Si chiama Carmelo Miano, il giovane di 24 anni nato a Sciacca e residente a Gela, che è stato arrestato il 2 ottobre con l’accusa di aver violato diversi sistemi informatici sensibili. Tra questi, spiccano i server del ministero della Giustizia e di varie procure italiane.

L’arresto, eseguito dalla procura di Napoli, lo vede accusato di accesso abusivo a sistemi informatici, con l’aggravante di aver introdotto malware per acquisire informazioni riservate e accedere a capitali digitali. Secondo il procuratore nazionale antimafia Gianni Melillo e il procuratore Nicola Gratteri, Miano si è reso protagonista di una serie di crimini cibernetici che hanno messo a rischio la sicurezza di diverse infrastrutture statali.

Miano, che vive a Roma e lavora come programmatore informatico, è accusato anche di aver ottenuto accesso a un documento segreto della Guardia di Finanza, datato 22 dicembre 2023, che lo riguardava direttamente poiché era sotto inchiesta a Brescia. Attraverso i suoi attacchi, ha violato i sistemi di vari enti, accumulando un bottino di tre milioni di euro in bitcoin, successivamente sequestrati.

Nell’inchiesta risultano coinvolti altri tre individui, e Miano utilizzava false identità e un sistema cifrato per operare nell’ombra. Il giovane hacker sembra aver focalizzato la sua attenzione principalmente sulla criminalità organizzata, trascurando però il terrorismo.

youtube.com/embed/rzbOFlHcdj8?…

Come riusciva a violare le reti

Miano, utilizzando le credenziali di un amministratore di sistema, ha scalato diversi livelli di sicurezza informatica. Tra i suoi obiettivi vi era anche la Procura di Gela, le cui mail consultava quotidianamente attraverso la webmail.

Ha infettato i computer di due dipendenti del ministero, rubando dati come username e password salvate nei browser, ed è riuscito ad accedere al portale sanitario della Guardia di Finanza, prelevando documenti contenenti informazioni riservate.

Secondo il Messaggero, l’inchiesta coinvolge anche funzionari pubblici ignoti, i quali avrebbero inavvertitamente aiutato Miano accettando i malware inviati da account riconducibili a lui. Questo ha permesso al giovane hacker di raccogliere informazioni, cambiare password e cancellare le tracce delle sue attività. Per evitare ulteriori fughe di notizie, l’ordinanza di arresto nei suoi confronti è stata stampata a mano e consegnata fisicamente, bypassando i soliti sistemi informatici per motivi di sicurezza.

Gli sviluppi

Questi fatti rientrano in una più ampia operazione che coinvolge altre tre persone già iscritte nel registro degli indagati. Durante le indagini, sono stati sequestrati terabyte di dati riservati, tra cui file rubati dai server della Procura di Brescia, dove Miano era inizialmente sotto indagine. Le autorità sospettano che l’hacker abbia esfiltrato migliaia di documenti giudiziari, mettendo in seria difficoltà il ministero della Giustizia e costringendo i magistrati a ritornare a metodi di comunicazione più tradizionali, per evitare ulteriori compromissioni dei loro sistemi digitali.

L’inchiesta, che sembra solo all’inizio, ha già messo in evidenza come il ventiquattrenne sia stato capace di scardinare le difese di vari sistemi statali, mettendo in serio pericolo la sicurezza delle infrastrutture e delle informazioni sensibili in Italia.

L'articolo L’incubo del Ministero della Giustizia si chiama Carmelo Miano, 24 anni di Gela proviene da il blog della sicurezza informatica.

While the death of Apple’s Lightning Connector can’t come soon enough, swapping the ports on their products as “category-defining innovations” seems a bit of a stretch. [Ken Pillonel] has designed a set of streamlined, repairable, USB-C adapters for the AirPods, AirPods Pro, and AirPods Max that show Apple what innovation really means.

If you’ve followed [Pillonel]’s work in the past, you’ll know he’s as a big a fan of repairability as we are here, so this isn’t just a cheap knockoff dongle that’ll be in the trash as fast as your counterfeit wireless earbuds. In the video below, he walks us through his quest start-to-finish to design something compact that gives you all the joys of USB-C without the pain of buying a whole new set of headphones.

We like the iteration on the connector, showing that flexible circuits can do some amazing things, but are still subject to failure at extreme angles. Using a combination of 3D printing, a cool robot sandblasting machine, a pick-and-place, and some old fashioned hand soldering, [Pillonel] treats us to a polished final product that’s put together with actual screws and not adhesive. His designs are all open source, so you can DIY, or he sells finished copies in his shop if you want to give one to your less-than-techy relatives.

