Friday

Security Chief Hacks the Lotto

Over the years, I've written about many cyber-crimes in this blog and there's always one recurring theme that always occurs to me.  It is that although it's incredibly easy nowadays to profit from all sorts of cyber based crimes, it's still very difficult to actually get away with it.  In fact it's the same with any sort of illicit cyber activity, it's not hard to bring down even a large web site with a DDOS attack, to hack  and steal a few files or even just empty someone's paypal account but not getting caught is much more challenging.

The criminal opportunities are endless, if you work in IT you'll likely see them all around you.  Of course most of us are basically honest but we also recognise that it's very easy to get caught doing something we shouldn't and very hard to stay anonymous.   The fact is that everything we do leaves some sort of trail back to us, systems, computers and applications log all sorts of information every time they are used it's usually quite simplistic to trace a digital transaction back to the computer it originated from.

Yet it still doesn't stop people and indeed it didn't stop 52 year old Eddie Tipton either who has hit the BBC news this week. Eddie was the head of IT security at the Multi-State Lottery which runs loads of lotteries across the US.   His chief role was to protect the lottery computers which were used to draw the winning numbers.  However he didn't do that and actually installed a root kit on those computers allowing him to calculate the winning numbers of the next Iowa Hot Lotto lottery.

This is all quite easy for a Head of IT Security to achieve, but you can see the problem though, can't you? How does the Head of IT security claim the lottery prize, after he's stolen the numbers?  Well first of all he's got to buy the winning ticket, surrounded by CCTV cameras.

This is the video evidence that was circulated by the crime investigation authorities trying to identify the person who bought the suspicious ticket. This brought Tipton's name into the investigation as a co-worker recognized him from the video. He then defended himself by saying he was in Texas at the time of this purchase, although his cell phone records told a different story. The reality is that as soon as suspicion was on Tipton he was doomed. He was only one of five people with security clearance to the lottery computer, CCTV picked him up entering the room before the draw was made, the cameras were modified to record selectively.

I'm certain digital forensics from laptops, the servers and other computers all would incriminate him too even if he was careful and used proxies. Of course he also had the rather daunting prospect of trying to actually claim the prize without implicating himself, something he attempted through a network of lawyers. This was something he also never managed to achieve, and was arrested for Fraud shortly after.

He now waits for sentencing in a Iowa jail and could face up to ten years in jail. Although it demonstrates how difficult it is to hide your tracks in these situation, it also highlights how easy it is to attempt these crimes. The dangers are usually from insiders or with specific knowledge of a system. It is likely that no-one would have ever noticed that the lottery numbers were being manipulated though if he hadn't tried to claim the jackpot!

Monday

Game Hacker - Suffers the Ultimate Penalty

If like me, you still enjoy computer games but often struggle to compete with more youthful, aggressive players who often will happily cheat to improve their online character - then you should enjoy this story.

It comes from a MMORPG game called Guild Wars 2 which is one of the more popular fantasy roleplaying games.   In this game there was a player who had built up a character called Darkside, who was harassing other players and basically being a huge pain throughout the online world.   Unfortunately the character was also ultra powerful, building up lots of abilities and equipment through a series of hacks designed to exploit the games.  Darkside was virtually impossible to kill, he could wipe out other players easily and had even the ability to teleport.

Some attempts were made to deal with Darkside by other players, however it appears he was just too powerful, so the players gathered evidence and submitted it to the Guild Wars security team.
After a quick investigation, the character was deemed guilty and the sentence was carried out. You can see what the moderator did to Darkside in this video. Which was basically strip the character in game, kill him and then delete all his other accounts. The final act was to ban the user from setting up any other accounts, effectively blocking him from the game forever. 

However this last bit is unlikely to be that successful as the only real method for doing this is to block IP addresses which are easily changed either by switching ISP or using a proxy like this. This though would probably seriously deter many people.

Notwithstanding the public humiliation (1 million views on Youtube!), even with the hacks characters like these would probably take thousands of hours to develop. The reality is that it can take years to create but a digital character can be destroyed in two seconds. Certainly made me laugh and I think some sort of regular event should be considered..

Anonymous Surfing Tips - Deleting Your Google Search History

Have you ever watched one of those crime dramas, where the investigators check through the suspects search history when trying to prove them guilty.   They'll notice that the local priest has spent the last  three weeks googling poisons and then sweep round to his house while he's concocting a vat of cyanide?   It's sounds great doesn't it, and indeed it is when everything is completely straight forward and scripted.

Yet if you looked through say a couple of years of anyone's search history, there's probably a high chance you could find at least suspicious or incriminating.  It's simply the case, that we Google all sorts of things that pop into our heads, often in my case after a long day and with a large drink in my hand.   I know for a fact if you pick specific days in my search history, I'll look very much like an undercover terrorist researching my latest target.  What's actually happened is I've probably had a few too many whilst reading an article on some horrible atrocity somewhere and started aimlessly browsing the subject of terrorism.

It's a very simple example but a white, slightly tipsy, curious  40 year old  agnostic male can look very  much like a 20 year old religious fundamentalist with a death wish if you look at their search history out of context. Remember the internet is stuffed full of our history in all sorts of places, including our search histories.

So how can we retain some our privacy?

Well using encryption is obviously a big step, without using something like Identity Cloaker you'll always leave a complete record of everything you do online.  However what about the past? Can you imagine the sort of information a company like Facebook or Google has gathered on us over the years?  Well fortunately there is a way to rectify this too, at least with regards your Google Search History - thanks to a brand new feature they've introduced.

