Google's Devices and Activity Dashboard — A New Account Security Wizard

We access our Google account from so many devices that we our self forget on how many devices our account is still connected and perhaps we don't use that device anymore. To make this problem easy for you, Google has come up with its new security dashboard which will help you keep better control over the devices that can access your account.

The Internet giant on Monday launched a new "Devices and Activity dashboard" with additional insight over the devices which will allow Google Apps users to identify every single active device that has been used to access their account in the last 28 days as well as those currently signed in.

Users will now be able to monitor a comprehensive set of details including the last time their account was accessed, location from where their account was accessed, as well as the web browser that was used to open their account.

Eran Feigenbaum, security director at the Google for Work team, said admins could quickly change passwords and lock their accounts access if any suspicious activity was noticed.

"To make your job a bit easier, today we're announcing new security tools to help Google Apps users take more control of their security online," Feigenbaum wrote Monday in a blog post.

Devices and Activity dashboard is not at all a new feature provided by Google, but previously it was focused mainly on account activity. But from now, using this dashboard feature you can also manually revoke or lock a device’s access from your account remotely in a single-click, which could be a useful utility for those who somehow lost their smartphone or laptop, as well as if an intruder ever managed to add your account on their own device.

The company also launched a new security wizard to help secure Googlet for Work accounts by walking users through functions to tighten security features including recovery settings, and the ability to review account permissions and access.

"Security in the cloud is a shared responsibility," Feigenbaum said. "It only takes minutes for users to update their settings. By making users more aware of their security settings and the activity on their devices, we can work together to stay a step ahead of any bad guys."

Google for Work users can use this guide to enable or adjust security settings, which also encourages users to enable the 2-steps authentication process. This tool prioritizes all administrator settings for security features that end users are permitted to turn on. Rest all is in user's hand.

Sony Pictures HACKED; Studio-Staff Computers Seized by Hackers

It’s a bad day for Sony yesterday!! Sony appears to be hacked once again by hackers, but this time not itsPlayStation, instead its Sony Pictures Entertainment – the company’s motion picture, television production and distribution unit.

According to multiple reports, the corporate computers of Sony Picture employees in New York and around the world were infiltrated by a hacker, displaying a weird skeleton, a series of URL addresses, and a threatening message that reads:

"Hacked By #GOP Warning: We've already warned you, and this is just a beginning. We continue till our request be met. We've obtained all your internal data, including your secrets and top secrets. If you don't obey us, we'll release data shown below to the world. Determine what will you do till November the 24th, 11:00 PM (GMT)."

News broke after a user, who claimed to be a former Sony staff, posted allegations of the security breach with the defacement image on Reddit.

Hackers group that identifies itself as #GOP (Guardians of Peace) claimed responsibility for the defacement across staff computers at Sony Pictures, and apparently stolen reams of internal corporate data as well.

Some reports also claims that the group also gained access to dozens of the company's Twitter accounts linked to movies such as Stomp The Yard, Soul Surfer, and Starship Troopers, but the company has since regained control of those.

A source within Sony has anonymously confirmed to TNW that the hack and the defacement image that have appeared on Staff computers inside Sony Pictures is real. They said that "a single server was compromised and the attack was spread from there."

The group leaked a large ZIP file containing a list of filenames of a number of documents pertaining to Sony Pictures financial records along with private keys and passwords for access to servers. There is even a text file that contains the list of last 10 recently used passwords for something at Sony.

The defacement message shown on staff computers mentions "demands" that must be met by November 24th at 11:00PM GMT or the files named will be released.

While the motives behind the hack are still unclear, but the group says it will expose more details to the public if what appeared to be a reference to demands quietly sent to the company earlier were not fulfilled by them.

According to Variety, Sony Pictures information-technology departments have instructed employees to turn off their computers as well as disable Wi-Fi on all mobile devices. Sony Pictures hasn't confirmed the intrusion yet, instead saying it was investigating "an IT matter" in a statement.

CryptoPHP Backdoor Hijacks Servers with Malicious Plugins & Themes

Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale.

The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor named"CryptoPHP." Security researchers have uncovered malicious plugins and themes for WordPress, Joomla andDrupal. However, there is a slight relief for Drupal users, as only themes are found to be infected from CryptoPHP backdoor.

In order to victimize site administrators, miscreants makes use of a simple social engineering trick. They often lured site admins to download pirated versions of commercial CMS plugins and themes for free. Once downloaded, the malicious theme or plugin included backdoor installed on the admins’ server.

