Anonops #7: Meer is beter

quote:

NATO Server Hacked by 1337day Inj3ct0r and Backup Leaked !

Team Inj3ct0r ( 1337day ) claim to hack Apache Tomcat Version 5.5.9 of NATO. The North Atlantic Treaty Organization or NATO also called the (North) Atlantic Alliance, is an inter governmental military alliance based on the North Atlantic Treaty.

They Leak a Backup of Random 2,646 files from Server as Proof of Hack . The archive uploaded by hackers is available at http://www.mediafire.com/?s2chp1v2jqsf52z .

We talk to Team Inj3ct0r about this hack They said :1.) The Reason of Hacking is “Nuclear weapons. its development and financing”2.) They hack Tomcat 5.5 Server using 1337day privat exploit (0day) .3.) They get the root privilege to the Server.4.) They are able to Deface the website of NATO also, but they will not do this. They have just take the backup of server and trying to distribute that on Internet.

quote:

Op dinsdag 5 juli 2011 12:31 schreef YazooW het volgende:

[..]

Als je een beetje een leek bent zou je denken dat ze een Apache helikopter hebben gehackt

quote:

Valt trouwens wel op dat die geuploade bestanden met daarin de gestolen data altijd behoorlijk lang nog op die file hosting sites blijft hangen...

quote:

Amerikaanse Secret Service jaagt op hacker Fox News

De Amerikaanse Secret Service, belast met de bewaking van president Barack Obama, onderzoekt de zes valse tweets over een moord op Obama. Een woordvoerder van de Secret Service heeft dat gisteren (lokale tijd) gezegd.

Hackers verstuurden de tweets gisteren, nadat ze de Twitteraccount van de populaire tv-zender Fox News hadden gekraakt. Een zekere 'Script Kiddie' schreef dat Obama was gestorven door twee kogels. Fox News kon de valse mails pas 10 uur later verwijderen.

quote:

Op dinsdag 5 juli 2011 16:23 schreef joepie91 het volgende:
http://thenextweb.com/eu/(...)talian-police-raids/

[..]

quote:

Op dinsdag 5 juli 2011 17:29 schreef joepie91 het volgende:

[..]

Mja, je moet toch wat als je als landelijke politiemacht niet voor lul wilt staan omdat je een organisatie die geen organisatie is niet aankunt?

quote:

Op dinsdag 5 juli 2011 17:32 schreef joepie91 het volgende:

[..]

Mja goed, het werd eens tijd dat dat het geval was...

YouTube- Yoda YOU WILL BE.wmv

quote:

PyroBatNL
De gegevens van de politiebond: phttp://pastebin.com/y0VVMkPv politiebond.nl is gehackt door leden #AnonOps
19 minutes ago

quote:

lysgu Lsygu Ntpfor
look who's back RT “@_TeaMp0isoN_ As I previously tweeted: Retweet this for #anonops IRC, proof we're not dead - pastie.org/private/h6zibm…”

quote:

FBI Raids Home of Ohio Man Linked to Hacker Group

U.S. authorities raided the home of a Hamilton, Ohio, man who appeared to have links to the hacker group LulzSec, as a probe into recent high-profile computer attacks gained momentum.

Agents from the Federal Bureau of Investigation searched the home Monday, an FBI spokesman confirmed without providing any further detail. A person close to the matter said the arrested man is an alleged LulzSec member.

U.S. authorities in recent months have conducted dozens of searches as part of investigations into Anonymous, a loosely knit group of cyber activists, and splinter group LulzSec.

The groups have claimed responsibility for a number of attacks against companies and government organizations. That has prompted a global law-enforcement crackdown on the groups that has included waves of arrests across Europe and in Turkey.

British police, who are cooperating with the FBI, have made seven arrests this year as part of their probe. That includes 19-year old Ryan Cleary who had been a prominent figure in Anonymous and then LulzSec. U.K. prosecutors last week charged him with five computer-related offenses. Authorities allege he infected computers in order to form a computer network, called a botnet, that he then used to launch online attacks against websites including that of the Serious Organised Crime Agency, a U.K. equivalent of the FBI.

Essex-based Mr. Cleary, who is out on bail, is co-operating with police, his lawyer said. The lawyer added that Mr. Cleary has been diagnosed with Asperger syndrome, a form of autism. The other six individuals arrested in the U.K. have been released on bail and haven't been charged.

LulzSec recently claimed to identify a couple of individuals it said had "tried to snitch" on the group. LulzSec appeared to reveal the full names, addresses and other contact information of two U.S. men it said were involved in criminal hacks. That included details of a person going by the nickname "m_nerva" who LulzSec claimed came from Hamilton, Ohio.

The individual identified by LulzSec, who apparently had a falling out with the group, couldn't be reached for comment.

LulzSec recently said it was ending its campaigns under that banner, but members have since joined a group within Anonymous called "AntiSec," short for "antisecurity."

Anonymous is well-known to U.S. law enforcement. By late last year, the FBI was investigating attacks by Anonymous members against the movie and recording-industry when the group also started targeting individuals and organizations that had tangled with document-sharing website WikiLeaks.

In January, FBI agents conducted searches of more than 40 residences across the U.S. No arrests were announced following those searches. The bureau is also probing subsequent hacks, including of Sony Corp. and HBGary Federal LLC, and an attack on FBI-affiliated organization InfraGuard. The FBI spokesman declined to comment on the probe.

In April, the FBI raided the home of Darrin Lantz in Gig Harbor, Wash., according to court filings. Authorities suspect Mr. Lantz was involved in an Anonymous campaign against websites belonging to Gene Simmons, of rock band Kiss, in retaliation for anti-piracy comments he made, court filings say.

Authorities say the attacks knocked Mr. Simmons's websites offline for 36 hours, causing tens of thousands of dollars in damage as a result of downtime and costs associated with changing computer servers and website hosts. During one strike, Mr. Lantz's computer attacked a website 48,471 times during a 47-minute period, authorities said.

Mr. Lantz, who hasn't been charged, didn't respond to a request for comment.

quote:

Op dinsdag 5 juli 2011 18:40 schreef joepie91 het volgende:

Veel geblaat, weinig wol. Ryan had vrijwel niets met Lulzsec te maken en was zeker geen "prominent lid", en de raid op Laurelai was waarschijnlijk een onzinverhaal (oftewel misinfo).

quote:

Leaked proposals reveal UK web censorship plans
Result of closed-door discussions

Ed Vaizey, the UK's Minister for Culture, Communications and Creative Industries, has been taking part in closed meetings with copyright lobbyists, apparently working on a proposal that could amount to internet censorship.

Leaked online, the proposed "voluntary website blocking" scheme would "inhibit access to specific sites" based on the opinions of "expert bodies" and through shotgun court hearings.

Ed Vaizey has already admitted in parliament that he has held a number of roundtables with ISPs but public interest organisations like the Open Rights Group who asked to attend the meetings were denied access.

Industry bias

The document relates to copyright infringement, but has also been linked to online child safety and there are fears that it could become a one-stop-censorship-shop for anything this "expert body" deems inappropriate.

Other rights-holding organisations involved in the talks include the Football Association, the Publishers Associations, the Motion Picture Association and music industry execs.

While these organisations are keen to protect their own content and stamp out online piracy, rights infringement and plagiarism, the fact that only one group with the interests of the average consumer have been invited to participate in just one session poses a real concern.

Access to the open internet is gradually becoming a human rights issue, and taking on only the views of a biased few when discussing actively blocking websites could have longterm repercussions for Brits.

Human rights

The Digital Economy Act has already proposed blocking sites for copyright infringement, but it's an act that has been the subject of much debate and concern among web-users and some ISPs.

As the Open Rights Group says, "Open policy making that takes on board the broadest range of views is not something within the gift of politicians but a responsibility they bear."

"It is critical that policy making happens through a broad and open public debate, especially on matters that so tangibly affect rights such as access to information and freedom of expression.

"This is not simply about the rights of 'sites that facilitate infringement' or those running them. It is about the processes through which decisions are made about what you are allowed to see and do. Clumsy, quasi-judicial and unaccountable website blocking is dangerous for exactly that reason."

Via BoingBoing

Read more: http://www.techradar.com/(...)969390#ixzz1RFa6X5uT

quote:

Op dinsdag 5 juli 2011 18:45 schreef joepie91 het volgende:

[..]

Wacht, kan zijn dat die in Ohio m_nerva was, en niet Laurelai... m_nerva was inderdaad gedoxt door Lulzsec voor zover ik weet, en heeft idd een bezoekje van de FBI gehad. Laurelai was al eerder aangewezen door Anonymous (ivm de puinzooi die hij/zij aangericht had met Anonleaks), maar die is dus niet geraid, en heeft zelf waarschijnlijk misinfo lopen verspreiden.

Ik ben even kwijt welke van de twee in Ohio woonde

quote:

Exclusive first interview with key LulzSec hacker

[quote]It was early May when LulzSec's profile skyrocketed after a hack on the giant Sony corporation. LulzSec's name comes from Lulz, a corruption of LOL, often denoting laughter at the victim of a prank. For 50 days until it disbanded, the group's unique blend of humour, taunting and unapologetic data theft made it notorious. But knowing whether LulzSec was all about the "lulz" or if it owed more to its roots as part of Anonymous – the umbrella group of internet subculture and digital activism – was pure speculation. Until now.

quote:

http://pastebin.com/TvSxycCf

To all friendly and enemy vessels,

Today we want to introduce you to Nimbuzz, a Dutch company providing a free
mobile messaging application carrying the same name. This company is not
situated in just the Netherlands as they have offices in Argentina, India,
Indonesia and all over Europe. So why does this company interest us? Well,
simply put, they are capable and self-admittingly willing to co-operate with
governments to help censor the public's use of the very service they offer.

Now it should be noted that some of our blackhat friends who are extensively
involved in the AntiSec movement have had access to this company's networks for
some time. Their access to this network is best described as complete access to
everything in their network including all of their source code on Nimbuzz's svn
server. The gross incompetence of the security model put in place for this
server astounded even us.

We have access to many many networks and because of this we have to prioritize
what is of interest or use to us (or you, the public that we love so much).
However, we had some friends bring it to our attention that this Nimbuzz
company is actually enacting policies that directly go against everything
Antisec stands for. Thus, here we are.

To prove that we aren't making this up here is a document in their CMS
displaying the procedure of how, if requested, they can switch off VOIP
services BY GOVERNMENT REQUEST. A quote from the document:

"In some countries governments and/or operators have reasons for not allowing
VoIP over (mobile) data networks. They may use technical means to active
block and / or throttle the Nimbuzz traffic over their network. This results
in total, partial or severe Nimbuzz service degradation towards the end-user.

When these cases are known, Nimbuzz will open dialogue with the
government/operator. Aim is to resolve the service degradation and restore
quality of service. In return for allowing Nimbuzz service to run properly,
we can offer to switch of VoIP calls on this operator network."

The document goes further to state that Nimbuzz currently blocks all VOIP
traffic in Syria and Egypt and even includes specific data such as IP ranges
given by providers.

