WebProNews

Tag: information security

  • Anonymous Timeline Alleges #AntiSec an FBI Creation

    Affiliates of the Anonymous movement are no stranger to FBI infiltration. Now, however, the hackers and their supporters are wondering if the #AntiSec group was not only infiltrated by federal investigators, but whether the group was itself a creation of the FBI, intended as a honeypot to attract the movement’s top hackers.

    Anonymous PR Wing @YourAnonNews announced its suspicions on Twitter last night. If there’s anything to their claims, this is some serious spy-versus-spy stuff:

    @YourAnonNews
    Anonymous    Get out your tinfoil hat folks, shit is about to get REALLY fucked up around here. Stay tuned for revelations. 12 hours ago via web ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

    @YourAnonNews
    Anonymous    #Antisec © FBI 2011-2012. (they manufactured terror, from the start) 12 hours ago via web ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

    @YourAnonNews
    Anonymous    We hope when all is said and done, you can look at the facts as we lay them out and connect the dots to reach the same conclusions we did. 8 hours ago via web ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

    @YourAnonNews
    Anonymous    Was #ANTISEC itself a FBI-created honeypot tailored to attract the top #Anonymous hackers? Was the FBI thus complicit in all #ANTISEC hacks? 6 hours ago via web ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

    Earlier today the group published this timeline of #AntiSec, highlighting perceived correlations between LulzSec leader Sabu’s (Hector Xavier Monsegur) arrest and legal proceedings, his acquisition and sharing of security data with Anonymous affiliates, the formation of #AntiSec, and last week’s arrest of five suspected hackers.

    Timeline of ANTISEC as Created and Operated Under FBI Supervision

    #AntiSec was first announced on Twitter, the timeline asserts, at nearly the same time that Sabu was arrested

    The same day, an #AntiSec release statement was posted on pastebin, encouraging widespread advertising the of “AntiSec” brand on both the digital and physical landscape:

      Welcome to Operation Anti-Security (#AntiSec) – we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word “AntiSec” on any government website defacement or physical graffiti art. We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships.

    And a specific call was made to acquire sensitive government information:

      Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments.

    A week later, LulzSec announced its disbandment and Sabu announced his allegience to #AntiSec.

    YourAnonNews cites these correlations as evidence that #AntiSec was formed by Sabu after his turning federal informant, and thus that #AntiSec was a creation of the U.S. Government. You can examine the rest of the alleged evidence for yourself in the pages above.

    While it will be nearly impossible to verify the validity of this timeline (and thus, the culpability of federal investigators in instigating #AntiSec and its attacks), the above timeline at least makes for some interesting reading with even more interesting implications (provided it’s accurate). If #AntiSec was a government creation, then that would make federal authorities at least marginally culpable for attacks carried out under the #AntiSec banner, especially any attacks that were instigated by their informant, or that were the result of information leaked by authorities. With strong enough evidence, this could even be a case for entrapment in the defense trials of alleged hackers recently arrested for #AntiSec-related crimes. Again, however, to prove such direct culpability of federal investigators would be a herculean task.

    FBI involvement or no, the #AntiSec banner has grown far beyond the control of its creators, whoever they may be. But my head is spinning. I’m going to go write about something simple for a while.

    YourAnonNews also published a 506-page pdf archive of all of Sabu’s tweets since November 2011. While we didn’t include it in this post, you can peruse it here if you’re feeling nosy.

  • Anonymous Attacks Vatican For Third Time in One Week

    It’s been a hard past week for the Vatican’s online presence. Since members of Anonymous declared war on religion last Monday, and as a part of the latest retaliatory cyber attacks following the indictment of several suspected hackers, Vatican servers have been targeted at least three times. First they took down the Vatican homepage, then they broke into a Vatican Radio Server, and now Anonymous-affiliated hacker Agent_Anon is claiming a DDoS of related site catholic.va, with a corresponding database dump on pastebin.

    (image)@AgentAnonHacker
    Agent_Anon    @YourAnonNews I dumped the database of catholica.va for #OpVatican. The site is under DDOS now. http://t.co/NXEMXnXk(image) 11 hours ago via web ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

    As a part of the pastebin dump, Agent_Anon accused the Vatican and the Catholic church of a centuries-long history of crimes, including a list of nineteen specific grievances relating to crimes against humanity, archaic policies toward reproductive issues, and opposition to scientific progress. “This theocracy needs to either enter the real world with modern ideals, or fall behind an become part of history,” the Anonymous operative asserted in his pastebin manifesto.

