U.K. student Arrested for PlayStation, Xbox DDoS Attacks

A U.K. man was arrested this week as part of an investigation into recent DDoS attacks on the PlayStation and Xbox networks.

Both platforms were knocked offline in December, allegedly at the hands of a hacking group that calls itself the Lizard Squad.

Officers from the U.K.'s South East Regional Organized Crime Unit (SEROCU) this week arrested an 18-year-old man from Southport, England. The teenager was brought in on multiple charges, including unauthorized access to computer material with intent to commit further offenses.

A number of electronic and digital devices were seized in a raid on his home.

Still in the early stages of their investigation, SEROCU said it will continue cooperating with the FBI in the U.S., and the Titan ROCU (North West Regional Organized Crime Unit) in Britain.

"This is a significant arrest … of a U.K. citizen suspected of engaging in serious and organized cyber crime on the national and international stage," Deputy Chief Constable Peter Goodman, national policing lead for cyber security at the Association of Police Officers (ACPO), said in a statement.

"This arrest demonstrates that we will pursue those who commit crime with the false perception they are protected within their own homes or hiding behind anonymous online personas," Goodman added.

Neither the FBI nor U.S. Department of Justice immediately responded to PCMag's request for comment.

According to Craig Jones, head of cyber crime at SEROCU, the teen in question is also accused of "swatting," or falsely reporting a serious crime so that law enforcement will show up at a specific location, often with guns drawn and in full tactical gear.

In this case, officials received fake phone calls via Skype about a major incident in which SWAT teams were dispatched in the U.S.

"Cyber crime is an issue which has no boundaries and affects people on a local, regional and global level," Jones said.

SEROCU is asking that anyone with information regarding cyber offenses report the details to Action Fraud or the Crimestoppers hotline.

"As we continue to build capability and develop skills across wider policing, we still need industry, communities, and individuals to protect themselves by implementing basic security measures," Goodman said, "whilst taking full advantage and enjoyment the opportunities the world wide web provides."

Hacker's List allows you to hire a hacker anonymously and quickly

Hacker's List, a website that offers to connect customers and "professional" hackers for hire, would have you believe that just about everyone, at one point or another, needs to hack into something. And it wants to help.

The website — which shows listings as far back as November, when it launched — includes more than 400 posts from users seeking hackers. There are around 70 hacker profiles displayed on the site, but many of them don't appear to be active.

"Hiring a hacker shouldn't be a difficult process, we believe that finding a trustworthy professional hacker for hire should be a worry free and painless experience," reads the website.

Hacking is no longer considered a task only reserved for high-stakes situations, like international espionage. 

There are listings for a variety of activities, which are called "projects" on the website, from breaking into iPhones to tampering with academic grades.

Once a user posts a job, hackers will respond with ideas for how to accomplish the task. After that, the person doing the hiring picks a hacker, based on price, availability. When pricing is agreed upon, the first payment is made. (Though Hacker's List claims it holds all payments until the project is complete.)

Bids for hackers can range from low prices (say, $1) to thousands. One listing, for example, wants hackers to remove content and images from search engines. The buyers is willing to pay as much as $4,000 for the job. Using this website, of course, doesn't mean that a hacker will automatically take on the job — many of the posts don't have any bids at all.

Data breaches are seemingly more common than ever before. The hackers freelancing for the listing service will have varying skill levels, but, as Mashable's Christina Warren put it, everyone should have the expectation that "our privacy and security are finite and will probably be breached."

To help keep sites secure, use password managers and generators — like LastPass — as well as two-factor authentication, which requires a password and a uniquely generated code, to protect email accounts and computer systems. The better the security, the more difficult it is to hack.

Hiring hackers online isn't new, and services sometimes have surprising legitimacy. One example: NeighborHoodHacker.com, which has a 1-888 number and live-chat receptionist. There's even a dedicated website for reviewing them. If something goes awry, the users can consult one of Hacker's List's "dispute specialists."

Of course, how legal all of this is remains entirely questionable. The site's terms and conditions forbid "use the Service for any illegal purposes," but breaking into someone's personal email, for one, is almost never OK, lawfully speaking.

The founders of the website are still too afraid to go public, according to The New York Times. The report said the founders were advised by legal counsel about how to structure the website to avoid liability for any wrongdoing by people either seeking to hire a hacker or by hackers agreeing to do a job. The site is registered in New Zealand.

Chinese Spies Stole Australia’s New F-35 Lightning-II fighter Jet Design, Snowden Reveals

The latest document release by Edward Snowden revealed the industrial-scale cyber-espionage operation of China to learn the secrets of Australia's next front-line fighter aircraft – the US-built F-35 Joint Strike Fighter (JSF).

