Moderators: Elvis, DrVolin, Jeff
by Nordic » Tue May 31, 2011 2:12 pm
8bitagent wrote:Hacking Can Now Be Considered An Act Of War
http://www.msnbc.msn.com/id/43224451/ns ... -security/'If you shut down our power grid, maybe we will put a missile down one of your smokestacks,' unnamed official says
by 8bitagent » Tue May 31, 2011 9:51 pm
Nordic wrote:8bitagent wrote:Hacking Can Now Be Considered An Act Of War
http://www.msnbc.msn.com/id/43224451/ns ... -security/'If you shut down our power grid, maybe we will put a missile down one of your smokestacks,' unnamed official says
Gee, it's getting easier and easier to stage false flag attacks, no?
THE LIGHTS JUST WENT OUT! LET'S BOMB 'EM NOW!
by 8bitagent » Thu Jun 02, 2011 4:31 pm
by brekin » Thu Jun 02, 2011 5:29 pm
by Plutonia » Fri Jun 03, 2011 9:16 pm
The Lulz Boat
@LulzSec
Fuck it, surprise! http://pastebin.com/MQG0a130 #FuckFBIFriday
20 minutes ago via web
LulzSec versus FBI (we challenge you, NATO!)
Donate BitCoins for more lulz: 176LRX4WRWD5LWDMbhr94ptb2MW9varCZP
## DOWNLOAD LINKS LOCATED AT THE BOTTOM ##
[I left those links at pastebin]
. /$$ /$$ /$$$$$$
.| $$ | $$ /$$__ $$
.| $$ /$$ /$$| $$ /$$$$$$$$| $$ \__/ /$$$$$$ /$$$$$$$
.| $$ | $$ | $$| $$|____ /$$/| $$$$$$ /$$__ $$ /$$_____/
.| $$ | $$ | $$| $$ /$$$$/ \____ $$| $$$$$$$$| $$
.| $$ | $$ | $$| $$ /$$__/ /$$ \ $$| $$_____/| $$
.| $$$$$$$$| $$$$$$/| $$ /$$$$$$$$| $$$$$$/| $$$$$$$| $$$$$$.$
.|________/ \______/ |__/|________/ \______/ \_______/ \_______/
//Laughing at your security since 2011!
.-- .-""-.
. ) ( )
. ( ) (
. / )
. (_ _) 0_,-.__
. (_ )_ |_.-._/
. ( ) |lulz..\
. (__) |__--_/
. |'' ``\ |
. | [Lulz] \ | /b/
. | \ ,,,---===?A`\ | ,==y'
. ___,,,,,---==""\ |M] \ | ;|\ |>
. _ _ \ ___,|H,,---==""""bno,
. o O (_) (_) \ / _ AWAW/
. / _(+)_ dMM/
. \@_,,,,,,---==" \ \\|// MW/
.--''''" === d/
. // SET SAIL FOR FAIL!
. ,'_________________________
. \ \ \ \ ,/~~~~~~~~~~~~~~~~~~~~~~~~~~~
. _____ ,' ~~~ .-""-.~~~~~~ .-""-.
. .-""-. ///==--- /`-._ ..-' -.__..-'
. `-.__..-' =====\\\\\\ V/ .---\.
. ~~~~~~~~~~~~, _',--/_.\ .-""-.
. .-""-.___` -- \| -.__..-
Dear Internets,
It has come to our unfortunate attention that NATO and our good friend Barrack
Osama-Llama 24th-century Obama have recently upped the stakes with regard to hacking.
They now treat hacking as an act of war. So, we just hacked an FBI affiliated website
(Infragard, specifically the Atlanta chapter) and leaked its user base. We also took
complete control over the site and defaced it, check it out if it's still up: http://infragardatlanta.org/
While not very many logins (around 180), we'd like to take the time to point out that all
of them are affiliated with the FBI in some way. Most of them reuse their passwords in other places,
which is heavily frowned upon in the FBI/Infragard handbook and generally everywhere else too.
One of them, Karim Hijazi, used his Infragard password for his personal gmail, and the gmail of
the company he owns. "Unveillance", a whitehat company that specializes in data breaches and botnets,
was compromised because of Karim's incompetence. We stole all of his personal emails and his company
emails. We also briefly took over, among other things, their servers and their botnet control panel.
After doing so, we contacted Karim and told him what we did. After a few discussions, he offered to
pay us to eliminate his competitors through illegal hacking means in return for our silence. Karim,
a member of an FBI-related website, was willing to give us money and inside info in order to destroy
his opponents in the whitehat world. We even discussed plans for him to give us insider botnet information.
Naturally we were just stringing him along to further expose the corruption of whitehats.
Please find enclosed Karim's full contact details and a log of him talking to us through IRC.
Also, enjoy 924 of his internal company emails - we have his personal gmail too, unreleased.
We call upon journalists and other writers to delve through the emails carefully, as we have
uncovered an operation orchestrated by Unveillance and others to control and assess Libyan
cyberspace through malicious means: the U.S. government is funding the CSFI to attack Libya's
cyber infrastructure. You will find the emails of all 23 people involved in the emails.
Unveillance was also involved in a scheme where they paid an Indian registrar $2000 to
receive 100 domains a month that may be deemed as botnet C&Cs. Shameful ploys by supposed "whitehats".
We accept your threats, NATO. Game on, losers.
