Did The St. Louis Cardinals Hack Into Another Team’s Database?

Get A Brain! Morans - Did St. Louis Hack the Astro's databaseYour JoeDog roots for the Pittsburgh Pirates. They are a major league baseball team in the same division as the St. Louis Cardinals. On June 16, the New York Times broke a bombshell story about the Cardinals. They were under investigation by the FBI for breaking into a Houston Astros database.

That seems like an odd choice, right? At the time of the 2013 breach, the Astros weren’t particularly good. They weren’t even in the same division as the Cardinals. Yet they did have something with which St. Louis was familiar, a General Manager named Jeff Luhnow. He worked with the Cardinals before he was hired by Houston in 2011.

When Luhnow was with the Cardinals, he built a computer system known as Redbird. It was a large database filled with scouting information and player analysis. In Houston, he built a similar system called Ground Control. It was basically Redbird under a different name. So St. Louis was familiar with the system but by 2013 they didn’t have Luhnow’s updated information. Did they breach Houston’s computers in order to obtain it? The FBI thinks that’s possible.

One of FBI’s supoenas sought information on the IP addresses from which the attackers logged into Ground Control. It is believed those addresses point directly to the Cardinals or Cardinals’ personnel. The breach itself wasn’t particularly sophisticated. The attacker just stone cold logged in with a password. Again, this takes us back to St. Louis.

Remember, Luhnow used to work with the Cardinals. He brought several Cardinals’ employees with him to Houston. There’s a pretty good chance they had dormant accounts back in St. Louis. Those accounts had login credentials. If any of those former Cardinals employees reused their credentials in Houston, St. Louis had everything it needed to break in.

In the worst case for computer security, St. Louis stored its passwords in the clear (or an employee left a sticky note on his desk). With this information, all they needed to do was log in. If passwords were stored in a secure hash, then St. Louis could have downloaded a password cracker like John The Ripper to get the goods.

This goes beyond anything Tom Brady did. This is no Deflategate. If the accusations hold, then people in St. Louis committed wire fraud, computer hacking, corporate espionage and theft of trade secrets. Those crimes are punishable with incarceration. The guilty won’t find a low level equipment manager to take the fall for this one. The stakes are way too high for that.



US Government: We Suck At Security; Trust Us With Your Records

navalwarcollegehackers_168457_372093-300x193Your JoeDog is not one of those knee-jerk anti-gub’mint guys but god damn sometimes they test his patience.

By now you’ve heard of that database breach in which the Chinese allegedly stole the personal information of approximately 4 million government employees. About half of those records represent current employees, the rest are for previous workers. According to an unnamed US “official,” the data goes back to 1985.

CNN interviewed “experts” who told the network that the Chinese appear to be building a large database of Federal employees which will help them model the organization and setup insider attacks.

One-third of Your JoeDog’s visitors are from China and we’re starting to feel like an abused spouse. We give you free software and you break down the door and steal our records. Thanks, China. Thanks, a lot.

But here’s the real kick in the ass: US government officials cite this breach as a reason to pass a host of legislature which will, among other things, put more personal information into the hands of government. Information-sharing clauses in these bills will essentially channel more personal data from businesses to the Federal government. That makes Your JoeDog’s head explode. The government is essentially saying, “We can’t secure our own records so give us more records.”

The chairpersons of the select committee on cybersecurity have their hair on fire. They predict dire consequences if we don’t grant them more personal data: “Business and industry leaders warned us of the growing threats during various hearings, and this attack shows why the Senate needs to move quickly on a cyber bill.”

The shittier a bill is the quicker is must be passed, people. Don’t worry your pretty little heads about its contents.

Funny thing: Newton’s Third Law applies to politics as well as physics. For every asshole, there’s an equal and opposite anti-asshole. Are you from Oregon, Dear Reader? Then pat yourself on the back because your senator is our anti-asshole.

I believe sharing information about cyber-threats is a worthy goal, it is unlikely that information sharing by private companies would have made any significant difference in protecting federal employee data. That’s why cybersecurity experts say that passing a bill like this will do little to reduce security breaches.

“This is a bad excuse to try and pass a bad bill.”

Amen, Senator Anti-asshole. Amen.



Ransomware Creator: Sorry About That

By now you’ve probably heard of ransomware. It’s a form of malware that encrypts your files and demands a payment for the decryption keys. The whole concept of ransomware says a lot about humans, huh? It says we’re quite clever but we’re also basically dicks.

Last week a new strain of human dickishness was unleashed on an unsuspecting public. Locker is a form of ransomware known as a sleeper. That’s a variant that lies dormant until the administrator wakes it up. Last week the alarm rang. The program rolled out of bed and encrypted files on thousands of PCs.

Now this week an internet user who claims to be the author apologized for that whole making-your-life-suck thing. To prove his sincerity, he released this statement on PasteBin:

I am the author of the Locker ransomware and I’m very sorry about that has happened. It was never my intention to release this.

I uploaded the database to mega.co.nz containing ‘bitcoin address, public key, private key’ as CSV. This is a dump of the complete database and most of the keys weren’t even used. All distribution of new keys has been stopped.