Chinese spies stole "many terabytes of data" about the design of Australia’s Lockheed Martin F-35 Lightning II JSF, according to top secret documents disclosed by former US National Security Agency intelligence contractor Edward Snowden to German magazine Der Spiegel.

Chinese spies allegedly stole as much as 50 terabytes of data, including the details of the fighter’s radar systems, engine schematics, "aft deck heating contour maps," designs to cool exhaust gases and the method the jet uses to track targets.

So far, the F-35 Lightning II JSF is the most expensive defence project in the US history. The fighter aircraft, manufactured by US-based Lockheed Martin, was developed at a cost of around $400 billion (£230 billion).

WhatsApp banning users for using third-party apps

Popular mobile messaging service WhatsApp is banning users who install and use WhatsApp Plus, a third-party Android app that offers access to the service along with some additional features. 

WhatsApp is banning users for 24 hours and returning an error message informing them that they have violated its terms of service. 

The messaging service has also posted the reason for the ban on its website's FAQ section. "WhatsApp Plus is an application that was not developed by WhatsApp, nor is it authorized by WhatsApp. The developers of WhatsApp Plus have no relationship to WhatsApp, and we do not support WhatsApp Plus. Please be aware that WhatsApp Plus contains source code which WhatsApp cannot guarantee as safe and that your private information is potentially being passed to 3rd parties without your knowledge or authorization. Please uninstall your application and install an authorized version of WhatsApp from our website or Google Play. Then, you will be able to use WhatsApp," it mentioned. 

WhatsApp Plus offers some additional features including themes and ability to modify chat screens but is a privacy hazard as private messages of users go through a server not controlled or owned by WhatsApp. Some ill-informed online reports had mentioned that WhatsApp Plus was an upcoming version of WhatsApp following which a number of users had started using the app. 

In November 2014, WhatsApp had added a new end-to-end encryption feature to its Android app with Open Whisper Systems, a San Francisco-based software group that developed the "TextSecure" programme, to protect users' conversations from unwanted surveillance and snooping. Using the third party app would have even bypassed this feature. 

WhatsApp Comes To The Desktop

There’s now a desktop version.

It’s a web app rather than a native client — and for now, at least, it seems to only play friendly with Google Chrome.

But if you’re ready to dive in, you can find the new web-ready version of WhatsApp right over here…

One weird catch: to log in on the desktop, you have to take a picture of a QR code through WhatsApp on your phone. This is necessary, presumably, because WhatsApp uses your phone number and SMS verifications rather than usernames/passwords. This currently works on Android, Windows Phone, and BlackBerry… but “due to Apple platform limitations” (WhatsApp’s words, there — we’re not sure what limitations they mean), iOS users are left out in the cold.

On the platforms where it works, however, it’s very slick.

Kim Dotcom starts end-to-end encrypted video calling service: MegaChat

Mega has opened beta testing for a new encrypted video calling service that integrates with its existing file hosting and sharing offerings.

The new MegaChat only supports voice and video calling for now, but text chat and video conferencing will be added soon, Mega founder Kim Dotcom said on Twitter.

The service runs inside Web browsers, not through a dedicated application, and is free to use. It can be launched from the mega.nz (not mega.co.nz) website by clicking on the new “Conversations” button in the left-side toolbar after logging in.

One of the most important features of the service is that, according to the company, it uses end-to-end encryption. This means that Mega shouldn’t have access to users’ encryption keys and shouldn’t be able to decrypt communications.

“No US based online service provider can be trusted with your data,” Dotcom said in December when he revealed plans to launch the service. “They must provide the US Government with backdoors,” he claimed at the time positioning MegaChat as a Skype alternative.

Of course, Dotcom is no friend to the U.S. government, which has been trying to extradite him from New Zealand to face copyright infringement and other charges in connection to the activity of his former company, Megaupload.

Also, end-to-end encryption only protects communications from upstream surveillance if there are no errors or intentional backdoors in the implementation, so until security researchers and cryptography experts have a chance to look at Mega’s implementation it would probably be best not to use the service for highly sensitive communications. The service is currently in the testing phase anyway, so the existence of bugs wouldn’t be unusual.

“Mega offers a security bounty again,” Dotcom announced Thursday on Twitter. “Please report any security flaw to us. We’ll fix it and reward you. Thanks for helping.”

A video calling test with MegaChat went relatively smooth. There were brief moments of video and audio degradation (mostly video), but not worse than typically experienced with Skype on the same machine and with the same Internet connection.