First Let's Review All the Information That Google has About You.

First you need to start here - Google History Page

Then click the gear icon


 And Select Download from the Drop Down Menu

Then you'll be presented with this warning -


Just select create archive and you can download all your Google Search history.  Obviously as the warning highlights you should be very careful where you download this and where you store it!   You can then browse everything that you have searched for online using Google - it can be quite interesting!

In the next post, I'll show you how to remove all this history from Google's servers. Note this not the same as simply removing the history from your local browser.

Saturday

BBC Iplayer Abroad - Watching the BBC Outside the UK ?

I travel a lot and when away there are two main Internet sites that cheer me up without fail - BBC IPlayer and Pandora. Unfortunately it can be difficult to both watch BBC iPlayer abroad and Pandora outside the US are actually quite tricky because they will only work with a UK or US workstation respectively.

Fortunately because I always surf through a secure proxy on the Identity Cloaker network, this doesn't really matter to me as my location is defined by whichever proxy I am surfing through. So I simply select a UK server for watching BBC IPlayer abroad.

Identity Cloaker is the most sophisticated security software on the internet, it allows you to surf completely protected via a network of private proxies across the planet. These are fast, secure properly run proxy servers not the free slow ones infested with viruses that people normally try to use !! You might have also seen the dedicated VPN and proxy servers promoted to watch the BBC abroad or other online TV stations - they are very often simply a single server set up quickly.  Why? Simply because when the BBC legal department threaten them (which they usually do), they end up disappearing suddenly.

So when I am in Turkey and want to watch  - I simply connect via a UK proxy and watch BBC Iplayer, if I want to listen to Pandora outside the US I just select one of the US proxies. It doesn't matter where I am as long as I have a working internet connection, because it's encrypted I can watch from anywhere.  The same goes for a TV channels in lots of other countries as they have Australian, Canadian, German, French, Irish and a host of other proxies in addition to the huge number of UK servers.

Anyway I have made this rather bad video to illustrate how I access the BBC Iplayer abroad. I'm afraid I don't do the ease of this any justice with my video though, the best thing about the Identity Cloaker to access these programs is the huge choice of proxies and their speed. If you've ever tried using Iplayer through a free proxy you'll realise how painful it can be.

Using BBC Iplayer Abroad


I've never used the video software before so apologies for the amateurish video editing. I just wanted to make sure people were able to see how easy it is to use this security software. There are dedicated services for just watching BBC Iplayer that cost well over twice the price of Identity Cloaker, they offer just a single proxy server to do this - Identity cloaker has proxies all over the planet and dedicated software to control and protect your connection, from an icon in your taskbar.

It takes a minute or so to install and then you just point and click.

*** You can actually watch BBC Iplayer on your TV through most gaming consoles now, the Wii works great with Identity Cloaker straight onto your TV, read my post here Wii Iplayer ***

*** Identity Cloaker also now has a facility to turn off encryption, you can use this to speed up video streaming such BBC Iplayer from the UK Proxies ***

It is actually a fundamental point of using a proxy abroad, your IP address defines who you are and what you can see. So if you surf via a UK proxy this is how any web server you visit will see you also exactly the same as a UK Internet surfer. Because Identity Cloaker has fast proxies in lots of other countries you can use it to access similar restricted broadcasts in Sweden, Germany, France, Canada, US and many others. If you like music try Pandora for an awesome US only radio station - just select the right countries proxy and you'll be away.

Of course you can use this method by using a free proxy but most are unsuitable for watching videos from BBC Iplayer outside the UK as they are so slow, but PLEASE remove the proxy before you start doing any other surfing remember free proxies are mostly hacked servers and your details are not safe being passed through them !

So can you use BBC Iplayer anywhere?

Pretty much, as long as you pick one the UK proxies, it manages your connection in the background and encrypts you connection. You can even run it from a USB stick if you remember to take your login details with you, watch it through firewalls and when countries try to censor what you watch.

If you travel a lot it also means you can access lots of other sites which have country restrictions stopping you watching the BBC IPlayer abroad. For instance I can access UK poker and casino sites from the States who would normally block an American IP address, Turkey often block Youtube and social networking sites but Identity Cloaker users just bypass this.

Anyway I'm off to Turkey in a few weeks and I'll be keeping up with all the latest BBC programs watching BBC IPlayer abroad via Identity Cloaker.

In a few minutes you can be watching your favourite BBC shows through a safe, fast and secure proxy

If you like to watch or listen to any UK TV shows and you spend any amount of time abroad, you'll find it a fantastic investment. The software is simple to work and you just pick a proxy to connect to and off you go, remember free proxies are very slow and many are full of viruses. If you do manage to find a safe, fast free proxy server to watch the BBC Iplayer on, chances are it will be gone in a day or so.

The ability to watch media is not advertised on the web site but drop them a line if you want to check, the support staff are very responsive and will check out problems with any channels - BBC is pretty straight forward but ITV, Channel 4 and some US channels need to use the Open VPN settings in the program. Be very careful of companies who do advertise this TV facility openly, they frequently disappear overnight, after legal threats from the media companies themselves i.e.  BBC, Hulu and ITV etc.

Why not treat yourself here to 10 days of the BBC Iplayer with the Identity Cloaker trial to check it works - for the price of a coffee and sandwich you'll be impressed I'm sure!

For those who want to use Identity Cloaker with an Ipad, Iphone or Ipod outside the UK then here are the instructions - Using Iplayer on an Ipad abroad