Anonops #6: Anonymous en de MO-revoluties

quote:

Infamous hacking group, Anonymous, began a series of attacks against Sony earlier today, bringing down several Sony sites and the PlayStation Network. However, a radical offshoot of the main group believe that the attacks aren’t enough, and are prepared to take the fight to a more severe level.

Initially claiming that they would seek revenge against Sony for their legal action against Geohot and other PS3 hackers, the group successfully DDoS’d PlayStation.com and the PlayStation Store under a group called OpSony. Now, a more more aggressive and darker group called SonyRecon have begun a series of more personal attacks.

quote:

http://anonnews.org/?p=press&a=item&i=787

Dear Greedy Motherfuckers SONY,

Congratulations! You are now receiving the attention of Anonymous. Your recent legal actions against fellow internet citizens, GeoHot and Graf_Chokolo have been deemed an unforgivable offense against free speech and internet freedom, primary sources of free lulz (and you know how we feel about lulz.)

You have abused the judicial system in an attempt to censor information about how your products work. You have victimized your own customers merely for possessing and sharing information, and continue to target those who seek this information. In doing so you have violated the privacy of thousands of innocent people who only sought the free distribution of information. Your suppression of this information is motivated by corporate greed and the desire for complete control over the actions of individuals who purchase and use your products, at least when those actions threaten to undermine the corrupt stranglehold you seek to maintain over copywrong, oops, "copyright".

Your corrupt business practices are indicative of a corporate philosophy that would deny consumers the right to use products they have paid for, and rightfully own, in the manner of their choosing. Perhaps you should alert your customers to the fact that they are apparently only renting your products? In light of this assault on both rights and free expression, Anonymous, the notoriously handsome rulers of the internet, would like to inform you that you have only been "renting" your web domains. Having trodden upon Anonymous' rights, you must now be trodden on.

If you disagree with the disciplinary actions against your private parts domains, then we trust you can also understand our motivations for these actions. You own your domains. You paid for them with your own money. Now Anonymous is attacking your private property because we disagree with your actions. And that seems, dare we say it, "wrong." Sound familiar?

Let Anonymous teach you a few important lessons that your mother forgot:
1. Don't do it to someone else if you don't want it to be done to you.
2. Information is free.
3. We own this. Forever.

As for the "judges" and complicit legal entities who have enabled these cowards: You are no better than SONY itself in our eyes and remain guilty of undermining the well-being of the populace and subverting your judicial mandate.


We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
Expect us.

quote:

http://www.engadget.com/2(...)te-flawless-victory/

Well, after all the talk of TROs, tweets, and YouTube user info, it seems that the SCEA vs. Geohot litigation has come to a rather uneventful conclusion. According to Sony's Playstation Blog, the case has been settled, and Hotz has agreed to a permanent injunction preventing him from distributing his PS3 jailbreak hack ever again. Of course, while this settlement has cowed the man who did the initial distribution deed, the jailbreak genie's out of the bottle, and no court order can ever put it back.

quote:

Anonymous plans DDoS attack against Colombia Ministry of Justice
The Internet hacktivist collective known as Anonymous has scheduled a DDoS attack against the Colombia Ministry of Justice for Monday. The planned cyber attack is in response to a proposed law opponents claim endangers freedom of information and personal privacy.

The so called "Lleras law," is a U.S. backed anti-piracy bill introduced by Colombia's Minister of Interior and Justice, German Vargas Lleras. If made law, the bill will make ISPs liable for online copyright infringement by their subscribers.

Opponents claim the bill is a draconian effort being rail-roaded through the Colombia legislature by big money media interests. Opponents worry the bill will force ISPs to censor Internet content, spy on users, and disconnect those accused of copyright infringement without a fair hearing or just cause.

quote:

Anonymous: Message to Sony WE RUN THIS….
GeoHot has taken a settlement with sony. The case has been dropped. In the eyes of the law, the case is closed, for anonymous it is just beginning.
by forcing social networking sites such as YouTube and Facebook to hand over IP addresses of those who have viewed GeoHot’s videos, they have performed an act of privacy invasion.
We, anonymous, will not allow this to happen.

The attacks on the websites of sony have been ceased, sony’s poor attemps to explain the system outages through maintenance amuse us. Therefore we are finding other ways to get sony’s attention.

This April 16th, grab your mask, a few friends, and get to a local sony store by you. Use the IRC and the official Facebook page to organize a protest in your area. Make sure the people know the injustices performed by this corrupt company.
Boycott all sony products and if you have recently purchased any, return them.

It is time to show large corporations and governments that the people, as a collective whole, can and will change injustice in society, and we will make a great example out of sony.

