The Edge of I-Hacked

February 24th, 2009. Kansas City, MO – The Cowtown Computer Congress (CCCKC) is happy to announce the opening of their Underground Lab to the public with a full week of events Beginning on March 2nd, the grand opening showcase the rich and vibrant community of creative minds in the Kansas City area. CCCKC, the first organization of its kind in the midwest, will serve the community by providing technology classes, donating unique projects to local organizations and technology assistance to those in need.

The week will kick off on Monday, March 2nd with an open house for individuals and organizations who are interested in learning more about the organization and how they can take advantage the Underground Lab for meetings, classes and other activities.

The creative talents of CCCKC members will be showcased on Wednesday March, 4th. The member project showcase will be followed by a screening of Make:TV, a public television series which will be shown for the first time in the Kansas City area that night. If you’re curious about what CCCKC and the maker culture are all about, this is the night to come be inspired. Projects to be showcased range from alternative methods of energy generation to a labyrinth game which is controlled with the balance board from a Nintendo Wii Fit.

Thursday, March 5th is the regular member meeting where members come together to discuss group projects being developed for donation to local organizations and plan future community service projects like our monthly free computer repair opportunities.

Friday evening will feature a slate of speakers covering topics ranging from improving home security and information management to protecting data from theft while using public wireless internet.

On Saturday the public is invited to take part in a range of free workshops on basic electronics and soldering, e-textiles and Nintendo Wii hacking. All day members will be available to assist members of the public choose, install and configure computers using the free and open source Linux operating system.

About The Cowtown Computer Congress

The Cowtown Computer Congress (CCCKC) is a not for profit technology cooperative founded to advance technology of all kinds. They are a member supported organization providing technology classes, workshops and services to the public free of charge. CCCKC brings together some of the finest minds in midwest to collaborate on research and projects for other local groups. Through their affiliate program, CCCKC gives assistance to specialized technology user groups by providing them with a facility to hold meetings and work on projects of their own.

CCCKC’s Underground Lab is located 85 feet below the surface of the earth at 31st Street and Southwest Trafficway in Kansas City, Missouri.

http://www.cowtowncomputercongress.org

If you are in the Kansas City area and are interested in forensics, I would HIGHLY suggest checking out this new offering from SANS. We dont get any kickbacks for advertising this, but the instructor (Dave Hull) is a good friend of I-Hacked’s and is well known in the forensics world. This would be a great opportunity to either gain new or polish your existing forensics skills!

SANS is bringing Security 508: Computer Forensics, Investigation, and Response to your local community in our popular Mentor hands-on format!
Beginning on May 14, SANS Mentor Dave Hull will be leading this class in Kansas City, Kansas. For complete course details, please click on http://www.sans.org/info/34748.

Why Choose the Mentor Program?
The Mentor Program, http://www.sans.org/info/34753, consists of small, locally run, 10 week classes utilizing the same great SANS courseware presented at the larger conferences. This unique program opens SANS training up to students with family or work commitments necessitating a more flexible option. Mentored students report several major benefits of this format including: cost savings, time to digest the material, convenient evening classes, small groups, a Mentor “coach”, and community networking.

from CNET News

Google is officially denying widespread Internet rumors that its Google Earth software located the mythical sunken city of Atlantis off the coast of Africa. Either that, or Google is totally trying to hide something. Since I always appreciate a nice juicy conspiracy theory, I’m going to go with the latter.

From what it sounds like, a British aeronautical engineer was playing around with the new Google Earth 5.0, which includes undersea data, and noticed something funny off the coast of Africa, about 600 miles west of the Canary Islands, that resembled a pattern of a street grid. According to the U.K.’s Press Association, the pattern of streets equated to an area the size of Wales.

from Creative Freedom Foundation creativefreedom.org.nz
Join The New Zealand Internet Blackout to protest against the Guilt Upon Accusation law ‘Section 92A‘ that calls for internet disconnection based on accusations of copyright infringement without a trial and without any evidence held up to court scrutiny. This is due to come into effect on February 28th unless immediate action is taken by the National Party.

learn more about the song

Join thousands of New Zealanders already against this law by blacking out your Facebook photo, your websites, your Myspace pages, your Twitter account, in protest against this unjust new law that may come into effect on February 28.

Just use this image (Right-click, Save-As) with the text:”(your name) is blacked out: Stand up against “Guilt Upon Accusation” for New Zealand http://creativefreedom.org.nz/blackout.html”

from NetworkWorld.com Community

With only 100 compromised ATM cards thieves were able to grab $9 million bucks from the banking system in a new style of attack. Law enforcement sources told Fox 5 it’s one of the most frightening well-coordinated heists they’ve ever seen. “We’ve seen similar attempts to defraud a bank through ATM machines but not, not anywhere near the scale we have here,” FBI Agent Ross Rice told Fox 5. “We’ve never seen one this well coordinated,” the FBI said.

