The FBI computer from which the data was supposedly taken was never hacked, the Bureau said. What’s more, it said it never gathered the information in the first place.

Here’s the statement straight from an FBI spokesperson, sent only five minutes ago:

The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.

On Twitter, the FBI’s press office was a lot less ambiguous:

Statement soon on reports that one of our laptops with personal info was hacked. We never had info in question. Bottom Line: TOTALLY FALSE

September 4, 2012 1:52 pm via webReplyRetweetFavorite

@FBIPressOffice

FBI PressOffice

In a message posted to Pastebin earlier today, AntiSec (a.k.a. LulzSec, a.k.a. Anonymous) claimed that it had stolen a list of millions of Unique Device ID numbers and related names and other information for some 12 million Apple-made iOS devices, including iPhones, iPads and iPod touches, found in a notebook computer belonging to an FBI employee.

The point of the claim — and we should be clear that from the first it has been only a claim and an unverified one at that — the group said, was to sound the alarm that the top American law enforcement agency is creating a list of owners of such devices for uncertain purpose. Clearly the agency is calling that claim into serious doubt and thus raising further questions about the origins of the document that AntiSec released today.

So where did that document come from really? The ball is now in AntiSec’s court.

One other thought comes to mind: If, as AntiSec says, the document in question came from an FBI-owned computer and was taken using a breach that took advantage of a vulnerability in Java, then AntiSec is readily admitting that the person who carried out the act has committed a federal crime. Given the history of numerous arrests in the U.S., the U.K. and elsewhere, and especially in light of the fact that the group was betrayed by one of its own, you’d think its remaining members would try to be more careful about its public claims.

It also wouldn’t be the first time that AntiSec/LulzSec/Anonymous had made inflated claims about its abilities. Last summer it made a lot of noise about a bunch of documents from NATO, which it portrayed as both important and sensitive, but which after a little scrutiny turned out to be neither.

Update: AntiSec is certainly enjoying the sudden spike in attention it has been getting.

One of the weirder demands in its statement today had to do with a Gawker writer, a ballet tutu and a shoe. Whatever. They got their wish.

Via its Twitter feed, AntiSec — which supposedly Tweets under the account @AnonymousIRC — reacted to the FBI saying there’s likely more to come.

Also, before you deny too much: Remember we’re sitting on 3TB additional data. We have not even started. #funtimes #fff

September 4, 2012 2:16 pm via TweetDeckReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

In another statement, AntiSec hinted that there will be more disclosures, and referred back to a message posted on YouTube from earlier this year about a 3-terabyte cache of data. It also sought to cast doubt on the FBI’s denial: “The fact that the FBI has no ‘evidence’ of a data breach on one of their notebooks, does not allow the conclusion that it never happened.” Essentially AntiSec is claiming that it knows more about the situation than the FBI does.

Also there’s this, where AntiSec seems to imply that there may be a common app involved in all this.

People whose UDID was on the list released by AntiSec might want to compare their installed apps. A common culprit might be found.

September 4, 2012 3:23 pm via TweetDeckReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

Those are but three of the questions arising from the overnight dump of 1 million Unique Device Identification numbers by the hacker troupe known as AntiSec, the loosely organized group that has variously used the names LulzSec and Anonymous over the last year or so.

In an otherwise rambling political message posted to PasteBin, the group included download links to an 89-megabyte file that certainly looks for real. The circumstances of how the hackers obtained it couldn’t be independently confirmed, but AntiSec claims it was taken during a breach of an FBI-owned notebook in March.

The group described the incident like so (typos in the original):

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of ‘NCFTA_iOS_devices_intel.csv’ turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

There is, according to LinkedIn, a Christopher Stangl employed by the FBI in New York, but so far the agency has had no comment on AntiSec’s claims.

I downloaded the file and from what I know about UDID numbers, it certainly looks legit. So what is a UDID anyway and why should you care? Every iOS device — iPhones, iPads, and iPod touches — has a UDID number. Developers use it to distribute trial versions of new apps before those apps are released to the iTunes store. Another use is storing applications preferences and high scores for games.

But historically, the UDID has been part of the data that many popular applications have shared with third-party marketers along with the phone owner’s age, gender, and ZIP code. A 2010 Wall Street Journal story examined this practice in detail. Earlier that year, the nature of privacy risks on the iPhone were disclosed (PDF here) by the security researcher Erik Smith of PSKL.

Earlier this year Apple started quietly denying access to the UDID by developers, refusing to approve apps that access it, making good on a policy it outlined in August of 2011. In March of this year, Congress started asking questions about the privacy in iOS apps, including UDIDs.

If you’d like to know if your device is on the list of 1 million or so released so far, here’s what to do. First, install a free app called Ad Hoc Helper on your device. This app grabs your device’s UDID and emails it to you. Once you have it, cut and paste the number into this search tool on Dazzlepod. (We haven’t vetted this, so use it at your own risk.)

So what use is knowing if your device is on the list? That’s a good question. I checked two of the three iOS devices I own and they’re not on the list, though in the original file there were several devices owned by people who share my first name. As AntiSec puts it in its statement: “…in this case it’s too late for those concerned owners on the list.”

If the claim by AntiSec bears out (and frankly, right now it is only that, a claim), then the question quickly turns to the FBI’s reasons for gathering the information in the first place. There might be legitimate law-enforcement reasons for doing so, though it’s hard to image what they might be given the sheer numbers said to be involved. It’s not hard to imagine the FBI requesting a UDID along with other information as part of building a case in a criminal investigation into a person or a set of people. But the leak of 1 million such UDIDs with the promise that there are 12 million more certainly raises a lot of troubling questions.

Worse is the fact that the machine on which it was stored was so readily breached by outside elements, though again, this is only an unverified claim.

I’ve asked Apple and the FBI for guidance on this, and don’t expect to hear much, but will update you if I do.

The new details, revealed in court documents made public on Thursday, show how quickly investigators were able to turn 28-year-old Hector Xavier Monsegur against his fellow alleged hackers.

Read the rest of this post on the original site »

I’m working on getting copies of the criminal complaints, and will add them here when I do, but here’s the rundown: It looks like one of the group’s insiders got caught and probably made some kind of misstep in covering his tracks, and then worked secretly with the government to inform on other members. This is exactly what I said was likely to happen in this case, way back in June.

According to Fox, the one who turned is a New Yorker named Hector Xavier Monsegur, who worked under the handle Sabu. He’s 28 years old and the father of two, and lives on the Lower East Side of Manhattan. This is his Twitter feed. He’s been a cooperating witness since June, which coincides nicely with the moment when the first rumors started to emerge that the FBI had penetrated the group.

Fox says that according to documents that will be unsealed in a New York federal court today, Monsegur pleaded guilty in August to several hacking-related crimes. His cooperation led to charges against five more people in Chicago, the U.K. and Ireland. Among them is Jake Davis, the 18-year-old resident of the Shetland Islands, who went by the handle Topiary, and whom police in the U.K. collared on Aug. 1.

The other four are Ryan Ackroyd, who went under the handle “Kayla.” He’s a Londoner. Two people from Ireland were also charged: Darren Martyn, whose handle was “pwnsauce,” and Donncha O’Cearrbhail, who called himself “palladium.” Jeremy Hammond of Chicago went by the handle “Anarchaos.”

The news makes the following tweet by Monsegur, a.k.a. Sabu, seem sort of ironic. Among his final tweets, before word emerged that he had helped turn in his comrades, were several railing against informants and other “cowards.” Clearly, he was keeping up a brave public face:

Without informants or companies bending over+giving up their customer data the feds would be further behind than they are now. Ride up.

March 5, 2012 7:59 am via Twitter for BlackBerry®ReplyRetweetFavorite

@anonymouSabu

The Real Sabu

Anonymous, the wider hacker group with which LulzSec teamed up last year, was quick to urge its followers to block Sabu’s Twitter account.

@anonymouSabu is now controlled by feds. We have blocked the account and we suggest you do as well. #BlockAnonymouSabu

March 6, 2012 10:38 am via TweetDeckReplyRetweetFavorite

@anonops

AnonOps

Hammond, the one in Chicago, was said to be the one who led the hack against the private intelligence company Stratfor. He was profiled by Chicago Magazine in 2007 and portrayed as something of a digital Robin Hood.

Ackroyd is said to be the one who found the weaknesses in the servers of the U.S. Senate that led to its being attacked in June. Hacking federal computer systems is considered a serious crime in the U.S., but is something that LulzSec said, in the posting to Pastebin at the time, that they carried out “just for kicks.”

Update: So the US Attorney’s Office in New York has issued its press release confirming most of what Fox reported. Here it is.

Six Hackers in the United States and Abroad Charged for Crimes Affecting Over One Million Victims

Four Principal Members of “Anonymous” and “LulzSec” Charged with Computer Hacking and Fifth Member Pleads Guilty; “AntiSec” Member also Charged with Stealing Confidential Information from Approximately 860,000 Clients and Subscribers of Stratfor

U.S. Attorney’s Office March 06, 2012

Five computer hackers in the United States and abroad were charged today, and a sixth pled guilty, for computer hacking and other crimes. The six hackers identified themselves as aligned with the group Anonymous, which is a loose confederation of computer hackers and others, and/or offshoot groups related to Anonymous, including “Internet Feds,” “LulzSec,” and “AntiSec.”

RYAN ACKROYD, a/k/a “kayla,” a/k/a “lol,” a/k/a “lolspoon”; JAKE DAVIS, a/k/a “topiary,” a/k/a “atopiary”; DARREN MARTYN, a/k/a “pwnsauce,” a/k/a “raepsauce,” a/k/a “networkkitten”; and DONNCHA O’CEARRBHAIL, a/k/a “palladium,” who identified themselves as members of Anonymous, Internet Feds, and/or LulzSec, were charged in an indictment unsealed today in Manhattan federal court with computer hacking conspiracy involving the hacks of Fox Broadcasting Company, Sony Pictures Entertainment, and the Public Broadcasting Service (“PBS”). O’CEARRBHAIL is also charged in a separate criminal complaint with intentionally disclosing an unlawfully intercepted wire communication.

