Lashing out in response to sharing service Megaupload being taken offline and its founder jailed, hacking activist group Anonymous took down websites for Universal Music and CBS.com. One rumor suggests that Xbox.com and Xbox Live could be next.

The group sent out a video earlier this week claiming that if the MegaUpload services were not restored within 72-hours, they would begin targeting such sites as Capital One, The United Nations, Twitter, Facebook and Youtube. There are rumors that the video was merely an empty threat posted by either smaller members of the organization or someone not even affiliated with them.

This wouldn’t be the first time that Anonymous allegedly took down a gaming service. Though they denied any involvement, the group was credited with taking down the PlayStation Network, taking the service offline for 23-days in response to Sony taking legal action against a hacker who “jailbroke” his PS3 system.

It’s unclear whether the Xbox Network is a verified target of the group, or which of the services would be effected.

The message boards for Valve’s popular gaming portal Steam were reportedly hacked last night with multiple users claiming that the forums would redirect them to a website for the hacking group “Fknowned.”

Here’s where things get weird though, the group denies all involvement in the hack. So much so in fact that they have taken down their own site and denied any involvement in the incident.

It’s unlikely that any personal data was stolen in the hack. We’ll update you once we learn more.

Law enforcement websites and Internet services, including those used by the Boston Police Department came under attack yesterday by members of a hacker group called Anonymous.

In a statement released by the group taking credit for the hack, the group claims “solidarity with occupation movement and anti-police brutality protesters.”

“In solidarity with the Occupation Movement and the International Day of Action Against Police Brutality, [we] aim at the corrupt bootboys of the 1 pecent: the police,” the statement read.

The group claimed that it “hacked, defaced, and destroyed several law enforcement targets, leaking over 600MB of private information including internal documents, membership rosters, addresses, passwords, social security numbers, and other confidential data.” It also claimed to take down at least 40 police-related websites.

The group attacked multiple Boston police websites. Most notable, Anonymous hacked the Boston Police Patrolmen’s Association website and its web-based email portal, posting the names, email addresses, and email passwords of nearly 1,000 Boston police officers on the Internet for all to see.

In the statement, Anonymous said it attacked BPD sites in response to “the unprovoked mass arrests and brutality experienced by those at Occupy Boston.”

“Let this be a warning to BPD and police everywhere: future acts of aggression against our movements will be met with a vengeance so epic and relentless that your children’s children will puke at the sight of swine,” the statement read.

The International Association of Chief of Police website, IACP.org was targeted. The website was down and unreachable early this morning.

Anonymous also took aim at MatrixGroup.net, the website of Matrix Group International, which Internet services for government agencies. The Matrix website would also not load at press time.

In perhaps the most serious security breach, Anonymous hacked Birmingham / Jefferson County, Ala. police websites, releasing the names, addresses, and social security numbers of nearly 1,000 police officers.

InMotion, in an email to users, said Sunday that the homepage defacement attack launched by the southeast Asian hacker TiGER-M@TE was not meant to do permanent or catestrophic damage to the hundreds of thousands of websites that were hit.

“We understand the method the attacker used to accomplished this and the main exploit path was through an internal management server that can control Cpanel on other servers. The management server was used to change passwords on the Cpanel servers then login with those passwords,” said Todd Robinson, president of the hosting company.

The defacement attacked worked by replacing index files in all public_html directories with the attacker’s own branded index.php. InMotion does not believe that any data was stolen or that any passwords were compromised.

“It does not appear that gaining passwords was a goal or was accomplished, just password changes were used. Access to the management server was gained from an exploited customer’s server that was within our network,” Robinson said. “Though our team moved quickly to disable the internal management server and limit the exposure of the servers to this attack when it began, it
was a very serious breach and could have been much worse if the hacker had intended to do more harm.”

This does fit the modus operandi of TiGER-M@TE, who often claims to hack for fun or just to prove that “it can be done.”

Blast Magazine’s network of websites were defaced during the attack on InMotion, as was the offical City of Providence website.

InMotion took responsibility for failing to prevent the damage. Some estimates have the attack hitting more than 500,000 websites, making it historic in its proportions if not in its level of damage.