Now we are all sons of bitches,
Lulz Security
## YOU HAVE SKIPPED OR READ THE PRETENTIOUS BORING MESSAGE AND ARE NOW ACQUIRING LULZ ##
http://pastebin.com/MQG0a130
by justdrew » Sat Jun 04, 2011 12:46 am
by 82_28 » Sat Jun 04, 2011 1:29 am
"The short answer is our side is losing," says Thomas Parenty, a computer security specialist and former employee at the U.S. National Security Agency. "Defense is much more difficult than offense (against cyber attack); to defend against attack, you need to block all ways in; in offense, you only need one way in."
by Plutonia » Sat Jun 04, 2011 2:52 pm
####[CRIMINALS OF LULZSEC]####
After being invited to the lulzsec private channel after social engineering parr0t
I was able to learn a few interesting things about their group! Alot them have
previous cyber crime and are involved in some heavy shit!
jux = me
I BELIEVE THEY ARE BEING ENCOURAGED OR HIRED BY CIA
Here are the members of lulzsec:
[MEMBERS]
Adrian Lamo [USA]
Adrian Lamo adrian@2600.com
LulzSec LLC
108 WEST 13TH STREET
Wilmington, Delaware 19801-1145
US
+1.8889201981
Owns the domain for lulzsec.com has previous cyber crime
parr0t [Pakistan]
Age 27
HAS REAL LIFE SERVANTS IN HOUSE
makes hints at having sold guns in local town
is suspicious of me now
Whirlpool [NETHERLANDS]
Age ???
5'9
parr0t referred to him as "Dan"
works in media on another name, possibly Guardian
makes inside hints at Guardian knowledge
paid Topiary from Anonymous $7500+ for ? reason
<parr0t> did he enjoy pay?
<Whirlpool> definitely; it's a lot of money
<jux> who? what?
<Whirlpool> Topiary
<parr0t> 5000 wow
<Whirlpool> 7500, he wanted more
<Whirlpool> couldn't exactly say no
<parr0t> LOL
<jux> USD?
<Whirlpool> yep
<jux> what for?
<Whirlpool> private
<jux> lol k
bottle_of_rum [???????]
Stephen
Age 25
possibly European, France
involved in Libya protester attacks
POSSIBLY CIA
<Whirlpool> you tired?
<bottle_of_rum> yeah
<bottle_of_rum> it just turned wednesday
<jux> get some sleep
^^^ posted at Midnight GMT +1
RELEASING FULL LOGS OF THEIR CHANNEL WHEN I FIND OUT ABOUT A FEW FACTS
[IRC SERVER]
SITE = lulzsec.com
they fucked up with the whois so registered lulzsecurity.com instead
IRC SERVER = irc.2600.net
IRC CHANNEL = #lulzsec
SECRET CHANNEL = #LIFG
[WHOIS INFORMATION]
Domain Name: lulzsec.com
Registrant Contact:
Adrian Lamo adrian@2600.com
LulzSec LLC
108 WEST 13TH STREET
Wilmington, Delaware 19801-1145
US
+1.8889201981
Administrative Contact:
Adrian Lamo adrian@2600.com
LulzSec LLC
108 WEST 13TH STREET
Wilmington, Delaware 19801-1145
US
+1.8889201981
Technical Contact:
Adrian Lamo adrian@2600.com
LulzSec LLC
108 WEST 13TH STREET
Wilmington, Delaware 19801-1145
US
+1.8889201981
Billing Contact:
Adrian Lamo adrian@2600.com
LulzSec LLC
108 WEST 13TH STREET
Wilmington, Delaware 19801-1145
US
+1.8889201981
Record created on 2011-05-30 01:14:44.
Record expires on 2012-05-30 01:14:44.
Domain servers in listed order:
ns1.afraid.org
ns2.afraid.org
ns3.afraid.org
ns4.afraid.org
After a well-publicized pursuit, the FBI arrested Mitnick on February 15, 1995, at his apartment in Raleigh, North Carolina, on federal offenses related to a 2½-year period of computer hacking.[9]
In 1999, Mitnick confessed to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication, as part of a plea agreement before the United States District Court for the Central District of California in Los Angeles. He was sentenced to 46 months in prison plus 22 months for violating the terms of his 1989 supervised release sentence for computer fraud. He admitted to violating the terms of supervised release by hacking into PacBell voicemail and other systems and to associating with known computer hackers, in this case co-defendant Louis De Payne.
Mitnick served five years in prison — four and a half years pre-trial and eight months in solitary confinement — because, according to Mitnick, law enforcement officials convinced a judge that he had the ability to "start a nuclear war by whistling into a pay phone".[10] He was released on January 21, 2000. During his supervised release, which ended on January 21, 2003, he was initially forbidden to use any communications technology other than a landline telephone. Mitnick fought this decision in court, eventually winning a ruling in his favor, allowing him to access the Internet.
Under the plea deal, Mitnick was also prohibited from profiting from films or books based on his criminal activity for seven years.
Mitnick now runs Mitnick Security Consulting LLC, a computer security consultancy.
http://en.wikipedia.org/wiki/Kevin_Mitnick
Who is to blame for the success of the latest round of attacks?
Category: Social Engineering / Tag: Attacks, Scam, Social, stupid / Add Comment
So I’m sure most of you who are active in the security community are fully aware of the events that occurred. For those of you who aren’t, and consider yourself a security professional, well I’m not sure you should be reading this as you might find it offensive.
