Reflecting on the blogs I’ve written over the last 11 weeks, it is apparent that the blogs I have posted have been largely focused on the hacking community. My primary source of information was Cnet.com and thehackernews.com. I primarily used them as my launch points for blogging as they have long been my source for IT Security related news, as they can always be trusted to have the lastest in IT security related stories.
I focused on hacking stories because in the world of IT security, hackers are the #1 threat, and because I find the topic both interesting and relevant to the goals of not only our blogging assignment, but towards the entire degree path.
In my searching for stimulating and pertinent material each week, I would spend a considerable amount of time researching various sites to get multiple viewpoints of any given topic, and would often find myself researching topics more than I normally would just to learn about what was going on in any given event. This research I performed each week has broadened not only my view of the hacking community but the climate of the world as well.
We are living in interesting times, with groups/movements such as WikiLeaks, Anonymous, the 99% Movement, and the Occupy Movement, etc. It’s quite interesting to see the lines between the real and digital world blurring. How digital attacks and events are complimenting protests and actions performed in the real world.
I believe blogs such as these could aid IT Security professionals and future IT Security students in understanding the current climate and the threats that exist in the cyber world. Understanding the pathology of cybercrime and keeping abreast of security threats, both past and present may aid in the proactive development of countermeasures for future threats.
Friday, November 18, 2011
Friday, November 11, 2011
Week 11 Post: $14 Million Click-Hijacking Scam
The U.S. Department of Justice said on November 9th that it had uncovered an Internet scam ring that fetched 14 million dollars by means of infecting millions of computers around the world with malware that is designed to redirect Web searches to websites that generate revenue.
Seven culprits, six from Estonia and one from Russia are being brought up on charges of wire fraud and computer intrusion, says the FBI. The group is accused of infecting roughly 4 million computers in more than 100 countries (500,000 in the U.S. alone), including NASA – with malware named DNSChanger. The malware makes changes to the Domain Name Server (DNS) settings on the infected computers, effectively redirecting them to rogue DNS servers which then point them to specific Web sites.
Essentially the malware hijacks the infected computers and when certain Web searches were performed, it would redirect them to sites that would pay them money whenever people visited the sites and clicked on ads.
An FBI statement reports: “When users of infected computers clicked on the link for the official Web site of iTunes, for example, they were instead taken to a Web site for a business unaffiliated with Apple Inc. that purported to sell Apple software."
Additionally, the malware would redirect the infected machines that searched for Netflix to a business called “BudgetMatch” and searches that were intended to find the IRS were redirected to H&R Block.”
The accused are also facing charges that they replaced legitimate ads on sites with their own ads that triggered payments to themselves. An example is that they replaced an American Express ad on the Wall Street Journal’s home page with an ad for “Fashion Girl LA” as well as replacing an “Internet Explorer 8” ad on Amazon.com with an ad for an e-mail marketing firm.
The way that computer were infected with DNSChanger was triggered when they visited certain Web sites or when they downloaded certain software to view videos online. Additionally, the malware software prevented antivirus and operating systems from updating correctly.
The accused allegedly created companies that masqueraded as legitimate advertising publisher networks. Apparently the operation began in 2007 and ended in October of this year with the completion of a two-year FBI investigation dubbed “Operation Ghost Click,” says the FBI.
The rogue DNS servers that were used in this operation have been replaced with legitimate servers in effort to correct the Internet access issues persistent on infected computers. The owners of infected computers will need to be proactive in clearing the malware off of their machines. People can verify if their computers are infected by typing their DNS information into an FBI webpage (https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS).
The indictment filed in the U.S. District Court of New York was unsealed on Tuesday.
References:
Mills, E (2011). Seven accused in $14 million click-hijacking scam. Retrieved 10 November, 2011 from Web site: http://news.cnet.com/8301-1009_3-57321844-83/seven-accused-in-$14-million-click-hijacking-scam/?tag=txt;title
Seven culprits, six from Estonia and one from Russia are being brought up on charges of wire fraud and computer intrusion, says the FBI. The group is accused of infecting roughly 4 million computers in more than 100 countries (500,000 in the U.S. alone), including NASA – with malware named DNSChanger. The malware makes changes to the Domain Name Server (DNS) settings on the infected computers, effectively redirecting them to rogue DNS servers which then point them to specific Web sites.
Essentially the malware hijacks the infected computers and when certain Web searches were performed, it would redirect them to sites that would pay them money whenever people visited the sites and clicked on ads.
An FBI statement reports: “When users of infected computers clicked on the link for the official Web site of iTunes, for example, they were instead taken to a Web site for a business unaffiliated with Apple Inc. that purported to sell Apple software."
Additionally, the malware would redirect the infected machines that searched for Netflix to a business called “BudgetMatch” and searches that were intended to find the IRS were redirected to H&R Block.”
The accused are also facing charges that they replaced legitimate ads on sites with their own ads that triggered payments to themselves. An example is that they replaced an American Express ad on the Wall Street Journal’s home page with an ad for “Fashion Girl LA” as well as replacing an “Internet Explorer 8” ad on Amazon.com with an ad for an e-mail marketing firm.
The way that computer were infected with DNSChanger was triggered when they visited certain Web sites or when they downloaded certain software to view videos online. Additionally, the malware software prevented antivirus and operating systems from updating correctly.
The accused allegedly created companies that masqueraded as legitimate advertising publisher networks. Apparently the operation began in 2007 and ended in October of this year with the completion of a two-year FBI investigation dubbed “Operation Ghost Click,” says the FBI.
The rogue DNS servers that were used in this operation have been replaced with legitimate servers in effort to correct the Internet access issues persistent on infected computers. The owners of infected computers will need to be proactive in clearing the malware off of their machines. People can verify if their computers are infected by typing their DNS information into an FBI webpage (https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS).
