Tag Archives: PC

If you have a router on your home PC or at work and you are using its Universal Plug and Play (UPnP) feature, the US Government wants you to disable it ASAP. The US Department of Homeland Security issued a statement today that urged individuals and businesses to disable these features from router units due to the threat of hacker attacks.

Reuters reports that the statement followed a report from the security firm Rapid7, which claimed that there are three issues with the UPnP standard that could be used by hackers for attacks that range from taking files from PCs, to taking full control of them and using them to access devices such as webcams, printers and more. The report claims that between 40 million and 50 million units that use the UPnP standard are open to these issues.

Companies that sells such routers such as Belkin, D-Link and others will have to issue security patches to fix the holes that were discovered by Rapid7. So far, there’s no word on when these patches will be issued. However, Rapid7 points out on their website that there are a number of older routers that are still being used that are likely never to be updated. In those cases, the only real alternative is to simply buy a new router that is not affected by this UPnP issue.

US Government: disable Universal Plug and Play on routers due to hacker threat.

Late last week, the US government issued a security bulletin that recommended PC users disable Oracle’s Java on their systems, due to an recently discovered exploit that hackers have already been using to launch cyber attacks against Java-running PCs. This weekend, Oracle released a new security update for Java.

Even with this new update, some security experts still believe Java has a number of exploits that could be found by hackers. Reuters reports that HD Moore, the chief security officer for Rapid7, claims that it could take up to two years for Oracle to fix all of the security issues that have been found in Java.

In their blog post about the new Java update, Oracle points out that users can go into the Java Control Panel and adjust the level of security when they run unsigned Java apps inside a web browser. The default setting has been changed from “Medium” to “High.” However, Moore thinks that at this point, the only PC users that need to run Java are those who have to use it for business. He added, “The safest thing to do at this point is just assume that Java is always going to be vulnerable. Folks don’t really need Java on their desktop.”

Security firm Kaspersky claims that Java was involved in 50 percent of all PC cyber attacks in 2012. So far, Oracle has yet to comment on the US government’s warning on using Java on PCs.

Despite Java weekend update, security issues remain.

In March 2012, the Raspberry Pi Foundation started taking orders for its $35 Linux-based PC. The bare bones hardware was an immediate hit and it seems that it’s price point and its appeal to the hardcore hacker crowd still continues.

In a blog post this week, the team announced that one of its two PC makers, 4/Premier Farnell, have officially announced they have sold over 500,000 units of the Raspberry Pi. That means the PC has generated over $17.5 million in gross revenues. The post added, “ …we don’t have completely up-to-date figures from RS Components yet, but Farnell’s news suggests that we’re well on the way to having sold our millionth Raspberry Pi.

The post came with an infographic, shown above, that has some fun, if somewhat useless, Raspberry Pi facts, such as the fact that people could have bought over 4,375,000 chocolate bars with the money they spent on the PCs.

We are still awaiting the launch of the even cheaper $25 version. The first samples have already been madeand the plan is to start taking orders for the $25 Raspberry Pi PC sometime in the early part of 2013.

One million Raspberry Pi PCs sold…maybe (with infographic).

Xbox Live stakeouts and console searches

CSI: Xbox—how cops perform Xbox Live stakeouts and console searches

In June 2009, a Massachusetts state trooper was gathering evidence in a case that involved a suspect having sex with an underage girl. He hoped to find one crucial piece of evidence—video of the encounter—on a digital device from the suspect’s home. But the device wasn’t a computer; it was the suspect’s game console. The investigator was stumped as to how to sift the device for clues, and he turned to a digital forensics mailing list for help.

I am working on a case where it is believed that the suspect may have recorded himself having sex with a 14 year old girl using an Xbox 360. The Xbox was set up in his bedroom and had a webcam attached to it that was pointed directly at his bed.

The suspect did record two other victims, and those videos were found on his PC in a different room. All of the victims say that they were not aware that they were being recorded and that his PC was not in the room at the time of the incidents.

Does anyone know if it is possible to record video with an Xbox 360? I looked at the hard drive using Explorer360 and was able to locate a large file (460 MB) that was created on the same day as the incident but I am unable to extract any useful data from it.

That state trooper was not alone in his desire to crack open a console and look for evidence. Consoles today play an increasing part in even local police investigations across the country. Thanks to a recent Anonymous hack of a California cybercrime investigator’s e-mail account, we can take a glimpse inside that world. The e-mail cache contains a huge array of mailing list traffic in which investigators ask other for help examining digital devices, from cell phones to computers to gaming consoles. We’ve spent the last few weeks plowing through the list to better understand how digital forensics are being used by local police across the US. What stands out is just how aware cops have become about the many uses of digital devices; the list includes numerous questions about the Xbox, the PS3, the Nintendo DS, cell phones, iPods, and even (once) a Zune.

