Anonops #11: Stop ACTA

quote:

Kazakhstan upgrades censorship to deep packet inspection

In December 2011 we were aware of Kazakhstan increasing Internet censorship in response to some unrest and protests in Zhanaozen in the west. The censorship was then deployed around the country, in many cases with the full support of the populace. The initial invesitgation showed simple IP address blocking coupled with basic dns censorship. Tor continued to work without incident until this week.

JSC KazTransCom, AS35104, has deployed or begun testing deep packet inspection (dpi) of all Internet traffic. They specifically target SSL-based protocols for blocking. This includes Tor, IPsec, and PPTP-based technologies, as well as some SSL-based VPNs. Business and private users of these technologies are equally affected.

An example of the censorship, as recorded by volunteers in country, can be found in this network flow diagram. Kazakhstan is identifying and blocking the SSL client key exchange during the setup of an SSL connection. This graph shows the effects of this deployment of censorship based on dpi.

Luckily, due to our recent experience with Iran we have an answer for people: use obfsproxy. Obfsproxy continues to work in Kazakhstan, as well as Iran. In fact, it works in any country where dpi is used to censor citizens' access to the Internet.

Thank you to the volunteers for spending their Valentine's Day collecting and analyzing data.

quote:

Tor gaat dataverkeer maskeren om filters te omzeilen

De ontwikkelaars van Tor werken aan de mogelijkheid om dataverkeer zo te maskeren dat deze afkomstig lijkt van een ander protocol. Hierdoor moet Tor-verkeer minder last krijgen van agressieve internetfilters.

De methode wordt door Tor omschreven als obfsproxy, oftewel een obfuscated proxy. Via een dergelijke Tor-proxy is het mogelijk om de datastroom te manipuleren. Aan Forbes geeft Tor-ontwikkelaar Andrew Lewman het voorbeeld van een obfsproxy die een met ssl versleutelde datastroom laat lijken op een chatsessie volgens het xmpp-protocol. Hierdoor zouden agressieve filtermethoden als deep packet inspection omzeild kunnen worden.

De obsproxy-methode in Tor is nog experimenteel en zou een stream nog onvoldoende kunnen aanpassen om deze op een betrouwbare manier geheel onherkenbaar te houden. Ook worden alleen verbindingen die gebruik maken van het tls-, ssl- en socks-protocol ondersteund, maar de ontwikkelaars streven er naar om ook http en andere veelgebruikte protocollen te gaan ondersteunen.

Ondanks de alpha-status van obfsproxy, krijgen de Tor-ontwikkelaars positieve reacties vanuit onder andere Iran. In dit land heeft het regime niet alleen ip-blokkades ingesteld, maar sinds kort ook een blokkade op al het ssl- en tls-verkeer doorgevoerd. Door obfsproxy te activeren kunnen Iraanse internetgebruikers alsnog websites als Gmail en Hotmail bereiken doordat het versleutelde dataverkeer gemaskeerd wordt.

quote:

http://translate.google.c(...)F%3Faid%3D1231182589

Athens
An 18 year old arrested in the process of a crime, and two other Greek high school students, 16 and 17 years, accused by the Electronic Crime to participate in the falsification of the website of the Greek Ministry of Justice on February 2.

The three hackers allegedly belonging to the group Greek Hacking Scene (GHS) and declared members of the wider, international organization Anonymous.

"Justice is coming," wrote English invaders in the first page of the site, and upload and video message is also fluent in English, which said: "What is happening in your country is unacceptable. Came to power to express the wishes of your people and you have failed utterly. Kill the most sacred thing for your country is the Republic. "

The three accused students now illegal access to computer systems in accordance with Article 370 of the Penal Code.

During surveys conducted in the homes of the accused seized three laptops and 12 hard drives.

Police are now continuing investigations to identify and other team members

No reference to other objectives

The police statement says, according to online postings, these defendants "have committed dozens of digital attacks." The objectives, however, not specified.

In the evening Sunday, February 13, shortly before the crucial vote in parliament on the new memorandum, Anonymous announced that had set off the sites of ELAS, the Ministry of Citizen Protection, the Greek Prime Minister and the Greek Parliament.

The fact this website was not accessible at that time. The same happened later on the websites of PASOK, New Democracy, the Ministry of Finance and Evangelos Venizelos, but it is not clear whether this was associated with Anonymous.

quote:

Anonymous Invades the Spanish Academy Awards Ceremony For Real



Rather than just crashing web pages, Spanish anonymous members had the balls to crash the equivalent of the Oscars ceremony in Madrid today. Three members of Anonymous sneaked past extreme police and private security controls to jump onto the stage as the event was at one of its highest points, as this image shows.