HECTOR XAVIER MONSEGUR, a/k/a “Sabu,” a/k/a “Xavier DeLeon,” a/k/a “Leon,” who also identified himself as a member of Anonymous, Internet Feds, and LulzSec, pled guilty on August 15, 2011 in U.S. District Court to a 12-count information charging him with computer hacking conspiracies and other crimes. MONSEGUR’S information and guilty plea were unsealed today. The crimes to which MONSEGUR pled guilty include computer hacking conspiracy charges initially filed in the Southern District of New York. He also pled guilty to the following charges: a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Eastern District of California related to the hacks of HBGary, Inc. and HBGary Federal LLC; a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Central District of California related to the hack of Sony Pictures Entertainment and Fox Broadcasting Company; a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Northern District of Georgia related to the hack of Infragard Members Alliance; and a substantive hacking charge initially filed by the U.S. Attorney’s Office in the Eastern District of Virginia related to the hack of PBS, all of which were transferred to the Southern District of New York, pursuant to Rule 20 of the Federal Rules of Criminal Procedure, in coordination with the Computer Crime and Intellectual Property Section (“CCIPS”) in the Justice Department’s Criminal Division.

Late yesterday, JEREMY HAMMOND, a/k/a “Anarchaos,” a/k/a “sup_g,” a/k/a “burn,” a/k/a “yohoho,” a/k/a “POW,” a/k/a “tylerknowsthis,” a/k/a “crediblethreat,” who identified himself as a member of AntiSec, was arrested in Chicago, Illinois and charged in a criminal complaint with crimes relating to the December 2011 hack of Strategic Forecasting, Inc. (“Stratfor”), a global intelligence firm in Austin, Texas, which may have affected approximately 860,000 victims. In publicizing the Stratfor hack, members of AntiSec reaffirmed their connection to Anonymous and other related groups, including LulzSec. For example, AntiSec members published a document with links to the stolen Stratfor data titled, “Anonymous Lulzxmas rooting you proud” on a file sharing website.

The following allegations are based on the indictment, the information, the complaints, and statements made at MONSEGUR’s guilty plea:

Hacks by Anonymous, Internet Feds, and LulzSec

Since at least 2008, Anonymous has been a loose confederation of computer hackers and others. MONSEGUR and other members of Anonymous took responsibility for a number of cyber attacks between December 2010 and June 2011, including denial of service (“DoS”) attacks against the websites of Visa, MasterCard, and PayPal, as retaliation for the refusal of these companies to process donations to Wikileaks, as well as hacks or DoS attacks on foreign government computer systems.

Between December 2010 and May 2011, members of Internet Feds similarly waged a deliberate campaign of online destruction, intimidation, and criminality. Members of Internet Feds engaged in a series of cyber attacks that included breaking into computer systems, stealing confidential information, publicly disclosing stolen confidential information, hijacking victims’ e-mail and Twitter accounts, and defacing victims’ Internet websites. Specifically, ACKROYD, DAVIS, MARTYN, O’CEARRBHAIL, and MONSEGUR, as members of InternetFeds, conspired to commit computer hacks including: the hack of the website of Fine Gael, a political party in Ireland; the hack of computer systems used by security firms HBGary, Inc. and its affiliate HBGary Federal, LLC, from which Internet Feds stole confidential data pertaining to 80,000 user accounts; and the hack of computer systems used by Fox Broadcasting Company, from which Internet Feds stole confidential data relating to more than 70,000 potential contestants on “X-Factor,” a Fox television show.

In May 2011, following the publicity that they had generated as a result of their hacks, including those of Fine Gael and HBGary, ACKROYD, DAVIS, MARTYN, and MONSEGUR formed and became the principal members of a new hacking group called “Lulz Security” or “LulzSec.” Like Internet Feds, LulzSec undertook a campaign of malicious cyber assaults on the websites and computer systems of various business and governmental entities in the United States and throughout the world. Specifically, ACKROYD, DAVIS, MARTYN, and MONSEGUR, as members of LulzSec, conspired to commit computer hacks including the hacks of computer systems used by the PBS, in retaliation for what LulzSec perceived to be unfavorable news coverage in an episode of the news program “Frontline”; Sony Pictures Entertainment, in which LulzSec stole confidential data concerning approximately 100,000 users of Sony’s website; and Bethesda Softworks, a video game company based in Maryland, in which LulzSec stole confidential information for approximately 200,000 users of Bethesda’s website.

The Stratfor Hack

In December 2011, HAMMOND conspired to hack into computer systems used by Stratfor, a private firm that provides governments and others with independent geopolitical analysis. HAMMOND and his co-conspirators, as members of AntiSec, stole confidential information from those computer systems, including Stratfor employees’ e-mails as well as account information for approximately 860,000 Stratfor subscribers or clients. HAMMOND and his co-conspirators stole credit card information for approximately 60,000 credit card users and used some of the stolen data to make unauthorized charges exceeding $700,000. HAMMOND and his co-conspirators also publicly disclosed some of the confidential information they had stolen.

The Hack of International Law Enforcement

In January 2012, O’CEARRBHAIL hacked into the personal e-mail account of an officer with Ireland’s national police service, the An Garda Siochana (the “Garda”). Because the Garda officer had forwarded work e-mails to a personal account, O’CEARRBHAIL learned information about how to access a conference call that the Garda, the FBI, and other law enforcement agencies were planning to hold on January 17, 2012 regarding international investigations of Anonymous and other hacking groups. O’CEARRBHAIL then accessed and secretly recorded the January 17 international law enforcement conference call, and then disseminated the illegally-obtained recording to others.

***

MONSEGUR, 28, of New York, New York, pled guilty to three counts of computer hacking conspiracy, five counts of computer hacking, one count of computer hacking in furtherance of fraud, one count of conspiracy to commit access device fraud, one count of conspiracy to commit bank fraud, and one count of aggravated identity theft. He faces a maximum sentence of 124 years and six months in prison.

ACKROYD, 23, of Doncaster, United Kingdom; DAVIS, 29, of Lerwick, Shetland Islands, United Kingdom; and MARTYN, 25, of Galway, Ireland, each are charged with two counts of computer hacking conspiracy. Each conspiracy count carries a maximum sentence of 10 years in prison.

O’CEARRBHAIL, 19, of Birr, Ireland, is charged in the indictment with one count of computer hacking conspiracy, for which he faces 10 years in prison. He is also charged in the complaint with one count of intentionally disclosing an unlawfully intercepted wire communication, for which he faces a maximum sentence of five years in prison.

HAMMOND, 27, of Chicago, Illinois, is charged with one count of computer hacking conspiracy, one count of computer hacking, and one count of conspiracy to commit access device fraud. Each count carries a maximum sentence of 10 years in prison.

DAVIS is separately facing criminal charges in the United Kingdom, which remain pending, and ACKROYD is being interviewed today by the Police Central e-crime Unit in the United Kingdom. O’CEARRBHAIL was arrested today by the Garda.

The case is being prosecuted by the U.S. Attorney’s Office for the Southern District of New York. The investigation was initiated and led by the FBI, and its New York Cyber Crime Task Force, which is a federal, state, and local law enforcement task force combating cybercrime, with assistance from the PCeU; a unit of New Scotland Yard’s Specialist Crime Directorate, SCD6; the Garda; the Criminal Division’s CCIPS; and the U.S. Attorneys’ Offices for the Eastern District of California, the Central District of California, the Northern District of Georgia, and the Eastern District of Virginia; as well as the Criminal Division’s Office of International Affairs.

The charges contained in the indictment and complaints are merely accusations, and the defendants are presumed innocent unless and until proven guilty.

And here’s the initial indictment on Hector Monsegur, initially filed in the US District Court for the Southern District of New York in August of last year. I’m gathering up documents on the other people charged in this and will share it as I get it.

Monsegur

AllThingsD.com

Yet now that the attacks have subsided, it’s time to see them for what they are: Nothing more than a blunt instrument that accomplishes nothing constructive.

As of today, only one of the Web sites attacked by the hacker troupe Anonymous is still apparently affected, and that belongs to the Universal Music Group recording label. It currently displays only a message saying “The Site is under maintenance. Please expect it to be back shortly.” Others that had been attacked yesterday, including the sites of the U.S. Department of Justice, the Recording Industry Association of America and the Motion Picture Association of America all seemed to be operating normally.

Thursday’s attacks, which have been described as the biggest action yet organized by Anonymous, were launched in apparent revenge for the FBI’s arrest of several people associated with the file-sharing site Megaupload.com over suspicions of online piracy. Taking place against the backdrop of a wider, more civil protest against anti-piracy legislation currently before the U.S. Congress, the atmosphere around the attacks has been politically charged.

As Molly Wood of CNET put it, the #OpMegaUpload attacks — coming as they did on the heels of Wednesday’s peaceful anti-SOPA protest — seem like an “unsettling wave of car-burning hooligans that sweep in and incite the riot portion of the play,” spurring equally unsettling reactions from the powers that be.

Many outlets have portrayed the attacks as “hacks,” implying that someone had picked a lock in order to commit some kind of sabotage. But the tactic used — a distributed denial-of-service (DDoS) attack — is more aptly compared to a blunt instrument, requiring neither skill nor knowledge, only large numbers of willing participants who team up to swarm a site with more requests than it can accommodate and thus overwhelm its ability to function normally.

The adjective “willing” is debatable, and perhaps inaccurate. Anonymous was able to generate such impressive numbers with the operation — it claimed more than 5,000 participants — by spamming a link in chat rooms and via Twitter that, when clicked, triggered a tool used to launch the attack. People tricked into following the link are given no context or information, and so may or may not have any idea that they’re participating in the execution of a crime.

For the record, it is illegal in the U.S., the U.K., Sweden and other countries to launch and participate in a DDoS attack like the one Anonymous organized. As anyone who has observed the evolution of Anonymous (and its various affiliates using the names LulzSec and AntiSec) should know, the FBI arrested 16 people last July, many of them charged with participating in a DDoS attack against PayPal in protest of its shutting down an account used by WikiLeaks.

In 2009, a New Jersey man was sentenced to a year and a day in prison for launching a DDoS attack against the Church of Scientology. And in 2010, a 23-year-old Ohio man was sentenced to 30 months in prison for launching DDoS attacks against several prominent U.S. conservatives, including the author Ann Coulter, former New York City mayor Rudolph Giuliani and Fox News commentator Bill O’Reilly.

Records like that suggest to me that DDoS attacks never accomplish anything that the people who organize and carry them out attempt to do. At most, they inconvenience the people who visit and operate the targeted sites for a few hours, until the attention spans of the attackers shift elsewhere. They also generate headlines that are forgotten by nearly everyone except the targets, and sometimes law enforcement.

And so it will be this time. Mark your calendars, because the Megaupload revenge attacks will spur a series of arrests later this year. Some of those arrested will be people who didn’t know they were committing a crime. And that certainly won’t help Anonymous’ image. Nor will it further a single bit of what passes for the Anonymous agenda.

I wrote then:

“The unvarnished fact is that the networked society to which we’ve become accustomed in the last several years has a soft, vulnerable underbelly.

And the more we rely upon it, the more people with a combination of advanced technical skills and repugnant motivations are going to look for ways to turn it against us.

