Excerpt:
‘Anonymous’ hacks security firm that probed its membership
By Eric W. Dolan
Monday, February 7th, 2011 -- 10:01 am
The online group of hacktivists known as "Anonymous" infiltrated the network and websites of an Internet security company after learning the company planned to sell information about the group to the FBI.
The website of Washington DC-based HBGary Federal was hijacked Sunday along with the Twitter account of CEO Aaron Barr. The company's website was defaced with a message that read, "This domain seized by Anonymous under section #14 of the rules of the Internet."
"Your recent claims of 'infiltrating' Anonymous amuse us, and so do your attempts at using Anonymous as a means to garner press attention for yourself," the messaged continued. "How's this for attention?"
Barr told the Financial Times over the weekend that he had identified the "core leaders" of the group and had information that could lead to their arrest.
He told the Times he infiltrated "Anonymous" to demonstrate the security risks to organizations from social media and networking.
In addition to hacking the company's website and Twitter account, "Anonymous" gained access to more than 44,000 company e-mails, which were released to the public in a 4.71 gigabyte Torrent file. The group also gained access to the report that was allegedly going to be sold to the FBI and posted it online (.pdf).
"Anonymous" claims that most of the information gathered was either publicly available or inaccurate.
"The lack of quality in Aaron Barr's undertaken research is worth noting," the group said in a statement. "Aaron Barr missed a great deal of information that has been available online, and in fact failed to identify some of those whose identities were never intended to be hidden. People such as DailyKos' diarist blogger Barrett Brown, and the administrator of anonnews.org, joepie91, whose identities could have been found in under a minute with a simple Google search."
"Anonymous does not have leaders," the statement added. "We are not a group, we are not an organization. We are just an idea. What we have done today will appear harsh. It is harsh. We will respond to those who seek to threaten us. We understand that our participants have been concerned about recent FBI raids and companies such as HBGary Federal lurking and logging our chats, so we’ve given all of Anonymous a message: we will fight back."
Burr reportedly talked to members of "Anonymous" in an IRC chatroom, claiming he never intended to sell the information he gathered to the FBI.
"Ok I am going to say this one more time," he told the room. "I did this for research. The FBI called me because of my research. The email you are referring to about selling data was about a model built on this type of research. It was not to sell specifically this data. I was going to use it to describe the process of how social media exploitation works."
"Do I regret it now? Sure," he told Forbes on Monday. "I’m getting personal threats from people, and I have two kids. I have two four-year old kids. Nothing is worth that."
"I had expected some potential retribution," he said. "I knew some folks would take my research as some kind of personal attack which it absolutely was not. I thought they might take down our Web site with a DDoS attack. I did not prepare for them to do what they did."
Barr told Forbes he had to unplug his router at home because "Anonymous" was trying to crack it.
Three teenagers aged 15, 16 and 19 along with two men, aged 20 and 26, were arrested by British authorities January 27 for their involvement in "recent and ongoing" attacks by "Anonymous." The FBI announced mass raids across the United States on the same day, executing more than 40 search warrants throughout the nation.
In a campaign known as "Operation Payback" those participating in "Anonymous" succeeded in taking down the online operations of PayPal, MasterCard Worldwide, Visa, Swiss bank PostFinance and others using a technique called "distributed denial of service" (DDoS) attacks. The companies were targeted after they dropped their financial services to WikiLeaks.
The group has also targeted the websites of a number of governments, including Tunisia, Zimbabwe, Egypt, Yemen, and Italy.
Updated Feb 7, 2011 at 3:50pm EST.
http://blogs.villagevoice.com/runninscared/2011/02/anonymous_hacke_1.php
Excerpt:
Anonymous Hackers to Aaron Barr: Snitches Get Online Stitches
,
The anarchic and amorphous hacker group Anonymous unleashed its online fury Sunday on Aaron Barr, a computer security expert with plans to tell the FBI everything he's gathered about the group. They took over his Twitter, covered it with racial slurs, published his social security number and proceeded to expose 50,000 of his company emails, available for download in one convenient file. Anonymous also messed with his company website, which is now down. All because he told the Financial Times that "he had collected information on the core leaders, including many of their real names, and that they could be arrested if law enforcement had the same data." So they took him to online war.
More on Barr's research:
Mr Barr said he penetrated Anonymous as part of a project to demonstrate the security risks to organisations from social media and networking. He is presenting his research later this month at a conference in San Francisco.
...
Using LinkedIn, Classmates.com, Facebook and other sites, Mr Barr also burrowed deep enough into a US military group and a US nuclear plant that he could trick workers there to click on web links that, if they had been malicious, could have installed spying software on their computers. Such "social engineering" hacks are a major vulnerability for companies targeted in industrial espionage.
To punish him, Anonymous -- an enemy of Scientology and governments in Tunisia, Egypt and so on -- cornered Barr in a chat room to let him know that they had all of his findings about the group and his personal information. As reported by Gawker, from inside the chat:
"All your emails were dropped. Meaning we know you were trying to sell your fucking research to the FBI. And the sad thing is the names and info in that document//research is all fucking fake... you could have gotten a lot of random innocent people arrested," wrote one Anonymous member.