The indictment filed in the U.S. District Court of New York was unsealed on Tuesday.
References:
Mills, E (2011). Seven accused in $14 million click-hijacking scam. Retrieved 10 November, 2011 from Web site: http://news.cnet.com/8301-1009_3-57321844-83/seven-accused-in-$14-million-click-hijacking-scam/?tag=txt;title
Wednesday, November 2, 2011
Week 10 Post: Anonymous threatens Mexican drug cartel
The Mexican arm of Anonymous is going toe to toe with one of the world’s most dangerous criminal organizations, the Mexican cartel Los Zetas. Anonymous is making threats to the drug cartel over the alleged kidnapping of one of its members in Veracruz.
Anonymous does not identify the missing member by name, but alleges he was kidnapped from a street protest, “doing Paperstorm” which is a reference to posting flyers or messages in public areas.
In a Youtube video, a man dressed in a suit and tie, and wearing the Guy Fawkes mask from the movie “V for Vendetta” (the mask has become the symbol for Anonymous), says in Spanish: “You made a huge mistake by taking one of us. Release him. And if anything happens to him, you (expletive) will always remember this upcoming November 5th” He continues with “We demand his release, we want the Army and the Navy to know that we are fed up with the criminal group Zetas, who have concentrated on kidnapping, stealing and blackmailing in different ways.”
"We can't defend ourselves with a weapon, but if we can do this with their cars, houses, bars, brothels, and everything else in their possession," the video says. "It won't be difficult. We all know who they are and where they are."
The video posted earlier this month also threatens to expose its associates to include journalists, taxi drivers, police and corrupt government officials who allegedly cooperate with the cartel. The website of a Gustavo Rosario, a Mexican politician suspected of having connections with the cartel was defaced and the words “Es Zeta” (is Zeta) were shown on his main page.
These threats move Anonymous into a whole new realm, they typically target corporations, government agencies, and law enforcement departments that it deems financially or morally corrupt, gangs have never before been the target of their attacks.
The U.S. Justice department states that the Zetas cartel may be the most technologically advanced sophisticated and violent force of the paramilitary enforcement groups in Mexico.
Mike Vigil, a retired head of International Operations for the DEA said that the Zetas Cartel needs to take Anonymous seriously because by publishing the names they identify the Zetas Cartel members to rivals and they will go after them. If Anonymous makes good on its threats and publishes these names, it will most certainly lead to more deaths.
This is a pretty bold move by Anonymous and it will be interesting to see the resulting fallout.
References:
Anonymous Veracruz copia. Retrieved 01 November, 2011 from Youtube Web site: http://www.youtube.com/watch?feature=player_embedded&v=3ZL0E1J7wOg!
Mills, E (2011). Anonymous online activists threaten Mexican drug cartel. Retrieved 01November, 2011 from Cnet Web site: http://news.cnet.com/8301-1009_3-20127534-83/anonymous-online-activists-threaten-mexican-drug-cartel/?tag=txt;title
THN Reporter (2011). Anonymous hackers threatening a Mexican drug cartel. Retrieved 01 November, 2011 from The Hacker News Web site: http://thehackernews.com/2011/10/anonymous-hackers-threatening-mexican.html
Anonymous does not identify the missing member by name, but alleges he was kidnapped from a street protest, “doing Paperstorm” which is a reference to posting flyers or messages in public areas.
In a Youtube video, a man dressed in a suit and tie, and wearing the Guy Fawkes mask from the movie “V for Vendetta” (the mask has become the symbol for Anonymous), says in Spanish: “You made a huge mistake by taking one of us. Release him. And if anything happens to him, you (expletive) will always remember this upcoming November 5th” He continues with “We demand his release, we want the Army and the Navy to know that we are fed up with the criminal group Zetas, who have concentrated on kidnapping, stealing and blackmailing in different ways.”
"We can't defend ourselves with a weapon, but if we can do this with their cars, houses, bars, brothels, and everything else in their possession," the video says. "It won't be difficult. We all know who they are and where they are."
The video posted earlier this month also threatens to expose its associates to include journalists, taxi drivers, police and corrupt government officials who allegedly cooperate with the cartel. The website of a Gustavo Rosario, a Mexican politician suspected of having connections with the cartel was defaced and the words “Es Zeta” (is Zeta) were shown on his main page.
These threats move Anonymous into a whole new realm, they typically target corporations, government agencies, and law enforcement departments that it deems financially or morally corrupt, gangs have never before been the target of their attacks.
The U.S. Justice department states that the Zetas cartel may be the most technologically advanced sophisticated and violent force of the paramilitary enforcement groups in Mexico.
Mike Vigil, a retired head of International Operations for the DEA said that the Zetas Cartel needs to take Anonymous seriously because by publishing the names they identify the Zetas Cartel members to rivals and they will go after them. If Anonymous makes good on its threats and publishes these names, it will most certainly lead to more deaths.
This is a pretty bold move by Anonymous and it will be interesting to see the resulting fallout.
References:
Anonymous Veracruz copia. Retrieved 01 November, 2011 from Youtube Web site: http://www.youtube.com/watch?feature=player_embedded&v=3ZL0E1J7wOg!
Mills, E (2011). Anonymous online activists threaten Mexican drug cartel. Retrieved 01November, 2011 from Cnet Web site: http://news.cnet.com/8301-1009_3-20127534-83/anonymous-online-activists-threaten-mexican-drug-cartel/?tag=txt;title
THN Reporter (2011). Anonymous hackers threatening a Mexican drug cartel. Retrieved 01 November, 2011 from The Hacker News Web site: http://thehackernews.com/2011/10/anonymous-hackers-threatening-mexican.html
Thursday, October 27, 2011
Week 9 Post: German hacking group releases new web attack tool
The German hacking groups known as “Hackers Choice” have released a program that they declare will allow for a Web server to be taken down by a single computer using a secure connection.