Some will do so as a means of making a personal profit. Others may see it as a way of advancing a political or ideological agenda.

But others will want to use theirs skills to do serious harm to innocent people on a large scale.”

Part of these predictions or ruminations or whatever you care to call them makes me think of the hijinks of the group that started out in the spring variously known as LulzSec, Anonymous and later adopted the moniker AntiSec. This loosely affiliated group emerged from the wake of the various attacks against Sony, and seemed to have nothing to prove but that it could make mincemeat out of whatever security measures had been put in place by Sony or whatever video game outfit it had targeted on a given day.

Sony’s Playstation Network was a favorite target, and its service was at least partially offline during two months ended in July.

Then, as summer dawned, the group’s members became aware of global politics and teamed up with Anonymous, the Wikileaks-allied band of hackers known for their campaigns of digital civil disobedience. Together they declared “immediate and unremitting war” on governments and corporations, and said their top priority would be to steal and leak any classified government information, including but not limited to email and documentation. They attacked an Arizona police agency as a way of making a statement against anti-immigrant laws in that state, and published the names and home addresses of several officers.

Later they sought to earn some street cred by stealing “secret” documents from NATO, only to learn after the fact that the documents they released had not only been released before, but weren’t even really all that secret to begin with. It wasn’t long before alleged members of the group started showing up in handcuffs, which seemed not to faze them. The prospect of body bags and real-world violence during a confrontation with Mexican drug cartels, however, did.

Yet for all the headlines they garnered and the headaches they caused, the LulzSec/Anonymous/AntiSec gang wasn’t anywhere near the scariest thing to appear on the computer security landscape in 2011. To my mind, one of the top three scariest things was the disclosure of Operation Shady RAT, which Intel-unit McAfee said appeared to be the biggest large-scale compromise ever, affecting 72 organizations and governments around the world, including the U.S., Taiwan, Vietnam, South Korea, Canada and India — some of them dating back as far as 2006. McAfee said the attacker was a “state actor,” though it declined to name it. The candidate highest on the short list was, naturally, China.

The second truly scary incident was the attack carried out against RSA Security, a unit of the IT company EMC, the maker of the popular SecurID tokens that so many people have on their keychains and use to create an added layer of security that goes beyond the password. Months later, the U.S. defense contractor Lockheed Martin was attacked with duplicate SecurID tokens.

Finally, the Stuxnet Trojan (used by parties officially unknown, but probably Israel with a little help from the U.S.) continued to fascinate and confound security researchers in 2011. Having caused nuclear centrifuges in Iran to explode in an attempt to set back that country’s nuclear weapons research program, Stuxnet was found to have a sibling called Duqu. Unlike Stuxnet, which messed with industrial control computers and made them do things they wouldn’t normally do, Duqu’s mission was much simpler: Steal everything in sight.

And after that, it was discovered by researchers at Kaspersky labs that Stuxnet and Duqu are part of an even bigger family, with at least three more siblings still undetected by researchers, and that all five were created by the same people and with the same tools. Chances are we’ll see at least a few of those final three in 2012, particularly as tension with Iran heats up.

So while there was much to consider scary happening on the Internet in 2011, I’m grateful for being wrong on one key prediction: That we didn’t see a significant computer attack used to physically harm innocent people on a large scale. That’s one prediction I hope to miss for years to come.

Identity Finder, a New York-based identity theft protection firm, has analyzed the information breached and summarized what the attackers appear to have made off with.

• 50,277 unique credit card numbers, of which 9,651 are not expired
  
• 86,594 email addresses, of which 47,680 are unique
  
• 27,537 phone numbers, of which 25,680 are unique

• 44,188 encrypted passwords, of which roughly 50 percent could be easily cracked
• 73.7 percent of decrypted passwords were weak
• 21.7 percent of decrypted passwords were medium strength
• 4.6 percent of decrypted passwords were strong
• Average decrypted password length: 7.1 characters
• 10 percent of decrypted passwords were less than 5 characters long
• Only 4.8 percent of decrypted passwords were 10+ characters long
• Presumably the remaining non-decrypted passwords were stronger than the decrypted subset
• 13,973 of the addresses belonged to United States victims; the remainder belonged to individuals from around the world

There are also an additional 2.7 million email messages that the attackers claim to have taken, but that have not yet been released.

Stratfor has promised to inform the customers whose information was taken no later than Dec. 28, which is tomorrow. Anonymous, ever seeking to justify its actions in the name of some higher moral purpose, said in a tweet that Stratfor, which sells subscriptions to its intelligence analysis reports to government, law enforcement agencies and businesses, isn’t “the harmless company it tries to paint itself as,” and that the emails will show that.

@techwriterjim It was conducted by #Antisec. Stratfor is not the “harmless company” it tries to paint itself as. You’ll see in those emails.

December 27, 2011 11:27 am via QwitReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

Whatever. Wired reported that someone who participated in the attack said that a total of four servers were breached, and the data on them wiped. The question that then logically arises is this: What was a firm that’s ostensibly in the business of advising business and government clients on security doing about its own?

Some people claiming to represent Anonymous — the lines and affiliations are always difficult to discern — said that the information taken in the attack included user names and passwords of some Stratfor subscribers, plus another 200 gigabytes worth of other data.

Stratfor founder George Friedman confirmed the attack in an email to subscribers; I received it because I’ve been an intermittent Stratfor subscriber over the years. Here’s Friedman’s email:

Dear Stratfor Member,

We have learned that Stratfor’s web site was hacked by an unauthorized party. As a result of this incident the operation of Stratfor’s servers and email have been suspended.

We have reason to believe that the names of our corporate subscribers have been posted on other web sites. We are diligently investigating the extent to which subscriber information may have been obtained.

Stratfor and I take this incident very seriously. Stratfor’s relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me. We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible.

Although we are still learning more and the law enforcement investigation is active and ongoing, we wanted to provide you with notice of this incident as quickly as possible. We will keep you updated regarding these matters.

Sincerely,
George Friedman

And here’s an update to Stratfor subscribers, from Dec. 25:

Dear Stratfor Member,

On December 24th an unauthorized party disclosed personally identifiable information and related credit card data of some of our members. We have reason to believe that your personal and credit card data could have been included in the information that was illegally obtained and disclosed.

Also publicly released was a list of our members which the unauthorized party claimed to be Stratfor’s “private clients.” Contrary to this assertion the disclosure was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications.

We have also retained the services of a leading identity theft protection and monitoring service on behalf of the Stratfor members that have been impacted by these events. Details regarding the services to be provided will be forwarded in a subsequent email that is to be delivered to the impacted members no later than Wednesday, December 28th.

In the interim, precautions that can be taken by you to minimize and prevent the misuse of information which may have been disclosed include the following:

- contact your financial institution and inform them of this incident;
- if you see any unauthorized activity on your accounts promptly notify your financial institution;
- submit a complaint with the Federal Trade Commission (“FTC”) by calling 1-877-ID-THEFT (1-877- 438-4338) or online at https://www.ftccomplaintassistant.gov/; and
- contact the three U.S. credit reporting agencies: Equifax (http://www.equifax.com/ or (800) 685-1111), Experian (http://www.experian.com/ or (888) 397-3742), and TransUnion (http://www.transunion.com/ or (800) 888-4213), to obtain a free credit report from each.

Even if you do not find any suspicious activity on your initial credit reports, the FTC recommends that you check your credit reports periodically. Checking your credit reports can help you spot problems and address them quickly.

To ease any concerns you may have about your personal information going forward, we have also retained an experienced outside consultant that specializes in such security matters to bolster our existing efforts on these issues as we work to better serve you. We are on top of the situation and will continue to be vigilant in our implementation of the latest, and most comprehensive, data security measures.

We are also working to restore access to our website and continuing to work closely with law enforcement regarding these matters. We will continue to update you regarding the status of these matters.

Again, my sincerest apologies for this unfortunate incident.

Sincerely,
George Friedman

Then came reports that whoever had taken the information — which included credit card numbers — had used the numbers to make donations in the name of the hacking victims. Here’s a link to what is said to be a screen grab following just such a donation to CARE by an employee of the Defense Intelligence Agency.

While some might applaud the apparent cleverness of Anonymous’s “steal from the rich, give to the poor” attitude, it’s unlikely that the charities in question will ever see a dime of the money that’s been “donated” to them. As Mikko Hypponen of F-Secure pointed out here, once the credit cards in question are reported stolen, the charges will be reversed and the charities will more than likely be on the hook for any fees or penalties that result.

As is often the case with a headline-making attack carried out in the name of Anonymous, there followed a series of claims and counterclaims as to whether or not this was an “official” Anonymous attack, or just the work of someone falsely claiming the Anonymous cloak. There was, for instance, this “emergency press release,” claiming that the attack on Stratfor was “most definitely not the work of Anonymous”:

Following that, Anonymous tweeted, via its semi-official Twitter account @AnonymousIRC, that it “laughed so hard” in response to that message — essentially saying it’s a fake. The group has hinted that it is going to be busy over the next several days.

RT @FiloSottile: “Anonymous denies involvement in #STRATFOR hack. http://t.co/cQ1INYlh” | We laughed so hard at this!

December 26, 2011 6:30 am via QwitReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

Scotland Yard says it has nabbed two more people that it says are members of the group; one of them is said to be connected to crimes committed under cover of the online identity “Kayla.”

In a statement, police did not release the names of the two men arrested. They are aged 20 and 24, and one comes from the town of Mexborough, while the other comes from Warminster. The arrests were conducted in cooperation with local police and the FBI. In one case, a home was searched and computer equipment taken.

It was the second pair of arrests in as many days. On Thursday, police arrested two others as part of the growing worldwide investigation into the activities of LulzSec and Anonymous.

And yet the hacker crimes continue, seemingly unabated. Anonymous has dubbed today “Texas Takedown Thursday” or #TTT on Twitter. The target: Law enforcement agencies in the state of Texas, in apparent retaliation for the arrests earlier this summer of 16 people said to be associated with Anonymous.

The group says it has leaked about three gigabytes worth of email and other data from private email accounts it says belong to certain police officials in Texas. It also claimed credit for defacing a Web site belonging to the Texas Police Chiefs Association.

It’s the second such targeting of police officers in a particular state. In June, the group went after the Arizona State Police, posting home addresses of officers.

LulzSec and Anonymous, in their various contortions, have had a busy summer. The group and its sympathizers started out making Sony’s existence miserable, on the heels of an attack on the PlayStation network; the attack brought the network down for several weeks.

