Anonops #6: Anonymous en de MO-revoluties

quote:

http://threatpost.com/en_us/blogs/rsa-2011-winning-war-losing-our-soul-022211#comment-6626

There was lots of noise and distraction on the crowded Expo floor of the RSA Security Conference this year. After a grueling couple of years, vendors were back in force with big booths, big news and plenty of entertainment designed to attract visitor traffic. Wandering the floor, I saw - variously - magic tricks, a man walking on stilts, a whack-a-mole game, a man dressed in a full suit of armor and a 15 foot long racetrack that I would have killed for when I was 10.

The most telling display, however, may have been the one in Booth 556, where malware forensics firm HBGary displayed a simple sign saying that it had decided to remove its booth and cancel scheduled talks by its executives. This, after the online mischief making group Anonymous broke into the computer systems of the HBGary Federal subsidiary and stole proprietary and confidential information. The HBGary sign stayed up for a couple days, got defaced by someone at the show and was later removed. When I swung by HBGary's booth on Thursday, it was a forlorn and empty patch of brown carpet where a couple marketing types where holding an impromptu bull session.

It would be easy to say that the lesson of HBGary is that "anyone can get hacked." After all, the company's founder, Greg Hoglund is one of the smartest security folks around - hands down. He's a recognized expert on malware and, literally, wrote the book on rootkit programs. HBGary Federal's customers included the U.S. Department of Defense as well as spy agencies like the CIA and NSA.

Or maybe the lesson of HBGary is simply not to "kick the hornet's nest," so to speak: needlessly provoking groups like Anonymous who have shown themselves to be hungry for publicity and have little to lose in a confrontation. Maybe, the lesson is simply that, if you're going to kick the hornet's nest, as HBGary Federal CEO Aaron Barr was determined to, then at least to spend some time securing your Web- and e-mail infrastructure and following password security best practices before you commence said kicking.

But I think the real lesson of the hack - and of the revelations that followed it - is that the IT security industry, having finally gotten the attention of law makers, Pentagon generals and public policy establishment wonks in the Beltway, is now in mortal danger of losing its soul. We've convinced the world that the threat is real - omnipresent and omnipotent. But in our desire to combat it, we are becoming indistinguishable from the folks with the black hats.

Of course, none of this is intended to excuse the actions of Anonymous, who HBGary President Penny Leavy, in a conversation with Threatpost, rightly labeled "criminals" rather than politically motivated "hacktivists." The attack on HBGary was an unsubtle, if effective, act of intimidation designed to send a message to Barr and other would be cyber sleuths: 'stay away.'

We can see their actions for what they are, and sympathize deeply with Aaron Barr, Greg Hoglund and his wife (and HBGary President) Penny Leavy for the harm and embarrassment caused by the hackers from Anonymous, who published some 70,000 confidential company e-mails online for the world to see. Those included confidential company information, as well as personal exchanges between HBGary staff that were never intended for a public airing. Its easy to point the finger and chortle upon reading them, but how many of us (or the Anonymous members, themselves) could stand such scrutiny?

Its harder to explain away the substance of many other e-mail messages which have emerged in reporting by Ars Technica as well as others. They show a company executives like HBGary Federal CEO Aaron Barr mining social networks for data to "scare the s***" out of potential customers, in theory to win their business. While "scare 'em and snare 'em" may be business as usual in the IT security industry, other HBGary Federal skunk works projects clearly crossed a line: a proposal for a major U.S. bank, allegedly Bank of America, to launch offensive cyber attacks on the servers that host the whistle blower site Wikileaks. HBGary was part of a triumvirate of firms that also included Palantir Inc and Berico Technologies, that was working with the law firm of the U.S. Chamber of Commerce to develop plans to target progressive groups, labor unions and other left-leaning non profits who the Chamber opposed with a campaign of false information and entrapment. Other leaked e-mail messages reveal work with General Dynamics and a host of other firms to develop custom, stealth malware and collaborations with other firms selling offensive cyber capabilities including knowledge of previously undiscovered ("zero day") vulnerabilities.

