Reuters fired Matthew Keys, its former social media editor, today soon after Keys was charged with aiding hackers in accessing his previous employer’s computer systems.

“Keys is no longer with the company, effective today,” David Girardin, a spokesperson for Reuters, told VentureBeat in a phone conversation.

The Department of Justice indicted Keys last month, after uncovering chat logs where Keys allegedly identified himself as “AESCracked.” In that conversation, an Anonymous hacker asked AESCracked for help getting access to Tribune Company’, Keys’ former employer and parent company of the LA Times. AESCracked, who may or may not be Keys, supplied the credentials. The hacker then defaced the LA Times, changing a story to say, “House Democrats told to SUCK IT UP,” and “CHIPPY 1337.” Shortly after being indicted, Keys wrote a post on his Facebook wall denying the claims against him.

“Just got off the phone. Reuters has fired me, effective today. Our union will be filing a grievance. More soon,” tweeted Keys. At the time of the indictment, Reuters had suspended Keys with pay.

Girardin declined to comment on whether Reuters was concerned about a retaliation from Keys given the nature of the case against him, or if Reuters is doing anything extra to protect its systems.

“It’s my understanding that Reuters did not agree with some of the coverage I did on my own during the Boston Marathon events from last week,” Keys told Politico. “And they have a specific set of reasons for the termination which I don’t agree with and the union that represents me does not agree with. We are in agreement, the union and myself, that I have done nothing wrong, that the basis for the termination is incorrect and doesn’t hold any water.”

Matthew Keys image via Matthew Keys’ Tumblr

Updated at 12:57 p.m. with more detail about current Bitcoin prices.

Bitcoins are a hot commodity now, but are your Bitcoins actually safe? Bitcoin wallet company Instawallet has suspended its service “indefinitely” after being hacked.

Bitcoin is a virtual, decentralized currency that no government or central bank controls. Several companies, including Reddit and Expensify, have recently added Bitcoin support, helping the value bubble up. The value of Bitcoin surpassed $100 per coin just two days ago, and early today it reached as high as $145. Now the price reportedly sits below $117.

Instawallet provided a way to easily set up a Bitcoin wallet that can be used to store your Bitcoins and associated data. But the company had its database “fraudulently accessed,” so it has decided to close down until it can develop a new architecture that is safe from hacking attacks.

Instawallet writes on its homepage:

INSTAWALLET SERVICE NOTICE

The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture.

Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is.

In the next few days we are going to open the claim process for Instawallet balance holders to claim the funds they had stored before the service interruption.

Important information on claims submission:

For the first 90 days we will accept claims for individual Instawallets. Your wallet’s URL and key will be used to pre-populate a form to file the claim.

After 90 days, if no other claim has been received for the same url, your Instawallet balance under 50 BTC will be refunded. If several claims have been filed for the same url, we will process those claims on a case by case basis, under the presumption that the claim we received first belongs to the legitimate balance holder.

Claims for wallets that hold a balance greater than 50 BTC will be processed on a case by case and best efforts basis.

The Instawallet incident highlights that Bitcoin still has serious issues with security. While transfers between Bitcoin holders are secure and instantaneous, the software used to actually store Bitcoins may not be up to snuff in many cases.

Bitcoin prices have often faltered in the past after hacking incidents, and a security breach in June 2011 is thought to have triggered a massive sell-off in Bitcoins. We’ll see if something like this happens again with today’s incident.

A number of “high profile” Xbox Live accounts belonging to Microsoft employees were hacked, according to a statement from Microsoft, who says the attackers used a number of social-engineering tactics to get access.

The statement from Microsoft reads:

We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox Live accounts held by current and former Microsoft employees. We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use. Security is of critical importance to us and we are working every day to bring new forms of protection to our members.

This is more than a surface-level social engineering attack on Microsoft, however. Brian Krebs, a security reporter who was recently “swatted,” or pranked when someone reported a fake incident that had police at Krebs’ door, found the prankers were actually a group of hackers. The group of four, according to Krebs, was seeking revenge after he reported on a website called ssndob.ru where people were selling social security numbers. This is reportedly one of the tactics used to gain access to the Xbox Live accounts.

As it turns out, Krebs also connected one of the hackers from this group called TeamHype to the hacker who took down Mat Honan’s digital life in 2012. This hacker, called Phobia, may have also been behind the “swatting” prank.

Microsoft responded saying that it does not use social security number in its Xbox Live accounts, but that the hackers were effectively “daisy-chaining” by social engineering one of Microsoft’s partners (see: “affiliated companies in the statement above) and gaining enough information to bypass  Microsoft’s “security proofs” or the information it collects to make sure you are who you say you are.

hat tip Ars Technica; Video game fail image via Shutterstock

We focus too much on finding out who hacked us and not enough on using big data to protect ourselves from the hack in the first place, Arthur Coviello, security firm RSA’s executive chairman, said on stage today at the RSA conference in San Francisco. One of the main ways we can use data is sharing information about our hacks with other companies.

“Do we really need to see a smoking gun to know there’s a dead body on the floor?” Coviello asked the conference crowd. “Sure we should continue to work to out the perpetrators, but for the most part, we know who they are.”

In 2012, Coviello said, we collected one zettabyte of data. That’s the equivalent of 4.9 quadrillion books. But, according to IDC, only one percent of that is actually analyzed, and not all of that one percent can be used for security purposes. So much of a hacked company’s time and attention is spent on naming the attackers, and it makes sense. Everyone who has ever watched a cop show knows we want the culprit caught red-handed. But this can become a distraction from actually preventing attacks.

The way to start on the path to using this data, Coviello said, is for companies to share attack information with each other so that we can use big data and an understanding of attacks in our environments to prepare for the next ones. It’s a controversial idea, however. Companies don’t exactly jump to explain how people got into their systems. In fact, if customer information isn’t involved, an attack on a company may never be revealed.

There’s a movement, however, in that direction. Facebook, Apple, Microsoft, and Twitter all revealed they were hacked in the last two weeks alone. Facebook and Twitter lead the pack, saying they know they weren’t the only ones and they wanted others to be aware of the attack. Whether these companies share information about the attack, however, is unknown. It’s those kinds of conversation that Coviello hopes we’ll start to see more of.

Arthur Coviello image via Meghan Kelly/VentureBeat

On the same day the New York Times runs a story about how a faceless squad of hackers on the other side of the world has gone unchecked in a race to penetrate frightening chunks of the digital grid, I am sitting across from author, blogger, and activist Cory Doctorow.

He’s seated cross-legged, perched on a wooden table. The setting is an independent bookstore, where Doctorow proceeds to tell stories he’s told dozens of times already on this book tour — yet still manages to make them seem as fresh as they probably did the first time.

He sways, gestures invitingly, and adjusts his large-rimmed glasses, always in motion. He’s self-effacing, the way he calls himself a Patchouli-scented info hippie. And he talks with intensity of purpose, like a man always running out of time.

At his book signings, the co-editor of the website BoingBoing is not an author so much as a Jeremiah of the web. Never mind promoting “Homeland,” the follow to his 2008 bestseller “Little Brother.” He’ll get around to that.

Getting our policy badly wrong

First, he walks through a litany of episodes from the department of “truth is stranger than fiction.” He recaps examples of technology devices that have been co-opted and turned against their owners.

It’s partly our fault. One of the things wrong with the world, Doctorow insists, is that enough people aren’t demanding that devices be made differently, “so that people can see inside them.”

The default posture of computers is ‘Yes, master’ or ‘I can’t let you do that, Dave.’ It’s up to us decide, because the world we live in is made of computers. Your house is a computer. We are increasingly putting little computers inside our body. Your car is a computer that hurtles down the highway.

People are free when they know the reality of the world. Yet we continue to treat the Internet as though it were nothing but a glorified system for cable and phone calls.

Before he gets around to exposing the still-raw nerve that is his reaction to the suicide of his close friend Aaron Swartz, Doctorow continues with a segué that doesn’t let the public off the hook. He laments the frequency with which users tap “Agree” when confronted with Byzantine Terms of Service agreements and software updates, an action that’s a kind of mindless surrender to the complexities of the Internet age.