The program named The THC-SSL-DOS (The Hackers Choice-Secure Socket Layer-Denial of Service) tool was released to the public on Monday. Evidently this tool exploits a flaw in Secure Socket Layer (SSL) renegotiation protocol by barraging and overwhelming a system with numerous requests for secure connections. SSL renegotiation makes it possible for Web sites to create new security keys over and SSL connection that has already been established.
Hackers Choice has announced that it released the exploit to bring attention to the flaws existing in SSL, which enable sensitive data traffic to flow between Web sites and an individual user’s computer without being captured.
According to a blog posting by an anonymous member of the group: “We are hoping that the fishy security in SSL does not go unnoticed,” the member continued with: "The industry should step in to fix the problem so that citizens are safe and secure again. SSL is using an aging method of protecting private data which is complex, unnecessary and not fit for the 21st century.”
The group has also stated that the exploit will also works on servers which do not have SSL renegotiation enabled, but requires some configuration and the addition of more attacking computers. The group states that this exploit would afford a single IBM laptop to take down an average Web server over a standard DSL connection. Establishing a SSL connection requires
Establishing an SSL connection is 15x more taxing on the processing power of the server than on the client. This program exploits this lopsided property by overloading the server and kicking it off the Internet. This problem affects all SSL implementations today. Vendors have been aware of this problem since 2003 and the topic has been discussed widely.
Both UNIX and Windows flavors of this program are freely available to the public at the following site: http://thehackernews.com/2011/10/hackers-choice-releases-ssl-ddos-tool.html. Thehackernews.com site also gives the following information:
Tips & Tricks for whitehats
1. The average server can do 300 handshakes per second. This would require 10-25% of your laptops CPU.
2. Use multiple hosts (SSL-DOS) if an SSL Accelerator is used.
3. Be smart in target acquisition: The HTTPS Port (443) is not always the best choice. Other SSL enabled ports are more unlikely to use an SSL Accelerator (like the POP3S, SMTPS, ... or the secure database port).
Counter measurements:
No real solutions exists. The following steps can mitigate (but not solve) the problem:
1. Disable SSL-Renegotiation
2. Invest into SSL Accelerator
I find it curious when groups like Hackers Choice release such powerful tools to the general public. I understand the argument that it forces vendors to seriously address the issues, but on the flipside of the coin, until a fix is provided we could see issues across the Internet because anyone with a computer now has the power to attack and potentially temporarily cripple Web sites. I think a better approach would be to announce that they have found an exploit and work with the vendors to correct the holes that they have found rather than arm the masses with a tool like this.
References:
New attack tool targets web servers using secure connections. Retrieved 26 October, 2011 from Web site: http://news.cnet.com/8301-1009_3-20125058-83/new-attack-tool-targets-web-servers-using-secure-connections/?tag=txt;title
Hackers Choice releases SSL-DDOS-Tool. Retrieved 26 October, 2011 from Web site: http://thehackernews.com/2011/10/hackers-choice-releases-ssl-ddos-tool.html
The program named The THC-SSL-DOS (The Hackers Choice-Secure Socket Layer-Denial of Service) tool was released to the public on Monday. Evidently this tool exploits a flaw in Secure Socket Layer (SSL) renegotiation protocol by barraging and overwhelming a system with numerous requests for secure connections. SSL renegotiation makes it possible for Web sites to create new security keys over and SSL connection that has already been established.
Hackers Choice has announced that it released the exploit to bring attention to the flaws existing in SSL, which enable sensitive data traffic to flow between Web sites and an individual user’s computer without being captured.
According to a blog posting by an anonymous member of the group: “We are hoping that the fishy security in SSL does not go unnoticed,” the member continued with: "The industry should step in to fix the problem so that citizens are safe and secure again. SSL is using an aging method of protecting private data which is complex, unnecessary and not fit for the 21st century.”
The group has also stated that the exploit will also works on servers which do not have SSL renegotiation enabled, but requires some configuration and the addition of more attacking computers. The group states that this exploit would afford a single IBM laptop to take down an average Web server over a standard DSL connection. Establishing a SSL connection requires
Establishing an SSL connection is 15x more taxing on the processing power of the server than on the client. This program exploits this lopsided property by overloading the server and kicking it off the Internet. This problem affects all SSL implementations today. Vendors have been aware of this problem since 2003 and the topic has been discussed widely.
Both UNIX and Windows flavors of this program are freely available to the public at the following site: http://thehackernews.com/2011/10/hackers-choice-releases-ssl-ddos-tool.html. Thehackernews.com site also gives the following information:
Tips & Tricks for whitehats
1. The average server can do 300 handshakes per second. This would require 10-25% of your laptops CPU.
2. Use multiple hosts (SSL-DOS) if an SSL Accelerator is used.
3. Be smart in target acquisition: The HTTPS Port (443) is not always the best choice. Other SSL enabled ports are more unlikely to use an SSL Accelerator (like the POP3S, SMTPS, ... or the secure database port).
Counter measurements:
No real solutions exists. The following steps can mitigate (but not solve) the problem:
1. Disable SSL-Renegotiation
2. Invest into SSL Accelerator
I find it curious when groups like Hackers Choice release such powerful tools to the general public. I understand the argument that it forces vendors to seriously address the issues, but on the flipside of the coin, until a fix is provided we could see issues across the Internet because anyone with a computer now has the power to attack and potentially temporarily cripple Web sites. I think a better approach would be to announce that they have found an exploit and work with the vendors to correct the holes that they have found rather than arm the masses with a tool like this.