And these aren’t the kind of cyber attacks carried out by bumbling troublemakers like the LulzSec gang, which make headlines but really only cause a nuisance for companies like Sony. In these cases, networks were compromised by remote access tools — or RATs, as they’re known in the industry. These tools — and they are tools, because they have legitimate uses for system administrators — give someone the ability to access a computer from across the country or around the world. In this case, however, they were secretly placed on the target systems, hidden from the eyes of day-to-day users and administrators, and were used to rifle through confidential files for useful information. It’s not for nothing that McAfee is calling this Operation Shady RAT.

McAfee says the attacker was a “state actor,” though it declined to name it. I’ll give you three guesses who the leading candidate is, though you’ll probably need only one: China.

Dmitri Alperovitch, McAfee’s Vice President, Threat Research, makes a statement in his blog entry on the discovery that should give everyone minding a corporate or government network pause: “I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact.” He further divides the worldwide corporate landscape into two camps: Those who have been compromised and know it, and those who simply don’t know it yet.

This has been a particularly nasty year on the cyber security front. (I hate to say it, but I told you so.) Prior to this, the big attack whose full impact has not yet been fully sized up was the one against the RSA SecureID system, which uses popular keychain devices that create a constantly changing series of numbers that in turn create a second password for access to system resources. They’re widely used in government and military circles and among defense contractors. Google has been a regular target in recent years.

The RSA attack and Operation Shady RAT are examples, Alperovitch says, of an “Advanced Persistent Threat.” The phrase has come to be a buzzword that, loosely translated into English, means the worst kind of cyber attack you can imagine. Unlike the denial-of-service attacks and network intrusions carried out by LulzSec and its ilk, which require only minimal skill and marginal understanding of how networks and servers work, an APT is carried out by someone of very high skill who picks his targets carefully and sneaks inside them in a way that is difficult to detect, which allows access to the target system on an ongoing basis that may persist for years.

How did these attacks happen? Its very simple: Someone at the target organization received an email that looked legitimate, but which contained an attachment that wasn’t. This is called “spear phishing,” and it has become the weapon of choice for sophisticated cyber attackers. The attachments are not what they appear to be — Word documents or spreadsheets or other routine things — and contain programs that piggyback on the targeted user’s level of access to the network. These programs then download malware which gives the attackers further access. This all happens in an automated way, but soon after, live attackers log in to the system to dig through what they can find, copy what they can, and make a getaway — though they often leave the doors unlocked so they can come back for repeat visits.

Alperovitch notes — correctly, to my mind — that the phrase has been picked up and overused by the marketing departments of numerous security companies. His larger point is that too often those attacked in this way refuse to come forward and disclose what they’ve learned, thereby allowing the danger to continue for everyone else.

Alperovitch says that the data taken in Operation Shady RAT adds up to several petabytes worth of information. It’s not clear how it has been used. But, as he says, “If even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth.” It’s also bad for a target’s national security, because defense contractors dealing in sensitive military matters are often the targets. The best thing that can happen is that victims start talking about their attacks and sharing information with each other so that everyone can be ready for the next one, which is surely coming.

The photo, which appeared on the U.K.-based tech site shinyshiny.tv, is of Jake Davis, an 18-year-old resident of Britain’s Shetland Islands, specifically the island of Yell. The original photo appeared in the Instagram account of a user known as timbr. Update: Timbr turns out to be Tim Bradshaw of the Financial Times.

After reports surfaced suggesting that police may have been tricked into arresting the wrong person, police say they’re certain they have their man.

Davis appeared in a City of Westminster court this morning and was granted bail; he is next scheduled to appear in court on Aug. 30. He faces five charges related to distributed denial-of-service attacks against several sites, including, notably, the U.K.’s Serious Organized Crimes Agency in June.

Using the online handle “Topiary,” Davis had functioned as the group’s spokesman and gave interviews to the media about its activities. The group attracted a great deal of media attention for its numerous attacks against, among others, Sony, PBS, Nintendo, Britain’s National Health Service, the U.S. Senate, the U.S. Central Intelligence Agency, private affiliates of the FBI, and the Arizona Department of Public Safety.

The arrest in the U.K. followed a string of arrests in the United States, in which 16 people have been accused of being involved with the distributed denial-of-service attack against PayPal, the payment unit of eBay. LulzSec had in recent days been organizing a protest against PayPal, encouraging people to kill their accounts with the service.

LulzSec’s Twitter account has been quiet since July 27, the day the arrest was announced. And the Twitter account belonging to Topiary has been wiped of all messages, save for one saying “You cannot arrest an idea.” The Twitter account belonging to AnonymousIRC, the group under whose banner LulzSec briefly operated, included a message of support.

http://bit.ly/obmiaW | Stay strong, @atopiary. We will continue this, as your last tweet is truth. We, the people, silent no more. #AntiSec

August 1, 2011 4:56 am via TweetDeckReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

Topiary has a Twitter account, though it appears to have only one Tweet made on July 22.

You cannot arrest an idea.

July 21, 2011 7:02 pm via webReplyRetweetFavorite

@atopiary

Topiary

The arrest occurred as LulzSec and Anonymous jointly urged their supporters to boycott PayPal by closing their accounts and withdrawing any funds held in them and to use competing online money transfer products. PayPal, the payment unit of eBay, was the alleged victim of a series of denial of service attacks late last year for which numerous people in the U.S., U.K. and The Netherlands were arrested last week. The attacks were launched in sympathy for WikiLeaks after the PayPal account through which it accepted online donations was shut down.

“We encourage anyone using PayPal to immediately close their accounts and consider an alternative,” the group said in a statement released via Pastebin, which you can read in full below. “The first step to being truly free is not putting one’s trust into a company that freezes accounts when it feels like, or when it is pressured by the U.S. government.”

Anonymous claimed via its Twitter feed that 35,000 PayPal accounts had been closed.

Received some more information: At least 35.000 PayPal accounts have been closed today, likely much more to come. Proud of you! #OpPayPal

July 27, 2011 9:14 am via TweetDeckReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

A PayPal spokesperson disputed that in an email statement: “We haven’t seen any changes to our normal operations (including account opening and closing).”

Even if Anonymous’ claim of that number of account closures were true, the impact would be minimal. PayPal says it has 100 million active accounts in 190 markets and 25 currencies around the world. A loss of 35,000 accounts would amount to 0.035 percent of the account base, and couldn’t possibly exceed the flow of account terminations in a normal day. At that number, account cancellations can’t possibly be material, so at this point don’t expect any additional statement on the subject from PayPal.

Even so, eBay shares are down about 2 percent today, but I wouldn’t draw any connection between the boycott and its share price. Google, Apple and the Nasdaq itself are all down about 2 percent today.

The hacking group Anonymous claimed via its Twitter feed to have breached servers belonging to NATO, the North Atlantic Treaty Organization military alliance that has largely been responsible for the military defense of Europe since the end of World War II.

So far, three PDF copies of documents the group claimed to have taken in the attack were circulating on a sharing site devoted to PDF documents. Two were marked “NATO Restricted” and appear to have been removed from the PDFCast site.

I haven’t seen the first two, but the Telegraph described one as a working paper on communications systems used by NATO forces in Afghanistan, and was said to include technical and procurement information. A second concerned a plan to outsource communications for NATO forces stationed in Kosovo. If it sounds exciting, then I have some news for you: It’s not.

“Restricted” may sound important. As the Register points out, in the taxonomy of document labels, “Restricted” is for documents of relatively low importance. Anonymous is crowing like it has just broken into a trove of NATO’s deepest secrets. It appears instead they’ve taken some documents relating to relatively mundane workaday operations.

Higher up the scale are documents that get stamped “Confidential,” then “Secret” and then “Top Secret.”

A third document which just emerged via the @AnonymousIRC Twitter feed is a 59-page document concerning NATO security procedures. It is marked “NATO Unclassified” which is actually even lower on the totem pole than “Restricted.” The only restriction is that they’re subject to NATO copyright and can only be released with NATO permission. Not that NATO is going to care very much. This very document has been floating around since 2006.

We are sitting on about one Gigabyte of data from NATO now, most of which we cannot publish as it would be irresponsible. But Oh NATO….

July 21, 2011 4:57 am via Power TwitterReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

Hi NATO. Yes we haz more of your delicious data. You wonder where from? No hints, your turn. You call it war; we laugh at your battleships.

July 21, 2011 7:23 am via Power TwitterReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

This one isn’t restricted but ironic: http://t.co/A86jUGX | It describes security procedures within NATO. Well, seems nobody ever read them.

July 21, 2011 8:29 am via Power TwitterReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

NATO issued a statement saying that it is aware of the claim of the breach and is investigating. And it certainly will, but it’s not as if significant alarm bells are likely to be ringing at NATO Headquarters over this, at least not from the documents seen so far, though the group claims to be holding back on releasing some documents it says “most of which we cannot publish as it would be irresponsible.” It promises more releases in the coming days.

Meanwhile, if that weren’t enough, Anonymous and its ally LulzSec jointly taunted the FBI today. Responding to a quote given to National Public Radio in the story below, the groups issued a joint statement saying, “Your threats to arrest us are meaningless.” The statement appears below the radio story.

For those not keeping score, LulzSec is the group that claimed credit for attacking Sony umpteen times, then went on to attack other game companies and the U.S. Senate, then stole emails and other documents from servers belonging to the Arizona State Police. It also stole internal documents from AT&T.

LulzSec in recent weeks claimed it had been absorbed by the larger group Anonymous, but the lines appear to be blurring again, as it is at times active under its own banner. Two people connected to LulzSec’s activities were among 16 arrested in a nationwide FBI operation earlier this week. Fourteen others were arrested in connection with a denial of service attack against PayPal in sympathy with WikiLeaks.

The new statement is in reaction to a statement by an FBI assistant director saying the bureau wants to “send a message” about computer crime. The hacker group’s reaction essentially dares law enforcement to take further action. Something tells me they may get their wish.

The 14 arrested in Alabama, Arizona, California, Colorado, the District of Columbia, Florida, Massachusetts, Nevada, New Mexico and Ohio have been indicted by a federal grand jury in San Jose, California. I’ve embedded the complaint below.

Two others were arrested on similar charges on two separate complaints in Florida. The Florida case concerns the attack on InfraGard, the public-private information-sharing partnership affiliated with the FBI. The New Jersey case concerns the release of confidential documents stolen from AT&T. These would appear to be the first U.S. arrests connected with the LulzSec crew that’s been so active this summer.

Additionally, police in the U.K. arrested another person and police in The Netherlands arrested four more people in connection with the case.

