hacking

How Anonymous spied on FBI / UK Police hacking investigation conference call

Posted on


 

http://sophosnews.files.wordpress.com/2012/02/conference-call-spy-170.jpg” alt=”Conference call spy image from Shutterstock” align=”right” hspace=”10″ vspace=”10″ />

Conference call spy image from ShutterstockLast month, we reported how a conference call, between the FBI and Scotland Yard, discussing their investigation into Anonymous hackers had been secretly recorded by the hacking collective and published on the net.

We surmised at the time that the unknown hackers might have secretly accessed the call by compromising a police investigator’s email account, as the call-in details and passcode were posted by Anonymous on their usual dumping ground – the PasteBin website.

http://sophosnews.files.wordpress.com/2012/02/fbi-email1.jpg” alt=”Conference call email, republished by Anonymous” />

Conference call email, republished by AnonymousYesterday’s announcement by the FBI about the prominent LulzSec hacker Sabu, and other alleged hacktivists, has revealed more details about what actually happened.

According to an FBI press release, a Garda (Irish police) officer who was invited to attend the conference call about ongoing hacking investigations forwarded the message to a personal email account.

Unfortunately, that personal email account was compromised by a hacker.MORE

FBI investigates grade change hacking at Santa Clara

Posted on


Mark Loiseau, who says the FBI gained access to his Verizon and Google Voice accounts

A Twitter post from an undergraduate student at Santa Clara University has prompted the school to acknowledge that it asked the FBI to investigate how a few dozen grades were electronically altered.

Mark Loiseau, 25, a senior electrical engineering student, received an unpleasant surprise this morning: three FBI agents showed up at his off-campus apartment wanting to have a friendly chat with him.

FBI agent Jeffrey Miller and his colleagues had complete dossiers on him and his friends, Loiseau told CNET this afternoon. “They had all my grades. They had pictures of me.”

It started out as a friendly conversation, Loiseau said, but then the FBI agents began to suggest that he was involved in illegally changing his or someone else’s grades. After receiving a denial, the trio of agents said that lying to a federal agent was a crime and that they wanted to search his computers.MORE

Hacker’s phone call to Boston Police saying he defaced their website.. because he was bored

Posted on


AntiSec

A number of websites associated with US police have been compromised by AntiSec hackers in apparent support of the “Occupy” demonstrations.

One of the sites targeted was the Boston Police Patrolmen’s Association (BPPA), which suffered a hack which resulted in the release of a thousand usernames and passwords. An obvious danger is that staff may be using the same username/password combinations on other sites – such as their email accounts or Facebook.

In addition, the AntiSec movement claimed in an online press release to be publishing more than 600MB of data stolen from the International Association of Chief of Police (IACP) website, including names and addresses, passwords and internal documents.

Names, addresses, phone numbers and social security numbers for police officers in Alabama have also been exposed, and a contact database associated with employees and clients of the internet company Matrix Group made public. Read the rest of this entry »

LulzSec hacking suspect ‘Topiary’ arrested in the Shetland Islands

Posted on Updated on


Topiary Tartan LulzSec

A 19-year old man has been arrested by British police in Shetland, UK, under suspicion of launching hacking attacks against a number of websites.

Officers from the Metropolitan Police Service’s Police Central e-Crime Unit (PCeU) arrested the man as part of an international investigation into the activities of the Anonymous and LulzSec hacktivist groups.

The man, who was arrested at a residential address in Shetland, is said to have used the online nickname “Topiary” and acted as a spokesperson for the groups via forums such as Twitter.

The suspected hacker is currently being transported to a central London police station, and a search is taking place at his home.

Shetland Islands“Topiary” has been identified in the past as having a leading role in hactivist attacks launched by the LulzSec and Anonymous groups.

In recent months the LulzSec gang have hacked and launched denial-of-service attacks against a number of high profile websites including The Sun, the CIASOCASonyPBS and the US Senate.

In a related police operation, officers are searching a residential address in Lincolnshire where a 17-year-old male is being interviewed under caution in connection with the inquiry. He has not been arrested.

The truth is that LulzSec and other hacktivist groups have recently been playing an extremely dangerous game – taunting the likes of the FBI and British police with a series of hacks and attacks and believing themselves to be invincible.

If the arrested man is indeed a key member of the LulzSec gang, it could be the British police who have the last laugh.

Interestingly, Topiary deleted all the messages he had previously posted on Twitter recently, replacing them with a simple message:

"You cannot arrest an idea"

Is it possible he saw the writing on the wall?

