zakwitnij on Flickr)

Fox News wants to make out with Barack Obama. Get off the internet if you're gonna keep hitting the white wine, Kilmeade!

Update: Oh, it was a fake Twitter account to begin with.

Since royally screwing up the 3G network used by iPhone owners wasn't embarrassing enough, the wireless carrier had to have a public falling out with Mitnick over the security of his AT&T account. The company will only let Mitnick use an eight-digit, all-numeric password to log in online, and aspiring uber-hackers — wanting to prove themselves against the master — have cracked in, obtained his call logs, billing address and last four social-security-number digits, and posted them to the Web, The Register reports.

AT&T's response? "We investigated Mr. Mitnick's claims and determined they were without any foundation," it told the Register, and invited him to take his business elsewhere. Is it any wonder online spooks just adore these guys?

(Pic: Mitnick on release from federal prison, 2000, Getty Images.)

In a blog post, Twitter co-founder Biz Stone writes that the attacks are ongoing and "massively coordinated," but declined to elaborate, because then he'd have to kill you. Actually no, it's because he didn't want to "engage in speculative discussion." But a Georgian blogger is happy to speculate; he says it's totally the Russian regime.

The blogger, known as "Cyxymu," has been outspoken in his criticism of Russian tactics in the war over the disputed region of South Ossetia. Facebook's chief of security tells CNET (via Business Insider) that Cyxymu is the target of the denial of service attack on Facebook and Twitter yesterday and today. The blogger has accounts on both services, as well as on LiveJournal, Blogger and YouTube. Google, which operates the latter two, told CNET its systems "prevented substantive impact to our services," so we still have the keyboard cat.

First the subs off our coast, now Twitter attacks. How will the Russians vaguely annoy us next? Satellite TV jamming? Attack the iPhone app store?

(Pics via)

Apparently, on August 1 and 2, a "hacker" "hacked" the websites of 20 members of congress, replacing all the text with "H4ck3d by 3n_byt3 @ Indonesia H4ck3rs." How did Indonesia H4ck3rs do it? Are they brilliant computer masterminds, like in the popular film Hackers?

Sort of! From Roll Call:

House officials say that the hacker accessed the site by guessing passwords assigned to Member offices by GovTrends, a Web design company that hosts the sites of about 100 Members. Some offices never changed the passwords, which GovTrends founder Ab Emam called "obvious" and easy to guess.

Ah, the old "guessing the easy-to-guess password" trick.

Rep. Spencer Bachus is pissed that no one told him that his website had been hacked for a couple hours. He wrote a letter about it and everything! He demands answers.

Bachus asked the CAO to provide copies of the Web logs and "evidence supporting GovTrends speculation" that the hacker simply guessed the password.

"Please provide an explanation of the vulnerability that allowed this situation to occur and what is being done to prevent it from happening again in the future," he wrote. "It is extremely important that my constituents can trust that information provided to my office is kept confidential and secure."

Well, Spencer, you could've changed your password. It was "password1," wasn't it? Admit it.

AT&T spokesman Michael Cole sent us the following statement, saying AT&T's network was swamped with attacks from the server that hosts 4chan's infamous "/b/" forum, so AT&T blocked 4chan for a while:

Beginning Friday, an AT&T customer was impacted by a denial-of-service attack stemming from IP addresses connected to img.4chan.org. To prevent this attack from disrupting service for the impacted AT&T customer, and to prevent the attack from spreading to impact our other customers, AT&T temporarily blocked access to the IP addresses in question for our customers. This action was in no way related to the content at img.4chan.org; our focus was on protecting our customers from malicious traffic.

Overnight Sunday, after we determined the denial-of-service threat no longer existed, AT&T removed the block on the IP addresses in question. We will continue to monitor for denial-of-service activity and any malicious traffic to protect our customers.

4chan itself has come under denial of service attack recently; if the site's online enemies actually managed to gain access to the site's servers (via a different type of attack), they could have used it as a proxy to hit AT&T. Or maybe someone figured out how to trick /b/'s bulletin board software into doing the same thing; lord knows the online hangout is popular with plenty of crafty script kiddies.