This is entirely unacceptable and let's make this perfectly clear:

We DO NOT tolerate any kind of censorship of communication.

We DO NOT tolerate companies working in collusion with governments to stop the
free flow of information

We WILL expose these companies to the public to show how their information can
be manipulated and censored by the governments and corporations that work with
them

Thus, we release the document mentioned above in full as well as some other
information from their CMS. As a bonus we have also acquired some code from the
/trunk directory on their svn. In total we downloaded over 120 Gigabyte of
source code but will not release it..yet.

Take heed, governments that seek to oppose the people who elect them and the
corporations who the people work for - We will not stand idly by while you take
away our electronic and physical freedom.

"People should not be afraid of their governments. Governments should be afraid
of their people."

FILE VIEW/DOWNLOAD:

VOIP Block CMS Site: http://pastehtml.com/view/azgwu5ol2.html
AntiBuzz.rar (4.25 MB): http://www.mediafire.com/?zj9q7gng34ptais

Mirrors available soon, also to be included in next torrent release. Let it flow!

quote:

2011-07-05 LocalLeaks and HackerLeaks Press Release

First we would like to thank the global media for being so attentive to the launch of our two new disclosure platforms. We would also like to thank the several dozen people who already trusted us with their sensitive leaks. It has been a remarkable week for those of us who staff these two important projects. None of us ever expected in our wildest dreams the enormity of the reaction to these two ideas.

However we have some sobering news to report. Today, Independence Day in the USA no less - our registrar has suspended our Top Level Domains and shut down both sites. Having failed to explain their reasoning we are left to assume that it was our content they didn't like, and so both HackerLeaks and LocalLeaks have been effectively silenced - censored - and shut down.

ImageThe company responsible is located at www.dot.tk and we encourage all free speech and free information advocates to contact this company and let them know exactly how you feel about censorship. We are seeking legal assistance to help us, and if you're a lawyer and can volunteer your time please contact us at PLF@cyber rights.net

We are in process of registering new Top Level Domains for HackerLeaks and LocalLeaks. The sites and the platforms themselves are fine, and anyway we have back-up copies of both sites as well as mirror servers. Both of these important offerings will be back online within 48 hours and this will not stop our project. This censorship has cost nothing other than it has prevented the world from seeing our disclosures and the people from having a safe place to disclose, and that for only a short time. We will return shortly, expect us.

SIGNED -- LocalLeaks & HackerLeaks Team

quote:

Raymond DeRoo
@rderoo
Hi, I am Raymond and due to my gross incompetence I handed our company Nimbuzz to the #antisec movement. They have all of our CMS and SVN content. Yay!

quote:

rderoo Raymond DeRoo
Hello @Nimbuzz, am I gonna keep my job? Just wondering.
15 minutes ago Favorite Retweet Reply

quote:

Anonymous: Bigger, More Contentious, More Chaotic… but Better?

Much has been made about conflicts that have arisen within the hacker community; the main stream media has made sure of that. Stories of rogue programmers sabotaging parts of networks, or supposed splinter groups pursuing alternative agendas have proliferated. Focus has been put on isolated cases, and rumors of questionable provenance, in order to present a negative opinion of Anonymous with the intent of eroding their overwhelming global support and participation.

Differences of opinion about how to achieve shared goals are the lifeblood of progress, even as they appear to be barriers. Any relationship without debate is stagnant. Any opinions discussed without dissension lack foundation. Any operation carried out without the vetting of competing strategies is poorly planned. Conflict and struggle are often necessary for progress, particularly with group dynamics, and the presence of any element of contention proves the growing strength of the Anonymous movement. The media has simply misrepresented positive group dynamics and presented them in a way that supports their anti-Anonymous narrative.

Conflict can be the harbinger of discovery when welcomed by, and dealt with as, a community of peers. The push-and-pull of passionate participants is often chaotic despite the beauty of the resolutions achieved. Democracy, in all its glory, can be a wonderfully messy and disorganized experience.

The influence of any negative elements, or destructive agendas, such as those present in any large community, can find fertile ground in a community that encourages equal participation within a decentralized and non-hierarchical structure. The process of dealing with these issues through inclusion, transparency, and informed debate may have the appearance of vulgarity but results in the sophisticated inclusion of all while identifying negative forces that will be expelled by the group as a whole. It’s quite democratic. Exclusion of dissension, or minority opinion, may have the appearance of efficient deliberation, but the consensus is false and the issues have been left unresolved and ignored. Sometimes you gotta get in and mix it up a little in order to solve a problem and make some progress. This is the nature of an inclusive and egalitarian community.

Anonymous has grown. It is growing exponentially. It is no longer a semi-closed, elite community of anti-Scientology activists or digital pranksters… well, not only (lulz:). The massive increase in the size of the community has brought development and maturity in the community’s sense of purpose and level of effectiveness. It is truly becoming a global community, as dynamic and multifaceted as any, but much more democratic, and far more threatening to the status quo, than others.

Thus, Anonymous is the target of main stream media assaults and the victim of repeated smear campaigns. It is the subject of disdain for politicians and CEOs, and the identified enemy of governments. It is the thorn in the side of corporations and predatory global capitalist. Anonymous unites heads of state from North America and Europe with dictators and tyrants around the world in a common goal of subversion, and censorship, against this entity that threatens their power and control.

The funny thing is, Anonymous is you. Anonymous is all of us. Anonymous is nothing more than a democratic movement of the people of the planet. Decentralized, and non-hierarchical, this movement represents the collective will of the people of this planet. However, as we are discovering, the will of the people is not the same as the will of the power-that-be. Polls of the people say one thing, but our governments always seem to vote with the corporations. People want to end the wars but our governments keep sending our young to be canon fodder for corporate expansion and resource acquisition. The divide between the people of this planet, and those that lord over them, is becoming increasingly apparent, and increasingly unacceptable.

The corporate controlled media will shine a light on those that disagree with, and seek to do harm to, Anonymous, or even those that try to undermine the credibility of Anonymous by assuming that mantle. Every large community has miscreants. The success and progress of Anonymous has not been effected by minor internal strife, quite the contrary, nor has the relentless media campaign achieved its goal. Anonymous has become a global force to be reckoned with, and this is making a lot of very powerful people very anxious.

Those that hold the power, and control the resources, do not want democracy, transparency, equality or emancipation for the people of this planet. This system is working very well for their interests. Anonymous, all of us, you and me, the people of this planet, informed, enlightened, and communicating, is their worst nightmare. We are Anonymous. We are those whom they are using all of their resources, technologies, law enforcement, and political institutions to stop, censor, and silence. We, the people of this planet, have become a serious threat to those that would own each and every one of us (as they do through imposed financial indebtedness to them) as well as our food, our water, and our planet itself.

So, before you buy into the media spin on the supposed problems within Anonymous, or conflict among hackers, take a look at the following videos. These videos are just a sampling of very current Anonymous and AnonOps operations and activities. Anonymous is now able to fight wars on multiple fronts. Anonymous is now able to directly confront some of the largest and most powerful governments and corporations on the planet. Anonymous is so big it can no longer be hidden like a digital light under a proverbial bushel, nor should it be.

quote:

THIS DOMAIN HAS BEEN SEIZED IN THE NAME OF

$$\ $$\ $$\ $$\
$$ \$$ \ $$ | \__|
$$$$$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$\ $$$$$$$\ $$$$$$\ $$$$$$$\
\_$$ $$ | \____$$\ $$ __$$\\_$$ _| $$ |$$ _____|$$ __$$\ $$ _____|
$$$$$$$$$$\ $$$$$$$ |$$ | $$ | $$ | $$ |\$$$$$$\ $$$$$$$$ |$$ /
\_$$ $$ _|$$ __$$ |$$ | $$ | $$ |$$\ $$ | \____$$\ $$ ____|$$ |
$$ |$$ | \$$$$$$$ |$$ | $$ | \$$$$ |$$ |$$$$$$$ |\$$$$$$$\ \$$$$$$$\
\__|\__| \_______|\__| \__| \____/ \__|\_______/ \_______| \_______|

Visit us on IRC, server irc.anonops.li channel #antisec

We also would like to deliver the following message from Anonymous:

quote:

AnonymousIRC AnonymousIRC
So the word is that admins have been locked out from government servers. http://icdh.gov.tr/

| Let's see when they pull the plug. #AntiSec

quote:

Anonymous eyes political role, but won't go legit

Hacker group Anonymous plans to promote an affiliated political party to attract people who share its civil liberties goals, but do not agree with its methods.

The move appears similar to those by many protest movements that floated legal organizations and parties to represent their case in political, social and legal forums. But the decentralized nature of Anonymous, which claims no central leaders or control structure, will likely make it difficult to get support from all members.

There's some evidence of that already.

Anonymous had earlier said in a video that it will stop hacks and DDoS (distributed denial of service) attacks, and will restructure the system from the inside. "Although these methods were effective in turning the media's attention to civil rights violations when our numbers were small, and we had limited options, we now have the numbers to make a difference legally," it said.

Message From TheAnonParty

The video posted on July 4 on YouTube did not go down well with some group members. It also did not prevent Antisec, a movement led by Anonymous, from hacking and defacing websites in Turkey on Wednesday.

"This (party) is just another group that wants to support the goals of Anonymous. It isn't going to replace it," said Testudo Smith, a spokesman for the group behind the push to form a political party.

Smith said the group's mission at this point is to set up an advocacy group to provide Anonymous with legal channels with which it can fight for its goals of Internet freedom and civil rights. These legal channels are what Anonymous is most lacking at the moment, he added.

A website set up for the Anonymous Party of America sets out a broad agenda for a political party that is largely focused on U.S. politics, and will work towards transparency and accountability in government, individual rights, and common sense. It calls on "any Congressman or Senator that has any honor left, to resign from their corrupted parties and join our call for and end to the present system".

The group might find it difficult to gain legitimacy if other hackers, under the banner of Anonymous, continue to carry out attacks on the websites and networks of companies and organizations.

Smith admitted that getting all hackers to support his group's goals would be difficult.

"We have no control over Anonymous as a whole. There aren't any leaders, and it would be futile to attempt to control Anonymous," Smith said.

But should the political pressure group gain widespread support, the group has grander plans.

"Eventually, when we have enough support, and if we think that it is the best way to make a political impact, then we will register ourselves," Smith said. That's in the very long term though, he added.

Anonymous has been the target of police actions in some countries, including Turkey, Spain, Italy, and the U.K. It also found itself alienated from the mainstream population that supports Internet freedom and individual rights, but were not in favor of the group's methods.

quote:

http://thepiratebay.org/torrent/6525567

Today we release the ownage of another government-contracted IT company, IRC
Federal. They brag about their multi-million dollar partnership with the FBI,
Army, Navy, NASA, and the Department of Justice, selling out their "skills" to
the US empire. So we laid nuclear waste to their systems, owning their pathetic
windows box, dropping their databases and private emails, and defaced their
professional looking website.