From there (and he still hasn’t yet bothered to beat his chest and tout the book that’s brought him here) he blasts prosecutors run amok and talks about how lawmakers “keep getting our policy badly wrong” when it comes to computers.

There’s no way to legislate what computer users can’t do or shouldn’t do, because no sooner than the ink has dried on that bill would such a law be rendered obsolete by the pace of technological change. Yet along the way, in Doctorow’s telling of the story, legal protection of the free flow of information gave way to a kind of mutual protection racket.

Information that’s supposed to be free and public got shut away, where it’s kept under lock and key.

Remembering Aaron Swartz

“I knew Aaron for more than half his life,” Doctorow said, bringing the discussion around to the loss of a pioneer of Internet freedom. “Aaron was one of those bright kids who blew the grading curve. His parents let him leave school.”

Years ago, Doctorow was dating someone who had volunteered to be Swartz’s chaperone around San Francisco when the young teenager was visiting and involved in Internet work far beyond his years.

“We picked him up,” Doctorow remembers. “I remember he was the world’s worst eater. We fed him awful food. I remember thinking, this kid’s going to go somewhere – if he doesn’t die of scurvy.”

Swartz, of course, went on to work at Reddit. He got wealthy but stayed restless and reckless. He couldn’t shut off his ambitiousness, Doctorow remembers, not when he was “liberating” 20 percent of the most widely cited case law from the PACER electronic court records system and not when he was taking advantage of MIT’s public wifi and downloading academic journal articles.

The researchers behind those articles, Doctorow said, are “uncovering tiny chunks of the truth of the world, and we don’t get to see it. If you’re a random person, you can’t get it. And that matters, because we don’t know where the next innovation will come from. I think the world is better when we know the truth of it.”

MIT kept locking Swartz down, Doctorow said, trying to tweak the network and kick him out. At one point, Swartz walked into a closet and plugged directly into the system and downloaded millions of documents.

A prosecutor brought charges against him, threatened decades’ worth of jail time. Swartz said he’d fight it. Doctorow recalled lawyers who “started to play dirty,” denying Swartz documents he was entitled to.

“He kept working,” Doctorow said. “You may remember that dumb law, SOPA. Aaron was one of the people who helped fight and kill that.”

Just over a month ago, Swartz hanged himself in his New York apartment. Doctorow says he’s still trying to make sense of that.

Drawing from life

It’s hard not to be reminded of Swartz in Doctorow’s new story, about a young hacktivist who’s detained and roughed up by the feds. As a matter of fact, Swartz helped Doctorow write the book.

“When I was working on this book, I asked Aaron for help,” Doctorow said.

Swartz sent Doctorow a missing piece he needed for the story. Doctorow didn’t know how he’d describe it, but he wanted to include a mention of a next-gen device that could be used to mobilize voters without needing to rely on the moneyed interests or power brokers who run the current political structure.

Swartz sent him a few paragraphs that Doctorow liked so much he used them verbatim.

Doctorow wraps up his brief remarks by turning to something he’s written down. He’s promised Swartz’s family he would talk about this on the book tour.

“These are things I would have said to Aaron if he’d called me.”

Doctorow’s voice wavers a bit. He presumes there are people in the crowd who’ve dealt with depression.

“I know I have.”

Trying to maintain a steadiness in his voice, Doctorow tells the crowd that “dead people can’t solve problems.” That whatever problems Schwartz was facing, killing himself didn’t solve them. “They will go unsolved forever.”

That “if he was lonely, he will never again be embraced by his friends. If he was despairing of the fight, he will never again rally his comrades with his brilliant leadership.”

And that’s it. There are questions from the audience, and Doctorow promises to “render your books un-returnable” by signing them.

One of the several things striking about him is the way he can pull off a difficult feat. He’s served to rally the faithful — this small crowd of the faithful, admittedly — in defense of the cause of Internet freedom. And he gives them marching orders, without even having to tell them what those orders are.

Photo credit: JonathanWorth.com

Hackers these days do a lot in the name of activism, but how about a good old-fashioned prank?

Montana TV station KRTV reported Monday that it was hacked and broadcasted a simultaneously hilarious and terrifying alert about the impending zombie apocalypse.

“The bodies of the dead are rising from their graves and are attacking the living,” a fake announcer warned during the broadcast. “Do not attempt to approach or apprehend these bodies, as they are considered extremely dangerous.”

KRTV later explained to viewers via its website that the alert did not come from the station.

“Someone apparently hacked into the Emergency Alert System and announced on KRTV and the CW that there was an emergency in several Montana counties,” the station wrote. “This message did not originate from KRTV, and there is no emergency.”

The Great Falls Tribune says the hoax generated at least four calls to police to make sure the broadcast was fake.

Check out the broadcast in the videos below.

>Zombie Walk 2012 photo via Grmisiti/Flickr

So what does this mean for us? Well, one major benefit some gamers are happy about is the ability to finally remove the 3DS’s pesky region locking, which prevents us from playing imported copies of Japanese games, for example. And while that is definitely something to be excited about (Bravely Default: Flying Fairy, anyone?), many gamers won’t stop there.

Whether we like to admit it or not, piracy hurts the industry, and smaller game devs and publishers suffer more than their billion-dollar-budget big brothers. Renegade Kid’s Jools Watsham, the developer of the very cool Mutant Mudds on the 3DS eShop, had this to say about it:

Piracy on the Nintendo DS crippled the DS retail market, especially in Europe. We’ll never know how/if Dementium II landed in as many hands as the first game, Dementium: The Ward, due to the rampant piracy at the time. Dementium: The Ward sold more than 100,000 copies worldwide, which is a great success for an original mature-rated title on the DS. Recorded sales of Dementium II are less than half that. We’ll never truly know why that was so, but many seem to believe that piracy had a lot to do with it.

If piracy gets bad on the 3DS, we will have no choice but to stop supporting the platform with new games. Some say that piracy leads to more game sales, claiming that it enables players to try before they buy. Bullshit. The percentage of people who will spend money on a game that they already got for free is surely very small — especially with so many “free” games already in the market. The line between what should/should not be free is getting very blurry.

While many gamers who pirate games will take up a “damn the man” stance, convincing themselves that they are getting back at big-name companies that charge an arm and a leg for on-disc downloadable content and such, this statement gives us an idea about how piracy affects the little guys.

Let me just climb down from my high horse here for a moment. Years ago, a friend and I hacked our PSPs in order to play Japanese titles before they came out in the U.S. Yes, I pirated a few games, but in all honesty, they were games I eventually purchased once they released overseas. My friend, on the other hand, would download ISOs as they were made available — gigs and gigs of games that he never finished. I didn’t see why he had created such a huge backlog for himself. I hate to use anecdotal evidence to support my argument here, but I’ve read about publishers and developers who choose not to release games in the U.S. because theirs have been pirated too much.

So where does that leave us? Piracy can prevent some great games from being localized, and it can hurt small game devs and publishers. Sure, lots of gamers like to try before they buy, which speaks to the importance of demos. I for one think that for a handheld like the 3DS, which is in a constant battle to keep third-party developers as it is, would likely suffer from its hardware being hacked. Sure, more 3DS units might sell, but what about software? Especially that of smaller developers?

What do you think?

---

GamesBeat 2013 is our fifth annual conference on disruption in the video game market. You'll get 360-degree perspectives from top gaming executives, developers, and analysts on what’s to come in the industry. Our theme this year is “The Battle Royal.” Check out full event details here, and grab your early-bird tickets here!

---

The video game business never has a year without controversy. 2012 was no different in that respect. But the different ways that game companies could get into trouble and draw mass market attention were surprising. The age-old controversies about sex, violence, and other cultural insensitivities surfaced again this year. But game publishers also had to deal with the consequences of being hacked, violating the government’s concerns about military security, and upsetting fans by failing to live up to games-as-a-service obligations in free-to-play games.

