http://sophosnews.files.wordpress.com/2012/02/conference-call-spy-170.jpg” alt=”Conference call spy image from Shutterstock” align=”right” hspace=”10″ vspace=”10″ />
Last month, we reported how a conference call, between the FBI and Scotland Yard, discussing their investigation into Anonymous hackers had been secretly recorded by the hacking collective and published on the net.
We surmised at the time that the unknown hackers might have secretly accessed the call by compromising a police investigator’s email account, as the call-in details and passcode were posted by Anonymous on their usual dumping ground – the PasteBin website.
http://sophosnews.files.wordpress.com/2012/02/fbi-email1.jpg” alt=”Conference call email, republished by Anonymous” />
Yesterday’s announcement by the FBI about the prominent LulzSec hacker Sabu, and other alleged hacktivists, has revealed more details about what actually happened.
According to an FBI press release, a Garda (Irish police) officer who was invited to attend the conference call about ongoing hacking investigations forwarded the message to a personal email account.
Unfortunately, that personal email account was compromised by a hacker.MORE
A Twitter post from an undergraduate student at Santa Clara University has prompted the school to acknowledge that it asked the FBI to investigate how a few dozen grades were electronically altered.
Mark Loiseau, 25, a senior electrical engineering student, received an unpleasant surprise this morning: three FBI agents showed up at his off-campus apartment wanting to have a friendly chat with him.
FBI agent Jeffrey Miller and his colleagues had complete dossiers on him and his friends, Loiseau told CNET this afternoon. “They had all my grades. They had pictures of me.”
It started out as a friendly conversation, Loiseau said, but then the FBI agents began to suggest that he was involved in illegally changing his or someone else’s grades. After receiving a denial, the trio of agents said that lying to a federal agent was a crime and that they wanted to search his computers.MORE
A number of websites associated with US police have been compromised by AntiSec hackers in apparent support of the “Occupy” demonstrations.
One of the sites targeted was the Boston Police Patrolmen’s Association (BPPA), which suffered a hack which resulted in the release of a thousand usernames and passwords. An obvious danger is that staff may be using the same username/password combinations on other sites – such as their email accounts or Facebook.
In addition, the AntiSec movement claimed in an online press release to be publishing more than 600MB of data stolen from the International Association of Chief of Police (IACP) website, including names and addresses, passwords and internal documents.
Names, addresses, phone numbers and social security numbers for police officers in Alabama have also been exposed, and a contact database associated with employees and clients of the internet company Matrix Group made public. Read the rest of this entry »
A 19-year old man has been arrested by British police in Shetland, UK, under suspicion of launching hacking attacks against a number of websites.
Officers from the Metropolitan Police Service’s Police Central e-Crime Unit (PCeU) arrested the man as part of an international investigation into the activities of the Anonymous and LulzSec hacktivist groups.
The man, who was arrested at a residential address in Shetland, is said to have used the online nickname “Topiary” and acted as a spokesperson for the groups via forums such as Twitter.
The suspected hacker is currently being transported to a central London police station, and a search is taking place at his home.
“Topiary” has been identified in the past as having a leading role in hactivist attacks launched by the LulzSec and Anonymous groups.
In a related police operation, officers are searching a residential address in Lincolnshire where a 17-year-old male is being interviewed under caution in connection with the inquiry. He has not been arrested.
The truth is that LulzSec and other hacktivist groups have recently been playing an extremely dangerous game – taunting the likes of the FBI and British police with a series of hacks and attacks and believing themselves to be invincible.
If the arrested man is indeed a key member of the LulzSec gang, it could be the British police who have the last laugh.
Interestingly, Topiary deleted all the messages he had previously posted on Twitter recently, replacing them with a simple message:
"You cannot arrest an idea"
Is it possible he saw the writing on the wall?
Just last week, the UK’s PCeU arrested a 16-year-old youth - believed to be the LulzSec/Anonymous hacker known as “T-Flow” – in South London, on suspicion of breaching the Computer Misuse Act. Other arrests took place at the same time in the United States and the Netherlands.
Anonymous, the loosely-knit hacktivist collective, is claiming to have got its hands on 8GB of “secret documents” from CNAIPIC, Italy’s cybercrime unit responsible for protecting the country’s critical IT infrastructure.
If it’s true that security at CNAIPIC has been breached by hackers, that would be a genuine concern as the group works with intelligence agencies around the world.
An Anonymous Twitter account announced the data breach, and links were posted up on Pastebin pointing to a selection of the stolen files, which included information related to various government departments around the world, including the US Department of Agriculture and Australia’s Ministry of Defence.
Documents about a number of private firms also appear to be included in the haul, which was claimed by The Legion of Anonymous Doom who are presumed to be a subgroup of Anonymous.
A message posted on the internet in poorly-written English claimed that there would be more information and files released in due course:
"This is a prerelease of a series we are going to make to reveal the biggest in history of European LE cyber operation Evidence exploitation and abuse. Thing's gonna get published and twittered all over anonymous and lulzsec community."
