LulzSec

How Anonymous spied on FBI / UK Police hacking investigation conference call

Posted on


 

http://sophosnews.files.wordpress.com/2012/02/conference-call-spy-170.jpg” alt=”Conference call spy image from Shutterstock” align=”right” hspace=”10″ vspace=”10″ />

Conference call spy image from ShutterstockLast month, we reported how a conference call, between the FBI and Scotland Yard, discussing their investigation into Anonymous hackers had been secretly recorded by the hacking collective and published on the net.

We surmised at the time that the unknown hackers might have secretly accessed the call by compromising a police investigator’s email account, as the call-in details and passcode were posted by Anonymous on their usual dumping ground – the PasteBin website.

http://sophosnews.files.wordpress.com/2012/02/fbi-email1.jpg” alt=”Conference call email, republished by Anonymous” />

Conference call email, republished by AnonymousYesterday’s announcement by the FBI about the prominent LulzSec hacker Sabu, and other alleged hacktivists, has revealed more details about what actually happened.

According to an FBI press release, a Garda (Irish police) officer who was invited to attend the conference call about ongoing hacking investigations forwarded the message to a personal email account.

Unfortunately, that personal email account was compromised by a hacker.MORE

LulzSec suspect pleads not guilty to Sony Pictures website hack

Posted on


Cody Kretsinger. (CNN/KTVK)

A 23-year-old man, suspected of being a member of the LulzSec hacking gang, has pleaded not guilty to an attack on the Sony Pictures website.

Cody Kretsinger, from Phoenix, Arizona, pleaded not guilty to conspiracy and unauthorized impairment of a protected computer during a hearing at Los Angeles District Court.

Kretsinger is alleged to be the LulzSec member known as “Recursion”, and is accused of being involved in an SQL injection attack that stole information from Sony Pictures in June, exposing users email addresses and passwords.

Approximately 150,000 confidential records were subsequently published online by LulzSec who mocked Sony’s weak security:

"SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"

HideMyAss logoProsecutors claim that Kretsinger used the HideMyAss.com proxy server website to disguise his IP address as he allegedly probed Sony Pictures’ computer systems in May 2011, hunting for vulnerabilities.

HideMyAss.com’s terms and conditions stipulate that their service is not to be used for illegal activity, however, and they co-operated with the authorities when a court order was received requesting information.

Kretsinger’s trial is scheduled to begin on December 13th. If convicted he faces up to 15 years in prison.SRC

LulzSec hacker Topiary released on bail

Posted on Updated on


Jake Davis, an 18-year-old from the Shetland Islands, was released on bail after being charged with five offences relating to computer attacks and break-ins by the LulzSec and Anonymous hacking groups. Davis was granted bail to stay with his mother at their new home in Spalding, Lincolnshire, on condition that he does not access the internet either directly or through anyone else. He also has to wear a tag to ensure a 10pm to 7am curfew. Davis, whom police believe used the online nickname “Topiary” and was a member of the LulzSec and Anonymous hacking groups, was arrested at 2.10pm last Wednesday in Mid Yell, an northern island of the Shetlands.

He was charged on Sunday night with offences under the Computer Misuse Act, the Serious Crime Act, and the Criminal Law Act. Davis is accused of gathering data from National Health Service computers, being involved with attacks on News International and being part of an attack that caused the website for the Serious Organised Crime Agency to collapse. It is claimed that the hacking attacks compromised personal data for hundreds of thousands of people via the NHS, and the bank details of a large number of people when Sony Pictures Entertainment was hacked.

LulzSec hacking suspect ‘Topiary’ arrested in the Shetland Islands

Posted on Updated on


Topiary Tartan LulzSec

A 19-year old man has been arrested by British police in Shetland, UK, under suspicion of launching hacking attacks against a number of websites.

Officers from the Metropolitan Police Service’s Police Central e-Crime Unit (PCeU) arrested the man as part of an international investigation into the activities of the Anonymous and LulzSec hacktivist groups.

The man, who was arrested at a residential address in Shetland, is said to have used the online nickname “Topiary” and acted as a spokesperson for the groups via forums such as Twitter.

