Anonops #10: Stop SOPA

quote:

Brein eist blokkade Pirate Bay van internetproviders – KPN weigert

Internetproviders UPC, KPN en T-Mobile hebben van Stichting Brein het verzoek gekregen downloadsite The Pirate Bay te blokkeren. KPN is echter niet bereid om gehoor te geven aan het verzoek.

De verzoeken volgen op de uitspraak van de rechtbank in Den Haag begin januari dat internetproviders Ziggo en Xs4all verplicht zijn om The Pirate Bay te blokkeren.

Woordvoerders van UPC en T-Mobile meldden vanmiddag aan Webwereld dat ze het verzoek van Brein momenteel bestuderen. Ze zeggen nog niet of ze bereid zijn hier gehoor aan te geven.

Tweakers meldt dat ook KPN zo’n verzoek tot blokkade heeft gekregen. Een woordvoerder meldt tegen die site dat KPN niet bereid is daar gehoor aan te geven.

quote:

US govt security website hacked

Portal offering Internet security advice taken offline by hacktivist group Anonymous in protest of piracy crackdown

Hacktivist group Anonymous has claimed responsibility for taking down a website operated by US Federal Trade Commission (FTC) that offers Internet security advice to consumers.

The hit on OnGuardOnline.gov appears to go beyond the usual denial of service attack. The Pastebin post claiming responsibility for attack purports to show a log of the intrusion in progress, with the hacker gaining complete access to the site's back-end MySQL database and posting links to a full copy of its copied structure.

The post also warns of further action if any of the anti-piracy bills – the Stop Online Piracy Act (SOPA), Protect IP Act (PIPA) in the US and the Anti-Counterfeiting Trade Agreement (ACTA) in Europe – pass, promising to destroy "dozens upon dozens of government and company websites". Anonymous affiliate group AntiSec also to have take control of "hundreds of rooted servers", as well as passwords, bank accounts and online dating details.

Hacking affiliated to the Anonymous movement continues around the world, with activists in Brazil launching denial of service attacks on the main Brazilian government website, brazil.gov.br, as well as other governement websites.

A seperate Anonymous-affiliated hacking group recently brought down multiple Polish government websites in protest of the Polish government's support for ACTA.

The @WikipediaAnon twitter account which claimed responsibility for the attack tweeted: “Dear Polish government, we will continue to disrupt and interfere with your government official websites until the 26th. Do not pass ACTA."

"We have dox files and leaked documentations on many Poland officials, if ACTA is passed, we will release these documents," the account tweeted later.

According to the BBC, governmnent spokesperson Pawel Gras initially claimed the website was down due "huge interest in the sites of the prime minister and parliament".

quote:

http://pastebin.com/mJWUDtGD

#opmegaupload #antisec #anonymous
#ANTISEC SEZ ITS SOPA/PIPA/ACTA RETALIATION TIME.
PASS THAT TRASH AND WE WILL RM HALF THE CORPORATE INTERNET

"OnGuardOnline.gov, a partnership of fourteen federal agencies managed by the Federal Trade Commission
(FTC)" ... "the bad guys constantly develop new ways to attack your computer, so your security software must be
up-to-date to protect against the latest threats." ... etc etc you got rooted and rm'd. umad? don't like
it when your site is wiped of the internet do you?

If SOPA/PIPA/ACTA passes we will wage a relentless war against the corporate internet, destroying dozens upon
dozens of government and company websites. As you are reading this we are amassing our allied armies of
darkness, preparing boatloads of stolen booty for our next raid. We are sitting on hundreds of rooted servers
getting ready to drop all your mysql dumps and mail spools. Your passwords? Your precious bank accounts? Even
your online dating details?! You ain't even trying to step to this.

follow @anonymousirc - browse the onion embassy - chat on anonops

YOU WANT TEH DUMPS??:
http://ibhg35kgdvnb7jvw.onion/onguard2.sql.gz
http://www.load.to/e6arTZSBjt/onguard2.sql.gz
http://www.badongo.com/file/26149204
http://mirrorafile.com/files/BNZXWNZV/onguard2.sql.gz

BUST OUT TEH HAXLOG!?!?

mysql> use dc-onguardonline-gov;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

quote:

US launched cyber attacks on other nations

The assumption that the US has the technological know-how to cripple a competing nation has always been just that: as assumption. In a recent sit-down interview, however, a former spy chief confirmed that America has already waged cyber attacks.

Mike McConnell, the former director of national intelligence at the National Security Agency under George W Bush, tells Reuters this week that cyber war is more than a distant possibility. According to the current vice chairman at Booz Allen Hamilton, the US has already launched attacks on the computer networks of other nations.