In their emails we found various contracts, development schematics, and internal
documents for various government institutions including a proposal for the FBI
to develop a "Special Identities Modernization (SIM) Project" to "reduce
terrorist and criminal activity by protecting all records associated with
trusted individuals and revealing the identities of those individuals who may
pose serious risk to the United States and its allies". We also found
fingerprinting contracts for the DOJ, biometrics development for the military,
and strategy contracts for the "National Nuclear Security Administration
Nuclear Weapons Complex".

Additionally we found login info to various VPNs and several Department of
Energy login access panels that we are dumping *live* complete with some URLs
to live ASP file browser and upload backdoors - let's see how long it takes for
them to remove it (don't worry we'll keep putting it back up until they pull
the box ;D)

Before we begin the drop, a personal message to the employees of IRC Federal:

If you place any value on freedom, then stop working for the oligarchy
and start working against it. Stop aiding the corporations and a government
which uses unethical means to corner vast amounts of wealth and proceed
to flagrantly abuse their power. Together, we have the power to change
this world for the better.

“He who passively accepts evil is as much involved in it as he who helps
to perpetuate it.” –Martin Luther King, Jr.

Props to our black hat and antisec comrades: bantown, dikline,
h0no, phrack high council, ~el8 and all you kick-ass motherfuckers
we've never even heard of. Thank you.


################################################################################
## own & rm # own & rm # own & rm # own & rm # own & rm # own & rm # own & rm ##
################################################################################

ello ej33t hax0urz! We decided to throw in a little bonus for those of you that
sojourned through this boring-ass document to give you a little taste (and
hopefully some ideas!) of how this went down.

Before you Adrian Lamo-type el33t (lololol !!!) hackers get sticks up your
asses, just keep the previous doc in mind and remember: even if all you can do
is sql injection, you're still ~300% more talented than most grandmas!
h0h00h0h0!!! (srsly tho)

http://www.ircfederal.com(...)0select%201,username,
mynumber,1%20FROM%20logins%20WHERE%20username%20%3C%3E%20%27bhunt%27

# admin login!

Once we had the admin login, there was a script to upload images. They had
blacklisted extensions (note to self: a whitelist would be more appropriate
here!), that disallowed ASP among others. What they didn't check for was .cfm

There were a few others as well. There was an internal phpbb database that we
downloaded and cracked and got some email passwords.

So now you know! Protect your shit and keepz it realz!

################################################################################
## own & rm # own & rm # own & rm # own & rm # own & rm # own & rm # own & rm ##
################################################################################

quote:

Op zaterdag 9 juli 2011 00:24 schreef Yuri_Boyka het volgende:
Bestond Anon al in 2008?

Message to Scientology

quote:

Op zaterdag 9 juli 2011 09:55 schreef RobertoCarlos het volgende:
Stel dat iemand kritiek heeft op anonops, wordt die persoon dan aangepakt of is dat dan het vrije woord?

quote:

Anonymous threatens police over phone hacking and Julian Assange


Senior source inside hacker collective seeks to embarrass Metropolitan police and judges with 'explosive' revelations

Figures at the top of hackers' collective Anonymous are threatening to attack the Metropolitan police's computer systems and those controlled by the UK judicial system, warning that Tuesday will be "the biggest day in Anonymous's history".

The collective is understood to be seeking to express anger over News International's phone hacking and at the threatened extradition of WikiLeaks founder Julian Assange.

A Twitter feed purporting to belong to Sabu, a senior figure within the group and the founder of the spin-off group LulzSec, which hacked a site linked to the CIA and the UK's Serious Organised Crime Agency, promised two releases of information would be launched within a day.

"Everyone brace," he tweeted. "This will be literally explosive."

A follow-up message read: "ATTN Intelligence community: Your contractors have failed you. Tomorrow is the beginning."

The account, @anonymouSabu, has not been verified as belonging to Sabu – but it has over 7,700 followers and has been referenced by the "official" Anonymous @anon_central account on Twitter.

Sources close to the collective were unusually close-lipped about the targets of tomorrow's hack, but talk within chat channels has suggested several top-level members of Anonymous are eager to launch attacks based around Julian Assange's appeal hearing against extradition, which begins on Tuesday.

Others are also believed to have proposed targeting the Met in retaliation for alleged payments to police officers by News of the World reporters, and the general response to the phone hacking scandal.

Other speculation centres around material claimed to have been obtained last week from contractors relating to security and secrecy of "former world leaders", or plans to target a senior leaders' retreat at Bohemian Grove, California.

As is typical in the chaotic and occasionally paranoid Anonymous community, other sources close to the collective are warning some prominent members are probably engaging in "disinformation campaigns" ahead of any action.

Communication problems around the planned releases were compounded as the main chat channel used by Anonymous was offline for much of Monday, leaving even those close to senior members of the collective unable to verify rumours ahead of the release.

Rumours on Friday suggested that one Anonymous member had broken into the News International servers and taken copies of some internal emails which were being offered for sale or even ransom. However this could not be confirmed, and the Guardian has not seen any evidence that the claimed email stash is legitimate, although News International's site is understood to have been "probed" by members of Anonymous at the end of last week.

Last Wednesday, two days after the Dowler revelations, a listing of emails of NoW staff appeared on Pastebin, a favourite site for posting the results – or beginnings – of attacks against all sorts of sites by Anonymous and other hacker groups.

One source told the Guardian that News International's server had been probed for up to 30 minutes at a time last week by hackers using "proxy chaining" – a method of logging in via a number of remote computers – to disguise their identity. "Everyone thinks Interpol will get involved at some point," the source said.

The hackers' anger at the company was ignited by the revelation last week that a private detective acting for NoW had listened into voicemails on the phone of the murdered teenager Milly Dowler, which may have interfered with the police investigation to find her.

Anonymous has previously attacked PayPal and Visa over their refusal, following orders from the US government, to process donations for WikiLeaks. It has also carried out online attacks against the Church of Scientology over what is seen as suppression of information.

quote:

Military Meltdown Monday


Hello Thar!

Today we want to turn our attention to Booz Allen Hamilton, whose core business
is contractual work completed on behalf of the US federal government, foremost
on defense and homeland security matters, and limited engagements of foreign
governments specific to U.S. military assistance programs.

So in this line of work you'd expect them to sail the seven proxseas with a
state- of-the-art battleship, right? Well you may be as surprised as we were
when we found their vessel being a puny wooden barge.

We infiltrated a server on their network that basically had no security
measures in place. We were able to run our own application, which turned out to
be a shell and began plundering some booty. Most shiny is probably a list of
roughly 90,000 military emails and password hashes (md5, non-salted of course!).
We also added the complete sqldump, compressed ~50mb, for a good measure.

We also were able to access their svn, grabbing 4gb of source code. But this
was deemed insignificant and a waste of valuable space, so we merely grabbed
it, and wiped it from their system.

Additionally we found some related datas on different servers we got access to
after finding credentials in the Booz Allen System. We added anything which
could be interesting.

And last but not least we found maps and keys for various other treasure chests
buried on the islands of government agencies, federal contractors and shady
whitehat companies. This material surely will keep our blackhat friends busy
for a while.

A shoutout to all friendly vessels: Always remember, let it flow!

http://wikisend.com/download/405742/military_email_pw.rar

#AntiSec

quote:

BONUS ROUND: BOOZ ALLEN HAMILTON KEY FACTS

quote:

BONUS ROUND TWO: ANONYMOUS INTERESTS

quote:

Enclosed is the invoice for our audit of your security systems, as well as the
auditor's conclusion.

4 hours of man power: $40.00
Network auditing: $35.00
Web-app auditing: $35.00
Network infiltration*: $0.00
Password and SQL dumping**: $200.00
Decryption of data***: $0.00
Media and press****: $0.00

Total bill: $310.00

*Price is based on the amount of effort required.
**Price is based on the amount of badly secured data to be dumped, which in
this case was a substantial figure.
***No security in place, no effort for intrusion needed.
****Trolling is our specialty, we provide this service free of charge.

Auditor's closing remarks: Pwned. U mad, bro?

We are Anonymous.
We are Legion.
We are Antisec.
We do not forgive.
We do not forget.
Expect us.

quote:

BoozAllen Booz Allen Hamilton
by AnonymousIRC
As part of @BoozAllen security policy, we generally do not comment on specific threats or actions taken against our systems.

quote:

A Glimpse into the Shady World of Romas/COIN

In February, the hacktivist group Anonymous released 70,000 emails from security firm HBGary Federal, revealing that the firm had been part of an effort to sell its information-warfare services to companies seeking to attack WikiLeaks. Barrett Brown combed through the emails and found evidence of what he says is a massive surveillance effort involving numerous security firms. According to Brown, this effort is primarily targeting the Arab world, and is evidently run for the U.S. government. Even Disney/Pixar appears to have been caught up in the effort, at least peripherally. The HBGary Federal emails suggest the alleged program, known as Romas/COIN, is about to be upgraded to a new program known as Odyssey.

quote:

What happened to all the good things we did? Scientology, Habbo, Tunisia, Egypt, true crowd power. We are left with 2 individuals who front an extend group of less than 20 individuals. Wtf.

'Why do we protest?' - We are forgetting.

Over recent months we have all stood by and watched a few members of our beloved Anonymous form their own 'splinter' group known as lulz Security. In the beginning many of us cheered them on as they provided us with the 'lulz'. As their ego's grew so did their unethical ambitions, and to be more precise their motives changed.

Around June 25th, after realizing that not only had their random spree attracted the attention of Law Enforcement but also other well-known and well respected hackers, they decided to merge back into OUR mothership - they had pissed off everybody and then wanted back in - to hide - to blend amongst the mass that is Anonymous, in order to divert unwanted attention back to all Anons.

These individuals have lost their way and lost sight of the original Anonymous ethos. They are attempting to rail-road the collective for their own agenda. Do not allow it.

They are not heroes. They are not powerful or to be feared.

They are vulnerable and they know it.

THEY DON'T SPEAK FOR ALL OF US

They have made powerful enemies, and their so-called 'friends' display the usual characteristics of either bots, or mal-adjusted children who troll and look up to fools in the abscence of a real cause. The sense of victory that some of us feel right now is false and will be short-lived. History will very soon remember these individuals as ego-driven maniacs with no cause. Pathetic individuals who thrive on releasing private information, that is endangering real people in the real world. They do this in the name of Anonymous. This is how we will be remembered too.....unless we prevent it.

Look at the feed above, that's anonymous falling apart - LIVE at the hands of a few scared and insignificant info-rapists.

It's not their anonymous, just as it's not ours. Why are we letting them treat us as theirs?

I think it's time we showed these fools how WE are legion, and we do not forgive, or forget.

df6ee8f33f8878e46149af369ef26428

quote:

Operation Green Rights\' Project Tarmaggedon

JULY 12, 2011 -- -- Operation Green Rights presents: Project Tarmeggedon

Free-thinking citizens of the world:

Anonymous' Operation Green Rights calls your attention to an urgent situation in North America perpetuated by the boundless greed of the usual suspects: Exxon Mobil, ConocoPhillips, Canadian Oil Sands Ltd., Imperial Oil, the Royal Bank of Scotland, and many others.
This week, activists are gathering along U.S. Highway 12 in Montana to protest the transformation of a serene wilderness into an industrial shipping route, bringing "megaloads" of refinery equipment to the Alberta Tar Sands in Canada (see Tar Sands FAQ Sheet below).
Anonymous now joins the struggle against "Big Oil" in the heartland of the US. We stand in solidarity with any citizen willing to protest corporate abuse. Anonymous will not stand by idly and let these environmental atrocities continue. This is not the clean energy of the future that we are being promised.

