Jeremy Hammond and other members of AntiSec, an offshoot of the hacker group Anonymous, stole credit-card information and other confidential data from the firm, Strategic Forecasting Inc., prosecutors said.

Read the rest of this post on the original site »

The change has been reported by two organizations: Syria Digital Reports, a project of Canada’s SecDev organization; and BGPmon, a company which monitors the Border Gateway Protocol information of the Internet’s underlying infrastructure. They both have noticed the country’s Internet connections humming back to life within the last hour.

BGP routes back in #Syria, 60 of 67 netblocks have returned to connectivity as of around 16:00 local time #Syriablackout

May 8, 2013 7:37 am via TweetDeckReplyRetweetFavorite

@DSRSyria

SyriaDigitalReports

After an almost 20 hour outage Syria just came back online at 14:12 UTC today. Also see pic. http://t.co/6hqobsFdeO

May 8, 2013 8:07 am via webReplyRetweetFavorite

@bgpmon

BGPmon.net

BGPmon tweeted the following graphic that it says shows the country’s routing infrastructure coming back online:

Google’s Transparency report data is also ticking upward.

Meanwhile, there has been at least one vague claim that the loss of connectivity wasn’t the result of a Syrian government order. It comes from Anonymous, the loose affiliation of hackers who are better known for making noise and calling attention to themselves than for actually hacking anything in a meaningful way. I’ll believe it when I see some convincing evidence, so take this one with a grain of salt, but here’s its latest tweet on the subject:

SYRIAN INTERNET SHUT DOWN. THIS WAS NOT AN ACT OF THE SYRIAN GOVERNMENT.

May 8, 2013 8:27 am via webReplyRetweetFavorite

@Anon_Central

Anonymous Operations

Clarification: I revised the story above to clear up any implication I may have made that the SecDev Organization’s Syria Digital Reports project is connected to BGPmon. They’re not connected, but the way I initially wrote it made it seem that they were. Sorry about that.

Often this involves what’s known in security circles as a Distributed Denial Of Service attack, or DDOS. Basically, it involves using an army of hijacked computers to overwhelm a site with so many requests for attention that it’s unable to respond to legitimate requests and thus becomes unavailable.

It has in recent years become a popular method to make a political or ideological point in which the target is some kind of symbol. Earlier this year, there were reports that the method was used by attackers based in Iran against several U.S. banks. Anonymous, the loose affiliation of hackers, has occasionally tried, and occasionally failed, to carry out DDOS attacks. A few years ago, WordPress.com came under an attack by unidentified attackers. And in 2011, a bunch of people were arrested for taking part in some DDOS attacks against PayPal.

Anyway, there’s some new data today from a security company called Prolexic, saying that the amount of bandwidth that DDOS attackers are able to bring to bear on their targets has been increasing at an alarming rate. During the first quarter of the year, the average DDOS attack totaled 48.25 gigabits per second, which is an increase by more than 700 percent versus the prior quarter. The data is contained in a report the company issued today. It’s worth noting that that’s an average, not a peak.

If you liken a DDOS attack to a fire hose, then what this means is that the amount of unwanted water an attacker is able to spray at a target increased sevenfold in one quarter. Anything in excess of 45Gbps is enough to overwhelm even the biggest enterprises and service providers, said Stuart Scholly, Prolexic’s president.

DDOS attackers are getting smarter and are able to command ever bigger armies of compromised computers, and they have studied closely the plumbing of the Internet to better understand its more tender spots.

And it’s not just the amount of bandwidth, but the overall number of packets with which attackers flood a target that’s causing the trouble. The rate of the average DDOS attack in Q1 was more than 32 million packets per second, and anything above 30 million is pretty nasty and difficult to mitigate.

So where do the attacks come from? China was the leading source; DDOS traced to that country accounted for nearly 41 percent of the total, followed by the U.S., which accounted for nearly 22 percent. Germany, Iran and India rounded out the top five. There are more details, including a case study or two about some recent attacks, contained in the report, and if you’re the kind of person who has to fend off the occasional DDOS attack, it may be worth your while to read it. But the main thing to understand is that the attacks themselves are getting nastier.

The “OpIsrael” attack, which was claimed on a website by activist hackers who said they were affiliated with the hacker group “Anonymous,” was the latest episode of the Middle East conflict moving from the battlefield to civilian computer networks in the public domain.

Read the rest of this post on the original site »

You can read the original indictment below. But federal authorities say that in late 2010 in a chat room, Matthew Keys helped a member of Anonymous working under the chat room name “Sharpie” obtain the user name and password to that company’s content management system.

That person then vandalized an existing story on the website of the Los Angeles Times, authorities said.

Their chat transcripts suggest that Sharpie had bigger plans and intended to replace the Web front page of either the Chicago Tribune or the Los Angeles Times with a page of his own making.

For allegedly helping with that, Keys faces as much as 10 years in prison and a fine of $250,000.

Chances are that pressure will be brought to bear on Keys to help the FBI track down more members of Anonymous — that is, to the extent that he can. Don’t expect much.

Keys, who tweeted for Reuters under the name @TheMatthewKeys, appears to be nothing more than a bit player who was sympathetic to Anonymous and was a former employee of a TV station owned by Tribune. He’s unlikely to know how to go about finding the people who constitute the inner core of Anonymous.

For something like that, you need a much more strategically placed confidential informant. Someone like Hector Xavier Monsegur, who worked under the handle Sabu. He’s the one who, from an apartment on Manhattan’s Lower East Side, helped authorities in the U.S., U.K. and Ireland collar a few allegedly higher-ranking members of Anonymous.