References:
New attack tool targets web servers using secure connections. Retrieved 26 October, 2011 from Web site: http://news.cnet.com/8301-1009_3-20125058-83/new-attack-tool-targets-web-servers-using-secure-connections/?tag=txt;title
Hackers Choice releases SSL-DDOS-Tool. Retrieved 26 October, 2011 from Web site: http://thehackernews.com/2011/10/hackers-choice-releases-ssl-ddos-tool.html
Saturday, October 22, 2011
Week 8 Post: Cyberwarfare, the future of war
According to The Ney York Times, White House officials said that they had considered attacks on Libya’s government computer network to block the country’s early-warning data gathering and missile launches on NATO war planes during the American-lead strikes last spring, but they had decided against.
Though the cyber attacks would have lowered the risks to pilots, ultimately it was called off because they fear opening that door, and the precedent a cyber offensive would. Also there was a concern that there would not be enough time to find all of the holes in Libya’s networks and exploit them before the strikes. There were questions of whether Congress would need to be notified prior to the attacks.
Weeks later, there were talks among military strategists discussing smaller attacks to prevent alerting Pakistani radars from noticing the helicopters that carried the Seal commandos who would go on to kill Osama bin Laden in May. Instead, the operation deployed Black Hawk helicopters and a surveillance drone that were equipped with radar-evading technology.
One could speculate that there may be another reason given that the Pentagon is inching towards declaring cyber attacks launched by foreign nations an act of war, which merits a military response.
Also, there is some speculation that the U.S. may have played a role in the creation or spreading of Stuxnet, which according to researchers who have analyzed the code, say that it appeared that it was designed to sabotage Iran’s nuclear program.
It’s easy to see articles like this in many different lights. One prone to conspiracies could assume that the statements given by Obama’s administration are flat out lies, that our government is in fact engaging in cyber warfare, and just like every other country on the planet, flatly denies it. But, this only makes sense, if our government (or ANY government for that matter) were to disclose that they were in fact involved in offensive cyber attacks, it opens Pandora’s Box. With all the reports of China performing offensive cyber attacks and data collection, but them acting ignorant to it in the news, is it any wonder that the US would do the same? People who can get past the conspiracies may see the logic in the government not using Libya or Pakistan as a test bed for cyber attacks, I mean let’s be honest, are these countries deploying countermeasures that are adequate enough to repel our airborne and cloaking technologies? I highly doubt it, and in this age of WikiLeaks, would America really want to risk being under the spotlight on the world stage for matter-of-factly employing cyber offensives? I think not.
That being said, it is almost certain that cyber warfare will be a part of the future of war. Strictly from an IT Security standpoint, it will be interesting to see how this new arm of warfare shapes the future faces of war.
References:
Mills, E. (2011). U.S. rejected cyberattack on Libya, report says. Retrieved 20 October, 2011 from Cnet Web site: http://news.cnet.com/8301-1009_3-20121681-83/u.s-rejected-cyberattack-on-libya-report-says/
Friday, October 14, 2011
Week 7 Post: German officials accused of hacking… by hackers.
A group of German hackers known as the ‘Chaos Computer Club’ (CCC) allege that they have uncovered a Trojan program designed for spying on Skype communications. The allegations are leveled at German law enforcement officials, whom the group says used the Trojan for surveillance.
The Trojan, the group learned after reverse-engineering and analyzing the ‘lawful interception’ malware program used by German police forces, has flaws which put the infected computer at risk to serious attacks by others.
The CCC wrote in a post on their Web site: "The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the Internet."The group uncovered the Trojan while it was performing some consulting for German lawyer Patrick Schladt, who is defending a client facing charges of illegal export of pharmaceuticals. Schladt had given his client’s laptop to the CCC to examine the machine using computer forensics. The CCC used forensic software to restore the Trojan files, which had earlier been removed to cover the tracks of the program.
Mr. Schladt alleges the Trojan was installed on his client’s laptop by customs officials per the request of Bavarian state police when the client was returning to Germany after a trip in 2009. Following his client being charged, prosecutors provided as evidence screenshots taken of the client’s Web browser. Following that, Schladt contacted the CCC.
Snooping on suspected criminals is within the legal guidelines for German authorities, but they need court permission to do so and any spyware used for monitoring Voice over IP (VoIP) calls used by authorities cannot alter code on a suspect’s computer, nor can additional functionality be added to the software.
Mr. Schladt argues that the screenshots presented demonstrate that the software used to spy on his client’s laptop went “way too far for German logging” laws. He brought his argument to a higher court and the judge agreed. Mr. Schladt said: "The most important thing is that every screenshot that was made and every file out of that Trojan will not be in the case."
The malware in question, known as the “State Trojan” or “R2D2” has the capability to not only monitor Skype, but is also capable of monitoring MSN Messenger, and Yahoo Messenger communications. Additionally, it is able to capture keystrokes in Internet Explorer, Firefox and other browsers, and it can capture screenshots.
The malware violates German law because of its capability to receive uploads of programs from the Internet and is capable of executing them remotely. According to the CCC “This means, an 'upgrade path' from lawful spyware to the full State Trojan's functionality is built-in right from the start. Activation of the computer's hardware like microphone or camera can be used for room surveillance, the government malware can, unchecked by a judge, load extensions by remote control, to use the Trojan for other functions, including but not limited to eavesdropping."
The State Trojan could theoretically be used to plant evidence on the infected machine. It could also delete files, hence completely obstructing justice. It also has serious security holes that would open the infected computer up to attacks made by others aside from the law enforcement agency that is controlling the software.
"The screenshots and audio files it sends out are encrypted in an incompetent way, the commands from the control software to the Trojan are even completely unencrypted," the CCC post says. "Neither the commands to the Trojan nor its replies are authenticated or have their integrity protected. Not only can unauthorized third parties assume control of the infected system, but even attackers of mediocre skill level can connect to the authorities, claim to be a specific instance of the trojan, and upload fake data. It is even conceivable that the law enforcement agencies' IT infrastructure could be attacked through this channel."