We will, over the course of the next few days, use the powers we posses to spread news about this scenario and the corporations involved. We are actively seeking leaks to expose the corruption that we all KNOW is beneath this. Anonymous will support the activists on July 13-14 when they initiate civil disobedience and direct action to confront this dire issue. We urge you to get involved. Montana and Idaho citizens, we ask you to join local protests and attend the Highway 12 rally if you are close enough! If you're not, join us in the IRC listed below for our own good times.
The continued development of the tar sands is a major step backward in the effort to curb global warming. Anonymous will not suffer this without a fight, and Operation Green Rights will always support the rights of the people to live in an unpolluted world, and aim to help safeguard it for the future. One way or another.

We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.
IRC: irc.anonops.li channel #operationgreenrights
Location of Protest: http://tinyurl.com/5sy57bg
Sign up to protest! http://www.tarsandsaction.org/sign-up/

quote:

Op dinsdag 12 juli 2011 22:42 schreef Papierversnipperaar het volgende:
http://www.whyweprotest.net

[..]

twitter:

AnonBroadcast twitterde op woensdag 13-07-2011 om 16:33:06 @LR6security #lulzsec with #jester leadership successfully DDoS'd anonyops.net,injected #whyweprotest & #trolling @anonymousabu via twitter reageer retweet

twitter:

RichRoma twitterde op woensdag 13-07-2011 om 23:08:15 @anonymouSabu Thank you for keeping your promise like a man - you said you'd affirm/deny when you are finally doxed successfully cheers m8 reageer retweet

twitter:

anonymouSabu twitterde op woensdag 13-07-2011 om 23:10:18 @RichRoma I am honest. No need to hide who I am. Now come and get me. I have more surprises up my sleeve, putahna;) reageer retweet

quote:

PayPal CSO calls for AntiSec hunt

PayPal’s chief security officer has called on the industry to reveal the identities of hackers involved in the online Anti Security (AntiSec) movement in order to stop a string of attacks against organisations.

The movement was run by activists, some within the online Anonymous collective, who had banded together with others to attack organisations it accused of corruption and censorship.

Individuals and groups hacked and launched denial of service attacks against US police, defence and intelligence departments, large technology companies and security firms, and dumped troves of sensitive data on public forums.

This had to stop, according to PayPal security chief Michael Barrett.

“I believe it’s crucial for all companies to do what they can to try to identify these individuals,” Barrett said.

“They delude themselves that they are anonymous on the internet. They are not.

"They can be found, and for the continued safety of the internet, we must identify them and have legitimate law enforcement processes appropriately punish them.”

PayPal’s own Electronic Crime and Threat Intelligence Unit, home to a veteran cybercrime investigator and former consultant to the FBI, Scotland Yard and the US Secret Service, had been on the tails of hacktivist groups for years.

The payments giant also has a personal interest in tracking down hacktivist groups. AntiSec hackers had encouraged others to attempt to access PayPal customer accounts using leaked usernames and passwords. Last year, PayPal's blog website was taken offline following a distributed denial of service attack launched by activists angry that the company had frozen a donations account used by whistle blowing website WikiLeaks.

The AntiSec movement had existed for around a decade and was loosely guided by a mission statement to reveal poor security practice and put an end to security exploit disclosure which it said gave ammunition to criminal ‘black hat’ hackers and put consumers in danger.

But that was a false philosophy, according to Barrett.

“While many of them claim to be defending the internet they love, in practice it would seem that they are only hastening its demise. A cynical interpretation would suggest that what most of them desire is actually their ‘fifteen minutes of fame’.”

He disagreed with some commentators who argued the AntiSec movement may be effective in its mission to force organisations to improve poor information security practice.

“Thoughtfully designed industry regulation” like the Payments Card Industry Data Security Standard (PCIDSS) would do a better job, according to Barrett.

“No one would suggest encouraging improved physical security in the real world by decriminalising breaking and entering and classifying it as a sport; why should the online world be any different?” he said.

The AntiSec movement was brazen. Data stolen during the attacks was typically uploaded to pastebin.org and popular filesharing and BitTorrent websites, and promoted in the relentless stream of Twitter conversations under the AntiSec hashtag.

The most recent high-profile victim of the AntiSec assaults was agricultural giant Monsanto in which 2550 names, addresses phone numbers and email addresses reportedly linked to the company were exposed.

Previous targets included the CIA, Arizona Police department and the beleaguered tech monolith Sony.

Yet for all the bravado of the attacks, Barrett said the participants, typically teenage or young men, were terrified of being arrested.

“They are terrified of being ‘vanned’ (arrested), and if enough of them are, then I believe we’ll start to see a significant reduction in the activities of these groups," he said.

If law enforcement failed to catch the perpetrators, Barrett believed the AntiSec movement would continue unchecked.

In the meantime, the security industry should keep on its toes.

“Security companies and security experts are targets too,” Ron Gula, chief executive of Tenable Network Security said.

“We should not feel that we are ‘above’ being attacked or get some sort of pass for not being a victim just because we're part of the good guy team.

“We all need to collectively watch our backs and realise that if and when we are targeted, it is a serious matter and should not be something that is taken lightly.”

quote:

The Quest to Unmask the Ringleader of Anonymous

A Wednesday blog post from a hacker known as The Jester claimed to unmask the ringleader of Anonymous. The thing is, it's pretty unclear if this claim is anything close to legit. First, let's go through The Jester's story.

Known online only as Sabu, the hacker leader The Jester claims to expose made a name for himself with an Anonymous attack on the internet security firm HBGary earlier this year. A series of internet relay chat (IRC) logs from that time period shows Sabu's leadership tendencies within Anonymous. Instructing other hackers and taking taking credit for bringing down HBGary, Sabu appears in those #HQ chat logs to be the group's mastermind. And at one point, while discussing how to set up mirror sites for the HBGary data, Sabu claims ownership of a private web domain. "I can setup anonleaks.prvt.org let me know," said Sabu in IRC. "It's one of my private domains."

On another occasion, Sabu accidentally pasted this domain (prvt.org) into the chat, and The Jester says that by using this URL and the identifying data behind it, we can trace Sabu's identity to Hugo Carvalho an IT professional from Portugal. Using the domain registry information, The Jester links prvt.org to an email address owned by Carvalho's company Host Squadron, as well as the hacker handle, Visigod, which he says Sabu used when he started his Anonymous work. As further proof, The Jester reminds us that Sabu regularly tweets in Portuguese and references Brazil, the address on the domain registry. He links to Carvalho's website, Facebook, MySpace and LinkedIn profiles to show further how he fits the Sabu profile.

The Jester's claim is suspect for a couple of reasons. First of all, Hugo Carvalho flatly denies that he's a hacker called Sabu. "I'm Hugo Carvalho, and the story behind me and this nick guy Sabu is a complete lie. Someone stole my photo from one of my Web sites and started to spread the rumor that I was affiliated with this hacking group," he said in an e-mail to CNET's Elinor Mills. "Feel free to post this e-mail in your Web site and state that there is no relation between me and anyone related to that hacking stuff."

Second, domain registry information is not that hard to change or forge. According to Domain Tools, the owner information on prvt.org has been changed 59 times since November 2007. In fact, the domain was made private from 2009 to June 23, 2011, leaving no history during Anonymous's most active time period. Without access to all those records, we might assume that The Jester is just filling in the blanks with his own theories. The Jester is the first to admit that Sabu could be using the prvt.org as a disinformation tool to mislead authorities and points to a tweet that reads, "@anonymousabu: If its not already obvious already: my!=hector/xavier/rafael lima/monsegur/de leon/kaotico/negron.Disinfos my game – enjoy the ridemates." The list is of some of the many names attached to Sabu, and "!=" is "not equal to," indicating that Sabu is saying none of them are correct.

Sabu actually preempted The Jester's latest claims on Twitter. "OK You found me. I am Hugo. I am in Portugal. Next question is: Can you stop me? " he tweeted on Monday. After The Jester's post Wednesday he went into rapid fire mode, tweeting and retweeting dozens of times an hour about the claims. "Extradite me, then I impress," he tweeted at The Jester just after the blog post went live. "The government of Portugal will not extradite me," he tweeted a few minutes later. "Lets see how far they will go. If you can extradition rights within Portugal I will impress. Next question is: where in europa?" he tweeted to a question from @revmagdalen about the claims. "So make it happen. I am personally challenging you to force your gobernment to force my gobernment to give me up. Your new task," he said in a follow up tweet.

The Jester's claim has renewed interest in unmasking Sabu, but it's a Sisyphean task. As has happened when trying to factcheck older claims to Sabu's identity--some of which have attempted to use prvt.org as a lead--the case is always pretty thin. Though rivals deny that Anonymous hackers are that talented, leaders like Sabu, kayla and Topiary have been successful at dodging or convoluting attempts to reveal their real identities. It's worth remembering that Anonymous has always described itself as a leaderless organization. "We are Legion," reads their motto.

But this peek into the finger-pointing world of hackers does reveal is a culture of superlatives and sabotage. "[Those who try to unmask us] are lonely people that are programmed to feel that they need an enemy at all times," Topiary told Gawker last month. "If we're out of their lives, they don't have much going for them." Topiary goes on to say he's not worrying about getting caught, despite the recent arrest of Anonymous-affiliated hacker Ryan Cleary in the U.K. He may be lying, but we'll never know.

Neither The Jester nor Sabu responded to requests for comment.

quote:

http://opcannabis.wordpress.com/

Welcome!

Anonymous Operation Cannabis is an awareness and reform effort. Under the banner of #OpCannabis we will be informing the public on much of the disinformation that is available and what the reality of the situation is. Through us you will also find petitions, protest dates and other resources to help us in our efforts.

Stay tuned for more information.

To join in discussion, Get I2P – Official Homepages I2PProject.net / I2P2.de Download I2P Installer v0.8.7

Point your IRC client at 127.0.0.1:6668 and /join #OpCannabis

In the meantime enjoy the following documentaries

quote:

Pentagon declares the Internet a war domain

The Pentagon released a long-promised cybersecurity plan Thursday that declares the Internet a domain of war.

The plan notably does not spell out how the U.S. military would use the Web for offensive strikes, however.

The Defense Department’s first-ever plan for cyberspace calls on the department to expand its ability to thwart attacks from other nations and groups, beef up its cyber-workforce and expand collaboration with the private sector.

Like major corporations and the rest of the federal government, the military “depends on cyberspace to function,” the DOD plan says. The U.S. military uses cyberspace for everything from carrying out military operations to sharing intelligence data internally to managing personnel.

“The department and the nation have vulnerabilities in cyberspace,” the document states. “Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity.”

Other nations “are working to exploit DOD unclassified and classified networks, and some foreign intelligence organizations have already acquired the capacity to disrupt elements of DOD’s information infrastructure,” the plan states. “Moreover, non-state actors increasingly threaten to penetrate and disrupt DOD networks and systems.”

