Michael Hastings Dies in Suspicious Car 'Crash'.....

[Peter Lemkin]

It is not for the state, nor the deep state, to decide whether a body should be buried or cremated.

It is for the family.

This is an obscene act, and most likely a deep political act too.

True! I don't believe they asked the bin Laden family, either.
They obviously feel they can decide about life and death and disposition of the bodies re: those they label as 'terrorists'......and enemies of the Empire.

Except, Peter, the official story is that Hastings was the innocent victim of a car crash.

True, they are getting sloppy and/or scared, and just don't care now if the 'official' story is one of someone 'innocent' (and only victim of an accident) or someone they targeted for some announced terrorist acts - real or [mostly] imagined/invented. In my mind, both were targeted for somewhat similar reasons of the Deep State. They don't care anymore if they are consistent in their actions or explanations. Obviously, their prime concern was to hide damning evidence - whatever it took. If pressed, they'll say it was an 'oversight/slip-up'...'sorry'. They are ONLY 'into' protecting the Deep State; all others and all laws/niceties/standard civilized practices be damned in their way of thinking.

No SS, SA or Gestapo officer cared about those niceties either. We're rapidly headed in that direction, very sadly. We've crossed the Rubicon now! [IMO]

[Magda Hassan]

[TABLE]
[TR]
[TD="class: postHeader, colspan: 1"]

What Did Michael Hastings Know?

[/TD]
[/TR]
[TR]
[TD] By: yellowsnapdragon Monday July 29, 2013 5:00 am[/TD]
[/TR]
[/TABLE]
Nevermind the fiery car crash that killed Michael Hastings. Forget about remotely controlled cars careening out of control at the command of insideous government spooks, remains cremated against the will of the family, and withheld accident reports involving Hastings' death.
None of that is particularly important, really.*
What is important is the story journalist Michael Hastings was researching prior to his death. That would be the story that prompted Hastings to write an email to collegues at BuzzFeed warning that the FBI was snooping around asking questions of his close friends and associates. Hastings advised his colleagues that any conversations with the FBI about his news gathering and journalism practices should be done after first consulting with an attorney. Hastings was on to a big story, and needed to go "off the radar" for a while.
So what was Hastings researching? The last article Michael Hastings published looked into how major players in the Democratic Party have responded to the leaks exposing the NSA's secret spying program called PRISM. Far from expressing outrage at the intelligence community's widespread domestic spying programs, the Obama administration had been ruthless against those exposing illegal government surveillance, particularly journalists.

Transparency supporters, whistleblowers, and investigative reporters, especially those writers who have aggressively pursued the [B]connections between the corporate defense industry and federal and local authorities involved in domestic surveillance[/B], have been viciously attacked by the Obama administration and its allies in the FBI and DOJ. [Emphasis Added]

Michael Hastings was interested in how private contractors and government were working together to stop journalists from publishing details of illegal government surveillance.
Julian Assange, Glenn Greenwald and Barrett Brown have been government targets, among others. Those three are important. The stories of Julian Assange and Glenn Greenwald are well known and thoroughly documented by now and include a campaign of smears, threats, international legal contortions, and general hyperventilation from government, corporate America, and talking heads around the globe.
Less known is journalist Barrett Brown. Unofficial spokesman for Anonymousalthough he denied holding that titleBarrett Brown's work has focused on the secretive world of contract spies. Through Project PM, "a crowd-sourced research effort to expose government intelligence contractors," Barrett Brown uncovered a strategy concocted by a consortium of private contractors called Team Themis to discredit activist groups opposing the contractors' big-name clients, namely Bank of America and the US Chamber of Commerce. Strategies of Team Themis included Persona Management, which created false social media accounts to infiltrate and discredit progressive groups like Wikileaks and anti-Chamber group Chamber Watch.
A similar program was developed by the US military for international use and has been compared to attempts by the Chinese government to control and restrict its domestic population's free speech on the internet.

Critics are likely to complain that it [the American military's program] will allow the US military to create a false consensus in online conversations, crowd out unwelcome opinions and smother commentaries or reports that do not correspond with its own objectives.