The indictment names 14 people: Christopher Wayne Cooper, 23, a.k.a. “Anthrophobic;” Joshua John Covelli, 26, a.k.a. “Absolem” and “Toxic;” Keith Wilson Downey, 26; Mercedes Renee Haefer, 20, a.k.a. “No” and “MMMM;” Donald Husband, 29, a.k.a. “Ananon;” Vincent Charles Kershaw, 27, a.k.a. “Trivette,” “Triv” and “Reaper;” Ethan Miles, 33; James C. Murphy, 36; Drew Alan Phillips, 26, a.k.a. “Drew010;” Jeffrey Puglisi, 28, a.k.a. “Jeffer,” “Jefferp” and “Ji;” Daniel Sullivan, 22; Tracy Ann Valenzuela, 42; and Christopher Quang Vo, 22. One individual’s name has been withheld by the court, which suggests he or she is a juvenile.

The defendants are charged with conspiracy and intentional damage to a protected computer.

The 14 are accused of carrying out a December distributed denial of service attack against PayPal, the payment site owned by eBay. DDOS attacks are when attackers overwhelm a Web server with fake requests for attention at such a high volume that legitimate users can’t get through.

The group has also claimed responsibility for attacks against Visa, and at one point planned to attack Amazon. Various other factions connected to Anonymous have also attacked Sony and recently claimed responsibility for a hacking attack against the defense contractor Booz Allen Hamilton.

The FBI also made arrests today in the attack on the Web site of InfraGard, a non-profit group affiliated with the FBI itself. Scott Matthew Arciszewski, 21, was arrested today by FBI agents and charged with intentional damage to a protected computer. He’s been charged in the Middle District of Florida and has already appeared in a federal court in Orlando.

The complaint alleges that Arciszewski accessed without authorization the Tampa Bay InfraGard website and uploaded three files, and then Tweeted about it on Twitter.

InfraGard is a public-private partnership for critical infrastructure protection sponsored by the FBI with chapters in all 50 states.

In a related complaint unsealed in the District of New Jersey, the DOJ charged Lance Moore, 21, of Las Cruces, New Mexico with stealing confidential business information stored on AT&T’s servers and posting it on a public file sharing site. Moore is charged with one count of accessing a protected computer without authorization.

According to the New Jersey complaint, Moore, a customer support contractor for AT&T, exceeded his authorized access to AT&T’s servers and downloaded thousands of documents, applications and other files that, on the same day, he allegedly posted on a public file hosting site. That would be The Pirate Bay.

According to the complaint, on June 25, the computer hacking group LulzSec publicized that they had obtained confidential AT&T documents and made them publicly available on the Internet. The documents were the ones Moore had previously uploaded. He faces a maximum penalty of 10 years in prison and a $250,000 fine. Each count of conspiracy carries a maximum penalty of five years in prison and a $250,000 fine.

Here’s the indictment.

Indictment 7.19.11

[Image via Foxnews.com]

I’ve spoken with contacts at three FBI field offices — one here in New York, one in Los Angeles and another in San Francisco. I’m told that in New York search warrants were executed on homes in Brooklyn and in the towns of Baldwin and Merrick on Long Island. A source familiar with the investigation says that IP addresses that have come under scrutiny in the course of the investigation have led agents to search those addresses, but that no arrests have yet been made in New York.

Agents in California have made arrests, though the number and the names of those arrested have not yet been released. Additionally, Fox News is reporting that the FBI made arrests related to the investigation this morning in Florida and New Jersey, and that as many as a dozen people have been arrested in the operation nationwide. Obviously more information will be forthcoming as the situation develops.

The investigation is related specifically to the distributed denial-of-service attacks that were carried out last year and early this year against several companies in the U.S. The attacks were in sympathy with Wikileaks, which had just started disclosing its cache of leaked U.S. diplomatic cables. Visa, the credit card company, was one of its victims.

The group has grown recently as it absorbed another group of hackers calling itself LulzSec, which had harassed Sony in response to its lawsuits against a person who reverse engineered the security on the Playstation gaming console.

Arrests of Anonymous members have previously been reported in the U.K. , in Turkey and in Spain.

Fox has some raw video from the scene where one of the search warrants was executed on Long Island today. It’s below.

[Image and video via Fox News]

Yesterday, Booz Allen confirmed that its network had been attacked. On Monday, the hacker group Anonymous announced that it had penetrated Booz Allen’s network and posted to the file-sharing site The Pirate Bay a file containing some 90,000 email addresses of military personnel, plus “password hashes.” A hash is generally an encrypted version of a password, one that can’t be easily reversed to obtain the actual password.

AnonymousIRC is the new name of the gang formerly known as LulzSec. By working under the flag of Anonymous, the LulzSec hackers, who gained notoriety for repeated attacks against Sony, are associating themselves with the amorphous group that has harassed such targets as the Church of Scientology, PayPal and credit card companies. The group is promising at least two more data dumps this week.

Booz Allen downplayed the incident, saying in a statement, “at this time, we do not believe that the attack extended beyond data pertaining to a learning management system for a government agency.” A learning management system (LMS) is used to track the training of workers on the job, and it’s something Booz Allen helps the federal government with regularly. For instance, it works with the Office of Personnel Management to help federal agencies with on-the-job training.

As computer security breaches go, this one probably rates fairly low on the severity scale. It’s not clear from Booz Allen’s statement what the system was used for, or whether it was connected to any sensitive government work.

The larger concern is that military personnel whose addresses have been published in the file will next be targeted for attack via “spear phishing,” in which legitimate-looking email messages are sent to the target, containing attachments that look routine but are really malware that can capture a password. If they know what’s good for them, the folks whose addresses were leaked have changed their passwords and will carefully scrutinize email messages that contain attachments.

There is, however, a pretty good chance that many of the addresses publicized are out of date. Mililtary personnel move around a lot, and their email addresses often change when they move from one facility to another. By chance, I saw this message on Twitter from Phillip Stewart, who’s serving in the U.S. Air Force:

Ha! I just noticed my old Schriever.af.mil email is in the list, but I left Schriever a year ago. @egulley316 @AnonymousIRC #AntiSec

July 12, 2011 11:53 am via webReplyRetweetFavorite

@pmsyyz

Phillip Stewart

Booz Allen shares dipped a bit on the news, falling to $18.95 Monday from its Friday closing price of $19.39, but the shares recovered Tuesday to $19.54. Booz Allen listed its shares on the NYSE last year but is majority-owned by the Carlyle Group.

This isn’t the first time — nor will it be the last — that Booz Allen has been targeted for a cyber attack. A 2008 Businessweek cover story detailed how a legitimate-seeming email, appearing to have come from someone at the Pentagon and addressed to a Booz Allen executive, contained in an attachment malware called “Poison Ivy” that was designed to give the attacker remote control over the target’s PC. The email was traced to a sender in China. It’s incidents like this — which we rarely hear about — that are far more worrying than the ones we do hear about, day in and day out, from the likes of Anonymous.

As product endorsements go, it wasn’t one that CloudFlare CEO Matthew Prince would have sought. Nevertheless, it showed in a very public way that the company was onto something potentially big.

Now we get an idea of how big it might be. CloudFlare has been running so far on a relatively small Series A investment of $2 million from Venrock and Pelion Venture Partners. Today it announced that it has landed a beefy $20 million Series B round, led by New Enterprise Associates, with Venrock and Pelion also participating. Scott Sandell, a general partner at NEA, will join CloudFlare’s board of directors.

NEA has backed companies as varied as Atheros, the wireless chip company now owned by Qualcomm; Fusion-io, the chip-based server storage concern; and Groupon.

So what does CloudFlare do? Webmasters can — for free — point their domain name servers to CloudFlare’s, rather than those operated by their Web hosting provider. The result of that simple change adds the site to CloudFlare’s distributed network, which protects against common attacks by hackers and spammers and makes a site resistant to distributed denial-of-service attacks that typically overwhelm servers and knock sites offline.

CloudFlare evolved out of Project Honey Pot, a nonprofit project that aimed to fight spam by creating a distributed system to find and track spammers and the bots they use to harvest email addresses. Launched in 2004, it was basically a hobby for Prince and the other founders — until the day in 2007 that the Department of Homeland Security called to say it saw real value in the data the project had collected on how fraud is conducted online.

And like Project Honey Pot before it, CloudFlare gets better as more people use it. Hosted in 12 Equinix data centers around the world, it has the computing muscle to keep its customers’ sites online when a server crashes or a hacker with a botnet attacks. Pretty much anyone who operates a Web site can have it up and running in minutes. On top of its free service, CloudFlare offers a Pro account for $20 a month. A more powerful offering aimed at enterprises is coming in the fall, Prince says.

But there’s more to it than just security. It turns out, through an unexpected benefit of programming, that CloudFlare also has a tendency to make sites load faster than they do from their main servers. The initial worry was that adding a layer between the user and the site’s hosting servers would slow things down. Some obsessive attention to the code, intended to prevent that slow-down, had an interesting effect: Sites started loading 30 to 40 percent faster. From these two benefits comes the mantra you’ll hear Prince repeat often: “We help the Internet run faster and safer.”

Did I say CloudFlare is onto something? Prince reckons that about 200 million users visit CloudFlare-protected sites every month. He declined to say exactly how many sites are using CloudFlare, but characterized it as in the tens of thousands. He did say the service is adding roughly 1,000 new customers a day, from small personal sites to huge companies.

So what’s the plan for all that money? To build out CloudFlare’s team and create new services, some aimed at large enterprises, says Prince, who notes that a business-class service is coming soon. “We’ll be adding a lot of new features that our business customers have been asking for,” he says. After that comes the enterprise-class offering.

Beyond that lie some interesting services aimed at making the Web business easier. Case in point: SSL, or Secure Socket Layer, the Web’s primary security technology. “Right now it’s way too hard for Web masters to deploy SSL on their sites, and there are too few sites using it,” Prince says. “We think we can do something important to address that.” Another thing that’s too hard: The looming transition from IPv4 to IPv6. “The solutions that are being provided right now are too complicated, and we can do something about that,” Prince says.

One recent addition was the official election results site for the nation of Turkey, which held its general election on June 12. On the night before the election, its site administrator joined CloudFlare. “The next day we saw a lot of traffic from Turkey,” Prince says. Traffic from 75 million Turkish citizens all hitting “refresh” every few minutes would have brought nearly any Web site down, and at first it looked like a massive new distributed denial-of-service attack coming out of Turkey. “We quickly figured out what it was,” Prince says, “and suddenly we were really proud that we were able to keep that site online while the whole nation was coming through the service.”

In May, Sony started restoring services to many regions with the exception of a few countries, such as Japan. As of tomorrow, the PlayStation Network and Qriocity services will have been restored in all countries, Sony says.

The Japanese electronics giant was the subject of one of the biggest network attacks in history with nearly every one of its online gaming and entertainment properties getting hit, stretching back to March.

