http://sophosnews.files.wordpress.com/2012/02/conference-call-spy-170.jpg” alt=”Conference call spy image from Shutterstock” align=”right” hspace=”10″ vspace=”10″ />
Last month, we reported how a conference call, between the FBI and Scotland Yard, discussing their investigation into Anonymous hackers had been secretly recorded by the hacking collective and published on the net.
We surmised at the time that the unknown hackers might have secretly accessed the call by compromising a police investigator’s email account, as the call-in details and passcode were posted by Anonymous on their usual dumping ground – the PasteBin website.
http://sophosnews.files.wordpress.com/2012/02/fbi-email1.jpg” alt=”Conference call email, republished by Anonymous” />
Yesterday’s announcement by the FBI about the prominent LulzSec hacker Sabu, and other alleged hacktivists, has revealed more details about what actually happened.
According to an FBI press release, a Garda (Irish police) officer who was invited to attend the conference call about ongoing hacking investigations forwarded the message to a personal email account.
Unfortunately, that personal email account was compromised by a hacker.MORE
A number of websites associated with US police have been compromised by AntiSec hackers in apparent support of the “Occupy” demonstrations.
One of the sites targeted was the Boston Police Patrolmen’s Association (BPPA), which suffered a hack which resulted in the release of a thousand usernames and passwords. An obvious danger is that staff may be using the same username/password combinations on other sites – such as their email accounts or Facebook.
In addition, the AntiSec movement claimed in an online press release to be publishing more than 600MB of data stolen from the International Association of Chief of Police (IACP) website, including names and addresses, passwords and internal documents.
Names, addresses, phone numbers and social security numbers for police officers in Alabama have also been exposed, and a contact database associated with employees and clients of the internet company Matrix Group made public. Read the rest of this entry »
Anonymous continued their crusade against governments and organizations this weekend, attacking the myBART.org website belonging to San Francisco’s BART (Bay Area Rapid Transit) system.
They performed a SQL injection (SQLi) attack against the site and were able to extract more than 2,000 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes.
They also defaced the website with Guy Fawkes masks, which BART has yet to remove more than four hours later.
While it is understandable that people are upset with BART after the recent blocking of cell phone communications to prevent protesters from organizing, it is puzzling to me how exposing thousands of innocent people’s personal information hurts BART more than it hurts transit users.
Users of rapid transit are certainly not the problem, and this simply takes a bad situation and makes it worse by creating even more victims.
During my interview about the incident with KCBS radio in San Francisco this afternoon, I was asked what people can do to protect themselves against these types of attacks. What an interesting question…
The best approach is to not provide your personal information where it isn’t needed and make sure you always use a unique password for every website, regardless of how unimportant you think the site may be.
If you are a user of myBART.org, I recommend changing your passwords anywhere you might have used the same password. Aside from that, there is little you can do now that your information has been published.
Website admins, if you are still storing passwords in plain text and haven’t examined your web site for SQL injection vulnerabilities, even after the attacks against Sony, I highly recommend doing so. This is not a list you want your site to be added to.
A 19-year old man has been arrested by British police in Shetland, UK, under suspicion of launching hacking attacks against a number of websites.
Officers from the Metropolitan Police Service’s Police Central e-Crime Unit (PCeU) arrested the man as part of an international investigation into the activities of the Anonymous and LulzSec hacktivist groups.
The man, who was arrested at a residential address in Shetland, is said to have used the online nickname “Topiary” and acted as a spokesperson for the groups via forums such as Twitter.
The suspected hacker is currently being transported to a central London police station, and a search is taking place at his home.
“Topiary” has been identified in the past as having a leading role in hactivist attacks launched by the LulzSec and Anonymous groups.
In a related police operation, officers are searching a residential address in Lincolnshire where a 17-year-old male is being interviewed under caution in connection with the inquiry. He has not been arrested.
The truth is that LulzSec and other hacktivist groups have recently been playing an extremely dangerous game – taunting the likes of the FBI and British police with a series of hacks and attacks and believing themselves to be invincible.
If the arrested man is indeed a key member of the LulzSec gang, it could be the British police who have the last laugh.
Interestingly, Topiary deleted all the messages he had previously posted on Twitter recently, replacing them with a simple message:
"You cannot arrest an idea"
Is it possible he saw the writing on the wall?
Just last week, the UK’s PCeU arrested a 16-year-old youth – believed to be the LulzSec/Anonymous hacker known as “T-Flow” – in South London, on suspicion of breaching the Computer Misuse Act. Other arrests took place at the same time in the United States and the Netherlands.
Anonymous, the loosely-knit hacktivist collective, is claiming to have got its hands on 8GB of “secret documents” from CNAIPIC, Italy’s cybercrime unit responsible for protecting the country’s critical IT infrastructure.
If it’s true that security at CNAIPIC has been breached by hackers, that would be a genuine concern as the group works with intelligence agencies around the world.
An Anonymous Twitter account announced the data breach, and links were posted up on Pastebin pointing to a selection of the stolen files, which included information related to various government departments around the world, including the US Department of Agriculture and Australia’s Ministry of Defence.
Documents about a number of private firms also appear to be included in the haul, which was claimed by The Legion of Anonymous Doom who are presumed to be a subgroup of Anonymous.
A message posted on the internet in poorly-written English claimed that there would be more information and files released in due course:
"This is a prerelease of a series we are going to make to reveal the biggest in history of European LE cyber operation Evidence exploitation and abuse. Thing's gonna get published and twittered all over anonymous and lulzsec community."
A screenshot of a list of all the files that had been compromised was posted on the internet, and included in a news report by The Hacker News. A small portion of it is reproduced below.
So, why is Anonymous apparently targeting the Italian cybercrime authorities?
Well, earlier this month, Italian police searched dozens of houses and charged suspects, in an investigation into the Italian branch of Anonymous – which is suspected of hitting government, business and media websites with denial-of-service attacks.
Inevitably there will be speculation that this is a counter-attack against the Italian authorities following the arrests.
In the early hours of this morning, the FBI executed search warrants at to gather evidence at the homes of alleged members of the Anonymous hacktivist group.
According to a Fox News report, two homes in Long Island, New York, and one in Brooklyn, were searched by FBI agents looking for evidence that computers at the addresses had been used in distributed denial-of-service (DDoS) attacks against a number of websites.
Computer equipment is said to have been removed from the home of Giordani Jordan in Baldwin, Long Island by FBI agents.
In recent months, a number of high profile websites (including those belonging to Mastercard, Visa and the Recording Industry Association of America) were blasted off the internet in a series of DDoS attacks, with different computers scattered across the world deployed to bombard targeted sites with traffic using a tool called LOIC.
However, the Low Orbit Ion Cannon (LOIC) tool doesn’t do a very good job of covering the tracks of attackers – making it potentially easy for computer crime authorities to track those behind the attacks.
The raids in New York followed just hours after hackers launched an attack against The Sun newspaper, redirecting visitors to a false news story that News Corporation CEO Rupert Murdoch had been found dead.
Facilitating or conducting a DDoS attack is illegal in many countries around the world, and in the United States is punishable by up to 10 years in prison and considerable fines.