Let me start off by saying I do not condone the cyber terrorism, hacktivism, cyber warfare or whatever the key buzzwords are these days for anyone that causes any type of damage. However, unlike ISC2 I do condone security research of all kinds as long as it is performed within a contained environment. If it wasn’t for hackers, tinkerers what have you we wouldn’t have any on the cool technology we have today.
Now that I have gotten the basic disclaimers out of the way, I want to point you out to something very interesting that LulzSec had inadvertently pointed me to. Karim Hijazi who may or may not be real, but he does associate himself with Infragard. He allegedly approached LulzSec to “hack” his competitors. I haven’t been able to validate that so I will leave it at that however, if he was able to pull a fast one on the “Security Leaders” of today, then we might be in for an even ruder awakening.
All of the recent media attention, I hope has raised awareness to why security is required, but if you don’t know what your doing then these boutique consulting firms are going to exploit those weaknesses and get you to buy whatever shit they are peddling.
As I am writing this, Karim has updated his site with a press release on how lulzsec is blackmailing him and blah blah blah, I don’t care either way, it doesn’t matter. Think outside as a real security professional, only people who think outside the box will see the potential con here…
Ok paper guys, I’m tired I’ll give you a hint, and please don’t quote me on this as fact as it’s only an educated guess.
* Hackers use social engineering techniques such as pretexting to build “security” companies, which sell what appears to be to the casual IT/ITSec leader a market leader using buzzwords
* They initiate huge attacks that scare the shit out their potential client base
* Sales Made, product doesn’t do shit, but who cares? Company isn’t legit and you damn well know if you just asked for X dollars to bring in the latest and greatest only to find out it doesn’t do anything, you are not telling anyone. That project will just stale out and go away. Hell the attacks stopped all good till next time.
I’d be willing to put money on the fact that Unveillance and his other projects were pretexts to the long con.
Here is what I have been able to validate. Unveillance.com popped up out of nowhere with a elegantly designed website claiming to provide “Real Time Actionable Intelligence”. Sounds Great doesn’t it? Well, you security guys that don’t get security might be able to translate this for me, as I don’t get it.
“Unveillance has developed the first zero false-positive approach at analyzing the malware infection and botnet participation status of organizational networks. Unveillance is able to develop this intelligence completely passively without the use of any hardware or locally installed software.
Focusing on the indisputable proof of data egressing a corporate or governmental network, Unveillance is able to produce critical actionable intelligence on the exact moment the data exited the private network to the command & control server, the port, the protocol, the type of infection that facilitated the theft and in special cases* the content of the payload.
Combining multiple parameters that include the size of a given network, the scope and scale of the infection, the severity of the threats and the entity’s score in relation to the rest of the world, Unveillance has developed the industries first Data Leak Intelligence (DLI) score. This score is used for a variety of purposes including security and compliance validation, sector trending, investor assurance and remediation confirmation.”
*Reserved for law enforcement and/or governmental use.
Put away your checkbooks guys, save them for you’re CISSP renewal fees. They have developed the first zero false-positive approach at analyzing an infection without looking at any data. “Indisputable Proof” of data leaving your network. “When malicious traffic exits your network and beacons to one of our sinkholes, we pick it up and notify you in real time”. Sounds Magical.
Where do you I sign up for this magical service???? Well Timmy, here is some information on this magical service, which is no doubt provided by Aliens.
http://www.unveillance.com/solution/engaging-us/
Just make sure to provide Your Name, IP Address, and Phone number for authentication purposes, and don’t forget your CIDR Ranges.
Are we having fun yet??? No, ok lets go have some more. Unveillance.com was registered on July 21stth 2010 by??? No Guesses? Ok paper guys, WHOIS is a service that you should learn.
Administrative, Technical Contact:
Hijazi, Karim Unveillance
2711 Centerville Road Suite 400
Wilmington, DE 19808 US
800-540-8478
Anyone want to take a guess what lives at that address? Come on you can do it, I know you can use Google right? The Company Corporation 2711 Centerville Road, Suite 400 Wilmington, DE 19808 Ph: (302)636-5440
This is the address for the Company Corporation, which for $50 bucks acts as your corporate charter. Wait it get’s better… We have this magical company with alien capabilities and no physical address. I got my checkbook ready, you too? But wait, being a diligent security professional I’d like to get some more information on this obviously brilliant individual who is the President of Unveillance and apparently the president of another “Security” firm called Demiurge Consulting according to his Linkedin Profile[i].
Karim Hijazi is a “Security & Intelligence Consultant” who is currently the President of Demiurge Consulting, which I’ll talk about in a minute. As of this moment, there is no mention of Unveillance in his profile. However, let’s take a further look at Unveillance.
They have a D&B# 966829553 must be legit huh? So someone is already on their way to establishing a credit score for this phenomenal product. $230 dollars is all you need to establish legitimacy.
Next up, LinkedIn Company profile is a must for that legitimate feeling. Well, obviously Unveillance has that. Wonderful, they have 2 new hires and a total of 2 employees[ii]. Chief Scientist Matt T and Director of Threat Analysis Meaghan M. These 2 individuals had both come from a company called DefenceIntelligence. While I haven’t done much research, the site [iii] I can tell you according to the Wayback machine [iv] the site hasn’t been updated in over a year. The Twitter account however just popped up after over a year of inactivity[v]. I’m not going to make a determination on if these individuals are involved or not.
At this point I’d be kicking him out of my office, but your not convinced. I get it you spent your money, took a whole week worth of boot camps to become the hard core security professional you are. You think this thing is better than sliced bread, and you’re so scared of becoming Sony that you’ll spend your whole security budget on the next “Big” Thing. And he does a fancy web site. Ok, You need to buy his product and stop reading right now.