Since then, it has been busy conducting an investigation and adding considerable security enhancements to prevent such attacks in the future.

The attacks were reportedly conducted by LulzSec, a hacking troupe, that has targeted a number of gaming companies, including Nintendo, Eve Online and Bethesda Softworks.

The file was 600-plus megabytes and contained several things, including evidence that the group, or someone helping it out, had defaced a Navy civilian jobs board and a list of corporate networks belonging to numerous companies, including the Walt Disney Company. But the biggest thing inside that folder was a trove of documents apparently taken from wireless giant AT&T concerning the planned construction and rollout of its LTE network. (Incidentally, AT&T isn’t commenting on the documents, and so won’t say whether they’re authentic.)

Also nestled within that folder was yet another folder labeled BootableUSB. I didn’t think anything of it on a Saturday night. It didn’t occur to me that it would be odd for a folder with such a name to be included among a folder of documents looted from a company. I promptly forgot about it.

I found out today that directory, which in hindsight should have set off alarm bells, contained malware — trojans and worms and all sorts of nasty things that no one in their right mind would want. Anonymous, which has in the last 24 hours taken all of LulzSec’s members under its organizational wing (more on that in a moment), confirmed that the original torrent was infected.

@AJRockacy Downloading the torrent is fine. Just avoid the Bootable USB folder that contains .exe files. Clean torrent: http://t.co/iO98ivz

June 26, 2011 3:10 pm via TweetDeckReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

At least one of the folders, labeled WinRAR, contained malware that was masquerading as the legitimate version of WinRAR, a Windows compression utility. The StopMalvertising blog goes into significant detail here.

For the record, I took a screen shot of the directory’s contents, which to my eye looks a lot like a ticket to a headache-filled day for any Windows user. Thankfully I use a Mac. Anonymous says that a cleaned-up version of the torrent has been released. But if it’s all the same to you, I’ll avoid downloading this one. You can see the list of malware files in the pictures below. Click them to make them bigger. If you know what any of them are, leave a comment.

Word of the infected torrent — which I consider more supporting evidence that the LulzSec crew was really a bunch of neophytes and nowhere near the unstoppable super-hackers they’ve been made out to be — came on the same day that Anonymous announced it had absorbed LulzSec’s members under its own banner.

We like to clarify again: All LulzSec members are accounted for, nobody is hiding. Only a name was abandoned for the greater glory #AntiSec

June 27, 2011 4:37 am via TweetDeckReplyRetweetFavorite

@AnonymousIRC

AnonymousIRC

“AntiSec” refers to the “Anti Security movement” that LulzSec, in a rare moment of thoughtfulness, came up with to describe the closest thing it has to a philosophy. It’s the sort of thing that Anonymous, the amorphous batch of hackers sympathetic to Wikileaks, would seem to find attractive. Plus, for the LulzSec gang, there is — at least in theory — some added safety in larger numbers, though there’s been a lot of speculation that the two groups already share several overlapping members.

PREVIOUSLY:

• Despite All the Attention, LulzSec Hackers Failed
• At The Height Of Their Infamy, LulzSec Hackers Call It Quits
• Arizona Confirms LulzSec Docs Are Authentic, Worries About Officer Safety
• LulzSec Goes All Wikileaks On Arizona State Cops
• LulzSec Shrugs After Scotland Yard Nabs Hacking Suspect (Updated)
• LulzSec And Anonymous Team Up to Hack Governments and Banks
• Viral Video: LulzSec Gets Taiwanesed
• CIA Web Site Goes Down; LulzSec Takes Credit
• LulzSec Blasts Space Game Eve Online, Other Gaming Sites
• LulzSec Strikes Again, Hits Bethesda Softworks And U.S. Senate
• Turkey Arrests 32 Alleged Members of Anonymous, Days After Arrests in Spain
• Web Security Start-Up Cloudflare Gets Buzz, Courtesy of LulzSec Hackers
• No Hacks to Report at Xbox, But Microsoft Isn’t Letting Its Guard Down
• No LulzSec Hackers Have Been Arrested–At Least Not Yet
• LulzSec Posts More Sony Data, Amid Claim One of Them Is Arrested
  LulzSec Strikes Again, Claims Attack On Nintendo Server
  Sony Hacked for What Seems To Be the Umpteenth Time

• Sony’s Playstation Network Is Back. Sony’s Reputation Will Take a Little Longer.
• Exclusive: Sony Considers Offering Reward to Help Catch Hackers
• Anonymous Claims It Took No Credit Card Numbers From Sony
• Sony Implicates Anonymous in Attack; Group Denies Involvement
• Sony Apologizes For the Playstation Network Breach
• Sony Blames PlayStation Outage on “External Intrusion”

That means the time has come to render some early judgments on its impact. As of this writing, LulzSec’s Twitter feed has been followed by 281,560 people — which, if nothing else, gives some indication of its ability to get its name known on Twitter. The attraction was its seeming ability to cause computer havoc and get away with it. “Sticking it to the man,” whether the man is Sony, the FBI, the CIA or British police, is always a potent draw for a certain kind of young person who wishes they had the guts and the wherewithal to do exactly the same thing.

LulzSec first revealed itself by posting the names, addresses and phone numbers of thousands of contestants on the Fox TV program “The X Factor.” From there the group’s attention flitted all over the technocultural map. After posting transaction logs from ATM machines in the U.K., it turned its attention to the Japanese electronics giant Sony, still reeling from a separate attack that forced it to shut down its PlayStation gaming network for the better part of a month. LulzSec found numerous other Sony-affiliated sites easy prey.

Then the group showed the first hint of a political agenda, attacking a PBS Web site, pilfering user names and passwords of its staff, and posting a fake news story claiming the late rapper Tupac Shakur to be alive. The reason? It didn’t care for a Frontline documentary on Bradley Manning, the Army private who stands accused of stealing the diplomatic cables central to the WikiLeaks case. It wasn’t long before theories started to float that the membership of LulzSec might overlap with that of Anonymous, the amorphous band of WikiLeaks-loving hackers.

As the list of LulzSec’s claimed victims grew longer, its methods of attack and the motivations seemed to vary. One day it was posting in public the email addresses and passwords of users of a porn site, the next it was defacing Web sites belonging to Internet security firms, and after that, launching denial-of-service attacks against the CIA.

None of these attacks were technically sophisticated. Though they seemed “unstoppable hackers,” the techniques the gang used to attack its targets have been well known for years, suggesting instead a surprising lack of technical sophistication.

Its weapons of choice were basically two: SQL injection attacks and distributed denial-of-service attacks. A SQL (pronouned “sequel”) injection attack basically amounts to taking advantage of well-documented weaknesses in some versions of the SQL database language used on many Web sites. Sending queries to those databases — usually done by adding commands into the URL field of a Web browser — can cause those databases to behave in unexpected ways. Sites that are vulnerable can often be found with simple Google searches, and the attacks themselves are easy to carry out.

Try this for a metaphor: Imagine a burglar who knows that a certain type of window makes a house easy to break into. Naturally, he’s going to look for houses with that particular type of window, and take what he can from the houses that happen to have it. Sites using versions of SQL that are sloppily installed or not up to date make easy targets.

The information that LulzSec seemed to loot from the various sites it attacked had sort of a random quality to it. Having found a vulnerable site, it took what it could. For example, its attack on the Web server of the U.S. Senate didn’t contain anything embarrassing, but rather a dry and lengthy list of files on those servers used to build the Web sites belonging to U.S. senators.

Later, when it turned its attention to the CIA, LulzSec used its second favorite weapon of choice, the distributed denial-of-service attack. In a DDOS, a target computer is made useless by overwhelming it with too many requests for information. I liken it to making so many crank calls to a single phone that the person using that phone can’t make or receive routine calls. It’s not technically sophisticated, either.

While the CIA seems an impressive target, it’s not as if LulzSec were interfering with any top secret operations. For the few hours that CIA.gov was “tango down,” the public at large was unable to read CIA press releases, and schoolchildren were shut out from reading about the dogs in the CIA’s K9 Corps. Critical CIA business it’s not.

The group crossed a line from nonsense to potentially causing harm with its attack on the Arizona Department of Public Safety. The personal information on eight officers, including their home addresses and the names of their spouses, was publicly posted with reckless disregard for the potential blowback. Police officers already risk enough to protect and serve their communities. The point of the attack appeared to have something do with a controversial state law that’s currently being challenged in the courts.

It was after this attack that the heat seemed to increase. Irritated at LulzSec’s ability to generate news coverage about itself, coupled with a perceived lack of “real” hacking skill, rival gangs on the digital streets seethed in rage and sought to “dox” — or post personal details about — LulzSec’s purported members. The latest and seemingly most complete disclosure appeared Sunday . It details the overlapping membership of LulzSec, Anonymous and a group called Gnosis, which gained attention last year for attacking Gawker. If the information contained in the document is correct, then it’s only a matter of time before law enforcement catches up with LulzSec.

Now that its campaign of digital mischief is over, LulzSec’s members will go their separate ways. Barring arrest and conviction, some will take on other identities and return to hacking. Others will try to put these last 50 days behind them but will always be looking over their shoulders.

What’s changed? Hopefully CIOs both in government and the private sector will focus new energy on securing their networks and Web sites from common vulnerabilities that should have been patched years ago.

But did LulzSec’s “message” get through? I’d have to say no. The Arizona hack seemed the deadly serious exception to the rule, in a series of incidents that for the most part amounted to annoyances for all concerned. In the span of 50 days, LulzSec proved it was neither original, nor technically adept, nor intellectually focused enough to be motivated by anything that approached a coherent ideology. The available evidence suggests the group’s members were a bunch of misguided young people with too much time on their hands and precious few constructive outlets for their considerable energy.

They may or may not ultimately face the legal music for their digital joyrides, but they’ve certainly inspired a rash of copycats who will seek to pick up the torch and launch LulzSec-style Web attacks of their own. These others, in seeking to emulate the original, will only find themselves on the wrong side of the law and pay the consequences for their actions. As legacies go, it’s nothing that anyone should be proud of.

