Anonops #7: Meer is beter

quote:

Op zondag 26 juni 2011 01:30 schreef David1979 het volgende:
ja dat zei ik toch, liever lui...

kwestie van tijd

quote:

Op zondag 26 juni 2011 02:57 schreef Yuri_Boyka het volgende:
Dus ze zijn ontmaskerd?

quote:

Connexion's First Hack

Dear Internetz,
My name is Connexion. I have hacked your website, http://www.pchardware.ro because it needed
to have a checkup with the SecDoctor. I have found many errors with your website and agree to tell
them to you via twitter, @Connexion_Lulz. I also want everyone reading this to note that it was me
who hacked them, and not some random person who copied everything and said it was theirs. I want you
to know that a simple MySQli should be prevented.

*NOTE* If you are wondering this is the 1st website that I have hacked. */NOTE*

Yes, I do look up to @LulzSec and @LulzRaft and hope that someday I can say that I am part of their
group taking down the internet one crappy security at a time. To prove that I hacked your website,
I provided a table below of all the usernames, emails and hashed passwords. To decrypt the passwords
go to http://passcracking.com and decrypt it. Some passwords can't be decrypted at the moment and that's
all good (Get Cain & Abel for that). Now, I have taken the liberty to put aside all interessing users to the
right. One has a .gov email so maybe governement :S and also there are the MD5 Hash Passwords too. So you can
tell that they switched from MD5 to whatever they use now. Also there is adultwomenmasturbating@google.com
which makes me LULZ all the time.

*ALSO NOTE* That most people use the same password for everything so check facebook and send SS! */ALSO NOTE*

So that is all I have to say at the moment. Please enjoy and definently talk to me on Twitter.
Regards,
_____ ______ _____ _____ _______ \ / _______ ______ _____
| | | | | | | | \ / | | | | |
| | | | | | | |______ \/ | | | | |
| | | | | | | | /\ | | | | |
_____ ______ | | | | |______ / \ ___|___ ______ | |

*ALSO ALSO NOTE* That these are not all of the users. They have 9257 users and i just don't want to take that long editing it. */ALSO ALSO NOTE*

=====================User Data=====================

quote:

Why arresting lulzsec won’t change anything

Federal law enforcement agencies from around the world have been working to arrest members of the group known as lulzsec. Love them or hate them lulzsec has changed how the public views hackers and hacking. It has brought more attention to the cyber world and the cultures that develop there, and they have changed how some hackers operate Instead of quietly hacking smaller websites or targets of personal interest, they hack or attempt to hack government targets and post about it on social network and public chat rooms. Lulzsec declared war on the US Government and others like them have answered the call to arms. By doing this lulzsec has ensured that even if they themselves are caught their cause will live on without them, in fact if caught this would only likely motivate their followers further.

These “daughter groups” seem based on their region , on twitter I have seen “lulzsec” based groups for brazil and there have been reports of graffiti tags showing the word “antisec” and lulzsec’s mascot image in San Diego, I do not know how many other groups such as this are out there, but considering lulzsec’s over 200,000 twitter followers the number could be significant. Considering law enforcement’s history with dealing with cell based groups if they seriously want to stop the antisec movement they are going to need a different approach than the one they are currently taking, fighting them directly is only going to expand the antisec movement and fuel its anger.

Right now lulzsec and its allies have the advantage because their operation is popular and costs very little to operate but does a significant amount of damage, while Government forces cost significant amounts of money to train and operate and do very little damage. Considering how slow that governments are to adopt change, even when it directly benefits them lulzsec and its allies will be at this for quite some time.

If the governments were truly serious about stopping this threat they would work to defuse the anger and outright hate people feel toward the government these days, they would take steps to show people that they are not the bad guys and stop taking such a hard approach. They would pay more attention to public perceptions and address the issues that people have in a honest and transparent manner, being answerable to the public when questions are asked. For example there may be a perfectly rational explaination as to why the FBI took servers that didn’t seem to have anything to do with lulzsec from DigitalOne, but the people will never know why because they won’t comment, and when they do people feel like what they are told does not really explain anything, so without answers from official sources right away, people will just draw logical conclusions based on the available evidence , and said evidence makes it look like the FBI has no idea what it is doing and they have good reason to believe that.

As of late the governments actions in public have been disastrous and it has gotten to the point where people feel compelled to act to stop it. People feel like their rights are being stripped away and that they have no control over their own private lives. They are afraid. So when someone comes along and is not afraid, and not only not afraid but willing and able to act against the target of their fears, they rally around them and support them, feeling less afraid to act themselves, and after enough time they lose all fear of any legal repercussions because they believe they are morally right. This is the point we are at right now, they have motivated and emboldened people that the government has alienated and ignored. Stopping lulzsec won’t stop antisec, in fact it will likely do the opposite. The game has been changed, and right now the only winning move is not to play.

quote:

Web censorship moves West

While few may object to blocking access to child pornography, online restrictions set dangerous precedent.

For a long time, the dominant conversation around internet censorship has focused on two of the practice's giants: Iran and China.

Arguably owners of the most sophisticated filtering methods, the criticism levied against these two countries has been deserved. And yet, the focus on them has largely been at the exclusion of other countries that also censor the web to varying degrees - including an increasing number of democracies.

In recent weeks, Turkey, Tunisia, and Australia have all made headlines for their various plans to introduce new filtering schemes. Though each country's plan differs, they all have similar focus: curbing access to obscene content.

But while blocking obscenity may reflect the will of the people, such filters nonetheless have implications for freedom of expression.

Australian ISPs 'aim to curb child sexual abuse'

In Australia, after several failed attempts by the government to introduce a mandatory filtering scheme, several Australian ISPs have taken matters into their own hands, blocking access to a list of 500 sites.

The ISPs will base their blacklists on a list maintained by the Australian Communications and Media Authority (ACMA), as well as - according to News.com.au - "child abuse URLs that are provided by reputable international organisations".

In 2009, a copy of the ACMA's blacklist was published by WikiLeaks, and was found to include the website of a Queensland-based dentist, a handful of Christian sites, and some YouTube videos - as well as adult sites deemed to be legal in Australia.

Such errors raise questions amongst free expression advocates about the lack of transparency in the process of determining which sites will be banned. There is also concern that there appears to be no appeals process by which to challenge sites banned by the ISPs.

Tunisia blocked pornography by court order

For years, Tunisia stood along with China and Iran as one of the world's most strict online censors. Following the January 2011 popular revolt, however, internet filtering became obsolete for a time.

Shortly thereafter, a military tribunal moved to block a handful of sites, including all individual Facebook profiles or pages.

The latest measure to block sites in Tunisia comes after a group of conservative lawyers filed a legal case to "impose the blocking of pornographic content". The Tunisian Internet Agency at first refused to implement the order and sought a stay of the ruling, but on June 13, the motion was denied and the Agency was forced to comply with the order.

The decision was met with derision by many Tunisians, some of whom protested on the grounds of personal freedom or concern that filtering any type of content would open the doors to further censorship; while others felt that the debate distracted from more important issues in the fledgling democracy. Still, some others were in support of the ban.

Turkey's four-pronged approach

Turkey's proposed filtering scheme has raised ire across the country, with citizens marching in the streets against censorship.

Though the scheme is meant to offer four opt-in layers of filtering - from "standard" to "children" - Turkish citizens realise they have plenty to lose. After all, the government has blocked YouTube and WordPress, among various other sites, for containing content deemed insulting to "Turkishness".

Meanwhile, Turkey's Law on the Internet #5651 allows any party to petition a court to block content for a range of reasons - including alleged defamation. Some Turkish analysts believe that the law is easily abused.

Furthermore, a 2009 report from the Organisation for Security and Cooperation in Europe highlighted that 80 per cent of Turkey's banned sites had been blocked at the behest of administrative decisions, rather than court rulings.