The CCC says that it has contacted the German Ministry of the Interior about what it has uncovered. The group says that they (Ministry of Interior) have had enough time to activate the existing self destruct function of the trojan.”
At a news conference on the 10th of October, German federal government spokesman Steffen Siebert said that officials are looking into the matter. “We are taking the allegations very seriously; we will need to check all systems thoroughly.”
WikiLeaks had released a confidential memo in 2008 that showed communications between German state law enforcement and a German software agency DigiTask, a company that makes software that is capable of monitoring Skype communication.
Seibert said that the software in question was 3 years old and had not been used by federal officials.
DigiTask lawyer Winfried Seibert said that the company had developed programs for authorities in Germany.
Regarding the use of the trojan, if it’s within German laws to spy on people’s computers in this fashion, then there’s nothing wrong with them using such methods. The problem lies in the idea that they are creating security holes in the victim’s machines.
References:
Mills, E. (2011). Hackers say German officials used backdoor. Retrieved 12 October, 2011 from Cnet Web site: http://news.cnet.com/8301-1009_3-20118194-83/hackers-say-german-officials-used-backdoor/
Friday, October 7, 2011
Week 6 Post: Homeless Hacker Accused of Hacking County Computers
Christopher Doyon, 47, is a homeless man in Santa Cruz is facing federal charges for purportedly hacking County computers last December. He was released from custody last week. Mr. Doyon was in Santa Cruz on Saturday to profess his innocence and voice his concerns of what he believes to be an oppression of the homeless.
Doyon was indicted last month by a federal grand jury in what seems to be part of a nationwide crackdown on the hacking community. The indictment against Doyon alleges that he is a computer hacker known by the alias of Commander X, whom is a member of a group based out of Massachusetts known as the Peoples Liberation Front (PLF). The PLF describes itself as an organization of cyber-warriors who work on behalf of the downtrodden. The indictment also claims that he is a member of Anonymous, the international outfit that has been responsible for worldwide hacking attacks.
Doyon professed the following last Saturday outside of the Santa Cruz County Courthouse: “I am Commander X, Yes, I am immensely proud and humbled to my core to be a part of the movement known as Anonymous.” He also stated that he’s a founding member of the PLF.
Doyon was arrested by federal agents on 22 September on a street corner in Mountain View.
He continued by saying: “Both my co-defendant, Josh Covelli, and I are categorically innocent of the charges against us and our legal team will provide irrefutable evidence of this.”
The federal document claims that Doyon and Covelli (who is from Fairborn Ohio), executed “Operation Peace Camp 2010” on behalf of the PLF. The operation included carrying out a Distributed Denial of Service (DDOS) on county computers, making them temporarily inaccessible. The document also claims that the actions taken were as a response to events of the ‘Peace Camp of August 2010” where more than 50 people slept outside the County Courthouse for 60 days in protest of the city’s laws against sleeping outside.
Reference:
http://www.santacruzsentinel.com/localnews/ci_19020319
Doyon was indicted last month by a federal grand jury in what seems to be part of a nationwide crackdown on the hacking community. The indictment against Doyon alleges that he is a computer hacker known by the alias of Commander X, whom is a member of a group based out of Massachusetts known as the Peoples Liberation Front (PLF). The PLF describes itself as an organization of cyber-warriors who work on behalf of the downtrodden. The indictment also claims that he is a member of Anonymous, the international outfit that has been responsible for worldwide hacking attacks.
Doyon professed the following last Saturday outside of the Santa Cruz County Courthouse: “I am Commander X, Yes, I am immensely proud and humbled to my core to be a part of the movement known as Anonymous.” He also stated that he’s a founding member of the PLF.
Doyon was arrested by federal agents on 22 September on a street corner in Mountain View.
He continued by saying: “Both my co-defendant, Josh Covelli, and I are categorically innocent of the charges against us and our legal team will provide irrefutable evidence of this.”
The federal document claims that Doyon and Covelli (who is from Fairborn Ohio), executed “Operation Peace Camp 2010” on behalf of the PLF. The operation included carrying out a Distributed Denial of Service (DDOS) on county computers, making them temporarily inaccessible. The document also claims that the actions taken were as a response to events of the ‘Peace Camp of August 2010” where more than 50 people slept outside the County Courthouse for 60 days in protest of the city’s laws against sleeping outside.
According to “Peace Camp 2010” organizer Becky Johnson’s blog last month on the groups blog: "The city of Santa Cruz does not regulate camping. It forbids it completely, and this is in a city with over 1,000 houseless people and shelter for less than 10 percent on our best days."
Johnson along with other organizers of the protest have expressed that they had nothing to do with the hacking, nor did they plan or approve of it.
Doyon said that he chose to speak in front of the County Courthouse because it was the site of the 2010 protest, which he'd attended. He is one of five people who were charged with illegal camping. Others arrested were Gary Johnson and Ed Frey (a homeless activist and attorney). Both of those men were sentenced to six months in jail last June and they are currently attempting to appeal the decision.
Doyon went on to say: "The protest was about standing up to the rich and powerful few in Santa Cruz and to demonstrate a better way of building community, and it was those powerful few who, fearing the effect that peaceful protest might have on upcoming elections, ordered Peace Camp 2010 to be ended by force, arresting dozens."
Doyon, released from federal custody last Thursday has been prohibited from accessing social networking sites such as Twitter, Facebook, and Internet Relay Chat. He expressed: “They’ve taken away my freedom of speech.” He strongly believes that U.S. Citizens have a “moral imperative” to protest what he believes to be unjust actions by our governments and law enforcement, things such as punishing citizens for sleeping outside.
According to Doyon: "All you need to be a world-class hacker is a computer and a cool pair of sunglasses and the computer is optional."
I applaud Doyon for speaking out and protesting for what he believes in, but feel that he went too far with the DDOS attacks.
