Posts tagged Anonymous
Another great post by Mike, enjoy, then be sure to use the link below to visit Mike’s site!
Former NSA Head, Michael Hayden, Aggressively Attacks the Entire Hacking Community
There’s an interesting trend happening in America today. A trend characterized by old, authoritarian, formerly “highly respected” figures in society becoming so confused and concerned that the zeitgeist of the nation is moving away from them, that they are overcome by dementia and publicly lash out like spoiled children in increasingly irrational manner. Two of my favorite examples of such behavior are Senator John McCain and NYC Mayor Michael Bloomberg. Now we can add another character to the list, former CIA and NSA head Michael Hayden. Amongst other things, here is what he said about Snowden supporters:
Nihilists, anarchists, activists, Lulzsec, Anonymous, twenty-somethings who haven’t talked to the opposite sex in five or six years.
First of all, this is a typical response from a person who cannot win an argument. Appeal to emotion or engage in bizarre personal attacks. We saw Chris Christie desperately do this the other day when he attacked libertarians for “thinking”, in a pathetic attempt to create some perverted neocon buzz about himself ahead of 2016. However, even more hilariously, here is a picture of Michael Hayden.
Wait, who hasn’t talked to the opposite sex in five or six years? I’m sure the ladies are rioting in the streets to get a date with this guy. From the Washington Post:
Former NSA and CIA chief Gen. Michael Hayden speculated on Tuesday that hackers and transparency groups would turn to cyberterror attacks if the United States captured NSA leaker Edward Snowden. He went on to dismiss Snowden supporters as “nihilists, anarchists, activists, Lulzsec, Anonymous, twenty-somethings who haven’t talked to the opposite sex in five or six years.”
That probably wasn’t the smartest thing to say because the government desperately needs hackers. And usually, when you desperately need someone, implying that they’re sex-starved, basement-dwelling, would-be terrorists isn’t a good idea.
Full article here.
Follow Mike on Twitter!
Hackers Break into Smartphones to Access Your Bank Account
Security Research Labs (SRL) states that SIM cards in smartphones could be utilized by hackers to gather online banking account information.
Indeed, an estimated 500 million subscriber identity module (SIM) cards have been identified as having vulnerabilities that allow remotely controlled attacks to occur.
SIM cards are “tiny computers that store crucial cryptographic data.”
SIM cards store data on user’s such as phone number, private login and billing information. This includes details about a user’s PayPal and credit card numbers so that the hacker can infiltrate all financial records of individuals.
It is unclear whether or not users can verify that their SIM card is vulnerable to hacker attacks. Specific details provided by the manufacturer cannot assist the user with determining if they are a sitting duck.
Apps made for smartphones are syphoned through SIM cards because they act as a portal .
Karsten Nohi, founder of SRL, is expected to provide this research to the BlackHat Conference in Las Vegas in the later part of this month.
SRL asserts that hackers would send “an unrecognizable, binary text message usually meant to carry user logs and telephone settings to a victim’s phone.
The cellphone then responds by sending back an error message carrying a signature that can be distilled to reveal a 56-bit Data Encryption Standard (DES) key. DES is an old encryption standard used by about one in eight phones around the world.”
Through the “cracked key” the hacker can “download software onto the SIM card that can, among other tricks, change voicemail numbers and find out exactly where a phone is at any time. This allows for remote cloning of possibly millions of SIM cards including their mobile identity as well as payment credentials stored on the card.”
Nohi said : “We can remotely install software on a handset that operates completely independently from your phone. We can spy on you. We know your encryption keys for calls. We can ready your [SMSes]. More than just spying, we can steal data from the SIM card, your mobile identity, and charge your account.”
Because SIM cards are employed as a de facto trust anchor for cellular phones, simply using two Short Message Service texts can allow a hacker to break into the phone, steal data, listen in on the calls made, and make purchases as if they were the owner of the phone.
The UN issued a warning under the Telecommunications Union (UNTU), that this research provided by SRL is “highly significant” and that “these findings show us where we could be heading in terms of cybersecurity risks.”
Under the direction of the UNTU, academics, private tech corporations and mobile phone companies will be admonished to cooperate with the international community to set up regulations with government officials so that this threat is quelled.
Last October, smartphone connecting to customer bank accounts and conducting remote online banking is utilized by an estimated 29% of US mobile phone users.