The suspected hacker is currently being transported to a central London police station, and a search is taking place at his home.

Shetland Islands“Topiary” has been identified in the past as having a leading role in hactivist attacks launched by the LulzSec and Anonymous groups.

In recent months the LulzSec gang have hacked and launched denial-of-service attacks against a number of high profile websites including The Sun, the CIASOCASonyPBS and the US Senate.

In a related police operation, officers are searching a residential address in Lincolnshire where a 17-year-old male is being interviewed under caution in connection with the inquiry. He has not been arrested.

The truth is that LulzSec and other hacktivist groups have recently been playing an extremely dangerous game – taunting the likes of the FBI and British police with a series of hacks and attacks and believing themselves to be invincible.

If the arrested man is indeed a key member of the LulzSec gang, it could be the British police who have the last laugh.

Interestingly, Topiary deleted all the messages he had previously posted on Twitter recently, replacing them with a simple message:

"You cannot arrest an idea"

Is it possible he saw the writing on the wall?

Just last week, the UK’s PCeU arrested a 16-year-old youth - believed to be the LulzSec/Anonymous hacker known as “T-Flow” – in South London, on suspicion of breaching the Computer Misuse Act. Other arrests took place at the same time in the United States and the Netherlands.

 

LulzSec and Anonymous hacker suspects arrested by US, UK and Dutch authorities

Posted on Updated on


Anonymous and LulzSec

Computer crime authorities will be hoping that they have struck a significant blow against the Anonymous and LulzSec hacking groups, following a series of raids and arrests on both sides of the Atlantic.

In the United States, 16 people have been arrested in connection with an internet attacklast year against PayPal – an assault which was claimed by the loosely-knit hacktivist group known as “Anonymous”, in retaliation for the website withdrawing support for WikiLeaks.

According to a Department of Justice press release, arrests were made in Alabama, Arizona, California, Colorado, the District of Columbia, Florida, Massachusetts, Nevada, New Mexico, Ohio and the District of New Jersey.

In all, FBI agents executed more than 35 search warrants as part of the co-ordinated investigation.

In addition, the UK’s PCeU arrested a 16-year-old youth known as ‘T-Flow’ in South London, on suspicion of breaching the Computer Misuse Act. The teenager is allegedly connected to hacks perpetrated by the LulzSec and Anonymous groups.

Finally, the Dutch National Police Agency arrested four individuals for alleged cybercrimes related to the case.

Defendants named by the US authorities include:

* Christopher Wayne Cooper, 23, aka “Anthrophobic”
* Joshua John Covelli, 26, aka “Absolem” and “Toxic”
* Keith Wilson Downey, 26
* Mercedes Renee Haefer, 20, aka “No” and “MMMM”
* Donald Husband, 29, aka “Ananon”
* Vincent Charles Kershaw, 27, aka “Trivette”, “Triv” and “Reaper”
* Ethan Miles, 33
* James C. Murphy, 36
* Drew Alan Phillips, 26, aka “Drew010″
* Jeffrey Puglisi, 28, aka “Jeffer”, “Jefferp” and “Ji”
* Daniel Sullivan, 22
* Tracy Ann Valenzuela, 42
* Christopher Quang Vo, 22

Infragard logoIn addition, 21-year-old Scott Matthew Arciszewski, 21 who was arrested by the FBI in Florida, was charged with hacks targeted at the Tampa Bay InfraGard website.

InfraGard is a public-private partnership for critical infrastructure protection sponsored by the FBI.

Meanwhile, 21-year-old Lance Moore, of Las Cruses, New Mexico, was charged with allegedly stealing confidential business information from AT&T’s web servers. Moore is said to have worked as a customer support contractor at the firm and is alleged to have downloaded thousands of documents and other files that he was not authorised to access.

The AT&T files were later published by the LulzSec hacking group.

Computer crime authorities will no doubt be hoping that they have struck a significant blow against the Anonymous and LulzSec hacking groups – but anyone who believes we have heard the last of the hacktivists is probably going to be sourly disappointed.