Reference:
http://www.santacruzsentinel.com/localnews/ci_19020319
Monday, October 3, 2011
Saturday, October 1, 2011
Week 5 Post: Hacking Wall Street
The latest cyber attack on Wall Street targets the chief executive of J.P. Morgan Chase, James "Jamie" Dimon. It's interesting to see the growing trend of physical and cyber events blending. This latest attack works in unison with the real world 'Occupy Wall Street' protests that recently took place.
The attack against Jamie Dimond included the release of a document on Pastebin.com. The document included private information about the CEO, including details on his addresses, family members, political contributions, business connections as well as legal information. The document was released by "CabinCr3w."
The hackers have also posted personal data about Goldman Sachs CEO, Lloyd Blankfiend.
In related attacks, the hackers also released information on the New York Police Deputy Inspector, Anthony Bologna in retaliation for videos that show Bologna pepper-spraying peaceful demonstrators in the face last weekend. Bologna is also accused of additional unprovoked pepper-spray attacks on other peaceful demonstrators during the demonstrations, and is currently under investigation for his actions.
The Wall Street protests began about two weeks ago, and have attracted participants numbering in the thousands. The movement has found support from celebrities such as: Noan Chomsky, Michael Moore, Susan Sarandon, as well as organized labor groups and students. The demonstrators are protesting the U.S. Financial system that they feel favors the rich at the expense of everyone else.
Anonymous and Adbusters activists are the main groups behind the protests.
I’m personally torn on these events. I respect the rights of those who have calmly gathered to peacefully protest what they see as being wrong with America. In the videos I have seen, the police pepper-spraying protesters seems to be an abuse of power, he’s not fending off a rioting mob, but rather is assaulting peacefully gathered protesters. There may have been some provocation by the crowd that is not caught on film (or has been edited out to mask the facts), but the evidence doesn’t seem to show a need for pepper-spraying. The cyber attacks on the other hand, I absolutely disagree with. Leaking personal information such as addresses and family members could lead to serious damage to those involved.
Reference:
Mills, E. (2011). Hackers post data on JP Morgan Chase CEO. Retrieved 30 September, 2011 from CNET Web site: http://news.cnet.com/8301-1009_3-20113943-83/hackers-post-data-on-jp-morgan-chase-ceo/?tag=mncol;title
The attack against Jamie Dimond included the release of a document on Pastebin.com. The document included private information about the CEO, including details on his addresses, family members, political contributions, business connections as well as legal information. The document was released by "CabinCr3w."
The hackers have also posted personal data about Goldman Sachs CEO, Lloyd Blankfiend.
In related attacks, the hackers also released information on the New York Police Deputy Inspector, Anthony Bologna in retaliation for videos that show Bologna pepper-spraying peaceful demonstrators in the face last weekend. Bologna is also accused of additional unprovoked pepper-spray attacks on other peaceful demonstrators during the demonstrations, and is currently under investigation for his actions.
The Wall Street protests began about two weeks ago, and have attracted participants numbering in the thousands. The movement has found support from celebrities such as: Noan Chomsky, Michael Moore, Susan Sarandon, as well as organized labor groups and students. The demonstrators are protesting the U.S. Financial system that they feel favors the rich at the expense of everyone else.
Anonymous and Adbusters activists are the main groups behind the protests.
I’m personally torn on these events. I respect the rights of those who have calmly gathered to peacefully protest what they see as being wrong with America. In the videos I have seen, the police pepper-spraying protesters seems to be an abuse of power, he’s not fending off a rioting mob, but rather is assaulting peacefully gathered protesters. There may have been some provocation by the crowd that is not caught on film (or has been edited out to mask the facts), but the evidence doesn’t seem to show a need for pepper-spraying. The cyber attacks on the other hand, I absolutely disagree with. Leaking personal information such as addresses and family members could lead to serious damage to those involved.
Reference:
Mills, E. (2011). Hackers post data on JP Morgan Chase CEO. Retrieved 30 September, 2011 from CNET Web site: http://news.cnet.com/8301-1009_3-20113943-83/hackers-post-data-on-jp-morgan-chase-ceo/?tag=mncol;title
Tuesday, September 20, 2011
Week 4 Post: DigiNotar, No More
DigiNotar, a company based out of the Netherlands (a subsidiary of VASCO Data Security), will officially be going out of business (claiming bankruptcy), largely in part due to the efforts of a lone 21-year old hacker who identifies himself as "Comodohacker."
Earlier this year (July 19th, 2011), DigiNotar was a victim of a cyber attack that resulted in an intrusion of the company's Certificate Authority (CA) infrastructure. This successful attack allowed for the issuance of fraudulent SSL certificates for hundreds of domains, to include CIA.gov and Google.com. The fraudulent SSL certificates could be maliciously used by hackers to spoof themselves as a sub-domain of Google.com, CIA.gov, etc. This could allow hackers to perform phishing attacks, spoof content, and perform main-in-the-middle attacks against internet browsers. This event caused Microsoft to remove the DigiNotar root certificate from the Microsoft Certificate Trust List (list used in Vista, Windows 7, Server 2008, etc).
DigiNotar was acquired by VASCO Data Security in January, 2011 for $12.9 Million, but in the first 6 months of the 2011 year, DigiNotar has generated less than 100,000 euro in SSL and EVSSL revenue. The company has halted sales of its certificates since the incident.
The Court has appointed both a bankruptcy judge and a bankruptcy trustee to manage the bankruptcy process. The trustee is going to work under supervision of the judge and will be responsible for administration actions and the liquidation process of DigiNotar. The Trustee will be submitting his reports to the Judge and reports are expected to be delivered to the public and should serve as the primary source of information to both creditors and stakeholders.
