2400 stories
·
8 followers

Valve patches exploit that allowed hackers to hijack computers by fragging opponents

1 Comment and 2 Shares

A newly patched vulnerability in Valve's Source SDK engine could have allowed hackers to hijack your computer in a truly bizarre way: by killing you in Counter-Strike.

The vulnerability was discovered by security research firm One Up Security, which published an overview of the exploit. The hack — which Valve commendably patched in less than a day — took advantage of a hole in the engine based around custom assets.

One Up Security

Valve's Source SDK engine which powers some of the most popular games on the internet, including Counter-Strike: Global Offensive, Team Fortress 2, Portal 2, and Left 4 Dead 2, and many of those games allow for players to upload custom content into map files, like new texture or sound...

Continue reading…

Read the whole story
freeAgent
16 hours ago
reply
This is kind of awesome.
Los Angeles, CA
Share this story
Delete

Fight Popups and Read Emails in This Windows 95-Themed RPG

1 Comment

Adult Swim's Kingsway is a fantasy RPG that's designed to look like a mashup of Windows or Mac OS circa 1995, and on paper that sounds about as exciting as typing up The Hobbit word-for-word in Excel. And yes, you read that right. We're not talking about a game that's meant to look like it could run on those systems à la Ultima or Diablo; rather, the operating system itself is the game, right down to emails for quests and persistent popups that assail your patience.

But it's much more fun in action. In fact, I've played no other game that so perfectly captures how magical the experience of using computers felt in the glory days or Netscape and AltaVista. Enough time has passed that many us now now regard PCs with the same mundane acceptance once accorded to cassette tapes and AOL trial CDs, but there was a time when performing even dull tasks on a computer felt like an adventure, something almost too fun to count as work. Interacting with "windows" on a digital plane? We might as well have been peeping through windows into alien worlds.

Kingsway, entirely the work of solo Canadian developer Andrew Morrish, is not a half-hearted attempt. It's astounding, in fact, how well its individual elements all work together. The only element that outright screams "fantasy RPG" is the map window through which your character plods along to destiny and occasionally uses to hobnob in shops and dungeons; everything else, whether it's inventory or the music selection, looks like something you might have screengrabbed while writing a term paper to the sound of a Soul Asylum single. Even the mere act of traveling resembles a dotted installation progress bar inching its way slowly rightward.

And true to the fumbling inexperience of that era, it's a recipe for chaos. Mere minutes go by before the screen gets splattered with popups for everything from quest to loot drops and stat allocation panels. The worst are the popups for the battles themselves, with individual enemies getting their own window that bobbles over the display while you try to click the buttons along the window's bottom to attack while popup moves. It grows maddening quickly, particularly when several enemy popups hog the screen at once, much as advertisements popups did on early browsers. You die if it gets out of hand (prompting a horde of popups that gleefully inform you of this), and then Kingsway fittingly cuts to a blue screen of death. It's a little like catching a virus, particularly the old, nasty kind that knocked PCs out cold.

Image: Kingsway

It works, then, as both a game and a history capsule. It's the Cliff Notes version of discovering or remembering firsthand what early windows-based computing was like, and it certainly doesn't hurt that Kingsway manages to keep it fun in spite of this comparative abstraction. Its randomized tale and journey of high adventure enlivens the humdrum business of minimizing windows and checking notifications.

That may be its strongest message. For all of the annoyances popups and glitches may bring, the core experience of using a PC is still intensely rewarding and not a little fantastical, especially for those who us who remember the days when you couldn't call the local pizza joint for delivery without having a business card or a phone book. After all, isn't why we're all still here now, almost certainly reading this on some form of electronic device? Fantasy has become reality, and Kingsway helps us remember part of the way we got here.