Though the new system's "standard" option will come without new filtering, there is no word as to whether already-blocked sites will remain banned.

Filtering is futile

While filtering - when conducted in the home or other private space - can be a good thing, such as preventing children from inadvertently accessing obscene or other undesirable content, government-level filtering does more harm than good.

Not only is it probable - and quite common - for "benign" sites to get caught up in content filters, blocking a certain type of content does not necessarily mean that such content ceases to exist; and in the case of child pornography, blocking may simply force such content "underground", to peer to peer and other private networks where perpetrators are more difficult to catch.

Filtering at the government or ISP level is costly, yet can be easily circumvented with minimal tech savvy, using widely available proxy tools.

Most problematically, setting a precedent of blocking websites simply makes it that much easier for a government or ISP to extend filtering as they wish.

While few might object to blocking child pornography, what happens when the filters go after politically sensitive content? Will anyone object then?

quote:

2011-06-25 WikiLeaks Notes: Latest News on #Cablegate Releases, #WikiLeaks & More

This is a "WikiLeaks News Update," constantly updated throughout each day. The blog tracks stories that are obviously related to WikiLeaks but also follows stories related to freedom of information, transparency, cybersecurity, freedom of expression, and sometimes the national security establishment of the United States because each issue/topic helps one further understand WikiLeaks and vice versa. All the times are GMT.

quote:

Op zondag 26 juni 2011 11:16 schreef David1979 het volgende:

[..]

Daar zit wat in natuurlijk, maar doet me een beetje denken aan die andere 'cell based' groep waar ze op dit moment tegen vechten en waarvan ze recent de leider hebben doodgeschoten.

Waar ze ook van weten dat die leider weer gewoon wordt opgevolgd en al is opgevolgd. Maar ze passen ze hun beleid niet aan, sterker, ze gooien er nog een schepje bovenop.

quote:

Lulzsec & The Jester Expose each other, Long Live Anonymous ! : The Hacker News ~

Lulz war ! Today Hacking group "Lulzsec" completed their 50th day and also announce the retirement of Lulz boat. What are the Reasons behind this ? Lulz Security's rise to prominence has been extraordinarily fast.The hacking group first emerged in May and in the past few weeks has attacked the websites of some of the world's leading corporations and governments. The group specialises in locating websites with poor security and then stealing information from them and posting it online via Twitter account, well They have 278,429 Followers]in 50days.

To understand who/what lulzsec is, you need to understand where they came from. Everything originates from the chan (4chan/711chan/etc.) culture. It's a culture built around the anonymity of the internet. If your anonymous no one can find you. No one can hurt you, so your invincable.

According to Anonymous "The problem with Lulzsec is that they lack the skills to keep it going. As such after SONY they couldn't get into anything. So they switched their focus to just releasing random crap that didn't mean anything. Then they started running out of things they could hack. So they put out requests for people to join them. That got them a few hits, and now they've switched their gears again to be ANTI-SEC".

Sabu (Leader of Lulzsec) and Topiary are the only two people updating the twitter and releasing stuff. The gn0sis kids are gone in hiding somewhere. So the team include :
Sabu, Topiary , Kayla , gn0sis , Uncommon, EEKDACAT.

LULZSEC skills : We have seen that Lulzsec mostly hack random targets which are vulnerable and easily available on net via google Dorks. Now just check the Defacement section of "The hacker news" , you will get so much talented hackers of world, Then why these guys not having millions of followers ? Why these Indian, Pakistani and Albanian hackers don't get attention of Big media ? Its all because their aim was not to get Fame, they are testing their own skills and Learning from real world or whatever the other Reasons of hacks. Even PBS (Public Broadcasting Service) & Writerspace Hacked Again by Warv0x (AKA Kaihoe) . According to Warv0x (AKA Kaihoe) "This wasn't done for fame or fun,just proving LulzSec aren't as goodas they think they are. I haven't rooted the box or been up to crack the hashes, I'm just proving that most of their attacks are very lame and basic (i'm pretty sure and automated) SQL injections and further privilege escalation, which is just matter of time." He also said "Support for WebNinjas & Jester, good job at exposing them.Sad to mention, but I really agree with th3j35t3r & WebNinjas - LulzSec are just a bunch of script kiddies..."

quote:

“Anonymous Anti-fascists” Hack Several White Supremacist Websites Including newp.org

Stuff like this just puts a smile on my face. It has comes to my attention that www.newp.org, the website for the “North East White Pride” organization, as well as other sites belonging to them have been hacked. Here is part of what the hackers, describing themselves as “Anonymous Antifascists”, defaced newp.org with:


The hackers defaced the websites with a statement. They also released home addresses, phone numbers, email addresses, usernames and passwords and email correspondences of the administrator of the site, Robert O’Donovan. Here is the statement from the antifascists in full:

“——————————————————————————–
FOR A WORLD WITHOUT BORDERS, PRISONS, AND RACIST HATRED – SMASH WHITE SUPREMACY!
We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.
#opblitzkrieg #anonops #lulzsec #operationpayback #totaldestroythursday
——————————————————————————–

FOR IMMEDIATE RELEASE

Anonymous Anti-Fascist Hackers Deface White Supremacist Websites, Drop Dox

A Mob of Anonymous Anti-fascist hooligans hacked into several white supremacist
websites belonging to North East White Pride(newp.org), Local 1488 Store
(local1488.com), Racist-Jokes.com, and more, defacing with anti-racist messages
and leaking private information. We’re dropping usernames, passwords, home
addresses and phone numbers of over 1000 active nazis in the US. We also spammed
35,000+ nazi emails with this message to make them sleep a little less easy at
night. We did this to expose and disrupt the racist scum who associate with
their white supremacist group and purchased items from their online Nazi store.

Just two weeks ago the webmaster Rob O’Donovan and his racist organization North
East White Pride attempted to hold a white supremacist gathering in the
Worchester Public Library but instead were greeted with a dozen antifa who burst
into their meeting black-clad-bandana’d-out and beat the nazis down with chairs
and u-locks. A week later, they obviously didn’t get the hint to cut the nazi
shit, so we had to own them hardstyle when a week later they attempted to hold
an anti-immigrant “Close The Border” rally.

Detailed private information about Rob was leaked including confidential emails,
online store transactions, phone and address information for him as well as the
thousands of nazis who purchased items from his store local1488.com. The leaked
emails revealed Rob was working with Detective Andrew Creed from the Boston
Police Intelligence Unit who regularly “made sure that your group was able to
get their message out in a safe manner” against “problems with ‘antis’ showing
up”. Rob also runs Tea Party websites regularly bringing other nazis to Tea
Party rallies further demonstrating the connections between “mainstreamized”
racists in the Tea Party and violent neo-nazi extremists.

We believe in militant direct action to smash white supremacy, expose them to
their communities, confront them at their jobs and homes, and disrupt their
organization’s ability to conduct meetings/rallies, distribute their hateful
propaganda, and communicate on the internet. Those who want us in the gas
chambers, who seek to take away our freedoms, deserve it not for themselves.

Just as we smash organized white supremacists, we also smash white-hat corporate
“hacker” sellouts who work for the government, military, law enforcement, and
the corporate security industry. You need us, but we don’t need you. Fuck the
FBI, Fuck NATO, and Fuck Ingragard. Props to real OG hackers who still break
into and destroy the systems of our enemies: lulzsec, anti-sec, hackbloc, zfo,
el8, h0no, project mayhem, phc, phrack, fox, #school4lulz and countless more.