Groups are capable of this largely because “small-scale technologies” that have “an impact disproportionate to their size” are relatively inexpensive and readily available.

The Pentagon plans to focus heavily on three areas under the new strategy: the theft or exploitation of data; attempts to deny or disrupt access to U.S. military networks; and attempts to “destroy or degrade networks or connected systems.”

One problem highlighted in the strategy is a baked-in threat: “The majority of information technology products used in the United States are manufactured and assembled overseas.”

DOD laid out a multi-pronged approach to address those issues.

As foreshadowed by Pentagon officials’ comments in recent years, the plan etches in stone that cyberspace is now an “operational domain” for the military, just as land, air, sea and space have been for decades.

“This allows DOD to organize, train and equip for cyberspace” as in those other areas, the plan states. It also notes the 2010 establishment of U.S. Cyber Command to oversee all DOD work in the cyber-realm.

The second leg of the plan is to employ new defensive ways of operating in cyberspace, first by enhancing the DOD’s “cyber hygiene.” That term covers ensuring that data on military networks remains secure, using the Internet wisely and designing systems and networks to guard against cyberstrikes.

The military will continue its “active cyber defense” approach of “using sensors, software, and intelligence to detect and stop malicious activity before it can affect DOD networks and systems.” It also will look for new “approaches and paradigms” that will include “development and integration … of mobile media and secure cloud computing.”

The plan underscores efforts long under way at the Pentagon to work with other government agencies and the private sector. It also says the Pentagon will continue strong cyber R&D spending, even in a time of declining national security budgets.

Notably, the plan calls the Department of Homeland Security the lead for “interagency efforts to identify and mitigate cyber vulnerabilities in the nation’s critical infrastructure.” Some experts have warned against DOD overstepping on domestic cyber-matters.

The Pentagon also announced a new pilot program with industry designed to encourage companies to “voluntarily [opt] into increased sharing of information about malicious or unauthorized cyber activity.”

The strategy calls for a larger DOD cyber-workforce.

One challenge, Pentagon experts say, will be attracting top IT talent because the private sector can pay much larger salaries — especially in times of shrinking Defense budgets. To that end, “DOD will focus on the establishment of dynamic programs to attract talent early,” the plan states.

On IT acquisition, the plan lays out several changes, including faster delivery of systems; moving to incremental development and upgrading instead of waiting to buy “large, complex systems”; and improved security measures.

Finally, the strategy states an intention to work more closely with “small- and medium-sized business” and “entrepreneurs in Silicon Valley and other U.S. technology innovation hubs.”

quote:

Why hacker group LulzSec went on the attack

LulzSec gained instant notoriety by targeting the CIA, multi-nationals and government websites. Then, at the height of its popularity, it disbanded. One of its founders tells why

Its audacity was brazen and apparently fearless. Among its high-profile victims were Sony, the CIA, the FBI, the US Senate and even the UK's Serious Organised Crime Agency. Exposing frailties in government and corporate networks, the group leaked hundreds of thousands of hacked passwords, and in the process garnered more than a quarter of a million followers on Twitter. But after just 50 days, on 25 June, LulzSec suddenly said it was disbanding.

Just hours before this announcement, the Guardian had published leaked internet chat logs revealing the inner workings of the group, which appeared to consist of six to eight members. The logs showed that authorities were often hot on their heels, and that after an attack on an FBI-affiliated website two hackers had quit LulzSec as they were "not up for the heat". As media attention mounted, Ryan Cleary, an Essex-based 19-year-old suspected of affiliation to LulzSec, was arrested in a joint UK-US "e-crime" investigation. Had the pressure simply got too much to handle?

To find out, the Guardian tracked down one of LulzSec's founding members, "Topiary". A key figure in the tight-knit group, he was revealed in the logs to have managed LulzSec's Twitter account and to have written their press releases. After verifying his identity by asking him to send a direct message from the account – "This is the captain of the Lulz Boat," he confirmed – we began a long conversation by Skype.

"I know people won't believe this, but we genuinely ended it [LulzSec] because it was classy," he says. "The leaks we promised happened . . . 50 days were reached, we just about hit 275,000 Twitter followers, things were on a high, so we redirected our fans to [hacker collective] Anonymous and [hacking movement] AntiSec and wrapped it up neatly . . . A high note, a classy ending, a big bang, then a sail into the distance."

LulzSec's jovial public image undoubtedly helped it achieve unusual popularity within a short time. Its stated aim was to provide "high-quality entertainment at your expense," and the word "Lulz" is itself internet slang for laughs. The group's popularity spiked after it planted a fake story on US news outlet PBS.com in protest over what it claimed was a misrepresentative WikiLeaks documentary made by the broadcaster. The story falsely reported that rapper Tupac Shakur, who was killed in a shooting 15 years ago, had been found alive and well in New Zealand.

"What we did was different from other hacking groups," says Topiary. "We had an active Twitter (controlled by me), cute cats in deface messages, and a generally playful, cartoon-like aura to our operations. We knew when to start, we knew when to stop, and most of all we knew how to have fun."

But the group's mission, Topiary explains, was not calculated. Almost everything LulzSec did – from choosing its name to its next target – happened spontaneously. "We made it up as we went along. We were originally @LulzLeaks on twitter, but I forgot the password so we became @LulzSec. My first name was The Lulz Train, then The Lulz Cannon, then The Lulz Boat. I had no idea what The Love Boat was, it was a complete accident . . . I wrote every press release in Notepad without planning. That's what made us unique, we just came out and made stuff up out of nowhere . . . We released when it felt right, we tweeted what felt right, we wrote what we felt needed to be wrote. We weren't burdened by plans or board meetings, we just did it."

The leaked chat logs also revealed the hackers appeared to revel in the international attention they received. However, Topiary says it wasn't that LulzSec was media-hungry, but that the media was LulzSec-hungry.

"We didn't contact a single media outlet for at least the first 40 days, they just kept reporting on our humble tweets," he says, though he admits the attention "gave us more reasons to leak more. It was a thrill, sure, and it did play a role. We enjoyed occasionally confusing and pranking media with weird tweets, or giving exclusives to certain journalists to piss off other certain journalists. It was another aspect of the situation that helped us leverage the entertainment."

Yet although many of LulzSec's attacks were perpetrated "for the lulz", the group was accused of attempted extortion by one US security company, Unveillance – a charge Topiary staunchly denies. It was also criticised after it hacked and dumped thousands of Sony Pictures Europe customers' usernames and passwords online, some of which were reportedly later used in scams by fraudsters. But Topiary is unapologetic.

"It's Sony's fault for not defending – and encrypting – its customers' data," he says. "Similarly, in a perfect world, we'd have dumped said data and nothing would have happened. These scams simply prove that other people (our fans/spectators) are more evil than us."

Towards the end of LulzSec's reign, it seemed to gravitate towards more overtly political causes. It occasionally compared itself to WikiLeaks in tweets, and its penultimate leak was a joint effort with Anonymous to expose Arizona police as "racist and corrupt", and to "sabotage their efforts to terrorise communities fighting an unjust 'war on drugs'."

Anonymous is well known for its acts of political "hacktivism". On Monday it reportedly threatened to attack the Metropolitan police over News International's phone hacking and the possible extradition to Sweden of WikiLeaks founder Julian Assange. Earlier this year the group claimed responsibility for a series of Distributed Denial of Service (DDoS) attacks on government websites in Tunisia, Iran, Egypt and Bahrain, and in 2008 it attacked the Church of Scientology after it allegedly attempted to suppress a leaked video interview with actor and scientologist Tom Cruise. Topiary has been heavily involved with Anonymous in the past, occasionally acting as its spokesman in televised interviews.

"Anonymous has been a great way for the younger generations to get involved through methods they understand, like utilising the internet," he says. "My main goal with Anonymous was to spread the word of revolution to those who might be seeking something new."

How does he define revolution? "Revolution is kicking the Tunisian government in the teeth by rendering their malicious Javascript embedments inert, allowing Tunisian citizens to surf Facebook without fear of password sniffing. Revolution is a horde of activists holding up Anonymous masks and thanking us for assisting their hard work by obliterating their government's ministry, stock and finance websites, replacing them with inspiring words. Revolution, to me, is bringing down the big guy while not forgetting to stand up for the little guy."

Though Topiary will not disclose his age, he describes himself as a teenager and "an internet denizen with a passion for change". He believes he is part of a generational shift in the way technology – specifically the internet – is increasingly being used as a tool to influence the world. The actions of Anonymous in particular, he says, have brought attention to the idea that actions taken online can have a major impact in real life – "linking the two realities". But he also recognises that the actions of Anonymous, LulzSec and other affiliated hackers can be used by governments as justification for greater control of the internet. So how does he balance his actions with that knowledge?

"It only results in greater government control if we remain apathetic and let it happen," he says. "The goal with Anonymous is to brutally cut down the middle of that decision and shout 'NO' to laws we don't agree with. Laws are to be respected when they're fair, not obeyed without question."

For now, however, Topiary is taking a break from law-breaking. He says he will continue operating on the margins of Anonymous, but will not engage in any more hacking. Instead, he intends to create art, video and graphics for the group to help with a new public relations project, to be titled Voice.

"I've been at this non-stop for a while, it's a big time-sink," he says. "Some people can handle it for years on end, and I respect those people. I just needed some air and a new page in the Anonymous/LulzSec era."

After the arrest of Cleary last month, suspected US hackers believed to be affiliated with LulzSec had their homes raided in Ohio and Iowa. In the past, hackers have been offered immunity from prosecution if they cooperate with the authorities. But, if caught, Topiary says he would "never snitch" on other hackers and that he would "pretty much" rather go to jail than work for the government in any capacity.

"Not sure I'd have a place in government security, unless they enjoy bizarre tweets," he says. "But again, no, I wouldn't accept a job that would fight against the things I've fought for. As for the authorities, well, if they have their claws in, they have their claws in, there's not much I can do about it. But I can only hope that they haven't pinned any of us, especially my friends from LulzSec."

twitter:

atopiary twitterde op donderdag 14-07-2011 om 22:43:24 This is accurate, just wish it focused more on the team effort of LulzSec rather than me: http://t.co/VnzKzqp A good, informative piece. reageer retweet

quote:

https://threatpost.com/en(...)ymous-attacks-071411
McCain Pushes For Select Committee to Address Wikileaks, Anonymous Attacks

In the face of continued attacks on federal agencies and contractors such as Booz Allen Hamilton and IRC Federal that do highly sensitive security work for the U.S. government, Sen. John McCain has asked Senate leaders to appoint a select committee to look into the attacks and data leaks that have plagued Washington throughout 2011.

In a letter to Senate Majority Leader Harry Reid and Senate Minority Leader Mitch McConnell, McCain (R-Ariz.) said that a temporary Senate committee is necessary in order to get a handle on all of the disparate cybersecurity legislation proposals and to address the threat posed by groups such as Anonymous, LulzSec and Wikileaks.