Bank of America was introduced to Team Themis throughwait for itthe Department of Justice, and BofA ultimately hired Themis in an effort to discredit Wikileaks after Assange obliquely threatened to bring down a major bank. Secret leaked bank documents were sitting in a security file to be released in the event of Assange's capture or death. Prior to that, DOJ referred the US Chamber of Commerce to Team Themis when the Chamber sought to create a damage control campaign to immunize itself against opponents and their advocates, notably Glenn Greenwald.
Rather than winning accolades for exposing a nefarious public/private partnership to damage the credibility of journalists, Barrett Brown won indictments on charges that could result in over 100 years in jail. One obviously spurious charge was for cutting and pasting a link onto a discussion board. Some believe that Brown was targeted because he got dangerously close to discovering PRISM before Edward Snowden leaked top secret documents detailing the program.
But the toxic mix of big business, private intelligence and government was not all that interested Hastings. A February 2011 article for Rolling Stone outlined one General's use of an army Psycological Operations unit to manipulate the opinions of US Senators visiting Afghanistan.

"My job in psy-ops is to play with people's heads, to get the enemy to behave the way we want them to behave," says Lt. Colonel Michael Holmes, the leader of the IO unit, who received an official reprimand after bucking orders.

The psyops operation was used to help secure additional funding for military operations in Afghanistan in the midst of an unpopular and unsuccessful operation. The Smith-Mundt Act of 1948 pevents the use of military psyops against American citizens. Holmes continued,

"I'm prohibited from doing that to our own people. When you ask me to try to use these skills on senators and congressman, you're crossing a line."

Meanwhile, an obscure provision of the National Defense Authorization Act (NDAA) went into effect this month repealing the Smith-Mundt Act's ban on the US government using psyops propaganda on a domestic American audience. The sockpuppet army of Team Themis is legally loosed and Americans can be legally manipulated by psyops to behave in ways amenable to the government.
Michael Hastings was a personal friend of Barrett Brown's and contributed to Project PM. Hastings suspected that his conversations with Brown were being recorded and monitored. In a letter of condolence to supporters of Hastings, Barrett Brown announced that Hastings had scheduled an interview with Brown from the prison where Brown is incarcerated awaiting trial. Hastings was killed before the interview took place.
What were Michael Hastings and Barrett Brown planning to discuss during the interview that never happened? Website freebarrettbrown.org's Kevin Gallagher has some ideas.

Hastings saw Barrett's case in the context of the government's war on the press, basically, and uh, a lot of the things he reported about the like psyops on US Senators to get them to support the war ties into the Persona Management stuff and the stuff that Barrett was researching, so there is a lot of overlap between the two.

Whatever Hastings found, he thought it was important. Apparently so did the FBI. As Hastings tweeted about his story on Barrett Brown, "Get ready for your mind to get blown."
In his last published piece Hastings wrote, "Perhaps more information will soon be forthcoming" about the Obama Administration's war on journalism. Sadly, it will not come from Michael Hastings.
*Okay, it's important, really important, but its not the topic of this post and is a totally separate issue deserving a separate discussion.
http://my.firedoglake.com/yellowsnapdrag...ings-know/

[Magda Hassan]

Security camera footage from the pizza shop referred to in the previously posted Who What Where article.

[Magda Hassan]

Knows a thing or two about remote hacking. Was due to give keynote address and demonstration at important conference and only 35 years od. Such bad luck. Surely just another coincidence.

Famed hacker Barnaby Jack dies

Date July 30, 2013 - 2:47PM
Hacker Barnaby Jack has died in San Francisco. Photo: Bloomberg

BARNABY JACK, 1977-2013
Barnaby Jack, who has died aged 35, was a "white hat" hacker and computer security expert who sought to preserve the integrity of information systems. In 2010 he came to widespread notice when he demonstrated live on a conference stage how he could drain an ATM (automated teller machine) of its entire reservoir of cash.
In 2008 Jack bought two ATMs, of the kind seen in bars and shops, over the internet for $US2000 each, and had them delivered to his apartment in San Jose, California. The New Zealand-born computer engineer later recalled: "So the guy, he wheels in this ATM, and he's like, 'Why on earth do you need an ATM in your house?' And I'm like, 'Oh, I just don't like the transaction fees, mate.'"