Although those invested in keeping the online banking revolution alive are reassuring the general public that it is safe, malware software is rampant throughout the internet and used by fake hacker groups to justify stricter restraints on our digital freedoms. The smartphone banking apps are not different.
Earlier in 2012, the CIA-sponsored hacker group Anonymous breached security systems for VISA and MASTERCARD. These two corporations alerted other banking institutions across the US that there was a “massive breach” within the financial sector.
In October of 2011, the fake hacker group apparently took control over Bank of America (BoA), one of the oldest central banking cartel funded banks. Lately, BoA was used to funnel funds to known drug cartels in Mexico under the Fast and Furious scandal.
January of 2012, Trusteer, the Israeli-based security firm, discovered a banking virus that will steal funds from customers and cover its tracks in the process. This new creation from the SpyEye Trojan will “swap out banking Web pages . . . preventing customers from realizing that their money is gone.”
This Trojan waits patiently for the user to visit their online banking site, copies their login and password, then divulges the personal data surveyed; such as debit/credit card information.
When the user inputs their credit/debit card information in to conduct a purchase, the Trojan will swap web pages and siphon out the funds. According to Truseeter, this is a “post transaction attack”.
The cover-up ability of this Trojan is remarkable. It will edit balance amounts, line by line transactions, and all activity that would trigger suspicion by the owner of the account.
In 2011, SpyEye Trojan attacked Android mobile online banking by siphoning out data from the customer to be used by the hacker. SpyEye also changes while circumventing mobile SMS which is a security measure taken by banks when a customer is conducting online account transactions to certify that the correct user is conducting the business.
SpyEye was victimizing Verizon customers with fake billing pages that require the customer to log in which reveals personal financial data to the virus concerning the user. This Trojan can deter anti-virus software, jumping over firewalls and sit undetected between the browser and the computer redirecting the user to pages without ever being caught.
Image credit: http://www.occupycorporatism.com
About the author:
Posted by Robert Wenzel
Murder Mystery(?) Michael Hastings and a CyberSecurity Firm Called Endgame
Reports are beginning to surface about a connection between the reporter Michael Hastings and a mysterious cybersecurity firm known as Endgame.
Hastings has been linked to Barrett Brown, who the government alleges is the leader of the hacker group Anonymous. Brown is in jail and is being held without bail. The web site Free Barrett Brown reports:
Having previously been raided by the FBI on March 6, 2012 and not charged with any crime in relation to that incident, on September 12, 2012 Barrett Brown was again raided and this time arrested by the Federal Bureau of Investigation while he was online participating in a Tinychat session. He was subsequently denied bail and detained without charge and adequate medical treatment for over two weeks while in the custody of US Marshals. In the first week of October 2012, he was finally indicted on three counts.
These charges are related to alleged activities or postings on popular websites such as Twitter and YouTube, in which he postured for the return of property which was taken from him in March, and expressed frustration at the targeted campaign against him and a member of his family. The Department of Justice issued a press release at the time.
Also, according to the web site, Hastings was planning to interview Brown:
Before his untimely death, Hastings was working on a story about Barrett, announcing mysteriously to his followers “Get ready for your mind to be blown.” Hastings had been in touch with Barrett’s lawyers, and intended to interview him in June for the story. Barrett has been in prison for 281 days pending trial, and faces over a hundred years imprisonment for what Hastings called ”trumped up FBI charges regarding his legitimate reportorial inquiry into the political collective known sometimes as Anonymous.”
Before his suspicious death in a fiery car crash, Hastings seemed to confirm this planned interview, in a tweet and hinted it was relative to a very big story:
Barrett, at the time he was arrested,was studying Endgame. The Nation reports:
Brown began looking into Endgame Systems, an information security firm that seemed particularly concerned about staying in the shadows. “Please let HBGary know we don’t ever want to see our name in a press release,” one leaked e-mail read. One of its products, available for a $2.5 million annual subscription, gave customers access to “zero-day exploits”—security vulnerabilities unknown to software companies—for computer systems all over the world. Business Week published a story on Endgame in 2011, reporting that “Endgame executives will bring up maps of airports, parliament buildings, and corporate offices. The executives then create a list of the computers running inside the facilities, including what software the computers run, and a menu of attacks that could work against those particular systems.” For Brown, this raised the question of whether Endgame was selling these exploits to foreign actors and whether they would be used against computer systems in the United States. Shortly thereafter, the hammer came down.