The defaced websites are:
freedomhost.info, newp.org, local1488.com, patriotpages.us, teapartyflags.us,
darklordshop.com, racist-jokes.com, iussa.org, ascribewriting.com,
listen-n-post.com

The server formerly hosted the websites:
blackserialkillers.org, rockinghampatriots.info, ohiowhitepride.com,
boycotttheboycott.info, aryanvolkofmidgard.com, thefoundersplan.org”

While I’m sure more will come to light after all the leaked emails have been perused, one email from Detective Andrew Creed of the Boston Police Intelligence Unit to O’Donovan. In the email Creed seeks O’Donovan’s cooperation and offers his help to make sure the “antis” don’t cause a problem at NEWP’s event. The email:

quote:

Op zondag 26 juni 2011 18:35 schreef PiRANiA het volgende:
http://pastebin.com/iVujX4TR
Hoppa, lulzsec leden ontmaskerd .

quote:

Op zondag 26 juni 2011 18:49 schreef PiRANiA het volgende:

[..]

IRC in de gaten houden en wachten tot ze wat persoonlijks zeggen. Die joepie91 (zit ook op FOK!) gooide zijn persoonlijke domein bijvoorbeeld online.

quote:

"ThePiratebay deletes 50 Days Of Lulz"

By BSOD

2011-06-26
Thepiratebay just deleted the lulzsec torrent "50 days of lulz" , reason theres some virus in it. Thepiratebay does not allow files that are mislabeled, or contain virus/trojan's, or child pornography. Being as how this torrent was extremely popular, it may have infected 100's of thousands of people already. Lulzsec's account on thepiratebay was not banned so they are cleared to upload the same torrent again without the alleged "trojan".

source: moderator.

additional information:
http://tlan3y.tumblr.com/post/6938716877/
http://activepolitic.com:82/Outside_News/6057.html

quote:

Op zondag 26 juni 2011 19:05 schreef PiRANiA het volgende:

[..]

Geloof jij het?

quote:

Op zondag 26 juni 2011 19:15 schreef Yuri_Boyka het volgende:
Ik heb die gister gedownload en er zat inderdaad vage shit in.

Maar iig, wie heeft Lulzsec exposed, ik bedoel je komt niet zomaar even aan alle gegevens.

quote:

Op maandag 27 juni 2011 13:30 schreef Disana het volgende:
Zelfs de Volkskrant heeft het opgepikt:

http://www.volkskrant.nl/(...)-stoppen-ermee.dhtml

quote:

Anonymous Claims LulzSec Members, Steps up Attacks

The decision by computer hacking group LulzSec on Saturday to fold operations may be helping another online group, Anonymous, which stepped up attacks over the weekend.

Members of LulzSec appear to have rallied around Anonymous with both the group, and some LulzSec members claiming they were now with Anonymous.

Anonymous claimed over the weekend that it has released information from the website of the Cyberterrorism Defense Initiative, a national counter-cyberterrorism training program funded by the U.S. Department of Homeland Security among others.

It also said it had found a "chest of 40 Terabytes internal data" from an undisclosed company, but was not sure how to put up all the data on the web.

LulzSec said Saturday it had ended its campaign of cyberassaults on government and corporate websites and that it was time for it to "sail into the distance." It did not give a specific reason for its sudden decision.

Anonymous said in a message on Twitter on Sunday that it could confirm that all LulzSec members have reported aboard. A LulzSec member Sabu confirmed on Twitter that its members were now part of Anonymous.

LulzSec and Anonymous came together recently to target government and related agencies in Operation Anti-Security.

There is speculation that the LulzSec, known for its brash comments, had decided to disband after the arrest in the U.K. last week of Ryan Cleary, who is alleged to have been involved with the group.

LulzSec may however have been the victim of attacks from rival hackers it has been squabbling with such as Jester and Web Ninja. A person disclosed over the weekend information on LulzSec and some of its members.

quote:

Anonymous - Press Release 4/26/2011 - OPERATION DARKNET #OpDarknet

In contradiction to the best practices of Anonymous, most VPN's, Tor, and recently I2P users have been prevented from accessing certain IRC services that have previously been associated with Anonymous. The only option left is to connect to these US Based (and otherwise FBI/CIA/DHS friendly/controlled) based IRC servers using your own internet connection with little in the way of privacy.

I2P, or the Invisible Internet Project, is a secure, encrypted, tunnel-based darknet used to maintain anonymity while hosting or accessing content within the darknet, or via proxies to external services on the "normal" net. Created anonymously for the sake of the anonymity of others, this is a great alternative to a centralized system.

I2P is an internet within the internet, unmonitorable and uncensorable from outside. By default, anonymous mail, anonymous filesharing (BitTorrent, Gnutella, i-Mule etc), anonymous chat (IRC/Jabber/I2PMessenger) and anonymous web serving are provided with the installation. Treat I2P like your own private internet, free from interference and oversight. Think privacy, not paranoia, empowerment, not suppression. We have users around the world using I2P to evade censorship, not least in Egypt, Tunisia, Iran, China, and other locations where state level interference is routine.

Moreover, with I2P, you can create your own IRC channels and Ops--there is no censorship, and no authority. With the ability to create your own channels and attract anons to your ideas, you will once again, see the beloved agency return to you.

Now is the time.

Learn more here: http://www.i2p2.de/
Download I2P here: http://www.i2p2.de/download
Follow instructions and soon you will be connected through I2P, completely secure and encrypted. Just connect your IRC client to 127.0.0.1:6668 and you're on board
#anoni2p, #opcannabis, #opdarknet, #anonportal and #i2phelp are some channels you may like to visit once you are.

http://pastehtml.com/view/1e7pi9g.html http://pastehtml.com/view/1e6zzoa.html

Installation:

Requirements: Java Runtime Environment (JRE) 1.6 (Oracle's, IcedTea, OpenJRE etc)

Windows/non-Debian Linuxs, BSD etc.
Grab the installer from http://geti2p.net/download and run, either via the conventional double click route, or from a terminal via java -jar i2pinstall.0.x.x.exe -console (It's a java file with an exe wrapper, so should run anywhere java is installed)

Ubuntu/Debian/etc
apt-add-repository ppa:i2p.packages/i2p as root and then refresh your repo (aptitude update etc). More info here: https://launchpad.net/~i2p.packages/+archive/i2p.

OS X
Convenient, pain-free install script here: http://www.megaupload.com/?d=5TGPLLAA or over I2P bittorrent here: http://tracker2.postman.i2p/index.php?view=TorrentDetail&id=12472

Android
Coming soon!

After installation:

- If you're on Windows, and you're not running the portable installation (http://portable-i2p.blogspot.com), you'll want to install the I2P service for best results, and also disable launching the browser at startup, both configurable at http://127.0.0.1:7657/configservice

Then you'll want to head straight for the router console homepage and TAKE TIME to read through the introductory paragraphs. Reading and understanding what's written there will save you time and potential embarassment later, so do it! http://127.0.0.1:7657

CHAT: IRC

Using your favorite IRC Client connect to localhost 6668

for mIRC this would be:

//server -m localhost 6668

WEB PROXY

Open up your browser of choice, set your proxy to localhost:4444 and/or localhost:4445 for HTTPS

Config info here: http://geti2p.net/htproxyports.html

BITTORRENT

http://127.0.0.1:7657/i2psnark for your resident, browser-based I2P BitTorrent client. Active public trackers linked at the top.

ANONYMOUS MAIL

http://127.0.0.1:7657/susimail is your first port of call for anonymous i2p mail with a world reachable return address (you@mail.i2p internally resolves to you@i2pmail.org from the inbound gateway). Create yourself an account at postman's hq (embedded in susimail's login screen), make sure you read the faq and guides regarding acceptable use and being safe online BEFORE you start using your new account.

WEBSERVING ON I2P

You have your own configured-for-i2p webserver ready to go! http://127.0.0.1:7658 for more info.