"By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social-engineering site administrators into installing the included backdoor on their server," Fox-IT said in its analysis on the attack.

Once installed on a web server, the backdoor can be controlled by cyber criminals using various options such as command and control server (C&C) communication, email communication and manual control as well.

Other capabilities of the CryptoPHP backdoor include:

• Integration into popular content management systems like WordPress, Drupal and Joomla
• Public key encryption for communication between the compromised server and the command and control (C2) server
• An extensive infrastructure in terms of C2 domains and IP’s
• Backup mechanisms in place against C2 domain takedowns in the form of email communication
• Manual control of the backdoor besides the C2 communication
• Remote updating of the list of C2 servers
• Ability to update itself

Miscreants are using CryptoPHP backdoor on compromised Web sites and Web servers for illegal Search Engine Optimization (SEO), which is also known as Black Hat SEO, researchers said in its report. It is because the compromised websites link to the websites of the attackers appear higher in search engine results.

Black hat SEO is a group of techniques and tactics that focus on maximizing search engine results with non-human interaction with the pages, thus violating search engine guidelines. These include keyword stuffing, invisible text, doorway pages, adding unrelated keywords to the page content or page swapping.

The security company has discovered 16 variants of CryptoPHP Backdoor on thousands of of backdoored plugins and themes as of 12th November 2014. First version of the backdoor was appeared on the 25th of September 2013. The exact number of websites affected by the backdoor is undetermined, but the company estimates that at least a few thousand websites or possibly more are compromised.

'Regin' - 'State-Sponsored' Spying Tool Targeted Govts, Infrastructures for Years

Researchers have uncovered a highly advanced, sophisticated piece of malware they believe was used to spy on a wide-range of international targets including governments, infrastructure operators and other high-profile individuals since at least 2008.

The nasty malware, dubbed "Regin", is said to be more sophisticated than both Stuxnet and Duqu, according to the researchers at antivirus software maker Symantec Corp.

DEVELOPED BY NATION STATE

The research showed that the Regin malware is believe to be developed by a wealthy "nation state" and is a primary cyber espionage tool of a nation state because of the financial clout needed to produce code of this complexity with several stealth features to avoid detection. But, the antivirus software maker didn't identify which country was behind it.

"It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyber espionage tools used by a nation state," said Symantec Security Response team.

"The security firm did not name a nation as the source of Regin, but is willing to say most of its victims were from Russia and Saudi Arabia and were targeted between 2008 and 2011 with a since decommissioned version of the malware that re-surfaced after 2013."

Regin uses a modular approach allowing it to load features that exactly fit the target, enabling a customized spying. The malware's design makes it highly suited for persistent, long-term mass surveillance operations against targets, the company said.

The nasty malware's main targets include Internet service providers and telecommunications companies, where it appears the complex software is used to monitor calls and communications routed through the companies' infrastructure. Other targets include organisations in hospitality, energy, airline, health sectors and research.

HIGHLY CUSTOMIZABLE FIVE STAGE STRUCTURE

Regin's highly customizable nature allows large-scale remote access Trojan capabilities, including password and data theft, hijacking the mouse's point-and-click functions, and capturing screenshots from infected computers. Other infections were identified monitoring network traffic and analyzing email from Exchange databases.

"Customisable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organisations, infrastructure operators, businesses, researchers, and private individuals,"Symantec said.

In order to remain stealthy, Regin is organized into five layers, each "hidden and encrypted, with the exception of the first stage." It's a multi-stage attack and each stage reveals the overall attack. Executing the first stage starts a domino chain in which the second stage is decrypted and executed, and that in turn decrypts the third stage, and so on.

NASTY MODULES

The whole picture of the malware only emerges when you have acquire all five stages because each individual stage provides little information on the complete package. Regin contains dozens of payloads, including code for capturing screenshots, seizing control of an infected computer's mouse, stealing passwords, monitoring network traffic, and recovering deleted files.

Other modules appear to be tailored to specific targets. Specialist modules were found monitoring the traffic ofMicrosoft Internet Information Services (IIS) server, parsing mail from Exchange databases, and collectingadministration traffic for mobile base station controllers.

OnionDuke APT Malware served through Tor Network

The malicious Russian Tor exit node, which was claimed to be patching binary files, is actually distributing a malware program to launch cyber-espionage attacks against European government agencies.