Look, there's nothing wrong with private firms helping Uncle Sam to develop cyber offensive capabilities. In an age of sophisticated and wholesale cyber espionage by nation states opposed to the U.S., the U.S. government clearly needs to be able to fight fire with fire. Besides, everybody already knew that Greg Hoglund was writing rootkits for the DoD, so is it right to say we're "shocked! shocked!" to read his e-mail and find out that what we all suspected was true? I don't think so.

What's more disturbing is the way that the folks at HBGary - mostly Aaron Barr, but others as well - came to view the infowar tactics they were pitching to the military and its contractors as applicable in the civilian context, as well. How effortlessly and seamlessly the focus on "advanced persistent threats" shifted from government backed hackers in China and Russia to encompass political foes like ThinkProgress or the columnist Glenn Greenwald. Anonymous may have committed crimes that demand punishment - but its up to the FBI to handle that, not "a large U.S. bank" or its attorneys.

The HBGary e-mails, I think, cast the shenanigans on the RSA Expo floor in a new and scarier light. What other companies, facing the kind of short term financial pressure that Barr and HBGary Federal felt might also cross the line - donning the gray hat, or the black one? What threat to all of our liberties does that kind of IT security firepower pose when its put at the behest of corporations, government agencies, stealth political groups or their operatives? Bruce Schneier - our industry's Obi-Wan Kenobi - has warned about this very phenomena: the way the military's ever expanding notion of "cyber war," like the Bush era's "War on Terror" does little to promote security, but a lot to promote inchoate fear. That inchoate fear then becomes a justification for futher infringement on our liberties.

"We reinforce the notion that we're helpless -- what person or organization can defend itself in a war? -- and others need to protect us. We invite the military to take over security, and to ignore the limits on power that often get jettisoned during wartime," Schneier observed. That kind of conflation is clear reading Barr's e-mails where the line between sales oriented tactics and offensive actions blur. The security industry veterans I spoke with at this year's show were as aghast at Barr's trip far off reservation, but they also expressed a weary recognition that, in the security business, this is where things are headed.

What's the alternative? Schneier notes that focusing on cyber crime as "crime" rather than "war" tends to avoid the problems with demagoguery. Focus on cyber crime and hacking in the same way as you focus on other types of crimes: as long term problems that must be managed within the "context of normal life," rather than "wars" that pose an existential threat to those involved and must be won at all costs. The U.S. needs peacetime cyber-security "administered within the myriad structure of public and private security institutions we already have" rather than extra-judicial vigilantism and covert ops of the kind the HBGary e-mails reveal. Here's hoping HBGary is the wake up call the industry needed to reverse course.

quote:

Submitted by Anonypussy (not verified) on Sat, 02/26/2011 - 5:12pm.

"to excuse the actions of Anonymous,"



There's no reason for excuse. Information is free.

quote:

This is where the link to openness (or the lack of it) comes in: As we all know, and the execs at BofA and HGF reinforce, zero-days can be powerful weapons. Exclusive knowledge of zero-days gives the possessor incredible power, and in cases such as these, almost always lead to corruption and misuse. It can be argued that we are better off as an industry if openness is employed as a means of elevating collective knowledge and also as a way to enforce checks and balances, so that no one company or individual is significantly more powerful in its knowledge and expertise than others. In such an industry, cyber offense is only a distant possibility, as you will be on a level playing ground with your adversaries.

Creating such an open culture for the security community requires a shift in thinking, because this is an industry that thrives on secrecy and obscurity. It requires that we recognize that secrecy, obscurity, and the act to restrict information can ultimately do more harm than good. It requires that we promote open research and build an ecosystem that rewards openness.

quote:

From the aspect of development of cyber weapons the fact that HBGary was developing them for many clients is not suprising, however what to me personally was suprising is that you ripped yet ANOTHER of my ideas, my autonomous malware not requiring a C2 connection with your Magenta rootkit. Now I grant you, your not going to actually publicly credit me for inspiring your awesome creation due to classification and Offensive IO weapons development, but neither did you consult me on my ideas or even engage me in talks. I will simply take it for what its worth, imitation is the sincerest form of flattery. Ironically again, I think I actually did another blog posting about that when after discussing my Malware DNA idea, you developed code for it in private 30 days later, filed for a trademark, and then patented it and released it 6 months later as a marketable product, all along declaring to Goverment clients in proposals that this was solely developed by you and another developer with PRIVATE funds

quote:

> > This law firm represents HBGary, Inc. One of the websites you are hosting,
> > http://conanthedestroyer.(...)gins-of-malware-dna/ is
> > being used to distribute confidential trade secrets and copyrighted works that have been misappropriated from HBGary as part of a well-publicized criminal intrusion into their network.

quote:

Anony_Ops Anonymous Operations
BreakingNews: #OpEmmaa started. Women of the internets rising to support #Anonymous. Join #OpEmmaa Make yourselves heard. You are Anonymiss!

quote:

AnonymousIRC Anonymous
by miaubiz
#OpEmmaa kicked off. We're not sure what we're doing but it involves a girl, so it's awesome. Also we have dedicated DNS. @emma_a

quote:

http://blogs.forbes.com/andygreenberg/2011/02/28/hackers-vs-billionaires-anonymous-takes-down-koch-supported-websites-amid-wisconsin-protests/

The hacker collective Anonymous may have just made its highest net-worth enemies yet. In the midst of the weekend’s protests in support of Wisconsin’s public employees, the group declared war on the billionaire brothers David and Charles Koch, taking down two Koch-backed sites with cyberattacks and calling for a boycott on companies in which the brothers have invested.

Anonymous laid out its grievances against at the billionaires duo, tied for fifth on Forbes’ list of the richest Americans with a combined wealth of $43 billion, in a statement that tied them to the bill that aims to end collective bargaining rights for state employees in Wisconsin.

On Sunday night, both the website of Koch-backed antiregulatory group Americans For Prosperity and a community forum site for Koch-backed toilet paper company Northern Quilt were down (at least every time I checked) for more than five hours under cyberattacks from Anonymous.

“It has come to our attention that the brothers, David and Charles Koch–the billionaire owners of Koch Industries–have long attempted to usurp American Democracy,” reads the statement. “Their actions to undermine the legitimate political process in Wisconsin are the final straw. Starting today we fight back.” The statement goes on to accuse the brothers of creating fake grassroots groups to oppose the unions in order to cheaply gain a monopoly on Wisconsin’s power utilities.

The statement also called for boycotts on U.S. brands including Dixie, Brawny and Angel Soft.

Back in the offline world, more than 100,000 Wisconsinites have taken to the streets in Madison and some continue to occupy the State’s capitol building.

The attack on the Tea-Party-associated Koch brothers is the latest in Anonymous’ increasingly political actions, and not one that all members of the group seem to support. One member of the group who says he was associated with the earlier hack of security firm HBGary told me via instant message that he wasn’t involved with the Koch takedown, and that proposals to attack the Tea Party have been unpopular within the group’s ranks. A blog post about another Anonymous threat to take down Tea-Party-related websites posted to AnonNews.org was ranked among the least popular on the site.

“Anonymous does not approve,” wrote one user on the site. Another questioned whether the Tea Party might not have some ideals in common with the libertarian hacker collective. “Interestingly the rank and file of the [Tea Party] probably share similar views as we do in relation to many aspects of freedom, it seems they are co-opted by business at the top levels but not lower down at all,” writes the anonymous commenter. “Makes me wonder if hitting the baggers is more useful than trying to steal them from big business.”

quote:

There has been a lot of information brought to light about the alleged backdoor dealings between the billionaire Koch brothers and Wisconsin Governor Scott Walker in the weeks since public employees began protesting attempts to strip them of their collective bargaining rights. The debate that began in Wisconsin has spread nation-wide, organizations are reporting on Walker’s budget provision to allow no-bid contracts of that state’s power plants, and even the group of hacktivists known as Anonymous are firing back at Koch-funded fronts like Americans for Prosperity and the Tea Party.

quote:

http://threatpost.com/en_us/blogs/hbgary-federal-ceo-aaron-barr-steps-down-022811

Embattled CEO Aaron Barr says he is stepping down from his post at HBGary Federal to allow the company to move on after an embarassing data breach.

