The new details, revealed in court documents made public on Thursday, show how quickly investigators were able to turn 28-year-old Hector Xavier Monsegur against his fellow alleged hackers.

Read the rest of this post on the original site »

CIOs, for their part, will be confused and irritated because of the scale of the problem they face — which is deciding which security problems actually affect them, and then prioritizing which ones they’re going to respond to — and hope that what they choose to buy doesn’t break anything already running on their systems.

If any of the above sounds familiar, then the people of IBM would like to have a word with you. Big Blue is getting ever more serious about security as the days go on.

On one hand, it’s some news about a new product — specifically, a new platform dubbed QRadar — that brings to bear something that IBM is exceedingly good at, which is powerful data analytics in sifting through security threats. But, with the platform, IBM is sending an important signal about the strategic importance that security is going to play across its lines of business going forward.

The sad fact facing anyone who’s in charge of fending off the intentions of hackers and other digital miscreants is that, essentially, it’s impossible to comfortably keep up with the changing landscape of security threats. IBM’s approach is to track the latest info on threats in real time and do the analytical work that identifies the ones that actually apply to a given organization. The point is to protect your organization against the threats that are actually worth worrying about.

IBM knows a little something about this: Its various security operations monitor something like 13 billion security incidents every day. If you think that gathering information from that, analyzing it and pouring the results into a product might be worth something, then you get what IBM is trying to do.

Last week, I talked with Brendan Hannigan, the general manager of IBM Security Systems — which is, I’m told, the name of a new IBM business unit that is going to be a big deal going forward, and which is also a creation of IBM’s new CEO, Ginni Rometty. Hannigan told me that IBM will not only bring its analytics capabilities to the security business, but it will combine it with its capabilities in the managed-IT services for which IBM is also universally known.

It turns out that, over the years, IBM has either grown internally or acquired (Hannigan comes from Q1 Labs, which IBM acquired last year) several strong bits of security technology. Now, under the banner of IBM Security Services, those disparate bits will be combined into a single unified offering that spans the enterprise. “The point is to look at security holistically and in a big-picture manner,” Hannigan told me. Doing so, he argues, will give organizations the ability to anticipate attacks before they happen, rather than have to repair the damage after the fact — which, to me, sounds like what the entire concept of security is all about.

Identity Finder, a New York-based identity theft protection firm, has analyzed the information breached and summarized what the attackers appear to have made off with.

• 50,277 unique credit card numbers, of which 9,651 are not expired
  
• 86,594 email addresses, of which 47,680 are unique
  
• 27,537 phone numbers, of which 25,680 are unique

• 44,188 encrypted passwords, of which roughly 50 percent could be easily cracked
• 73.7 percent of decrypted passwords were weak
• 21.7 percent of decrypted passwords were medium strength
• 4.6 percent of decrypted passwords were strong
• Average decrypted password length: 7.1 characters
• 10 percent of decrypted passwords were less than 5 characters long
• Only 4.8 percent of decrypted passwords were 10+ characters long
• Presumably the remaining non-decrypted passwords were stronger than the decrypted subset
• 13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world

There are also an additional 2.7 million email messages that the attackers claim to have taken, but that have not yet been released.

Stratfor has promised to inform the customers whose information was taken no later than Dec. 28, which is tomorrow. Anonymous, ever seeking to justify its actions in the name of some higher moral purpose, said in a tweet that Stratfor, which sells subscriptions to its intelligence analysis reports to government, law enforcement agencies and businesses, isn’t “the harmless company it tries to paint itself as,” and that the emails will show that.

@techwriterjim It was conducted by #Antisec. Stratfor is not the “harmless company” it tries to paint itself as. You’ll see in those emails.

December 27, 2011 11:27 am via QwitReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

Whatever. Wired reported that someone who participated in the attack said that a total of four servers were breached, and the data on them wiped. The question that then logically arises is this: What was a firm that’s ostensibly in the business of advising business and government clients on security doing about its own?

The 14 arrested in Alabama, Arizona, California, Colorado, the District of Columbia, Florida, Massachusetts, Nevada, New Mexico and Ohio have been indicted by a federal grand jury in San Jose, California. I’ve embedded the complaint below.

Two others were arrested on similar charges on two separate complaints in Florida. The Florida case concerns the attack on InfraGard, the public-private information-sharing partnership affiliated with the FBI. The New Jersey case concerns the release of confidential documents stolen from AT&T. These would appear to be the first U.S. arrests connected with the LulzSec crew that’s been so active this summer.

Additionally, police in the U.K. arrested another person and police in The Netherlands arrested four more people in connection with the case.