Matthew Keys Indictment

The group used a denial-of-service brute-force attack (commonly known as DDoS-ing) to bring down the site for a period of time, while posting a message to the school’s site shortly thereafter.

“Whether or not the government contributed to his suicide, the government’s prosecution of Swartz was a grotesque miscarriage of justice, a distorted and perverse shadow of the justice Aaron died fighting for,” the group wrote in the message.

The attack comes just two days after news of Swartz’s death was first made public. Swartz was being prosecuted for his alleged theft of nearly five million JSTOR academic articles in 2010, accessed on the MIT campus network.

Swartz faced charges of computer fraud, wire fraud and other allegations from the U.S. Attorney’s office, which, if he were convicted, could have put the young activist in prison for upward of 30 years and slapped him with $1 million in fines.

While JSTOR eventually did not pursue any legal action against Swartz after he handed over a number of hard drives, the U.S. Attorney’s office continued to prosecute Swartz. His trial was set to begin this April.

On Friday evening, Swartz was found hanged to death in his Brooklyn apartment, by his partner, Taren Stinebrickner-Kauffman. He was 26.

“… The situation Aaron found himself in highlights the injustice of U.S. computer crime laws, particularly their punishment regimes, and the highly questionable justice of pre-trial bargaining. Aaron’s act was undoubtedly political activism; it had tragic consequences.”

The attack came only hours after MIT released a statement on Swartz’s death, announcing that the school would launch an internal investigation on the events that led up to Swartz’s passing.

Today, Anon lacks the talent and semi-cohesion it once boasted across the net, and its most recent online crusade is an embarrassing reminder. This is less a war than the hacker equivalent of egging someone’s house and then smoking weed behind a Denny’s.

– Gizmodo editor Sam Biddle, in an article entitled “Anonymous Is Losing Its War Against Israel”

A statement posted online by interim CEO Scott Wagner, said the service outage “was not caused by external influences. It was not a ‘hack’ and it was not a denial of service attack (DDoS).”

Read the rest of this post on the original site »

The FBI computer from which the data was supposedly taken was never hacked, the Bureau said. What’s more, it said it never gathered the information in the first place.

Here’s the statement straight from an FBI spokesperson, sent only five minutes ago:

The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

On Twitter, the FBI’s press office was a lot less ambiguous:

Statement soon on reports that one of our laptops with personal info was hacked. We never had info in question. Bottom Line: TOTALLY FALSE

September 4, 2012 1:52 pm via webReplyRetweetFavorite

@FBIPressOffice

FBI PressOffice

In a message posted to Pastebin earlier today, AntiSec (a.k.a. LulzSec, a.k.a. Anonymous) claimed that it had stolen a list of millions of Unique Device ID numbers and related names and other information for some 12 million Apple-made iOS devices, including iPhones, iPads and iPod touches, found in a notebook computer belonging to an FBI employee.

The point of the claim — and we should be clear that from the first it has been only a claim and an unverified one at that — the group said, was to sound the alarm that the top American law enforcement agency is creating a list of owners of such devices for uncertain purpose. Clearly the agency is calling that claim into serious doubt and thus raising further questions about the origins of the document that AntiSec released today.

So where did that document come from really? The ball is now in AntiSec’s court.

One other thought comes to mind: If, as AntiSec says, the document in question came from an FBI-owned computer and was taken using a breach that took advantage of a vulnerability in Java, then AntiSec is readily admitting that the person who carried out the act has committed a federal crime. Given the history of numerous arrests in the U.S., the U.K. and elsewhere, and especially in light of the fact that the group was betrayed by one of its own, you’d think its remaining members would try to be more careful about its public claims.

It also wouldn’t be the first time that AntiSec/LulzSec/Anonymous had made inflated claims about its abilities. Last summer it made a lot of noise about a bunch of documents from NATO, which it portrayed as both important and sensitive, but which after a little scrutiny turned out to be neither.

Update: AntiSec is certainly enjoying the sudden spike in attention it has been getting.

One of the weirder demands in its statement today had to do with a Gawker writer, a ballet tutu and a shoe. Whatever. They got their wish.

Via its Twitter feed, AntiSec — which supposedly Tweets under the account @AnonymousIRC — reacted to the FBI saying there’s likely more to come.

Also, before you deny too much: Remember we’re sitting on 3TB additional data. We have not even started. #funtimes #fff

September 4, 2012 2:16 pm via TweetDeckReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

In another statement, AntiSec hinted that there will be more disclosures, and referred back to a message posted on YouTube from earlier this year about a 3-terabyte cache of data. It also sought to cast doubt on the FBI’s denial: “The fact that the FBI has no ‘evidence’ of a data breach on one of their notebooks, does not allow the conclusion that it never happened.” Essentially AntiSec is claiming that it knows more about the situation than the FBI does.

Also there’s this, where AntiSec seems to imply that there may be a common app involved in all this.

People whose UDID was on the list released by AntiSec might want to compare their installed apps. A common culprit might be found.

September 4, 2012 3:23 pm via TweetDeckReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

Those are but three of the questions arising from the overnight dump of 1 million Unique Device Identification numbers by the hacker troupe known as AntiSec, the loosely organized group that has variously used the names LulzSec and Anonymous over the last year or so.

In an otherwise rambling political message posted to PasteBin, the group included download links to an 89-megabyte file that certainly looks for real. The circumstances of how the hackers obtained it couldn’t be independently confirmed, but AntiSec claims it was taken during a breach of an FBI-owned notebook in March.