The announcement comes three weeks after Barr became the target of a coordinated attack by members of the online mischief making group Anonymous, which hacked into HBGary Federal's computer network and published tens of thousands of company e-mail messages on the Internet. HBGary did not respond to telephone and e-mail requests for comments on Barr's resignation.

In an interview with Threatpost, Barr said that he is stepping down to allow himself and the company he ran to move on in the wake of the high profile hack.


“I need to focus on taking care of my family and rebuilding my reputation," Barr said in a phone interview. "It’s been a challenge to do that and run a company. And, given that I’ve been the focus of much of bad press, I hope that, by leaving, HBGary and HBGary Federal can get away from some of that. I’m confident they’ll be able to weather this storm.”

The group conducted a preemptive strike on HBGary after Barr was quoted in a published article saying that he had identified the leadership of the group and planned to disclose their identities at the B-Sides Security Conference in San Francisco.

By combining a SQL injection attack on HBGary's Web site with sophisticated social engineering attacks, the group gained access to the company's Web- and e-mail servers as well as the Rootkit.com Web site, a site also launched by HBGary founder Greg Hoaglund. Ultimately, the group defaced HBGary's Web site and disgorged the full contents of e-mail accounts belonging to Barr, Hoglund and other company executives.

Though Barr and HBGary were the victims of the hack, the contents of the e-mail messages divulged plans that cast both in an unflattering light. Among them were data mining efforts and mentions of possible disinformation campaigns on behalf of a "large U.S. bank" and the law firm that represents the U.S. Chamber of Commerce that seem to run afoul of civil liberties and professional ethics.

HBGary counted many U.S. government agencies, including the Department of Defense, CIA and NSA as customers. The disclosure of e-mail messages from the company poses a major security risk to those organizations, as well as individuals who had corresponded with the firm. The breach also raises troubling questions about the direction that HBGary and other Beltway firms have taken. Email exchanges published online revealed the firm to be at work on a variety of plans to do data mining and information operations on U.S. organizations and journalists on behalf of clients including law firms representing a large U.S. bank and the U.S. Chamber of Commerce. Most recently, the incident spilled into the mainstream, with comedian Stephen Colbert devoting a segment of his Colbert Report program on February 24 to the HBGary hack.

quote:

# Jonlabove_normal jonlabove RT @atopiary: Aaron Barr has quit! Join our party on IRC: http://irc.lc/Anonops/AnonLeaks | Official party music: http://bit.ly/gSTPN7 #HBGary #Anonymous 2 minutes ago via web

Original Party Hard music

quote:

ANOTHER note to journalists.

Those of you monitoring this war of press releases are witnessing the explosion of what has been a growing rift inAnonymous. There are two main camps worth discussing: ³oldfags´ and ³newfags,´ the latter sometimes known as ³moralfags.´

Oldfags are the group most associated with the controversial board 4chan. They are avid consumers (and likelyproducers) of child porn, and pics and vids of gore, including decapitated people, and tortured and dismembered animals - often acts perpetrated by oldfags themselves for the enjoyment of their inhuman brethren. They arenihilists, sociopaths and sadists. They have no perceptible morality or ethics, and are only interested in ³lulz´ thatcome at a cost of pain and suffering to others. These oldfags often sympathize with the Tea Party and other similarly antisocial brands of anarchism. They cannot be trusted to do the right thing, and in fact, can usually betrusted to do the most horrible things imaginable. They are skilled at chaos and destruction, however, and driven by an egotistical, narcissistic will that all should fear. Evil is a good definition for what oldfags represent. Fortunately,this group is small, and their influence on the ranks of Anonymous is rapidly diminishing. Anonymous only owes these cretins thanks for the meme of Anonymous, a meme which would mean little if it had not been expanded to represent newfag-style hacktivism for causes greater than the sick fulfillment of wounded, twisted egos that hate everything in the world.