In many cases, however, they’ve been frustrated in their attempts to find incriminating data. A September 2007 e-mail from the Wichita, Kansas Forensic Computer Crimes Unit asked for help with an Xbox 360, for instance, since standard PC forensic tools are of limited utility.

We are at the end of a large acquisition (2TB) human trafficking and exploitation case and the case goes to jury today, but there has been one question unanswered. We never found the movie file of a co-defendant and the 15 year old victim. The last place to look is a Xbox 360 that was seized with WMC Extender software. I have taken the SATA HD (Seagate 20GB) out and tried to image it, but nothing I have will recognize the HD. I tried hardware write blocks, software write blocks and connecting straight into a Linux box…[no] luck…

So, any ideas left out there on checking to see if he did store any images or movie files on this HD?

In other cases, the Xbox itself contains no illicit material, but its usage logs can still shed light on a case, or undermine an alibi. In August 2011, for instance, an investigator at the Orange County (NY) District Attorney’s Office asked the mailing list for help.

On the X-box 360 kinect does anyone know if the date/time is user set or it comes from the server? I have a picture of the screen which shows a folder with a date. This is a Rape case where the defense is trying to introduce pictures from the X-box 360 of the victim playing a day after the rape. I do not have the X-box but I’m attaching the defenses picture. Any help would be appreciated.

Gaming logs were also being searched for in a January 2011 case from Binghamton, New York.

I have a question for the nerds and nerdettes: we have an xbox coming in on a homicide, or I guess a babycide, and we need to find out if the thing was being played during certain hours… I’m assuming we will be looking at saved games, or checkpoints reached.

Consoles can also be burgled. A July 2008 case from Washington, DC involves the theft of an Xbox 360, after which the victim told police that “I received an e-mail from Microsoft indicating that a charge was placed on my credit card to purchase Xbox 360 points. This charge originated from my Xbox Live internet account that I registered on my Xbox before it was stolen.”

In this case, the victim took to the Internet and was able to tell the investigator that “their own research has shown where stolen Xboxes were recovered by victims after service of a court order to Microsoft for the IP address where the Xbox is connecting.” The investigator didn’t quite know what to make of this—the level of technical knowledge on the mailing list varied widely—but to his credit, he was willing to do some legwork. And if what the victim told him turned out to be true, “it may assist me in solving a rash of burglaries that happened on a college campus.”

Finally, console-related crime includes good old-fashioned weird behavior. As a detective from the Eugene, Oregon Financial Crimes Unit told the list in January 2010:

Got an inquiry from our admin aide. A caller at a local coffee shop reported something suspicious involving a male/female couple appearing in their store at the same time/day each week. Each time they had several visitors to their table, each bringing an Xbox. The couple did something to the Xbox, charged their “customer” $50, then sent them on their way. I’ve had no experience with gaming systems (other than playing them!), so other than the fact this seems very odd behavior, I’m not sure what might be going on here.

Anyone have a possible explanation for this behavior? The only thing that came to mind was perhaps an on-the-fly repair operation.

Similar stories abound for other consoles, like the PS3, which can be the source of even more mischief than the Xbox due to its one-time ability to run Linux and function even more like a general purpose computer. From Longview, Texas:

I recently did a PS3 on a P2P [peer-to-peer file-sharing] case. The ‘bad guy’ had installed yellow dog linux at one point on the PS3. the hard drive was behind a flap on one end. I removed a couple of screws and pulled out the drive, hooked it to a write-blocker, and it imaged fine. He was storing a lot of cartoon porn…..

Consoles aren’t just sources of forensic data; they can also be used as bait. A recent case from Fort Lauderdale, Florida shows how local police can use game consoles to nab suspects.

During the three-day trial, a Fort Lauderdale Police detective testified that he was undercover trying to make arrests for dealing in stolen property. He was dressed in disheveled clothing to pass as a drug addict. He carried around with him a brand new Xbox 360 videogame system and a car radio in a tattered garbage bag. He came into contact with [Edrawin] Canady at his place of work, a commercial garage, and tried to sell the Xbox and the radio. Canady was standing with another individual, Charles Hall, at the time.

Canady initiated contact by calling out to the detective to ask what he had in the bag. The detective explained that he had a new Xbox which he got from a friend who worked at Walmart. Both Canady and Hall inspected the items in the bag and began to negotiate a price with the detective. Canady initially offered to pay sixty dollars in cash for both items. The detective testified that this amount was “way below market value for both items.” Eventually Hall offered to throw in forty dollars worth of crack cocaine, to which the detective agreed. Canady handed the detective sixty dollars in cash and Hall removed a bottle containing crack cocaine from a nearby car and handed it to the detective. Canady and Hall took the Xbox and the radio and the detective left. The detective signaled to nearby police officers, and both Canady and Hall were arrested on the spot.