T. Kendall Hunt (VASCO's Chairman and CEO) gave the following statement: "Although we are saddened by this action and the circumstances that necessitated it, we would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO's core authentication technology. The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO's strong authentication business.” The only thing missing from his statement to the shareholders is: "p.s. sorry about the $12.9 million dollars we just lost."
This is not the first CA that Comodohacker has hacked into, but it is the first one that has been officially forced out of business as a result of his efforts.
Comodohacker is reportedly an Iranian loyalist. He has said that he has developed an unbreakable system for replacing SSL certificates. He has said the following: “If my country get equal right as USA in controlling emails, I may share my brilliant unbreakable encryption system for replacement of SSL and CA system,” He's also pumped himself up with the following: “P.S.S. never forget, I'm just 21, you have to see much more from me!”
It simply amazes me that a company whose market IS internet security could be destroyed by the efforts of a lone individual. If this isn't a form of situational irony, I don't know what is (but since the word irony is so often misused, and seems to have lost its original meaning in our society - thanks Alanis Morissette, chances are this isn't a good example of situational irony whatsoever, but short of tragic, I don't know how to label this event).
Hopefully the next time we hear about Comodohacker it won't follow the headlines of something as horrible as this, an act of digital terrorism, but rather, let's hope he does have an unbreakable system for SSL certificates that he is willing to share with the world. Unfortunately I highly doubt that will be the case.
Reference:
Earlier this year (July 19th, 2011), DigiNotar was a victim of a cyber attack that resulted in an intrusion of the company's Certificate Authority (CA) infrastructure. This successful attack allowed for the issuance of fraudulent SSL certificates for hundreds of domains, to include CIA.gov and Google.com. The fraudulent SSL certificates could be maliciously used by hackers to spoof themselves as a sub-domain of Google.com, CIA.gov, etc. This could allow hackers to perform phishing attacks, spoof content, and perform main-in-the-middle attacks against internet browsers. This event caused Microsoft to remove the DigiNotar root certificate from the Microsoft Certificate Trust List (list used in Vista, Windows 7, Server 2008, etc).
DigiNotar was acquired by VASCO Data Security in January, 2011 for $12.9 Million, but in the first 6 months of the 2011 year, DigiNotar has generated less than 100,000 euro in SSL and EVSSL revenue. The company has halted sales of its certificates since the incident.
The Court has appointed both a bankruptcy judge and a bankruptcy trustee to manage the bankruptcy process. The trustee is going to work under supervision of the judge and will be responsible for administration actions and the liquidation process of DigiNotar. The Trustee will be submitting his reports to the Judge and reports are expected to be delivered to the public and should serve as the primary source of information to both creditors and stakeholders.
T. Kendall Hunt (VASCO's Chairman and CEO) gave the following statement: "Although we are saddened by this action and the circumstances that necessitated it, we would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO's core authentication technology. The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO's strong authentication business.” The only thing missing from his statement to the shareholders is: "p.s. sorry about the $12.9 million dollars we just lost."
This is not the first CA that Comodohacker has hacked into, but it is the first one that has been officially forced out of business as a result of his efforts.
Comodohacker is reportedly an Iranian loyalist. He has said that he has developed an unbreakable system for replacing SSL certificates. He has said the following: “If my country get equal right as USA in controlling emails, I may share my brilliant unbreakable encryption system for replacement of SSL and CA system,” He's also pumped himself up with the following: “P.S.S. never forget, I'm just 21, you have to see much more from me!”
It simply amazes me that a company whose market IS internet security could be destroyed by the efforts of a lone individual. If this isn't a form of situational irony, I don't know what is (but since the word irony is so often misused, and seems to have lost its original meaning in our society - thanks Alanis Morissette, chances are this isn't a good example of situational irony whatsoever, but short of tragic, I don't know how to label this event).
Hopefully the next time we hear about Comodohacker it won't follow the headlines of something as horrible as this, an act of digital terrorism, but rather, let's hope he does have an unbreakable system for SSL certificates that he is willing to share with the world. Unfortunately I highly doubt that will be the case.
Reference:
Lennon, M. (2011). Hacker Forces DigiNotar Into Bankruptcy. Retrieved September 21, 2011, from Security Week Web site: http://www.securityweek.com/hacker-forces-diginotar-bankruptcy
Wednesday, September 14, 2011
Week 3 Post: 9/11, From Hijackers to Hackers
For most people in our nation, September 11th will live on to be a day that commemorates a dark hour in our nation's past. Yet this year the 10th anniversary was mocked by online hackers. While the rest of the nation was involved in respectful and solemn ceremonies, remembering the lives taken in the attacks on New York and Washington, a group of hackers took the event as their cue to perform online shenanigans.
On Friday, a hacker group notorious for hacking media outlets hijacked the NBC News Twitter account and posted fabricated accounts of attacks on "Ground Zero" in New York. The group posted messages saying that there was a plane crash at the site following a suspected hijacking.
The group responsible for the postings later unmasked themselves with the following message: “NBCNEWS hacked by the Script Kiddies.”
It seems that the group breached the account via a spear phishing attack. There are only 3 people who have the password to the account. Following this attack, Ryan Osborn (NBC Social Media Director) admitted to MSNBC that he had recently opened an attachment in an e-mail sent to him from an unknown sender.
Prior to this attack, the Script Kiddies gained notoriety with their 4th of July attacks on the Fox News Twitter account. In that debacle, they posted a series of false messages claiming that President Barack Obama had been assassinated.
The Script Kiddies were not the only group engaging in criminal activity surrounding 9/11; another group which identifies itself with the moniker Team Poison ran a campaign in which they were petitioning for support from the masses to call the federal government and protest U.S. foreign policy. The group posted a listing phone numbers on the internet. The numbers were for the White House, U.S. embassies in Libya and Afghanistan, the FBI and the CIA. They were asking its followers to call these numbers and leave the following message: “Dear USA, your 9/11 is our 24/7. Sincerely, [a country that has been bombed/attacked by the USA].”