Newfags are very different. While we share a lack of respect for the flawed laws of men that serve only the powerfuland wealthy - the oppressors - we have a higher purpose: The dignity of humanity and its expression and fulfillment within the framework of a new civilization, currently under development in the form of the internet. Newfags envision humanity shaking off the shackles of authority, greed and apathetic powers that have little to do with the collective will of humanity. Anonymous, newfags believe, is itself a powerful facet of that collective will of humanity, a voice growing stronger by the day. Like oldfags, we treasure lulz, but get our kicks from those acts and ideas of creative destruction that empower humanity, not diminish it.

In the end, we encourage the media and people everywhere to accept us for what we are. A flawed entity, but one that is more good than evil, a trait we share with each individual human, and with humanity as a whole. We ask that you help us be a better person. Look beyond our weaknesses and see us for our strengths, as this will help those traits develop more fully, and help us outgrow our pathetic roots.

We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.

Expect us ± always

quote:

Anonymous are Not Your Personal Army. I do not claim that I am or Speak for Anonymous. I do know that At least 100 years ago there was a time when Anonymous stood for nothing. Thats right nothing, but for one exception: Anonymous stood for the free and open exchange of information online, and freedom of speech. Anonymous did not stand for truth, justice, and the American way. They did not stand for equality, or rights, or anything else. They were not co-ordinated with anyone, They had no allegiance (save for a tenuous one with each other) and they certainly had no guiding purpose. They despised white knights, trolled to facebook accounts of the newly deceased for lulz, mocked moralfags, and had fun at the expense of others for no other reason then because they wanted to show the world that they can do what they want online. Why did they do that? Because that is what Anonymous was about: doing whatever you want online....for the lulz. It used to be that they only attacked those who want to get in the way of the flow of information. They were not 12, and they knew exactly what this was. They had no leaders, and no structure (see pic for perfect diagram of the anonymous hierarchy)

Now something has happened, everywhere I look it sounds like im sitting in some fucking University Sociology class with a bunch of newfags talking about how we need to be getting politically active. Anonymous is not some leftwing sockpuppet to do the bidding of unions and Rachel Maddow. Nor are they all a bunch of Ron Paul loving teapartyfags. Anonymous consists of everything from Anarchists, to Libertarians, to Conservatives, Liberals and anything else on the political spectrum. There were all kinds of people, we even had those who don't count as people (women - looking at you here) being Anonymous.

So please newfags, Fuck off and stop riding Anonymous' coat-tails. Magnanimous, you ripped off the logo, imitated anonspeak, and ended your statement with a slightly modified version of the tagline. You are poseurs. Die in a fire. You have never seen the Marblcake, you have no thrust vectoring so your skies are owned by real Anons, you have come to the wrong place, you have messed with football, and more importantly, you have closed the pool with your aids. All your efforts efforts to imitate and goad Anonymous into doing your bidding fail. You make Chips handon look legit and it's time to stop. Thank you for your time.

The return to what we once wereI call, operation chaotic neutral

I am not anonymous,

I am not legion

I forgive

I forget

Don't expect me - evar (I'm to busy masturbating to chubbies on 4chan)

P.S.Pic included with this post gives a perfect representation of the structure of Anonymous.

quote:

Op dinsdag 1 maart 2011 02:10 schreef truepositive het volgende:
Bedankt voor het constant updaten van deze thread, ik heb besloten dat dit dagelijks nieuws gaat worden voor mij

quote:

NEW YORK (Reuters) – Morgan Stanley experienced a "very sensitive" break-in to its network by the same China-based hackers who attacked Google Inc's computers more than a year ago, Bloomberg reported, citing leaked emails from an Internet security company.

The emails from the Sacramento, California-based computer security firm HBGary Inc said that Morgan Stanley -- the first financial institution identified in the series of attacks -- considered details of the intrusion a closely guarded secret, the report said.

Bloomberg quoted Phil Wallisch, a senior security engineer at HBGary, as saying that he read an internal Morgan Stanley report detailing the so-called Aurora attacks.

The HBGary emails don't indicate what information may have been stolen from Morgan Stanley's databanks or which of the world's largest merger adviser's multinational operations were targeted, according to the report.

Representatives for HBGart were not immediately available for comment.