Just last week, the UK’s PCeU arrested a 16-year-old youth – believed to be the LulzSec/Anonymous hacker known as “T-Flow” – in South London, on suspicion of breaching the Computer Misuse Act. Other arrests took place at the same time in the United States and the Netherlands.

 

CNAIPIC hacked – Italian cybercrime unit files published by Anonymous

Posted on


Anonymous, the loosely-knit hacktivist collective, is claiming to have got its hands on 8GB of “secret documents” from CNAIPIC, Italy’s cybercrime unit responsible for protecting the country’s critical IT infrastructure.

If it’s true that security at CNAIPIC has been breached by hackers, that would be a genuine concern as the group works with intelligence agencies around the world.

CNAIPIC - Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche

An Anonymous Twitter account announced the data breach, and links were posted up on Pastebin pointing to a selection of the stolen files, which included information related to various government departments around the world, including the US Department of Agriculture and Australia’s Ministry of Defence.

Documents about a number of private firms also appear to be included in the haul, which was claimed by The Legion of Anonymous Doom who are presumed to be a subgroup of Anonymous.

Hacker statement

A message posted on the internet in poorly-written English claimed that there would be more information and files released in due course:

"This is a prerelease of a series we are going to make to reveal the biggest in history of European LE cyber operation Evidence exploitation and abuse. Thing's gonna get published and twittered all over anonymous and lulzsec community."

A screenshot of a list of all the files that had been compromised was posted on the internet, and included in a news report by The Hacker News. A small portion of it is reproduced below.

Small selection of some of the allegedly stolen CNAIPIC files

So, why is Anonymous apparently targeting the Italian cybercrime authorities?

Well, earlier this month, Italian police searched dozens of houses and charged suspects, in an investigation into the Italian branch of Anonymous – which is suspected of hitting government, business and media websites with denial-of-service attacks.

Inevitably there will be speculation that this is a counter-attack against the Italian authorities following the arrests.

LulzSec and Anonymous hacker suspects arrested by US, UK and Dutch authorities

Posted on Updated on


Anonymous and LulzSec

Computer crime authorities will be hoping that they have struck a significant blow against the Anonymous and LulzSec hacking groups, following a series of raids and arrests on both sides of the Atlantic.

In the United States, 16 people have been arrested in connection with an internet attacklast year against PayPal – an assault which was claimed by the loosely-knit hacktivist group known as “Anonymous”, in retaliation for the website withdrawing support for WikiLeaks.

According to a Department of Justice press release, arrests were made in Alabama, Arizona, California, Colorado, the District of Columbia, Florida, Massachusetts, Nevada, New Mexico, Ohio and the District of New Jersey.

In all, FBI agents executed more than 35 search warrants as part of the co-ordinated investigation.

In addition, the UK’s PCeU arrested a 16-year-old youth known as ‘T-Flow’ in South London, on suspicion of breaching the Computer Misuse Act. The teenager is allegedly connected to hacks perpetrated by the LulzSec and Anonymous groups.

Finally, the Dutch National Police Agency arrested four individuals for alleged cybercrimes related to the case.

Defendants named by the US authorities include:

* Christopher Wayne Cooper, 23, aka “Anthrophobic”
* Joshua John Covelli, 26, aka “Absolem” and “Toxic”
* Keith Wilson Downey, 26
* Mercedes Renee Haefer, 20, aka “No” and “MMMM”
* Donald Husband, 29, aka “Ananon”
* Vincent Charles Kershaw, 27, aka “Trivette”, “Triv” and “Reaper”
* Ethan Miles, 33
* James C. Murphy, 36
* Drew Alan Phillips, 26, aka “Drew010″
* Jeffrey Puglisi, 28, aka “Jeffer”, “Jefferp” and “Ji”
* Daniel Sullivan, 22
* Tracy Ann Valenzuela, 42
* Christopher Quang Vo, 22

Infragard logoIn addition, 21-year-old Scott Matthew Arciszewski, 21 who was arrested by the FBI in Florida, was charged with hacks targeted at the Tampa Bay InfraGard website.

InfraGard is a public-private partnership for critical infrastructure protection sponsored by the FBI.

Meanwhile, 21-year-old Lance Moore, of Las Cruses, New Mexico, was charged with allegedly stealing confidential business information from AT&T’s web servers. Moore is said to have worked as a customer support contractor at the firm and is alleged to have downloaded thousands of documents and other files that he was not authorised to access.

The AT&T files were later published by the LulzSec hacking group.

Computer crime authorities will no doubt be hoping that they have struck a significant blow against the Anonymous and LulzSec hacking groups – but anyone who believes we have heard the last of the hacktivists is probably going to be sourly disappointed.