I mean it go away. The rest of this stuff might be over your head, as it requires using a web browser, a search engine and some common sense. $500 dollars only gets you 5 characters, not common sense.
Ok so Mr Hijazi is the founder of a company called Demiurge Consulting LLC and has worked there from 2001. Interesting, So needless to say http://www.demiurgeconsulting.com is not a production site anymore, but I did find something very interesting. A company called FoxLogic Productions, who owns the domain had updated the DNS record less than a month ago [vi]
Hmm… Could it be a fluke? Well. Karim home address (The one he uses, not where he get’s pizza according to Lulz) and Foxlogic are on the same street. Woah, What’s going on? Coincidence. Hmm. Karims Address
So what else do we know about Demiurge? Well, we know Mr. Hijazi got himself published in SC magazine “Now, physical security is controlled in a lot of capacities by IT,” says Karim Hijazi, founder andCTO of cybersecurity services firm Demiurge Consulting.” [vii], can’t find the original article thought. Ok Demiurge is starting to look like it might be a respectable firm.
Wait, What’s this? From December 24, 2009 – February 23rd 2010 Demiurge Consulting was replicating none other than the blog of our very own Bruce Schneier [viii]. Oooh ahh, you want street cred as a security guy, pretending to be Bruce will definitely get you some. Wait, hold on. Demiurge Consulting does firearms training?? [ix] Where do I sign up??? Needless to say the site is no longer there, and we can thank Google Cache for the information. Look at the Partner Links.. Anyone look Familiar? I’m pretty sure that Demiurge was yet another fake, but let’s take a look at one more thing. Look what was just updated. “Updated 3/10/2011 – This profile of Demiurge Consulting, LLC was created using data from Dun & Bradstreet and Florida Department of State”
Not satisfied yet that this guys in for the long con????
I won’t go any further, but there are other references to companies on his linkedin, which seem to be just as shady. I could of saved a couple of hours researching, if I had gone through the comments on Bruce’s Blog, but I’m not the brightest of the bunch at 4am.
I have hopefully demonstrated what a few hours worth of googling can uncover. So please explain to me how Karim here was able to join an organization which was set up by law enforcement to enable knowledge transfer between public and private sectors?
In 1999 I had attended the NYC Infragard meeting at which Marcus Ranum presented and I was very interested in the mission of the group. The agent who had started the presentations had gone through what the typical “hacker” profile is and of course I was the only guy in the room under 25. My boss threw me under the bus to get a laugh, little he did know.
I was just amazed at the charter of the group and the overall goals. Thought it would be awesome to be a part of that. That group would not of let Karim here join. If this guy can pull one off on a group consisting of Law enforcement and supposed security leaders, then where do you think you stand?
The question I have left somewhat unanswered is easy. Who is to blame? We are, well some of us. The Security professionals who don’t give a shit enough about safeguarding your clients and/or employers and the professionals who don’t know enough to do shit.
I’m glad to say that the latter far outnumbers the first. Security Professionals are not like most IT guys. We don’t do 9-5, we live and breathe this stuff. We might sometimes pull the whole ego thing, but we have to slow down to explain things to you sometimes. I have talked to some amazing individuals over the last couple of weeks, and I have to say that I feel dumb when I speak to them. I’m done with the elitist view, let me leave you with this last thought. ISC2 will not teach you to think like a security person. You want to be a security person, forget the boot camp. Take every book on their reading list, lock yourself in a room for 3 months and then you will have a much stronger foundation to build on then a boot camp. In the last couple weeks, I have been on and off trolling their forum and came upon the “recommended reading list”.
I’d give them more credit if passing the test required the reading. I have read every single one of those books in the last 14 years or so.
[i] http://www.linkedin.com/in/karimhijazi
[ii] http://www.linkedin.com/company/unveill ... k=fc_badge
[iii] http://www.defintel.com/
[iv] http://wayback.archive.org/web/20090601 ... intel.com/
[v] http://twitter.com/#!/defintel
[vi] http://whois.domaintools.com/demiurgeconsulting.com
[vii] http://www.thefreelibrary.com/An+urge+t ... nd+access+…-a01612020889
[viii] http://www.schneier.com/blog/archives/2 ... se_de.html
[ix] http://webcache.googleusercontent.com/s ... google.com
http://jadedsecurity.net/2011/06/04/who ... f-attacks/
by Plutonia » Fri Jun 10, 2011 5:11 pm
Twenty reasons why it’s kicking off in cyberspace
Posted on June 7, 2011 by deterritorialsupportgroup
https://deterritorialsupportgroup.wordp ... yberspace/
[lots of great links at original ^^^]
In February the Newsnight economics editor Paul Mason very succinctly laid out the radically different nature of recent popular uprisings across North Africa, the Middle East and Europe compared to earlier political movements, and the economic and sociological reasons behind it. This incisive blogpost rang true for many of those involved in those social movements, articulating, as it did, a new sentiment and new political priorities amongst those populations. The short article sketched out a more cohesive image which the media in general was missing, partly through structural failings, but largely because events were unfolding at speed and trying to drag the chaotic events into an understandable analysis was difficult.
Running alongside the (still unfolding) Arab Spring, informing and shaping and being shaped in turn by those events, was a developing online conflict with major similarities; young, optimistic graduates who saw societies in more generalised terms of “power”, highly networked, informal and decentralised decision making processes and a deep cynicism and mistrust of traditional power elites and political ideologies. In the last month especially we’ve seen a series of events and developments that are changing the game of cyber-war (and cyber-class-war).