“Please accept our apologies as we go through this process,” Robinson said. “We are very aware of our failure in this situation and we will provide more details when we have completed the work of recovery.”

For several hours Sunday morning, Blast Magazine and many other websites in the InMotion Hosting network were attacked by a hacker called TiGER-M@TE.

InMotion, where Blast hosts one of its servers, acknowledged the breach.

“At around 4 a.m. EST, our system administration team identified a website defacement attack affecting a large number of customers. We are still investigating, but it appears that files named index.php have been defaced. We are evaluating how this has occurred and our security team will have more information shortly,” InMotion said in a statement. “While we review this issue, cPanel and SSH access has been disabled on various platforms. For additional security, we are rotating passwords on a number of accounts.”

It is unclear how many sites were hit, but it is likely hundreds, if not thousands.

This morning, the Blast homepage was briefly replaced by a black background with the red letters “Hacked” (See photo below) and all of our blogs and articles were unreachable.

This appears to be the same hacker who successfully attacked Google previously. The Hacker News interviewed TiGER-M@TE, who claimed to be hacking since 2007, working alone, and only using private exploits and zero-day attacks.

In an online posting, TiGER-M@TE claimed responsibility for launching the homepage defacement attack.

“While we can respect TiGER-M@TE’s abilities, we are disappointed that our websites were hit,” said Blast Magazine editor-in-chief John M. Guilfoil. “What truly concerns me, however, is that InMotion Hosting appeared woefully unable to prevent or defend against this kind of attack, even though homepage defacements have been going on seemingly forever. We will consult with InMotion on Monday and plan to press the company to be more proactive in its security if InMotion values its customers.”

A Cambridge man was charged today with computer intrusion, fraud and data theft after he allegedly hacked into the Massachusetts Institute of Technology’s network to access protected JSTOR files.

Aaron Swartz, 24, was a fellow at Harvard University’s Edmond J. Safra Center for Ethics, according to the Boston Globe, and could have accessed JSTOR legally for legitimate research.

Swartz allegedly broke into a restricted computer wiring closet in a basement at MIT and to access MIT’s network from a computer switch in the closet between September 24, 2010, and January 6, 2011.

He used this access to get files from JSTOR, a non-profit organization that compiles academic articles for research purposes, and download them to his computer. Swartz is charged with distributing these articles on various file sharing websites.

“Stealing is stealing whether you use a computer command or a crowbar, and whether you take documents, data or dollars,” said United States District Attorney Carmen M. Ortiz. “It is equally harmful to the victim whether you sell what you have stolen or give it away.”

Swartz faces up to 35 years in prison and a fine of up to $1 million under the charges brought against him.

The indictment claims that Swartz stole over four million articles from JSTOR. The quantity of downloads affected JSTOR’s computers, crashed some of its servers and blocked some of MIT’s computers from accessing the site.

Despite efforts from both the university and JSTOR to block Swartz’s computers, he apparently prevailed and found new ways into the systems.

“The New England Electronic Crimes Task Force has taken an aggressive stance in the investigation of computer intrusions and other cybercrimes,” said Steven D. Ricciardi, Special Agent in Charge of the United States Secret Service in New England. “Through this task force, the Secret Service and our partners on the Cambridge and MIT Police Departments demonstrate the importance of cooperation among law enforcement to focus resources and respond effectively to investigate and prevent this type of fraud.”

Swartz has previously advocated the elimination of barriers to distribution of information online, and for public distribution of information in libraries. He is a co-founder of reddit.com and the founder of Demand Progress, a non-profit political action group that opposes the “corrupting influence on big institutions.”

So far, the government is not aware of any personal information being stolen from JSTOR.

The PlayStation Network has been back up for over a month now, but that hasn’t done much to ease people’s fears about their personal data getting stolen in another crippling attack — so much so that sales of prepaid cards for the service are reportedly up.

Well, at least that’s what Capcom Europe head David Reeves says . “We have seen on PSN, and probably Sony are in a better place to tell you this, that there is a resurgence in people buying the generic PSN cards in retail stores rather than putting up their credit card details,” said Reeves.”People are playing it a bit safe at the moment because the hackers will be back [laughs], that’s my personal opinion. I mean … they will right?”