How did the hackers steal $9 million in one 30-minute time period using only 100 ATM cards you ask? That shouldn’t be possible given the daily limits usually about $500/day placed on all ATM cards. Well it turns out that the hackers applied military like precision to old ATM Scam techniques and added a touch of devious ingenuity to pull this one off. Here is a look at how the theft was perpetrated.

First, the bad guys had to obtain the ATM cards. To accomplish this they hacked into RBS WorldPay and stole at least 100 payroll cards. According to RBS WorldPay, “Payroll cards are used by a growing number of U.S. firms to pay wages to employees. A payroll card is a reloadable stored value card that can be used at any point of sale that accepts credit and debit cards.”

from Deadspin

Never fear America: The FBI is making sure that there will never again be an incident of Super Bowl TV porn. However, all anthrax letters will be delivered as usual.

Don’t tell me that you’ve already forgotten how about 30 seconds of a porn movie made its way onto the Super Bowl broadcast shown to about 80,000 Comcast cable subscribers in the Tucson area. Comcast is saying that it was “a malicious act” perpetrated by an outside party (those terrorist bastards!), and have vowed to catch the culprits.

But so far, the hacker(s) have eluded the net. So in comes the FBI’s renowned TV porn squad.

from gizmodo.com

Southwest this week began testing their own in-flight wi-fi service, based on a satellite connection from Row 44. It’s on one plane now with more coming soon, and right now, it’s free.

Southwest is using a satellite-based system from Row 44, and not the cellular connection used by most other airlines with Aircell’s GoGo service. So if you find yourself on that one and soon to be handful of Row 44-equipped planes, you can surf for free.

From JestinStoffel.com

For any of you who saw the labywiinth at the HacDC party, here is a GREAT post on the difficulties we had getting it to work as well as it did. Make sure you pay attention to the time-stamps in the email. Just FYI the setup at HacDC started at 6pm on Friday. (PLENTY OF TIME!!)

Anyone who has been reading this blog will know that I have been working on a labyrinth game that is controlled by a Nintendo Wii Balance Board. We made a YouTube video that got a few hits when we released it, and it gained some recognition in the hacker/diy community. Fellow member of my local hackerspace, hevnsnt, had inquired about taking the device to the Shmoocon convention in Washington D.C., but ended up deciding to leave it here in Kansas City. Well, the Tuesday before the conference, hevnsnt had a change of heart:

from hevnsnt
to Jestin Stoffel, SomeoneKnows
date Tue, Feb 3, 2009 at 2:35 PM

I am starting to regret our discussion at last thursday’s meeting where I said I didnt want to take the labyrinth to shmoocon (D.C.), and I would like to talk it out with you.

Last night I put out a post on twitter informing that the Shmoocon ATM had been compromised, and everyone who had used it should cancel & reissue their cards. This of course got retweeted a bunch, and then FINALLY some security people started commenting that we should have some evidence before they take action.

So some may have seen the ATMs in the hotel were “tagged” with this prank and thought that THIS was the compromise I was referring to.

Making Faces is illegal.

This was funny, and I have a pretty good idea who put it there. (and really if it was “them” I would think twice of touching that ATM anyways) But it was not a compromise.

@surbo and I were running late to the airport, and the taxi driver wouldnt take a card. Having spent all our cash the night before, we ran over to the ATM located in the main hallway of the Marriott (across from the hotel convenience store) and I tried the ATM. It was acting very odd, it was taking about 5 minutes to change screens, and it was NOT TAKING MY PIN on my card, and occasionally told me that it could not read the card. I got a very bad feeling, but I was in a hurry, so I tried another card. Same story — acting weird not taking my pin. I asked Surbo to give it a go, and this time it took his pin, but it was still acting weird.

Surbo then did something that made us both say “F&^K”. He pulled the facepanel down off the ATM exposing the internal computer and authentication “dialer”, someone had either picked or left the panel unlocked. (the safe panel ($$$$) remained locked). The electronics that control the authorization of funds were easily accessed. You can imagine what an person of “low moral standards” could have benefited from this situation.

Right about the time that Surbo pulled the front panel down, Mouse came strolling by and said “Boys! What are you doing!?” It didnt look good, and since we had already had some run-ins with hotel police we immediately put it back and made sure it was reported. We didnt take any pictures because we didnt want to be any more involved than we already were. I am sure you can understand that although we pull some harmless pranks here or there, ATM fraud is not up our alley.

So, Do I have evidence that if you used that ATM that your card numbers & pin were exposed and/or recorded? No, in-fact I did not see any suspicious looking equipment inside that would indicate that it had, however the security of the ATM was compromised and the potential was definitely there. Don’t risk it, if you used this ATM, please call your bank and get your card reissued.

Update: I have now learned that the ATMs were using the default admin password. (crap see comments below)

I-hacked got the first copy.. Thanks Jay!

Download link : http://www.room362.com/middler-0902071333.tgz

Thanks also to Mubix @ http://room362.com for uploading. (yes he did it while the talk was still going, now that is what you call 0day)