(Pic via)

For benefit of the uninitiated, 4chan is a popular Wild West-ish outpost of internet known equally for its infamous hacking jobs and pranks (Rickrolling emerged from this murky swamp) as its meme generation, perhaps most notably the LOLcats phenomenon. 4chan's /b/ messageboard, one of the sections of the site blocked by AT&T, was once described as "the asshole of the internet" by Gawker and Valleywag alum Nick Douglas, an outpost where "btards" gather to engage in tasteless games of uncensored oneupsmanship, where the objective is often to see who can elicit the most shock from other members of the community.

Reports Tech Central:

Users of AT&T's DSL internet access across many states in the US are reporting that they are being blocked from the infamous /b/ message board in what appears to be an act of internet censorship by the phone company. This started today Sunday and no one has yet been able to get any official confirmation out of AT&T as to why.

Moot, the founder of 4chan, has confirmed AT&T is filtering/blocking the site.

In addition to starting a war with the internet's most skilled collection of cyber-rogues, Central Gadget says that AT&T may also be breaking the law.

Under the FCC's Comcast/BitTorrent ruling, Internet Service Providers may only slow or cap connection speeds. They are not allowed to block any service or protocol on the internet. Here, 4chan as a web site appears to fall under an internet service, but it is also conforming to standard web page protocols. It appears AT&T does not have the legal right to block 4chan, only to cap customers who are "abusing" their access to the internet.

Predictably, the 4chan crowd is already mobilizing both inside and outside of their online community. AT&T didn't just open a can worms, they dove headfirst into a den of vipers, and this will be very interesting to watch play out.

AT&T Takes on 4chan—Everybody Stand Back [Tech Central]
AT&T Blocking Access to Some Parts of 4chan [Central Gadget]
pic via

TechCrunch has published financial forecasts assembled by Twitter Inc in February and obtained from management's personal files by a computer hacker. They project $400,000 in revenue this quarter, presumably from those adorable "concept definition" ads. Sales were projected to increase tenfold by the fourth quarter, ramping to $62 million by the fourth quarter of next year.

Twitter Inc., which doesn't like people talking about its hacked internal documents, told TechCrunch the numbers are stale and unofficial. But, specifics aside, they leave the unmistakable impression the microblogging service was serious about making money this year. That goal may have been intended only for company backers; now that it has gone public, there will be even more pressure on the company to make its creative approach to advertising pay off over the next five months.

(Top pic: Twitter CEO Evan Williams at Allen & Co.'s Sun Valley media summit July 10, 2009.)

Whoa. Read that over again. According to a blockbuster report in The Guardian yesterday:

But one senior source at the Met told the Guardian that during the Goodman inquiry, officers found evidence of News Group staff using private investigators who hacked into "thousands" of mobile phones. Another source with direct knowledge of the police findings put the figure at "two or three thousand" mobiles. They suggest that MPs from all three parties and cabinet ministers, including former deputy prime minister John Prescott and former culture secretary Tessa Jowell, were among the targets.

All of this reportedly surfaced after a News of the World reporter was jailed two years ago for hacking phones. At the time, the company said it was an isolated incident. But if the Guardian's report is true, Murdoch's UK tabloids are—incredibly—even more despicable than we would have thought. The Guardian says that the company has paid one million pounds in out-of-court settlements to keep it all quiet. It also insinuates that top editors including Rebekah Wade could be implicated, though the extent of individual executives' knowledge is not clear.

Rupert Murdoch has already denied the report. But for Americans, the story is already being cast as a direct, veiled assault on Murdoch himself. Not just because he's the lone News Corp. figure familiar to most Americans, but because every US competitor paper would love to see him smeared! Chiefly, the New York Times—who put the story on the front page of their website, and were sure to include the phrase "Murdoch Papers" in the headline. [The "Murdoch Papers" are the papers of News Corp's News International division: the Times of London and the Sunday Times (more respectable), and the News of the World and The Sun (dirty).]

So what we have here is, potentially, a clear case of blatant criminal misconduct at some of the biggest papers owned the world's biggest newspaper mogul—and this case could go all the way to the top. Or it could not! But watch gleefully as the New York Times reports the hell out of it, waging a newspaper war in its own "What newspaper war?" way. (Where are you on this, NY Daily News?). And really, this is beyond the pale, even for what are some of the least scrupulous papers in the world. Hacking phones and hiring private eyes are scumbag tactics. We would even expect better from Rupert Murdoch.