So have you stopped using your credit card on PSN?

Sega sent out an e-mail this morning to users of its Sega-Pass service informing them that an “unauthorized entry” had been detected in the system and as a result, was taking the service offline. The good news? According to the publisher, all payment issue is stored on a separate server, so no payment information was stolen.

“We have identified that a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained,” the email warns. “To stress, none of the passwords obtained were stored in plain text,”

Sadly, stories of video game companies getting hacked are all too familiar this year. Starting with the massive hack that took down Sony’s PlayStation Network, a number of high profile companies have been the victims of hacks  including Bioware and Nintendo.

Square Enix, the publisher behind games like Chrono Trigger and the Final Fantasy series has confirmed that they have been the victims of a hack — one that resulted in over 25,000 e-mail addresses and 350 resumes being compromised.

“Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites,” said a Square Enix representative. Reportedly the hack was focused on sites for fan favorite series Dues Ex.

“We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again. We take the security of our websites extremely seriously and employ strict measures, which we test regularly, to guard against this sort of incident.”

The infamous Hacker group known as Anonymous has been linked to the attack.

The New York State Attorney General  Eric Schneiderman has reportedly subpoenaed Sony regarding the highly public hack that has left the PlayStation network inoperable since mid April Bloomberg reports.

Bloomberg reports that the Attorney General is specifically looking into what Sony told consumers about the security of their network following the breach.

Stick with Blast for more on this, and all of your up to the minute PSN breach news.

Since Kinect’s launch a few months ago, gamers have been able to train virtual animals, play sports, race cars…and…play sports with the motion sensing camera, but the question remains, can the blasted thing do shooters?

Youtube user Demize2000 sure seems to think so. He posted the below video of his  hack, which allows him to play Call of Duty: 4 Modern Warfare with Kinect. Well, sort of. You see, most of the actual gaming is done with the Wii-mote, but Kinect is used to “lean, duck, pick up, reload and stab realistically.” The video is perhaps most interesting as it’ll show just how developers could use Kinect to enhance traditional controller play.

So Kinect has been out for just over a month now, and we reviewed it, giving it a solid B. What’s most interesting though is what some have been able to do with it when they get under the hood. From Mario controllers to man boob generators, these are our favorite Kinect mods we’ve seen so far.

5. Kinect as a way to play Mario

Gaming’s newest technology mixed with one of its oldest games. The developer reworked Kinect to work with an NES emulator to control the original Super Mario Bros impressively.  It looks like a pain to run in place to move, but a definitely interesting idea.

4. Kinect controls Windows 7

Okay, so the video of this hack is really cheesy, but the tech behind it is pretty damn cool. Being able to control and explore Microsoft’s maps applications with your own movement is inarguably cool, and it adds the ability to perform simple tasks without the need of a mouse or touch screen.

3.  Kinect as an interactive shadow puppet

This could be the most technically impressive Kinect hack of the bunch. All you have to do is create a simple shadow puppet form with your hand and Kinect will turn it into a fully interactive animal for you to control on your wall. There may be a slight delay in a few of the movements, but it’s a mostly impressive application.

2. Drawing in 3D with Kinect

If the technology in this Kinect hack could be opened up to media editing, it could create a world of  new possibilities for companies like Kodak who allow users to edit their pictures online.

1. Kinect gives you a light saber

Come on. How awesome is that?!

Software claims to be able to decrypt BitLocker To Go flash drives in less than 20 minutes.

But this isn’t exactly a kid in his mother’s basement. The program is from Passware Inc., which develops password recovery, decryption and cyber forensics solutions to corporations, law enforcement agencies, and the government. They showed their talents this week at the 2010 International Training Conference by High Technology Crime Investigation Association in Atlanta.

Their product, Passware Kit Forensic 10.1 that allows for cracking of BitLocker To Go USB Disks. Passware’s BitLocker decryption capabilities, first introduced in November 2009, support all types of hard disk images, including raw image files, images created with Guidance EnCase or any other forensic tool.