The group behind the rogue Tor exit node had likely been infecting files for more than a year, causing victims to download and install a backdoor file that gave hackers full control of their systems.

Last month Josh Pitts of Leviathan Security Group uncovered a malicious Tor exit node that wraps Windows executable files inside a second, malicious Windows executable. But when Artturi Lehtiö of F-Secure carried out an in-depth research, he found that the exit node was actually linked to the notorious Russian APT family MiniDuke.

"MiniDuke" previously infected government agencies and organizations in more than 20 countries via amodified Adobe PDF email attachment. MiniDuke malware is written in assembly language with its tiny file size (20KB), and uses hijacked Twitter accounts for Command & Control and incase twitter accounts are not active, the malware located backup control channels via Google searches.

The rogue Russian exit node identified by Pitts was banned from the Tor network, but the new research carried out by F-Secure has revealed that the malicious Tor exit node is specifically being used to plant a new variant of the MiniDuke advanced persistent threat (APT) malware which the researcher has dubbed 'OnionDuke'.

OnionDuke is a completely different malware family, but some of its command and control (C&C) servers were registered by the same miscreant that obtained MiniDuke C&C servers.

“This strongly suggests that although OnionDuke and MiniDuke are two separate families of malware, the actors behind them are connected through the use of shared infrastructure,” the F-Secure researchers said in a blog post Friday.

The malware has ability to steal login credentials and system information from the machines it infected, along with ability to evade from antivirus. But the main component of the malware is to download additional pieces of malware onto the infected computer.

Besides spreading through the Tor node, the malware also spread through other, undetermined channels. "During our research, we have also uncovered strong evidence suggesting that OnionDuke has been used in targeted attacks against European government agencies, although we have so far been unable to identify the infection vector(s)," the F-Secure post stated.

"Interestingly, this would suggest two very different targeting strategies. On one hand is the 'shooting a fly with a cannon' mass-infection strategy through modified binaries and, on the other, the more surgical targeting traditionally associated with APT [advanced persistent threat] operations."

The rogue Tor node infects uncompressed executable files passing through unencrypted traffic. The researcher said that whenever a victim tries to download a file via the malicious Tor exit node, they actually receive an executable "wrapper" that added a second executable. Using a separate wrapper, the miscreants could bypass any integrity checks, might present in the original executable.

"Upon execution, the wrapper will proceed to write to disk and execute the original executable, thereby tricking the user into believing that everything went fine. However, the wrapper will also write to disk and execute the second executable."

Those users who use Tor anonymity network and download executable from an HTTPS-protected server and those using a virtual private network were not affected by the malware.

Also users who installed only those apps that were digitally signed by the developer would likely be safe. Although no assurance can be guaranteed to the users because it's not difficult for hackers to compromise legitimate signing keys and use them to sign malicious packages.

Suspected Wirelurker iOS Malware Creators Arrested in China

It’s been almost two weeks since the WireLurker malware existence was revealed for the first time, andChinese authorities have arrested three suspects who are allegedly the authors of the Mac- and iOS-based malware that may have infected as many as hundreds of thousands of Apple users.

The Beijing Bureau of Public security has announced the arrest of three suspects charged with distributing the WireLurker malware through a popular Chinese third-party online app store. The authorities also say the website that was responsible for spreading the malware has also been shut down.

"WireLurker" malware was originally discovered earlier this month by security firm Palo Alto Networks targeting Apple users in China. The malware appeared as the first malicious software program that has ability to penetrate the iPhone's strict software controls. The main concern to worry about this threat was its ability to attack non-jailbroken iOS devices.

Once a device infected with the malware, the virus could download the malicious and unapproved apps, which are designed to steal information, from the third-party app stores and, if it detects an iOS device connected through the USB slot, it would install the malicious apps on the device as well.

"This malware is under active development and its creator’s ultimate goal is not yet clear," the researchers wrote in a report [PDF]. "The ultimate goal of the WireLurker attacks is not completely clear. The functionality and infrastructure allows the attacker to collect significant amounts of information from a large number of Chinese iOS and Mac OS systems, but none of the information points to a specific motive. We believe WireLurker has not yet revealed its full functionality."

Unlike most iPhone bug, WireLurker malware has ability to install even on non-jailbroken iOS devices because the malware authors have used enterprise certificates to sign the apps. Apple has since revoked these cryptographic certificates used to sign WireLurker, and blocked all the apps signed with it. Palo Alto estimated that hundreds of thousands of users installed the malicious apps.