McConnell did not add any input as to what countries have been hit with American cyber warfare in the past, but he did confirm that the US has already used the ability. When asked by Reuters if the United States had the capability to destroy the computer system of an adversary, McConnell responded “Yes.” When asked if it worked, he confirmed “yes” as well.

"Do we have the ability to attack, degrade or destroy? Sure. If you do that, what are the consequences? That is the question,” added McConnell.

Although the former spy chief neglected to name any countries that have been the target of American attacks, the US is believed by some to be the culprit behind a virus that targeted computer systems in Iran in 2010. Stuxnet, an advanced computer worm discovered in June of that year, impacted the computers used in conjunction with Iran’s nuclear program. In a January 2011 article in the New York Times, an American nuclear intelligence expert speaking on condition of anonymity said that the Israelis were behind Stuxnet, placing the blame on one of America’s most important allies. The expert adds in the article that Israel did indeed work hand-in-hand with the US in perfect Stuxnet before sending it to the Iranian networks, but that Washington wanted “plausible deniability.”

Other sources have since all but confirmed America’s involvement in the worm. German cyber security expert Ralph Langner told National Public Radio last year that the virus seemed like something out of science fiction, but added that, "Thinking about it for another minute, if it's not aliens, it's got to be the United States.” He went on to call the US “the leading force” behind Stuxnet, an assumption that many in Iran believe as well. While the Iranians have never officially recognized retaliation on their part, rumors of revenge via cyberwar have been rampant in recent weeks, particularly after news broke out of Mexico last month that hackers south of the border were being recruited by Iran to participate in an infiltration of American computers.

Before it launched an airstrike` attack on Libya in 2011, a cyberattack was considered as a route to oust Colonel Muammar Gaddafi, an Obama official said to the New York Times last year. In the end, however, America relied on other techniques. “These cybercapabilities are still like the Ferrari that you keep in the garage and only take out for the big race and not just for a run around town, unless nothing else can get you there,” the insider, speaking on condition of anonymity, told the Times.

quote:

Why was MegaUpload really shut down?

In December of 2011, just weeks before the takedown, Digital Music News reported on something new that the creators of #Megaupload were about to unroll. Something that would rock the music industry to its core. (http://goo.gl/A7wUZ)

I present to you... MegaBox. MegaBox was going to be an alternative music store that was entirely cloud-based and offered artists a better money-making opportunity than they would get with any record label.

"UMG knows that we are going to compete with them via our own music venture called Megabox.com, a site that will soon allow artists to sell their creations directly to consumers while allowing artists to keep 90 percent of earnings," MegaUpload founder Kim 'Dotcom' Schmitz told Torrentfreak

Not only did they plan on allowing artists to keep 90% of their earnings on songs that they sold, they wanted to pay them for songs they let users download for free.

"We have a solution called the Megakey that will allow artists to earn income from users who download music for free," Dotcom outlined. "Yes that's right, we will pay artists even for free downloads. The Megakey business model has been tested with over a million users and it works."

quote:

Op dinsdag 24 januari 2012 21:44 schreef YazooW het volgende:

Veel te makkelijk om dit als een "conspiracy" te zien, reden waarom ze neergehaald zijn is omdat megaupload draaide op content die niet van hun zelf was en daar ook nog eens een hoop geld aan verdiende.

quote:

'KPN weigert The Pirate Bay te blokkeren'

Auteursrechtenorganisatie Brein eist van internetprovider KPN dat de toegang tot downloadsite The Pirate Bay wordt geblokkeerd, maar KPN weigert dat vooralsnog. Het telecomconcern wil eerst het hoger beroep afwachten dat is aangespannen door dochterbedrijf XS4ALL.

Dat schrijft technologiesite Webwereld, die met een woordvoerder van KPN sprak. Twee weken geleden bepaalde de rechter dat XS4All en Ziggo de toegang tot The Pirate Bay moeten blokkeren voor hun klanten. XS4All zal dat per 1 februari doen, maar is wel in hoger beroep tegen die uitspraak gegaan. Datzelfde geldt voor concurrent Ziggo. KPN heeft een brief van Brein ontvangen, maar gaat dus vooralsnog niet op dat verzoek in.

Brein heeft ook een brief aan andere internetproviders gestuurd met het verzoek de toegang tot de Zweedse torrentsite te blokkeren. UPC en T-Mobile hebben al bekendgemaakt zo'n brief te hebben ontvangen.

quote:

"Anonymous" DDoS Activity
_{Original release date: January 24, 2012
Last revised: --
Source: US-CERT}

quote:

Op dinsdag 24 januari 2012 21:47 schreef YazooW het volgende:

[..]