The FBI acquired a warrant for Brown’s laptop, gaining the authority to seize any information related to HBGary, Endgame Systems, Anonymous and, most ominously, “email, email contacts, ‘chat’, instant messaging logs, photographs, and correspondence.” In other words, the FBI wanted his sources.
So what is Endgame? According to Darker Net:
Monsanto’s Website Hacked After 2 Million March
The Monsanto corporate website was hacked on May 29, 2013, just days after more than 2 million people marched against the organization around the world, and despite an almost complete media blackout. Anonymous, a group of internet hackers calling themselves ‘hacktivists’, was able to temporarily shut down the site as an act of outright revolt against Monsanto’s illegal and predatory practices of planting poison GMO crops even despite the public’s desperate attempts to stop them.
A statement released by Anonymous relates:
“Monsanto is facing the wrath of activists because they are altering the nature of our food supply without a concern about long term effects on human health, because they are creating a monopoly on the supply of seeds for farmers, and, because of increasing evidence of long term environmental damages.”
This same hacktivist has previously hacked into Monsanto’s website before, and also the public relations companies associated with them. In December of 2012, the hackers infiltrated the PR firm known as The Biving Group due to “15+ years of running marketing campaigns and helping some of the most corrupt corporations on the planet, as well as several governmental agencies, cover up their dirt.” Going by information released by Anonymous, Bivings Group shut down all of their servers and liquidated their assets after the infiltration.
Will activists take on increasingly desperate attempts to shut down corporations like Monsanto as the global spread of GMO seed endangers our food supply? As Monsanto seems to slide like a slippery eel through government institutions that are supposed to protect the people from health hazards like GMO, including the Senate, Congress, FDA, and our completely mute presidential office, perhaps the public is getting anxious as the GMO monopoly continues to grow in India and the US, as in other countries, despite rampant activism to stop them.
The FBI has launched an investigation into a recent Anonymous hack of a Federal Reserve database in retaliation for the US harassment of Aaron Swartz, who recently committed suicide. The hackers reportedly obtained 4,000 personal records in the attack.
Jo David Cummins, president and CEO of Illinois’ Community First Bank, said the hack of the US Federal Reserve database, which gave hackers access to his personal information and that of 4,000 other people, “hasn’t been much of a hassle,” as quoted by Reuters. “The information that was on the contact system was the same thing that was on my business card, so it wasn’t like it was anything that could do any harm to me or the bank.”
But the FBI and the Fed, which is a common target of criticism from many affiliated with the hacker collective, aren’t so sure. “We are in the process of a comprehensive assessment to determine what information might have been obtained in this incident.We remain confident that this incident did not affect critical operations of the Federal Reserve,” said Fed spokesman Jim Strader.
Anonymous gained access to the Fed’s Emergency Communication System (ECS) in mid-January, circumnavigating password prompts and encryption roadblocks. The Fed had recommended the implementation of a monitoring system to keep tabs on the security of third-party systems, like the ECS, last year.
The attack came as part of Anonymous’ OpLastResort, the collective’s response to the death of Aaron Swartz, who took his own life in January after a long battle with depression. He was preparing to face criminal charges based on a laundry-list of so-called criminal activity the United States government alleged he engaged in. If convicted, Swartz stood to spend 35 years in prison.
Swartz was under investigation for his connection to a dump of data taken from JSTOR, a peer-reviewed article archive. His supporters argue that though much of JSTOR’s content costs money to access, academic research should be free to everyone.
The Associated Press
Revenge for prosecution of web activist
The FBI has launched an investigation after hacker-activist group Anonymous says it hijacked the website of the U.S. Sentencing Commission to avenge the death of Aaron Swartz, an internet activist who committed suicide.
The website of the commission, an independent agency of the judicial branch, was taken over early Saturday and replaced with a message warning that when Swartz killed himself two weeks ago “a line was crossed.”
The hackers say they’ve infiltrated several government computer systems and copied secret information that they now threaten to make public.
Family and friends of Swartz, who helped create Reddit and RSS, say he killed himself after he was hounded by federal prosecutors.
U.S. Attorney Carmen Ortiz, in the wake of the suicide, said she believed the case was conducted “reasonably” and “appropriately.”
Officials say he helped post millions of court documents for free online and that he illegally downloaded millions of academic articles from an online clearinghouse.
The FBI’s Richard McFeely, executive assistant director of the Criminal, Cyber, Response, and Services Branch, said in a statement that “we were aware as soon as it happened and are handling it as a criminal investigation. We are always concerned when someone illegally accesses another person’s or government agency’s network.”