So what’s going on in cyberspace? What we’re seeing is a significant escalation in serious geo-political combat, and the mainstream press has failed in it’s coverage so far. Perhaps years of rehashing press releases have left many hacks without the critical journalistic capabilities to monitor, study, explain and contextualise the recent events of the cyber-war, leaving the majority of the populace completely in the dark as to what’s happening, and how governments and (unelected) transnational organisations are investing significant resources in an attempt to limit online freedoms.
Make no mistake- this is not a minor struggle between state nerds and rogue geeks- this is the battlefield of the 21st Century, with the terms and conditions of war being configured before our very eyes. Given the significant economic disruption online activism and hacking can cause, and the power online tools have to agitate, plan and execute IRL activism, the current increase in tensions between hackers and the capital/state partnership is every bit as significant as the continuing developments of the Arab Spring, with which the online activist movements are inextricably linked. Below we have laid out a brief overview of recent events. This list is necessarily partial, given the complexity, history and depth of the situation, and we are by no means experts in the field; we would recommend people use it as a jumping off point to help get more educated (we have heavily hyperlinked the text FYI). Get googling.
1. At the heart of it is a newly politicised generation of hackers who have moved from a lulz-based psychic-economy to an engaged, socially-aware and politically active attitude towards world events, primarily as a reaction to the way governments and multinationals dealt with the fallout of Wikileaks. The “politicisation of 4chan” and the birth of Anonymous have set the stage for a practice of socially-engaged hacktivism of a form and scale we’ve not seen before.
2. This new “political hacktivist” class are digital natives and have become evangelised by passing through the immoral free-for-all of 4chan, to the development of a political critique and political programme through Anonymous.
“ this is the digital natives striking back here
people that live, eat, breathe and sleep on the internet”
(quoting from the lulzsec irc channel yesterday)
Digital natives are radicalised primarily by the threat to their internet freedom, with the continued shift in policy by global governments against the assumed freedoms of the net (laid out in the past). A natural by-product will be the continued radicalism of youth online.
3. Much like the IRL uprisings in Africa, Middle East and Europe, there’s a generational aspect to the way this conflict is playing out– although, like those uprisings, this is as much a symptom as a cause. A generation bought up on MTV, fed an endless stream of sophisticated advertising, naturally trained in memetic exchange, are going to know how to fight an infowar much more instinctively, and hence at greater speed and adaptability. An IRL manifestation being the role of the “citizen journalist” in the age of old media’s death rattle.
4. For net natives, there’s a definite sense of an international, borderless identity, whereby on a day-to-day level national borders hold less and less meaning. If your interactions with a fellow computer users are the same whether they live in London, Texas or Cairo, the narratives of national difference start to break down. Instead, they define according to their roles and activities online, and their values and political beliefs: a new, international class of immateriality, with all the repercussions of online solidarity that holds.
5. This erosion of borders has manifested itself strongly in the way newly radicalised hacktivists related to the unfolding events of the Arab Spring. As Paul Mason points out in his blogpost “People have a better understanding of power. The activists have read their Chomsky and their Hardt-Negri, but the ideas therein have become mimetic: young people believe the issues are no longer class and economics but simply power.” This highly problematic retreat from a fundamentally economic analysis has, despite it’s problems, enabled a casual ease with which the issue of international solidarity is approached.
6. There is a growing understanding of the infrastructure and fabric of the internet as a whole by a younger generation that grew up believing that decentralised infrastructure / free speech and the free sovereignity of the net was a given. That pioneer generation is now finding out that those ideals were only utopian notions afforded to them as result of governments slow ability to act and control the flow of data. As an (admittedly simplistic) example, whole organising infrastructures of UK activist and student groups were shut down wholesale during the recent purge of facebook groups.
7. There is an intensity of feedback that fuels the fire. Realtime results can be measured by everyone on the global stage, leading to a fueling of the ego of a close-knit group of hackers who are dropping the share price of a multi-billion pound corporation like Sony because it dared to assault the hacker ethic, one hack at a time.
This is sometimes matched by morale-boosting donations, such as with LulzSec, who yesterday received upwards of $7000 in bitcoins.
Not since the etoy.com saga of 1990s has the ability existed for real time participation in the dropping of a corporations share price been so readily available.
8. We are seeing the splintering of “hackers group” Anonymous into multiple manifestations that display a more comprehensive understanding of hacking techniques (although in many cases exploiting relatively low level techniques such as SQL injections; we’re certainly yet to see the use of computer science III).
These emergent groups are able to carry out sustained and targeted attacks under a rebrand of sorts, a multiplicity of approach that cannot be assigned entirely to the collective identity of Anonymous. This often allows group to act without the need to deal with moralfaggotry.
9. Anonymous is breaking apart but only in the sense that the media’s depiction of a grand narrative for the “hacking movement” ever held any truth. Anonymous as a group has always been inherently pluralistic with a healthy but constant wave of fail raids.
What creates this logical divergence from a single hive mind is the shift from a necessity for op in botnet assemblies, facilitated through the use of LOIC (Low Orbit Ion Cannon), with the DDoS now relegated to just another tool in a growing arsenal of a disparate emergent hackers movement.