I2P is Anonymous.

We Are Legion.

We Do Not Forgive.

We Do Not Forget.

Expect US.

quote:

Anonymous releases counter-hacking manual

Anonymous has returned to the forefront of the hacker war against authority with the release of a "counter-cyberterrorism" manual, along with data on the FBI.

With Lulz Security now on permanent hiatus, fellow hacker group Anonymous has filled in the gap with the release of a “counter-cyberterrorism” manual from the US Department of Homeland Security.

According to ABC News, which was first to sort through the 650 MB file posted to MegaUpload, the release was originally thought to have come from a certain private security firm whose website went offline soon after Anonymous released the data. It was later found that the information actually comes from the Federal Emergency Management Agency (FEMA), which originally produced the “Counter Terrorism Defense Initiative” training program in 2009.

Accordring to the program’s website (which has since been taken offline), the “SENTINAL” program — short for “Security and Network Training Initiative and National Education Laboratory” — “is a national initiative to educate technical personnel in cyberterrorism response and prevention.” The program was intended for employees of “public safety, law enforcement, state and local government, public utilities, colleges and universities, and health care providers.” And it “focuses on enhancing the prevention, preparedness, and response capabilities of local, state, tribal, and rural public safety jurisdictions.”

It does not appear that the release contains much that wasn’t already publicly available on the Internet. It does, however, provide a list of all the Federal Bureau of Investigation office locations throughout the United States. Other contents of note include stock letters for officially requesting user information from Internet service providers, and various hacking and coutner-hacking tools. In short, there’s really nothing much here that a determined person couldn’t have found without hacking a single thing.

Regardless of the value of the release, the action shows that the hackers are far from finished. This release is part of the “AntiSec” (anti-cybersecurity) campaign launched by Anonymous and LulzSec (before it disbanded). According to @AnonymousIRC, a 100,000-follower strong Twitter feed that reports on the group’s escapades, “all @LulzSec members” are onboard with the #AntiSec campaign.

While LulzSec claims that it planned from the beginning to remain a coherent group for 50 days before splitting up, some believe the hacker sect called it quits after a rival gang of hackers, A-Team, released what it claims are the identities and online properties of all of LulzSec’s members.

quote:

Teen accused of attacking SOCA website released on conditional bail


Ryan Cleary's bail conditions mean he is banned from using any device capable of connecting to the internet

The teenager accused of attacking the website of the UK Serious Organised Crime Agency has been released on conditional bail.

Prosecutors were unsuccessful in their appeal against Ryan Cleary's bail in a hastily convened hearing at Southwark Crown Court in London on Monday.

The 19-year-old, who was diagnosed with Aspergers syndrome last week, was arrested last Monday as part of an international investigation into the internet hacking group LulzSec following attacks on the CIA and US Senate.

Cleary's bail conditions mean he is banned from using any device capable of connecting to the internet. The Essex teenager must observe a curfew between 9am and 7pm. He will be electronically tagged and must not leave the house without his mother, Rita Cleary.

She was in court for the short hearing on Monday afternoon. The court reversed an earlier decision to hear Cleary's case tomorrow after an appeal over his "vulnerability" from his legal team.

The student has spent the past week being interrogated by the FBI and UK police over the alleged attacks. He could yet be charged with further offences.

Cleary's computers, iPhone and PS3 have been confiscated by police.

In a statement read outside court, Cleary's lawyers said: "Ryan Cleary is very relieved to be granted bail and to be home to his mum, his cats and his books.

"He has cooperated with police and will continue to do so. Ryan has last week been diagnosed with Aspergers... He will now be provided with the professional support he needs. His obvious intelligence can now be channelled into a worthwhile pursuit.

"One thing not so positive from this case is that the British police are investigating and appear to be accepting jurisdiction [unlike the Gary McKinnock case]. Ryan will not be making further statement for the time being."

The case is due back at Southwark crown court for a case management hearing on 30 August.

quote:

Security outfit thanks lulzSec for the Lulz

Governments are blasé, blasts bloke

Read more: http://www.thinq.co.uk/20(...)-lulz/#ixzz1QZAlGeQd

Internet security expert Andy Kemshall from SecurEnvoy reckons LulzSec should be applauded for its campaign of online mayhem, as it exposed government complacency and business naivety.

“I firmly believe that the media attention LulzSec’s DDoS attack has recently received is deserving," he burbled. "It’s thanks to these guys, who’re exposing the blasé attitudes of government and businesses without any personal financial gain, that will make a difference in the long term to the security being put in place to protect our own personal data!”

Kemshall continues: "At the end of the day, it comes down to a fundamental failing on the part of the organisation that allows these criminals in. If they didn’t leave their networks unlocked there wouldn’t be a problem.

"Hackers are exposing the holes and bringing the issue out into the open. RSA unbelievably took three months to come clean about their breach and if hackers hadn’t exposed them, through the Lockheed Martin story, would they have come clean at all? The cynic in me thinks not.”

Kemshall discusses an unnamed a local authority which is waiting for its SecurID tokens to be replaced by RSA. "We were astounded to find that the organisation was actually pretty blasé and said they didn’t feel there was a huge risk. This is naďve as, not only is there proof that the tokens are insecure as another organisation has been hacked, but why else would RSA go to the expense of replacing them if there wasn’t a problem?”

Talking of LulzSec and Anonymous, Kemshall said there was "much to be learnt from their expertise and raw talent."

He added: “These techies are up to speed and are useful to the industry – we need them! What people choose to ignore is many of today’s experts are ex-hackers themselves so Anonymous and LulzSec are actually tomorrow’s authority. They offer fresh ideas and they’re exposing new vulnerabilities that the ‘good guys’ may not yet have seen or even considered.
Click here to find out more!

"The simple truth is that we’re going to need their expertise if we’re to defend ourselves against other countries and those malicious hackers who are out for financial gain. Instead of persecuting them, we need to recognise their talent, embrace their expertise and encourage them across from the dark side to turn their expertise into something constructive rather than destructive.”

Read more: http://www.thinq.co.uk/20(...)-lulz/#ixzz1QZAetA6i

quote:

Operation Anti-Security: Anonymous release the identities of 2800 Columbian Black Eagles Special Police Unit members

Hacktivist group Anonymous today posted the names of 2800 of the right-wing Columbian Black Eagles Special Police Unit's members online, the published data has been credited as part of it and LulzSec's ongoing Operation Anti-Security.

The data was revealed earlier today via Anonymous Twitter feed. The tweet read, "#AntiSec Results: http://bit.ly/mw48D5 | List of ~2800 officers from the Peruvian Águilas Negras (Black Eagles Special Police Unit)".

The Black Eagles, or Aguilas Negras as the group is known in its native Columbia, are collection of fragmented right wing, counter-revolutionary, paramilitary cells, thought to have been born from the paramilitary Self-Defense Units of Colombia (AUC).

The AUC faction the group originated from was an umbrella organisation of death squads designed to combat the Columbia's leftist guerrilla fighters and generate income through drug trafficking.

The group is commonly thought to have no centralised authority and is fragmented into different cells each with its own chain of command.

The Black Eagles group is infamous for its involvement in numerous massacres and mass displacements across Columbia. As well as drug trafficking, certain cells have been linked to kidnapping, extortion and racketeering.

The release was credited as being a part of it and LulzSec's ongoing Operation Anti-Security. The operation is a new cyber campaign led by the two hacking collectives designed to protest and combat any and all institutions or governments attempts to censor or moderate the internet.

Already its brother-in-arms LulzSec has taken credit for attacks and hacks on Arizona law enforcement, the U.K.'s Serious Organised Crime Agency and two Brazilian Government owned websites.