China appears to have taken the threat very seriously and within two weeks arrested three individuals who are believed to be the creators of the malicious software.

Although, there is not much details available about the arrest as the Bureau has simply posted a short notification on its Sina Weibo, a Chinese micro blogging service.

But according to the Chinese authorities, the three suspects are identified as "Chen," "Lee" and "Wang," who are suspected of manufacturing and distributing the malicious program "for illegal profit," and that the Chinese authorities have been helped in the investigation by researchers from Chinese AV company Qihoo 360.

Windows Phone 8.1 Hacked

Do you wanna hack Nokia Lumia phone running the latest mobile operating system Windows 8.1 ?? Hackers have made it very easy for you all..!!

Just few weeks after Microsoft announced a 19 year-old critical security hole existed in almost every version of its Windows operating system, XDA-developers have discovered a new vulnerability in Microsoft’s youngest OS Windows 8.1 that could easily be exploited by hackers to hack a Nokia Lumia phone.

XDA Developers hacker who go by the name DJAmol has found a wide open hole in OS Windows Phone 8.1 which makes the operating system very easy to hack. The vulnerability allows attackers to run their application with other user's privileges and edit the registry.

DJAmol realized that simply by replacing the contents of a trusted OEM app that has been transferred over to the SD card, the app will inherit the privileges of the original app. Once done, an attacker could then delete the existing directory and create a new directory with the same name as the original App.

As a result, the third party registry editor app will gain full access to the Info and Settings in the app itself. This how the hack can be implement in a few simple steps prescribed by XDA-developers in a blog post.

• Develop your own application package and deploy it on the target device.
• Install an any application such as “Glance Background Beta” from the Window Phone app Store.
• Delete all folders under the targeted directory of the installed app, in this case, Glance background.
• Now copy the contents of your own deployed package and paste it on the targeted directory. This implies replacing the “Program Files” of the installed app with your package files.
• Finally launch the App which will run in OEM (Glance Background beta) directory using the privileges of the targeted App.

The hack is very simple and easy to implement because all it need an application from the Window app store. But thankfully, the hack has not yet escalated to a full interop unlock, as the applications which are allowed to be moved to the SD card have limited access.

XDA developers forum reported the vulnerability to the Microsoft and also warned them that the vulnerability could give higher privileges to the attackers if tried using a First Party Application, rather a third party app. By the time, we can just wait for a response from Microsoft’s part to prevent it from getting more serious.

81% of Tor Users Can be Easily Unmasked By Analysing Router Information

Tor has always been a tough target for law enforcement for years and FBI has spent millions of dollars to de-anonymize the identity of Tor users, but a latest research suggests that more than 81% of Tor clients can be "de-anonymised" by exploiting the traffic analysis software ‘Netflow’ technology that Cisco has built into its router protocols.

NetFlow is a network protocol designed to collect and monitor network traffic. It exchanged data in network flows, which can correspond to TCP connections or other IP packets sharing common characteristics, such UDP packets sharing source and destination IP addresses, port numbers, and other information.

The research was conducted for six years by professor Sambuddho Chakravarty, a former researcher at Columbia University’s Network Security Lab and now researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology in Delhi.

Chakravarty used a technique, in order to determine the Tor relays, which involved a modified public Tor server running on Linux, accessed by the victim client, and modified Tor node that can form one-hop circuits with arbitrary legitimate nodes.

"The server modulates the data being sent back to the client, while the corrupt Tor node is used to measure delay between itself and Tor nodes," researchers wrote in a paper PDF. "The correlation between the perturbations in the traffic exchanged with a Tor node, and the server stream helped identify the relays involved in a particular circuit."

According to the research paper, to carry out large-scale traffic analysis attacks in the Tor environment one would not necessarily need the resources of a nation state, even a single AS may observe a large fraction of entry and exit node traffic, as stated in the paper – a single AS (Autonomous System) could monitor more than 39% of randomly-generated Tor circuits.

"It is not even essential to be a global adversary to launch such traffic analysis attacks," Chakravarty wrote. "A powerful, yet non- global adversary could use traffic analysis methods […] to determine the various relays participating in a Tor circuit and directly monitor the traffic entering the entry node of the victim connection."

The technique depends on injecting a repeating traffic pattern into the TCP connection that it observes as originating from the target exit node, and then correlating the server’s exit traffic for the Tor clients, as derived from the router’s flow records, to identify Tor client.