10. The continued evolution of Operation Payback demonstrates both the power of this hacktivism, and how underdeveloped defence systems are. Op Payback was launched back in September 2010 as a reaction to the hiring of Aiplex Software by Bollywood movie rights holders, for the purpose of DDoSin’ The Pirate Bay for copyright infringment. During the first wave of attacks a large number of anons originating from 4chan targeted RIAA,
MPAA and ACS:LAW in a revenge attack in defence of internet sovereignty.
The operation evolved into a targeted attack on a series of laws firms who had targeted file sharers with legal threats. ACS:LAW was the worst hit when their database was leaked online leading to the demise of the company.
These attacks continued, targeting, amongst others, Sarah Palin and Gene Simmons.
With the advent of the Wikileaks Cablegate saga we saw an escalation of Op Payback, in defence of the organisation with the creation of hundreds of mirrors for the site, the alternative dissemination of leaks and the attack on those that had withdrawn services to the organisation as a result of state pressure.
The operation has again shifted gears with it now focusing on the PROTECT IP Bill.
11. Beyond Anonymous and hacktivism there exists a greater threat, and despite the reaction of Anonymous to the rhetoric of the Pentagon, much of the new mantra being espoused by governments globally relates to the first age of real cyber warfare. With entire parts of infrastructure now plugged into the network, there exists a real threat and possibility for hacker/cyberattack based offensives across borders. We saw this during the South Ossetia War in 2008, when Georgia suffered extensive damage from cyberattack, or in the ongoing standoff between Iran and the US/Israel, where the US/Israel succeeded in feeding Stuxnet, a worm, into the Iranian nuclear programme infrastructure.
12. Governments are responding with a conscious and concerted effort to reframe cyber activity and activism as criminality against state and capital, which, no doubt, will soon be upgraded to a form of terrorism. This bears analogies to similar reframing of narratives around workers movements throughout the 19th and 20th Century, not least the “strategy of tension” in Italy in the 1970s.
The eG8 summit, held at the end of May, was part of this restructuring of the official relationship between State and Net. Nicholas Sarkozy spoke to attendees (including Mark Zuckerberg) on the cultural repercussions of Facebook et al, but his speech betrayed a more pointed message for those who seek IRL change through virtual means, as reported on IPtegrity-
“The Internet is ‘not a parallel universe stripped of morals and all of
the fundamental principles which govern society in democratic countries’, he said.
…
‘Don’t let the technology that you have forged…the revolution that have started [sic] … carry along the bad things without any brakes, don’t let it become an instrument in the hands of thow [sic] who would attack our security and therefore our liberty and our integrity.’
13. The Pentagon have declared cyberterrorism and cyberattacks as a conventional attack of war, with the right for reprisals.
14. NATO have also begun to redefine the parameters of war in relation to cyber attacks and acts of “cyberterrorism”, declaring conventional retalliation to acts of “cyberwarfare” to be legitimate. The Information and National Security subsection of the NATO Spring Report this year is focused very specifically on Cablegate and Anonymous as known identities. This is the first time a NATO report has cited the existence of Anonymous.
“Observers note that Anonymous is becoming more and more sophisticated and could potentially hack into sensitive government, military, and corporate files.”
In the same paragraph it is suggested that “It remains to be seen how much time Anonymous has for pursuing such paths. The longer these attacks persist the more likely countermeasures will be developed, implemented, the groups will be infiltrated and perpetrators persecuted.”
15. Anonymous reacted directly to the Spring Report and “declared war on NATO”. Perhaps you may think this is the idle threat of basement dwellers, but NATO certainly don’t. Things are changing at unprecedented speed in the infowar.
16. Anonymous have started to engage in more active outreach programmes, such as bootcamp training. This is of particular importance for the generation that grew up online or politicised through anonymous and 4chan, many who were drawn to the “movement” with more radical inclinations and have had the time now to develop a deeper understanding of hacking tools etc… or at very least become adept skiddys.
Much of this is basic advice for how to look after yourself online, a form of practical mutual aid analogous to the protest handbooks distributed by Anonymous during the North African uprisings; rather than advice on how to build a shield to protect yourself against watercannon, these “bootcamps” feature advice on how to use proxies and encrypt data, for example.
17. Governments worldwide are now entering a race to mass-recruit cyberwarriors in order to bolster cyberdefense, with UK security services launching the “Cyber Security Challenge” as an attempt to create an army of white hats.
18. Lulzsec is the fastest growing and most prolific hacking group the internet has seen in recent years, having single-handedly declared war by attacking an FBI affiliated website Infragard.
Yesterday Lulzsec’s twitter account jumped from hundreds to 75,000 followers. Lulzsec is fundamentally representative of the evolution loosely drawn out in previous points. They appear to descend if only in lulzy rhetoric from the likes of Goatse Security, the GNAA and Gnosis.
19. Despite the enormous presumed weighting in favour of the authorities, hackers still hold primacy, and that’s what gives the situation such political potency. When the white hat security firm HBGary Federal attempted to create an expose of the true face of Anonymous they were swiftly shut down by a sustained assault by anonymous that clearly demonstrated their abilities, illustrating the inherent security flaws created by human complacency.
20.Hackers are upping their game to match the rhetoric used against them; indeed, in the past few years security breaches have shown the potential weaknesses in systems that could, in future, be exploited as part of war. Today, however, hackers are, essentially, exploiting those breaches. When a group makes a “significant and tenacious” attack on a lynchpin of the military-industrial complex like Lockheed Martin, talks of “potential” cyberwar become a thing of the past. We have arrived, we are deep within the first cyberwar.