[Pillonel] may seem familiar as he’s the guy who added USB-C to the iPhone before Apple and redesigned the AirPods Pro case for repairability. Apple is getting better about repair in some of its devices, for sure, but unsurprisingly, hackers do it better.

youtube.com/embed/zH4fMnnAwPI?…

hackaday.com/2024/10/03/add-us…

For months before liftoff, the popular press had been hyping up the fact that the Polaris Dawn mission would include the first-ever private spacewalk. Not only would this be the first time anyone who wasn’t a professional astronaut would be opening the hatch of their spacecraft and venturing outside, but it would also be the first real-world test of SpaceX’s own extravehicular activity (EVA) suits. Whether you considered it a billionaire’s publicity stunt or an important step forward for commercial spaceflight, one thing was undeniable: when that hatch opened, it was going to be a moment for the history books.

But if you happened to have been watching the live stream of the big event earlier this month, you’d be forgiven for finding the whole thing a bit…abrupt. After years of training and hundreds of millions of dollars spent, crew members Jared Isaacman and Sarah Gillis both spent less than eight minutes outside of the Dragon capsule. Even then, you could argue that calling it a spacewalk would be a bit of a stretch.

Neither crew member ever fully exited the spacecraft, they simply stuck their upper bodies out into space while keeping their legs within the hatch at all times. When it was all said and done, the Dragon’s hatch was locked up tight less than half an hour after it was opened.

Likely, many armchair astronauts watching at home found the whole thing rather anticlimactic. But those who know a bit about the history of human spaceflight probably found themselves unable to move off of the edge of their seat until that hatch locked into place and all crew members were back in their seats.

Flying into space is already one of the most mindbogglingly dangerous activities a human could engage in, but opening the hatch and floating out into the infinite black once you’re out there is even riskier still. Thankfully the Polaris Dawn EVA appeared to go off without a hitch, but not everyone has been so lucky on their first trip outside the capsule.

A High Pressure Situation

The first-ever EVA took place during the Voskhod 2 mission in March of 1965. Through the use of an ingenious inflatable airlock module, cosmonaut Alexei Leonov was able to exit the Voskhod 3KD spacecraft and float freely in space at the end of a 5.35 m (17.6 ft) tether. He attached a camera to the outside of the airlock, providing a visual record of yet another space “first” achieved by the Soviet Union.

This very first EVA had two mission objectives, one of which Leonov had accomplished when he successfully rigged the external camera. The last thing he had to do was turn around and take pictures of the Voskhod spacecraft flying over the Earth — a powerful propaganda image that the USSR was eager to get their hands on. But when he tried to activate his suit’s camera using the trigger mounted to his thigh, he found he couldn’t reach it. It was then that he realized the suit had begun to balloon around him, and that moving his arms and legs was taking greater and greater effort due to the suit’s material stiffening.

After about ten minutes in space Leonov attempted to re-enter the airlock, but to his horror found that the suit had expanded to the point that it would no longer fit into the opening. As he struggled to cram himself into the airlock, his body temperature started to climb. Soon he was sweating profusely, which pooled around his body within the confines of the suit.

Unable to cope with the higher than anticipated internal temperature, the suit’s primitive life support system started to fail, making matters even worse. The runaway conditions in the suit caused his helmet’s visor to fog up, which he had no way to clear as he was now deep into a failure mode that the Soviet engineers had simply not anticipated. Not that they hadn’t provided him with a solution of sorts. Decades later, Leonov would reveal that there was a suicide pill in the helmet that he could have opted to use if need be.

With his core temperature now elevated by several degrees, Leonov was on the verge of heat stroke. His last option was to open a vent in his suit, which would hopefully cause it to deflate enough for him to fit inside the airlock. He noted that the suit was currently at 0.4 atmosphere, and started reducing the pressure. The safety minimum was 0.27 atm, but even at that pressure, he couldn’t fit. It wasn’t until the pressure fell to 0.25 atm that he was able to flex the suit enough to get his body back into the airlock, and from there back into the confines of the spacecraft.

In total, Alexei Leonov spent 12 minutes and 9 seconds in space. But it must have felt like an eternity.

Gemini’s Tricky Hatch

In classic Soviet style, nobody would know about the trouble Leonov ran into during his spacewalk for years. So when American astronaut Ed White was preparing to step out of the Gemini 4 capsule three months later in June of 1965, he believed he really had his work cut out for him. Not only had the Soviets pulled off a perfect EVA, but as far as anyone knew, they had made it look easy.