"I write to renew my request that the Senate create a temporary Select Committee on Cyber Security and Electronic Intelligence Leaks. I feel this Select Committee is necessary in order to develop comprehensive cyber security legislation and adequately address the continuing risk of insider threats that caused thousands of documents to be posted on the website Wikileaks," McCain said in his letter, which he sent Thursday.

The request for the select committee comes on the heels of renewed attacks on federal agencies and contractors by Anonymous and other groups affiliated with the AntiSec movement. The most recent incidents in this campaign are the attack by Anonymous on Booz Allen Hamilton revealed on Monday and the attack on IRC Federal last weekend. Both companies are involved in national security work for the federal government, and such companies have become prime targets for the groups in the AntiSec campaign.

In his letter to Reid and McConnell, McCain says that the select committee he is proposing is necessary for a number of reasons, not the least of which is the need to decipher the tangle of legislative proposals and agencies involved in the cybersecurity discussion.

"As you know, cyber security legislation has been drafted by at least three committees and at least seven committees claim some jurisdiction over the issue. The White House put forward a legislative proposal in May and the Department of Energy put forth requirements and responsibilities for a cyber security program that same month. Earlier this month, the Department of Commerce sought comment on its proposal to establish voluntary codes of behavior to improve cyber security and the Department of Defense issued its strategy for operating in cyberspace. With so many agencies and the White House moving forward with cyber security proposals, we must provide congressional leadership on this pressing issue of national security," McCain wrote in the letter.

In addition to the attacks on contractors and federal agencies, the government has been dealing with the fallout from the myriad revelations in the Wikileaks documents that have been trickling out since last year. McCain said in the letter that he thinks the government's current plan for dealing with these things is inadequate.

"I truly believe the only way to ensure the protection of sensitive and valuable information from tampering or dissemination by unauthorized persons is a Select Committee," McCain said.

quote:

Wired Story About TruePosition Disappears..., The Company Biz: Selling Mobile Phone Location Intelligence, 'Geo-Fencing' Monitoring Developed

This article hit my Google Reader, when clicking the link, I get a 404. Here is the text of the article copied from the reader:

quote:

Banks step up security amid fear of Anonymous hackers

AUSTRALIA'S major banks are on a heightened security footing amid fears of being targeted by the high-profile hacking group Anonymous.

ANZ's top technology executive, Ann Weatherston, said yesterday that investment in technology security had been one of the highest priorities at the bank for the past few years, and spending on that area was now a core part of operations.

''Customers increasingly will judge their banks by the quality of their security,'' she said.
Advertisement: Story continues below

Last month, the global group Anonymous and a second hacking network called LulzSec said they were planning to join forces in a campaign aimed at banks, government agencies and prominent targets around the world to encourage others to steal and leak classified information.

Ms Weatherston made the comments as ANZ outlined a five-year technology blueprint, including setting a target that would eventually give its customers a ''seamless'' technology experience through all of the countries in which it operated.

The plan also involves an upgrade of ANZ's internet banking, expanding its ATM network, and pushing further into mobile-banking.

ANZ also expects to start processing deposit and payment transactions in real time for business customers across its entire Asian network.

With some rival banks, including Commonwealth Bank, upgrading their core banking, ANZ's deputy chief executive, Graham Hodges, said he did not see a need for a big overhaul at this point. The bank would focus on upgrading and simplifying existing systems.

''What is right for us is not necessarily right for someone else,'' he said. He said ANZ's system was more modern than that of its bigger rival, and it was focused on spending more on building up its Asian banking businesses.

Technology remains one of the biggest expenses for banks and, given additional cost and risks, many are reluctant to tinker with systems that work.

Read more: http://www.smh.com.au/bus(...)p.html#ixzz1SE3CMWkS

quote:

Anonymous Attacks Monsanto Network, Releases Employee Contact Data

Anonymous released personal information and documents stolen from agricultural chemical and biotechnology company Monsanto as the Senate discusses a committee to address cyber-

The hacking group Anonymous has struck again, this time releasing documents it said it stole from the network of giant biotechnology and agricultural seed company Monsanto in retribution for alleged corporate misconduct.

The hacking collective posted information it stole last month on 2,500 Monsanto employees and associates, the group announced July 13. Anonymous also launched a distributed denial-of-service attack on Monsanto's international Websites, forcing the company to shut down the sites for approximately three days.

The group claimed it spent two months attacking the Monsanto network to access hundreds of pages of documents that it contends reveal “Monsanto's corrupt, unethical, and downright evil business practices.”

In the process, the group accessed three mail servers and released sensitive personal information, including full names, addresses, phone numbers "and exactly where they work," Anonymous wrote on text-sharing site Pastebin. The list also included contact details for media outlets as well as other agricultural companies.

The group also promised to post a wiki providing all the information, including articles and emails, "in a more centralized and stable environment," similar to what it did with HB Gary Federal emails on the AnonLeaks site earlier this year.

"Monsanto experienced a disruption to our Websites which appeared to be organized by a cyber-group," said Tom Escher, the company's director of corporate affairs, in an email to msnbc.com.

These types of activist attacks are not limited to the private sector as government agency Websites like the Central Intelligence Agency, private-public partnership sites affiliated with the Federal Bureau of Investigation, and consulting firm Booz Allen Hamilton have been hit recently, Sen. John McCain (R-Airs.) wrote July 14 in a letter to the Senate leadership. He called these kinds of attacks threats to national security.

McCain wrote, “to renew [his] request that the Senate create a temporary Select Committee on Cyber-Security and Electronic Intelligence Leaks." The committee could also develop a comprehensive cyber-security legislation based on disparate proposals currently in the Senate, he said.

"I truly believe the only way to ensure the protection of sensitive and valuable information from tampering or dissemination by unauthorized persons is a Select Committee," McCain said.

In a letter to Senate majority leader Harry Reid and minority leader Mitch McConnell, McCain requested a committee be appointed to specifically look into the various cyber-attacks and data breaches on federal agencies and contractors.

The temporary Senate committee was necessary to "adequately address" the growing threat from hacking collectives, such as Anonymous and other malicious perpetrators, as well as the risk of losing more classified documents to whistleblowers, such as Wikileaks, McCain wrote.

It won't be an easy task to untangle the snarl of cyber-security-related legislation and proposals currently swirling around Washington, D.C. At least three committees have drafted proposed bills, and at least seven committees claim some jurisdiction over cyber-security, McCain said.

The White House has also put forward a legislative proposal outlining the Obama administration's cyber-security goals in May. The Department of Energy released its own set of requirements and responsibilities for a cyber-security program the same month.

The Department of Commerce is still taking comments on its June proposal to establish voluntary codes of behavior for the private sector to improve cyber-security. To top it off, the Department of Defense on July 14 released its strategy on how it will operate in cyber-space.

"With so many agencies and the White House moving forward with cyber-security proposals, we must provide congressional leadership on this pressing issue of national security," McCain wrote in the letter.

quote:

Banned Anons launch Anon+ to take on Google+

Web hackivists Anonymous, having been banned from Google's attempt at building a social networking service, say they are setting up their own rival service named Anon+.

Google decided to oust youranonnews from Google+ over what it said was content it found objectionable. The headless collective claims that a number of accounts connected with it were also deleted.

"This is the sad fact of what happens across the internet when you walk to a different beat of the drum," the outfit wrote.

So, in resposnse it said to "stories of activists being banned from FaceBook, Twitter, YouTube, and governments blocking their people from these sites as well through organized black outs," the mischief makers have announced their intention to build their own social network.

"This is one social network that will not tolerate being shut down, censored, or oppressed - even in the face of blackout. We the people have had enough…enough of governments and corporations saying what’s best for us - what’s safe for our minds," the post on youranonnews.tumblr.com reads.

"The sheep era is over," they write. "The interwebz are no longer your prison."

It's certainly a new twist on the idea - a "social" network on which the members are anonymous. What will become of it is anyone's guess, but version 0.1 Alpha of the site is here.

Read more: http://www.thinq.co.uk/20(...)oogle/#ixzz1SNO120YZ

quote:

Internet Bill Could Help Hackers, Experts Warn

Legislation cracking down on rogue websites could inadvertently help hackers who have struck major corporate and government targets in recent weeks, a group of computer science experts said on Thursday.

“America is getting hacked,” security consultant Dan Kaminsky said at a Center for Democracy and Technology briefing. “On a deep architectural level, we have to fix this or our economy cannot work.”

Senate Judiciary Chairman Patrick Leahy, D-Vt., introduced the PROTECT IP Act to crack down on websites that sell copyrighted and counterfeited materials, and it passed out of committee in May.

But Kaminsky and other Internet architecture experts object to a section that requires Internet service providers to use a controversial method known as domain name system filtering to direct traffic away from websites selling copyrighted or counterfeit materials.

Authorities could use a court order to make service providers do the filtering--in essence, redirecting web users from a rogue website to another website that carries a notice about why the site couldn't be reached. But the filtering mandate could undermine online safety initiatives that hinge on use of Web addresses, the experts say.

The system that would allow filtering would also prevent providers from using an emerging security system known as DNSSEC. This security system sends credentialed messages between browsers and ISPs to ensure that users are taken to the proper website—and not a scam website—when they enter a URL.

Not only would a filtering requirement undermine the spread of DNSSEC, but hackers are likely to offer workarounds to private users. When clicked, these workarounds could also function as entry points, the computer architects argued.

Kaminski, Steve Crocker of the security consultancy Shinkuro, David Dagon of the Georgia Institute of Technology, Danny McPherson of security firm Verisign, and Paul Vixie of the Internet Systems Consortium wrote a white paper in May predicting that businesses relying on secure connections will quickly feel the repercussions of the proposal when hacking increases.

Kaminsky’s group said the redirection measures in the bill can be easily circumvented, adding that they have met with the White House, Commerce Department, and members of Congress to air their concerns, which are confined to the technical sections of the bill and not the entire proposal.

The Motion Picture Association of America, a key supporter of the bill, issued a statement on Thursday strongly disputing these claims. Web users are unlikely to reconfigure their computers to circumvent the filtering, the MPAA said, and the security standards cited by the authors ought to be flexible enough to allow for IP protection.

“Here's the bottom line: We rely on the Internet to do too much and be too much to let it decay into a lawless Wild West. We are confident that America's technology community, which leads the world in innovation and creativity, will be capable of developing a technical solution that helps address the serious challenge of rogue sites,” said Paul Brigner, chief technology officer at MPAA.

The technical grievances are just one sticking point in a bill that has received strong criticism from the Internet sector, which fears new costs involved with combating piracy. Civil libertarians fear an overly broad bill could suppress online speech. Sen. Ron Wyden, D-Ore., placed a hold on the bill earlier this year after it passed out of committee.

“By ceding control of the Internet to corporations through a private right of action, and to government agencies that do not sufficiently understand and value the Internet, [the legislation] represents a threat to our economic future and to our international objectives,” Wyden said at the time.

Legislation cracking down on rogue websites could inadvertently help hackers who have struck major corporate and government targets in recent weeks, a group of computer science experts said on Thursday.

“America is getting hacked,” security consultant Dan Kaminsky said at a Center for Democracy and Technology briefing. “On a deep architectural level, we have to fix this or our economy cannot work.”