FBI searches LulzSec suspect’s home in Hamilton, Ohio

Posted on Updated on


The international investigation into the notorious LulzSec hacking gang continues, with news that FBI agents have searched a house in Hamilton, Ohio.

According to local media reports, federal agents are said to have searched a teenager’s home in Jackson Road, Hamilton, although no-one was charged after the search warrant was served.

Whether the FBI was acting upon information gleaned from Ryan Cleary, the British teenager who was charged last week in relation to a series of denial-of-service attacks, is unclear.

However, there is speculation that US law enforcement officers may have been acting in part based upon information released by the LulzSec group earlier this group, outing members believed to have leaked the group’s private online chat logs.

A June 21st posting by LulzSec on PasteBin claimed to reveal the true identities of members who called themselves “m_nerva” and “hann”. Apparent real names and addresses were given for both individuals by LulzSec who said:

"These goons begged us for mercy after they apologized to us all night for leaking some of our affiliates' logs. There is no mercy on The Lulz Boat."

In m_nerva’s case, his address was listed by LulzSec as being in Hamilton, Ohio.

Part of a statement from LulzSec

A tweet published at the same time as the information was posted indicated that there was little love between LulzSec members and the member they believed had snitched on them.

The Lulz Boat@LulzSec
The Lulz Boat

Remember this tweet, m_nerva, for I know you’ll read it: your cold jail cell will be haunted with our endless laughter. Game over, child.

Hackers, eh? You just can’t trust ‘em..

With rival hackers apparently turning on each other, and with law enforcement agencies around the world on their tail, it certainly feels as if those who sailed on the Lulz Boat may not be quite so merry as they once were.

 

 

FOR LATEST NEWS ON SCAM, SPAM ALERTS, HACKING, TECHNOLOGY NEWS. PLEASE

FOLLOW “COMPUTER ADDICTED” PAGE IN FACEBOOK:CLICK HERE

Anonymous Picks up Slack as LulzSec Calls it Quits

Posted on


Hacking season is not over yet. Even though LulzSec, the group of hackers who made a name for themselves by hacking Sony, Nintendo, and PBS among others, called it quits on Saturday, another group wants to pick up the slack.

hackers lulzsecAfter announcing the end of its activities, Lulzsec encouraged its 281,870 Twitter followers to follow the account of Anonymous, another hacking organization, which on Monday published new materials on counter-hacking tools and addresses of U.S. FBI locations. Anonymous also picked up more than 60,000 Twitter followers over the past 24 hours.

Acknowledging LulzSec’s retirement, the group released a torrent file containing all the data it obtained over the past seven weeks, including data from prominent targets such as the CIA, U.S. Senate, Sony, and AOL.

Even though LulzSec has been active for only 50 days, the hacking group garnered a significant amount of media attention: “For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could,” the group says in a goodbye note.

anonymous hackersAnonymous is the hacking group that was alleged (but denied any involvement) to be behind the massive Sony PlayStation Service hack earlier this year.

The files Anonymous released Monday include documents and hacking and counter-hacking tools. The data weighs in at 625MB and its exact source is not mentioned, except a link to the CDI Sentinel program page, which provides free cybersecurity training using a mobile computer lab.

Follow Daniel Ionescu and Today @ PCWorld on Twitter 

FOLLOW “COMPUTER ADDICTED” PAGE IN FACEBOOK:CLICK HERE

LulzSec Shuts Down, Ends Hacking Campaign

Posted on Updated on


LulzSec, the hacker group that has hacked the CIA, U.S. Senate, Nintendo, Sony and others, has surprisingly announced that it is disbanding.

LulzSec, short for Lulz Security, claims that it intended to only operate for 50 days as an attempt to revive the AntiSec movement, which is opposed to the computer security industry.

“For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could,” the hacker group said in its announcement. “All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love.”

The release continues on, explaining that the organization is not tied to its LulzSec identity and has succeeded in bringing back the AntiSec movement. The group, in fact, encourages others to take up its cause. “We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us… Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.”