Tor is vulnerable to this kind of traffic analysis because it is designed as low-latency anonymous communication networks.

"To achieve acceptable quality of service, [Tor attempts] to preserve packet interarrival characteristics, such as inter-packet delay. Consequently, a powerful adversary can mount traffic analysis attacks by observing similar traffic patterns at various points of the network, linking together otherwise unrelated network connections," Chakravarty explains.

Chakravarty’s research on traffic analysis doesn't need hundreds of millions of dollars in expense, neither it needed infrastructural efforts that the NSA put into their FoxAcid Tor redirects, however it benefits from running one or more high-bandwidth, high-performance, high-uptime Tor relays.

Just few days ago, US and European authorities announced the seizure of 27 different websites as part of a much larger operation called Operation Onymous, which led to take-down of more than "410 hidden domains" that sell illegal goods and services from drugs to murder-for-hire assassins by masking their identities using the Tor encryption network.

UPDATE
However, the Tor Project responded via a blog post. In a statement Tor project member 'Arma' confirmed that they have been aware of the network analysis attacks and has already implemented security measures in place.

"It's great to see more research on traffic correlation attacks, especially on attacks that don't need to see the whole flow on each side. But it's also important to realise that traffic correlation attacks are not a new area." reads the blog post.

Selling stolen card info online? That's the least of it

blackred | Getty Images

High-profile cyberattacks, like the one JPMorgan Chase revealed thatpotentially compromised 76 million households, would logically lead one to think that bank and credit card data are a hacker's primary target.

Turns out that's the least of it. The easy availability of stolen data created a thriving underground marketplace for purloined information, and some cybercriminals are even going up the value chain and selling things like they're own hacking services.

Credit card data—so widely and often stolen that there's actually an abundance of it—can sell for as little as pennies. The going rate for a social security number isn't much higher: Only about $1.

Medical records—rarer and much more data-rich—can go for $50 or more. (All of this pricing data comes from security firm RSA.)

The marketplace for all this stolen data exists on the so-called "dark web"— which is buried within the "deep web." The "deep web," also known as the "hidden web," is the part of the World Wide Web that is not indexed by normal search engines like Google and is only accessible via special software.

The software commonly used to access the "deep web" is called Tor, which stands for The Onion Router. This Internet portal basically anonymizes the user's IP address making them almost impossible to trace. 

"It is pure capitalism. It is driven by the purest laws of supply and demand. As long as there is a demand someone is going to step in on the supply side. It's the same economics you see in the markets," said Christopher Budd, Trend Micro's threat communications manager. Goods are often exchanged on these forums using virtual currency, and thus the transactions are harder to trace. 

Credit card data is so cheap because there's so much of it, a result of the high number of breaches, said Daniel Cohen, the head of business development for RSA's Online Threats Managed Services Group.

Documents that provide more information about a person's identity usually cost more. Thus the reason medical records—which can contain your entire identity including your address, social security number, financial information, the names of family members and perhaps even your insurance policy numbers—have become so valuable, Cohen said.

China accused of hacking into U.S. weather system

• 
  

The National Oceanic and Atmospheric Administration said Wednesday that it's been the target of hackers.

NOAA, which includes the National Weather Service, said that four of its websites were compromised in "recent weeks" by an "internet-sourced attack." It did not say who was behind the attack, which websites were targeted or whether any data may have been compromised.

Rep. Frank Wolf (R-Va.) told CBS News that NOAA officials told him they believeChina was behind the attack.

NOAA said that when staff members detected the attacks, "unscheduled maintenance was performed" to "mitigate" them. Services to the websites were fully restored and the attacks "did not prevent us from delivering forecasts to the public."

An investigation into the hacking is ongoing, NOAA said.

The Washington Post, which first reported the attack, said the National Weather Service was among the targets. It said the attack took place in September but that officials gave no indication of a problem until almost a month later.

Wolf criticized NOAA for the delay in reporting the incident and said Commerce Secretary Penny Pritzker, whose department includes NOAA, should "clean house" in response.

He also criticized the Obama Administration for not taking the Chinese cyber threat seriously, and said such meddling could jeopardize Americans.

"What if a major storm came and they shut down the weather service? What if they altered projections?" Wolf said. "One projection makes the difference with regards to crop failure, safety, with regards to shipping. I don't know what they are taking. But the Chinese did it for particular reasons and it wasn't because they love America."