PREVIOUSLY:

• Despite All the Attention, LulzSec Hackers Failed
• At The Height Of Their Infamy, LulzSec Hackers Call It Quits
• Arizona Confirms LulzSec Docs Are Authentic, Worries About Officer Safety
• LulzSec Goes All Wikileaks On Arizona State Cops
• LulzSec Shrugs After Scotland Yard Nabs Hacking Suspect (Updated)
• LulzSec And Anonymous Team Up to Hack Governments and Banks
• Viral Video: LulzSec Gets Taiwanesed
• CIA Web Site Goes Down; LulzSec Takes Credit
• LulzSec Blasts Space Game Eve Online, Other Gaming Sites
• LulzSec Strikes Again, Hits Bethesda Softworks And U.S. Senate
• Turkey Arrests 32 Alleged Members of Anonymous, Days After Arrests in Spain
• Web Security Start-Up Cloudflare Gets Buzz, Courtesy of LulzSec Hackers
• No Hacks to Report at Xbox, But Microsoft Isn’t Letting Its Guard Down
• No LulzSec Hackers Have Been Arrested–At Least Not Yet
• LulzSec Posts More Sony Data, Amid Claim One of Them Is Arrested
  LulzSec Strikes Again, Claims Attack On Nintendo Server
  Sony Hacked for What Seems To Be the Umpteenth Time

• Sony’s Playstation Network Is Back. Sony’s Reputation Will Take a Little Longer.
• Exclusive: Sony Considers Offering Reward to Help Catch Hackers
• Anonymous Claims It Took No Credit Card Numbers From Sony
• Sony Implicates Anonymous in Attack; Group Denies Involvement
• Sony Apologizes For the Playstation Network Breach
• Sony Blames PlayStation Outage on “External Intrusion”

“For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could,” the group wrote in its statement.

The collection of files it released — LulzSec’s “booty” — which I downloaded, contained a mishmash of text and images intended to demonstrate, one last time, the group’s hacking prowess. Among the collection was an image of a U.S. Navy web site civilian jobs board that had been defaced with 11 entries reading “PabloEscobar AntiSec.”

Another file, entitled “Office Networks of Corporations,” is a text file containing what appear to be the IP addresses of internal corporate networks belonging to several media and telecommunications companies. Among those on the list are the Walt Disney Company, Sony — a favorite LulzSec target — Qwest Communications and the EMI Group.

By far the biggest file — clocking in at more than 600 megabytes — was a folder containing what appeared to be internal documents taken from AT&T. They include what seem to be planning documents, timelines, internal memos related to testing and other documents concerning the construction of AT&T’s LTE wireless network.

Another file appears to be an internal memo concerning the structure of an AOL network.

Another text file, entitled “silly routers,” contains a long list of IP addresses of routers, the networking equipment that functions as the traffic cops of the Internet. Next to each IP address are the creditials used to log in and make changes to the settings of those routers; however, in each case the username and password are “root” and “admin” or “root” and “root.”

The significance here is that “root” is the highest level of administrative access that can be gained on any computer. A user with “root” access has complete control over the system, and “gaining root” is the gold standard of practically any hacker attack. In this case the joke — or Lulz — is that the root accounts are guarded by default passwords, either “root” or “admin,” meaning they’re essentially unguarded. I traced a few of the IP addresses and found they correspond with addresses in Brazil, where a LulzSec branch — really more of a copycat group — has emerged in recent days.

So why is LulzSec calling it quits now at the height of its infamy? For one thing, the heat is clearly on. At least one person said to have ties to the group, a 19-year-old named Ryan Cleary, has been arrested in the U.K., and assuming the person they’ve arrested is guilty as charged, chances are that when the pressure is on, he’ll give Scotland Yard as much evidence as he can in exchange for a lighter sentence.

Additionally, more information has started to emerge about the group via rival gangs and people who are former members. The Guardian Newspaper on Friday published a fascinating account, including a lengthy chatroom transcript that provides a great deal of insight into the group’s inner workings. That this much information has wound up in the hands of a newspaper means that the cone of silence the groups members have relied upon to cover their tracks is starting to break down. Law enforcement agents looking to make more arrests will be combing through the logs looking for connections.

They’ll be looking for someone else like Cleary, who has a history of hanging around on the periphery of groups like LulzSec, and who may have knowledge of how they operate, or other identities they use online. If it plays out as other cases have, eventually investigators will hit upon another clue that will lead to the arrest of key member who will, when the pressure of the law is brought to bear, start naming names of the other members.

With that kind of heat, it behooves LulzSec’s members to go silent and split up, and stop creating any kind of digital trail that might lead to them. Chances are that each member will destroy any evidence in their possession that might implicate them personally: Hard drives will be wiped and perhaps physically destroyed. At the same time they’ll probably retain somewhere enough evidence that will help them finger other members in the event they’re arrested.

Then again, there may never be any more arrests. There are untold scores of infamous computer crimes committed for which no one ever got arrested.

One such group that comes to mind is Hacking for Girliez, which in 1998 defaced the Web site of the New York Times. (See a mirror of what they put up here.) The people who carried out the attack later granted an interview to Forbes Magazine, but were never heard from again. No one ever faced charges in that incident, and the statute of limitations has long since expired.

LulzSec’s members could find a way to quietly fade into digital obscurity in the same way that Hacking for Girliez did more than a decade ago. But then much depends on how well its members can keep their mouths shut. Part of their appeal was their ability to brag about their conquests so publicly and with apparent impunity. If each of the group’s six members can resist the urge to brag that they were once part of the Internet’s most infamous gang of troublemakers, they might just get away with it.

LulzSec’s farewell Tweet and statement are below.

50 Days of Lulz statement: http://t.co/GbAD070 | Torrent: http://t.co/lGsJ4PU Thank you, gentlemen. #LulzSec

June 25, 2011 4:03 pm via webReplyRetweetFavorite

@LulzSec

The Lulz Boat

PREVIOUSLY:

• Despite All the Attention, LulzSec Hackers Failed
• At The Height Of Their Infamy, LulzSec Hackers Call It Quits
• Arizona Confirms LulzSec Docs Are Authentic, Worries About Officer Safety
• LulzSec Goes All Wikileaks On Arizona State Cops
• LulzSec Shrugs After Scotland Yard Nabs Hacking Suspect (Updated)
• LulzSec And Anonymous Team Up to Hack Governments and Banks
• Viral Video: LulzSec Gets Taiwanesed
• CIA Web Site Goes Down; LulzSec Takes Credit
• LulzSec Blasts Space Game Eve Online, Other Gaming Sites
• LulzSec Strikes Again, Hits Bethesda Softworks And U.S. Senate
• Turkey Arrests 32 Alleged Members of Anonymous, Days After Arrests in Spain
• Web Security Start-Up Cloudflare Gets Buzz, Courtesy of LulzSec Hackers
• No Hacks to Report at Xbox, But Microsoft Isn’t Letting Its Guard Down
• No LulzSec Hackers Have Been Arrested–At Least Not Yet
• LulzSec Posts More Sony Data, Amid Claim One of Them Is Arrested
  LulzSec Strikes Again, Claims Attack On Nintendo Server
  Sony Hacked for What Seems To Be the Umpteenth Time

• Sony’s Playstation Network Is Back. Sony’s Reputation Will Take a Little Longer.
• Exclusive: Sony Considers Offering Reward to Help Catch Hackers
• Anonymous Claims It Took No Credit Card Numbers From Sony
• Sony Implicates Anonymous in Attack; Group Denies Involvement
• Sony Apologizes For the Playstation Network Breach
• Sony Blames PlayStation Outage on “External Intrusion”

Steve Harrison, a spokesman for the Arizona Department of Public Safety told Dow Jones Newswires last night that the documents appear to be the real deal, and that the hacker group probably penetrated the email accounts of as many as eight officers, obtaining the names of spouses, mobile phone numbers and home addresses.

State cops condemned the release, speaking this morning through the Arizona Highway Patrol Association. “Law enforcement officials go to many lengths to protect their identities,” said AHPA president Jimmy Chavez. “These individuals maliciously released confidential information knowing the safety of DPS employees, and their families, would be compromised. A threat to release more DPS files demonstrates how heinous the hackers are willing to act. The AHPA would like to see the people brought to justice and prosecuted to the highest degree of the law.”

LulzSec, having pivoted from attacking Sony and other video game companies to suddenly making grander politically-motivated gestures, singled out the agency because of LulzSec’s opposition to SB-1070, a controversial piece of legislation in Arizona that would require people to carry proof with them at all times that they’re in the U.S. legally, in case they’re stopped by police. The legislation also gives police a lot of latitude in stopping people they suspect of being illegal aliens, which critics of the law say encourages racial profiling. It also seeks to crack down on people helping illegal aliens by giving them shelter, work or transportation. It’s currently the subject of a federal lawsuit challenging its constitutionality.

The AZDPS Web site appears to be down this morning as its IT crew combs through its system to assess the damage. The Arizona Republic reports that Gov. Jan Brewer has been briefed on the incident. The agency says that no information that would compromise a current investigation was part of the leak.

PREVIOUSLY:

• Despite All the Attention, LulzSec Hackers Failed
• At The Height Of Their Infamy, LulzSec Hackers Call It Quits
• Arizona Confirms LulzSec Docs Are Authentic, Worries About Officer Safety
• LulzSec Goes All Wikileaks On Arizona State Cops
• LulzSec Shrugs After Scotland Yard Nabs Hacking Suspect (Updated)
• LulzSec And Anonymous Team Up to Hack Governments and Banks
• Viral Video: LulzSec Gets Taiwanesed
• CIA Web Site Goes Down; LulzSec Takes Credit
• LulzSec Blasts Space Game Eve Online, Other Gaming Sites
• LulzSec Strikes Again, Hits Bethesda Softworks And U.S. Senate
• Turkey Arrests 32 Alleged Members of Anonymous, Days After Arrests in Spain
• Web Security Start-Up Cloudflare Gets Buzz, Courtesy of LulzSec Hackers
• No Hacks to Report at Xbox, But Microsoft Isn’t Letting Its Guard Down
• No LulzSec Hackers Have Been Arrested–At Least Not Yet
• LulzSec Posts More Sony Data, Amid Claim One of Them Is Arrested
  LulzSec Strikes Again, Claims Attack On Nintendo Server
  Sony Hacked for What Seems To Be the Umpteenth Time

• Sony’s Playstation Network Is Back. Sony’s Reputation Will Take a Little Longer.
• Exclusive: Sony Considers Offering Reward to Help Catch Hackers
• Anonymous Claims It Took No Credit Card Numbers From Sony
• Sony Implicates Anonymous in Attack; Group Denies Involvement
• Sony Apologizes For the Playstation Network Breach
• Sony Blames PlayStation Outage on “External Intrusion”

The release, some 446 megabytes of documents that are considered sensitive, is intended, the group says, as a retaliation for a controversial Arizona state law that makes it legal for police officers to question anyone they suspect of being an illegal immigrant. The documents were released via the BitTorrent tracker site The Pirate Bay. More such releases are coming, LulzSec said.

“We are targeting AZDPS specifically because we are against SB1070 and the racial-profiling anti-immigrant police state that is Arizona,” the group said in its latest statement.