Anonymous is yet to release a formal statement outlining its reasons for the hack.

quote:

http://www.bronkerk.nl/page/page.php?ID=1

De site van de Bronkerk te Ugchelen is helaas niet bereikbaar. Dit komt door hackerspraktijken. Wij hopen dat wij zo snel mogelijk contact krijgen met deze hacker.

SPOILER

Om spoilers te kunnen lezen moet je zijn ingelogd. Je moet je daarvoor eerst gratis Registreren. Ook kun je spoilers niet lezen als je een ban hebt.

quote:

https://thepiratebay.org/torrent/6502765/antisec01

---- #ANTISEC ---- #ANONYMOUS ---- #HELLOCLOWNS ----

This is the first official #antisec release and within this archive you will find:

* ) Zimbabwean government dumps
* ) Mosman Municipal Council (mosman.nsw.gov.au) dump
* ) Universal Music Group Partners dump 1 & 2 containing umusic.com's user:passwords
and other data
* ) Viacom dump containing internal mapping of Viacom and its servers
* ) Assorted Brazillian Government dumps and passwords

Greetings fellow Anons, Swashbuckers and Lizards.

It has been a week since the LulzBoat lowered the LulzSec flag, she now proudly flies under the #AntiSec colors. Since this day, the movement is organized by a flotilla of independent but allied vessels.

In this short time, the friendly vessels were able to capture copious amounts of booty, all claimed in the name of #AntiSec. Make no mistake: While the LulzBoat is still sailing with us (albeit not with the LulzSec flag), the objective of #AntiSec is different. Despite being still driven by Lulz and therefore also providing them, the mission has become larger than us. #AntiSec is more than Lulz and more than even Anonymous: It is our true belief that this movement has the capability to change the world. And should that fail, we will at least rock the world.

Thus, the introductory #AntiSec release (dubbed AntiSec-001) does not contain the type of data that a typical Lulz Lizard can just abuse mindlessly. Instead, we provide material that is primarily against corrupt Governments (in our world this is all Governments) and corrupt companies. And keep in mind: #AntiSec vessels have a very large cache of valuable goods aboard; the crews are currently working hard to sort the loot in a way that even the lousy media sailboats are able to just grab it and sail away for the horizon. You will hear from us very soon.

And always remember: Let it flow and it will flow back to you.

#AntiSec
irc.anonops.li

quote:

AntiSec Slams Arizona Cops (Again) with Super Personal Data Spill

Looks like last week's "Chinga La Migra" strike against the Arizona Border Police was only part one—the sequel's landed today, and this time it's personal. Like, really personal: Anonymous is claiming social security numbers, girlfriend pics, and more. [...]

quote:

In this second bulletin, we're dumping booty pirated from a dozen Arizona police officer's personal email accounts looking specifically for humiliating dirt. This leak has names, addresses, phone numbers, passwords, social security numbers, online dating account info, voicemails, chat logs, and seductive girlfriend pictures belonging to a dozen Arizona police officers. We found more internal police reports, cops forwarding racist chain emails, k9 drug unit cops who use percocets, and a convicted sex offender who was part of FOP Maricopa Lodge Five.

We also hit the AZDPS spokesperson Stephen Harrison who been bragging to the news about how they are upgrading their security and how they will catch the evil hackers who exposed them. Clearly not secure enough, because we owned his personal hotmail, facebook and match.com accounts and dumped all his personal details for the world to see. The same fate will meet anyone else who tries to paint us as terrorists in an Orwellian attempt to pass more pro-censorship or racial-profiling police state laws.

quote:

Security researchers discover 'indestructible' botnet

More than four million PCs have been enrolled in a botnet security experts say is almost "indestructible".

The botnet, known as TDL, targets Windows PCs and is difficult to detect and shut down.

Code that hijacks a PC hides in places security software rarely looks and the botnet is controlled using custom-made encryption.

Security researchers said recent botnet shutdowns had made TDL's controllers harden it against investigation.

The 4.5 million PCs have become victims over the last three months following the appearance of the fourth version of the TDL virus.

The changes introduced in TDL-4 made it the "most sophisticated threat today," wrote Kaspersky Labs security researchers Sergey Golovanov and Igor Soumenkov in a detailed analysis of the virus.

"The owners of TDL are essentially trying to create an 'indestructible' botnet that is protected against attacks, competitors, and anti-virus companies," wrote the researchers.

Recent successes by security companies and law enforcement against botnets have led to spam levels dropping to about 75% of all e-mail sent, shows analysis by Symantec.

A botnet is a network of home computers that have been infected by a virus that allows a hi-tech criminal to use them remotely. Often botnet controllers steal data from victims' PCs or use the machines to send out spam or carry out other attacks.

The TDL virus spreads via booby-trapped websites and infects a machine by exploiting unpatched vulnerabilities. The virus has been found lurking on sites offering porn and pirated movies as well as those that let people store video and image files.
Continue reading the main story
“Start Quote

It's definitely one of the most sophisticated botnets out there”

Joe Stewart

The virus installs itself in a Windows system file known as the master boot record. This file holds the list of instructions to get a computer started and is a good place to hide because it is rarely scanned by standard anti-virus programs.

The majority of victims, 28%, are in the US but significant numbers are in India (7%) and the UK (5%). Smaller numbers, 3%, are found in France, Germany and Canada.

However, wrote the researchers, it is the way the botnet operates that makes it so hard to tackle and shut down.

The makers of TDL-4 have cooked up their own encryption system to protect communication between those controlling the botnet. This makes it hard to do any significant analysis of traffic between hijacked PCs and the botnet's controllers.

In addition, TDL-4 sends out instructions to infected machines using a public peer-to-peer network rather than centralised command systems. This foils analysis because it removes the need for command servers that regularly communicate with infected machines.

"For all intents and purposes, [TDL-4] is very tough to remove," said Joe Stewart, director of malware research at Dell SecureWorks to Computerworld. "It's definitely one of the most sophisticated botnets out there."

However, the sophistication of TDL-4 might aid in its downfall, said the Kaspersky researchers who found bugs in the complex code. This let them pry on databases logging how many infections TDL-4 had racked up and was aiding their investigation into its creators.

quote:

Anonymous Launches A WikiLeaks For Hackers: HackerLeaks

Despite countless WikiLeaks copycats popping up since the secret-spilling site first dumped its cache of State Department cables last year, the new generation of leaking sites has produced few WikiLeaks-sized scoops. So instead of waiting for insider whistleblowers, the hacker movement Anonymous hopes that a few outside intruders might start the leaks flowing.

Earlier this week members of the hacker collective, and specifically a sub-group known as the People’s Liberation Front, (PLF) launched two new leaking sites, LocalLeaks.tk (not to be confused with the similarly named Localeaks.com) and HackerLeaks.tk. Both hope to receive documents through anonymous submission channel, analyze them, and then distribute them to the press to get “maximum exposure and political impact.”

But while LocalLeaks aims to use WikiLeaks’ model of insider sources to expose corruption on the local scale, HackerLeaks openly invites data thieves to upload documents through its submission system, so that they can be analyzed and publicized. “You download it, we’ll disclose it for you,” the site’s homepage reads, listing potential booty such as “databases, exploits, security flaws, documents, and email spools.”

On Tuesday, according to one of the hackers involved who goes by the name Commander X, the leaking site got its first submission: a list of the personal details of Orlando officials including addresses, home values, incomes and other data. That “leak,” which Commander X says was submitted anonymously to HackerLeaks but posted, confusingly, on LocalLeaks, comes as Anonymous has been in the middle of what it calls “Operation Orlando.” Since early Tuesday hackers have been launching attacks on Orlando-based targets including OrlandoFloridaGuide.com and the websites of the Orlando Chamber of Commerce and Universal Studios in retaliation for arrests of Orlando workers for the non-profit Food Not Bombs who lacked permits.