The group was hoping that the result of mass phone calls would have a huge effect on business. But it would seem that their efforts were largely in vain because much of the Federal government is closed on Sundays so there wasn’t much business to disrupt.
Team Poison had gained some infamy when they defaced a website operated by Research In Motion (RIM), the Canadian company that makes the Blackberry Smartphone. The attack on RIM was spawned because of RIM’s cooperation with the London police during the London riots.
Team Poison has also attacked other hacker groups. They took down the LulzSec website because they felt that its members were inferior hackers.
Reference:
http://www.pcworld.com/article/239824/911_anniversary_spurs_hacker_mischief.html
Monday, September 5, 2011
Week 2 Post: Hack the Planet Hollywood!!
Today is a great day NOT to be famous and living in Hollywood. A splinter cell of the group 'Anonymous' known as 'Hollywood Leaks' has apparently turned their sites away from big government and corporations and has instead set its sights on the stars of Hollywood. They are targeting movie stars, TV personalities and musicians.
There are reports that Tom Cruise, Miley Cyrus, and Kreayshawn have already fallen victim to the group. The hackers are apparently scrounging for any dirt they can get, nude photos, e-mails, memos, phone numbers, pretty much anything they can get their hands on and expose to the world.
Thus far their efforts have resulted in publishing the phone numbers of: Cyrus and Ashley Green, Helio Castronoves and Corky Ballas. They've also published the pre-release script of the movie "Rock of Ages" which Tom Cruise will star in. So far the list of exploits seems pretty minor, but it's just the beginning I'm sure.
The reason I picked up on this article is because I am really torn on the situation. A part of me could really care less about Hollywood, but a larger part of me churns at the concept of these faceless hacker groups. I went to the tweet page for this particular group (http://twitter.com/#!/hwleaks) and its followers seem to be a strange group filled with immaturity. The posts range from threats, counter threats, people asking for dirt on individual celebrities, bragging and a whole lot of "LULZ."
I detest the idea of people using a computer to hurt others, and according to this article, part of this groups goal is to 'end the Jew-controlled media.' To me this is a clear example of why groups like Anonymous are so hard to take seriously. There is no 'head' of the group, it's recruitment mechanism is an open invitation to whoever wants to be part of it, so how could the 'group' say that it wants to 'end the Jew-controlled media?' What is to stop me from creating a YouTube video, claiming to be part of this outfit and saying that the point of these attacks are because I detest the last season of Smallville? With their lack of oversight it is too easy for someone to deliver this hate-speech agenda, and who can come forward as a voice for the group and say that they're not a hate group? It makes the job of anyone wishing to smear the group or put that type of spin on them all that much easier.
The idea of a group hiding behind a question mark doesn't really strike fear into the heart, but for some reason it reminds me of other terrorist organizations, it doesn't take a lot of courage to hit-and-run and remain faceless. I am perhaps most struck by the irony of the situation - faceless people attacking the 'beautiful people' of Hollywood. It will be interesting to see when some of these individuals get caught for their crimes and faces are attached to them.
I'm sure we haven't heard the end of this, but I have to wonder how many A-listers will be consulting their IT Security specialists in the near future.
To read the full article, follow:
http://news.cnet.com/8301-1009_3-20100210-83/offshoot-of-anonymous-takes-aim-at-hollywood/?tag=mncol;title
There are reports that Tom Cruise, Miley Cyrus, and Kreayshawn have already fallen victim to the group. The hackers are apparently scrounging for any dirt they can get, nude photos, e-mails, memos, phone numbers, pretty much anything they can get their hands on and expose to the world.
Thus far their efforts have resulted in publishing the phone numbers of: Cyrus and Ashley Green, Helio Castronoves and Corky Ballas. They've also published the pre-release script of the movie "Rock of Ages" which Tom Cruise will star in. So far the list of exploits seems pretty minor, but it's just the beginning I'm sure.
The reason I picked up on this article is because I am really torn on the situation. A part of me could really care less about Hollywood, but a larger part of me churns at the concept of these faceless hacker groups. I went to the tweet page for this particular group (http://twitter.com/#!/hwleaks) and its followers seem to be a strange group filled with immaturity. The posts range from threats, counter threats, people asking for dirt on individual celebrities, bragging and a whole lot of "LULZ."
I detest the idea of people using a computer to hurt others, and according to this article, part of this groups goal is to 'end the Jew-controlled media.' To me this is a clear example of why groups like Anonymous are so hard to take seriously. There is no 'head' of the group, it's recruitment mechanism is an open invitation to whoever wants to be part of it, so how could the 'group' say that it wants to 'end the Jew-controlled media?' What is to stop me from creating a YouTube video, claiming to be part of this outfit and saying that the point of these attacks are because I detest the last season of Smallville? With their lack of oversight it is too easy for someone to deliver this hate-speech agenda, and who can come forward as a voice for the group and say that they're not a hate group? It makes the job of anyone wishing to smear the group or put that type of spin on them all that much easier.
The idea of a group hiding behind a question mark doesn't really strike fear into the heart, but for some reason it reminds me of other terrorist organizations, it doesn't take a lot of courage to hit-and-run and remain faceless. I am perhaps most struck by the irony of the situation - faceless people attacking the 'beautiful people' of Hollywood. It will be interesting to see when some of these individuals get caught for their crimes and faces are attached to them.
I'm sure we haven't heard the end of this, but I have to wonder how many A-listers will be consulting their IT Security specialists in the near future.
To read the full article, follow:
http://news.cnet.com/8301-1009_3-20100210-83/offshoot-of-anonymous-takes-aim-at-hollywood/?tag=mncol;title
Wednesday, August 31, 2011
Subscribe to:
Posts (Atom)