He went on to say that automatic decryption will begin today. If your files are already borked by this program, then I suppose you don’t have much choice but to trust the author. Try to decrypt the files with the keys he provided. If that fails, make sure your computer is connected to the internet so you can receive the task signal.



Al Qaeda’s Porn

al qaeda steganographyIn 2011, an al Qaeda operative named Maksud Lodin was arrested in Berlin. Among his possessions was a memory card that contained, among other things, a porn video called KickAss. While that may have raised eyebrows — “a religious holy warrior is carrying beat-off material?” — it wasn’t what authorities were after. To them the “good stuff” is actionable intelligence. According to die Zeit, they found it. Federal police recovered al Qaeda documents that were hidden on the card. Where? The were embedded in the film.

In total, the Germans recovered 141 separate text documents hidden within a .mov file. The discovery confirmed a long-standing hunch that al Qaeda used steganography to hide its information in plain sight. The public was outraged and horrified. “OMG! Al Qaeda is embedding shit inside our porn!!11!1!!”

Your JoeDog was reminded of al Qaeda’s porn when he stumbled across timeshifter. It’s a small utility that lets you to embed messages in regular network traffic. How does it work? By modifying the time intervals between packets, @anfractuosus is able to hide messages in plain site. The system relies on binary encoding. A short delay means 0 and a long delay means 1. By sending messages in this manner, the transmission is unlikely to arouse suspicion.

To implement this system, you’ll need the libnetfilter_queue library and the ability to set iptables rules. All the code is available along with detailed instructions. Check it out.

[anfractuosity: Timeshifter]



The Security State

Shopping tripSo imagine — because why the hell not — you returned to your vehicle after a concert in Washington D.C. Police are everywhere. Your windows are bashed in and your new cookware is exploded into little tiny pieces. That would be odd, huh? Well, that’s what happened to an Alexandria man this week. He returned to his car and found his shit was destroyed by local law enforcement.

Huh?

Your JoeDog read many accounts of this incident. As best as he can tell this is what happened: Around 5:00 p.m. on Sunday, officers on foot noticed a vehicle that they characterized as “suspicious in nature.” It was parked along a public street. What made it suspicious? The vehicle contained a pressure cooker and other “items of concern.”

What’s not clear is how those items were stored. Were they in bags or out in the open? Was this the result of a shopping trip or something more nefarious? The investigation continued and officers became more suspicious. An “odor of gasoline was detected.” Interesting. A vehicle with an internal combustion engine omitted an odor of gasoline. So then what happened?

The bomb squad arrived and police broke into the vehicle and blew up all the shit inside. Catastrophe averted! The country remains safe and sound. So what did they protect us from? After destroying everything in the car, police conducted a thorough investigation to determine exactly what they saved us from. They conducted  thorough “hand search” of the vehicle and concluded their investigation “with negative results and nothing hazardous found.”

In other words, they saved us from a shopping trip.



Nice Computer – Shame If Something Happened To It

LabMD is a cancer testing center in Atlanta, GA.  In 2010, someone compromised its security and pulled its medical records. Soon after the break-in, LabMD was contacted by Tiversa, a cyber security firm who offered to sell them emergency incident response services. LabMD refused. Tiversa told the firm they’d notify the FTC unless the company hired its services. Again, LabMD refused.

Tiversa made good on its promise and contacted the FTC. The government agency pursued the measure to its fullest. LabMd was sucked into a lengthy legal battle which eventually bankrupted the company. There’s just one problem with this story: the hack never happened.  Tiversa made the whole thing up….



Cyber Threats Against Surgical Robots

Robot Surgeon

Things that would suck for one thousand, please, Alex.

Imagine — and why the hell not? — that you need an emergency appendectomy. Yours is about to explode because why-do-we-even-have-those-things? You are rushed into the operating room and placed on a table beneath a curious apparatus. “Get me a nerd, stat!” Somebody shouts.

A man in surgical clothing greets you. “Relax,” he says. “I’ve done a million of these.” He pushes a button and mask drops and smothers your face. The man’s credentials don’t match what your parents expected from their emergency room staff. The “doctor” is a computer operator, a Microsoft Certified Surgeon from ITT Tech. Your procedure begins when he selects “Appendectomy” from a drop-down menu. It is performed by a robot that immediately goes to work, carving into your body in search of an inflamed appendix.

Suddenly the robot orders silicon. Unexpected noises fill the room as the augmentation unit fires up. “WTF?” the operator types into his IRC session. “This thing’s going haywire.” Everyone in the channel responds in a similar manner: “LOL!” they type back. “This is serious shit!!!1!1!”, he anger-types. “ROTFLMAO!” they reply.

The robotic knives withdraw from your abdomen. The apparatus glides on tracks as it works its way towards your chest. It starts to make cuts around your nipples. The operator is agog; his jaw drops and he’s unsure what to do. The augmentation unit descends and attaches to your chest. Silicon starts flowing. The operator starts smashing his keyboard. “Why does this shit always happen on a Friday afternoon??!!” he screams. “LOL!” the IRC channel says.