"That's an old version of my research.... not trying to sell it... much has changed," Barr wrote.
"I saw your latest data and it's all the same shit," snapped back another Anonymous member.
"They didn't just pick on any company, but we try to protect the US government from hackers," said Greg Hoglund, the founder of HBGary, which employs Barr. "They couldn't have chosen a worse company to pick on."
But on Twitter, the nature of Anonymous persisted: "Today we taught everyone a lesson. When we actually decide to bite back against those who try to bring us down, we bite back hard. #gameover." And: "Anonymous finds the line and then crosses it." Hashtag? #noregrets.
 |
Excerpt:
Greg Hoglund is a well known member of the security community including the Black Hat Society and a published author on the subject of computer security and computer hacking. He is, among other things, the author of Exploiting Online Games. Hoglund drew the attention of the media when he exposed the functionality of Blizzard Entertainment's Warden software.[1]
Hoglund has published numerous works in the field of security:
- Active Reversing: The Next Generation of Reverse Engineering, BlackHat 2007 USA/Europe, ([1])
- Exploiting Online Games, Addison Wesley, 2007, (official book page)
- Rootkits, Subverting the Windows Kernel, ISBN 0321294319, ISBN 9780321294319(Related book page)
- Hacking World of Warcraft: An Exercise in Advanced Rootkit Design, BlackHat 2005/2006 USA/Europe/Asia, ([2])
- Exploiting Software, Addison Wesley, 2004, ISBN 0-201-78695-8 (official book page)
- VICE - Catch the Hookers!, BlackHat 2004 USA, ([3])
- Runtime Decompilation, BlackHat Windows Security 2003 Asia, ([4])
- Exploiting Parsing Vulnerabilities, BlackHat 2002 USA/Asia, ([5])
- Application Testing Through Fault Injection Techniques, BlackHat Windows Security 2002 USA/Asia, ([6])
- Kernel Mode Rootkits, BlackHat 2001 USA/Europe/Asia, (Hoglund)
- Advanced Buffer Overflow Techniques, BlackHat 2000 USA/Asia, (Hoglund)
- A *REAL* NT Rootkit, patching the NT Kernel, 1999, Phrack magazine, (Phrack Magazine article)
- HBGary, Inc. Focused on reverse engineering malware and insider threat response. (hbgary.com)
- Cenzic, Inc. Focused on web application security for the Fortune-500. (cenzic.com)
- Bugscan, Inc. Developed an appliance that would scan software for security vulnerabilities without sourcecode. Acquired in 2004 by LogicLibrary, Inc.[2]
Excerpt:
Greg Hoglund - ClickToSecure, Inc.
Kernel Mode Rootkits: Stealth and Subversion of Trust
This talk will draw upon the work of www.rootkit.com, a group of individuals that have maintained and distributed a kernel-mode rootkit for Windows NT/2000. The talk will cover the following details:
0. What is a rootkit?
1. How kernel-mode affects host-security
2. How to subvert file-access and fool file-integrity analysis. a. trojan file handles
3. How to talk directly to the network without a TCP/IP stack. a. NIDS layer communications
4. How to modify trusted system-calls. a. hook software interrupts. b. hook NTDLL
5. How to inject code into the kernel. a. ZwLoadDriver. b. The Registry. c. infection of device drivers. d. SystemLoadAndCallImage
6. How to deploy rootkit-code like a virus. a. software interrupts as a covert channel. b. viral infection of system drivers
7. How to subvert the Windows NT/2000 EventLog. a. stealing file handles b. patching eventlog functions
8. Subverting Access-Control. a. SeAccessCheck. b. Backdoors.
9. Spawning win32 processes.
10. Stealth. a. Hiding threads from a debugger. b. Hiding processes under NT/2000. c. Hiding drivers under NT/2000.
11. How to detect a rootkit
12. Sample rootkit code available
Greg Hoglund is an accomplished software engineer and researcher. He has written and been involved in many commercial security products. Hoglund
currently works for Click To Secure, Inc. where his work is focused on automated software-security analysis and the product known as 'Hailstorm'. Hoglund recently contributed to 'Hack Proofing Your Network/Internet Tradecraft' published by Syngress. His other work includes research and speaking about software vulnerabilities, buffer overflows, and issues related to NT security.
Their Presentation! Complete mirror of Rootkit.com with source code (Zip 1,554k)
http://www.cigital.com/silverbullet/feed/
Excerpt:
Show 016 – An Interview with Greg Hoglund
Thursday, July 12, 2007, 3:38:30 PM | rmacmich
On the 16th episode of The Silver Bullet Security Podcast, Gary talks with Greg Hoglund, who runs the popular rootkit.com, CEO of HB Gary, and co-author of Rootkits: Subverting the Windows Kernel and Exploiting Software. In addition to shameless self-promotion of their new book, Exploiting Online Games, Gary and Greg discuss the natural tendency of certain types of code to allow exploits, how disclosure is a good thing when it comes to revealing exploits, and the use of rootkits by the “good guys.” Greg also makes us concerned that his 11-year-old daughter may 0wn our box.