Read the whole story
freeAgent
17 hours ago
reply
This looks kind of fun.
Los Angeles, CA
Share this story
Delete

After AlphaBay’s Demise, Customers Flocked to Dark Market Run by Dutch Police

2 Shares

Earlier this month, news broke that authorities had seized the Dark Web marketplace AlphaBay, an online black market that peddled everything from heroin to stolen identity and credit card data. But it wasn’t until today, when the U.S. Justice Department held a press conference to detail the AlphaBay takedown that the other shoe dropped: Police in The Netherlands for the past month have been operating Hansa Market, a competing Dark Web bazaar that enjoyed a massive influx of new customers immediately after the AlphaBay takedown.

The normal home page for the dark Web market Hansa has been replaced by this message from U.S. law enforcement authorities.

The normal home page for the dark Web market Hansa has been replaced by this message from U.S. law enforcement authorities.

U.S. Attorney General Jeff Sessions called the AlphaBay closure “the largest takedown in world history,” targeting some 40,000 vendors who marketed a quarter-million listings for illegal drugs to more than 200,000 customers.

“By far, most of this activity was in illegal drugs, pouring fuel on the fire of a national drug epidemic,” Sessions said. “As of earlier this year, 122 vendors advertised Fentanyl. 238 advertised heroin. We know of several Americans who were killed by drugs on AlphaBay.”

Andrew McCabe, acting director of the FBI, said AlphaBay was roughly 10 times the size of the Silk Road, a similar dark market that was shuttered in a global law enforcement sting in October 2013.

As impressive as those stats may be, the real coup in this law enforcement operation became evident when Rob Wainwright, director of the European law enforcement organization Europol, detailed how the closure of AlphaBay caused a virtual stampede of former AlphaBay buyers and sellers taking their business to Hansa Market, which had been quietly and completely taken over by Dutch police one month earlier — on June 20.

“What this meant…was that we could identify and disrupt the regular criminal activity that was happening on Hansa Market but also sweep up all of those new users that were displaced from AlphaBay and looking for a new trading plot form for their criminal activities,” Wainwright told the media at today’s press conference, which seemed more interested in asking Attorney General Sessions about a recent verbal thrashing from President Trump.

“In fact, they flocked to Hansa in droves,” Wainwright continued. “We recorded an eight times increase in the number of human users on Hansa immediately following the takedown of AlphaBay. Since the undercover operation to take over Hansa market by the Dutch Police, usernames and passwords of thousands of buyers and sellers of illicit commodities have been identified and are the subject of follow-up investigations by Europol and our partner agencies.”

On July 5, the same day that AlphaBay went offline, authorities in Thailand arrested Alexandre Cazes — a 25-year-old Canadian citizen living in Thailand — on suspicion of being the creator and administrator of AlphaBay. He was charged with racketeering, conspiracy to distribute narcotics, conspiracy to commit identity theft and money laundering, among other alleged crimes.

Alexandre Cazes, standing in front of one of four Lamborghini sports cars he owned. Image: Hanke.io.

Alexandre Cazes, standing in front of one of four Lamborghini sports cars he owned. Image: Hanke.io.

Law enforcement authorities in the US and abroad also seized millions of dollars worth of Bitcoin and other assets allegedly belonging to Cazes, including four Lamborghini cars and three properties.

However, law enforcement officials never got a chance to extradite Cazes to the United States to face trial. Cazes, who allegedly went by the nicknames “Alpha02” and “Admin,” reportedly committed suicide while still in custody in Thailand.

Online discussions dedicated to the demise of AlphaBay, Hansa and other Dark Web markets — such as this megathread over at Reddit — observe that law enforcement officials may have won this battle with their clever moves, but that another drug bazaar will simply step in to fill the vacuum.

But Ronnie Tokazowski, a senior analyst at New York City-based threat intelligence firm Flashpoint, said the actions by the Dutch and American authorities could make it more difficult for established vendors from AlphaBay and Hansa to build a presence using the same identities at alternative Dark Web marketplaces.

Vendors on Dark Web markets tend to re-use the same nickname across multiple marketplaces, partly so that other cybercriminals won’t try to assume and abuse their good names on other forums, but also because a reputation for quality customer service means everything on these marketplaces and is worth a pretty penny.

But Tokazowski said even if top vendors from AlphaBay/Hansa already have a solid reputation among buyers on other marketplaces, some of those vendors may choose to walk away from their former identities and start anew.