“This enhanced solution for computer forensics allows the entire memory capture and decryption process to take no more than 40 minutes regardless of the complexity of the password,” said Dmitry Sumin, president of Passware, Inc.

This new ability includes live target memory acquisition and BitLocker encryption key recovery that allows computer forensics to gain easily full access to the contents of the encrypted USB disk. Passware Kit Forensic now also supports BitLocker To Go images saved as Virtual Hard Disks (VHD) — a format that allows attaching BitLocker hard disks in Windows 7 and Server 2008 without using any third-party disk mounting tools.

You can get your hands on Passware Kit 10.1 for about $800.

BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Windows Vista and 7, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. By default it uses the AES encryption algorithm in CBC mode with a 128 bit key, combined with the Elephant diffuser for additional disk encryption specific security not provided by AES.

A former prison inmate at Plymouth County Correctional Facility pleaded guilty to the federal crime of damaging the prison’s computer systems.

Acting US Attorney Michael K. Loucks and Warren T. Bamford, Special Agent in Charge of the Federal Bureau of Investigation-Boston Field Division announced September 15 that Francis G. Janosko, 43 pleaded guilty to one count of intentional damage to a protected computer in Federal District Court in Boston.

During 2006 and 2007 While an Inmate at Plymouth, Janosko hacked a computer provided to inmates for legal research. The computer had restrictions disallowing use of email or Internet and various other functionality. Janosko was also able to gain access to a file containing names, addresses and social security of around 1,000 current and former employees of Plymouth County Correctional Facility. Janosko also attempted, albeit unsuccessfully to access a vital prison management software.

Janosko had been released from Plymouth County Correctional for some time but has been incarcerated since his apprehension in November 2008. The FBI and the Plymouth County Sheriff’s Office investigated this case. Assistant US Attorney Scott L. Garland of Michael K. Loucks’s Computer Crime Unit is prosecuting the case.

Judge O’Toole set the sentencing date for December 15. Under the terms set forth in a plea bargain Janosko faces 18 months in prison.

In a report outlining the updated priorities of US intelligence, China and Russia were placed alongside Iran and North Korea on a list of nations that challenge US interests at home and abroad, the French press agency AFP reports.

China was added, amongst other things, for “increasing natural resource-focused diplomacy and military modernization,” while Russia was singed out because, despite a growing partnership with the US on fighting things like nuclear terrorism, “it may continue to seek avenues for reasserting power and influence in ways that complicate US interests,” according to the AFP.

The National Intelligence Strategy (NIS), a report released every four years, calls China and Russia “aggressive” in the cyberworld and while the NIS did not explicitly name either countries as a cyber threat, it did outline cause for concern.

“At the tactical level, they are intent on penetrating our critical infrastructure, information systems, and leading industries,” it said, AFP reports. The report went on to recommend the US employ tactical strategies “across the cyber domain to protect critical infrastructure.”

The report also lists Iran and North Korea, unsurprisingly, as parts of its main opposition. It stressed the possibility of further partnerships with China and Russia to help strengthen relationships, however saw no hope of immediate reconciliation with either countries.

“Iran poses an array of challenges to US security objectives in the Middle East and beyond because of its nuclear and missile programs, support of terrorism, and provision of lethal aid to US and coalition adversaries…North Korea continues to threaten peace and security in East Asia because of its sustained pursuit of nuclear and ballistic missile capabilities, its transfer of these capabilities to third parties, its erratic behavior, and its large conventional military capability.”

Its assessment of Iran and North Korea was much harsher than of its two newcomers.

The report also highlighted Al-Qaeda as a continuing threat to both Americans and American interests at home and abroad and said the US’ main objective for the next four years will be to enhance “cyber security”, combat extreme terrorism and ensure weapons of mass destruction are not created or bought by any opposing nations.

The promotion and spread of democracy was not listed as a main priority.

The bad guys are going virtual more and more, and American businesses and government networks are getting victimized at a record pace, according to an FBI report.

“The increasing number of such crimes not only impacts the economy but threatens national security,” the FBI said Friday.

The man at the head of the opposition is the FBI’s Shawn Henry, recently appointed head of their Cyber Division. He told reporters Wednesday that the FBI has literally thousands of open cyber crime cases.