So it’s not hard to imagine how White must have felt when he pulled the lever to open the hatch on the Gemini spacecraft, only to find it refused to budge. As it so happens, this wasn’t the first time the hatch failed to open. During vacuum chamber testing back on the ground, the hatch had refused to lock because a spring-loaded gear in the mechanism failed to engage properly. Luckily the second astronaut aboard the Gemini capsule, James McDivitt, was present when they had this issue on the ground and knew how the latch mechanism functioned.
Ed White
McDivitt felt confident that he could get the gear to engage and allow White to open the hatch, but was concerned about getting it closed. Failing to open the hatch and calling off the EVA was one thing, but not being able to secure the hatch afterwards meant certain death for the two men. Knowing that Mission Control would almost certainly have told them to abort the EVA if they were informed about the hatch situation, the astronauts decided to go ahead with the attempt.

As he predicted, McDivitt was able to fiddle with the latching mechanism and got the hatch open for White. Although there were some communication issues during the spacewalk due to problems with the voice-operated microphones, the EVA went very well, with White demonstrating a hand-held maneuvering thruster that allowed him to fly around the spacecraft at the end of his tether.

White was having such a good time that he kept making excuses to extend the spacewalk. Finally, after approximately 23 minutes, he begrudgingly returned to the Gemini capsule — informing Mission Control that it was “the saddest moment of my life.”

The hatch had remained open during the EVA, but now that White was strapped back into the capsule, it was time to close it back up. Unfortunately, just as McDivitt feared, the latches wouldn’t engage. To make matters worse, it took White so long to get back into the spacecraft that they were now shadowed by the Earth and working in the dark. Reaching blindly inside the mechanism, White was once again able to coax it into engaging, and the hatch was securely closed.

But there was still a problem. The mission plan called for the astronauts to open the hatch so they could discard unnecessary equipment before attempting to reenter the Earth’s atmosphere. As neither man was willing to risk opening the hatch again, they instead elected to stow everything aboard the capsule for the remainder of the flight.

Overworked, and Underprepared

At this point the Soviet Union and the United States had successfully conducted EVAs, but both had come dangerously close to disaster. Unfortunately, between the secretive nature of the Soviets and the reluctance of the Gemini 4 crew to communicate their issues to Mission Control, NASA administration started to underestimate the difficulties involved.

NASA didn’t even schedule EVAs for the next three Gemini missions, and the ambitious spacewalk planned for Gemini 8 never happened due to the mission being cut short due to technical issues with the spacecraft. It wouldn’t be until Gemini 9A that another human stepped out of their spacecraft.

The plan was for astronaut Gene Cernan to spend an incredible two hours outside of the capsule, during which time he would make his way to the rear of the spacecraft where a prototype Astronaut Maneuvering Unit (AMU) was stored. Once there, Cernan was to disconnect himself from the Gemini tether and don the AMU, which was essentially a small self-contained spacecraft in its own right.
Photo of the Gemini spacecraft taken by Gene Cernan
But as soon as he left the capsule, Cernan reported that his suit had started to swell and that movement was becoming difficult. To make matters worse, there were insufficient handholds installed on the outside of the Gemini spacecraft, making it difficult for him to navigate his away along its exterior. After eventually reaching the AMU and struggling desperately to put it on, Mission Control noted his heart rate had climbed to 180 beats per minute. The flight surgeon was worried he would pass out, so Mission Control asked him to take a break while they debated if he should continue with the AMU demonstration.

At this point Cernan noted that his helmet’s visor had begun to fog up, and just as Alexei Leonov had discovered during his own EVA, the suit had no system to clear it up. The only way he was able to see was by stretching forward and clearing off a small section of the glass by rubbing his nose against it. Realizing the futility of continuing, Commander Thomas Stafford decided not to wait on Mission Control and ordered Cernan to abort the EVA and get back into the spacecraft.

Cernan slowly made his way back to the Gemini’s hatch. The cooling system in his suit had by now been completely overwhelmed, which caused the visor to fog up completely. Effectively blind, Cernan finally arrived at the spacecraft’s hatch, but was too exhausted to continue. Stafford held onto Cernan’s legs while he rested and finally regained the strength to lower himself into the capsule and close the hatch.