This would be the latest in a series of recent hacking attacks blamed on China. Chinese government hackers are suspected of breaching the computer networks of the U.S. Postal Service, compromising the data of more than 800,000 employees. It also comes as President Obama finished up a series of high-level meetings with Chinese President Xi Jinping in which he "stressed the importance of protecting intellectual property as well as trade secrets, especially against cyber-threats."

NOAA operates two types of satellite systems for the United States: geostationary satellites and polar-orbiting satellites. Geostationary satellites monitor the Western Hemisphere from around 22,240 miles above the Earth, and polar-orbiting satellites circle the Earth and provide global information from an orbit 540 miles high.

The satellite systems allow NOAA to provide observations around the clock. The satellites track everything from fast-moving storms across Tornado Alley to hurricanes in the Atlantic and Pacific oceans. The data from the satellites is also used to measure temperatures in the oceans, which are a strong indicator of climate change, as well to monitor other environmental phenomena such as coral reefs, harmful algae, and volcanic ash.

For Guccifer, Hacking Was Easy. Prison Is Hard.

Photo

Marcel-Lehel Lazar, a.k.a Guccifer, tormented various celebrities with no special skills beyond what he had picked up on the web. CreditCristian Movila for The New York Time

But they had suspected he might be since September, when Guccifer hijacked a personal email account used by Mr. Maior, the security chief, and then used it to send Romanian-language messages to Mr. Maior’s official email account at the Romanian Intelligence Service.

Mr. Maior promptly ordered an investigation. “It was clear he had broken into my email,” Mr. Maior said. “He wanted to prove something. I took it seriously.”

Aided by American investigators, who had been hunting in vain for Guccifer for months, the Romanians quickly homed in on Mr. Lazar, who had left a clumsy trail of clues.

Continue reading the main story

“He made many mistakes,” Mr. Badea, the prosecutor, said.

Mr. Lazar said he could have covered his tracks better if he had had more money — for a more powerful computer, for instance.

“Of course, I could have stolen money from them,” he said, distancing himself from the legions of his countrymen who have made Romania, the second-poorest country in the 28-member European Union, a global leader in Internet fraud. “I didn’t. Not a single dollar.”

An American indictment filed against Mr. Lazar in Virginia in June accused him of trying to extort “money and property by means of materially false and fraudulent representations, pretenses and promises” to his American victims, but Romanian investigators say they found no evidence of extortion.

Romanian officials say the United States has not asked Romania to extradite Mr. Lazar but has sent investigators to question him to learn how he managed to prey on so many powerful Americans. The United States Justice Department declined to comment.

Before agreeing to answer questions from The New York Times in prison, where he shares a cell with four others, including two convicted murderers, he read out a lengthy handwritten statement that he said explained the purpose of his hacking.

A potpourri of conspiracy theories about the terrorist attacks of Sept. 11, 2001, the 1997 death of Princess Diana and alleged plans for a nuclear attack in Chicago in 2015, it said: “This world is run by a group of conspirators called the Council of Illuminati, very rich people, noble families, bankers and industrialists from the 19th and 20th century.”

Mr. Badea, the Romanian prosecutor, scoffed at Mr. Lazar’s fixation on so-called Illuminati as a ruse intended to give a political gloss to a peeping-tom hacking addiction. The hacking exploits that led to his 2011 conviction involved “no Illuminati, just famous and beautiful girls,” the prosecutor said.

Mr. Lazar denied any interest in celebrities, asserting that he had only stumbled on most of the people he hacked as Guccifer, a long list that included the actress Mariel Hemingway, the “Sex and the City” author Candace Bushnell, the editor Tina Brown, the comedian Steve Martin, the author Kitty Kelley and many others.

With no access to a computer in jail, he now pours out his phobias and conspiracy theories in notebooks filled with his small, neat handwriting. “O.K., I broke the law, but seven years in a maximum-security prison? I am not a murderer or a thief,” he said. “What I did was right, of course.”

Possible Electronic Hacking Reported At Springfield Mall

SPRINGFIELD TWP., Pa. -With so many beginning their holiday shopping, this story may have you thinking twice about how you use your credit cards and smartphones. An observant FOX 29 viewer tipped us off to what cops say could be a case of high tech identity theft.