Sometimes, the controversies brew up from the bottom as unintended consequences. At other times, it seems like the controversies are intentionally manufactured for marketing reasons, so that the game can rise above the noise and catch the public’s attention. But that’s a double-edged sword, as such marketing can turn off as many consumers as you attract. Whether the controversies are accidental or intentional, it’s clear that when you create entertainment for the public, there are so many ways to get into trouble. Please vote in our poll for the top game controversy, and leave a comment if you like.

Video games take the heat for Newtown shooting

The horrific shootings at Newtown left 20 children and seven adults dead. Though it happened late in the year, this incident revived concerns over excessive violence in video games. The U.S. Supreme Court ruled that video games were protected under the First Amendment. But calls for regulation and studying of a possible link between games and violence went out again in the wake of the shooting. The anti-game-violence crowd got help from an unexpected corner, as the National Rifle Association blamed the shooting on violent video games (and called for armed guards at schools). Greg Fischbach, former chief executive of Mortal Kombat publisher Acclaim Entertainment, predicted that the consequences of the shooting will play out over years for the game industry.

Ex-Navy SEALS disciplined for consulting on Medal of Honor Warfighter

Electronic Arts touted the fact that former elite soldiers gave it advice in the design of its realistic combat shooter Medal of Honor Warfighter. But the company failed to go through the proper channels in getting permission from the government for the consulting. As a result, the Department of Defense punished seven active-duty Navy SEALs who consulted on the game. The SEALs had two months of pay docked and received letters of reprimand. More were under investigation.

Among those who consulted was Matt Bissonnette, who was part of Seal Team 6 team that killed Osama Bin Laden. EA said that it wasn’t aware of any rules that required EA to vet the game with the DoD. It wasn’t clear if any military secrets were improperly divulged in the game. Bissonnette also got into hot water for co-writing the nonfiction account of the raid that killed Bin Laden in the book, No Easy Day: The Firsthand Account of the Mission That Killed Osama Bin Laden.

Copycatting called out

Zynga has long been accused of copying other game designs. Electronic Arts finally sued the company this year for allegedly copying The Sims Social with the launch of Zynga’s The Ville people simulation game. EA claimed that Zynga’s team copied many details of The Sims Social. Zynga denied outright copying, and it noted that EA’s SimCity Social was similarly a copy of Zynga’s own city-building game, CityVille, and that CityVille itself has only passing resemblance to EA’s SimCity games on the PC.

In response to similar allegations of copying in a bingo game, Mark Pincus, chief executive of Zynga, claimed that his company has re-imagined past games by making them more social. The result is those games become more popular than ever thanks to sharing with friends on Facebook. EA said that it had to stand up for the industry to stop the rampant copying. Complicating the matter was the fact that The Ville’s designer, Mark Skaggs of Zynga, used to work at EA, as did many other Zynga executives. The issue of copying came up again as Spry Fox sued 6waves for copying not the look of its game, but the game play. That lawsuit was settled. But the EA-Zynga dispute is still pending.

The courts have been clear on the subject. Making a new game in an existing genre isn’t a violation of copyright law. But taking someone’s computer code and claiming it as your own is illegal.

Talent raiding wars

Related to the copycat allegations, big companies also went to war over talent raids. After Zynga hired an EA executive, Zynga alleged that EA’s chief executive John Riccitiello proposed an anti-competitive no-hiring pact or he would threaten litigation. Zynga claimed that was the real reason for EA’s copycat lawsuit. Meanwhile, Kixeye CEO Will Harbin made a hilarious video lampooning Zynga and EA as part of a campaign to recruit talent. But then Zynga sued Kixeye for stealing a game designer. Zynga alleged that Alan Patmore took 763 confidential documents with him when he started his new job at Kixeye. But Harbin blasted Zynga for lashing out while it was “burning to the ground and bleeding top talent.”

Apple cracks down on bot marketers

Early in the year, Apple quietly prohibited mobile game companies from using bots and other marketing tactics that artificially boosted games in Apple’s rankings of its top-performing apps. Animoca alleged that Apple unfairly cracked down on its Pretty Pet Salon game and that communication from Apple was sparse. Our own investigation found that the secrecy around the crackdown left a lot of developers wondering what was OK to do and what wasn’t when it came to marketing games. Game developers feared that if everyone used unfair marketing tactics, then legitimate high-quality apps might never get noticed. But one thing was clear. If you used too many incentives, Apple would start paying attention. Late in the year, Tapjoy again learned a tough lesson about being too aggressive with incentives, this time with web-based offers that apps linked to from within Apple apps. Neither Apple nor Tapjoy elucidated on the matter, leaving developers in the dark.

Hackers disrupt online games

Anonymous taught Sony a big lesson last year as it hacked into both the PlayStation Network and disabled the network for 77 million registered users who could no longer access their online games. It also attacked Sony Online Entertainment. This year, hackers were back with more attacks. Gamigo got hacked and lost control over 8 million email addresses and passwords for its users. And 11,000 Guild Wars 2 players also had their passwords stolen. Zynga’s YoVille social game saw disruption for 1,000 fans after some players began using a vulnerability to steal belongings from other accounts. Game companies that get hit by hackers will find out that consumers will blame the company for lax security as much as they will blame the hackers.

Fan revolts hit Mystery Manor

Game Insight had a tough time dealing with fan outcry after it decided to take away some perks offered to players of the game. Game Insight made the iOS version of Mystery Manor: Hidden Adventure, which was enjoyed by as many as 20 million registered users. The hidden object game was a free-to-pay title where users could play for free and pay real money for virtual goods. But Apple banned a practice that the game had previously allowed: letting friends obtain and trade gifts with other players inside the game. Game Insight had to scramble to comply with the rules and fans objected. A second fan revolt erupted with a second service disruption. Fair warning. Fan revolts are going to be common if game developers decide to change long-standing online games or discontinue them altogether.

Sex chat brings down Habbo virtual world

A British TV station dealt Habbo a severe blow when it blew the lid off a sex chat culture within parts of the virtual world, which has more than 250 million registered users. During the scandal, retailers stopped carrying prepaid cards for Habbo and an investor pulled its support from the company. Habbo had measures in place to stop sexual predators, but it shut down the service to deal with the new allegations. The company reviewed its chat records and found 3.7 percent of members were engaged in inappropriate chat. By the time that Habbo went back online with new measures in place, it had lost about 35 percent of its membership. Chief executive Paul LaFontaine pledged to redouble efforts to protect kids and win more of those users back.

Ex-OMGPOP ignites debate about refusing to work for Zynga

OMGPOP’s Pictionary-style mobile game Draw Something gained a huge number of users early this year, prompting Zynga to buy the New York game company for $180 million. But Shay Pierce, one of OMGPOP’s employees, wrote a blog post about how he didn’t want to work for Zynga, which he viewed as completely antithetical to his professional and creative values. Then OMGPOP CEO Dan Porter tweeted that the one employee who didn’t accept a job with Zynga (Pierce) was the “weakest” one. But Pierce didn’t miss out on much. Draw Something lost millions of users and Zynga had to take a write-off of $95 million because of the diminished value of the mobile game. Zynga’s stock price also cratered as it announced two quarters of weak earnings in a row.

EA and Activision Blizzard spar over Infinity Ward

In 2011, Activision Blizzard and Electronic Arts squared off over the departures of the founders of Infinity Ward, an Activision-owned studio that built the Call of Duty franchise into a billion-dollar machine. Two co-founders were fired from Infinity Ward as they prepared to exit and set up Respawn Entertainment, a new game studio funded by EA. The lawsuit was headed for a trial this year. Just before the trial, EA and Activision settled the case. But not before there were some interesting disclosures about Project Icebreaker. Activision executive email records showed that executives were hunting for dirt on the co-founders as a pretext to fire them. Activision denied the characterization of the emails.