Senate Judiciary Chairman Patrick Leahy, D-Vt., introduced the PROTECT IP Act to crack down on websites that sell copyrighted and counterfeited materials, and it passed out of committee in May.

But Kaminsky and other Internet architecture experts object to a section that requires Internet service providers to use a controversial method known as domain name system filtering to direct traffic away from websites selling copyrighted or counterfeit materials.

Authorities could use a court order to make service providers do the filtering--in essence, redirecting web users from a rogue website to another website that carries a notice about why the site couldn't be reached. But the filtering mandate could undermine online safety initiatives that hinge on use of Web addresses, the experts say.

The system that would allow filtering would also prevent providers from using an emerging security system known as DNSSEC. This security system sends credentialed messages between browsers and ISPs to ensure that users are taken to the proper website—and not a scam website—when they enter a URL.

Not only would a filtering requirement undermine the spread of DNSSEC, but hackers are likely to offer workarounds to private users. When clicked, these workarounds could also function as entry points, the computer architects argued.

Kaminski, Steve Crocker of the security consultancy Shinkuro, David Dagon of the Georgia Institute of Technology, Danny McPherson of security firm Verisign, and Paul Vixie of the Internet Systems Consortium wrote a white paper in May predicting that businesses relying on secure connections will quickly feel the repercussions of the proposal when hacking increases.

Kaminsky’s group said the redirection measures in the bill can be easily circumvented, adding that they have met with the White House, Commerce Department, and members of Congress to air their concerns, which are confined to the technical sections of the bill and not the entire proposal.

The Motion Picture Association of America, a key supporter of the bill, issued a statement on Thursday strongly disputing these claims. Web users are unlikely to reconfigure their computers to circumvent the filtering, the MPAA said, and the security standards cited by the authors ought to be flexible enough to allow for IP protection.

“Here's the bottom line: We rely on the Internet to do too much and be too much to let it decay into a lawless Wild West. We are confident that America's technology community, which leads the world in innovation and creativity, will be capable of developing a technical solution that helps address the serious challenge of rogue sites,” said Paul Brigner, chief technology officer at MPAA.

The technical grievances are just one sticking point in a bill that has received strong criticism from the Internet sector, which fears new costs involved with combating piracy. Civil libertarians fear an overly broad bill could suppress online speech. Sen. Ron Wyden, D-Ore., placed a hold on the bill earlier this year after it passed out of committee.

“By ceding control of the Internet to corporations through a private right of action, and to government agencies that do not sufficiently understand and value the Internet, [the legislation] represents a threat to our economic future and to our international objectives,” Wyden said at the time.

quote:

Tor's Hammer - Slow POST Denial Of Service Testing Tool

Tor's Hammer is a slow post dos testing tool written in Python. It can also be run through the Tor network to be anonymized. If you are going to run it with Tor it assumes you are running Tor on 127.0.0.1:9050. Kills most unprotected web servers running Apache and IIS via a single instance. Kills Apache 1.X and older IIS with ~128 threads, newer IIS and Apache 2.X with ~256 threads.

quote:

Yet another report: Internet disconnections a "disproportionate" penalty

The Organization for Security and Co-operation in Europe (OSCE), with its 56 member countries made up of 1 billion people, is the “world's largest regional security organization.” And it really doesn't like Internet censorship.

A new OSCE report on "Freedom of Expression on the Internet" (PDF) takes a hard line on all things Internet, issuing conclusions at odds with the practices of many of its most powerful member states, including France and the US. Net neutrality? Every country needs it. “Three strikes” laws that and in Internet disconnection? Disproportionate penalties for minor offenses. Internet access? It's a human right.

The report was prepared by Yaman Akdeniz, a law professor at Istanbul Bilgi University in Turkey, and it's a scorcher—coming to many of the same conclusions reached by UN Special Rapporteur Frank LaRue last month. Reports, even when they come from organizations like OSCE and the UN, seem unlikely to alter France's stance on Internet disconnections as response to online copyright infringement, or the United States' newfound appreciation of the need for Internet site blocking. As for countries like Belarus and Kazahstan—well, the chances they will suddenly agree with Akdeniz and LaRue are infinitesimal.

Still, the reports do document a growing high-level international perspective opposed to nearly all censorship and curtailment of Internet access, and in strong favor of making such access a universal human right.

Highlights from the report:

Network neutrality: It's "an important prerequisite for the Internet to be equally accessible and affordable to all. It is, therefore, troubling that more than 80 percent of the participating States do not have legal provisions in place to guarantee net neutrality. Finland and Norway stand out as best practice examples… Users should have the greatest possible access to Internet-based content, applications or services of their choice without the Internet traffic they use being managed, prioritized, or discriminated against by the network operators."

"Three strikes": "The increased use of so-called 'three-strikes' legal measures to combat Internet piracy is worrisome given the growing importance of the Internet in daily life… This disproportionate response is most likely to be incompatible with OSCE commitment on the 'freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.'"

Internet kill switch: "Existent legal provisions allow several OSCE participating States to completely suspend all Internet communication and 'switch off' Internet access for whole populations or segments of the public during times of war, states of emergency and in cases of imminent threat to national security. Reaffirming the importance of fully respecting the right to freedom of opinion and expression, the OSCE participating States should refrain from developing, introducing and applying 'Internet kill switch' plans as they are incompatible with the fundamental right to information."

Web blocking: "As blocking mechanisms are not immune from significant deficiencies, they may result in the blocking of access to legitimate sites and content. Further, blocking is an extreme measure and has a very strong impact on freedom of expression and the free flow of information. Participating States should therefore refrain from using blocking as a permanent solution or as a means of punishment… Blocking of online content can only be justified if in accordance with these standards and done pursuant to court order and where absolutely necessary. Blocking criteria should always be made public and provide for legal redress."

quote:

One arrest and further threats in the German police hacker case

The "No Name Crew", a group of hackers who recently published classified information relating to the German customs investigators' "Patras" GPS location system, has threatened to publish further data. The data is to be released at midnight on 28 July, and the alleged target is a German federal authority. The data reportedly includes sensitive information such as the authority's emails. The hackers say that they have had "full control of the central download server of the German Federal Police for some time", and that they were able to intercept the network traffic to and from the systems of the German Federal Criminal Police, the German Federal Police and the German Customs Authority, over the course of an entire year.

To avoid being arrested the hackers have, in WikiLeaks fashion, posted a 717 MB encrypted archive on the internet. The criminals have threatened that an automated response mechanism will publish the archive password should a member of their group get arrested. This could now be the case, as the North Rhine-Westphalian Federal Police reported earlier today (Monday, 18 July) that it has arrested a 23-year-old German citizen on the suspicion of intercepting and manipulating data and computer sabotage. Evidence was reportedly secured at the suspect's home. German Focus OnlineGerman language magazine says that the German police is aware of the identities of three suspected group members.

The case is currently being analysed at the cyber defence centre operated by the German Federal Office for Information Security (BSI). Talking to The H's associates at heise Security, the BSI's Matthias Gärtner was unable to rule out that the attackers may be in possession of further sensitive information. Focus Online quoted a high-ranking German security official as saying that he feared that hundreds of secret investigations could be disclosed on the internet.

Classified investigation documents that the magazine claims to have obtained reportedly state that the attackers managed to exploit mistakes made at the German Federal Police's Swisstal-Heimerzheim barracks in North Rhine-Westphalia (NRW). To save money, the police authority is said to have used the standard XAMPP Apache installation package. This package is intended as a simple introduction to the world of Apache for developers and doesn't present any major configuration hurdles. However, the XAMPP developers explicitly warn that the standard settings are not suitable for production use: "To make it convenient for developers, XAMPP is configured with all features turned on. [...] The default configuration is not good from a security point of view, and it's not secure enough for a production environment."

Consequently, the attackers managed to inject at least 42 trojans into the authority's systems. Talking to Focus Online, the BSI said that unauthorised accesses to the German Central Credit Committee's and the Federal Police's infrastructures that could be attributed to the No Name Crew began in autumn 2010.

twitter:

AnonymousIRC twitterde op maandag 18-07-2011 om 22:53:57 We have joy we have fun we will mess up Murdoch's Sun: http://t.co/JArvwg1 | Hi Rupert! Have fun tomorrow at the Parliament! #AntiSec reageer retweet

quote:

#AntiSec Hackers Spill News of the World Chief Rebekah Brooks’ Email Login to Entire Internet (Update)

Sam Biddle — The fruits of today's Sun UK hack are starting to dangle down: LulzSec (out of retirement?) and Anon are tweeting logins of some serious British media brass. Foremost? Rebekah Brooks, the epicenter of England's voicemail hacking scandal. Update: phone numbers!

The tweet divulged the email and password info for one Rebekah Wade—Brooks' maiden name—along with many others from Murdoch's tabloid upper crust:

Harvey Shaw—Publishing Operations Team Manager, News International—Phone number

Pete Picton—Sun Online Editor—Phone number

Lee Wells—Editorial Support Manager at News International—Email and Password

Bill Akass—Managing Editor, News of the World—Email and password

Chris Hampartsoumian—Former Online Editor at timeonline.co.uk—Phone number

Danny Rogers—Sun Online Editorial Manager—Email and password

This trickle is probably only the start. LulzSec appears to be hard at work squeezing more logins out of The Sun's servers:

We are battling with The Sun admins right now - I think they are losing. The boat has landed... >:]

In other words, expect more—though the only login fish bigger than Brooks would be Murdoch's.

Update: AntiSec operators have tweeted phone numbers for The Sun's online editor, Pete Picton, along with two other (lesser) Sun editorial figures.

quote:

How LulzSec hacked the Sun's website


Weakness in disregarded server was used to gain access to News International systems and then redirect traffic to fake web page, and then to LulzSec's Twitter feed

The LulzSec attack on News International's systems to redirect readers from the Sun to a fake story, and to try to get at its internal email store, appears to have been two-pronged.

Some of the more skilled hackers, including some from the hacker collective Anonymous, had been probing it in detail for about two weeks before the hack. One was to break into its email archive; the other was to hack and "deface" the site itself, by putting up a fake story – the same method LulzSec originally came to attention by doing when it hacked the PBS site to claim that Tupac Shakur was not dead.

However as far back as 2009 a weakness was found in the "Contact us" form of the Sun's site that meant that it could be used to attack the database holding emails for the system.

Some former News International employees' names and mobile phone numbers have been given out on Twitter by people affiliated to the hacker collective Anonymous. However, they are not current: some include people who left the company in 2007. But that also implies that they may have access to email archives dating back to when some phone hacking occurred.

Monday night's hack of the Sun occurred because one of the hackers found a weakness in a "retired" server for the News International "microsites" – used for small or unimportant stories – running Sun's Solaris operating system.

The most likely candidate for that hack – which would use the weakness discovered in 2009 – is the "mailback" page at http://www.new-times.co.uk/cgi-bin/newtimesmailback, which on Tuesday morning had been deactivated, along with the whole of the new-times site.

The server hosted the outdated "new-times.co.uk" site put up when the Times was building its paywall.