Barnaby was best known for his security research on medical devices. Photo: Bloomberg

For the next two years he analysed their software codes, believing that there were inherent weaknesses that would allow the machines to be controlled through the internet.
Advertisement
Eventually Jack succeeded in bypassing the demands for passwords and serial numbers, and was able to access his ATMs remotely. He could then withdraw all their cash - a process that became known as "Jackpotting". He could also access information about bank accounts from the magnetic strips on bank and credit cards, and steal ATM users' passwords.
At the Black Hat computer security conference in Las Vegas in July 2010, Jack demonstrated all this live on stage, showing how he could connect to an ATM via a telephone modem and, without using a password, withdraw all the machine's cash.
As director of security testing at the Seattle-based computer security consultants IOActive, Jack's purpose was to alert the manufacturers to potential failures in their systems. In an interview with CNN after the conference he said: "We were really careful when we gave this demonstration to make sure that the vendors had mitigation remediation in place before we went up and did it. I mean, the goal at Black Hat was certainly not to give a cookbook recipe for everyone out there to be able to go and loot ATMs. So we made sure the vendors had fixes in place.
"I demonstrated two different attacks. One was a walk-up attack, where I would literally walk up to an ATM, [and] within about two minutes it would just start spitting out its entire dispenser. Of course you had to be at the ATM for that one to work. The other attack was completely remote, so I could do it from a laptop in a hotel room or your bedroom... But I also had it harvesting people's credit cards and PIN numbers, which I could then retrieve remotely as well. It was 100 per cent anonymous, and bypassing all authentication."
Jack was concerned that, when it came to ATMs, too much emphasis was placed on the "physical" defences, such as whether the machine was bolted down, or whether there was CCTV. "This is the first time anyone had actually looked at the underlying software," he claimed. "And once I sort of dug in, ripped the software apart, I was really surprised at the amount of flaws that are hiding underneath there." He added: "I am not naive enough to think I am the only one who can do it."
Barnaby Michael Douglas Jack was born in Auckland, New Zealand, on November 22 1977, the son of Michael and Sammi Jack, and was fascinated by computers from boyhood.
Jack made his career in the United States, and from the age of 21 worked as a research engineer in the computer security software business, at Network Associates, Foundstone and eEye Digital Security. In 2006 he moved to Juniper Networks, and in June 2010 joined IOActive as director of research. At the time of his death he was director of embedded device security.
He died only a week before he was due to demonstrate at a conference how an assassin might kill his victim by disabling an implanted pacemaker or defibrillator from 30 feet away - an idea used in the television series Homeland, starring Damian Lewis and Claire Danes.
In June this year Jack said: "Malware will often slow down a computer, and when you slow down a medical device it no longer gives the integrity needed to perform as it should." He considered the Homeland scenario "fairly realistic" - although "they required a serial number, my demonstration does not".
At a recent conference in Melbourne, Jack had delivered an 830-volt jolt to a pacemaker by logging into it remotely. Many medical devices use wireless technology, and authorisation that requires only a user name and password that can be remotely extracted from them. Jack said these were designed to be easy to crack by a doctor needing to give treatment in an emergency.
Jack even suggested that it would be possible to write a "worm" for a particular brand of pacemaker or defibrillator, then spread it to other devices within range, from one person to another.
Barnaby Jack was found dead at his apartment in San Francisco; the cause of death is unknown.
He is survived by his mother, his sister, Amberleigh, and by his girlfriend, Layne Cross.

http://www.smh.com.au/it-pro/security-it...hv16p.html

[Peter Lemkin]

[TABLE]
[TR]
[TD="class: postHeader"]What Did Michael Hastings Know?
[/TD]
[/TR]
[TR]
[TD] By: yellowsnapdragon Monday July 29, 2013 5:00 am[/TD]
[/TR]
[/TABLE]


Nevermind the fiery car crash that killed Michael Hastings. Forget about remotely controlled cars careening out of control at the command of insideous government spooks, remains cremated against the will of the family, and withheld accident reports involving Hastings' death.
None of that is particularly important, really.*
What is important is the story journalist Michael Hastings was researching prior to his death. That would be the story that prompted Hastings to write an email to collegues at BuzzFeed warning that the FBI was snooping around asking questions of his close friends and associates. Hastings advised his colleagues that any conversations with the FBI about his news gathering and journalism practices should be done after first consulting with an attorney. Hastings was on to a big story, and needed to go "off the radar" for a while.
So what was Hastings researching? The last article Michael Hastings published looked into how major players in the Democratic Party have responded to the leaks exposing the NSA's secret spying program called PRISM. Far from expressing outrage at the intelligence community's widespread domestic spying programs, the Obama administration had been ruthless against those exposing illegal government surveillance, particularly journalists.