Mass Effect 3′s ending fiasco

Fans were in an uproar after they played through the entire Mass Effect trilogy, only to be disappointed by the uninspired ending of Mass Effect 3. The fan reaction was so intense that Electronic Arts’ BioWare division decided to come out with an enhanced ending to satisfy gamers. And not long after that, BioWare founders Ray Muzyka and Greg Zeschuk decided to retire from their top positions at EA.

Here’s our poll.

---

GamesBeat 2013 is our fifth annual conference on disruption in the video game market. You'll get 360-degree perspectives from top gaming executives, developers, and analysts on what’s to come in the industry. Our theme this year is “The Battle Royal.” Check out full event details here, and grab your early-bird tickets here!

---

A hacker that goes by the name of TibitXimer claims to have hacked Verizon’s systems and stolen information for over three million Verizon Wireless customers months ago. The hacker only yesterday decided to publish the customer data, saying Verizon didn’t respond to a bug report. Verizon, however, is crying foul.

ZDNet reported the story yesterday, after the hacker posted information for around 300,000 customers on Pastebin and linked to the page on Twitter. This was a response to Verizon not fixing the security holes the hacker used to gain access to the information and subsequently reported to Verizon.

After the report spread, however Verizon quickly stepped in to say that the amount of accounts claimed to be compromised was exaggerated and that the hacker was spreading false information. TibitXimer turned around and revised the story, saying that the millions of accounts actually belong to Verizon FiOS customers, not Verizon Wireless. The Twitter account from which TibitXimer was making these new statements has since been suspended.

Verizon said in a statement:

The ZDNet story is inaccurate. This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported. We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.

Verizon further explained to VentureBeat that there was no hack, and no access to its systems gained. Instead, it says this was the result of information copied from a third-party marketer which had “made a mistake.”

TibitXimer voiced concern that the account would be shut down after a link was tweeted to the personal information. YourAnonNews was recently suspended after it tweeted a picture of sensitive information belonging to a Westboro Baptist Church leader.

Verizon FiOS image via erocsid/Flickr

Zooming in on November and December 2012 it’s not hard to spot when Thanksgiving 2012 happened. Fully 1/5 of the attacks that CloudFlare saw in November and December (so far) happened on the Thursday and Friday of Thanksgiving:

In the past we’ve seen drops in DDoS attacks on some holidays because the home and office machines used as bots in those attacks have been turned off. For example, this year we noticed a large drop in attack activity on Earth Day (when people are encouraged to switch off their machines to save the planet). But this year’s Thanksgiving attack statistics indicate that plenty of hacked machines were online through the holiday.

But what does this tell us about the coming Christmas holiday period? To answer that we can look back to December 2011. CloudFlare has DDoS data for December 11, 2011 to January 1, 2012 which shows two distinct peaks of attack activity: one just before Christmas and one just after.

So, if 2011 is a guide DDoS attackers will be taking a few days off over Christmas, but will be keeping the pressure on just before and immediately after. That’s probably not a surprise as some fo the attackers will be attempting to disrupt businesses during critical periods for pre- and post-Christmas sales.

Even though there’s a Christmas lull, that doesn’t mean that CloudFlare staff will be letting down their guard, however. We’ll be here working to ensure that whenever attacks arise and from whereever we’re ready to absorb and deflect them.

John Graham-Cumming is the lead programmer at CloudFlare, the content delivery and security network. Prior to CloudFlare he worked at a number of startups and created the award-winning POPFile email machine learning software. He knows way too much about GNU Make having self-published a book entitled GNU Make Unleashed. He joined CloudFlare to take on the task of ‘patching the Internet.’

photo credit: kevin dooley via photopin cc

---

Big Data and Predictive/Real-time Analytics startups: Are you looking to jumpstart development & accelerate market traction? Sign up for the SAP Startup Focus program to receive technology, support, resources and community to help you develop new applications on SAP HANA, a cutting edge database platform. Get started here, and enter promo code “VB2013″ on the form.

---

A group of hackers is claiming responsibility for a bug that’s infecting almost 9,000 Tumblr user accounts, according to the group’s official Twitter account.

The group, offensively named the GNAA (look up what the NSFW acronym stands for if you feel the need), says 8,600 Tumblr users have been affected by the hack, as shown on multiple Tumblr pages around the web. The hack produces a new post — presumably written by someone representing the GNAA group — that contains plenty of racists remarks and asks the Tumblr owner to commit suicide on the basis that they aren’t original. (I hate to point out the obvious here, but neither is hacking someone’s personal site to tell them they aren’t original.)

Tumblr issued the following statement about the situation to The Verge:

There is a viral post circulating on Tumblr which begins “Dearest ‘Tumblr’ users.” If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible. Thank you.

We’re reaching out to the company for further information and will update this post with anything new.

An Egyptian hacker claims to have broken into Adobe’s systems today, posting data for 150,000 people’s accounts. The reason? The hacker wants Adobe to pay more attention to reported vulnerabilities.

The hacker, known as Hima, says Adobe is too slow to respond to bug reports and that’s why it deserved to be hacked. Hima claims it takes five to seven days for Adobe to acknowledge a bug submission and three to four months for it to actually fix the problems. In the end, the hacker released 150,000 email addresses and passwords. These include Adobe employees, but also customers and partners, which may include members of the U.S. Military, Google, and NASA, according to the announcement Hima placed on Pastebin.

The New York Times notes that some of these email credentials are old, citing an employee named Ben Tauber who left the company in 2010, and the records are not in plain text but have been encrypted.

Hima suggests that companies should have security teams more like Google, instead of Microsoft or Yahoo. The hacker then promised a “hot leak” of Yahoo’s data soon to come. The purpose of this hack, according to the Pastebin announcement, was to get Adobe’s attention, not to “ruin Adobe’s business.” Hima promises to expose only email addresses of adobe.com, .mil, and .gov.

We have reached out to Adobe for comment and will update this post when we hear back.

Adobe image via midiman/Flickr

It seems that Kim Dotcom is already having problems with the next version of his Megaupload site, Me.ga.

Dotcom’s cloud service Megaupload was shut down back in January by U.S. and New Zealand authorities due to allegedly enabling copyright infringement. Last week he revealed plans to revamp the cloud locker service under the Me.ga domain name, citing that a .com domain would easily be seized by U.S. authorities without substantial proof of wrongdoing.

However, the Communications Minister of Gabon, the African country that operates the .ga top-level domain, said he has no intention of allowing Dotcom to use the country as a safe haven for copyright infringement violations and plans to suspend it, according to TorrentFreak.

And if that weren’t enough, a group of hackers calling themselves “Omega” have taken over the Me.ga domain and have threatened to sell it to Dotcom’s adversaries. The group said its members are “true pirates” and told TorrentFreak that Dotcom “is a megalomaniac with lawyers … here to take advantage of us all, the nobodies, (and) the artists he wants to profit from.”

Dotcom has stated that Me.ga will launch as planned using a backup domain, which hasn’t yet been revealed.

If you looked at a graph of denial of service attacks, you’d likely see a hockey stick of growth in 2011, according to research by DDOS-protection company Prolexic.

Denial of service attacks work by flooding a website with as much traffic as possible, eventually causing it to overload and shut itself down. It has become a favorite tactic among hacktivists, such as Anonymous, which have used DDOS attacks to take down websites such as the CIA’s and The Pirate Bay.

Prolexic says between the fourth quarter of 2009 and 2010, DDOS attacks increased eight percent. However, when the company looked at the fourth quarter of 2010 and 2011, there was a 153 percent uptick. Dramatic, no?

Prolexic also realized that hackers preferred to attack web applications in 2010, but now they’re targeting the actual infrastructure, the network, to take down a website. In 2011, the average DDOS attack lasted 80 hours, at 185,404 packets per second, according to Prolexic’s research.

This season, Prolexic is particularly concerned for online retailers — particularly those without physical locations. Minutes offline can definitely impact a business’ bottom line, especially as we come closer and closer to days like Black Friday and the holiday season in general.

The company also provides a “DDOS downtime cost calculator” that shows businesses how much one of these attack would cost them.