‘Foreign government’ hackers steal secret Pentagon plans

Posted on


Blueprint

The US Deputy Defense Secretary William Lynn has revealed that a foreign intelligence agency was behind a hack attack that stole classified information about a top secret weapons system.

According to Aviation Week, the weapons system, which is under development, might have to be redesigned after the files were stolen from a military contractor’s computer network.

Plans and confidential blueprints were included in the haul of 24,000 files said to have been copied by the hackers.

The revelation came to light as William Lynn gave a speech at the National Defense University (NDU) in Washington DC, outlining his department’s “first ever strategy for operating in cyberspace”. Recognising that the problem extended beyond its own networks, the Pentagon is piloting a program to share classified intelligence about threats with select military contractors and their ISPs.

NDU was somehow an appropriate venue for the speech – Lynn told his audience that the National Defense University itself had fallen victim to hackers after its “website and its associated server were recently compromised by an intrusion that turned over system control to an unknown intruder.”

William Lynn speech

Lynn’s speech contained much jaw-jaw about the nature of cyberwar – and how it could vary from destructive attacks to information theft:

"Tools capable of disrupting or destroying critical networks, causing physical damage, or altering the performance of key systems, exist today. The advent of these tools mark a strategic shift in the cyber threat - a threat that continues to evolve. As a result of this threat, keystrokes originating in one country can impact the other side of the globe in the blink of an eye. In the 21st Century, bits and bytes can be as threatening as bullets and bombs."

"But disruptive and destructive attacks are only one end of a continuum of malicious activity in cyberspace that includes espionage, intellectual property theft, and fraud. Although in the future we are likely to see destructive or disruptive cyber attacks that could have an impact analogous to physical hostilities, the vast majority of malicious cyber activity today does not cross this threshold."

"In looking at the current landscape of malicious activity, the most prevalent cyber threat to date has been exploitation - the theft of information and intellectual property from government and commercial networks."

ChessI have always been nervous of the tendency amongst governments to point fingers at foreign nations and blame them for an internet attack. For instance, Lynn claims that a foreign government was involved in the hack, but does not say which one.

You have to ask yourself, why the reluctance to say which country? And if you don’t know which country, how do you know it was any country?

Of course, the US Deputy Defense Secretary has shown himself to be tight-lipped on matters to do with internet attacks in the past. For instance, he declined to confirm or deny if the USA had been responsible for the Stuxnet virus.

And we shouldn’t be naive. Just because it’s hard to prove that a particular country was behind a particular cyber attack, doesn’t mean that that country is whiter-than-white when it comes to such things.

My suspicion is that all countries are using the internet to their advantage when engaged in espionage – whether it be for political, economic or military ends.

Nuclear buttonWhat surprises me, however, is that Lynn claims that these sort of “sophisticated capabilities” (the ability to hack into military contractor computer systems and steal files) is almost exclusively within the abilities of nation states, and that the only thing stopping countries from using the internet to destroy their enemies is the risk of a military counter-attack:

"Today, sophisticated cyber capabilities reside almost exclusively in nation-states. Here, U.S. military power offers a strong deterrent against overtly destructive attacks. Although attribution in cyberspace can be difficult, the risk of discovery and response for a major nation is still too great to risk launching destructive attacks against the United States. We must nevertheless guard against the possibility that circumstances could change, and we will have to defend against a sophisticated adversary who is not deterred from launching a cyber attack."

Of course, terrorists probably wouldn’t fear a counter-attack like this. Why haven’t they launched a destructive strike against the United States? Well, Lynn has an answer for that:

"If a terrorist group gains disruptive or destructive cyber tools, we have to assume they will strike with little hesitation. And it is clear that terrorist groups, as well as rogue states, are intent on acquiring, refining, and expanding their cyber capabilities."

Hmm. So, thank goodness that only governments know how to get their hands on the most dangerous and destructive internet weapons and that the rest of the world just isn’t as sophisticated..

The PentagonMarine Gen. James Cartwright, Vice Chairman of the Joint Chiefs of Staff, told the press gathered at NDU that he believed a defensive approach to cyberwar is insufficient, and that the current situation of the Pentagon being 90% focused on defensive measures and 10% on offensive, should be reversed.

One thing is clear amongst all this talk – computer security needs to be taken seriously. Cybercriminals, whether state-sponsored or not, are regularly going beyond damaging and defacing websites to stealing sensitive information which could have more than a financial value. You would be foolish to ignore such a threat, and ensure that you have strong defences in place.

Meanwhile, the US Department of Defense says that it is now treating cyberspace as an operational domain – alongside land, air, sea and space. As such, I think we can expect to see more speeches warning about the perils that the United States faces from other nations and terrorist forces.