The hacker used that and then ran a "local file inclusion" program to gain access to the server – meaning they had extensive control over it.

That then gave them access across large parts of the News International network, possibly including the archived emails, and to the Sun's "content management system" (CMS) – which formats news onto pages. That will have included the code for the "breaking news" element of the Sun's main webpage; changing the entire content on the page would be too obvious.

By including a line of Javascript in the "breaking news" element, the hackers were able to ensure that anyone visiting the Sun's home page would, as the ticker was automatically refreshed, they would be redirected to anywhere that the hackers chose.

Initially they made it redirect to a fake page they had created at new-times.co.uk/sun which attempted to look and read like a Sun story claiming that Rupert Murdoch had been found dead. That page used a template of another story that first appeared on 14 July, suggesting that the hackers either grabbed an archived story or have had access since then.

After the team at News International tried to regain control, the hackers then redirected the main News International page to the Twitter page for LulzSec.

But the problems for the News International team aren't over. A number of email addresses and passwords were being tweeted last night on various feeds – implying that the hackers may have gained access to the email archive and be preparing to release it. If that happens, the effects could be titanic.

quote:

Invallen FBI bij hackersgroep Anonymous

De FBI heeft vandaag op verschillende plaatsen in New York huiszoekingen gedaan in het kader van een onderzoek naar de hackersgroep Anonymous. Op een adres in de wijk Brooklyn en drie op Long Island werden computers in beslag genomen, zegt een FBI-woordvoerder.

Anonymous is een los georganiseerde groep van hackers die sypathiseren met de klokkenluiderswebsite Wikileaks. De groep heeft de verantwoordelijkheid opgeëist voor een groot aantal aanvallen op websites van bedrijven en overheidsinstellingen in de hele wereld.

Doelwit waren onder meer de websites van creditcardbedrijven Visa en Mastercard, omdat die weigerden donaties voor Wikileaks en zijn oprichter Julian Assange te verwerken. Ook werden de sites van de Scientology-kerk en van Kiss-bassist Gene Simmons aangevallen.

quote:

Federal Government Indicts Former Demand Progress Executive Director For Downloading Too Many Journal Articles

“This makes no sense,” said Demand Progress Executive Director David Segal; “it’s like trying to put someone in jail for allegedly checking too many books out of the library.”

“It’s even more strange because JSTOR has settled any claims against Aaron, explained they’ve suffered no loss or damage, and asked the government not to prosecute,” Segal added.

quote:

Sky News uncovers mysterious hacker Louise Boat

SKY NEWS has uncovered a mysterious hacker called Louise Boat, who is responsible for targeting Rupert Murdoch's rag, The Sun.

The revelation came on a news report late last night by news anchor Anna Botting, who exposed the leader of hacktivist group Anonymous as none other than Louise Boat, a shady figure that few know anything about.

The guests on the show, who we presume were security 'experts', were baffled by this hacker femme fatale, asking several times, "Who is Louise Boat?"

The question, which is sure to become part of modern day philosophical treatises, is made all the more captavating by the fact that Boat also spells her first name Luiz, probably as some kind of attempt to fit in with internet lingo.

In case anyone might think otherwise, the Twitter page that The Sun redirects to after its recent hack, specifies that it represents the Louise Boat. Presumably there are a number of people out there pretending to be this elusive hacker woman.

Even Botting, who is usually quite lucid at her late night broadcasts, admitted, "I don't know who Louise Boat is."

One of the guests on the show attempted to offer some clarity on the situation by saying, "It's some hacking ... thing." Such astute observations are what can be expected on such an illustrious news programme.

We think Botting, who has worked for Sky News since 1995, might know a bit more about Louise Boat than she's letting on, considering she was a rower at university and participaticed in the BBC's The Other Boat Race. Presumably, however, she never sailed in the Lulz Boat.

Sky News is partly owned by Murdoch's News Corporation, which was forced to withdraw its bid for parent company British Sky Broadcasting (Bskyb) last week over the hacking scandal. Part-owned by Murdoch, you say? Well, that explains it.

Sky News Reporting @LulzSec www.thesun.co.uk Hack, Call them ' Annoymous & call them louise ' fail

Read more: http://www.theinquirer.ne(...)e-boat#ixzz1Sas9QBWv
The Inquirer - Computer hardware news and downloads. Visit the download store today.

quote:

Anonymous shut down! Ringleaders brought to justice!

July 20, 2011 --

As many readers would no doubt already be aware, the FBI has just arrested 16 "members" of Anonymous in relation to DDoS attacks and intrusions.

The US Department of Justice swiftly issued a press release with the catchy, ALL CAPS title of "SIXTEEN INDIVIDUALS ARRESTED IN THE UNITED STATES FOR ALLEGED ROLES IN CYBER ATTACKS".

So this is a massive blow to "Anonymous" and its sophisticated campaign of mayhem, right?

Wrong.

One of the complaints details charges to be laid against Scott Matthew Arciszewski, 22. He's alleged to have somehow created an account on Infragard Tampa's Website and successfully uploaded a couple of files.

By the looks of things he made no attempt to hide his actions -- using his own IP address to conduct the "attack" -- then Tweeted about it and directed his followers toward his Website.

How stealthy.

What a criminal mastermind. I'll sure sleep better tonight knowing this criminal genius has been taken off the streets.

Another complaint alleges former AT&T contractor Lance Moore uploaded a bunch of commercially sensitive material to Fileape. That information was subsequently "redistributed" by LulzSec.

This guy isn't even alleged to be sailing aboard the Lulz Boat, but hey, at least the DoJ got to use the word "LulzSec" in an indictment. What a win!

The remaining 14 arrests deal with a DDoS attack against PayPal, apparently in retribution for that company's decision to suspend payment processing for Wikileaks. They were using LOIC. How 1337.

So what does this all amount to? A leaker with internal access (AT&T), a young guy who was able to pwn Infragard in about five minutes (great security, guys) and a bunch of LOIC users.

And yet the coverage I'm seeing still persists with this ridiculous idea that the arrests will be some sort of strike against Anonymous, the "group".

So here, let's try to get something straight, once and for all: Anonymous is not a group. It's not a hydra. It's not a "loose collective". Anonymous is just a designation. Why is that so hard to understand?

Let's try an analogy.

17th century pirates liked to steal booty. They sailed the high seas and pillaged. They had a common flag. But they WERE NOT A GROUP.

Sure, there were groups of pirates that sailed on ships together. There was a common outlook -- that plundering booty was a worthwhile activity, ho ho and a bottle of rum, all of that. But they were not a group.

There were pirate hangouts like pirate taverns, so there was congregation, but no leadership. Pirates were not a collective.

So let's clear it all up. The anons are the pirates, IRC channels and imageboards like 4chan are their pirate taverns, and the various Anonymous outfits like @AnonymousIRC and @AnonOPS are pirate ships with multiple pirates aboard. They're groups of pirates! Simple! See?

So when the Spanish, Turkish, British or whichever police force claims to have arrested "key members" of Anonymous I wonder if they're deliberately misleading the public and their masters, or if they genuinely just don't get it.

This current batch of arrests will "bring to justice" a bunch of people who made no attempt to conceal their actions because they're either technically useless or just didn't care.

They're "low hanging anons".

But that won't stop the mainstream media from portraying this as the establishment striking back at online troublemakers.

Sigh.

quote:

http://www.reddit.com/r/A(...)earch_warrant_today/

At around 11:00 this morning, I had 4 cars and a van filled with FBI agents pull up to my house, and then invade. I have learned enough from Reddit to ask for a copy of the search warrant, which took them at least half an hour to provide, and it was a "copy" (bad signature, no seals, etc.). They ushered me and my four kids to the couch, and then proceeded to search my house, with guns drawn, and collect all our electonic devices and equipment.

When I finally got to sit down and talk to them, they said that packets were sent from our isp address during the ddos attack on paypal. They said my son was responsible (he was 13 at the time). They sat down with both of us and asked about our involvement with AnonOps. I think they were surprised (really?) that I knew about Anonymous. [http://gizmodo.com/5709630/what-is-loic]

Why would they spend all this time, energy, and funds to get a kid who was trying to be cool and follow Anon without knowing any of the consequences? What do I do to protect him? What can I expect? They seized two desk top computers.

Thanks for any feedback or guidance or information.

*EDIT Can't "lawyer up", don't have the funds. I guess my biggest question is this: Why would they spend all the time and resources on a child? If they want to get Anon, how about spending the funds they spent today on researching who to really go after? Seems like a waste of my tax payer dollars.

Edit 2 There are a lot of people calling bullshit. It is "United States District Court Northern District of Illinois, Eastern Division. Case number: . I am trying to take pictures with my phone to upload, but I am not certain that it will be clear enough, and I have a new computer (bought today, and it is not hooked up to the printer/scanner).

Edit 3 Proof - Sorry for the bad quality, taken with my Flip camera.

Edit 4 Removed some information on the advice of other redditors.

quote:

LulzSec claims to have News International emails

Member of hacking group LulzSec says it will make public 4GB of emails it claims were taken from attack on servers at the Sun

One of the members of the LulzSec hacking group has claimed on Twitter that the group has got 4GB of emails taken from the Sun and the "royal family" which may be released as soon as lunchtime on Thursday.

The claim follows a hacking attack against News International on Tuesday night during which members of LulzSec apparently broke into computer systems there and redirected readers of the Sun's website to a faked page claiming News Corp chief executive Rupert Murdoch had been found dead.

Significantly, the group also seems to have broken into the email database at News International.

Some accounts belonging to Anonymous also began tweeting email addresses and passwords for staff at News International, including what seemed to be an email account and password for Rebekah Brooks under her previous married name of Wade while at the Sun.

The password appeared to be valid based on the contents of the tweet, which included the encrypted form of the password.

News International reacted by closing down all external access to its webmail systems and forcing users to reset their passwords.

The company declined to comment at the time on whether the hackers might have had external access to email accounts, but the fact that it shut down the access suggests that it feared they might.

Equally, the hackers almost certainly would not have begun tweeting details of their find without having first exploited it.

Contacts within Anonymous have told Guardian journalists that News International's email systems were being probed last week and that downloads were being made then.

twitter:

AnonymousIRC twitterde op donderdag 21-07-2011 om 14:04:15 Here is the next NATO Restricted PDF: http://t.co/zSR7bVo | Outsourcing CIS in Kosovo (2008) | Enjyoing the war yet, NATO? #AntiSec reageer retweet

quote:

NATO HACKED: AnonymousIRC claim to have infiltrated NATO servers

The AnonymousIRC hacking organisation have claimed this afternoon that they have hacked into NATO servers.

The group tweeted a message earlier claiming they are sitting on 1gb of NATO data.

"Yes, #NATO was breached. And we have lots of restricted material. With some simple injection. In the next days, wait for interesting data "

They later said:

"We are sitting on about one Gigabyte of data from NATO now, most of which we cannot publish as it would be irresponsible. But Oh NATO...."

They later released the document, obtained by Blottr. However for security reasons, we will not be sharing this document, but can provide a screenshot that we AnonymousIRC did in fact leak the document.