Sony. prepare for the biggest attack you have ever witnessed, anonymous style.

- Anonops.tk

* Our official website: http://www.Anonops.tk ( or http://www.Anonyops.com )
* IRC: http://irc.lc/Anonops/opsony
* Our Facebook: http://www.facebook.com/pages/Anonopstk/194085157274835
* Protests: http://www.facebook.com/event.php?eid=136813236391154

Anonymous_ Message to Sony WE RUN THIS....

quote:

Learning the Importance of WAF Technology – the Hard Way

Wow. What a weekend. In case you haven’t heard, Barracuda Networks was the latest victim of a SQL injection attack on our corporate Web site that compromised lead and partner contact information. The good news is the information compromised was essentially just names and email addresses, and no financial information is even stored in those databases. Further, we have confirmed that some of the affected databases contained one-way cryptographic hashes of salted passwords. However, all active passwords for applications in use remain secure.

So, the bad news is that we made a mistake. The Barracuda Web Application Firewall in front of the Barracuda Networks Web site was unintentionally placed in passive monitoring mode and was offline through a maintenance window that started Friday night (April 8 ) after close of business Pacific time. Starting Saturday night at approximately 5pm Pacific time, an automated script began crawling our Web site in search of unvalidated parameters. After approximately two hours of nonstop attempts, the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market. As with many ancillary scripts common to Web sites, this customer case study database shared the SQL database used for marketing programs which contained names and email addresses of leads, channel partners and some Barracuda Networks employees. The attack utilized one IP address initially to do reconnaissance and was joined by another IP address about three hours later. We have logs of all the attack activity, and we believe we now fully understand the scope of the attack.

This latest incident brings home some key reminders for us, including that:

* You can’t leave a Web site exposed nowadays for even a day (or less)
* Code vulnerabilities can happen in places far away from the data you’re trying to protect
* You can’t be complacent about coding practices, operations or even the lack of private data on your site – even when you have WAF technology deployed

Before responding prematurely to the press or to anyone else, we wanted to make sure we had time to sift through our logs and do a bit of communication. We’re glad that the impact will be very minimal, but we’re not happy about the amount of bandwidth we’ve spent assessing what happened, responding to affected parties and putting in place the steps to prevent it in the future.

We are working to notify everyone whose email addresses were exposed, and we apologize for the inconvenience.

quote:

New arrest over Anonymous' pro-WikiLeaks attacks

Police have made a sixth arrest in their investigation of Anonymous, the online activist collective that launched a series of cyber attacks on major firms it saw as anti-WikiLeaks.

The new suspect, a 22-year-old man from Cleveland, was questioned by specialist computer crime detectives at a local police station on Wednesday last week. He was bailed until 26 May pending further enquiries.

The five original suspects - three teenage boys and two men - have also all been bailed again in the last 48 hours, to reappear at police stations in June.

They were arrested at addresses in the West Midlands, Northamptonshire, Hertfordshire, Surrey and London in coordinated dawn operations on 27 January.

They are suspected of involvement in cyber attacks on the websites of Amazon, Bank of America, Mastercard, PayPal and Visa in December. Deliberately causing such disruption is an offence under the Computer Misuse Act and carries a sentence of up to 10 years' imprisonment.

The firms were targeted after they cut off services to WikiLeaks, amid controversy over its release of classified US diplomatic cables.

Anonymous saw the moves as an affront to free speech online, and in chatrooms planned Distributed Denial of Service (DDoS) attacks in revenge.

Members downloaded a specially-developed piece of software - dubbed the Low Orbit Ion Cannon - to participate in "Operation Avenge Assange". The software was designed to effectively shut down the websites by bombarding their servers with requests for data.

But the impact was limited: while Amazon’s heavy duty infrastructure withstood Anonymous’ attack, the Mastercard and Visa websites were temporarily disrupted. Yet credit card payment systems themselves were mostly unaffected.

Since the attacks international law enforcement agencies have been cooperating on an investigation that has also led to the arrest of alleged Anonymous members in France, the Netherlands, and the US.

The collective had already caught the attention of British authorities before its WikiLeaks-related attacks, however.

Scotland Yard's Police Central e-Crime Unit began inquiries after similar DDoS attacks by Anonymous in September, on organisations connected to the entertainment industry. Its targets included the BPI and ACS:Law, a London-based law firm that had controversially accused thousands of internet users of copyright piracy.

Anonymous, which emerged more than three years ago from the anarchic web forum 4Chan.org, is also battling other attempts to unmask its members.