Transparency supporters, whistleblowers, and investigative reporters, especially those writers who have aggressively pursued the [B]connections between the corporate defense industry and federal and local authorities involved in domestic surveillance[/B], have been viciously attacked by the Obama administration and its allies in the FBI and DOJ. [Emphasis Added]

Michael Hastings was interested in how private contractors and government were working together to stop journalists from publishing details of illegal government surveillance.
Julian Assange, Glenn Greenwald and Barrett Brown have been government targets, among others. Those three are important. The stories of Julian Assange and Glenn Greenwald are well known and thoroughly documented by now and include a campaign of smears, threats, international legal contortions, and general hyperventilation from government, corporate America, and talking heads around the globe.
Less known is journalist Barrett Brown. Unofficial spokesman for Anonymousalthough he denied holding that titleBarrett Brown's work has focused on the secretive world of contract spies. Through Project PM, "a crowd-sourced research effort to expose government intelligence contractors," Barrett Brown uncovered a strategy concocted by a consortium of private contractors called Team Themis to discredit activist groups opposing the contractors' big-name clients, namely Bank of America and the US Chamber of Commerce. Strategies of Team Themis included Persona Management, which created false social media accounts to infiltrate and discredit progressive groups like Wikileaks and anti-Chamber group Chamber Watch.
A similar program was developed by the US military for international use and has been compared to attempts by the Chinese government to control and restrict its domestic population's free speech on the internet.

Critics are likely to complain that it [the American military's program] will allow the US military to create a false consensus in online conversations, crowd out unwelcome opinions and smother commentaries or reports that do not correspond with its own objectives.

Bank of America was introduced to Team Themis throughwait for itthe Department of Justice, and BofA ultimately hired Themis in an effort to discredit Wikileaks after Assange obliquely threatened to bring down a major bank. Secret leaked bank documents were sitting in a security file to be released in the event of Assange's capture or death. Prior to that, DOJ referred the US Chamber of Commerce to Team Themis when the Chamber sought to create a damage control campaign to immunize itself against opponents and their advocates, notably Glenn Greenwald.
Rather than winning accolades for exposing a nefarious public/private partnership to damage the credibility of journalists, Barrett Brown won indictments on charges that could result in over 100 years in jail. One obviously spurious charge was for cutting and pasting a link onto a discussion board. Some believe that Brown was targeted because he got dangerously close to discovering PRISM before Edward Snowden leaked top secret documents detailing the program.
But the toxic mix of big business, private intelligence and government was not all that interested Hastings. A February 2011 article for Rolling Stone outlined one General's use of an army Psycological Operations unit to manipulate the opinions of US Senators visiting Afghanistan.

"My job in psy-ops is to play with people's heads, to get the enemy to behave the way we want them to behave," says Lt. Colonel Michael Holmes, the leader of the IO unit, who received an official reprimand after bucking orders.

The psyops operation was used to help secure additional funding for military operations in Afghanistan in the midst of an unpopular and unsuccessful operation. The Smith-Mundt Act of 1948 pevents the use of military psyops against American citizens. Holmes continued,

"I'm prohibited from doing that to our own people. When you ask me to try to use these skills on senators and congressman, you're crossing a line."

Meanwhile, an obscure provision of the National Defense Authorization Act (NDAA) went into effect this month repealing the Smith-Mundt Act's ban on the US government using psyops propaganda on a domestic American audience. The sockpuppet army of Team Themis is legally loosed and Americans can be legally manipulated by psyops to behave in ways amenable to the government.
Michael Hastings was a personal friend of Barrett Brown's and contributed to Project PM. Hastings suspected that his conversations with Brown were being recorded and monitored. In a letter of condolence to supporters of Hastings, Barrett Brown announced that Hastings had scheduled an interview with Brown from the prison where Brown is incarcerated awaiting trial. Hastings was killed before the interview took place.
What were Michael Hastings and Barrett Brown planning to discuss during the interview that never happened? Website freebarrettbrown.org's Kevin Gallagher has some ideas.