“These are the folks that wrote and are enforcing a very brutal law against very poor people,” Commander X, who says he is serving as the current “editor in chief” of the two sites, wrote to me over instant message. ”They themselves appear to be very very rich, so we thought we would point that out.”

And why is a leaking site necessary for hackers, who have lately used sites like Pastebin to publish information on their own? Commander X argues that Anonymous and the PLF already have connections to press that can help better expose important data, and that they hope to also provide “unique and enlightening analysis.”

“We just wanted to make our own offering, compete in the disclosure marketplace and maybe fill a unique role if we can,” writes Commander X. He argues that part of that unique role is that HackerLeaks will be legal, despite publishing hacked materials. “We don’t obtain this material. We merely publish it. This violates no sane law anywhere.”

That’s an argument that sound much like the one used by WikiLeaks, which has also published hacked data including Sarah Palin’s emails and East Anglia University’s stolen emails related to climate change.

But that legal stance may be a tough sell for Commander X of all people. Although he refused to comment on whether he had engaged directly in illegal hacking, he describes himself as “field commander of a global cyber militia” and says that he has had some part in Anonymous operations that have involved attacks on Visa, MasterCard, and PayPal in retaliation for their severing ties with WikiLeaks, as well as attacks on the governments of Tunisia, Iran, and Egypt.

Commander X was also named by HBGary Federal chief executive Aaron Barr in a planned presentation to out Anonymous’ leaders. But Barr misidentified Commander X, who tells me is a “50ish” American hacker, as Ben De Vries, the founder of a Facebook group called Global Strike 2011. Barr’s digging incited Anonymous to attack HBGary Federal, dumping thousands of its emails in February on a site called AnonLeaks, Anonymous’ first experimentation with a WikiLeaks-like interface. Barr resigned later that month. Commander X says he wasn’t involved in the HBGary hack.

Commander X’s subgroup of Anonymous isn’t the only one that’s getting into the leaking game. The last release from the hacker group LulzSec included half a gigabyte of data from AT&T that has been reported to have come from an insider source at the company.

As part of its ongoing campaign known as AntiSec, aimed at exposing corporate and government data and humiliating security firms, one Anonymous twitter feed suggested earlier this week that leakers contact the group over IRC to spill insider secrets: “If you are working for a corrupt government/company: Leak the data.”

quote:

Report: FBI Raids Home of Woman With LulzSec, Anonymous Ties

When LulzSec closed up shop over the weekend, there were questions as to whether they were running from the authorities. Though no LulzSec-specific arrests have been made, it appears that U.S. authorities are actively pursuing those carrying out these types of hacks.

In an interview with Gawker, 29-year-old Laurelai Bailey said her Iowa home was raided last week by FBI agents looking for dirt on hackers with whom Bailey had been associating. The agents were reportedly looking into the February cyber attack on HBGary Federal carried out by Anonymous.

Bailey said the FBI was there for five hours, and took hard drives, a camera, and other equipment. The agents also asked her if she could infiltrate the hacking community, indicating a particular interest in a hacker known as "Kayla." As far as LulzSec goes, however, Bailey is not exactly their favorite person because she leaked the IRC logs detailing the HBGary Federal attack.

The reported Twitter account for "Kayla" includes a message that says users reaching the feed via Gawker "just got trolled." The LulzSec Exposed blog also claims the raid never happened.

Bailey denied being involved in any illegal hacking activity.

Among one of LulzSec's final targets, meanwhile, was the Arizona Department of Public Safety. In a Monday statement, the agency said LulzSec's demise does not mean it will stop its investigation.

"While the department noted that LulzSec has decided to disband, it does not diminish the intrusion into the privacy of our officers and the release of sensitive information. Nor does this relieve them of their criminal responsibility which may include both federal and state charges," the department said.

The department's email system was compromised during the week of June 20, and data from that system was posted online. "There is no evidence the attack has breached the servers or computer systems of DPS, nor the larger state network. Likewise, there is no evidence that DPS records related to ongoing investigations or other sensitive matters have been compromised," officials said.

At this point, remote access to DPS email remains frozen and the agency now has 24-7 monitoring of its Internet gateway.

For more, see PCMag's Guide to Knowing Your Hackers, as well as 50 Days of Mayhem: How LulzSec Changed Hacktivism Forever, and Did LulzSec Change the Hacking Game, or Just Get Lucky?

Update: The Anonymous collective on Wednesday released a new batch of data stolen from the Arizona Department of Public Safety, which includes everything from Social Security numbers to voicemails.

For more from Chloe, follow her on Twitter @ChloeAlbanesius.

quote:

Google is Your Friend - If You're a Lulzer

While the digital paparazzi were lined up waiting to snap photos of the Lulzboat crew getting vanned, some of us focused on how this collection of low tech script kiddies were able to knock over SONY, AT&T, the CIA, Arizona's DPS and numerous other sites and make off with highly confidential contents again and again.

It turns out that they had an accomplice, Google. Now before the good townspeople grab their torches and pitchforks and beat a hasty path to Mountain View, let it be known that Google's part in these massive hacks isn't actually Google's fault.

Or perhaps it can be if the public still wants to blame them anyway and question why this information is there on Google for the taking in the first place. But that's not really the issue at all.

The blame in my opinion lies once again with the administrators of the sites which were attacked. Google merely indexed the available booty for the lulzers and others and left the cardboard box on the curb where it could be picked up by anyone who drove by.

After all, page crawls weren't considered privileged information - they're all part of the "public internet" available to anyone who drops by.

How could this be? How could Google allow these kids to troll the internet and easily locate SQLi vulnerabilities or remote logins, passwords or even entire databases for the taking without any real effort at all? Simple.

A little thing known as SEO, sitemaps and the little spiders that go bump in the night. Let's look at the problem, along with a few specifics since the bad guys have been doing this for years and years and it's not a secret at all. Then I will explain what site admins can do to see to it that this information is not left at the curb any longer.

The problem:

Copy and paste the following into a Google searches in a new window. I'll wait:

filetype:sql hotmail gmail password

or

inurl:"login.(asp|php) inurl:"id=1"

You can try the above and substitute any of these too:

* userid=
* index=
* form=
* username=

You might even see some major security companies and governments turn up in there. For extra credit, use the "site:your website url here" and see what comes up on yours!

THIS is what the script kiddies do when they do their Google drive-bys. The victims of lulzsec and others fell because of such simple Google searches, and they're made even easier when you have a target URL in mind to play "anybody home?"

As long as Google has it in their indexes, and you know the keywords to search for sites, then it certainly isn't "nuclear brain science" when an injectable site is found.

There's plenty of tools to automate the attacks on the database behind the site once you know how to POST or GET to it. I've seen apologists claim "we don't use MYSQL."

Rest assured that there are exploit GUI's readily available for PostgreSQL, MSSQL and Oracle as well as lesser and older databases. If it's there, and they can find it, and they can talk to it, and you're not properly filtering what can get to it, your site could very well be the next breaking news story.

quote:

Anonymous, Food Not Bombs to test Orlando police Monday by feeding homeless

Hacker activists with the protest group "Anonymous" have in recent weeks taken down over a half-dozen major Orlando, Florida-based websites and spammed tens of thousands of unsolicited faxes all over the city as a response to an ordinance that prohibits feeding homeless people in public parks.

In a release Friday on the progress of what they called "Operation Orlando," the group insisted that its efforts were in no way connected to the activists with Food Not Bombs (FNB), who've been arrested for feeding the homeless in a city park.

Keith McHenry, who helped found the group 30 years ago, was arrested last week and is still imprisoned. McHenry's view is that food is a right, not a privilege, so he and the group refused to abide by the law.