The group described the incident like so (typos in the original):

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of ‘NCFTA_iOS_devices_intel.csv’ turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

There is, according to LinkedIn, a Christopher Stangl employed by the FBI in New York, but so far the agency has had no comment on AntiSec’s claims.

I downloaded the file and from what I know about UDID numbers, it certainly looks legit. So what is a UDID anyway and why should you care? Every iOS device — iPhones, iPads, and iPod touches — has a UDID number. Developers use it to distribute trial versions of new apps before those apps are released to the iTunes store. Another use is storing applications preferences and high scores for games.

But historically, the UDID has been part of the data that many popular applications have shared with third-party marketers along with the phone owner’s age, gender, and ZIP code. A 2010 Wall Street Journal story examined this practice in detail. Earlier that year, the nature of privacy risks on the iPhone were disclosed (PDF here) by the security researcher Erik Smith of PSKL.

Earlier this year Apple started quietly denying access to the UDID by developers, refusing to approve apps that access it, making good on a policy it outlined in August of 2011. In March of this year, Congress started asking questions about the privacy in iOS apps, including UDIDs.

If you’d like to know if your device is on the list of 1 million or so released so far, here’s what to do. First, install a free app called Ad Hoc Helper on your device. This app grabs your device’s UDID and emails it to you. Once you have it, cut and paste the number into this search tool on Dazzlepod. (We haven’t vetted this, so use it at your own risk.)

So what use is knowing if your device is on the list? That’s a good question. I checked two of the three iOS devices I own and they’re not on the list, though in the original file there were several devices owned by people who share my first name. As AntiSec puts it in its statement: “…in this case it’s too late for those concerned owners on the list.”

If the claim by AntiSec bears out (and frankly, right now it is only that, a claim), then the question quickly turns to the FBI’s reasons for gathering the information in the first place. There might be legitimate law-enforcement reasons for doing so, though it’s hard to image what they might be given the sheer numbers said to be involved. It’s not hard to imagine the FBI requesting a UDID along with other information as part of building a case in a criminal investigation into a person or a set of people. But the leak of 1 million such UDIDs with the promise that there are 12 million more certainly raises a lot of troubling questions.

Worse is the fact that the machine on which it was stored was so readily breached by outside elements, though again, this is only an unverified claim.

I’ve asked Apple and the FBI for guidance on this, and don’t expect to hear much, but will update you if I do.

But wait — what if Keller’s tweet about the fake Keller column was a fake? (And have you ever really looked at your hand, man?)

I queried Keller via email, and got this response. I’m going to assume it really is Keller, not a “Matrix”-like construct:

Ah, the social media hall of mirrors. Yes, the “WL Post-Postscript” Op-Ed is a fake. (Though it steals a few lines from my exchange a few days ago with Matthew Ingram, which was real.) My tweet calling the fake tweet a fake was real. This tweet assuring you that the tweet about the fake tweet is not fake is also real. All clear now, right? Good. It’s been real.

I’m working on getting copies of the criminal complaints, and will add them here when I do, but here’s the rundown: It looks like one of the group’s insiders got caught and probably made some kind of misstep in covering his tracks, and then worked secretly with the government to inform on other members. This is exactly what I said was likely to happen in this case, way back in June.

According to Fox, the one who turned is a New Yorker named Hector Xavier Monsegur, who worked under the handle Sabu. He’s 28 years old and the father of two, and lives on the Lower East Side of Manhattan. This is his Twitter feed. He’s been a cooperating witness since June, which coincides nicely with the moment when the first rumors started to emerge that the FBI had penetrated the group.

Fox says that according to documents that will be unsealed in a New York federal court today, Monsegur pleaded guilty in August to several hacking-related crimes. His cooperation led to charges against five more people in Chicago, the U.K. and Ireland. Among them is Jake Davis, the 18-year-old resident of the Shetland Islands, who went by the handle Topiary, and whom police in the U.K. collared on Aug. 1.

The other four are Ryan Ackroyd, who went under the handle “Kayla.” He’s a Londoner. Two people from Ireland were also charged: Darren Martyn, whose handle was “pwnsauce,” and Donncha O’Cearrbhail, who called himself “palladium.” Jeremy Hammond of Chicago went by the handle “Anarchaos.”

The news makes the following tweet by Monsegur, a.k.a. Sabu, seem sort of ironic. Among his final tweets, before word emerged that he had helped turn in his comrades, were several railing against informants and other “cowards.” Clearly, he was keeping up a brave public face:

Without informants or companies bending over+giving up their customer data the feds would be further behind than they are now. Ride up.

March 5, 2012 7:59 am via Twitter for BlackBerry®ReplyRetweetFavorite

@anonymouSabu

The Real Sabu

Anonymous, the wider hacker group with which LulzSec teamed up last year, was quick to urge its followers to block Sabu’s Twitter account.

@anonymouSabu is now controlled by feds. We have blocked the account and we suggest you do as well. #BlockAnonymouSabu

March 6, 2012 10:38 am via TweetDeckReplyRetweetFavorite

@anonops

AnonOps

Hammond, the one in Chicago, was said to be the one who led the hack against the private intelligence company Stratfor. He was profiled by Chicago Magazine in 2007 and portrayed as something of a digital Robin Hood.

Ackroyd is said to be the one who found the weaknesses in the servers of the U.S. Senate that led to its being attacked in June. Hacking federal computer systems is considered a serious crime in the U.S., but is something that LulzSec said, in the posting to Pastebin at the time, that they carried out “just for kicks.”

Update: So the US Attorney’s Office in New York has issued its press release confirming most of what Fox reported. Here it is.