As a hacker wrote last Saturday, “We all know that cyberspace has come to an intense moment of confrontation; it will become more and more difficult to focus on the very reasons of the conflict opening, as the fog of war is rising.” We are no experts in the field, but given the increased tempo and ever thicker “fog of war” we felt these events and organisations need wider discussion. Developing a general public understanding of these issues is vital if we are to prevent governments manipulating our understanding of events in order to suppress the sovereignty of the internet.The hacker cause, if such a thing can be pinned down, must surely be opening up the free flow of all information as widely as possible.
The mainstream media are proving incapable or unwilling to contextualise, to bring light to complicated, discreet and hidden worlds and languages; whilst they dither on the Assange personality cult, and whether it’s possible to be both a liberal messiah and a rapist simultaneously, governments are writing the script for the next decade of online repression. Equally, those currently engaged in online skirmishes should at least heed examples from the past.
We must educate ourselves, but beyond this we must engage practically in the application of the tools we currently have. As the events unfolding begin to accelerate at a pace not unlike the Arab Spring, we should look to the technologies and networks that are being developed such as diaspora, a p2p DNS, flattr and bitcoin. There is a necessity now to understand the implication of such projects and the pursuit of their pragmatic ideals, so that we can begin to push the current trajectory of the net away from ever-increasing control and surveillance and towards a liberatory project of free information exchange.
Knowledge is free.
We are Legion. We do not forgive. We do not forget. Expect us.
DSG: Ebaumsworld Division
'Anonymous' Warns NATO: 'This Is No Longer Your World'
By Graeme McMillan on June 10, 2011
Related Tags: Anonymous, NATO, Worrying Start To A Bad Movie[Lol]
Tweet
NATO has poked the bear of the internet (which responded by announcing that it's actually a hydra).
Anthropomorphic confusion aside, a NATO security report about "Anonymous"—the mysterious "hacktivist" group responsible for attacks on MasterCard, Visa, PayPal, Amazon and, most recently, Sony—has led the underground group to respond by cautioning NATO, "This is no longer your world. It is our world - the people's world."
cont
http://techland.time.com/2011/06/10/ano ... z1Ou9byGhE
by JackRiddler » Fri Jun 10, 2011 6:11 pm
by 82_28 » Fri Jun 10, 2011 7:11 pm
)by JackRiddler » Fri Jun 10, 2011 7:46 pm
82_28 wrote:I once had a theory, and it still resonates in my mind, that even if all the car companies went out of business (back in the day) that the government would still HAVE TO air auto ads for cars that don't exist -- emulated ads in order to keep up appearances. I mean how many people go out and buy a car after seeing an ad on TV at half-time? Those ads could quite possibly be there to reinforce something other than what they are "selling". The ads for automobiles going back are very weird and always have been. (Gee, thanks Hugh!
by Joe Hillshoist » Fri Jun 10, 2011 11:12 pm
The car ads are an often explicit and sometimes creative example, as when an SUV tramples a pristine landscape into dust and clouds, or when the traffic is shown as hell on earth -- but the favored brand magically runs on a different, empty highway, above the city. Suddenly what was horrific in Koyaanisqatsi is just a commercial for a Honda.
by semper occultus » Sun Jun 12, 2011 3:12 pm
82_28 wrote:I once had a theory, and it still resonates in my mind, that even if all the car companies went out of business (back in the day) that the government would still HAVE TO air auto ads for cars that don't exist
Inside Anonymous: the "hacktivists" in their own words
Members of the 'Anonymous' group tell Kevin Rawlinson about their hacking campaign
www.independent.co.uk
Thursday, 9 June 2011
Anonymous members keep their identities well hidden
Their cyber attacks on governments and corporations have seen the loose collective of hackers known only as “Anonymous” pass from obscurity to becoming the byword for online guerrilla warfare. Nevertheless, the group has remained an enigma.
Today though, in a series of interviews, Anonymous members speak out, promising to step up their campaign of attacks and revealing that they have hacked Whitehall websites. They speak of ambitions on the part of some of their number to hack British police servers and also of fears for their own futures, because of the widespread infiltration of cyber hackers by security services.
Anonymous has already hit the likes of MasterCard and Paypal but its list of possible targets is huge, members say. One promises future hacks that are “large and impressive”. Another said members had been discussing how to breach the UK’s Police National Computer (PNC), which contains details of crimes, to “delete a few user records”.
He said there are users of the site’s chatrooms currently doing “a lot of research on this, seeing if there are any possibilities”. But, because the PNC is “not connected to the internet, as such”, he described talk of an attack as “just a joke” for the time being.
The member, who helps run one of the group’s websites, added that – because of Anonymous’ “leaderless structure” – which target will be next is entirely “up to the users”.
Pointing out that not all hacks are malicious, one lone hacker with links to Anonymous – known online as “Pr0f” – said that he had broken into the Department for Transport’s (DfT’s) servers: “I got access to an English .gov server, but I left it untouched and stole no data. I managed to gain access to the databases on the server, which included a list of users and administrators, with emails, usernames, hashed passwords, and names and addresses and so on.”
Those details belonged to several hundred DfT staff and members of the public, he said. “I had no issue with them. It was really just because I noticed a potential vulnerability and decided to see if it was exploitable.” The hacker left a message with the department and that particular security loop has since been closed.
“[Hacking is] a little bit of showing off and embarrassment,” said Pr0f. He recently claimed to have carried out an attack on the sites of the governments of Dubai and Iran and said that, for the most part, his intention is to draw attention to his targets’ lack of security.