Ik zie de link met SOPA niet.

twitter:

Officialanonyup twitterde op woensdag 25-01-2012 om 08:51:22 In the evening, I will prove in the world that i told the truth and that we aren't SCAM / FAKE . #Anonyupload #Anonymous #information reageer retweet

quote:

EU stelt nieuwe privacyregels op internet voor

De Europese Unie heeft nieuwe regels voor bescherming van persoonsgegevens op internet voorgesteld. Bedrijven moeten voortaan gehoor geven aan het definitief verwijderen van gegevens als de gebruiker dat wil.

Het voorstel komt van de Europese Commissaris voor Justitie en Mensenrechten Viviane Reding. Volgens Reding laten we onze sporen achter op het internet en daarvoor moeten we beschermd worden in deze ‘brave new data world’:

twitter:

VivianeRedingEU twitterde op woensdag 25-01-2012 om 10:06:41 We leave digital traces with every move we make. We need a robust set of data protection rules in this brave new data world #EUdataP reageer retweet

quote:

Symantec: Anonymous stole source code, users should disable pcAnywhere

Symantec has confirmed that the hacker group Anonymous stole source code from the 2006 versions of several Norton security products and the pcAnywhere remote access tool.

Although Symantec says the theft actually occurred in 2006, the issue did not come to light until this month when hackers related to Anonymous said they had the source code and would release it publicly. Users of the Norton products in question are not at any increased risk of attack because of the age of the source code and security improvements made in the years since the breach, but the vendor acknowledged on Tuesday night that "Customers of Symantec's pcAnywhere have increased risk as a result of this incident."

Symantec released a patch fixing three vulnerabilities in pcAnywhere version 12.5 (the current version) on Monday, and said it will continue issuing patches "until a new version of pcAnywhere that addresses all currently known vulnerabilities is released."

Symantec pointed customers to a white paper that recommends disabling pcAnywhere, unless it is needed for business-critical use, because malicious users with access to the source code could identify vulnerabilities and launch new exploits. "At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks," the company said. "For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow the general security best practices discussed herein."

As for Norton, Symantec said the source code stolen was from the 2006 versions of Norton Antivirus Corporate Edition, Norton Internet Security, and Norton SystemWorks. Earlier this month, Symantec said no products were at risk, but changed its message regarding pcAnywhere after further investigation.

quote:

Op donderdag 26 januari 2012 01:05 schreef Nemephis het volgende:
Live, van The Onion News Network!! Net zoiets als De Speld, dus dan moet het wel waar zijn!

CIA's 'Facebook' Program Dramatically Cut Agency's Costs

"that's how they got my brother"

twitter:

amauryy19 twitterde op donderdag 26-01-2012 om 02:27:19 RT The video was real."@YourAnonNews cough cough, uh, looks like facebook.com is having a slight accessibility problem. #Anonymous" reageer retweet

twitter:

TxStormChasers twitterde op donderdag 26-01-2012 om 02:26:18 Oh look, #Facebook is back online. END OF WORLD CANCEL! #facebookownstheworld reageer retweet

twitter:

Anonymous_DO twitterde op donderdag 26-01-2012 om 02:30:46 RT @anonops: #Facebook.com is NOT under denial of service attack. STOP LYING. reageer retweet

quote:

Just in Time for "Anonymous" Attacks, U.S. NIST Drafts a New Readiness Plan

Two years ago, the U.S. Dept. of Homeland Security firmly decided (again) that a policy of responding to vulnerabilities in the nation's cybersecurity when they happen, is insufficient. The National Institute of Standards and Technology set about on a plan to model a 21st century perpetual vulnerability mitigation scheme - a continuous monitoring (CM) framework that attempts to model security procedures not in terms of crisis and response, but instead as a perpetual cycle of monitoring and engagement that stays basically the same whether or not there's a crisis.

In other words, if you "keep doing this all the time," then whatever happens won't destroy the network. Late last week, NIST produced its first series of drafts for how government information services could look, perhaps later this decade. It's so radically different from anything seen thus far, that NIST acknowledges that no one in the commercial sector has even come up with the language to describe it.



The January draft of NIST's interface specifications (PDF available here) shows five layers of what are periodically described as subsystems. Think of these functional components as comprised of devices, software, and people. Acknowledging that not every CM process can or should be automated, NIST's architects have created these five classes of subsystem to represent the divisions of workflow for both people and technology who work with any data domain. In other words, regardless of what data you're working with, as a government IT worker, you and your programs will fall someplace within this model.

So do software vendors start digesting this system now and try to build products based on it? Right now, NIST acknowledges that might not be possible.