[Guardian, NYT. Pic: Getty]

Reports the Washington Post:

In the United States, the attacks primarily targeted Internet sites operated by major government agencies, including the departments of Homeland Security and Defense, the Federal Aviation Administration and the Federal Trade Commission, according to several computer security researchers. But The Washington Post's site was also affected.

South Korea's main spy agency, the National Intelligence Service, said in a statement that it thought the attacks were carried out "at the level of a certain organization or state" but did not elaborate. The South Korean news agency Yonhap and the JoongAng Daily, a major newspaper in Seoul, reported that intelligence officials had told South Korean lawmakers that North Korea or its sympathizers were prime suspects. A spokesman for the intelligence service said that it could not confirm the report.

The attacks were described as a "distributed denial of service," a relatively unsophisticated form of hacking in which personal computers are commanded to overwhelm certain Web sites with a blizzard of data. The effort did not involve the theft of sensitive information or the disabling of crucial operational systems, government and security experts said. But they noted that it was widespread, resilient and aimed at government sites.

Now, can someone please explain how one of the world's more technologically backwards countries can hack into any government's computers, much less ours? Have you seen North Korea's official website? It's less than impressive.

U.S., South Korea Targeted in Swarm of Internet Attacks [Washington Post]

The ongoing denial of service attack against U.S. government websites is nothing if not ambitious, you see, and what it lacks in sophistication it makes up for with what an Yank might call "moxie."

According to reports from IDG and AP, someone is launching what may be the biggest distributed Web attack yet, consuming at one point 20-40 gigbytes/second worth of bandwidth. And instead of just concentrating that power, the attacker is going after basically everything, including

• the Secret Service,
  
• the Department of Homeland Security,
  
• the Department of State,
  
• the White House,
  
• the National Security Agency,
  
• the Department of Defense,
  
• the Federal Trade Commission,
  
• the Department of Transportation,
  
• the Treasury Department,
  
• the Federal Aviation Administration
  
• and, who knows, probably the Park Service too.

As one researcher told ComputerWorld,

Who goes around targeting a site like the FAA or the U.S. Treasury? It's not something that most people would think to attack.

Ah, but every American success story must start somewhere. Using computers mainly based in Korea, but not necessarily controlled from there, the attacker successfully knocked out the FTC website for a day or two. Just imagine what our country would look like if our financial regulators were out to lunch much longer than that!

(Pic via)

The 20-year-old gained entry into Palin's account by guessing the answer to her security question. Then he went public without finding anything really juicy.

It did become clear Palin had been using the account, "gov.sarah," for government business, a naked affront to Alaska's public records laws. But that's not what Palin wants to talk about. Surprise: She wants to remind everyone how a "democrat lawmaker's son" (surely she meant Democratic, no?) did an awful thing, nine months ago.

Who says you can only be martyred once? Palin will be a martyr forever, or until the American people finally elect her to high office to make her finally stop (actually she'll still be martyr even then).

Boing Boing, the tech culture blog, went down today, and briefly thought it was under attack. BB blogger (and old Gawker Media hand) Joel Johnson tweeted that the site had been the victim of "cyberwar." The site had only hours earlier posted a "Cyberwar guide for Iran elections;" we asked Johnson via IM if he thought Iran was attacking Boing Boing:

Later, the real culprit emerged: It was Boing Boing's fault; the site had somehow posted every post ever to the front page, resulting in a 171MB index.html.

A similar drama unfurled yesterday on Andrew Sullivan's blog for The Atlantic. Sullivan, who has been blogging heavily about the situation in Iran, proclaimed he was under "digital attack," later clarified to be a denial of service attack. Then later, "it turns out our servers have just been overwhelmed... the tech staff has now ruled out a... attack."

(While Sullivan was under-credited for his tech problems, he was over-credited when Twitter reversed a decision to delay a planned outage, as Sullivan had urged. Though some observers said Sullivan was key to Twitter's reversal, it later emerged that the State Department liked played the crucial role in lobbying the microblogging service.)

If the Iranian regime does have the capacity to launch some sort of cyberattack, now may be the ideal time: There have been so many false alarms, it will take significantly longer to respond to the real thing.

Nick's email asked a question in the subject line..."Did someone hack the Times Twitter?"


Um, yep!