Hastings saw Barrett's case in the context of the government's war on the press, basically, and uh, a lot of the things he reported about the like psyops on US Senators to get them to support the war ties into the Persona Management stuff and the stuff that Barrett was researching, so there is a lot of overlap between the two.

Whatever Hastings found, he thought it was important. Apparently so did the FBI. As Hastings tweeted about his story on Barrett Brown, "Get ready for your mind to get blown."
In his last published piece Hastings wrote, "Perhaps more information will soon be forthcoming" about the Obama Administration's war on journalism. Sadly, it will not come from Michael Hastings.
*Okay, it's important, really important, but its not the topic of this post and is a totally separate issue deserving a separate discussion.
http://my.firedoglake.com/yellowsnapdrag...ings-know/

I'm not surprised, just a bit further sickened at the state of 'rot' at the 'top' in 'Amoralka'. So, Big Banks (and Big Corporations) and the FBI/DOJ [which need to rebrand to Fed. Bureau of Intimidation & DOI - Dept. of INJustice, respectively!] are working hand in hand ["I'm shocked to learn there it gambling going on here at Rick's!" - apologies to Casablanca] to create false consensi on the internet [hello Colby!] and destroy [even kill] anyone who'd even begin to discover, let alone research, document and try to tell others, that the US 'Grovelment' works for the Oligarchs and ignores, robs, suppresses, lies to, deceives, imprisons, kills, and otherwise harms the entire remainder of the Citizenry.

Interesting to get much closer to the why Hastings was murdered. To me, it was clear from the moment it happened it was for the story he was working on and his trajectory in Journalism [now, one of the most dangerous professions to one's health - if one is good and not embedded].

So, it now becomes clearer what the U.S. are #1 at - evil - a deepening and very black evil!

[Magda Hassan]

And, yes, Barnaby Jack was on to car hacking cases....amongst others.

Original URL: http://www.theregister.co.uk/2012/08/21/...r_hacking/

McAfee puts Barnaby Jack on car-jacking hackers' case

Security whiz to thwart actual crashes
By John Leyden
Posted in Security, 21st August 2012 12:38 GMT
McAfee has put together an elite team of researchers to investigate how to go about protecting car systems from next-generation hacking attacks.
Members of the team include Barnaby Jack, the security researcher best known for demonstrating ways that crooks can force ATMs to spit out cash and for highlighting security shortcomings in insulin pumps.
Modern cars increasingly rely on embedded processors. Security researchers have already demonstrated how these embedded systems might be hacked to generating bogus tire blowout warning messages or pull off other dangerous exploits. Attack scenarios include injecting malware using via on-board diagnostics systems, wireless connections and booby-trapped CDs.
No such attacks have ever taken place in the real world but car manufacturers and auto industry associations are already aware of the possible risk.
SAE International, a global association of more than 128,000 engineers and related technical experts in the aerospace, automotive and commercial-vehicle industries, has put together a number of technical papers that look into information security risks that look beyond potential concerns about hacking into electronic vehicle access systems, which have been an issue for several years.
"Vehicles include more and more electronic systems and open communication channels based on public standards, making them vulnerable to a variety of attacks," the abstract to one recent SAE technical paper explains. "Security mitigation mechanisms are implemented in software and might be supported by a controller with basic security features," it adds.
"Any cyber security breach carries certain risk," said Jack Pokrzywa, SAE's manager of ground vehicle standards, the Daily Tech reports. "SAE Vehicle Electrical System Security Committee is working hard to develop specifications which will reduce that risk in the vehicle area."
Meanwhile Ford and Toyota have both recruited information security experts to look into the potential problem. Ford, for example, has hired infosec experts to make its SYNC in-vehicle communications and entertainment system more resistant against hackers and malware.
The McAfee team will be assigned to looking into much the same issues but with a slightly different mandate, geared towards developing security software and other protection technologies suitable for car-based embedded computing systems.
Bruce Snell, a McAfee executive managing the firm's research on car security, told Reuters via PCPro. "If your laptop crashes you'll have a bad day, but if your car crashes that could be life threatening.
"I don't think people need to panic now. But the future is really scary," he added. ®