So what happened? The hospital didn’t keep its goddam software up-to-date. The surgical robot was hacked. And now you have lady tits because 4Chan was in need of some afternoon LOLz.

Sound far-fetched? A team of researchers at the University of Washington in Seattle just hijacked a teleoperated surgical robot and documented its security vulnerabilities in a new white paper. Great! As if surgery wasn’t stressing enough, here’s one more thing to think about.

At least the guys at 4Chan gave you big ones. (They’re a little obsessed with breasts over there…)



HTTPS Happy Nice Time

As you may have noticed, here at JoeDog Enterprises Incorporated Ltd ESQ Inc., we switched from http to https last weekend. Exciting!

We warned you that such a move could be accompanied by unintended consequences. But keep in mind, not all side effects are bad. Just like painkillers can provide a little glow along with relief, some changes can provide unintentional benefits. Here’s the story of one of them.

This morning we noticed skiddie activity. That’s not unusual. Every morning we notice skiddie activity. Some asshole from 192.210.220.2  in Williamsville, NY is running an attack right now. Our http logs are filling with this activity:

192.210.220.2 - - [20/Apr/2015:08:32:35 -0400] "POST /xmlrpc.php HTTP/1.1" 
302 213 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"

See that 302? That means our http virtual host is issuing a redirect to https. Here’s the thing: He doesn’t appear in the https logs. That means his stupid skiddie script is too dumb to follow the redirect. For the past hour he’s done nothing but causing meaningless redirects …

… and now he’s blocked.

UPDATE: Those 302s are now 301s as per Tim Funk’s recommendation. If skiddie can’t follow 302, he can’t follow 301 either….

UPDATE: That’s weird. My linky text is recommendation — as in “Tim Funk’s recommendation” — but magic is turning it into “Tim Funk’s 1 comment.”



Which Side Are You On?

During the First World War, the Ottoman government systematically killed 1.5 million Armenians. If you ever want to anger a large number of Turkish people, refer to that event as “genocide.”

On Sunday, New Pope did exactly that.

“In the past century, our human family has lived through three massive and unprecedented tragedies,” the Pope said at a mass to commemorate the 100th anniversary of the Armenian massacres. “The first, which is widely considered ‘the first genocide of the 20th century,’ struck your own Armenian people.”

It was a sentiment that didn’t sit well with a Turkish “hacker” known on twitter as @THTHerakles. On Monday, he brought down New Pope’s website. Writing in first person plural, he explained that it will remain down until New Pope appologizes.

“Taking sides and calling what happened with the Armenians genocide is not true. We want Pope to apologise for his words or we will make sure the website remains offline,” he said.

I suppose there are two sides to every issue — even genocide. The pope’s against it. Which side are you on, @THTHerakles?

As of this writing, the Pope’s website remains unreachable.

UPDATE: As of 10:38 EDT, New Pope is back online. It looks like he scaled vertically. There are now four A records for www.vatican.va. On each he has an apache server which is forwarding requests back to Oracle iPlanet. It’s just like New Pope to straddle the worlds of open source and corporate opulence.



The Number of the Beast

sixOn April 24, 1980 the Maragos Brothers, Peter and Jack, walked into a Philadelphia bar with a platinum-blonde and a fistful of dollars. While Peter wagered large sums of money on the Pennsylvania lottery, Jack spoke loudly in a foreign  language on a pay phone near the bar. At one point, he turned the phone toward his brother so it could capture the sound of the lottery machine as it printed daily number tickets.

This struck the bartender as odd.

That night Nick Perry was working the Pennsylvania lottery as an on-camera announcer. The first drawing was the daily number. “Six,”  Perry said as a ball was selected on the first machine. And now the second  number: “Six,” he said. Finally the third number matched the other two. Six-six-six was one of the numbers the Maragos Brothers wagered a lot of money on.

Nick Perry was born Nicholas Pericles Katsafanas, a son of Greek immigrants. He spoke the language fluently. So did Jack Maragos. It was the language he used on the pay phone in that Philadelphia bar. The bartender started to put two-and-two together and alerted authorities. Nick Perry and the Maragos brothers had rigged the Pennsylvania lottery.

Perry enlisted the help of WTAE art director Joseph Bock who created weighted ping-pong balls to use in the drawing. Bock weighted all the balls except four and six. In Philadelphia, the Maragos Brothers bet every combination of those numbers: 444, 446, 464, 466, 644, 646, 664, and 666. It was the devil’s own number that delivered that day.

Now Eddie Raymond Tipton appears to be walking in Nick Perry’s footsteps. The former information-security director of the Multi-State Lottery Association is accused of tampering with the lottery. As a condition of employment, Tipton was not allowed to play the lottery but on Dec. 23, 2010 he appears to have done exactly that. Tipton was filmed buying a ticket at a QuikTrip convenience store. That night, his number hit. The ticket was suddenly worth $14.3 million dollars.

Iowa authorities accused Tipton of using his privileged position to tamper with the machine. According to them, he inserted a thumb drive with altered the random number generator and allowed him to control the outcome. Good stuff.

His trial is now under way….