(Seem a little unfair? An appeals court agreed, reversing Canady’s conviction for trafficking in stolen property. The court noted that offering to sell a single Xbox and a radio was hardly “red flag” knowledge of stolen goods. But the court maintained Canady’s conviction for cocaine delivery.)

Finally, consoles can also provide a way for investigators to find and even interact with their suspects. And when that interaction leads to voice chatting, cops have a whole new way to conduct undercover ops.

Building a “Frankenbox”

Do police actually hang out on Xbox Live, trying to strike up audio chats with criminal suspects, then recording the conversations as evidence for investigations in robberies, child porn cases, and more? Apparently they do. A Microsoft presentation to law enforcement, included in the leaked e-mails, makes clear that “investigators may participate in Xbox live in undercover operations.” The company even sketches out diagrams for recording suspect conversations by building a special “Frankenbox.”

Investigators have long wanted access to IP-based voice services like Skype and, more recently, those offered on game consoles. Thanks to laws like CALEA, they already possess potent wiretap capabilities on traditional phone networks. Internet communications can be tapped, but when they are also encrypted, things get difficult. (When communications are peer-to-peer, rather than passing through central servers, this can get even dicier.) In 2010, the FBI was pushing to extend CALEA to a much broader array of Internet applications, forcing the companies behind them to provide built-in, realtime backdoor access to encrypted communications. The agency backed off a bit in 2011, but it still has its sites on IP-based voice chatting of all kinds.

Microsoft may have an eventual answer. A company patent filing came to light in 2011 on ways to intercept Internet calls, which “may include audio messages transmitted via gaming systems, instant messaging protocols that transmit audio, Skype and Skype-like applications, meeting software, video conferencing software, and the like.” (Emphasis added; remember that Microsoft now owns Skype.)

Undercover investigators welcome
Undercover investigators welcome
Source: Microsoft

In the meantime, investigators may not be able to eavesdrop on others, but they can build their own investigative rigs to capture Xbox Live chats in which they participate.

Source: Microsoft

The task is more complicated than just capturing the audio output from the Xbox, since game chat isn’t routed through the speaker outputs. Instead, investigators need to build a small “Frankenbox” splitter that can send headset audio to a mixer and from there on to any standard audio/video recording device.

How to capture Xbox audio chats
How to capture Xbox audio chats
Source: Microsoft

Microsoft can also provide IP addresses for Xbox Live logins, registration and billing information, titles of games accessed, etc, but the actual content of user communications does not appear to be logged by the company, nor is it stored on the Xbox hard drive or memory stick—to the chagrin of investigators in many cases, who report looking for logs and chat data on seized console hard drives, but coming up empty.

As consoles incorporate more features—voice chat, video cameras, Web browsers, online storefronts, Linux—they will prove increasingly common targets for police action. It took years for the general public to realize just how much a common computer could say about a person, what with search engine histories, Web browsing histories, deleted files, and stored e-mails. Game consoles aren’t that revealing, but they’re getting closer. What does your console say about you?

Update: The website consoleforensics.com posted a copy of the presentation gleaned from the mailing list in 2011. If you want a look at the complete presentation, it’s available here.

Photo illustration by Aurich Lawson

CSI: Xbox—how cops perform Xbox Live stakeouts and console searches.

For many of us, the music used in the background while Microsoft’s Windows 95 started booting up is still locked in our heads. That music was actually composed by well known ambient music composer Brian Eno. In a newly discovered radio interview with the BBC from 2009, Eno revealed that he actually composed the Windows 95 start up music on an Apple Macintosh machine.

Eno got a list of what the music should sound like from Microsoft, which included 150 adjectives. Some of those adjectives included words like “inspirational” “sexy”, “driving”, “provocative”, “nostalgic” and “sentimental”, which is a lot to project for just a few seconds of music. But the big revelation came when the BBC interviewer asked, naturally, if Eno had written the Windows 95 music on a PC. Eno replied, “No I wrote it on a Mac. I’ve never used a PC in my life; I don’t like them”. Ouch.

Apple’s Mac machines have always had the reputation of being a better computer to create content like music and other entertainment products, and whether that reputation is justified is a matter of debate. Regardless, it must sting the higher ups at Microsoft a little bit to learn that every time Windows 95 started up on a PC, it had a little bit of Mac inside those sounds.

http://www.youtube.com/v/1WuC9q_A2Fc

via Windows 95 start up music composed on a Mac