In February it hacked into HBGary Federal, a government computer security contractor that claimed to have identified its leaders. The firm's chief executive was forced to step down after the hackers stole his emails and published them online.

And recently a group claiming to be made up of disgruntled former Anonymous members has published a dossier its says contains the true identities of senior figures. Several are listed as living in Britain.

quote:

COICA means internet censorship. Join the campaign to stop #COICA today: http://dontcensorthenet.com #anonops #anonymous

quote:

Clue To The Massive Playstation Network Shutdown?

Earlier this week, in our post Anonymous Silenced By Youtube, we noted that the group may not yet be done punishing Sony.

As we write this post, Sony’s Playstation Network has been down for 2 days, with no real sign of it returning.

While some have speculated that this may be down to a cyber attack by Anonymous, a response from AnonOps say that they are not involved. They do concede, however, that members of the group could have taken it upon themselves to go it alone.

Earlier this week an anonymous source (small ‘a’) told us that Sony’s infrastructure would be attacked with a new kind of technique. We tried to find out more, but all we can give you is this:

Recursive DNS server amplification attack.

If any reader knows how to explain this in terms we can all easily understand, feel free to add them in the comments section.

Sony has offered no information about what has caused the downtime which is currently affecting millions of Playstation users. It might be a DDoS attack, or it could be – as Anonymous put it – that Sony are simply incompetent. Either way, Microsoft’s Xbox Live must think it’s Christmas this Easter.

quote:

HBGary: Silence, Sloppy Reporting Hyped Anonymous Hack

After months of almost total silence, security firm HBGary issued a statement to counter what it claims were inaccurate media reports about a February security breach that spilled thousands of e-mail messages onto the Internet.

The letter, published on HBGary's Web site and positioned as an "Open Letter to HBGary Customers and the Cyberdefense Marketplace," seeks to clarify the events surrounding a February, 2011 attack by online mischief making group Anonymous. According to HBGary, loose fact checking by journalists and the company's own silence led to rampant and widespread misinformation about what actually occurred.

The letter, which is not signed, reiterates company claims that its network was not compromised, just e-mail servers hosted in the cloud, but separated from internal networks. As they have before, the company claims they launched a thorough forensic investigation of their networks and determined that no data other than the emails were compromised. Paramount among these data is the company’s commercial product source code, what they call their most valuable asset. HBGary claims their source code has always been air-gapped from the Web and that despite allegations to the contrary, it was not stolen.

Once again, the letter attempts to a draw a distinction between HBGary and HBGary Federal, a wholly owned subsidiary headed by former CEO Aaron Barr, who was the initial target of the Anonymous attack. While admitting that HBGary Inc. “members” serve on the Board of Directors at HBGary Federal, the letter claims they merely guide the overall financial direction of the company, and play no role in its day-to-day operations as much of the company's work is classified. They further point out that this attack, carried out by online hacker collective Anonymous, was an act of retaliation against work being done exclusively by HBGary Federal, and specifically their former CEO Aaron Barr. HBGary Inc., they claim, was a victim of circumstance merely because the two companies share the same cloud-based email system.

The almost identical management of the two firms and the fact that their corporate e-mail was intertwined have caused many to cast doubt on HBGary claims that the two firms were distinct from one another.

The letter also refutes some of the more outrageous claims by Anonymous - for example, that HBGary had a hand in the creation of the Stuxnet worm. Such claims stemmed from the misinterpretation of a single email sent by Greg Hoglund. The email in question asked that HBGary employees not discuss the Stuxnet in order to avoid becoming a part of the high profile discussion surrounding the worm, which the company thought was best to avoid on account of the sensitive nature of its alleged target. They call it unfortunate that their internal communications were “stolen and interpreted without context.”

Lastly, the letter closes with a stab at the nature of the reporting and coverage surrounding the incident, saying, “We wish that journalistic standards of fact-checking and verification were uniform across the press, but unfortunately, the blog-o-sphere makes that impossible.”

quote:

Website Syrische parlement gehackt

De website van het Syrische parlement is vandaag overgenomen door hackers. In plaats van de normale voorpagina is een reeks foto's te zien.

In de slideshow van foto's zijn beelden te zien van mensen die, vermoedelijk tijdens de betogingen in het land, zijn mishandeld of vermoord. Daaronder staat een tekst in het Arabisch (Google Translate-vertaling), waarin onder meer te lezen is: 'de moordenaar van de menselijke wezens te doden'.

Het filmpje (hieronder staat het) dat te zien is op de website, is afkomstig van een YouTube-kanaal van iemand die meerdere beelden van de opstanden in Syrië de wereld in stuurt.