Interview With A Convicted Hacker: Robert Moore Tells How He Broke Into Routers And Stole VoIP Services


Convicted hacker Robert Moore, who is set to go to federal prison this
week, says breaking into 15 telecommunications companies and hundreds
of businesses worldwide was incredibly easy because simple IT mistakes
left gaping technical holes.

Moore, 23, of Spokane, Wash., pleaded guilty to conspiracy to
commit computer fraud and is slated to begin his two-year sentence on
Thursday for his part in a scheme to steal voice over IP services
and sell them through a separate company. While prosecutors call
co-conspirator Edwin Pena the mastermind of the operation, Moore acted
as the hacker, admittedly scanning and breaking into telecom companies
and other corporations around the world.

“It's so easy. It's so easy a caveman can do it,” Moore told InformationWeek, laughing. “When you've got that many computers at your fingertips, you'd be surprised how many are insecure.”

Ha… these Cavemen folks are getting a bad rap these days.

Moore said what made the hacking job so easy was that 70% of all the
companies he scanned were insecure, and 45% to 50% of VoIP providers
were insecure. The biggest insecurity? Default passwords.

“I'd say 85% of them were misconfigured routers. They had the default
passwords on them,” said Moore. “You would not believe the number of
routers that had 'admin' or 'Cisco0' as passwords on them. We could get
full access to a Cisco box with enabled access so you can do whatever you want to the box. …
We also targeted Mera, a Web-based switch. It turns any computer
basically into a switch so you could do the calls through it. We found
the default password for it. We would take that and I'd write a scanner
for Mera boxes and we'd run the password against it to try to log in,
and basically we could get in almost every time. Then we'd have all
sorts of information, basically the whole database, right at our
fingertips.”

Yup, I agree.  A caveman could do that. Read the full article at Information Week.


Advertisements

iPhone 1.1.1 to 1.0.2 downgrade instructions released!

Well would you look at that, instructions are now available for
downgrading your iPhone from 1.1.1 to 1.0.2. It won't downgrade your
baseband, meaning so far you can't re-unlock an iPhone that's been
1.1.1-ified, but it's still 1.0.2 in all its third-party application
glory. The iPhone Dev Team folks are working on a way to downgrade the
new firmware to let people unlock their phones again, but for now
AT&T users sitting pretty, and non-AT&T folks can at least do
the WiFi thing. There's a video tutorial after the break.

Read – iPhone Dev Wiki instructions
Read – Hackint0sh thread where the magic happened

From Engadget.

Pirate Bay finds gold in MediaDefender emails

Thanks to the email-leakage from MediaDefender-Defenders we now have
proof of the things we've been suspecting for a long time; the big
record and movie labels are paying professional hackers, saboteurs and
ddosers to destroy our trackers.

While browsing through the email we identified the companies that
are also active in Sweden and we have tonight reported these incidents
to the police. The charges are infrastructural sabotage, denial of
service attacks, hacking and spamming, all of these on a commercial
level.

The companies that are being reported are the following:

  • Twentieth Century Fox, Sweden AB
  • Emi Music Sweden AB
  • Universal Music Group Sweden AB
  • Universal Pictures Nordic AB
  • Paramount Home Entertainment (Sweden) AB
  • Atari Nordic AB
  • Activision Nordic Filial Till Activision (Uk) Ltd
  • Ubisoft Sweden AB
  • Sony Bmg Music Entertainment (Sweden) AB
  • Sony Pictures Home Entertainment Nordic AB

Stay tuned for updates.

Original Post.

MediaDefender-Defenders!

The whole mail database was converted to HTML by Forrest F. (JRWR), and is hosted by the nicest guy on the planet.

Do
note that this is not the official MediaDefender-Defenders website,
just a browseable copy of the e-mail leak that snowballed. We're also
not the guys that acquired these e-mails, we just nabbed them off of
BitTorrent and converted them.

We got pulled offline by No-ip.com, who seemed to take offense and took jrwr.hopto.org offline. You can now find us here at mediadefender-defenders.com.
However, as the world really should learn – whenever you take one site down, twelve new ones will spring online.

Update: We moved to the domain which.. one of the IRC guys got, and recieved our first C&D letter. More soon.

Feel free to come meet us at #MediaDefender-Defenders @ EFNet, and some new site features will be coming shortly.

I'm not sure why I find all this so entertaining, but I do. Go read some emails:

MediaDefender Damage Control: Cease and Desist!

After the big leak of last week, today mediadefender is desperately trying to establish some
level of damage control. This morning we received an email from their lawyers
stating that the domain registrar should hand over our personal information. So here is an open letter to MediaDefender.

Dearest little asstunnels,

Let me start of by thanking you for your pittyfull attempt to have your
emails removed from the entire internet (the thing that says www.).
In no way we feel obligated to fulfill your request, as a matter of
fact any organisation that tries to harm this site and the bittorrent
user in general can expect nothing more from us but a big fuck you!

In case you havent noticed, this site is located in europe (I hope you
can point it out on a map) were your stupid copyright claims have no
base. But fair is fair you guys did suffer over the past week so here's
bit of advice to you guys:

The the full email sent by Markus at Meganova.  It gets rather colorful.

MediaDefender Internal Emails Go Public

Unfortunately for Media Defender – a company dedicated to mitigating
the effects of internet leaks – they can do nothing about being the
subject of the biggest BitTorrent leak of all time. Over 700mb of their
own internal emails, dating back over 6 months have been leaked to the
internet in what will be a devastating blow to the company. Many are
very recent, having September 2007 dates and the majority involve the
most senior people in the company. Apparently this is not the first
time that a MediaDefender email leaked onto the Internet.

According to the .nfo file posted with the Mbox file the emails were
obtained by a group called “MediaDefender-Defenders”. It states: “By
releasing these emails we hope to secure the privacy and personal
integrity of all peer-to-peer users. The emails contains information
about the various tactics and technical solutions for tracking p2p
users, and disrupt p2p services,” and “A special thanks to Jay Maris,
for circumventing there entire email-security by forwarding all your
emails to your gmail account”

Note: The mbox
formatted file is circulating publicly on BitTorrent, completely
unedited. However, for publication here we have removed the username
and password logins for Media Defender’s servers, and replaced them
with asterisks and avoided publishing emails of a personal nature, e.g
pay negotiations etc. We believe that the emails are the real deal and
all the info posted here serves the public interest.

Read the whole post on TorrentFreak.

How to Download iTunes Store Previews and Use Them As Ringtones – UPDATED AND WORKING

Ok, so we know how to use your own ripped CD’s as ringtones on your iPhone but here is an updated way to download and use iTS previews with your iPhone – AKA FREE RINGTONES of your favorite songs.

Now, this isn’t for the feint of heart. It requires command-line access and Perl and only works on OS X.

Go on over to UNEASYsilence to get the instructions.