Results 1 to 8 of 8

Thread: If you use google & wget then you're an uber hacker!

  1. #1
    Join Date
    Aug 2005
    Beans
    6,024

    If you use google & wget then you're an uber hacker!

    http://arstechnica.com/security/2013...ed-as-hackers/


    Reporters use Google, find breach, get branded as “hackers”


    Scripps reporters uncover mishandling of customer data; companies threaten to sue.
    by Sean Gallagher - May 21 2013, 11:15pm SAST


    Call it security through absurdity: a pair of telecom firms have branded reporters for Scripps News as "hackers" after they discovered the personal data of over 170,000 customers—including social security numbers and other identifying data that could be used for identity theft—sitting on a publicly accessible server. While the reporters claim to have discovered the data with a simple Google search, the firms' lawyer claims they used "automated" means to gain access to the company's confidential data and that in doing so the reporters violated the Computer Fraud and Abuse Act with their leet hacker skills.


    The files were records of applicants for the Federal Communications Commission's (FCC) Lifeline subsidized cell phone program for low-income consumers. The applicants' information was collected for the telecom providers YourTel and TerraCom by Vcare, an India-based call center service contracted to verify applicants' eligibility. To qualify for the program, customers need to submit proof that they are enrolled in a federal or state assistance program such as Supplemental Security Income, food stamp programs, and the federally funded free school lunch program.


    Vcare and the telecom providers are explicitly required to not retain this data under the regulations of the FCC program. However, the data was retained on Vcare's servers and posted to an open file-sharing area—and apparently indexed by Google's search engine in the process.


    Scripps News' Isaac Wolf contacted the chief operating officer of TerraCom and YourTel for an interview. The two companies are separate legal entities but are substantially owned by the same people and, as the company's attorney put it, "share some key management employees." In an e-mail to TerraCom and YourTel COO Dale Schmick, Wolf informed Schmick that he had "stumbled across numerous Lifeline applications… which are posted freely online."


    However, Vcare and the two telecom companies assert that the reporters "hacked" their way into the data using "automated" methods to access the data. And what was this malicious hacking tool that penetrated the security of Vcare's servers? In a letter sent to Scripps News by Jonathan D. Lee, counsel for both of the cell carriers, Lee said that Vcare's research had shown that the reporters were "using the 'Wget' program to search for and download the Companies' confidential data." GNU Wget is a free and open source tool used for batch downloads over HTTP and FTP. Lee claimed Vcare's investigation found the files were bulk-downloaded via two Scripps IP addresses.


    Lee's letter demanded that Scripps immediately identify the "Scripps Hackers" and preserve any evidence of downloaded data, "as civil litigation is highly likely." He stressed that the companies' intent is to discover the extent of the breach and determine if the reporters were just accessing the data for journalistic reasons—in which case, they would not have to report the exposure as a data breach.

  2. #2
    Join Date
    Aug 2005
    Beans
    6,024

    Re: If you use google & wget then you're an uber hacker!

    This stupidity needs to end.

  3. #3
    Join Date
    Apr 2011
    Location
    Mystletainn Kick!
    Beans
    4,759
    Distro
    Ubuntu

    Re: If you use google & wget then you're an uber hacker!

    It would seem the ISPs and Vcare were in violation of the law.
    Splat Double Splat Triple Splat
    Earn Your Keep
    Don't mind me, I'm only passing through.
    Once in a blue moon, I'm actually helpful
    .

  4. #4
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: If you use google & wget then you're an uber hacker!

    All I can do is facepalm.

    What good is security if the people running the network don't bother with it?

    I wonder how this will turn out.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  5. #5
    Join Date
    Jun 2007
    Location
    Porirua, New Zealand
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: If you use google & wget then you're an uber hacker!

    A *facepalm* from me as well: what were the companies doing placing confidential data in an easily discoverable location?
    Forum DOs and DON'Ts
    Never assume that information you find using a search engine is up-to-date.

  6. #6
    Join Date
    Feb 2007
    Location
    West Hills CA
    Beans
    8,582
    Distro
    Ubuntu 12.10 Quantal Quetzal

    Re: If you use google & wget then you're an uber hacker!

    It's pretty easy to get a free phone with huge numbers on it. You just have to fill out some personal information at the telco's website. That phone may cost you more than you think.
    -------------------------------------
    Oooh Shiny: PopularPages

    Unumquodque potest reparantur. Patientia sit virtus.

  7. #7
    Join Date
    Jun 2007
    Location
    Porirua, New Zealand
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: If you use google & wget then you're an uber hacker!

    Quote Originally Posted by tgalati4 View Post
    It's pretty easy to get a free phone with huge numbers on it. You just have to fill out some personal information at the telco's website. That phone may cost you more than you think.
    For starters, an arm and a leg each month!
    Forum DOs and DON'Ts
    Never assume that information you find using a search engine is up-to-date.

  8. #8
    Join Date
    Jun 2009
    Location
    0:0:0:0:0:0:0:1
    Beans
    4,315
    Distro
    Xubuntu 13.04 Raring Ringtail

    Re: If you use google & wget then you're an uber hacker!

    Quote Originally Posted by CharlesA View Post
    What good is security if the people running the network don't bother with it?
    +1 i have found a managed switch that has no security implemented on it in a place, looked at my ip address and tried to found the router and found the switch instead, no password prompt or anything full admin access, not sure what i should do with the info, clearly there so called IE dept does not care
    all i did was plug into the rj45 plug in the lobby cause they did not have open wifi
    Laptop: ASUS A54C-NB91 (Storage: WD3200BEKT + MKNSSDCR60GB-DX); Desktop: Custom Build - Images included; rPi Server
    Putting your Networked Printer's scanner software to shame PHP Scanner Server
    I frequently edit my post when I have the last post

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •