Anonymous

How Anonymous spied on FBI / UK Police hacking investigation conference call

Posted on


 

http://sophosnews.files.wordpress.com/2012/02/conference-call-spy-170.jpg” alt=”Conference call spy image from Shutterstock” align=”right” hspace=”10″ vspace=”10″ />

Conference call spy image from ShutterstockLast month, we reported how a conference call, between the FBI and Scotland Yard, discussing their investigation into Anonymous hackers had been secretly recorded by the hacking collective and published on the net.

We surmised at the time that the unknown hackers might have secretly accessed the call by compromising a police investigator’s email account, as the call-in details and passcode were posted by Anonymous on their usual dumping ground – the PasteBin website.

http://sophosnews.files.wordpress.com/2012/02/fbi-email1.jpg” alt=”Conference call email, republished by Anonymous” />

Conference call email, republished by AnonymousYesterday’s announcement by the FBI about the prominent LulzSec hacker Sabu, and other alleged hacktivists, has revealed more details about what actually happened.

According to an FBI press release, a Garda (Irish police) officer who was invited to attend the conference call about ongoing hacking investigations forwarded the message to a personal email account.

Unfortunately, that personal email account was compromised by a hacker.MORE

Hacker’s phone call to Boston Police saying he defaced their website.. because he was bored

Posted on


AntiSec

A number of websites associated with US police have been compromised by AntiSec hackers in apparent support of the “Occupy” demonstrations.

One of the sites targeted was the Boston Police Patrolmen’s Association (BPPA), which suffered a hack which resulted in the release of a thousand usernames and passwords. An obvious danger is that staff may be using the same username/password combinations on other sites – such as their email accounts or Facebook.

In addition, the AntiSec movement claimed in an online press release to be publishing more than 600MB of data stolen from the International Association of Chief of Police (IACP) website, including names and addresses, passwords and internal documents.

Names, addresses, phone numbers and social security numbers for police officers in Alabama have also been exposed, and a contact database associated with employees and clients of the internet company Matrix Group made public. Read the rest of this entry »

Anonymous hacks BART, creating even more innocent victims

Posted on


Guy Fawkes mask protester

Anonymous continued their crusade against governments and organizations this weekend, attacking the myBART.org website belonging to San Francisco’s BART (Bay Area Rapid Transit) system.

They performed a SQL injection (SQLi) attack against the site and were able to extract more than 2,000 records containing names, usernames, passwords (plain text), emails, phone numbers, addresses and zip codes.

They also defaced the website with Guy Fawkes masks, which BART has yet to remove more than four hours later.

Mybart.org defacement

While it is understandable that people are upset with BART after the recent blocking of cell phone communications to prevent protesters from organizing, it is puzzling to me how exposing thousands of innocent people’s personal information hurts BART more than it hurts transit users.

Users of rapid transit are certainly not the problem, and this simply takes a bad situation and makes it worse by creating even more victims.

During my interview about the incident with KCBS radio in San Francisco this afternoon, I was asked what people can do to protect themselves against these types of attacks. What an interesting question…

Personally, I am skeptical of anyone asking for my information for almost any reason. We can’t know how that data will be protected, shared or sold regardless of what the privacy policy may say.

The best approach is to not provide your personal information where it isn’t needed and make sure you always use a unique password for every website, regardless of how unimportant you think the site may be.

If you are a user of myBART.org, I recommend changing your passwords anywhere you might have used the same password. Aside from that, there is little you can do now that your information has been published.

Website admins, if you are still storing passwords in plain text and haven’t examined your web site for SQL injection vulnerabilities, even after the attacks against Sony, I highly recommend doing so. This is not a list you want your site to be added to.

LulzSec hacking suspect ‘Topiary’ arrested in the Shetland Islands

Posted on Updated on


Topiary Tartan LulzSec

A 19-year old man has been arrested by British police in Shetland, UK, under suspicion of launching hacking attacks against a number of websites.

Officers from the Metropolitan Police Service’s Police Central e-Crime Unit (PCeU) arrested the man as part of an international investigation into the activities of the Anonymous and LulzSec hacktivist groups.

The man, who was arrested at a residential address in Shetland, is said to have used the online nickname “Topiary” and acted as a spokesperson for the groups via forums such as Twitter.

The suspected hacker is currently being transported to a central London police station, and a search is taking place at his home.

Shetland Islands“Topiary” has been identified in the past as having a leading role in hactivist attacks launched by the LulzSec and Anonymous groups.

In recent months the LulzSec gang have hacked and launched denial-of-service attacks against a number of high profile websites including The Sun, the CIASOCASonyPBS and the US Senate.

In a related police operation, officers are searching a residential address in Lincolnshire where a 17-year-old male is being interviewed under caution in connection with the inquiry. He has not been arrested.

The truth is that LulzSec and other hacktivist groups have recently been playing an extremely dangerous game – taunting the likes of the FBI and British police with a series of hacks and attacks and believing themselves to be invincible.

If the arrested man is indeed a key member of the LulzSec gang, it could be the British police who have the last laugh.

Interestingly, Topiary deleted all the messages he had previously posted on Twitter recently, replacing them with a simple message:

"You cannot arrest an idea"

Is it possible he saw the writing on the wall?

Just last week, the UK’s PCeU arrested a 16-year-old youth – believed to be the LulzSec/Anonymous hacker known as “T-Flow” – in South London, on suspicion of breaching the Computer Misuse Act. Other arrests took place at the same time in the United States and the Netherlands.

 

CNAIPIC hacked – Italian cybercrime unit files published by Anonymous

Posted on


Anonymous, the loosely-knit hacktivist collective, is claiming to have got its hands on 8GB of “secret documents” from CNAIPIC, Italy’s cybercrime unit responsible for protecting the country’s critical IT infrastructure.

If it’s true that security at CNAIPIC has been breached by hackers, that would be a genuine concern as the group works with intelligence agencies around the world.

CNAIPIC - Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche

An Anonymous Twitter account announced the data breach, and links were posted up on Pastebin pointing to a selection of the stolen files, which included information related to various government departments around the world, including the US Department of Agriculture and Australia’s Ministry of Defence.

Documents about a number of private firms also appear to be included in the haul, which was claimed by The Legion of Anonymous Doom who are presumed to be a subgroup of Anonymous.

Hacker statement

A message posted on the internet in poorly-written English claimed that there would be more information and files released in due course:

"This is a prerelease of a series we are going to make to reveal the biggest in history of European LE cyber operation Evidence exploitation and abuse. Thing's gonna get published and twittered all over anonymous and lulzsec community."

A screenshot of a list of all the files that had been compromised was posted on the internet, and included in a news report by The Hacker News. A small portion of it is reproduced below.

Small selection of some of the allegedly stolen CNAIPIC files

So, why is Anonymous apparently targeting the Italian cybercrime authorities?

Well, earlier this month, Italian police searched dozens of houses and charged suspects, in an investigation into the Italian branch of Anonymous – which is suspected of hitting government, business and media websites with denial-of-service attacks.

Inevitably there will be speculation that this is a counter-attack against the Italian authorities following the arrests.

LulzSec and Anonymous hacker suspects arrested by US, UK and Dutch authorities

Posted on Updated on


Anonymous and LulzSec

Computer crime authorities will be hoping that they have struck a significant blow against the Anonymous and LulzSec hacking groups, following a series of raids and arrests on both sides of the Atlantic.

In the United States, 16 people have been arrested in connection with an internet attacklast year against PayPal – an assault which was claimed by the loosely-knit hacktivist group known as “Anonymous”, in retaliation for the website withdrawing support for WikiLeaks.

According to a Department of Justice press release, arrests were made in Alabama, Arizona, California, Colorado, the District of Columbia, Florida, Massachusetts, Nevada, New Mexico, Ohio and the District of New Jersey.

In all, FBI agents executed more than 35 search warrants as part of the co-ordinated investigation.

In addition, the UK’s PCeU arrested a 16-year-old youth known as ‘T-Flow’ in South London, on suspicion of breaching the Computer Misuse Act. The teenager is allegedly connected to hacks perpetrated by the LulzSec and Anonymous groups.

Finally, the Dutch National Police Agency arrested four individuals for alleged cybercrimes related to the case.

Defendants named by the US authorities include:

* Christopher Wayne Cooper, 23, aka “Anthrophobic”
* Joshua John Covelli, 26, aka “Absolem” and “Toxic”
* Keith Wilson Downey, 26
* Mercedes Renee Haefer, 20, aka “No” and “MMMM”
* Donald Husband, 29, aka “Ananon”
* Vincent Charles Kershaw, 27, aka “Trivette”, “Triv” and “Reaper”
* Ethan Miles, 33
* James C. Murphy, 36
* Drew Alan Phillips, 26, aka “Drew010″
* Jeffrey Puglisi, 28, aka “Jeffer”, “Jefferp” and “Ji”
* Daniel Sullivan, 22
* Tracy Ann Valenzuela, 42
* Christopher Quang Vo, 22

Infragard logoIn addition, 21-year-old Scott Matthew Arciszewski, 21 who was arrested by the FBI in Florida, was charged with hacks targeted at the Tampa Bay InfraGard website.

InfraGard is a public-private partnership for critical infrastructure protection sponsored by the FBI.

Meanwhile, 21-year-old Lance Moore, of Las Cruses, New Mexico, was charged with allegedly stealing confidential business information from AT&T’s web servers. Moore is said to have worked as a customer support contractor at the firm and is alleged to have downloaded thousands of documents and other files that he was not authorised to access.

The AT&T files were later published by the LulzSec hacking group.

Computer crime authorities will no doubt be hoping that they have struck a significant blow against the Anonymous and LulzSec hacking groups – but anyone who believes we have heard the last of the hacktivists is probably going to be sourly disappointed.

FBI searches homes of suspected Anonymous hacktivists in New York

Posted on


FBI badge

In the early hours of this morning, the FBI executed search warrants at to gather evidence at the homes of alleged members of the Anonymous hacktivist group.

According to a Fox News report, two homes in Long Island, New York, and one in Brooklyn, were searched by FBI agents looking for evidence that computers at the addresses had been used in distributed denial-of-service (DDoS) attacks against a number of websites.

Computer equipment is said to have been removed from the home of Giordani Jordan in Baldwin, Long Island by FBI agents.

In recent months, a number of high profile websites (including those belonging to Mastercard, Visa and the Recording Industry Association of America) were blasted off the internet in a series of DDoS attacks, with different computers scattered across the world deployed to bombard targeted sites with traffic using a tool called LOIC.

However, the Low Orbit Ion Cannon (LOIC) tool doesn’t do a very good job of covering the tracks of attackers – making it potentially easy for computer crime authorities to track those behind the attacks.

The raids in New York followed just hours after hackers launched an attack against The Sun newspaper, redirecting visitors to a false news story that News Corporation CEO Rupert Murdoch had been found dead.

In recent months we have seen Anonymous-related arrests in the USAUK,Spain, and Turkey.

Facilitating or conducting a DDoS attack is illegal in many countries around the world, and in the United States is punishable by up to 10 years in prison and considerable fines.

Anonymous leaks 90,000+ military email addresses stolen from Booz Allen Hamilton

Posted on


The latest attack in the infamous “#antisec” movement targeted Booz Allen Hamilton, a consulting firm who works with the US government. Anonymous claims to have infiltrated an unprotected server and were able to steal a significant amount of data.

#antisec banner

They claim to have released email addresses belonging to more than 90,000 US military personnel. While many folks downplay the significance of the attack and say “It’s only email addresses”, these particular email addresses may have more value than it would appear.

If we look back at the high-profile Gmail accounts that were hacked earlier this year, there clearly is demand for information about individuals related to the US defense that can be used to compromise their accounts and computers.

As Mila at Contagio blog wrote about the Gmail attack, the purpose isn’t so much to gain access to the email account itself, but rather to use email as the vehicle through which they can infect the host computer with malware.

The bigger problem for Booz Allen Hamilton is that they stored passwords with these email addresses using only a SHA hash. The passwords are not salted, which will likely lead to the majority of the passwords being exposed.

Anon

In addition to the emails, Anonymous claims to have erased 4 gigabytes worth of source code and to have discovered information which could help them attack US government and other contractors systems.

While this should certainly be embarrassing to Booz Allen Hamilton, the real impact is on the US military. These 90,000+ individuals will need to reset their passwords, and ensure any systems that they shared these passwords with are changed.

While this isn’t likely to do any good, could I please have the attention of those individuals responsible for collecting user names, passwords and personal information from people? Listening?

Could we please see these hacking attacks as a shot across the bow? Now is the time to secure your data… Encryption is NOT optional. For some helpful advice you may wish to check out our Data Security Toolkit.

Anonymous responds after suspected hacktivists arrested in Italy and Switzerland

Posted on


Anonymous

15 people, suspected of involvement in the Anonymous hacktivism movement which has launched a series of internet attacks, were arrested earlier this week following raids in Italy and Switzerland.

According to media reports, a 26-year-old Swiss-Italian called “Phre”, based in Canton Ticino, was amongst those detained and charged. It is alleged that “Phre” was a senior member of the group, who approved companies for the hackers to target.

The Italian branch of Anonymous is suspected of bombarding government, business and media websites with denial-of-service attacks, with victims including the Italian senate, energy firm ENI, defence firm Finmeccanica, and financial institution UniCredit.

A total of 32 homes in Italy and Switzerland were searched by police as part of the investigation, with those detained aged between 15 and 28 years of age. Dozens more people are believed to still be being investigated.

A statement published on an Anonymous website, however, played down the significance of the arrests.

Anonymous press release

The “press release” underlined the lack of structure inside Anonymous, and denied reports that the entire Italian Anonymous network had been dismantled:

Those arrested are not "dangerous hackers" as the media calls them, but people like you. They have been arrested while peacefully protesting for there and your rights. Our protest will continue louder than ever.

The Italian Anonymous have not fallen because of this cowardly attempt to dismantle them and announce consequences for there actions taken by the police, to demonstrate that anonymous is present and fights on, like it did in the past and will in the future, for the freedom of the internet.

I’m not sure those words will be much comfort to those who have been arrested by the Italian authorities. Right now, they may well be reflecting on whether participating in a denial-of-service attack is illegal or not.

Recently we have seen Anonymous-related arrests in the USAUKSpain, and Turkey.