No, not that kind of drug problem. But Chopra, before getting named White House CTO, served as Virginia's secretary of technology. He made his name automating Virginia's healthcare industry. One of the specific achievements he was lauded for was getting the state's scattered doctors' offices and clinics to file electronic prescriptions. Web 2.0 fanboys love him. Sounds great, right?

Sure, until we heard that hackers had broken into a Virginia state drug-prescriptions database and are demanding ransom for more than 8 million patient records. A state official said the FBI was investigating. Chopra, as the state's tech boss, may not have configured the server personally — but he should have made sure something like this never happened.

An FBI investigation: Where have we heard that before? Oh yes, at Kundra's previous job. Before becoming White House CIO, Kundra ran Washington, D.C.'s Office of the Chief Technology Officer, which has been mired in a bribery scandal. He was briefly suspended, even though he hadn't been named as a target of the investigation.

The natural conclusion to draw: Obama's techie hires talk a good game. But when it comes to actually keeping our nation's servers safe from attacks within and without, they've fallen down on the job. President Change deserves better than a bunch of smooth-talking PowerPoint jockeys. He needs hackers, not hacks.

Facebook is the target of new phishing scams, which attempt to trick users to logging into FBaction.net and FBstarter.com, thereby handing over their passwords. (If you got taken in, don't feel bad — so did notorious social media fameball Rex Sorgatz!) Here's a screenshot of the scam in action, via The Next Web:

But wait, isn't that exactly what Facebook is trying to do on sites like Digg and The Insider and Gawker? Its Facebook Connect program is designed to let people use their Facebook logins on other websites. And the only way Facebook will ever make money is by getting users to share every last moment of their life. If the Facebookers were really doing their jobs, their users wouldn't have any private information left for phishers to steal.

Unlike with Sarah Palin's emails, there's not really a public-spirited reason to post the screenshots the hackers took, except, of course, pure voyeurism. The detail-by-detail, appointment-by-appointment depiction of the lifestyle of a rich and famous actress is all engrossing stuff for the masses (and for us). And yet it feels oddly unsatisfying — the same drip, drip, drip of minutiae that the Internet famous overshare on blogs and Twitter.

Screenshots of the shayek@mac.com email account, released by habitués of the online bulletin board 4chan, appear to be authentic. Breaking into the account was a simple matter of knowing Hayek's birthday — September 2 — and guessing at her security word (they claim it was the name of her best known movie role) to reset the account's password. Public-records searches show that the 323-area-code phone number Hayek listed in a sent email belongs to the actress. A spokeswoman for Hayek has not returned a call requesting comment.

The glimpses into Hayek's life revealed by her inbox are fascinating, even if mundane: The stranger-suckling actress has been invited to America Ferreira's 25th birthday party. She downloads a bunch of iPhone applications from the iTunes App Store — and she gets spam from Apple, just like the rest of us. As for the perks of being famous, a driver was scheduled to meet her flight arriving in Abu Dhabi. American Express has given her a new Gold card. (What, she doesn't rate the exclusive black Centurion Card?) Balenciaga and Stella McCartney deliver designer clothes to her apartment. She schedules "Japanese face massages." And she gets scans of stories about her in the celebrity weeklies.

Heroic television short-hair Rachel Maddow has been losing viewers, ever since the election! What the hell, America? Too busy watching Spike TV's Deadliest Warrior to care about public affairs? Cause that's what I'm doing. Deadliest Warrior.


Ha, the young internet idiots at 4Chan hacked Time.com's "100 Most Influential People" online poll and voted 4Chan's founder up to #1 and also, we quote, "the hackers apparently rearranged the top 21 names so that the first letter of their names-looking down the list-spelled out the phrase 'Marblecake Also the Game.'" Joke's on you, hackers. There is no way to make Time's list of Influential People any more bullshit than it already is.


More on today's Chicago Tribune layoffs, via Facebook updates:

10:45am [redeacted]: "Two people who sit at adjacent desks just got laid off. Good, good people. We're all waiting at our desks hoping not to be called next."
10:47am [redacted]: "A lot of tears..."
13 minutes ago [redacted]: "I was told to stop writing about this, because it was upsetting some people. OK, I'll stop. But this is bigger than work. This is about real people and real friends."

New-media-overtaking-old-media-symbolism-UGH.


Elsewhere in declining audiences: the Seattle P-I. They killed the print paper and went online-only, but now their online traffic is down 23% from a year ago. There's no good angle on that whatsoever.