In response to the arrests, Anonymous toppled the websites of the Orlando Chamber of Commerce, the Orlando International Airport, Orlando's fraternal Order of Police, the mayor's reelection site and two popular tourist and events websites featuring the city's attractions.

They have also sent an image (pictured) of Walt Disney mascot Mickey Mouse, face covered by a Guy Fawkes mask, to tens of thousands of fax machines and Orlando-based email addresses, in an effort to drum up support for feeding the homeless.

"[The] Mayor has called us criminals and terrorists," the hackers wrote, in an advisory. "We'll own the criminal label. All revolutionaries are by definition criminals."

They added that they hoped to "follow in the footsteps" of Dr. Martin Luther King, Jr. by creating "a way to wage war peacefully," which they believe to have accomplished. They also demanded that McHenry be released and the city's ordinance be repealed, or they would continue their hacking campaign.

Anonymous's release also noted that FNB plans to be out in Orlando at 9 a.m. on Monday, July 4, to continue their work by feeding homeless people in the park -- publicly flouting the city's law, which could cause officers to swoop in and make arrests.

"Come to protest, or to serve food with FNB," Anonymous urged. "Or bring your own tables and food and serve beside them. [We] call upon all our brother and sister Anons in Florida to don your masks and do the same."

quote:

http://paste2.org/p/1499524

So, this is a little ironic. Here is inside details of florida voting systems. Now.. who still believes voting isn't rigged? If the United States Government can't even keep their ballot systems secure, why trust them at all? FAIL!

quote:

Florida voting database leaked, can they keep anything safe?

Florida has seen its 2nd leak today, 1st being here with both leaks being done by @Abhaxas via twitter.

This one is from the voting system and consist of candidates , races , poll worker users details, voter stats and is dated upto 2010. Although it may not be totally vital now, it gives an insight to the operations that go on behind the scenes and the people involved.


This just goes to show how unsecure so many government office’s are and they need to learn a big lesson and start protecting the clients information and data about the companys and its business actions.

Orginal post here:

http://pastebin.com/CCN3u7CV

or

http://paste2.org/followup/1499524

quote:

#OPesr; Anonymous files Lawsuit against the FED

#OPesr; Anonymous files Lawsuite against the FED

This is a message from Anonymous to you.

We cordially invite any and all, Anonymous and non-anons, to join OpESR in demanding Federal Reserve accountability.

We are crafting a class action lawsuit against the Fed.

Can you provide legal and research support?

Please respond by submitting a http://typewith.me pad to one of our *connectors in Anonymous.

If you can help us, get in contact with one of our *connectors by logging into our public chat area at: http://A99.FSS34.COM

This is a class action lawsuit against the private Federal Reserve Bank and it's shareholders.

It falls under the Racketeer Influenced and Corrupt Organizations (RICO) Act of 1970 for criminal acts of Fraud, Usury, Conspiracy to commit Grand Larceny and Theft by Deception, and for systematically looting the Treasury of The United States of America for a total that has yet to be determined.

For nearly 100 years, The Federal Reserve Bank has debased and debauched our currency by illegally authorizing an ODIOUS DEBT to be encumbered by our citizens without their knowledge, or in any way for their collective benefit.

The Fed, allowed Banks to defraud the American public, so as to leave them living like refugees in their own land. This ruthless cabal now has the temerity to pass off this ODIOUS DEBT to the American people, thereby destroying not only our future, but Americas' ability to be a free, sovereign nation.

The US Constitution says we have to go against domestic enemies.

The Fed, allowed this crisis to happen, they allowed banks to kick you out of your homes to pay their bills.

The Fed, allowed people to live on the streets, hungry.

And the Fed, got paid for it.

Something is very wrong, don't you think.

So, are you going to stay seated in front of your TV, PC or whatever and let them do whatever they want?

COME ON! WAKE UP AMERICA!!!

DO SOMETHING, NOT JUST FOR YOU, BUT FOR YOUR SOCIETY!

For your children, for your children's children!

Or they are destined to be enslaved by a fraudulent national debt created by the greed of the 1.

So, Anonymous or not, it doesn't matter.

What we ask is that you spread the Truth and take ACTION!

WE ARE ANONYMOUS.

WE DO NOT FORGIVE.

WE DO NOT FORGET.

EXPECT US."

quote:

On More Effective Doxing

N.B. This is largely in response to LulzSec Exposed (Team Web Ninjas) post about Gawker’s Adrian Chen getting information wrong.

I dislike writing tl;dr sorts of things, but I felt that it was necessary to say something. I realize that there are many people out there who are currently engaged in the hunt for LulzSec/#antisec/Anonymous and are publishing various dox in the hopes of outing members so that they will stop their activities and/or are arrested. However, there has been a plethora of both misinformation and disinformation spread regarding the identities of these people. While I understand the desire to uncover some truly useful information and reveal it in the showiest way possible, there is an important consideration to be made: whether or not those dox are actually correct. There are a number of people who have, for whatever reason, been incorrectly doxed as members of LulzSec/Anonymous/whatever else and have been harassed as a consequence. I believe that the continued spread of incorrect dox will only contribute to additional collateral damage. There are some simple things that any researcher can do to help stem the flow of misinformation and make the doxing process more effective for everyone.

quote:

AnonymousIRC AnonymousIRC
We've been sitting on pepper.nl database for a while. Didn't want to abuse it but if we have it, someone worse has, too. Better tell you.

quote:

Op zondag 3 juli 2011 15:59 schreef YazooW het volgende:

[..]

Nu zal er vast een zeker een onderzoek komen naar wie de hackers zijn etc etc. Maar zullen ze nu ook onderzoek gaan doen naar pepper.nl die gewoon zeer slecht zijn omgegaan met de persoonlijke gegevens van hun users?

quote:

http://webwereld.nl/nieuw(...)te-rtl---update.html
De wachtwoorden zijn wel gehashed, maar volgens kenners zijn de wachtwoorden redelijk eenvoudig te achterhalen. Wie kan inloggen, kan vervolgens de zeer privacygevoelige en persoonlijke berichten van de gebruikers lezen.

quote:

RedHack Press Release 03/07/11

Our people from all nationalities and Revolutionary,
Democrat, Patriotic and Opposition Comrades,

Since 1997 our objective is, to be the “common voice” of revolutionaries in digital arena and have carried out our actions according to this strategy. On the anniversary of Sivas Massacre which took place on 2nd July 1993 and resulted in death of thirty-five intellectuals, singer, authors and poets; we have hacked hundreds of websites belongs to Adnan Oktar also known as Harun Yahya bigot and collaborating fascist websites in order to announce that we have not forgotten this massacre and will not let it be forgotten. We have also taken opportunity to highlight the censorship laws due to take effect in Turkey and strongly protest this. We deface 1000+ domain for anti-censorship

Adnan Oktar is responsible of forced shutdown of lots of sites in Turkey. He has send a police to the addresses of online dictionary writers and got them arrested just because they have criticised him. While we are engaged in the activities of AntiSec, it has been our honour to show our reaction in the name of our people, to stop this vile bigoted man who uses his estate and his money for his paranoid and fascist ideas. (WordPress.com has been blocked by Turkey 2007.) It has been our honour to show our reaction in the name of our people, to stop this vile bigoted man who uses his estate and his money for his paranoid and fascist ideas, while we are engaged in the activities of AntiSec.

These attacks have taken place to send a clear message to the authorities and the canines of the system that we are still strong and will do everything in our power to raise our voice against the censorship laws which are an attack to our human rights. We will act together with AntiSec and Anons to continue our fight against the hands that are reaching to silence our internet.
We will also announce the server data and the details of this hacking operation in the future.

Acronym of the defacement (hacking) text:

The Perpetrators of the Sivas Massacre are still amongst us!
We have not forgotten! We will ask for the account of this massacre!