Swartz’s supporters believe Ortiz’s office was overly aggressive in charging Swartz with 13 felonies for tapping into the computer network at the Massachusetts Institute of Technology to download nearly five million articles from an online clearinghouse for academic journals.
Swartz’s lawyer, Elliot Peters, said prosecutors were insisting that any plea deal would involve Swartz pleading guilty to all 13 felony charges against him and serving four to six months in prison.
Ortiz has said her prosecutors did not demand that Swartz plead guilty.
Leaked documents from a recent International Telecommunications Union meeting have exposed several disturbing examples of potential usages of the Deep Packet Inspection (DPI) standard, which was recently adopted by a UN conference in Dubai.
The leaked documents include a full draft recommendation on the ‘Y.2770’ standard for DPI. This technology is used to monitor, filter and manage Internet traffic. It could potentially be used by governments and international telecom companies to easily scan data sent on the Internet.
Though the recommendation specifies only the requirements for DPI in next-generation networks, it also suggests that such standards be applicable to the current generation.
The draft document does not cover the potential impact of the DPI, but recommends that implementers and users of the described capabilities “shall comply with all applicable national and regional laws, regulations and policies.”
DPI will provide functionality to control and inspect Internet traffic – including encrypted and compressed data – in a wide range of possible scenarios.
The paper mentions several such scenarios, including: forwarding copyright-protected audio content, detection of a specific transferred file from a particular user, identifying uploading BitTorrent users and detecting and blocking Peer-to-Peer VoIP telephony.
Critics are calling the DPI standard invasive, expressing concern of its approval, while the ITU itself has been accused of secrecy because it did not allow individual countries to publish their own proposals for changes in the standard.
The World Conference on International Telecommunications this week was held behind closed doors, with even representatives from Google, Facebook and Twitter barred from attending.
The conference was briefly disrupted by a suspected hacker attack that forced the WCIT website offline for about two hours.
ITU Secretary General Hamadoun Toure accused the attackers of hypocrisy, saying that it was ironic that those who claim to be fighting for a free Internet disrupt online access to the event. “Do they believe in one rule for them and another for everybody else?” he said.
Internet hacktivist group Anonymous has declared cyberwar on Israel, posting personal data of five thousand Israeli officials online.
The group used their Anonpaste.me site to address a message to the Israeli government before linking to the page with names, ID numbers and personal emails of 5,000 officials.
The message said: “It has come to our attention that the Israeli government has ignored repeated warnings about the abuse of human rights, shutting down the internet in Israel and mistreating its own citizens and those of its neighboring countries.”
(Screenshot from anonpaste.me)
The group also said “Israeli Gov. this is/will turn into a cyberwar.”
Earlier, the group hacked over 700 hundred Israeli websites, including the Bank of Jerusalem, the Israeli Defence Ministry, the IDF blog, the President’s official website and many others.
Most of the sites remain down.
The country’s finance minister has acknowledged the recent wave of attacks, saying the government is now waging a war on a “second front.”
Over the past four days, Israel has “deflected 44 million cyber-attacks on government websites,” Israeli Finance Minister Yuval Steinitz told AP.
The Philippines has approved measures to prosecute users that post “defamatory” comments on social media websites such as Twitter and Facebook. They will be liable for a fine of 1 million pesos (US$24,000) or face up to 12 years in prison.
Websites that publish the material may also be shut down.
The cyber-law has been branded as ‘draconian’ and a serious violation of freedom of speech by rights groups.
“The cyber crime law needs to be repealed or replaced,” said Brad Adams, Asia director of the Human Rights Watch. “It violates Filipinos’ rights to free expression and it is wholly incompatible with the Philippine government’s obligations under international law.”
He stressed that while the bill was in action it will have a “chilling effect over the entire Philippines online community.”
The new legislation extends Philippines libel law, which has been previously contested by Human Rights Watch, into cyberspace.
Aside from prosecuting users who post material deemed offensive, the bill grants authorities the power to collate and retain information from people’s Facebook and Twitter profiles, as well as eavesdropping on conversations over Skype.
“Anybody using popular social networks or who publishes online is now at risk of a long prison term should a reader – including government officials – bring a libel charge,” Adams said. “Allegedly libelous speech, online or off-line, should be handled as a private civil matter, not as a crime.”