Related stories

• Pacemaker hack legend Barnaby Jack dies just before Black Hat revelations (26 July 2013) http://www.theregister.co.uk/2013/07/26/...jack_dies/
  
• Police 'stumped' by car thefts using electronic skeleton key (6 June 2013) http://www.theregister.co.uk/2013/06/06/...e_stumped/
  
• McAfee: Cyber thugs will turn your car into Christine (8 September 2011) http://www.theregister.co.uk/2011/09/08/...isk_study/
  
• Hacker pwns police cruiser and lives to tell tale (3 May 2011) http://www.theregister.co.uk/2011/05/03/...r_hacking/
  
• Car immobilisers easily circumvented by crafty carjackers (20 December 2010) http://www.theregister.co.uk/2010/12/20/...ity_flaws/
  
• Thieves jam key-fob lock signals in mystery car thefts (21 September 2010) http://www.theregister.co.uk/2010/09/21/...heft_scam/
  
• Hackers spoof car warning system (13 August 2010) http://www.theregister.co.uk/2010/08/13/...less_hack/
  
• Boffins warn on car computer security risk (14 May 2010) http://www.theregister.co.uk/2010/05/14/...ity_risks/
  
• Ex-worker blamed for car immobilisation hack (18 March 2010) http://www.theregister.co.uk/2010/03/18/repo_man_hack/
  
• Ford preps anti-hacking tech for in-car WiFi (12 March 2010) http://www.theregister.co.uk/2010/03/12/...cure_wifi/
  
• Hey car thief! Gonna shut you down (10 October 2007) http://www.theregister.co.uk/2007/10/10/...car_theft/
  
• Crypto boffins break car cypher (24 August 2007) http://www.theregister.co.uk/2007/08/24/...her_crack/
  
• My RFID-embedded car numberplate has a virus (11 April 2007) http://www.theregister.co.uk/2007/04/11/...ds_mcafee/
  
• Car virus myth debunked (10 May 2005) http://www.theregister.co.uk/2005/05/10/..._debunked/
  
• 'Thiefproof' car key cracked (31 January 2005) http://www.theregister.co.uk/2005/01/31/...pto_alert/
  

[David Guyatt]

Bank of America was introduced to Team Themis throughwait for itthe Department of Justice, and BofA ultimately hired Themis in an effort to discredit Wikileaks after Assange obliquely threatened to bring down a major bank. Secret leaked bank documents were sitting in a security file to be released in the event of Assange's capture or death. Prior to that, DOJ referred the US Chamber of Commerce to Team Themis when the Chamber sought to create a damage control campaign to immunize itself against opponents and their advocates, notably Glenn Greenwald.

Aha! There be the Bank of America missing story of wikileaks.

The corporate-government-military shaggiest of today's Amerika, and the unleashing of all accumulated power on to the people. I suspect it must be even worse than this though, bearing in mind the lengths these happy shagger's have gone to, to nullify Assange and kill Hasting's.

[David Guyatt]

Security camera footage from the pizza shop referred to in the previously posted Who What Where article.

Remember Princess Di?

[Jan Klimkowski]

Bank of America was introduced to Team Themis throughwait for itthe Department of Justice, and BofA ultimately hired Themis in an effort to discredit Wikileaks after Assange obliquely threatened to bring down a major bank. Secret leaked bank documents were sitting in a security file to be released in the event of Assange's capture or death. Prior to that, DOJ referred the US Chamber of Commerce to Team Themis when the Chamber sought to create a damage control campaign to immunize itself against opponents and their advocates, notably Glenn Greenwald.

Aha! There be the Bank of America missing story of wikileaks.

The corporate-government-military shaggiest of today's Amerika, and the unleashing of all accumulated power on to the people. I suspect it must be even worse than this though, bearing in mind the lengths these happy shagger's have gone to, to nullify Assange and kill Hasting's.

Yes - good work David.

Back in Blighty, a few minor Private Dicks have prosecuted for highly illegal acts of corporate espionage, but the cops won't go after their paymasters for fear of breaching the human rights of multinational corporations.