“One case in point: We joined our international partners yesterday in announcing a major takedown of a transnational criminal network that was buying and selling stolen financial information through an online forum known as ‘Dark Market‘,” the FBI said Friday.

“The business of the United States is done on the Internet,” said Henry, “And the information that flows electronically 24/7 is increasingly the target of not only identity thieves and scammers, but organized crime groups, terrorists, and overseas governments.”

Yes, even other countries are trying to virtually penetrate the U.S. Henry says about 24 different governments have an “aggressive interest” in obtaining information from or making attacks against American cyber infrastructure.

Henry says that individual hackers and crackers have grouped up into “virtual gangs.”

“In years gone by, if a gang wanted to rob a bank, it needed crooks with various skills — safe cracker, get-away driver, look-out, etc. That’s essentially what we’re seeing in the cyber world today, only these virtual gang members have never met in the physical world,” Henry said.

“There are organized groups that are very successful.”

Sony confirmed today via the official PlayStation website that somene may have used a PC to access and expose user data on the popular Playstation Network online system.

In a web posting, Sony warns that some users could be victimized, their personal infomration viewed and games and downloads charged to their credit cards.

“We have investigated the extent of unauthorized access and possible alteration of passwords that could have occurred before corrective measures were taken, and are directly contacting customers who may have been affected by this incident,” Sony said in a statement Thursday. “In order to verify that your account is intact, we strongly suggest that PlayStation Network users sign in to the service. If you can successfully sign in with your pre-set password, your account is not affected by this incident.”

It is important to note that while the Playstation Network does store user credit card information for purchases, this data is not visible to anyone (including the user) after entered.

So, presumably,the hackers can’t use people’s credit cards for anything other than PlayStation Network downloads.

While Sony has said that they will be contacting users effected by the breach directly, they encourage anyone who believes they might be experiencing problems that can not be resolved from the methods listed on the website to e-mail them directly.

Take a seven dollar can of compressed air from any office supply store. Flip it over, and spray its liquid nitrogen on a computer’s DRAM, or digital random access memory. Reboot the computer, or even extract the DRAM chip and clone it, then run a few relatively simple programs. Nothing that would defeat an intermediate level programmer.

It’s that easy to bypass the most popular forms of hard disk encryption software. From Windows Vista, to Mac OSX, to various flavors of Linux, it appears that all major operating systems are highly vulnerable.

Conventional wisdom held that DRAM memory was rapidly volatile, causing all of its information to fade as soon as power to a computer is cut. However, researchers with Princeton’s School of Engineering and Applied Science department have recently proved that false.

By tipping the can of air upside down over a laptop’s DRAM chips, the nitrogen gas freezes the chip within seconds. When it’s frozen, the memory can stay fresh for longer than ten minutes — more than enough time to steal the encryption keys that allow easy access to the hard drive’s data.

In their paper, titled, “Lest We Remember: Cold Boot Attacks on Encryption Keys,” they say, “We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount successful attacks on popular disk encryption systems using no special devices or materials.”

The revelation and airtight research have knocked the computer world for a spin, as laptops containing military information to proprietary corporate research are now wide open.
In their paper, the researchers observe that many computers with inefficient cooling systems do not need the benefit of liquid nitrogen at all. The DRAM stays cool enough on its own to simply reboot the computer with the proper access tools.

The researchers end their abstract by noting, “Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them.”

See also: The New York Times

What appeared to be a legitimate iPhone application, “iPhone firmware 1.1.3 prep,” turned out to be a piece of malicious software intended to ruin functionality on affected phones.

The programmer of this dangerous piece of code was an eleven-year-old boy.

Using the installer.app feature on the iPhone, users can access the diverse world of third-party applications. The malware in question passed itself off an update at www.jmwiki.com for applications including Erica’s Utilities, OpenSSH, Launcher and Doom. After downloading and installing the file via the iPhone’s installer.app, the malware displayed the word, “shoes” and proceeded to remove files critical to iPhone functionality.

Though by malware standards the virus was fairly tame, McAfee Avert Labs blogger Jimmy Shah noted that the piece of software highlights an important security concern with iPhone, one that depends entirely on the vigilance of well-informed users.