    I won’t include the entire list of grievances, many of which included allegations of severe crimes or ethical breaches by the church, but I will mention the final grievance on the list, which I found amusingly worded:

    The church fucked with Galileo. No one fucks with Galileo. He’s my bro.

    Here’s a screen cap from pastebin. Warning to sensitive readers: it contains some offensive language.

    (image)
    As a part of the attack, members of Anonymous claim Catholic.va is currently under DDoS attack. At the time of writing, my browser couldn’t find the server, though a search of both Google and Yahoo revealed no record of the site in question. The similarly named Catholic.org was, however, operational.

    (image)

    Last week’s arrest and indictment of several Anonymous-affiliated hackers may have been a heavy legal blow to the movement. But if authorities were hoping the arrests would demoralize Anonymous members worldwide, I’m not so sure they achieved their goals. The recent frequency of Anonymous attacks suggests that, if anything, previously dormant hackers are mobilizing, and new groups are forming quickly to fill old shoes.

  • Symantec Confirms Norton Antivirus Source Code Leak

    Symantec has confirmed the authenticity of a segment of Norton AntiVirus 2006 source code leaked to the internet last week. The stolen code was leaked to The Pirate Bay as a part of retaliatory attacks by hackers affiliated with the Anonymous movement, following the arrest and indictment of several suspected hackers on Tuesday. The leak also coincided with the first celebration of Anonymous’s traditional “Fuck FBI Friday” attacks since the arrests.

    In a statement Friday evening, Symantec confirmed the code’s authenticity, but denied that the leak comprised any sort of security risk. “As we have already stated publicly, our analysis shows that due to the age of the exposed code and the fact that it is only a small subset of the complete code, Symantec antivirus or endpoint security consumer and business customers – including anyone running Norton products – should not be in any increased danger of cyber attacks resulting from this incident,” asserts the company’s blog.

    The digital security company also anticipates the release of additional code segments that it suspects Anonymous already possesses, including yet unreleased code for Norton Internet Security 2006. Other portions of code for Norton Utilities, pcAnywhere, and Norton Antivirus, have already been leaked online.

    Symantec concluded its confirmation of the leaks by again reiterating that consumers running up-to-date versions of Norton AntiVirus should have nothing to worry about. “Again, the code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident,” claims the company.

    Stolen portions of Norton AntiVirus source code were the focus of an extortion attempt of Symantec in January.

    Also included in last week’s Anonymous hacks were police supplier New York Iron Works, the Australian Justice Department, Spanish infosec company Panda Security and the Vatican website.

  • UK Hacker Arrested, Accused of Trying to Retrieve Info of Women Who Received Abortions

    Today the Scotland Yard arrested a 27-year-old who claims to have links to the hacktivist group, Anonymous, on suspicion of offences under the Computer Misuse Act. The Metropolitan police’s central e-crime unit was granted a search warrant for the suspect’s home in Wednesbury, West Midlands prior to making the arrest.

    The culprit is accused of trying to break into the British Pregnancy Advisory Service’s (BPAS) website, extract information about women who had received abortions, and possibly release the names of the women.

    According to BPAS, there were approximately 26,000 attempts to break into its website over a six hour period on Thursday. At this point BPAS has not confirmed that any medical or personal information of the women who had received treatment was accessed.

    Police have stated that data on the website was compromised but explained that the stolen data did not contain any medical details of women who had received treatment.

    The data that was stolen did contain personal information (names, addresses and phone numbers) from people who had inquired about resources and services from BPAS relating to contraception, pregnancy, abortion, STI testing and sterilisation.

    Detective Inspector Mark Raymond from the Met’s e-crime unit said: “We have taken rapid action to identify and arrest a suspect involved in hacking. This was done to prevent personal details of people who had requested information from the BPAS website being made public. It should be stressed that the stolen data did not contain the medical details of women who had received treatment or why individuals had contacted the British Pregnancy Advisory Service.”

    To prevent the publication of such data BPAS has been granted a court injunction and all proper legal channels are being employed to protect all potential and current patients’ information.

    The suspect is currently in custody at a West Midlands police station.