When they returned to Earth the next day, a medical examination revealed Cernan had lost 13 pounds (5.8 kg) during his ordeal. The close-call during his spacewalk lead NASA to completely reassess their EVA training and procedures, and the decision was made to limit the workload on all future Gemini spacewalks, as the current air-cooled suit clearly wasn’t suitable for long duration use. It wasn’t until the Apollo program introduced a liquid-cooled suit that American astronauts would spend any significant time working outside of their spacecraft.

The Next Giant Leap

Thanks to the magic of live streaming video, we know that the Polaris Dawn crew was able to complete their brief EVA without incident: no shadowy government cover-ups, cowboy heroics, or near death experiences involved.

With the benefit of improved materials and technology, not to mention the knowledge gained over the hundreds of spacewalks that have been completed since the early days of the Space Race, the first private spacewalk looked almost mundane in comparison to what had come before it.

But there’s still much work to be done. SpaceX needs to perform further tests of their new EVA suit, and will likely want to demonstrate that crew members can actually get work done while outside of the Dragon. So it’s safe to assume that when the next Polaris Dawn mission flies, its crew will do a bit more than just stick their heads out the hatch.

hackaday.com/2024/10/03/polari…

Secondo gli esperti dell’azienda Imperva, i criminali informatici prendono sempre più di mira la piattaforma online Roblox, popolare tra i bambini e gli adolescenti, distribuendo decine di malware mascherati da modifiche del gioco. La maggior parte dei file dannosi si presenta sotto forma di pacchetti Python, repository GitHub e file eseguibili che sono stati scaricati centinaia di volte. L’obiettivo degli aggressori è rubare denaro, dati e conti.

Nell’ambiente di gioco competitivo, molti giocatori cercano “cheat” o programmi di terze parti per migliorare le proprie prestazioni di gioco, cosa che attira l’attenzione dei criminali informatici. Gli specialisti di Imperva Threat Research notano che questa tendenza è diventata una “miniera d’oro” per gli hackerche stanno lanciando campagne su larga scala rivolte agli appassionati di hacking dei giochi Roblox.

Il rapporto Imperva rileva che “i giovani giocatori che cercano di migliorare la propria esperienza di gioco spesso agiscono con noncuranza, lasciandoli vulnerabili a tali insidie”. Ciò comporta il rischio di divulgazione di dati riservati.

Roblox è una piattaforma di gioco online in cui i giocatori possono creare i propri giochi multiplayer. Uno dei giochi più popolari del momento è Da Hood, che conta più di 2,6 miliardi di visite. In esso, i giocatori possono agire come agenti di polizia, partecipando a scontri con criminali, o come banditi, partecipando alla lotta contro altre bande. Molti giocatori preferiscono utilizzare cheat o modifiche di terze parti per ottenere un vantaggio, ad esempio per migliorare la precisione.

Gli aggressori hanno creato molti pacchetti prendendo di mira i giocatori di Da Hood. Sono distribuiti attivamente sulle piattaforme GitHub, Discord e YouTube. La maggior parte del malware sono pacchetti Python pubblicati nel repository ufficiale PyPI (Python Package Index). Inoltre sono stati scoperti anche file binari di Windows contenenti malware come Skuld Stealer e Blank Grabber.

Skuld Stealer è progettato per rubare dati da Discord, browser e portafogli di criptovaluta, inclusi dati di carte di credito, cookie, cronologia del browser e credenziali. Il malware utilizza la funzionalità di elevazione automatica dei privilegi in Windows per ottenere l’accesso a tutte le sessioni utente sul sistema. Blank Grabber, a sua volta, ha funzionalità molto simili.

Per nascondersi dagli antivirus, gli aggressori spesso aggiornano pacchetti dannosi. La situazione è aggravata dal fatto che i giovani giocatori, cercando di attivare cheat, disabilitano autonomamente l’antivirus e la protezione in tempo reale, lasciando i loro sistemi senza possibilità di salvezza.

Prendendo di mira i bambini nei giochi online, i criminali informatici stanno aprendo una porta alle risorse digitali degli adulti. È così che il perseguimento di facili risultati nel mondo virtuale può comportare gravi perdite nella realtà. I bambini interessati ai giochi per computer dovrebbero essere informati in anticipo di questo fatto, e anche del fatto che la vera padronanza e soddisfazione arrivano attraverso il fair play e lo sviluppo graduale delle abilità, e non attraverso scorciatoie che forniscono solo un’euforia fugace.

L'articolo Il Malware Prende di Mira i Bambini su Roblox! L’Accesso alle credenziali degli Adulti è fornito proviene da il blog della sicurezza informatica.