A screenshot of a list of all the files that had been compromised was posted on the internet, and included in a news report by The Hacker News. A small portion of it is reproduced below.
So, why is Anonymous apparently targeting the Italian cybercrime authorities?
Well, earlier this month, Italian police searched dozens of houses and charged suspects, in an investigation into the Italian branch of Anonymous – which is suspected of hitting government, business and media websites with denial-of-service attacks.
Inevitably there will be speculation that this is a counter-attack against the Italian authorities following the arrests.
The US Deputy Defense Secretary William Lynn has revealed that a foreign intelligence agency was behind a hack attack that stole classified information about a top secret weapons system.
According to Aviation Week, the weapons system, which is under development, might have to be redesigned after the files were stolen from a military contractor’s computer network.
Plans and confidential blueprints were included in the haul of 24,000 files said to have been copied by the hackers.
The revelation came to light as William Lynn gave a speech at the National Defense University (NDU) in Washington DC, outlining his department’s “first ever strategy for operating in cyberspace”. Recognising that the problem extended beyond its own networks, the Pentagon is piloting a program to share classified intelligence about threats with select military contractors and their ISPs.
NDU was somehow an appropriate venue for the speech – Lynn told his audience that the National Defense University itself had fallen victim to hackers after its “website and its associated server were recently compromised by an intrusion that turned over system control to an unknown intruder.”
Lynn’s speech contained much jaw-jaw about the nature of cyberwar – and how it could vary from destructive attacks to information theft:
"Tools capable of disrupting or destroying critical networks, causing physical damage, or altering the performance of key systems, exist today. The advent of these tools mark a strategic shift in the cyber threat - a threat that continues to evolve. As a result of this threat, keystrokes originating in one country can impact the other side of the globe in the blink of an eye. In the 21st Century, bits and bytes can be as threatening as bullets and bombs."
"But disruptive and destructive attacks are only one end of a continuum of malicious activity in cyberspace that includes espionage, intellectual property theft, and fraud. Although in the future we are likely to see destructive or disruptive cyber attacks that could have an impact analogous to physical hostilities, the vast majority of malicious cyber activity today does not cross this threshold."
"In looking at the current landscape of malicious activity, the most prevalent cyber threat to date has been exploitation - the theft of information and intellectual property from government and commercial networks."
I have always been nervous of the tendency amongst governments to point fingers at foreign nations and blame them for an internet attack. For instance, Lynn claims that a foreign government was involved in the hack, but does not say which one.
You have to ask yourself, why the reluctance to say which country? And if you don’t know which country, how do you know it was any country?
Of course, the US Deputy Defense Secretary has shown himself to be tight-lipped on matters to do with internet attacks in the past. For instance, he declined to confirm or deny if the USA had been responsible for the Stuxnet virus.
And we shouldn’t be naive. Just because it’s hard to prove that a particular country was behind a particular cyber attack, doesn’t mean that that country is whiter-than-white when it comes to such things.
My suspicion is that all countries are using the internet to their advantage when engaged in espionage – whether it be for political, economic or military ends.
What surprises me, however, is that Lynn claims that these sort of “sophisticated capabilities” (the ability to hack into military contractor computer systems and steal files) is almost exclusively within the abilities of nation states, and that the only thing stopping countries from using the internet to destroy their enemies is the risk of a military counter-attack:
"Today, sophisticated cyber capabilities reside almost exclusively in nation-states. Here, U.S. military power offers a strong deterrent against overtly destructive attacks. Although attribution in cyberspace can be difficult, the risk of discovery and response for a major nation is still too great to risk launching destructive attacks against the United States. We must nevertheless guard against the possibility that circumstances could change, and we will have to defend against a sophisticated adversary who is not deterred from launching a cyber attack."
Of course, terrorists probably wouldn’t fear a counter-attack like this. Why haven’t they launched a destructive strike against the United States? Well, Lynn has an answer for that:
"If a terrorist group gains disruptive or destructive cyber tools, we have to assume they will strike with little hesitation. And it is clear that terrorist groups, as well as rogue states, are intent on acquiring, refining, and expanding their cyber capabilities."
Hmm. So, thank goodness that only governments know how to get their hands on the most dangerous and destructive internet weapons and that the rest of the world just isn’t as sophisticated..
Marine Gen. James Cartwright, Vice Chairman of the Joint Chiefs of Staff, told the press gathered at NDU that he believed a defensive approach to cyberwar is insufficient, and that the current situation of the Pentagon being 90% focused on defensive measures and 10% on offensive, should be reversed.
One thing is clear amongst all this talk – computer security needs to be taken seriously. Cybercriminals, whether state-sponsored or not, are regularly going beyond damaging and defacing websites to stealing sensitive information which could have more than a financial value. You would be foolish to ignore such a threat, and ensure that you have strong defences in place.
Meanwhile, the US Department of Defense says that it is now treating cyberspace as an operational domain – alongside land, air, sea and space. As such, I think we can expect to see more speeches warning about the perils that the United States faces from other nations and terrorist forces.