Six Hackers in the United States and Abroad Charged for Crimes Affecting Over One Million Victims

Four Principal Members of “Anonymous” and “LulzSec” Charged with Computer Hacking and Fifth Member Pleads Guilty; “AntiSec” Member also Charged with Stealing Confidential Information from Approximately 860,000 Clients and Subscribers of Stratfor

U.S. Attorney’s Office March 06, 2012

Five computer hackers in the United States and abroad were charged today, and a sixth pled guilty, for computer hacking and other crimes. The six hackers identified themselves as aligned with the group Anonymous, which is a loose confederation of computer hackers and others, and/or offshoot groups related to Anonymous, including “Internet Feds,” “LulzSec,” and “AntiSec.”

RYAN ACKROYD, a/k/a “kayla,” a/k/a “lol,” a/k/a “lolspoon”; JAKE DAVIS, a/k/a “topiary,” a/k/a “atopiary”; DARREN MARTYN, a/k/a “pwnsauce,” a/k/a “raepsauce,” a/k/a “networkkitten”; and DONNCHA O’CEARRBHAIL, a/k/a “palladium,” who identified themselves as members of Anonymous, Internet Feds, and/or LulzSec, were charged in an indictment unsealed today in Manhattan federal court with computer hacking conspiracy involving the hacks of Fox Broadcasting Company, Sony Pictures Entertainment, and the Public Broadcasting Service (“PBS”). O’CEARRBHAIL is also charged in a separate criminal complaint with intentionally disclosing an unlawfully intercepted wire communication.

HECTOR XAVIER MONSEGUR, a/k/a “Sabu,” a/k/a “Xavier DeLeon,” a/k/a “Leon,” who also identified himself as a member of Anonymous, Internet Feds, and LulzSec, pled guilty on August 15, 2011 in U.S. District Court to a 12-count information charging him with computer hacking conspiracies and other crimes. MONSEGUR’S information and guilty plea were unsealed today. The crimes to which MONSEGUR pled guilty include computer hacking conspiracy charges initially filed in the Southern District of New York. He also pled guilty to the following charges: a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Eastern District of California related to the hacks of HBGary, Inc. and HBGary Federal LLC; a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Central District of California related to the hack of Sony Pictures Entertainment and Fox Broadcasting Company; a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Northern District of Georgia related to the hack of Infragard Members Alliance; and a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Eastern District of Virginia related to the hack of PBS, all of which were transferred to the Southern District of New York, pursuant to Rule 20 of the Federal Rules of Criminal Procedure, in coordination with the Computer Crime and Intellectual Property Section (“CCIPS”) in the Justice Department’s Criminal Division.

Late yesterday, JEREMY HAMMOND, a/k/a “Anarchaos,” a/k/a “sup_g,” a/k/a “burn,” a/k/a “yohoho,” a/k/a “POW,” a/k/a “tylerknowsthis,” a/k/a “crediblethreat,” who identified himself as a member of AntiSec, was arrested in Chicago, Illinois and charged in a criminal complaint with crimes relating to the December 2011 hack of Strategic Forecasting, Inc. (“Stratfor”), a global intelligence firm in Austin, Texas, which may have affected approximately 860,000 victims. In publicizing the Stratfor hack, members of AntiSec reaffirmed their connection to Anonymous and other related groups, including LulzSec. For example, AntiSec members published a document with links to the stolen Stratfor data titled, “Anonymous Lulzxmas rooting you proud” on a file sharing website.

The following allegations are based on the indictment, the information, the complaints, and statements made at MONSEGUR’s guilty plea:

Hacks by Anonymous, Internet Feds, and LulzSec

Since at least 2008, Anonymous has been a loose confederation of computer hackers and others. MONSEGUR and other members of Anonymous took responsibility for a number of cyber attacks between December 2010 and June 2011, including denial of service (“DoS”) attacks against the websites of Visa, MasterCard, and PayPal, as retaliation for the refusal of these companies to process donations to Wikileaks, as well as hacks or DoS attacks on foreign government computer systems.

Between December 2010 and May 2011, members of Internet Feds similarly waged a deliberate campaign of online destruction, intimidation, and criminality. Members of Internet Feds engaged in a series of cyber attacks that included breaking into computer systems, stealing confidential information, publicly disclosing stolen confidential information, hijacking victims’ e-mail and Twitter accounts, and defacing victims’ Internet websites. Specifically, ACKROYD, DAVIS, MARTYN, O’CEARRBHAIL, and MONSEGUR, as members of InternetFeds, conspired to commit computer hacks including: the hack of the website of Fine Gael, a political party in Ireland; the hack of computer systems used by security firms HBGary, Inc. and its affiliate HBGary Federal, LLC, from which Internet Feds stole confidential data pertaining to 80,000 user accounts; and the hack of computer systems used by Fox Broadcasting Company, from which Internet Feds stole confidential data relating to more than 70,000 potential contestants on “X-Factor,” a Fox television show.

In May 2011, following the publicity that they had generated as a result of their hacks, including those of Fine Gael and HBGary, ACKROYD, DAVIS, MARTYN, and MONSEGUR formed and became the principal members of a new hacking group called “Lulz Security” or “LulzSec.” Like Internet Feds, LulzSec undertook a campaign of malicious cyber assaults on the websites and computer systems of various business and governmental entities in the United States and throughout the world. Specifically, ACKROYD, DAVIS, MARTYN, and MONSEGUR, as members of LulzSec, conspired to commit computer hacks including the hacks of computer systems used by the PBS, in retaliation for what LulzSec perceived to be unfavorable news coverage in an episode of the news program “Frontline”; Sony Pictures Entertainment, in which LulzSec stole confidential data concerning approximately 100,000 users of Sony’s website; and Bethesda Softworks, a video game company based in Maryland, in which LulzSec stole confidential information for approximately 200,000 users of Bethesda’s website.

