http://sophosnews.files.wordpress.com/2012/02/conference-call-spy-170.jpg” alt=”Conference call spy image from Shutterstock” align=”right” hspace=”10″ vspace=”10″ />
Last month, we reported how a conference call, between the FBI and Scotland Yard, discussing their investigation into Anonymous hackers had been secretly recorded by the hacking collective and published on the net.
We surmised at the time that the unknown hackers might have secretly accessed the call by compromising a police investigator’s email account, as the call-in details and passcode were posted by Anonymous on their usual dumping ground – the PasteBin website.
http://sophosnews.files.wordpress.com/2012/02/fbi-email1.jpg” alt=”Conference call email, republished by Anonymous” />
Yesterday’s announcement by the FBI about the prominent LulzSec hacker Sabu, and other alleged hacktivists, has revealed more details about what actually happened.
According to an FBI press release, a Garda (Irish police) officer who was invited to attend the conference call about ongoing hacking investigations forwarded the message to a personal email account.
Unfortunately, that personal email account was compromised by a hacker.MORE
A 23-year-old man, suspected of being a member of the LulzSec hacking gang, has pleaded not guilty to an attack on the Sony Pictures website.
Cody Kretsinger, from Phoenix, Arizona, pleaded not guilty to conspiracy and unauthorized impairment of a protected computer during a hearing at Los Angeles District Court.
Kretsinger is alleged to be the LulzSec member known as “Recursion”, and is accused of being involved in an SQL injection attack that stole information from Sony Pictures in June, exposing users email addresses and passwords.
Approximately 150,000 confidential records were subsequently published online by LulzSec who mocked Sony’s weak security:
"SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"
Prosecutors claim that Kretsinger used the HideMyAss.com proxy server website to disguise his IP address as he allegedly probed Sony Pictures’ computer systems in May 2011, hunting for vulnerabilities.
HideMyAss.com’s terms and conditions stipulate that their service is not to be used for illegal activity, however, and they co-operated with the authorities when a court order was received requesting information.
Kretsinger’s trial is scheduled to begin on December 13th. If convicted he faces up to 15 years in prison.SRC
Jake Davis, an 18-year-old from the Shetland Islands, was released on bail after being charged with five offences relating to computer attacks and break-ins by the LulzSec and Anonymous hacking groups. Davis was granted bail to stay with his mother at their new home in Spalding, Lincolnshire, on condition that he does not access the internet either directly or through anyone else. He also has to wear a tag to ensure a 10pm to 7am curfew. Davis, whom police believe used the online nickname “Topiary” and was a member of the LulzSec and Anonymous hacking groups, was arrested at 2.10pm last Wednesday in Mid Yell, an northern island of the Shetlands.
He was charged on Sunday night with offences under the Computer Misuse Act, the Serious Crime Act, and the Criminal Law Act. Davis is accused of gathering data from National Health Service computers, being involved with attacks on News International and being part of an attack that caused the website for the Serious Organised Crime Agency to collapse. It is claimed that the hacking attacks compromised personal data for hundreds of thousands of people via the NHS, and the bank details of a large number of people when Sony Pictures Entertainment was hacked.
A 19-year old man has been arrested by British police in Shetland, UK, under suspicion of launching hacking attacks against a number of websites.
Officers from the Metropolitan Police Service’s Police Central e-Crime Unit (PCeU) arrested the man as part of an international investigation into the activities of the Anonymous and LulzSec hacktivist groups.
The man, who was arrested at a residential address in Shetland, is said to have used the online nickname “Topiary” and acted as a spokesperson for the groups via forums such as Twitter.
The suspected hacker is currently being transported to a central London police station, and a search is taking place at his home.
“Topiary” has been identified in the past as having a leading role in hactivist attacks launched by the LulzSec and Anonymous groups.
In a related police operation, officers are searching a residential address in Lincolnshire where a 17-year-old male is being interviewed under caution in connection with the inquiry. He has not been arrested.
The truth is that LulzSec and other hacktivist groups have recently been playing an extremely dangerous game – taunting the likes of the FBI and British police with a series of hacks and attacks and believing themselves to be invincible.
If the arrested man is indeed a key member of the LulzSec gang, it could be the British police who have the last laugh.
Interestingly, Topiary deleted all the messages he had previously posted on Twitter recently, replacing them with a simple message:
"You cannot arrest an idea"
Is it possible he saw the writing on the wall?
Just last week, the UK’s PCeU arrested a 16-year-old youth - believed to be the LulzSec/Anonymous hacker known as “T-Flow” – in South London, on suspicion of breaching the Computer Misuse Act. Other arrests took place at the same time in the United States and the Netherlands.
The international investigation into the notorious LulzSec hacking gang continues, with news that FBI agents have searched a house in Hamilton, Ohio.
According to local media reports, federal agents are said to have searched a teenager’s home in Jackson Road, Hamilton, although no-one was charged after the search warrant was served.
Whether the FBI was acting upon information gleaned from Ryan Cleary, the British teenager who was charged last week in relation to a series of denial-of-service attacks, is unclear.