DDOS image via Shutterstock

Hackers compromised credit card readers at 63 Barnes & Noble stores, according to the company. The bookseller is urging customers to check their bank statements for fraudulent activity and to change their ATM pins.

According to the New York Times, the company found out about the breach on September 14 but refrained from alerting customers when the Justice Department asked it to keep mum. In all, around 7,000 credit card processors were taken out of Barnes & Noble stores to be studied for infections.

Barnes & Noble called the attack a “sophisticated criminal effort to steal credit card information.” It did assure customers, however, that its “customer database is secure” and that no purchases made online were sullied by the hack.

States affected include California, New York, Illinois, New Jersey, Florida, Pennsylvania, Massachusetts, Connecticut, and Rhode Island, according to a press release from Barnes & Noble. California was hit hardest with 20 infected stores, followed by Florida with 11, and New York with 10.

These stores currently do not have the separated credit card processors installed, the Times notes, but stores can still accept credit cards given the card readers built into its cash registers.

Barnes & Noble has not yet released how the hackers got into its credit card readers.

To see a full list of the hacked stores, go here.

Barnes & Noble image via grilled cheese/Flickr

Here’s more proof that even low-profile organizations are at risk for hacking. A Northwest Florida university revealed yesterday that the school’s servers had been hacked, revealing personally identifiable information for up to 300,000 students and employees, already resulting in identity theft.

According to CBS Miami, Northwest Florida State College’s database of students was tapped and watched for nearly four months. Hackers silently and slowly siphoned off sensitive information such as social security numbers, birthdays, names, and more. Specifically for employees of the university, direct deposit banking information was stolen alongside bank account numbers. This also included 200,000 profiles of “Bright Futures” students, a Florida-based scholarship program powered by the Florida Lottery.

The university released a statement saying the breach happened on May 21 through September 24. It also says it is in the process of reaching out to all of the affected students. Indeed, 50 people are already reporting issues with identity theft.

“If data is not protected, it’s going to be breached at some point,” said Mark Bower, vice president at Voltage Security, in an email. “Organizations can’t stop breaches by building walls around their IT systems, it has to be about the data. Make a breach useless and unattractive to even determined attackers by making the data they seek useless to them.”

Palm trees image via Shutterstock

Cybercriminals hacked into computers of the White House Military Office, the White House told Politico today. The breach is said to come from attackers in China.

The White House confirmed the hack on Sunday after conservative publication The Washington Free Beacon posted rumors of the incident.

According to Politico, a web site that covers politics and based in Washington, D.C., a White House spokesperson said the systems attacked were unclassified and that the White House does not believe any data was stolen from the machines. The spokesperson went on to say that the hackers did not attempt to breach any classified systems and that the original attack was “isolated.”

So, how do you get inside the White House’s computer systems? The same way many high-profile attacks happen: human error. The hackers used a phishing technique to dupe a White House employee into believing an e-mail or some other form of communication was legitimate. From there, phishers lure unsuspecting people through malicious links or to download attachments, which then open the door for hackers to install malware, steal personal information, or otherwise gain access to the system.

“The recently reported spear-phishing attack on the White House underscores the vulnerability factor of employees, even at the highest level of the U.S. government, to fall for these types of targeted attacks,” said Aaron Higbee, cofounder of spear-phishing avoidance training program PhishMe, in an e-mail to VentureBeat. “But as we have seen time and time again, these attacks use the social engineering tactics of fear, curiosity, and urgency to lure users to open attachments, click URL’s or provide sensitive data to criminals – truly, they are geared to help criminals establish an undetected presence within the White House network.”

Whether the attackers set up backdoors or other ways to reenter the system is unknown.

White House image via Tom Lohdan/Flickr

You know what a $5 foot-long is, but have you ever heard of a $10 million foot-long? Two Romanian hackers admitted today to stealing $10 million by hacking into U.S. Subway sandwich chains’ point of sale systems.

According to Ars Technica, Iulian Dolan and Cezar Iulian Butu hacked Subway and sustained the data-stealing operation over two years, 2009 to 2011. The two gave their pleas to the U.S. District Court in New Hampshire Monday. Specifically, Dolan plead guilty to conspiracy to commit computer fraud and two counts of conspiracy to commit credit card fraud. His job in the heist was to look for Subway POS systems and hack into them for Adrian-Tiberiu Opera, who led the operation.

Butu admitted to only one count of conspiracy to commit credit card fraud.

After they located the systems, Dolan installed a key logger, or program that watches for any activity on the system or device and records that action. In the case of a POS, this meant the hackers were siphoning off data from every credit card swipe and pin entry in over 150 Subway sandwich shops. Over 6,000 people were affected by the hack.

In a separate incident, Australian law enforcement blamed those involved with the Subway hack for a hack on point of sale systems in the country. Police wouldn’t disclose the name of the business due to the ongoing investigation but pointed to the Romanians as potential suspects.

Dolan is sentenced to seven years in jail; Butu will spend 21 months in jail.

via Ars Technica; Subway image via pat00139/Flickr

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

AntiSec has your number — literally.

The hacker group today leaked a database of 1 million Apple Unique Device Identifiers (UDID), which it says was snatched from an FBI-owned laptop breached via a Java vulnerability.

While Unique Device Identifiers can’t be used for very much alone, AntiSec says it also has access to information like usernames, phone numbers, and addresses. And, if true, that could be a big problem.

In all, AntiSec claims it’s got its hands on 12 million UDIDs but did not leak the majority of them. “We decided a million would be enough to release,” the group said in a post accompanying the data.

The hackers say they leaked the information in order to draw attention to the FBI, which the group claims has used the data to track U.S. citizens.

Curious to see if your UDID is a part of the leak? The Next Web has created a tool to allow iOS users to search the leaked database. But it’s important to note that even if your device isn’t listed in this batch, it could still be among the remaning 11 million.

We’ve reached out to Apple for comment and will update when the company responds.

Twenty-year-old Raynaldo Rivera may spend the next 15 years of his life in jail if he is found guilty of hacking into Sony Pictures. The FBI arrested the alleged LulzSec hacker in Arizona yesterday.

Though LulzSec has disbanded since its “50 days of Lulz,” or the 50 days in which the group wrecked hacking havoc on a number of sites, including Sony, the FBI is still rounding up its members. According to CNET, Rivera faces charges of conspiracy and unauthorized impairment of a protected computer for allegedly hacking into the computer systems of Sony Pictures in 2011.

Anonymous hacked into Sony’s PlayStation Network servers in April 2011, stealing a large number of players’ personal information. Reacting to the hack, Sony took down PSN for 24 days, meaning customers were unable to play their games online or access the network’s community for nearly a month. As a result, Sony was not only slapped with a lawsuit, but Lulzsec then turned its eyes toward Sony Pictures.

LulzSec and Anonymous are two different hacking entities with different goals. LulzSec has since dissolved, whereas Anonymous continues hacking, often for political reasons.

At the time, LulzSec said it compromised sensitive information of around 1 million SonyPictures.com users and also published instructions on how to also hack the website and “plunder those 3.5 million music coupons while they can.”

The hackers also reveleaed that the data they stole using a SQL injection attack was unencrypted — an embarrassing point for Sony, which presumably should have known to encrypt its user data after the PSN hack.

As CNET notes, the first Lulzsec member associated with the Sony Pictures hack was arrested in Arizona by the FBI in September 2011. Cody Kretsinger of Pheonix was indicted then for the same charges that Rivera faces.

via CNET; LulzSec image via openfly/Flickr

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

While dedicated hackers can be an annoyance to companies like Apple, they can sometimes be helpful when it comes to digging up potentially devastating  security vulnerabilities.

That’s certainly the case this morning, as Pod2G, a French iOS hacker/security researcher known for discovering jailbreaking techniques, has revealed an SMS spoofing flaw that affects every version of Apple’s mobile OS. Using the flaw, hackers could spoof their identities via text and send messages asking for private information (by pretending to be from a users’ bank, for example), or direct users to phishing sites.