It’s been 16 years since this massacre took place and the perpetrators are not far away from us, they are the ones who governs us.

Who are the murderers?
The President of Turkey Abdullah Gul; defender of 6th Navy Fleet of USA while they were poured out to the sea in 1969 by the revolutionaries.

Prime Minister of Turkey Recep Tayyip Erdogan, the servant of USA under oath, the loyal guard of Imperialism, the enemy of the working class of Turkey, ruler of Greater Middle East Initiative.

The murderers are the defenders of military coups, spokesperson of USA’s Moderate Islam project such as Feytullah Gulen and Adnan Oktar whose brains are full of pornography.
(Addressed to Adnan Oktar)

You believe you are a man by operating hundreds of websites that spreads groundless articles and claim that they are an “opinion” through stealing from ordinary people by using the religion. You act instantly to shut down the sites which are opposing you. We heard that you were so proud that your sites never been hacked. You have chosen a duty of silencing the opposition by hiding behind those in power and even send the security forces to addresses that criticise you. We have a duty to be against this and used our legitimate right of defence. You attack the common values of intellectuals by swearing at Darwin theory and Che Guevera, do you know who they are? Answer is clear, no you don’t you bigoted man. Put this in your mind Adnan Oktar, you have gone a step too far. The internet and this world are not unclaimed. Neither your people in power nor any of your forces are capable of stopping us. It is legitimate to resist against oppression and censorship.

quote:

Anonymous OperationGreenRights Pressrelease: Bayer

To The Bayer AG Corporation:

Anonymous sees your crimes and will not let them go unpunished. You have won our attention after decades of greedy abuses of humanity and nature. Bayer‐ we see you profiting off of death and destruction! We see you escape unscathed from justice! Bayer AG pharmaceutical (formerly known as IG Farben) has been involved in countless corporate abuses, which have resulted in the death of thousands in the last century. These abuses have been consistently ignored, and cannot be ignored further. Bayer’s victims are diverse and widespread, however all these deaths have been as a direct result of Bayer’s exploitive nature. These abuses include: disregard to proper and thorough investigation of chemicals, vaccines and substances; the employment of Nazi war criminals; the destruction of the environment,

and much more. Anonymous places the following crimes and accusations at the feet of Bayer. We at Anonymous are here to make you more famous, Bayer; We want your name on the lips of lads and Lords.

The grim history of Bayer:

quote:

Music Rights Groups Raided By Police, Bosses Arrested For Fraud

In a massive operation, Spanish music rights and anti-piracy groups SGAE and SDAE have been raided by more than 50 police officers and tax officials. Operation Saga is the culmination of a two-year investigation into embezzlement, fraud, and misappropriation of funds, the latter connected to SGAE and SDAE collecting money on behalf of artists and spending it with companies they have interests in. The president of SGAE was among 9 people arrested.

quote:

Fox News's hacked Twitter feed declares Obama dead

Rogue 4 July tweets on TV news channel's politics service go viral but Fox News is apparently back in control

Fox News has apparently fallen victim to hacking, with its politics Twitter feed repeatedly announcing President Barack Obama had been shot dead.

@foxnewspolitics began tweeting the information to its 33,000 followers at about 2am local time, with the posts rapidly being shared around the internet.

The rogue tweets appeared to begin after the account sent a message saying Fox had just "regained full access to our Twitter account".

The following tweets all related to the supposed death of Obama, with some posts being very specific about the president's injuries.

"@BarackObama has just passed. The President is dead. A sad 4th of July, indeed. President Barack Obama is dead," came the first tweet. The string of messages continued:

"@BarackObama has just passed. Nearly 45 minutes ago, he was shot twice in the lower pelvic area and in the neck; shooter unknown. Bled out", and then: "@BarackObama shot twice at a Ross' restaurant in Iowa while campaigning. RIP Obama, best regards to the Obama family."

Whatever the hoaxer's identity, they do not appear to have been entirely web-savvy. The first three posts revealing the president's death were directed to the @BarackObama Twitter feed, meaning only those following both accounts would have seen the messages.

The unknown tweeter appeared to realise the error of their ways, switching tack to post three more tweets that would have been seen by all followers:

"#ObamaDead, it's a sad 4th of July. RT to support the late president's family, and RIP. The shooter will be found;

"BREAKING NEWS: President @BarackObama assassinated, 2 gunshot wounds have proved too much. It's a sad 4th for #america. #obamadead RIP;

"We wish @joebiden the best of luck as our new President of the United States. In such a time of madness, there's light at the end of tunnel."

Fox News was not immediately available for comment.

quote:

Op maandag 4 juli 2011 10:51 schreef remlof het volgende:

[..]

Ik vind het kwalijkste eigenlijk dat die hackers die e-mailadressen gewoon online hebben gegooid.

Unethic hacking is zo not done.

quote:

Op maandag 4 juli 2011 14:11 schreef YazooW het volgende:

[..]

Normaal worden je gegevens gestolen en kom je er zelf waarschijnlijk nooit achter dat iemand anders jou gegevens heeft. Dankzij deze kids die de laatste alles hacken wat maar te hacken valt, en vervolgens alle gestolen data gewoon online zetten ziet de grote massa wel dat het slecht gesteld is met de beveiliging van de gemiddelde internetsite.

Dit alles zal denk ik alleen maar positieve invloed hebben op de beveiliging van internet sites, het is natuurlijk zeer slechte reclame voor je site als je database leeg getrokken wordt en vervolgens online wordt gezet. Verder zal de gemiddelde gebruiker ook wel even beter nadenken wat voor persoonlijke gegevens hij plaatst op welke sites.

quote:

Ook jij staat in superdatabase van Brits bedrijf

Het Britse conglomeraat WPP heeft een database gemaakt met daarin de profielen van 500 miljoen internetters. De superdatabase, naar eigen zeggen de grootste ter wereld, heeft een dekking van bijna 100 procent van de Nederlanders die online zijn. Kom je op internet, dan weet dit bedrijf wat je doet en wie je bent.

WPP bestaat uit een groot aantal reclame- en communicatiebedrijven, die op hun beurt weer samenwerken met derden, waaronder internetgiganten als Google. Het verzamelt informatie over internetters bij bezoek aan bepaalde websites. Leeftijd, geslacht, interesses, koopgedrag, soms zelfs huisadressen, zijn enkele zaken die WPP registreert en doorverkoopt aan veel grote adverteerders.

Of in de toekomst 100 procent van de Nederlandse internetters geregistreerd blijven in de gigantische database, is nog maar de vraag. De Tweede Kamer ging onlangs akkoord met de nieuwe Telecomwet. Daardoor is ook formeel vastgelegd dat er strengere eisen worden gesteld aan websites voor het plaatsen van cookies op de computer van de internetgebruiker. Met cookies, kleine tekstbestanden, worden gegevens over het surfgedrag en persoonlijke voorkeuren van internetgebruikers geregistreerd. Ook kan zo worden bijgehouden welke producten door internetters in een winkelwagentje zijn gedaan. WPP werkt met cookies, maar ook met andere technieken om aan data over internetters te komen.

'Op internet zijn veel websites gratis, omdat adverteerders hun boodschap willen communiceren', zegt directeur Brian Lesser van Xasis, het bedrijf dat voor WPP de database beheert, in The Independent. 'Wij ondersteunen deze interneteconomie om deze bedrijven hun doelgroep te geven.' Volgens Lesser zijn alle gegevens geanonimiseerd.

Privacy-belangenorganisatie Electronic Frontier Foundation (EFF) is toch ongerust. 'Als je weet welke websites iemand bezoekt is het vrij eenvoudig om achter de identiteit van die persoon te komen', zegt John Buckman van EFF. Volgens de organisatie zou de superdatabase ook zeer interessant zijn voor hackers.