The Stratfor Hack

In December 2011, HAMMOND conspired to hack into computer systems used by Stratfor, a private firm that provides governments and others with independent geopolitical analysis. HAMMOND and his co-conspirators, as members of AntiSec, stole confidential information from those computer systems, including Stratfor employees’ e-mails as well as account information for approximately 860,000 Stratfor subscribers or clients. HAMMOND and his co-conspirators stole credit card information for approximately 60,000 credit card users and used some of the stolen data to make unauthorized charges exceeding $700,000. HAMMOND and his co-conspirators also publicly disclosed some of the confidential information they had stolen.

The Hack of International Law Enforcement

In January 2012, O’CEARRBHAIL hacked into the personal e-mail account of an officer with Ireland’s national police service, the An Garda Siochana (the “Garda”). Because the Garda officer had forwarded work e-mails to a personal account, O’CEARRBHAIL learned information about how to access a conference call that the Garda, the FBI, and other law enforcement agencies were planning to hold on January 17, 2012 regarding international investigations of Anonymous and other hacking groups. O’CEARRBHAIL then accessed and secretly recorded the January 17 international law enforcement conference call, and then disseminated the illegally-obtained recording to others.

***

MONSEGUR, 28, of New York, New York, pled guilty to three counts of computer hacking conspiracy, five counts of computer hacking, one count of computer hacking in furtherance of fraud, one count of conspiracy to commit access device fraud, one count of conspiracy to commit bank fraud, and one count of aggravated identity theft. He faces a maximum sentence of 124 years and six months in prison.

ACKROYD, 23, of Doncaster, United Kingdom; DAVIS, 29, of Lerwick, Shetland Islands, United Kingdom; and MARTYN, 25, of Galway, Ireland, each are charged with two counts of computer hacking conspiracy. Each conspiracy count carries a maximum sentence of 10 years in prison.

O’CEARRBHAIL, 19, of Birr, Ireland, is charged in the indictment with one count of computer hacking conspiracy, for which he faces 10 years in prison. He is also charged in the complaint with one count of intentionally disclosing an unlawfully intercepted wire communication, for which he faces a maximum sentence of five years in prison.

HAMMOND, 27, of Chicago, Illinois, is charged with one count of computer hacking conspiracy, one count of computer hacking, and one count of conspiracy to commit access device fraud. Each count carries a maximum sentence of 10 years in prison.

DAVIS is separately facing criminal charges in the United Kingdom, which remain pending, and ACKROYD is being interviewed today by the Police Central e-crime Unit in the United Kingdom. O’CEARRBHAIL was arrested today by the Garda.

The case is being prosecuted by the U.S. Attorney’s Office for the Southern District of New York. The investigation was initiated and led by the FBI, and its New York Cyber Crime Task Force, which is a federal, state, and local law enforcement task force combating cybercrime, with assistance from the PCeU; a unit of New Scotland Yard’s Specialist Crime Directorate, SCD6; the Garda; the Criminal Division’s CCIPS; and the U.S. Attorneys’ Offices for the Eastern District of California, the Central District of California, the Northern District of Georgia, and the Eastern District of Virginia; as well as the Criminal Division’s Office of International Affairs.

The charges contained in the indictment and complaints are merely accusations, and the defendants are presumed innocent unless and until proven guilty.

And here’s the initial indictment on Hector Monsegur, initially filed in the US District Court for the Southern District of New York in August of last year. I’m gathering up documents on the other people charged in this and will share it as I get it.

Monsegur

Anonymous is a handful of geniuses surrounded by a legion of idiots.

– Cole Stryker, an author who has researched the hacker group

AllThingsD.com

Yet now that the attacks have subsided, it’s time to see them for what they are: Nothing more than a blunt instrument that accomplishes nothing constructive.

As of today, only one of the Web sites attacked by the hacker troupe Anonymous is still apparently affected, and that belongs to the Universal Music Group recording label. It currently displays only a message saying “The Site is under maintenance. Please expect it to be back shortly.” Others that had been attacked yesterday, including the sites of the U.S. Department of Justice, the Recording Industry Association of America and the Motion Picture Association of America all seemed to be operating normally.

Thursday’s attacks, which have been described as the biggest action yet organized by Anonymous, were launched in apparent revenge for the FBI’s arrest of several people associated with the file-sharing site Megaupload.com over suspicions of online piracy. Taking place against the backdrop of a wider, more civil protest against anti-piracy legislation currently before the U.S. Congress, the atmosphere around the attacks has been politically charged.

As Molly Wood of CNET put it, the #OpMegaUpload attacks — coming as they did on the heels of Wednesday’s peaceful anti-SOPA protest — seem like an “unsettling wave of car-burning hooligans that sweep in and incite the riot portion of the play,” spurring equally unsettling reactions from the powers that be.

Many outlets have portrayed the attacks as “hacks,” implying that someone had picked a lock in order to commit some kind of sabotage. But the tactic used — a distributed denial-of-service (DDoS) attack — is more aptly compared to a blunt instrument, requiring neither skill nor knowledge, only large numbers of willing participants who team up to swarm a site with more requests than it can accommodate and thus overwhelm its ability to function normally.