“One of the things [the Dutch Police and FBI] mentioned was they were going after other markets using some of the several thousand password credentials they had from AlphaBay and Hansa, as a way to get access to vendor accounts,” on other marketplaces, he said. “These actions are really going to have a lot of people asking who they can trust.”

“There are dozens of these Dark Web markets, people will start to scatter to them, and it will be interesting to see who steps up to become the next AlphaBay,” Tokazowski continued. “But if people were re-using usernames and passwords across dark markets, it’s going to be a bad day for them. And from a vendor perspective, [the takedowns] make it harder for sellers to transfer reputation to another market.”

For more on how the Dutch Police’s National High Tech Crimes Unit (NHTCU) quietly assumed control over the Hansa Market, check out this story.

This story may be updated throughout the day (as per usual, any updates will be noted with a timestamp). In the meantime, the Justice Department has released a redacted copy of the indictment against Cazes (PDF), as well as a forfeiture complaint (PDF).

Update, 4:00 p.m. ET: Added perspectives from Flashpoint, and link to exclusive interview with the leader of the Dutch police unit that infiltrated Hansa.

Read the whole story
freeAgent
17 hours ago
reply
Los Angeles, CA
Share this story
Delete

Exclusive: Dutch Cops on AlphaBay ‘Refugees’

1 Share

Following today’s breaking news about U.S. and international authorities taking down the competing Dark Web drug bazaars AlphaBay and Hansa Market, KrebsOnSecurity caught up with the Dutch investigators who took over Hansa on June 20, 2017. When U.S. authorities shuttered AlphaBay on July 5, police in The Netherlands saw a massive influx of AlphaBay refugees who were unwittingly fleeing directly into the arms of investigators. What follows are snippets from an exclusive interview with Petra Haandrikman, team leader of the Dutch police unit that infiltrated Hansa.

Vendors on both AlphaBay and Hansa sold a range of black market items — most especially controlled substances like heroin. According to the U.S. Justice Department, AlphaBay alone had some 40,000 vendors who marketed a quarter-million sales listings for illegal drugs to more than 200,000 customers. The DOJ said that as of earlier this year, AlphaBay had 238 vendors selling heroin. Another 122 vendors advertised Fentanyl, an extremely potent synthetic opioid that has been linked to countless overdoses and deaths.

In our interview, Haandrikman detailed the dual challenges of simultaneously dealing with the exodus of AlphaBay users to Hansa and keeping tabs on the giant increase in new illicit drug orders that were coming in daily as a result.

The profile and feedback of a top AlphaBay vendor.

The profile and feedback of a top AlphaBay vendor. Image: ShadowDragon.io

KrebsOnSecurity (K): Talk a bit about how your team was able to seize control over Hansa.

Haandrikman (H): When we knew the FBI was working on AlphaBay, we thought ‘What’s better than if they come to us?’ The FBI wanted [the AlphaBay takedown] to look like an exit scam [where the proprietors of a dark web marketplace suddenly abscond with everyone’s money]. And we knew a lot of vendors on AlphaBay would probably come over to Hansa when AlphaBay was closed.

K: Where was Hansa physically based?

H: We knew the Hansa servers were in Lithuania, so we sent an MLAT (mutual legal assistance treaty) request to Lithuania and requested if we could proceed with our planned actions in their country. They were very willing to help us in our investigations.

K: So you made a copy of the Hansa servers?

H: We gained physical access to the machines in Lithuania, and were able to set up some clustering between the [Hansa] database servers in Lithuania and servers we were running in our country. With that, we were able to get a real time copy of the Hansa database, and then copy over the Web site code itself.

K: Did you have to take Hansa offline for a while during this process?

H: No, it didn’t really go offline. We were able to create our own copy of the site that was running on servers in the Netherlands. So there were two copies of the site running simultaneously.

The now-defunct Hansa Market.

The now-defunct Hansa Market.