Two sides of the same coin.

The message is: Don't Even Think of Coming After Us.

:nosmilie:

[Magda Hassan]

Car hacking code released at Defcon

Car computer hacking hit the gas on the first morning of Defcon 21, as hackers revealed how they took over two of the most popular cars in America.
by Seth Rosenblatt
August 2, 2013 5:30 PM PDT


LAS VEGAS -- You may hate parallel parking, but you're going to hate it even more when somebody commandeers control of your car with you in it.
That was the scary scenario painted over the first two hours at the 21st annual Defcon hacker conference.
"Car hacking is definitely coming," said Zoz, of Cannytophic Design, who presented on how to hack autonomous cars.
Zoz's talk on vulnerabilities that autonomous autos will face followed a fast-paced explanation by well-known computer security experts Charlie Miller and Christopher Valasek of how they spent the past 10 months hacking the self-driving features of two popular cars. Miller, Valasek, and Zoz all spoke to standing-room only crowds of more than 1,000 people.
While car hacking made a big splash at Defcon in 2010 and 2011, those hacks were not publicly documented. "We want it to take two months for everybody to do this," Miller said to loud applause from the packed house.
Before going into their hacking explanation, Miller and Valasek admitted that they were not hardware hackers, and had little experience on hardware basics like splicing wires. But they only had one requirement for their test car: that it be able to drive itself.
From there, hilarity ensued. Instead of following Toyota's guide to removing the dash of their test 2010 Prius, they used a crowbar. Subsequent videos and photos showed them driving around with a laptop wired to the open dash of a car, much to the amusement of the crowd.


The pair also tested a 2010 Ford Escape.
Prerecorded video demos of the hacks showed Miller and Valasek disabling the car's brakes, jerking the steering wheel back and forth while the car was in motion, accelerating, taking full control of the steering wheel, yanking the seat belt tight, turning off the engine, turning interior and exterior lights on and off, honking the horn, and making the console show a full tank of gas when it wasn't.
Surprisingly, neither wore a helmet.
At one point, the car wouldn't start, and they had to get it taken to the Toyota dealer for repairs. It turns out, Valasek said, that they had blown up the inverter. "They said they couldn't fix the car because they'd never seen this problem before."
The two detailed much of the nitty-gritty of their hacking work, covering how they gained physical access to the car's computer and how they figured out how to program the car's computer.
The documentation that they will be releasing in the next few weeks sounds comprehensive, totaling 101 pages of code and data.
Zoz spent his talk in the next hour on the future of automation. Self-driving cars, he told, are essentially robots and will be particularly susceptible to the same kinds of hacks as less complicated robots.

Zoz details the concepts behind how to hack self-driving cars at Defcon 21.
(Credit: Seth Rosenblatt/CNET)

Many of these vulnerabilities will be related to directly hacking or indirectly altering the sensors that allow a car to navigate the road without causing accidents. Automated vehicles of all sorts, from person-carrying cars to small drones, rely on a multitude of sensors such as GPS, LIDAR, cameras, millimeter wave radar, digital compasses, wheel encoders, inertial measurement units, and on-board maps.
There are two kinds of sensor attacks, Zoz said. Denial attacks prevent the sensor from recovering data, while spoofing causes the sensor to retrieve bad data.
Each of the sensors on a car or drone can be successfully attacked in several low-cost, low-effort ways. A GPS sensor, he said, can be compromised by purchasing or building a cheap GPS jammer.
Maps are particularly at risk. "You can't have your robot occasionally blowing through a red light," he said to much snickering from the audience.
Zoz, as well as Miller and Valasek, kept returning to a particular point during their separate hour-long presentations: the goal of hacking cars isn't to cause widespread havoc, but to make them safer.
"Now that we've released the data, you can think about how to stop these attacks," Miller said.
And echoing Miller, Zoz also highlighted safety concerns. "When I talk about exploits and countermeasures, I want you to think about counter-countermeasures," he said.
Ford and Toyota have both said that their focus is on preventing wireless hacks, but wireless technology is hardly a bastion of security. We may be approaching an era when the car itself could be to blame for crashes.
http://news.cnet.com/8301-1009_3-5759684...at-defcon/