The adjective “willing” is debatable, and perhaps inaccurate. Anonymous was able to generate such impressive numbers with the operation — it claimed more than 5,000 participants — by spamming a link in chat rooms and via Twitter that, when clicked, triggered a tool used to launch the attack. People tricked into following the link are given no context or information, and so may or may not have any idea that they’re participating in the execution of a crime.

For the record, it is illegal in the U.S., the U.K., Sweden and other countries to launch and participate in a DDoS attack like the one Anonymous organized. As anyone who has observed the evolution of Anonymous (and its various affiliates using the names LulzSec and AntiSec) should know, the FBI arrested 16 people last July, many of them charged with participating in a DDoS attack against PayPal in protest of its shutting down an account used by WikiLeaks.

In 2009, a New Jersey man was sentenced to a year and a day in prison for launching a DDoS attack against the Church of Scientology. And in 2010, a 23-year-old Ohio man was sentenced to 30 months in prison for launching DDoS attacks against several prominent U.S. conservatives, including the author Ann Coulter, former New York City mayor Rudolph Giuliani and Fox News commentator Bill O’Reilly.

Records like that suggest to me that DDoS attacks never accomplish anything that the people who organize and carry them out attempt to do. At most, they inconvenience the people who visit and operate the targeted sites for a few hours, until the attention spans of the attackers shift elsewhere. They also generate headlines that are forgotten by nearly everyone except the targets, and sometimes law enforcement.

And so it will be this time. Mark your calendars, because the Megaupload revenge attacks will spur a series of arrests later this year. Some of those arrested will be people who didn’t know they were committing a crime. And that certainly won’t help Anonymous’ image. Nor will it further a single bit of what passes for the Anonymous agenda.

This was a very apolitical group that had absolutely no understanding about the military-industrial complex whatsoever, and no understanding about international finance. As a result of joining our battle and trying to protect themselves, they have come to see that the threats related to Internet freedom come from the military-industrial complex, the banking system and the media.

– Julian Assange, in Rolling Stone, referring to Anonymous

But this one has a twist or two. The media company is Grooveshark, an increasingly popular music service that’s also being sued by all of the major music labels.

And Grooveshark doesn’t want information about alleged lawbreakers. Instead, it wants details about an anonymous user who posted comments on Digital Music News, an industry news site.

Paul Resnikoff, the site’s owner, publisher and primary writer, writes about the subpoenas (and posts them in their entirety) here. And Ben Sisario of the New York Times has a good summary of the story. So I’ll try to do my version very quickly:

• Universal Music Group, the world’s biggest label, is suing Grooveshark over copyright violations, and has cited an Oct. 2011 story that Resnikoff published, along with comments made by one more readers, in its case.
• The story concerned claims by musician Robert Fripp and his team, who argued that though they didn’t want Fripp’s music on Grooveshark, the company wouldn’t take his songs off its site.
• The comments in question came from someone who said they were a Grooveshark employee, and that they had specific instructions to upload music from the big labels to the site, without permission from the labels or artists. “And,” the commenter adds, “to confirm the fears of [Fripp], there is no way in hell you can get your stuff down.”
• Grooveshark is demanding that Resnikoff hand over “any and all correspondence or other communications” between himself and Universal Music over the story. They also want “any and all documents concerning the identity of the First Anonymous Commenter, including, without limitation, that person’s name, address, telephone number and e-mail address, and the IP Address and ISP associated with that person.”

Resnikoff says he won’t comply with the subpoenas. He tells me that even if he wanted to hand over information about his anonymous commenters, he couldn’t. He says that as a matter of policy his site routinely “flushes” any information about anonymous commenters within two days of their posts.

And Resnikoff says that even though the comments in this case contained explosive allegations about Grooveshark, he never tried to verify the commenter’s identity: “What the world sees is what we have.”

In his post, Resnikoff suggests he’ll be protected by whistleblower laws when he fights Grooveshark’s demands. But he tells me that his legal team isn’t sure what laws they’ll cite yet. “We’re just incredibly committed to protecting any informants or sources of information,” he says.

This fight has plenty of interesting gray areas. For instance: What kind of legal responsibility does a news site have for claims that its commenters make? But I’ll let media law experts weigh in on that. For me, the notion that a Web publisher that isn’t directly involved in a legal suit can be forced to cough up names and addresses of contributors makes me shiver.

That scenario also strikes me as similar to some of the worst-case scenarios that SOPA/PIPA opponents have been making in recent weeks — this is a Web site faced with big legal problems over the actions of a single user, right? So I’ll be interested to see if they jump on Grooveshark over this one.

But Grooveshark doesn’t seem to think anyone will get riled up about this. This afternoon, I received an unsolicited email from Edelman, its PR firm. The email contained a copy of the subpoena, and a statement Edelman wants attributed to Grooveshark: “Grooveshark reaffirms its confidence that it will prevail in this litigation and that this filing represents the next step in reaching that end.”

(Image courtesy of Shutterstock/photobank.ch)

I wrote then:

“The unvarnished fact is that the networked society to which we’ve become accustomed in the last several years has a soft, vulnerable underbelly.

And the more we rely upon it, the more people with a combination of advanced technical skills and repugnant motivations are going to look for ways to turn it against us.

Some will do so as a means of making a personal profit. Others may see it as a way of advancing a political or ideological agenda.

But others will want to use theirs skills to do serious harm to innocent people on a large scale.”

Part of these predictions or ruminations or whatever you care to call them makes me think of the hijinks of the group that started out in the spring variously known as LulzSec, Anonymous and later adopted the moniker AntiSec. This loosely affiliated group emerged from the wake of the various attacks against Sony, and seemed to have nothing to prove but that it could make mincemeat out of whatever security measures had been put in place by Sony or whatever video game outfit it had targeted on a given day.