“With attacks like Stuxnet and various other cyberwar-related events becoming more popular over the last few years, well, there are a lot of people who don’t care about avoiding harming people,” said Pr0f.
He added: “Because of the nature of [my] Dubai hack, I ensured that all of those passwords were no longer in use. I will go to lengths to ensure I don’t risk harm to anyone. I feel that full disclosure of names, addresses, and other personal details is usually totally unnecessary. Username:Password serves just as effectively.”
Pr0f is still unsure what his next target will be – or he is unwilling to say. “I will probably give Dubai a rest, let them lick their wounds,” he said, adding that there are “an awful lot of countries out there that rule their citizens in a totalitarian manner”.
In his experience, companies are “generally less secure” and, therefore, easier targets. “But I think there are quite a few governments in Africa and the Middle East that need a wake-up call,” he said.
Anonymous members are notoriously security conscious. Interviews are rare and personal details off-limits. Journalists are sometimes asked to verify their own identities before interviews are granted and members only ever speak under cover of a pseudonym, most agreeing only to be quoted as “Anonymous”.
The Obama administration warned late last month that the USA would consider hacking on the part of a foreign country “an act of war” and some hackers expressed concern for their own futures.
“I am very cautious. I would not like to be under [security agencies’] scrutiny,” said Pr0f. But he insisted he was not scared of being prosecuted because “while I have committed crimes, I feel that if I get caught, then that’s fair”, adding that he sees himself as a martyr to his cause.
Other members said they are “sure” that, because of its open nature, their network is infiltrated by police and security services.
One hacker, who was heavily involved in the attacks on the banks who blacklisted WikiLeaks in the wake of the diplomatic cables furore, admitted that he gets concerned “especially every time some group tries to dox me” (publish personal details online). He said: “It’s not that the dox are accurate, so much as getting that much attention isn’t conducive to staying out of the Government’s crosshairs.”
A colleague claimed he was raided by the FBI and had equipment confiscated. He said he would term many Anonymous members “innocents” because “they hear about us on the news and join to be part of it. Many take no action themselves but are here in support because they believe in the reasons why Anonymous does some of the things they do”.
Anonymous has always insisted – much to the confusion of media and public alike – that its membership is informal and those running the group’s sites are not always aware of the actions of members, who may be acting as individuals or as members of sub-groups. Membership can be anything from expressing support for the movement to hacking a large multinational organisation – or anything in between.
One member explained that people within the group choose which things interest them and join those operations only. “AnonOps (used for planning Anonymous operations) is run by a small group of operators. In that sense they ‘control’ things but far more control is exerted by the Channel operators in the different operations,” he said.
Individual members have their own methods and motivations for hacking. Some will simply bombard the target’s server with requests for information, stopping bona fide users accessing the site. Others choose to deface a site, while there are those who choose to release often highly sensitive data stolen from its databases.
Because of its notoriety, the group’s name has become synonymous with “hacktivism”. The first reaction of many on hearing of the attacks on PSN was to assume it was the work of Anonymous, a theory apparently given weight when a file said to have been planted by the group turned up on Sony’s servers. But there are myriad other groups, most notably Lulz Security, who claim to have carried out multiple attacks on Sony as well as on the PBS and Fox News websites.
Anonymous members have always been at pains to insist that the original Sony hack – the biggest ever online consumer data breach – was nothing to do with it. But the group admits that, because of the its informal structure, it cannot rule out the possibility that the hack was carried out by a member acting without the authority of the organisation.
Anonymous itself has faced accusations that it acts as ‘judge, jury and executioner’ in selecting targets which meet with its disapproval. But members rejected the notion, saying: “just because people have negative perceptions of us doesn’t mean our opinions are suddenly invalidated. If we feel something is wrong, we do what we can to fix it.”
by vanlose kid » Mon Jun 13, 2011 9:29 am
A Little More About [Diaspora] The Project
21 APRIL 2010 by maxwell
Diaspora aims to be a distributed network, where totally separate computers connect to each other directly, will let us connect without surrendering our privacy. We call these computers ‘seeds’. A seed is owned by you, hosted by you, or on a rented server. Once it has been set up, the seed will aggregate all of your information: your facebook profile, tweets, anything. We are designing an easily extendable plugin framework for Diaspora, so that whenever newfangled content gets invented, it will be automagically integrated into every seed.
Now that you have your information in your seed, it will connect to every service you used to have for you. For example, your seed will keep pulling tweets and you will still be able to see your Facebook newsfeed. In fact, Diaspora will make those services better! Upload an image to Flickr and your seed can automatically generate a tweet from the caption and link. Social networking will just get better when you have control over your data.
A seed will not just be all your existing networks put together, though. Decentralizing lets us reconstruct our “social graphs” so that they belong to us. Our real social lives do not have central managers, and our virtual lives do not need them. Friend another seed and the two of you can synchronize over a direct and secure connection instead of through a superfluous hub. Encryption (privacy nerds: we’re using GPG) will ensure that no matter what kind of content is being transferred, you can share privately. Eventually, today’s hubs could be almost entirely replaced by a decentralized network of truly personal websites.
Stay tuned for more updates on updates, and be sure to check out our Kickstarter!
http://blog.joindiaspora.com/2010/04/21 ... oject.html
Users browsing this forum: No registered users and 8 guests
Powered by phpBB® Forum Software © phpBB Group
Site design by Likely Arts based on "Deluxe" by Artodia.