K: At a press conference on this effort at the U.S. Justice Department in Washington, D.C. today, Rob Wainwright, director of the European law enforcement organization Europol, detailed how the closure of AlphaBay caused a virtual stampede of former AlphaBay buyers and sellers taking their business to Hansa Market. Tell us more about what that influx was like, and how you handled it.

H: Yes, we called them “AlphaBay refugees.” It wasn’t the technical challenge that caused problems. Because this was a police operation, we wanted to keep up with the orders to see if there were any large amounts [of drugs] being ordered to one place, [so that] we could share information with our law enforcement partners internationally.

K: How exactly did you deal with that? Were you able to somehow slow down the orders coming in?

H: We just closed registration on Hansa for new users for a few days. So there was a temporary restriction for being able to register on the site, which slowed down the orders each day to make sure that we could cope with the orders that were coming in.

K: Did anything unexpected happen as a result?

H: Some people started selling their Hansa accounts on Reddit. I read somewhere that one Hansa user sold his account for $40. The funny part about that was that sale happened about five minutes before we re-opened registration. There was a lot of frustration from ex-AlphaBay users that weren’t allowed to register on the site. But we also got defended by the Hansa community on social media, who said it was a great decision by us to educate certain AlphaBay users on Hansa etiquette, which doesn’t allow the sale of things permitted on AlphaBay and other dark markets, such as child pornography and firearms.

K: You mentioned earlier that the FBI wanted AlphaBay users to think that the reason for the closure of that marketplace was that its operators and administrators had conducted an ‘exit scam’ where they ran off with all of the Bitcoin and virtual currency that vendors and buyers had stored in their marketplace wallets temporarily. Why do you think they wanted this to look like an exit scam?

H: The idea was to hit the dark markets even harder when they think they’re just moving to another market and it turns to be law enforcement. Breaking the trust, so that [users] would not feel safe on a dark market.

K: It has been reported that just a few days ago the Hansa market administrators decided to ban the sale of Fentanyl. Were Dutch police involved in that at all?

H: It was a combination of things. One of the site’s employees or moderators started a discussion about this drug. We obviously also had our own opinion about it. It was a pretty good dialogue between us and the Hansa moderators to ban this from the site, and [that decision received] a lot of support from the community. But we didn’t instigate that discussion.

K: Have the Dutch police arrested anyone in connection with this investigation so far?

H: Yes, we identified several people in the Netherlands using the site, and there have already been several arrests made [tied to] Fentanyl.

K: Can you talk about whether your control over Hansa helped you identify users?

H: We did use some technical tricks to find out who people are, but we can’t go into that a lot because the investigation is still going on. But we did try to change the behavior [of some Hansa users] by asking for things that helped us to identify a lot of people and money.

K: What is your overall strategy in all of this?

H: Our strategy is that we want people to know that the Dark Web is not an anonymous place for criminals. Don’t think you can just buy or sell your drugs there without eventually getting caught by law enforcement. We want people to know you’re not safe on the Dark Web. Sooner or later we will come to get you.

Further reading: After AlphaBay’s Demise, Customers Flocked to Dark Market Run by Dutch Police

Read the whole story
freeAgent
17 hours ago
reply
Los Angeles, CA
Share this story
Delete

The OnePlus 5 has an update coming to fix its scary 911 reboot bug

1 Comment
If there's one thing your cellphone really needs to do, it's work in an emergency. A couple of days ago, however, one owner of the OnePlus 5 made two attempts to call 911 only to have his phone reboot both times. Other posters on Reddit observed the...
Read the whole story
freeAgent
17 hours ago
reply
They can't fix this fast enough. Pretty scary.
Los Angeles, CA
Share this story
Delete

I Faked Being Engaged For The Discounts

1 Comment
You know what I learned through my experience of fake betrothment? Being engaged is amazing; when you’re a bride-to-be, the world rolls out the red carpet for you.
Read the whole story
freeAgent
1 day ago
reply
My wife has also mentioned being tempted to claim she's pregnant in order to get similar gym discounts.
Los Angeles, CA
Share this story
Delete
Next Page of Stories