"Each subsystem specification provides product development requirements applicable to specific product types. It is not expected, or desired, that any specific product adopt all of the subsystem specifications. Some of the subsystem specifications describe requirements that already exist within many Information Technology (IT) products. Thus, incorporation of these specifications should require only gentle instrumentation for those existing products. In other cases, the subsystems represent new functionality and product types (e.g., multi-product sensor orchestration and tasking and policy content repositories) that do not currently exist on the market. If vendors choose to adopt these specifications, they will likely need to develop new products. To catalyze vendor involvement we are looking into providing functioning prototypes of these capabilities."

In a situation that will remind some folks of The Hitchhiker's Guide to the Galaxy, NIST comes clean in saying that in order to understand how this solution may eventually work, everyone needs to learn along the way just how the problem works. One of the elements absent from the NIST drafts so far is remediation, for instance. Right now, it's worked out a structural framework for a query system that triggers workflow between the elements of the subsystems shown in the diagram. But the query language itself has not been invented yet.

So are we years away from a working implementation? Perhaps not very many. The CM concept has only been devised in the past few years, and one of the documents that led to the forging of these latest drafts was only produced last September. At that time, the CM concept was being referred to by its broader abbreviation, Information Systems Continuous Monitoring (ISCM).

"The output of a strategically designed and well-managed organization-wide ISCM program can be used to maintain a system's authorization to operate and keep required system information and data... up to date on an ongoing basis," the September document explains. "Security management and reporting tools may provide functionality to automate updates to key evidence needed for ongoing authorization decisions. ISCM also facilitates risk-based decision making regarding the ongoing authorization to operate information systems and security authorization for common controls by providing evolving threat activity or vulnerability information on demand. A security control assessment and risk determination process, otherwise static between authorizations, is thus transformed into a dynamic process that supports timely risk response actions and cost-effective, ongoing authorizations. Continuous monitoring of threats, vulnerabilities, and security control effectiveness provides situational awareness for risk-based support of ongoing authorization decisions. An appropriately designed ISCM strategy and program supports ongoing authorization of type authorizations, as well as single, joint, and leveraged authorizations."

The hope is that, once security vulnerabilities are identified by researchers, either in the public or private sectors, the standardization of their reporting will enable them to be entered into the system like marbles in a pachinko machine. The system will essentially digest them, feeding on them and integrating their lessons into everyday processes. It is a completely different way to think about work and workflow, but desperate times demand it.

quote:

Press freedom index: big falls for Arab trio in year of protest

Syria, Bahrain and Yemen fall backwards as uprisings fail to secure democracy

quote:

The United States, for example, has dropped markedly due to the targeting of journalists covering the Occupy Wall Street movement.

It slipped 27 places, down to 47th place out of a total of 179 countries in the survey. Britain fell from 19th to 28th (though the reason for that remains unclear).

"Crackdown was the word of the year in 2011," said Reporters Without Borders (RWB), the international press freedom watchdog, when releasing its 10th annual index.

. "Never has freedom of information been so closely associated with democracy. Never have journalists, through their reporting, vexed the enemies of freedom so much.

. Never have acts of censorship and physical attacks on journalists seemed so numerous. The equation is simple: the absence or suppression of civil liberties leads necessarily to the suppression of media freedom.

. Dictatorships fear and ban information, especially when it may undermine them."

quote:

The two countries at the top - Finland and Norway - repeated last year's performance. They were joined by Estonia and the Netherlands.

quote:

Op donderdag 26 januari 2012 13:08 schreef YazooW het volgende:

[..]

Alsof Anonymous Facebook down zou kunnen krijgen

quote:

Op donderdag 26 januari 2012 13:52 schreef YazooW het volgende:

[..]

Met z'n allen aan TOR, zullen de kinderpornoliefhebbers wel fijn vinden.

quote:

Op donderdag 26 januari 2012 13:54 schreef YazooW het volgende:

[..]

Beetje gemiddelde TOR gebruiker is dan ook bezig met illegale zaken,

quote:

niet normaal wat je er allemaal op kan vinden.

quote:

Op donderdag 26 januari 2012 14:04 schreef YazooW het volgende:

[..]

MET Tor ja. Je begrijpt wel wat ik bedoel.

quote:

Op donderdag 26 januari 2012 14:14 schreef YazooW het volgende:
Maar over die Chinezen trouwens, die volgens jou vanuit China op Tor kunnen komen, zitten die dan heel de dag OnionIB te checken?

quote:

Op donderdag 26 januari 2012 14:07 schreef Papierversnipperaar het volgende:

[..]

Ik begrijp het, en jij begrijpt het niet. idd.

quote:

Op donderdag 26 januari 2012 14:16 schreef YazooW het volgende:
Je begrijpt heel goed wat ik bedoel, alleen probeer je me steeds te pakken op de manier waarop ik het verwoord... beetje jammer.