A FOX 29 viewer sent us a picture taken in the parking lot of the Springfield Mall. It shows a man sitting in a white SUV, behind him, not one, but 8 different smartphones. All turned on, hanging all over the car. The question is why?

"Little shady out in the open like that," said shopper Joe Ryan.

He's not the only one who thinks so. FOX 29's Chris O'Connell showed the picture to two forensic investigators. Neither can confirm exactly what's going on, but say there's a chance it's electronic hacking, which is using a cell phone to steal your information like bank account and credit card numbers. These days thieves can use what's called "near field communication" or simple bluetooth devices to skim vital information from your smartphone or wireless embedded credit cards.

"I actually just recently had my credit card compromised," said Tracy DiBonaventura.

DiBonaventura knows the threat all too well. She just had her credit card information stolen twice and more than $10,000 in charges were racked up. 

It seems banks and phone companies are playing a technological game of cat and mouse with hackers. The prize is your personal information. 

The viewer who sent us the picture didn't want to be identified, but says the SUV sped off before mall security arrived. She then reported the incident to Springfield Township police to investigate.

In the meantime, as holiday shopping begins, some will be keeping their credit cards close to the vest.  Just in the last two months, seven cases of identity theft were reported to Springfield Township police. Experts say especially during the holiday season, you should be checking your bank statements at least twice a month.

FBI Seize Silk Road 2.0 Servers; Admin Arrested

The authorities of the U.S. Federal Bureau of Investigation have announced that they have arrested "Silk Road 2.0" operator Blake Benthall, used the alias "Defcon" in California on Wednesday and charged him with conspiracy to commit drug trafficking, computer hacking, money laundering and other crimes.

Silk Road 2, an alternative to the notorious online illegal-drug marketplace that went dark in October of 2013, has been seized in a joint action involving the FBI, Department of Homeland Security, and European law enforcement.

"As alleged, Blake Benthall attempted to resurrect Silk Road, a secret website that law enforcement seized last year, by running Silk Road 2.0, a nearly identical criminal enterprise," Manhattan US Attorney Preet Bharara said in a statement. "Let’s be clear—this Silk Road, in whatever form, is the road to prison. Those looking to follow in the footsteps of alleged cybercriminals should understand that we will return as many times as necessary to shut down noxious online criminal bazaars. We don’t get tired."

The arrest comes almost a year after the arrest of a San Francisco man Ross William Ulbricht, also known as "Dread Pirate Roberts," — the alleged founder of the dark Web online drug bazaar "Silk Road" that generated $8 million in monthly sales and attracted 150,000 vendors and customers. At that time, FBI seized the notorious site, but the very next month, a nearly identical site, Silk Road 2.0, opened for business.

The Feds and the US Department of Justice claim 26-year-old Blake Benthall launched the notorious Silk Road 2.0 on Nov. 6, 2013, five weeks after the shutdown of the original Silk Road website and arrest of its alleged operator.

Benthall appeared Thursday afternoon in federal court before Magistrate Judge Jaqueline Scott Corley, where Assistant US Attorney Kathryn Haun told the judge that Benthall is a "severe flight risk," according to the San Francisco Chronicle.

Benthall is charged with conspiring to commit narcotics trafficking, conspiring to commit computer hacking, conspiring to traffic in fraudulent identification documents and money laundering. If convicted, he could be sentenced to life in prison.

Silk Road 2.0 operated much the same way as its predecessor did, it sold illegal goods and services on the Tor network and generates millions of dollars each month. As of September 2014, Benthall allegedly processed $8 Million in monthly sales, according to the FBI.

In order to maintain the the anonymity of buyers and sellers, Silk Road 2.0 offers transactions to be made entirely in Bitcoin, as well as accessed through The Onion Router, or TOR, which conceals Internet Protocol (IP) addresses enabling users to hide their identities and locations.

According to the FBI, it bought 1 kilogram of heroin, 5 kilograms of cocaine, and 10 grams of LSD from Silk Road 2.0, apparently from Benthall himself.

"The offerings on Silk Road 2.0 consisted overwhelmingly of illegal drugs, which were openly advertised as such on the site. As of October 17, 2014, Silk Road 2.0 had over 13,000 listings for controlled substances," reads the complaint.

"Silk Road 2.0 had over 13,000 listings for controlled substances, including, among others, 1,783 listings for 'Psychedelics,' 1,697 listings for'“Ecstasy,' 1,707 listings for 'Cannabis,' and 379 listings for 'Opioids,'."