As Pod2g explains it, an SMS text message is converted to Protocol Description Unit (PDU) when sent from a phone, a dense protocol that also handles things like voice mail alerts and emergency medical systems. If a hacker was able to send a message in raw PDU format, they could take advantage of the User Data Header section to alter the reply number for a text.

If properly implemented, you should see both the original texting address and the altered reply number. But on the iPhone, you only see the altered reply number. For whatever reason, the original sender gets hidden. The flaw only relates to texts on the iPhone, and not messages sent through Apple’s iMessage network (those don’t hit the SMS protocol at all).

Pod2G said he’ll be releasing an iPhone tool for raw PDU messaging soon, which should prove his findings. He thinks other security researchers are already aware of the SMS flaw, and he’s worried that hackers have caught wind as well.

We’ve asked Apple for further comment on this exploit, and we’ll report when we hear back.

Apple last year knocked security researcher Charlie Miller out of its developer program after he discovered a flaw allowing unapproved code to run in iOS.

Photo: Devindra Hardawar/VentureBeat

Wired writer Mat Honan got hacked over the weekend and lost almost everything.

His MacBook, iPad, and iPhone were all linked to Apple’s iCloud, and the hackers used that service to wipe everything on all three devices, including all the photos he’d taken of his one-year-old daughter. They also got into Honan’s Gmail account (they deleted it), his Twitter account, and Gizmodo’s Twitter account. On the latter two, the hackers posted a string of racist and homophobic messages.

Honan has described the hack in remarkable detail. He learned how it was done in the course of a long conversation with one of his hackers, who revealed many of the secrets.

The details show that the hack was only possible thanks to an appalling lack of security in iCloud — and a correspondingly bad security process at Amazon.com.

While people like Apple founder Steve Wozniak may point to this episode as an example of how our cloud-based future is going to create “horrible problems” — when everything is connected, hackers can get access to everything — the episode actually contains a few more specific lessons.

You need two-factor authentication

Cloud-based services need two-factor authentication so that a password alone is not enough to unlock your account. And you need to use it, when it’s available.

Google offers a particularly good implementation, in which you have to enter a passcode sent to your phone before you can log in on a new, untrusted computer. (Even more securely, you can install Google’s Authenticator app on your phone and let that generate the codes you enter.) A would-be hacker can only get access to your account if they know your password and have access to this code, which in most cases would require having possession of your phone. (And you did remember to set a lock code on your phone in case you lose it, right?) A well-implemented two-factor authentication process is very difficult to bypass.

“Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter,” Honan wrote. “Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. “

Apple needs to get its act together

Apple needs to offer two-factor authentication for its services, and it needs to close a gaping hole in its password recovery process. Until it does, you should not use iCloud.

Currently, the only protection offered for iCloud is a password. If you’re using iCloud, make sure it’s a secure password, not some short, stupid password. Remember, this is protecting your entire digital life (or at least, that portion of it that you’ve trusted to Mac products that work with iCloud).

Even worse, it’s trivially easy for a hacker to bypass the iCloud password. All he or she has to do is call up Apple tech support and provide the account’s email address, a billing address, and the last four digits of a credit card on file. Honan verified this twice over the weekend in calls with Apple tech support and was able to repeat the exploit in the Wired offices.

You absolutely should not use iCloud with the “Find My Mac” feature, which includes a remote-wipe capability. That might make sense for your phone, but how likely is it that you’re going to misplace your MacBook? Using this feature merely opens your computer up to a hack, the risk of which is worse than the risk of losing your MacBook in the first place.

Amazon needs to get its act together

The hackers got access to Honan’s Amazon account through an almost ridiculously easy process, which Honan describes in his article. Basically, all you need is the account holder’s name, email address, and billing address — all easily available information for many people.

Once in, Amazon’s interface let them see the last four digits of all the credit cards on file. One of those was the card Honan used with his iCloud account, which then let the hackers unlock iCloud.

“In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification,” Honan wrote. He continues:

“The disconnect exposes flaws in data management policies endemic to the entire technology industry and points to a looming nightmare as we enter the era of cloud computing and connected devices.”

Honan is right: The lack of consistent security policies across cloud-based services, and the corresponding tight connections between many of them, open up a host of vulnerabilities. He wasn’t the only one victimized by this exploit: He notes that he’s spoken with other people who have been hacked the same way.

More problems like this are surely coming. Cloud providers’ readiness is very poor, security executive David DeWalt told me recently. But before you blame “the cloud” for these security flaws, remember that the flaws are traceable to specific companies’ security policies.

The industry needs to take this issue seriously, or all cloud services — and the people using them — will suffer.

Photo credit: Mat Honan via photo pin

Two computer-savvy medical students, who noted they were not doctors, gave the presentation at the Defcon hacker conference on Saturday. Christian “Quaddi” Dameff and Jeff “Replicant” Tully (pictured below right and at bottom) said that the day is not so distant when we will be able to “mod” our organic bodies with inorganic mechanical and electronic materials that enhance our augment our basic abilities. They refer to the coming era of human augmentation as “transhumanism.” The subject, which they illustrated with the above picture of actress Megan Fox of Transformers fame, is a controversial one that brings up questions of ethics of technologists who can make the worlds of sci-fi movies such as Blade Runner, where “replicant” cyborgs imitate humans, come to life.

Human enhancement has had a long history, since study of human prosthetics began in the 1500s. The first artificial heart was surgically inserted into a human in 1982.Gene therapy augmentations began in 1990. The first 3D nano structure was created in 1991. In the 1990s, microprocessor-controlled knees arrived.By 2008, the Olympic Committee had to consider and reject a race entrant who had artificial legs.

Drugs such as Adderal can be used to enhance human concentration and treat conditions such as attention deficit disorder. But the potential for abuse is huge. And if you consider the idea that the “mods” in our bodies will be hackable, it’s important to think about all the

Nanobots are more conceptual, though they have taken baby steps in the lab, Tully said. In the not so different future, doctors will be able to create artificial legs that are more efficient at kinetic energy use and are therefore better than the real thing.But the value of a mod has to outweigh the pain the occurs when putting it in. In 2004, a Verichip ID was approved by the FDA to be put into the human body was a radio frequency identification chip. The RFID chip had to be pulled off the market.

“You’ll be able to jump feet,” Dameff (pictured below, left) said. “Will you want to replace your legs to do that?”

Gene therapy in the future will let us “change who we are as a species and rewrite our genetic code,” Tully said.

Over time, more “bio-compatible” materials will be created that the body won’t try to reject, Tully said. These things include titanium chromium, nickel and other kinds of metals. Polymers include polyethylene and others. Infections can be very dangerous.

“What we want to avoid is unleashing the immune system on our mod,” Dameff said.

Just putting something in your body is not simple. The body can reject foreign bodies with great efficiency.  You have to be able to insert the mod in the right location.

“The harder it is to put in a mod, the harder it is to remove,” Dameff said. “Some mods you’ll never be able to take out.”

Putting electrodes in your ears can improve hearing. Cavities like the middle ear can more easily accommodate foreign bodies like cochlear implants, which restore hearing in deaf people. (The first surgery was done in 1984).A microphone picks up sound, filters it, sends the signal over FM radio to the transmission coil and that is sent to the brain.

Putting mods below the skin is relatively easy. But putting things in the thoracic or abdominal areas are more serious.

Connecting a mod to the brain is “one of the most difficult tasks ahead in human augmentation,” Tully said. Modders also have to figure out how to get electrical power to a mod via batteries.

“On top of that all, we know it’s going to be really expensive,” Dameff said.

A pacemaker or hip replacement costs more than $22,000. Lowering costs through open standards and open source remains mportant. Some of the work on this subject has been explored by Humanity Plus and the Singularity Institute.

[Image credits: cyborg Megan Fox; Dean Takahashi]

That’s the view of Chris Anderson (pictured), editor of Wired magazine and a drone hobbyist and businessman on the side. He spoke about this DIY trend and his own efforts to lead it in a talk at the Defcon hacker conference in Las Vegas today.