McAfee recommends users only acquire software only from trusted sources and install only official firmware updates.

After the child’s ISP was informed of the problem, his father was contacted and the site hosting the malicious application was taken down.

Malicious coders and hackers are constantly finding new ways to circumvent security precautions, and this isn’t likely to change in 2007. While a solid anti-virus program is a good bet, the best way to avoid costly mistakes is to stay tapped into the latest developments in the fast changing computer world, said David Marcus, Senior Research and Communications Manager for McAfee Avert Labs.

Researchers like Marcus, who keep a finger on the pulse of the malware underground, formulate yearly virus trend predictions, with the intent of helping users stay on the up and up. One of the biggest trends Marcus has pinpointed for 2007 is an increase in “zero day” attacks.

A zero day attack, as it’s known in the computer security industry, is an assault on an application possessing a previously unknown vulnerability, which is in turn revealed to the general population before being taken to the application’s vendor.

A good way to think of a zero day day attack is to picture a row of pristine houses with neat little gadgets such as electric garage door openers. If the houses are computers and the garage door openers are the applications, you’re a guy walking down the street with a universal remote who just found out that if you push the power button, some defect in all the garage door openers lets you open every garage on the street due to an unforeseen glitch.

In the computer world, the different terms, ‘vulnerability,’ ‘exploit,’ and ‘virus,’ can get confusing. The difference between each is fairly simple.

Think of a vulnerability as a back door into an application. For example, if there’s an extremely popular music playing program that’s used by a large number of people, but it has a chunk of code that is poorly constructed, it might provide a loophole for the criminally minded. This is a vulnerability.

If the vulnerability is found and brought to the attention of the vendor who created the application, and it is subsequently fixed, the problem never progresses beyond this stage.

However, the internet is no utopia and the business world doesn’t always turn on a dime.

If the vulnerability is never brought to the attention of the application builders, or the builders fail to provide an update fast enough, a malicious programmer can string together a code sequence that allows him to take advantage the loophole. That code sequence, harmless on its own, is known as an exploit.

The final step, the actual virus, is a tightly wrapped program—not much different than a calculator or game program—that delivers the exploit code payload to your computer by attaching itself to the vulnerable application, which allows the coder behind the virus to take advantage of your system in various ways.

Problems for computer security experts can be compounded when malicious programmers start sharing exploit code strings and collaborate on building the actual virus program, a trend that has seen explosive growth in the last few years.

"On the bad guys side of the house, they do certain things very efficiently," said Marcus. "They communicate very effectively. They used to write things for bragging rights, now they’re more apt to collaborate."

In the new year, he expects to see this kind of collaboration grow, which poses difficulties for computer security experts due to the power of numbers. The more people working to perfect a program—malicious or friendly—the stronger the program gets.

A recent vulnerability exposed in the Apple’s QuickTime program illustrates exactly how this concept—from vulnerability to exploit to virus—works. The end product, the new QuickTime virus, represents a hybrid virus style that could take off in 2007.

"The advantage the malware writer has is they can always look for the new vector and always test against antivirus programs," said Marcus. "The Symantecs and the McAfees can’t do that."

In a nutshell, the QuickTime virus is unique because it works on both Windows and Macintosh platforms. Generally a virus attacks one or the other due to fundamental differences between Windows and Macintosh operating systems, with an overwhelming majority targeted at Windows due to its reputation for leaky code, easy exploitability, and overwhelming market dominance.

Though Apple has an industry reputation for being a low-virus system, the QuickTime virus can take advantage of a Macintosh as easily as it does Windows. That dual capability set off alarm bells in December 2006 and on into 2007, said Marcus.

With the new Intel chips in Apple computers, allowing Macintosh operating systems to run Windows applications at native speeds, this kind of dual operability virus could see cross platform growth as well in the new year.

As 2007 marches on there’s no hard and fast rule for avoiding viruses, said Marcus. The biggest problem will continue to be the zero day vulnerabilities, and a mushrooming cloud of spam is expected to reach epidemic proportions in 2007 according to a wide range of experts, which may very well pose additional difficulties to all who love, or loathe, the Internet.