Sony’s Playstation Network was a favorite target, and its service was at least partially offline during two months ended in July.

Then, as summer dawned, the group’s members became aware of global politics and teamed up with Anonymous, the Wikileaks-allied band of hackers known for their campaigns of digital civil disobedience. Together they declared “immediate and unremitting war” on governments and corporations, and said their top priority would be to steal and leak any classified government information, including but not limited to email and documentation. They attacked an Arizona police agency as a way of making a statement against anti-immigrant laws in that state, and published the names and home addresses of several officers.

Later they sought to earn some street cred by stealing “secret” documents from NATO, only to learn after the fact that the documents they released had not only been released before, but weren’t even really all that secret to begin with. It wasn’t long before alleged members of the group started showing up in handcuffs, which seemed not to faze them. The prospect of body bags and real-world violence during a confrontation with Mexican drug cartels, however, did.

Yet for all the headlines they garnered and the headaches they caused, the LulzSec/Anonymous/AntiSec gang wasn’t anywhere near the scariest thing to appear on the computer security landscape in 2011. To my mind, one of the top three scariest things was the disclosure of Operation Shady RAT, which Intel-unit McAfee said appeared to be the biggest large-scale compromise ever, affecting 72 organizations and governments around the world, including the U.S., Taiwan, Vietnam, South Korea, Canada and India — some of them dating back as far as 2006. McAfee said the attacker was a “state actor,” though it declined to name it. The candidate highest on the short list was, naturally, China.

The second truly scary incident was the attack carried out against RSA Security, a unit of the IT company EMC, the maker of the popular SecurID tokens that so many people have on their keychains and use to create an added layer of security that goes beyond the password. Months later, the U.S. defense contractor Lockheed Martin was attacked with duplicate SecurID tokens.

Finally, the Stuxnet Trojan (used by parties officially unknown, but probably Israel with a little help from the U.S.) continued to fascinate and confound security researchers in 2011. Having caused nuclear centrifuges in Iran to explode in an attempt to set back that country’s nuclear weapons research program, Stuxnet was found to have a sibling called Duqu. Unlike Stuxnet, which messed with industrial control computers and made them do things they wouldn’t normally do, Duqu’s mission was much simpler: Steal everything in sight.

And after that, it was discovered by researchers at Kaspersky labs that Stuxnet and Duqu are part of an even bigger family, with at least three more siblings still undetected by researchers, and that all five were created by the same people and with the same tools. Chances are we’ll see at least a few of those final three in 2012, particularly as tension with Iran heats up.

So while there was much to consider scary happening on the Internet in 2011, I’m grateful for being wrong on one key prediction: That we didn’t see a significant computer attack used to physically harm innocent people on a large scale. That’s one prediction I hope to miss for years to come.

Identity Finder, a New York-based identity theft protection firm, has analyzed the information breached and summarized what the attackers appear to have made off with.

• 50,277 unique credit card numbers, of which 9,651 are not expired
  
• 86,594 email addresses, of which 47,680 are unique
  
• 27,537 phone numbers, of which 25,680 are unique

• 44,188 encrypted passwords, of which roughly 50 percent could be easily cracked
• 73.7 percent of decrypted passwords were weak
• 21.7 percent of decrypted passwords were medium strength
• 4.6 percent of decrypted passwords were strong
• Average decrypted password length: 7.1 characters
• 10 percent of decrypted passwords were less than 5 characters long
• Only 4.8 percent of decrypted passwords were 10+ characters long
• Presumably the remaining non-decrypted passwords were stronger than the decrypted subset
• 13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world

There are also an additional 2.7 million email messages that the attackers claim to have taken, but that have not yet been released.

Stratfor has promised to inform the customers whose information was taken no later than Dec. 28, which is tomorrow. Anonymous, ever seeking to justify its actions in the name of some higher moral purpose, said in a tweet that Stratfor, which sells subscriptions to its intelligence analysis reports to government, law enforcement agencies and businesses, isn’t “the harmless company it tries to paint itself as,” and that the emails will show that.

@techwriterjim It was conducted by #Antisec. Stratfor is not the “harmless company” it tries to paint itself as. You’ll see in those emails.

December 27, 2011 11:27 am via QwitReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

Whatever. Wired reported that someone who participated in the attack said that a total of four servers were breached, and the data on them wiped. The question that then logically arises is this: What was a firm that’s ostensibly in the business of advising business and government clients on security doing about its own?

Some people claiming to represent Anonymous — the lines and affiliations are always difficult to discern — said that the information taken in the attack included user names and passwords of some Stratfor subscribers, plus another 200 gigabytes worth of other data.

Stratfor founder George Friedman confirmed the attack in an email to subscribers; I received it because I’ve been an intermittent Stratfor subscriber over the years. Here’s Friedman’s email:

Dear Stratfor Member,

We have learned that Stratfor’s web site was hacked by an unauthorized party. As a result of this incident the operation of Stratfor’s servers and email have been suspended.

We have reason to believe that the names of our corporate subscribers have been posted on other web sites. We are diligently investigating the extent to which subscriber information may have been obtained.

Stratfor and I take this incident very seriously. Stratfor’s relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me. We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible.

Although we are still learning more and the law enforcement investigation is active and ongoing, we wanted to provide you with notice of this incident as quickly as possible. We will keep you updated regarding these matters.