As its final parting gift, the group released one last data dump with data allegedly taken from AT&T, AOL, Disney, Universal, EMI and the FBI.

The group has had its way with corporations and governments for the last two months. It took down the CIA’s websitehacked Sony’s servers, released sensitive documents from the Arizona state government andattacked the U.S. Senate’s website. While a suspected member of LulzSec was recently apprehended, the group claims he was not its leader.

The end of LulzSec doesn’t mean the end of hacker attacks, of course. Long-standing hacker group Anonymous is still around, and we bet other groups will form in the wake of the group’s disbandment. And with277,000+ followers and a captivated audience, we bet LulzSec will come back in one form or another. We also doubt its disbandment will stop authorities from searching for its masterminds.

What do you think of LulzSec and its AntiSec mission? What do you think will happen next? Let us know what you think in the comments.

 

FOLLOW “COMPUTER ADDICTED” PAGE IN FACEBOOK:CLICK HERE

LulzSec hacks Arizona police over immigration issues

Posted on


Creative Commons photo courtesy of beej55

The latest in a string of attacks by a hacker group known as Lulz Security (LulzSec) targeted the Arizona police today. The hackers exposed user names and personal information of law enforcement officers as well as sensitive documents housed on their servers.

While rumors surfaced about a supposed kingpin of LulzSec being arrested by New Scotland Yard this week, their intimidation tactics continue, and we have no idea who the next target will be.

As usual many of the dumped passwords were easy to guess or crack, showing that too many people believe it can’t happen to them. It is increasingly apparent that using software and encryption to create and protect unique passwords for every website is necessary.

That LulzSec exposed these passwords suggests they were either unencrypted, or used an insecure hashing algorithm. This is bad in and of itself, but far worse if the victims used the same passwords elsewhere.

While many of us are frustrated with the current state of corporate security and would like to affect change in a meaningful way, we control our own destiny. Most of us reside within nations that have democratic governments and can participate in shaping our futures through legal means.

In my view, the hacker ethic is to empower people with understanding and to use our collective intelligence to advance our ideas. Destroying privacy by exposing the information of innocent victims doesn’t advance anything.

‘Gifted’ teenager held in hacking probe

Posted on


'Gifted' teenager held in hacking probe

A FORMER Essex special school pupil accused of masterminding an international computer hacking operation from his bedroom was gifted, his head teacher said.

Ryan Cleary, 19, who is suspected of launching cyber attacks on the US Senate, CIA, Sony and UK’s Serious and Organised Crime Agency, was encouraged to study computing at Colchester Institute when he finished his GCSEs.

Teachers at the Heath School, Colchester, put him forward for a course at the further education college after recognising his potential in ICT.

During his time at the Winstree Road school he hacked into fellow pupils’ passwords on the school system.

His attendance dropped off in the final term and he did not pass all his exams.

Stewart Grant, who was headteacher at the Heath School, which changed its name to Ramsden Hall School when it moved to Langham in 2009, said: “If he had stayed with us properly right through year 11 I have no doubt he would have walked out with a lot of GCSEs.

“He was particularly good with ICT.”

He added it was not unusual for children with behavioural and emotional problems to be gifted.

“We have a whole range of youngsters who end up with us who are quite gifted in ares such as ICT and art, but can’t survive in mainstream schools because of their behaviour,” he said.

However, he said he was surprised by the media attention Mr Cleary had attracted.

“There are lots of children who pass through school and may get on the wrong side of the law but they don’t end up in the national press.

“He clearly was an intelligent youngster who went to a school for behavioural problems who three years down the line used the skills he picked up over time to get himself into trouble.”

Mr Cleary was arrested after police raided his Wickford home as part of a pre-planned operation involving the FBI and the Met Police.

He was taken to a London police station where he was questioned about computer-misuse and fraud offences.

If charged, he could be extradited to America to stand trial.

The FBI suspects he is the brains behind hacking group Lulzsec.

Lulzsec was believed to have intially targeted only US broadcasters including PBS and Fox and gaming firms.

But the Twitter page @Lulzsec recently declared its intention to break into Government websites and leak confidential documents.