LulzSec had been promising that it would release its first Payload on Friday; it was announced on Twitter not long after midnight London time. Their typical pattern suggests they’re active during the night and early morning hours U.K. time, making the fact that Scotland Yard arrested a 19-year old linked to the group all the more interesting.

Presenting Chinga La Migra: http://t.co/tQZ1uro | http://t.co/apl4g7J #AntiSec

June 23, 2011 3:56 pm via webReplyRetweetFavorite

@LulzSec

The Lulz Boat

The release followed a day during which a rival group claimed to have attacked and defaced a Web site said to belong to a LulzSec member. The other group of hackers, calling itself TeaMp0isoN — or, in English, Team Poison — a group with a long history of defacing Web sites going back to mid-2009. Fox News managed to interview someone with that group, who called LulzSec a bunch of “script kiddies,” an epithet meant to convey the idea that for all the media attention it has attracted in recent weeks, LulzSec’s actual hacking skills aren’t terribly impressive.

The group defaced a Web site belonging to someone in the Netherlands they say is a member of LulzSec and are on a campaign to name LulzSec members and out them to police. As always, their claims are impossible to vet. But they do suggest that all the media noise that LulzSec is making is starting to grate on other members of the so-called hacker underground. Team Poison isn’t the first to express such sentiment. A group calling itself Web Ninjas has sought to expose the people it says are LulzSec members. And another possibly connected person or group tried to do the same thing before that, and even claimed an arrest that hadn’t occurred.

PREVIOUSLY:

• Despite All the Attention, LulzSec Hackers Failed
• At The Height Of Their Infamy, LulzSec Hackers Call It Quits
• Arizona Confirms LulzSec Docs Are Authentic, Worries About Officer Safety
• LulzSec Goes All Wikileaks On Arizona State Cops
• LulzSec Shrugs After Scotland Yard Nabs Hacking Suspect (Updated)
• LulzSec And Anonymous Team Up to Hack Governments and Banks
• Viral Video: LulzSec Gets Taiwanesed
• CIA Web Site Goes Down; LulzSec Takes Credit
• LulzSec Blasts Space Game Eve Online, Other Gaming Sites
• LulzSec Strikes Again, Hits Bethesda Softworks And U.S. Senate
• Turkey Arrests 32 Alleged Members of Anonymous, Days After Arrests in Spain
• Web Security Start-Up Cloudflare Gets Buzz, Courtesy of LulzSec Hackers
• No Hacks to Report at Xbox, But Microsoft Isn’t Letting Its Guard Down
• No LulzSec Hackers Have Been Arrested–At Least Not Yet
• LulzSec Posts More Sony Data, Amid Claim One of Them Is Arrested
  LulzSec Strikes Again, Claims Attack On Nintendo Server
  Sony Hacked for What Seems To Be the Umpteenth Time

• Sony’s Playstation Network Is Back. Sony’s Reputation Will Take a Little Longer.
• Exclusive: Sony Considers Offering Reward to Help Catch Hackers
• Anonymous Claims It Took No Credit Card Numbers From Sony
• Sony Implicates Anonymous in Attack; Group Denies Involvement
• Sony Apologizes For the Playstation Network Breach
• Sony Blames PlayStation Outage on “External Intrusion”

The arrest of a 19-year-old came in the wake of word that the U.K.’s Office for National Statistics is looking into the possibility that some data from the 2011 Census may have been stolen. There was a claim on Pastebin by someone claiming to be part of LulzSec that they had conducted just such an attack. On its Twitter feed, LulzSec denied any role in attacking the U.K. Census, but it expressed support.

Seems the glorious leader of LulzSec got arrested, it’s all over now… wait… we’re all still here! Which poor bastard did they take down?

June 21, 2011 6:27 am via webReplyRetweetFavorite

@LulzSec

The Lulz Boat

LulzSec, of course, is the group that claims to have hacked several Sony Web sites, as well as a Nintendo site, then the gaming servers of a couple of companies. It has also attacked the Web site of the CIA and of private affiliates of the FBI. As recently as yesterday it claimed to have carried out a denial-of-service attack against a British police agency.

Scotland Yard isn’t yet saying much about the arrest, but did say in a statement that it was in connection with computer attacks carried out against several companies, including denial of service attacks that LulzSec has been openly bragging about for days. It also said it is cooperating with the FBI.

The Wall Street Journal quoted a source familiar with the matter saying that the person arrested “may be a member of LulzSec,” but that can be difficult to pin down in these situations. The person could be merely a sympathizer emulating LulzSec’s methods but without taking the same care to avoid detection. Or it may be a person operating on the fringes of the group in some way.

For what it’s worth, there was yet another claim by the group Web Ninjas, a rival faction that says it wants to expose LulzSec members, that the person arrested goes by the name Ryan and that his is just the first arrest of several that are coming. “Well bad news for LulzSec, count your days as we count your heads, How about this for LULZ?” they wrote. The Web Ninjas go on to describe “Ryan” as the administrator of the IRC chat server supposedly used by LulzSec. But as I said yesterday, it’s difficult to sort out all these claims and counterclaims. We have, of course, seen similar claims before.

Meanwhile, if LulzSec is worried, it isn’t showing any evidence of it. It’s promising to publish more data it has been given.

Thank you to the supporters who have assisted in leaks. Like @WikiLeaks, our sources remain anonymous. Leak payloads are being decided now.

June 20, 2011 8:41 pm via webReplyRetweetFavorite

@LulzSec

The Lulz Boat

Update: LulzSec is now confirming at least some of the Web Ninja account. In a series of Twitter updates starting about an hour ago, the group said that the person initially identified as Ryan “is not a member of LulzSec,” though the group does acknowledge a connection. See the tweets below, one of which links to a Sky News report that I’ve embedded further down.

Ryan Cleary is not part of LulzSec; we house one of our many legitimate chatrooms on his IRC server, but that’s it. http://t.co/98VflEi

June 21, 2011 11:48 am via webReplyRetweetFavorite

@LulzSec

The Lulz Boat

Clearly the UK police are so desperate to catch us that they’ve gone and arrested someone who is, at best, mildly associated with us. Lame.

June 21, 2011 11:54 am via webReplyRetweetFavorite

@LulzSec

The Lulz Boat

PREVIOUSLY:

• LulzSec And Anonymous Team Up to Hack Governments and Banks
• Viral Video: LulzSec Gets Taiwanesed
• CIA Web Site Goes Down; LulzSec Takes Credit
• LulzSec Blasts Space Game Eve Online, Other Gaming Sites
• LulzSec Strikes Again, Hits Bethesda Softworks And U.S. Senate
• Turkey Arrests 32 Alleged Members of Anonymous, Days After Arrests in Spain
• Web Security Start-Up Cloudflare Gets Buzz, Courtesy of LulzSec Hackers
• No Hacks to Report at Xbox, But Microsoft Isn’t Letting Its Guard Down
• No LulzSec Hackers Have Been Arrested–At Least Not Yet
• LulzSec Posts More Sony Data, Amid Claim One of Them Is Arrested
  LulzSec Strikes Again, Claims Attack On Nintendo Server
  Sony Hacked for What Seems To Be the Umpteenth Time

• Sony’s Playstation Network Is Back. Sony’s Reputation Will Take a Little Longer.
• Exclusive: Sony Considers Offering Reward to Help Catch Hackers
• Anonymous Claims It Took No Credit Card Numbers From Sony
• Sony Implicates Anonymous in Attack; Group Denies Involvement
• Sony Apologizes For the Playstation Network Breach
• Sony Blames PlayStation Outage on “External Intrusion”

First off, the group announced on Twitter an alliance of sorts with Anonymous, the hacker group that made headlines earlier this year for its attacks in support of Wikileaks.

#AntiSec begins today: http://t.co/2WuLmMQ Prepare yourselves. Join us, join #Anonymous, join the fleet – become a lulz lizard.

June 19, 2011 9:34 pm via webReplyRetweetFavorite

@LulzSec

The Lulz Boat

In its new campaign, which it has dubbed Operation Anti-Security (or by the Twitter hashtag #AntiSec), the group says it has declared “immediate and unremitting war” on governments and corporations. Its top priority is to “steal and leak any classified government information,” including but not limited to email and documentation. “Prime targets are banks and other high-ranking establishments,” it said in a document released via Pastebin.

Their first target appeared to be the U.K.’s Serious Organised Crime Agency, also known as SOCA. In yet another tweet, LulzSec announced that the agency’s Web site was “Tango Down,” indicating it had been hit with a denial of service attack meant to make it inaccessible to legitimate users.

Tango down – http://t.co/JhcjgO9 – in the name of #AntiSec

June 20, 2011 8:46 am via webReplyRetweetFavorite

@LulzSec

The Lulz Boat

In another development, which LulzSec is as yet ignoring, a rival faction has emerged calling itself the Web Ninjas and claiming to have named LulzSec’s various members. The claims were naturally impossible to independently verify, though they likely constitute leads that many law enforcement agencies will follow up on.

It’s not the first time someone has attempted to name a supposed member of LulzSec. Earlier this month, someone posting to the Full Disclosure mailing list claiming that a member of the group had been arrested by the FBI in Long Island, New York. The arrest claim didn’t check out, and the person who made the claim hasn’t been heard from again so far as I’m aware.

Besides, in the always shifting world of the hacker underground, allegiances and motivations can change faster than a teenager’s mood. The scene is rife with numerous cases of false flags and red herrings that may be meant to implicate an enemy, or indeed to throw investigators off the trail.

PREVIOUSLY:

• Viral Video: LulzSec Gets Taiwanesed
• CIA Web Site Goes Down; LulzSec Takes Credit
• LulzSec Blasts Space Game Eve Online, Other Gaming Sites
• LulzSec Strikes Again, Hits Bethesda Softworks And U.S. Senate
• Turkey Arrests 32 Alleged Members of Anonymous, Days After Arrests in Spain
• Web Security Start-Up Cloudflare Gets Buzz, Courtesy of LulzSec Hackers
• No Hacks to Report at Xbox, But Microsoft Isn’t Letting Its Guard Down
• No LulzSec Hackers Have Been Arrested–At Least Not Yet
• LulzSec Posts More Sony Data, Amid Claim One of Them Is Arrested
  LulzSec Strikes Again, Claims Attack On Nintendo Server
  Sony Hacked for What Seems To Be the Umpteenth Time

• Sony’s Playstation Network Is Back. Sony’s Reputation Will Take a Little Longer.
• Exclusive: Sony Considers Offering Reward to Help Catch Hackers
• Anonymous Claims It Took No Credit Card Numbers From Sony
• Sony Implicates Anonymous in Attack; Group Denies Involvement
• Sony Apologizes For the Playstation Network Breach
• Sony Blames PlayStation Outage on “External Intrusion”