Sincerely,
George Friedman

And here’s an update to Stratfor subscribers, from Dec. 25:

Dear Stratfor Member,

On December 24th an unauthorized party disclosed personally identifiable information and related credit card data of some of our members. We have reason to believe that your personal and credit card data could have been included in the information that was illegally obtained and disclosed.

Also publicly released was a list of our members which the unauthorized party claimed to be Stratfor’s “private clients.” Contrary to this assertion the disclosure was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications.

We have also retained the services of a leading identity theft protection and monitoring service on behalf of the Stratfor members that have been impacted by these events. Details regarding the services to be provided will be forwarded in a subsequent email that is to be delivered to the impacted members no later than Wednesday, December 28th.

In the interim, precautions that can be taken by you to minimize and prevent the misuse of information which may have been disclosed include the following:

- contact your financial institution and inform them of this incident;
- if you see any unauthorized activity on your accounts promptly notify your financial institution;
- submit a complaint with the Federal Trade Commission (“FTC”) by calling 1-877-ID-THEFT (1-877- 438-4338) or online at https://www.ftccomplaintassistant.gov/; and
- contact the three U.S. credit reporting agencies: Equifax (http://www.equifax.com/ or (800) 685-1111), Experian (http://www.experian.com/ or (888) 397-3742), and TransUnion (http://www.transunion.com/ or (800) 888-4213), to obtain a free credit report from each.

Even if you do not find any suspicious activity on your initial credit reports, the FTC recommends that you check your credit reports periodically. Checking your credit reports can help you spot problems and address them quickly.

To ease any concerns you may have about your personal information going forward, we have also retained an experienced outside consultant that specializes in such security matters to bolster our existing efforts on these issues as we work to better serve you. We are on top of the situation and will continue to be vigilant in our implementation of the latest, and most comprehensive, data security measures.

We are also working to restore access to our website and continuing to work closely with law enforcement regarding these matters. We will continue to update you regarding the status of these matters.

Again, my sincerest apologies for this unfortunate incident.

Sincerely,
George Friedman

Then came reports that whoever had taken the information — which included credit card numbers — had used the numbers to make donations in the name of the hacking victims. Here’s a link to what is said to be a screen grab following just such a donation to CARE by an employee of the Defense Intelligence Agency.

While some might applaud the apparent cleverness of Anonymous’s “steal from the rich, give to the poor” attitude, it’s unlikely that the charities in question will ever see a dime of the money that’s been “donated” to them. As Mikko Hypponen of F-Secure pointed out here, once the credit cards in question are reported stolen, the charges will be reversed and the charities will more than likely be on the hook for any fees or penalties that result.

As is often the case with a headline-making attack carried out in the name of Anonymous, there followed a series of claims and counterclaims as to whether or not this was an “official” Anonymous attack, or just the work of someone falsely claiming the Anonymous cloak. There was, for instance, this “emergency press release,” claiming that the attack on Stratfor was “most definitely not the work of Anonymous”:

Following that, Anonymous tweeted, via its semi-official Twitter account @AnonymousIRC, that it “laughed so hard” in response to that message — essentially saying it’s a fake. The group has hinted that it is going to be busy over the next several days.

RT @FiloSottile: “Anonymous denies involvement in #STRATFOR hack. http://t.co/cQ1INYlh” | We laughed so hard at this!

December 26, 2011 6:30 am via QwitReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

In a weird sort of mash-up of villains, one decidedly more evil than the other, a Mexican affiliate of Anonymous Veracruz announced that it was going to start publishing the names and addresses of the cartel’s business associates in response to the kidnapping of an Anonymous member. Anonymous had accused taxi drivers, police officers and journalists of being Zeta “servants.”

Of course, the publication of that information would give an advantage to rival cartels, who would probably have them whacked. According to a report on Stratfor, the Zetas had taken the threat seriously enough that the cartel dispatched its own computer experts to track down the people behind various anti-cartel blogs. A few people have been killed.

Having hassled Sony over the summer, attacked targets as varied as NATO and the U.S. Senate, and posted the addresses of state cops in Arizona, all Anonymous seems to have accomplished is getting some of its lesser members arrested.

TalkingPointsMemo has a pretty good rundown. Basically, it comes down to this: Anonymous didn’t have the stomach for real-world violence.

Scotland Yard says it has nabbed two more people that it says are members of the group; one of them is said to be connected to crimes committed under cover of the online identity “Kayla.”

In a statement, police did not release the names of the two men arrested. They are aged 20 and 24, and one comes from the town of Mexborough, while the other comes from Warminster. The arrests were conducted in cooperation with local police and the FBI. In one case, a home was searched and computer equipment taken.

It was the second pair of arrests in as many days. On Thursday, police arrested two others as part of the growing worldwide investigation into the activities of LulzSec and Anonymous.

And yet the hacker crimes continue, seemingly unabated. Anonymous has dubbed today “Texas Takedown Thursday” or #TTT on Twitter. The target: Law enforcement agencies in the state of Texas, in apparent retaliation for the arrests earlier this summer of 16 people said to be associated with Anonymous.

The group says it has leaked about three gigabytes worth of email and other data from private email accounts it says belong to certain police officials in Texas. It also claimed credit for defacing a Web site belonging to the Texas Police Chiefs Association.

It’s the second such targeting of police officers in a particular state. In June, the group went after the Arizona State Police, posting home addresses of officers.

LulzSec and Anonymous, in their various contortions, have had a busy summer. The group and its sympathizers started out making Sony’s existence miserable, on the heels of an attack on the PlayStation network; the attack brought the network down for several weeks.