If you went to the website of Sony Music Ireland (sonymusic.ie) earlier today you would have discovered some astonishing celebrity stories:
- Scientists have proved that the X Factor TV show is for the stupid.
- Two members of the Irish pop band “The Script” were found dead in their backstage dressing room.
- Rebecca Black (the teenage singer who became an internet meme after her phenomenally bad “Friday” video became a YouTube hit) has married R Kelly in Disneyland.
- Perhaps most astonishingly of all, the story claims that Miss Black has joined Sony’s security team.
If it’s true that Rebecca Black is going to be helping Sony with their computer security, then she’s going to be kept busy.
But, of course, all of the stories are fake.
Hackers appear to have broken into Sony Music Ireland’s site and planted the bogus celebrity stories. It’s just the latest in a long line of attacks upon Sony websites, and further embarrasses the company as it tries to protect its online reputation.
Sony Music Ireland is presently redirecting visitors to its website to its Facebook page instead. Presumably they will bring the site back online once they are confident they have got its security under proper control.
If you run a website it’s essential that you ensure it is being kept as secure as possible. If you haven’t already done so, read this informative paper by SophosLabs, “Securing websites”, which covers some of the issues.
Imagine you’re giving a presentation to the board of directors at your company. You have your PowerPoint slides all ready, you’re projecting onto a 64 inch screen… what could possibly go wrong?
Well, what would you do if your carefully composed presentation was replaced on the big screen by images of a naked woman? My guess is that you wouldn’t know where to put your laser pointer..
52-year-old Walter Powell used to be an IT manager at Baltimore Substance Abuse System Inc, until he was fired in 2009. Clearly someone who believed that revenge should be served red hot, Powell used his computer knowledge to hack into his former employer’s systems from his home and install keylogging software to steal passwords.
On one occasion, Powell took remote control of his former CEO’s PowerPoint presentation to the board of directors, and projected pornographic images on the 64 inch TV.
According to media reports, Judge M. Brooke Murdock gave Powell a two year suspended sentence, and ordered him to 100 hours of community service and three years’ probation.
Cases like this underline the importance of having a proper process in place when staff leave your company. That means changing passwords, and removing access rights when an employee’s time at your firm comes to an end.
People do, of course, leave jobs all the time and most of them would never dream of logging back in to their old place of work to cause trouble. But it only takes one disaffected former worker to wreak havoc – so make sure your defences are in place, and that only authorised users can access your sensitive systems.SRC
By Jerry Brito on June 19, 2011
Among the cyber vigilantes are The Jester (a.k.a. Th3j35t3r), a self-described ex-military gray-hat hacker who has previously attacked Wikileaks and 4chan, and a group calling itself Web Ninjas who are documenting their search on the LulzSec Exposed website.
The evidence compiled by The Jester and Web Ninjas includes purported chat logs of LulzSec’s private IRC channel, as well as circumstantial evidence identifying the members of LulzSec and their alleged true identities. They say they have passed on the information to the FBI.
We have previously speculated that LulzSec is a throwback to Anonymous‘ more anarchic past, perhaps formed by a few skilled Anons who grew weary of the hacker collective’s political pretension. The information presented by The Jester and Web Ninjas seems to corroborate this.
Two weeks ago, LulzSec tweeted, “This is the guy that paid us to hack pbs.org,” and pointed to the account of Branndon Pike, a 21-year-old from Daytona, Florida, who is a former Anonymous contributor. He told Fox News that LulzSec was pranking him because they were upset he had linked them to Anonymous.
Last week, someone anonymously posted to the Full Disclosure computer security mailing list a chat log of a conversation between LulzSec members . LulzSec responded to the leak, thereby confirming the log’s authenticity, stating that the compromised channel was only used “to recruit talent for side-operations” and that their main channel remained untouched.
Mentioning handles present in the chat log, LulzSec said that “people such as joepie91/Neuron/Storm/trollpoll/voodoo are not involved with LulzSec, they just hang out with us in that channel.” This implied that the handles they did not mention—including “Kayla” and “Topiary”—are indeed members of LulzSec.
Kayla is a name previously linked to Anonymous and its attacks on computer security firm HBGary. In March, she gave an interview to Forbes in which she disclosed her involvement with Anonymous and many personal details. Web Ninjas and The Jester claim that Kayla is actually a man.
Topiary is also a name linked to Anonymous. After the Anonymous attacks on the Westboro Baptist Church, an Anonymous representative debated a church leader on the David Pakman show. A widely circulated video of the exchange shows the name “Topiary” as the Anonymous spokesman’s Skype username.
This week a public radio producer called the seemingly untraceable phone number at which LulzSec has been taking calls, and recorded his conversation with members of the group. One of the LulzSec voices sounds like the voice of Topiary and has a similar European accent.
Web Ninjas have also posted photos and details of several other persons who they say correspond to the handles on the chat logs, including that of a man said to be “Sabu,” the supposed leader of LulzSec. “We do have his name, address, location and work but we are not publishing,” Web Ninjas said.