Anderson said the whole project is “open sourcing the military industrial complex.” Drones have been the domain of the U.S. military, which has created huge awareness about drones such as the Predator and the Reaper by using them against terrorist targets in a variety of areas where troops can’t go. Those drones cost millions of dollars, but the DIY drone business is focused on created ubiquitous drones that cost tens of dollars.

Anderson’s interest started five years ago as he sought ways to get his kids interested in science. He got them to make robots with Lego Mindstorms robot kits, but their interest didn’t last. Then he tried to get them to fly a remote-controlled airplane, which ended up stuck in a tree. The kids lost interest. But the idea of combining the DIY nature of the robot and the airplane sent Anderson “straight down the rabbit hole,” he said. Then he created the first Lego unmanned aerial vehicle (UAV), or drone.

His interest in drones led to a web site called DIY Drones, which has blossomed into a community of 30,000 registered members. The site gets 1.4 million page views a month, has 6,000 blog posts, 8,000 discussion threads, and 80,000 comments a year. Anderson has marshaled that community to create open-source software for all sorts of drones. And Anderson co-founded a for-profit company, 3D Robotics, (with a 19-year-old Mexican teen) that creates computing hardware for drones. That hardware itself is built on the Arduino open-source computing platform. The DIY software helps hobbyists create a wide variety of drones, like a drone you can fly with a Wii game console controller.

That hardware can be used to build all sorts of drones, such as “quad copter” drones based on the hardware of the Parrot AR Drone. The Parrot drones are controlled by humans, but the 3D Robotics hardware converts them so they can be completely autonomous, fulfilling the definition of a drone.

3D Robotics sells the drone hardware for $199 or so, enabling community members to take their software and run it on a hardware platform and thereby field their own flying drones.

“Anything that is remote-controlled, you just put this in there and suddenly you’ve got a drone,” Anderson said.

There are some legal issues around drones and whether they can be flown in commercial airspace, but Anderson said he has a legal opinion from lawyers that the business is legal, since the DIY drones are so far used for non-commercial purposes.

The drones have gotten quite creative. You can go surfing and have a drone take off from the beach, fly over you, turn on its camera and then film you from above as you surf.

The hardware is priced at about 2.6 times the hardware bill-of-material cost, allowing a 40 percent margin for retailers and a 40-percent margin for the company. But since the software is free, the end product can be quite cost efficient compared to competitors who have to try to keep pace with an all-volunteer software community, Anderson said. That means that Chinese knock-off rivals can copy the hardware but will have a tough time keeping up with 3D Robotics as it launches new software-driven varieties. Right now, the company offers 150 different products, including 75 from the community.

“They can’t clone our community,” he said.

The company has two factories and 50 employees now. In addition, 3D Robotics rewards its community contributors with T-shirts, coffee mugs, free travel, free hardware, and — if they contribute enough — equity in the company. All of the drones are under $1,000. Competitors include other open-source DIY communities where the model is similar: charge for hardware, give away the bits.

Drones still have a lot of room to improve before they become mainstream toys for more consumers, especially those who would never pick up a soldering iron to assemble a product.

“In two years, we have begun disrupting a multimillion-dollar industry with the open-source model,” Anderson said. “We can deliver 90 percent of the performance of military drones at 1 percent of the price.”

Of course, at least so far, the hackers aren’t “weaponizing” the drones.

July 9-10, 2013
San Francisco, CA

Early Bird Tickets on Sale

Apple is closing in on a Russian hacker giving people a way to steal in-app purchases. But while the company has issued take down notices and blocked his server access, he still has found a way to stay in business.

According to The Next Web, Apple has sent out a number of take-down requests for content associated with Alexey V. Borodin, known by his YouTube account name ZonD80. The issue arose Friday when the YouTube video surfaced showing iOS users how to avoid paying for in-app purchases. The hack worked on iOS versions 3.0 and up, on any of the iOS devices that could run those versions. In the video he used an iPhone 4S running iOS 6. Borodin explained that you only need to install two security certificates as well as change your DNS settings and you’d be set to steal in-app purchases.

Apple is now obviously targeting Borodin, and recently requested the Internet service provider shut down his website In-App.com, which served as a way for him to solicit donations. Apple blocked Borodin’s IP address so that he can no longer access Apple’s servers as well.

Apple also targeted his YouTube video, which explains the hack and how to install it. The video now says, “‘In-App.com Get in-app…’ This video is no longer available due to a copyright claim by Apple, Inc.” when you try to play it. However, Borodin has published a second video titled, “Reply to Apple. In-app purchases are still free and require no jailbreak.”

In the video, Borodin takes a slight poke at Apple. When you go to “buy” (read: steal) and in-app purchase, a push notification (see above image) used to say, “If you like in-app proxy click like button!” Now it says, “You want to love Apple, don’t you?”

The Next Web notes, however, that despite the shut downs and Apple blocking his IP, Borodin is still processing free in-app purchases. He has allegedly moved his operation to an international server — outside of Russia — in order to throw Apple off his scent. Borodin has also figured out a way to process the transactions without having to access the App store, and forces users to sign out of their iTunes accounts so there are no tracks between him and Apple.

At the time, Apple spokesperson Natalie Harrison told VentureBeat, “The security of the app store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating.”

Beyond stealing from Apple and its developers, however, finding a way around paying for in-app purchases is taking away some of the lifeblood of free-to-play apps. That is, many free-app developers rely on advertising and in-app purchases revenue to run their business. Having one of those taken away would undoubtedly severely affect that company’s P&L.

via The Next Web

A team from the University of Texas at Austin showed Homeland Security just how detrimental GPS spoofing can be to our drones program. The group hacked a school-owned drone using a cheap, home-made spoofing tool.

With Homeland Security officials standing by, the team confused a hovering drone from nearly a mile away using GPS spoofing. GPS spoofing is the act of hacking into a GPS system and tricking it into believing it’s somewhere it’s not. From here, a hacker could provide new coordinates for the drone to follow and eventually ground the aerial vehicle in their desired location. While the process seems complicated, Professor Todd Humphreys from the University of Texas at Austin created a spoofer for less than $1,000 that could execute the necessary instructions.

“In 5 or 10 years you have 30,000 drones in the airspace,” Humphreys told Fox News. “Each one of these could be a potential missile used against us.”

The spoofer convinces the target drone into believing all the information it is being fed is legitimate — that nothing is unusual. He then is able to change the drone’s course to his liking.

In 2011, Iran captured a U.S. drone. It was believed that engineers in the country had detected the drone and used GPS spoofing to bring it down. At the time, the American Civil Liberties Union called for more restrictions on drone usage in U.S. airspace, as many begin to fear how these drones could turn on us.

via Fox News; Drone image via AN HONORABLE GERMAN/Flickr

The U.S. Federal Bureau of Investigation arrest 24 hackers today, in a string of cyber crime that could have cost victims $205 million.

According to Reuters, the FBI was able to find the hackers after creating a forum called Carders Profit in 2010. The website acted as a black market for selling personal data such as hot credit card credentials. The agency prevented the sale of over 411,000 credit and debit card numbers. Of the 24 hackers arrested, 11 were from the United States. All those arrested were male between the ages of 18 to 25.

One of the arrested hackers named Mir Islam, is said to be a part of a new cyber criminal group UGNazi. Islam, who is otherwise known as JoshTheGod, shows up on the UGNazi Twitter account as one of the more prominent contributors. The group recently claimed to have taken Twitter down last week. The social network, along with its content manager Tweetdeck, went down around 9 am Pacific time on June 21, and was quickly returned to life about an hour later. The company denied the hacking and blamed its downtime on, “a cascaded bug in one of our infrastructure components.”

Islam is accused of offering to sell over 50,000 stolen credit card numbers.

via Reuters

Incubators are like belly buttons: Everybody’s got one.

Or so it seems from where we sit in San Francisco, where if one throws a rock in certain neighborhoods, one is sure to hit an incubator or accelerator or at least a hackathon.