- Rootkit.com
- HB Gary
- Greg’s Blackhat presentation from 2006: Hacking World of Warcraft(r): An Exercise in Advanced Rootkit Design [rar, 2.35M]
- Exploiting Online Games
- AWL Software Security Series
silverbullet-016.mp3http://gawker.com/#!5753570/anonymous-hackers-pay-back-fbi-snitch-with-50000-leaked-emails
Excerpt:
Anonymous Hackers Pay Back FBI Snitch with 50,000 Leaked Emails
Adrian Chen — Right now you can download a 4.7 gigabyte file full of about 50,000 emails stolen from a computer security expert named Aaron Barr. That's what happens when you cross the hacking collective Anonymous.
http://www.thehackernews.com/
Excerpt:
Albania Security Group Hack more than 1000 Facebook Pages In One day !
WikiLeaks nominated for Nobel Peace !
• Certified Ethical Hacker Version 7 (CEHv7) has arrived !! Amarjit Singh's Site Hacked by Mr.Trojan !
Monday, February 7, 2011
ClassicCars.com hacked by Indonesian hackers !8
Late yesterday evening website classiccars.com had been defaced. While it's not shocking news that another site of the millions on the internet has been hacked, this one was unusual in that the defacement seemed to be nothing more than an advertisement for the hackers.Ten years ago hacking for bragging rights was a somewhat common practice, but today most attacks are more silent and are designed to steal information. I poked around to find out...
Continue...
ClassicCars.com hacked by Indonesian hackers ! : The Hacker News ~ http://www.thehackernews.com/2011/02/classiccarscom-hacked-by-indonesian.html
HBGary Federal hacked and exposed by Anonymous !7SharePosted by The Hacker News on 8:25 AM 0 comments
As the coin was tossed to kick off Superbowl XLV, Anonymous unleashed their anger at a security firm who had been investigating their membership.HBGary Federal had been working on unmasking their identities in cooperation with an FBI investigation into the attacks against companies who were cutting off WikiLeaks access and financing. Unlike the DDoS attacks for which Anonymous has made headlines in recent months, this incident involved true hacking...
Continue...
HBGary Federal hacked and exposed by Anonymous ! : The Hacker News ~ http://www.thehackernews.com/2011/02/hbgary-federal-hacked-and-exposed-by.html
Nasdaq confirms its network was hacked !4SharePosted by The Hacker News on 7:11 AM 0 comments
The tech-oriented Nasdaq stock exchange has confirmed that its network has been hacked and its customers have been notified.In a written statement to the Wall Street Journal (WSJ) Nasdaq said it had discovered some malware files installed on a part of its network called Directors Desk – a system designed to allow company boards to store and share documents. "The files were immediately removed and at this point there is no evidence that any Directors...
Continue...
Nasdaq confirms its network was hacked ! : The Hacker News ~ Now !!!
http://www.bnet.com/news-analysis/media/russia-expels-uk-journalist-reporting/92708
Russia expels UK journalistExcerpt:
Guardian journalist expelled from Moscow
Financial Times - 15013 days 6 hours 57 minutes ago http://www.msnbc.msn.com/id/41461551/ns/world_news-europe/
Excerpt:
Russia expels British journalist who wrote of 'mafia state' allegation
'For you Russia is closed,' officials tell reporter who covered WikiLeaks
LONDON — Russia has expelled a British journalist who wrote about allegations the country under Vladimir Putin
has become a "virtual mafia state," reports the Guardian newspaper of London.
Luke Harding, the Guardian's Moscow correspondent, is believed to be the first British staff journalist removed from the country since the end of the cold war, the Guardian said.
Harding wrote about Wikileaks cables for the newspaper and included the allegations about the Russia, the Guardian said.
Russia refused to let Harding in when he flew back to Moscow over the weekend after spending two months in London on the Wikileaks reporting, the paper said.
Harding's passport was checked on his arrival, the Guardian said. After 45 minutes in an airport cell, Harding was sent back to the United Kingdom on the first available plane, it said.
His visa was annulled and his passport was returned to him on the plane, the paper said.
All Harding was told by airport security official working for the Federal Border Service was, "For you Russia is closed," the Guardian said.
"This is clearly a very troubling development with serious implications for press freedom, and it is worrying that the Russian government should now kick out reporters of whom they disapprove," said Alan Rusbridger, Guardian editor-in-chief. "Russia's treatment of journalists — both domestic and foreign — is a cause of great concern. We are attempting to establish further details, and are in contact with the Foreign Office."
http://www.guardian.co.uk/profile/lukeharding
Excerpt:
Click the link and see Luke Harding speak. The story behind Wikileaks: Inside Julian Assange's War on Secrecy - video
Video (4min 30sec), 31 Jan 2011: The Guardian's Alan Rusbridger, David Leigh and Luke Harding on the book that charts Julian Assange and WikiLeaks' transformation from rebel hackers to global celebrities 
No comments:
Post a Comment