The indictment names 14 people: Christopher Wayne Cooper, 23, a.k.a. “Anthrophobic;” Joshua John Covelli, 26, a.k.a. “Absolem” and “Toxic;” Keith Wilson Downey, 26; Mercedes Renee Haefer, 20, a.k.a. “No” and “MMMM;” Donald Husband, 29, a.k.a. “Ananon;” Vincent Charles Kershaw, 27, a.k.a. “Trivette,” “Triv” and “Reaper;” Ethan Miles, 33; James C. Murphy, 36; Drew Alan Phillips, 26, a.k.a. “Drew010;” Jeffrey Puglisi, 28, a.k.a. “Jeffer,” “Jefferp” and “Ji;” Daniel Sullivan, 22; Tracy Ann Valenzuela, 42; and Christopher Quang Vo, 22. One individual’s name has been withheld by the court, which suggests he or she is a juvenile.

The defendants are charged with conspiracy and intentional damage to a protected computer.

The 14 are accused of carrying out a December distributed denial of service attack against PayPal, the payment site owned by eBay. DDOS attacks are when attackers overwhelm a Web server with fake requests for attention at such a high volume that legitimate users can’t get through.

The group has also claimed responsibility for attacks against Visa, and at one point planned to attack Amazon. Various other factions connected to Anonymous have also attacked Sony and recently claimed responsibility for a hacking attack against the defense contractor Booz Allen Hamilton.

The FBI also made arrests today in the attack on the Web site of InfraGard, a non-profit group affiliated with the FBI itself. Scott Matthew Arciszewski, 21, was arrested today by FBI agents and charged with intentional damage to a protected computer. He’s been charged in the Middle District of Florida and has already appeared in a federal court in Orlando.

The complaint alleges that Arciszewski accessed without authorization the Tampa Bay InfraGard website and uploaded three files, and then Tweeted about it on Twitter.

InfraGard is a public-private partnership for critical infrastructure protection sponsored by the FBI with chapters in all 50 states.

In a related complaint unsealed in the District of New Jersey, the DOJ charged Lance Moore, 21, of Las Cruces, New Mexico with stealing confidential business information stored on AT&T’s servers and posting it on a public file sharing site. Moore is charged with one count of accessing a protected computer without authorization.

According to the New Jersey complaint, Moore, a customer support contractor for AT&T, exceeded his authorized access to AT&T’s servers and downloaded thousands of documents, applications and other files that, on the same day, he allegedly posted on a public file hosting site. That would be The Pirate Bay.

According to the complaint, on June 25, the computer hacking group LulzSec publicized that they had obtained confidential AT&T documents and made them publicly available on the Internet. The documents were the ones Moore had previously uploaded. He faces a maximum penalty of 10 years in prison and a $250,000 fine. Each count of conspiracy carries a maximum penalty of five years in prison and a $250,000 fine.

Here’s the indictment.

Indictment 7.19.11

[Image via Foxnews.com]

But security experts say it isn’t yet clear how effective Microsoft’s approach will be, while online rights groups warn that the activities of innocent computer users could be inadvertently disrupted.

On Monday, a federal judge in Alexandria, Va., granted Microsoft’s request for an order to deactivate hundreds of Internet addresses that the company linked to an army of tens of thousands of PCs around the globe, infected with computer code that allows them to be harnessed to spread spam, malicious virus programs and mount mass attacks to disable Web sites.

Read the rest of this post on the original site

There is damning evidence that this activity has been going on there for way too long, and plenty of people in the security community have gone out of their way to raise awareness about this network, but nobody seems to care.”

– Paul Ferguson, a threat researcher with computer security firm Trend Micro

According to security experts, Web-hosting outfit McColo is responsible for enabling the broadcast of more than 75 percent of all spam globally. Its client list is a rogues gallery of bad-guy syndicates involved in everything from botnets to counterfeit pharmaceuticals and kiddie porn. So how is it that MoColo’s ISPs, Hurricane Electric and Global Crossing, were unaware of that until notified by a Washington Post reporter?

I’m not sure there’s a good answer to that question, though it would certainly be interesting to hear one. Almost as interesting as hearing the two ISPs explain away their network traffic from known criminal botnets Mega-D, Srizbi, Pushdo, Rustock and Warezov, all of which have their master servers hosted at McColo.

“We shut them down,” Benny Ng, director of marketing for Hurricane Electric, told the Post. “We looked into it a bit, saw the size and scope of the problem you were reporting and said ‘Holy cow!’ Within the hour we had terminated all of our connections to them.”

“Holy cow?” More like, “Holy cow, someone finally noticed we’re the preferred ISP of a massive criminal syndicate! What do we do?!?”

“ISPs can’t take the ‘I see nothing, I hear nothing’ approach to this content,” said Mark Rasch, a former cyber crime prosecutor for the Justice Department. “It’s a little bit like a landlord who owns a building and sees people coming in and out of the apartment complex constantly at all hours and not suspecting their may be drug activity going on. There are certain things that raise red flags, such as the nature, volume, source and destination of the Internet traffic, that can and should raise red flags. And to have so many third parties looking at the volume and content from this Internet provider saying ‘This is outrageous,’ clearly the people doing the hosting should know that as well.”