As a result, we tend not to get too worked up about incubators anymore, but every so often, we come across one with sterling provenance or a particularly unique premise.

nReduce is both of those. The program comes from the gigantic brain of Ruby on Rails demigod Jacques Crocker, and he started off by throwing a hand grenade at the hornet’s nest that is Y Combinator. Crocker originally named his program “N Combinator” and claimed it would be nothing more or less than an open-source Y Combinator.

Of course, the initial announcement of “N Combinator” on the Y Combinator-affiliated aggregation site Hacker News caused a significant poo-storm. After that died down (and Crocker & Co. amiably agreed to change their program’s name), we caught up with the Rails Jedi himself to talk about why incubators needed an open-source approach and exactly how his program, which begins next week, will work.

VentureBeat:So, clearly this is a spin on Y Combinator. Why did you think Y Combinator needed an overhaul?

Jacques Crocker: Everyone on our team [which now includes designer Joe Mellin, marketing expert Paul Eikelenboom, and developer Scott Robertson] is a huge Paul Graham and YCombinator fan. We have the utmost respect for the program.

However the demand for Y Combinator has far outstripped supply. There’s plenty of amazing teams that are either being rejected from YC or don’t fit in the narrow guidelines of a YC company. But they could use some of the energy that comes from a group of startups coming together and working together over a short period. We think there’s an opportunity for startups to band together to build something that rivals YC in scope and one that produces startups of the equal or better quality.

VB: So what does nReduce have in common with Y Combinator?

JC: We’ve taken as much inspiration as we can from the structure of YC. It runs during the same time period, and every week our companies will meet up for Tuesday dinners.

We’ll use these dinners to collaborate, demo, and share our learnings with each other over the past week. We’ll also use these meetings to just talk, drink, relax, and let off some steam.

The second week is prototype day where each team is required to put together something to show the other startups what they are building, and to encourage people to ship something to customers as early as possible.

Like YC, our program will be very difficult. Only the teams that fully immerse themselves and commit to making progress every single week will survive until the end.

Near the end of the program, we’ll put together a demo day which is an opportunity to put together the best two-minute pitch for each startup. We’ll do everything we can to bring in top-notch investors and press to cover us, with the goal of having our startups that outshine even the best that YC can come up with.

VB: What are your criteria for individuals and teams that want to join you?

JC: nReduce does not believe in artificial barriers. We accept any team that can reasonably say they’ll be able to develop and ship every week. We expect many to apply, and no one who really wants to be in the program will be declined.

Any true test of an incubator shouldn’t be about getting in. As with real startups, the test is actually executing. Our startups are required to make progress every week and report their learnings. Every Tuesday each team has to check in with their product progress, and what they’ve learned from customers (or users).

Startups who miss checking in or are obviously not progressing will be dropped from the program. The end group of startups who survive and get to demo day will consist purely of the teams who can ship and build traction.

VB: What’s the process going to be like? Take me through a typical week, as you envision it at the outset.

JC: A typical week for our team (as a participating startup) will be 100 percent focused on our startup and product. We’ll use each Tuesday deadline to motivate us to ship product updates to customers, and learning from our users what they love, and what they hate. We’ll then share these findings with the group.

The online discussion forum will be active with people sharing their discoveries, metrics, and challenges with building and marketing their products.

On Tuesday evenings, we’ll meet up with other startups in downtown SF (other clusters will also form in other startup hubs). In San Francisco each week, we’ll try to bring in a guest speaker who will give a quick talk for 15 minutes and just hang out with us and chat for a while.

VB: You talk about open-sourcing the incubator/accelerator process. Are you actually requiring everyone to open source their code? Or is it more that each team open sources its knowledge to the other teams?

JC: We’re open sourcing the process of bringing startups together and hopefully achieving a better rate of success than individually. Our goal is to test and iterate on this process all summer so that the end result is a repeatable way to bring together any group of startups (large or small), have an effective way to share information, motivate each other, and use the group to generate more interest and attention from the outside world (investors/press/customers) and any one of the startups would have been able to generate on their own.

VB: How has the community responded so far?

JC: We’ve had really amazing feedback so far. A handful of people have stepped up and offered to help organize and moderate the group. The original YC thread that was up for about an hour had 91 comments (a second thread generated 48 more comments). People gave us the usual flack for our hipster, goofy design and ninja icons (which we expected). But overall people were generally positive and encouraging of the idea.

We have over 250 teams registered and 2,000 signups already (startups, mentors, spectators) from just our limited exposure so far. We believe this shows a large demand and interest in our program.

So far received several people emailing with interest to syndicate or extend our model to other cities and locations. We’re happy to encourage this and are working through details for what it will look like.

VB: We just covered a “pre-incubator” earlier this month — is tech culture getting too startup-centric? Is there still value in actually working for someone else, or is everyone going to be a founder for 15 minutes?

JC: I personally think every engineer should be involved in his own startup at some point in his/her life. It gives techies much greater respect for the entire team required for a startup to succeed (including the “biz guys”).

We hope it’s win/win. The more startups out there, the more chances we have for breakout successes that will generate jobs. Founders of startups that fail will be better early employees and have greater respect for the founders of the companies they join. They’ll have gone through the process personally and realize how hard it actually is to build a team, raise money, and create something people want.

Image courtesy of olly, Shutterstock

---

Big Data and Predictive/Real-time Analytics startups: Are you looking to jumpstart development & accelerate market traction? Sign up for the SAP Startup Focus program to receive technology, support, resources and community to help you develop new applications on SAP HANA, a cutting edge database platform. Get started here, and enter promo code “VB2013″ on the form.

---

Looks like it’s not just the newspapers snooping on UK citizens. The government itself has reported internal breaches, according to information released in a Freedom of Information request.

Over 1,000 breaches of personal information have occurred in the last year due to rogue civil servants accessing the data without permission, says ZDNet. These employees gain access to personal information, despite a lengthy vetting process giving them the permissible access in the first place. These employees came from the UK’s Department for Work and Pensions and The Department for Health. Only the Department for Work says it properly recorded breaches made, and revealed in 2011 there were around 1,000 civil servants punished for wrongful access to personal information. The latter says it did not record all the breaches, though it did record at least 150 of them.

Many of the security concerns we hear about are from external groups, such as Anonymous, other governments, and hackers working independently. They spread malware, take websites down, deface them, steal personally identifiable information and more. What people don’t realize is that these guys are the modern bank robbers. Just about anyone with access to a wealth of personally identifiable information has the opportunity to make a lot of money selling that data on the black markets. Indeed, while “hacktivists” and online protesting breaches have gotten much of the attention, hacking is still a financially lucrative game.

Companies and governments alike still need to realize that many hacks can come from within. ZDNet notes that those who do expose or illegally access personally identifiable information could be subject to a fine as expensive as $7,900. Whether or not those involved in the breaches have been fined is unknown.

via ZDNet, Tower Bridge image via Shutterstock

Eager content-deprived pirates were flummoxed on Wednesday by the news that The Pirate Bay had been taken offline by a massive distributed denial of service (DDoS) attack.

While suspicions were almost immediately leveled at the hacktivist group Anonymous, The Pirate Bay quickly denied the group’s involvement.

But one decidedly anti-Pirate Bay hacker named “Nyre” who is taking responsibility, ZDNet reports.

“The Pirate Bay was a press-release website for Anonymous, then I had a idea, why not take it down? Why not make it impossible for Anonymous?” Nyre said in a post on PasteBin titled “The Reason“.  (Nyre, was, of course, slightly off-base with his assessment. The Pirate Bay and Anonymous aren’t exactly allies, having disagreed on a variety of fronts.)

Nyre initially said his intention was to keep the site down for a week, but the hacker didn’t quite meet his ambitions.

So, to recap: The Pirate Bay wasn’t taken down by Anonymous. It was, however, taken down by a rogue former agent of Anonymous, who now hates Anonymous and Pirate Bay equally, more or less. It’s a narrative that James Bond creator Ian Flemming would be proud of.

As for The Pirate Bay itself, the site is celebrating its return with a special phoenix-themed home page. Let the piracy re-commence.

Hacker photo via Shutterstock