However, there is speculation that US law enforcement officers may have been acting in part based upon information released by the LulzSec group earlier this group, outing members believed to have leaked the group’s private online chat logs.
A June 21st posting by LulzSec on PasteBin claimed to reveal the true identities of members who called themselves “m_nerva” and “hann”. Apparent real names and addresses were given for both individuals by LulzSec who said:
"These goons begged us for mercy after they apologized to us all night for leaking some of our affiliates' logs. There is no mercy on The Lulz Boat."
In m_nerva’s case, his address was listed by LulzSec as being in Hamilton, Ohio.
A tweet published at the same time as the information was posted indicated that there was little love between LulzSec members and the member they believed had snitched on them.
Hackers, eh? You just can’t trust ‘em..
With rival hackers apparently turning on each other, and with law enforcement agencies around the world on their tail, it certainly feels as if those who sailed on the Lulz Boat may not be quite so merry as they once were.
FOR LATEST NEWS ON SCAM, SPAM ALERTS, HACKING, TECHNOLOGY NEWS. PLEASE
Hacking season is not over yet. Even though LulzSec, the group of hackers who made a name for themselves by hacking Sony, Nintendo, and PBS among others, called it quits on Saturday, another group wants to pick up the slack.
After announcing the end of its activities, Lulzsec encouraged its 281,870 Twitter followers to follow the account of Anonymous, another hacking organization, which on Monday published new materials on counter-hacking tools and addresses of U.S. FBI locations. Anonymous also picked up more than 60,000 Twitter followers over the past 24 hours.
Acknowledging LulzSec’s retirement, the group released a torrent file containing all the data it obtained over the past seven weeks, including data from prominent targets such as the CIA, U.S. Senate, Sony, and AOL.
Even though LulzSec has been active for only 50 days, the hacking group garnered a significant amount of media attention: “For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could,” the group says in a goodbye note.
The files Anonymous released Monday include documents and hacking and counter-hacking tools. The data weighs in at 625MB and its exact source is not mentioned, except a link to the CDI Sentinel program page, which provides free cybersecurity training using a mobile computer lab.
The latest in a string of attacks by a hacker group known as Lulz Security (LulzSec) targeted the Arizona police today. The hackers exposed user names and personal information of law enforcement officers as well as sensitive documents housed on their servers.
While rumors surfaced about a supposed kingpin of LulzSec being arrested by New Scotland Yard this week, their intimidation tactics continue, and we have no idea who the next target will be.
As usual many of the dumped passwords were easy to guess or crack, showing that too many people believe it can’t happen to them. It is increasingly apparent that using software and encryption to create and protect unique passwords for every website is necessary.
That LulzSec exposed these passwords suggests they were either unencrypted, or used an insecure hashing algorithm. This is bad in and of itself, but far worse if the victims used the same passwords elsewhere.
While many of us are frustrated with the current state of corporate security and would like to affect change in a meaningful way, we control our own destiny. Most of us reside within nations that have democratic governments and can participate in shaping our futures through legal means.
In my view, the hacker ethic is to empower people with understanding and to use our collective intelligence to advance our ideas. Destroying privacy by exposing the information of innocent victims doesn’t advance anything.
A FORMER Essex special school pupil accused of masterminding an international computer hacking operation from his bedroom was gifted, his head teacher said.
Ryan Cleary, 19, who is suspected of launching cyber attacks on the US Senate, CIA, Sony and UK’s Serious and Organised Crime Agency, was encouraged to study computing at Colchester Institute when he finished his GCSEs.
Teachers at the Heath School, Colchester, put him forward for a course at the further education college after recognising his potential in ICT.
During his time at the Winstree Road school he hacked into fellow pupils’ passwords on the school system.
His attendance dropped off in the final term and he did not pass all his exams.
Stewart Grant, who was headteacher at the Heath School, which changed its name to Ramsden Hall School when it moved to Langham in 2009, said: “If he had stayed with us properly right through year 11 I have no doubt he would have walked out with a lot of GCSEs.
“He was particularly good with ICT.”
He added it was not unusual for children with behavioural and emotional problems to be gifted.
“We have a whole range of youngsters who end up with us who are quite gifted in ares such as ICT and art, but can’t survive in mainstream schools because of their behaviour,” he said.
However, he said he was surprised by the media attention Mr Cleary had attracted.
“There are lots of children who pass through school and may get on the wrong side of the law but they don’t end up in the national press.
“He clearly was an intelligent youngster who went to a school for behavioural problems who three years down the line used the skills he picked up over time to get himself into trouble.”
Mr Cleary was arrested after police raided his Wickford home as part of a pre-planned operation involving the FBI and the Met Police.
He was taken to a London police station where he was questioned about computer-misuse and fraud offences.
If charged, he could be extradited to America to stand trial.
The FBI suspects he is the brains behind hacking group Lulzsec.
Lulzsec was believed to have intially targeted only US broadcasters including PBS and Fox and gaming firms.
But the Twitter page @Lulzsec recently declared its intention to break into Government websites and leak confidential documents.