Pedro Almodovar, Antonio Banderas and Salma Hayek were among those who assisted the awards ceremony, called the Goyas in honor of famous Spanish painter Francisco de Goya. While the award for best director was being presented, three Anonymous members wearing Guy Fawkes' masks tried to jump onto the stage from the orchestra seats. Private security caught them before they could actually made it.

Meanwhile, the Spanish film academy web page was under attack. Anonymous also published contact information of actors, actresses and directors who supported the so-called Ley Sinde, a SOPA-like law designed to kill any kind of web pages without a court order.

I wonder if some Guy Fawkes would have the courage to slip through security the same at Hollywood's Academy Awards. [El Mundo]

quote:

'Britse regering wil internetgebruik realtime kunnen monitoren'

Op initiatief van de veiligheidsdiensten werkt de Britse regering aan wetgeving die het mogelijk moet maken om realtime telefoon- en internetverkeer te monitoren. Privacybeschermers kwalificeren de voorstellen als onacceptabel en gevaarlijk.


Dat meldt The Telegraph op basis van niet nader genoemde bronnen. Volgens de krant wordt er in het kader van nieuwe antiterrorismewetgeving gewerkt aan voorstellen voor het Communications Capabilities Development Programme. Daarin worden internetproviders en telecombedrijven verplicht om onder andere gegevens over telefonie- en dataverkeer een jaar lang in databases op te slaan. De inhoud van telefoongesprekken of e-mailberichten zou niet worden bewaard, maar in de databases moeten wel contactgegevens als telefoonnummers, ip-adressen en e-mailadressen zijn terug te vinden.

De databases zouden door inlichtingendiensten als MI5, MI6 en de politie realtime doorzocht moeten kunnen worden. Zo zou bijvoorbeeld een verdacht persoon die mobiele telefoongesprekken voert razendsnel opgespoord kunnen worden. De voorstellen zouden echter nog verder gaan: ook gebruikers van sociale-netwerksites zouden in kaart gebracht moeten worden. Zo willen de voorstanders inzicht krijgen in berichten die gebruikers van onder andere Facebook en Twitter naar elkaar sturen, terwijl zelfs communicatie tussen de spelers van multiplayergames te volgen zou moeten zijn.

Het ministerie van Binnenlandse Zaken zou al twee maanden onderhandelingen zijn aangegaan met bedrijven als O2, BT, Vodafone en Virgin Media, terwijl de wetsvoorstellen in mei door de Britse regering openbaar gemaakt kunnen worden. Hoewel de Conservatieve premier Cameron bij zijn aantreden nog beloofde de privacy hoog in het vaandel te hebben, lijken de inlichtingendiensten met succes druk te hebben uitgeoefend om een eerder gesneuveld wetsvoorstel van de regering Blair nieuw leven in te blazen.

Britse voorvechters voor de privacy hebben al afwijzend gereageerd op de plannen voor een 'spionagewet'. Zo spreekt de Open Rights Group van een onacceptabele 'systematische methode' om alle digitale communicatie van burgers af te tappen. Naast de vraag of de voorstellen technisch haalbaar zijn, stelt de organisatie dat de opgeslagen informatie hoogst aantrekkelijk is voor hackers. Ook zouden internetproviders misbruik kunnen maken van de verzamelde data van hun gebruikers, bijvoorbeeld voor gerichte reclame. Vanuit de organisatie Privacy International klinken soortgelijke geluiden, maar een regeringswoordvoerder laat in een reactie aan de Britse krant weten dat de wetgeving nodig is om criminaliteit en terrorisme effectief te kunnen bestrijden.

quote:

s3rver.exe exposed SQLi vulnerability in Chinese Police website

A Hacker known as s3rver.exe break into a Chinese police website and exposed the vulnerability details. In twitter , he announced that "Chinese police owned" and tweet a link to pastebin.

Hacker exploit the SQL Injection vulnerability in the Panjin City Public Security Bureau website(http://gaj.panjin.gov.cn). He published the vulnerable link and a code to extract the database details.

In past , hacker hacked The ICT Specific Council (ICTSC) website, Tongcheng Environmental Protection Agency website(tchjbh.gov.cn)

quote:

Op maandag 20 februari 2012 17:01 schreef Ronnie_bravo het volgende:
Is dat nou leuk zo'n monoloog met knip en plakwerk??

quote:

Op maandag 20 februari 2012 21:40 schreef princem het volgende:
Op welk forum zitten die anonymous heren.wil ff kijken of zitten ze verstopt?

quote:

Viewpoint: The internet is broken - we need to start over
^{By Prof Alan Woodward Department of Computing, University of Surrey}

Last year, the level and ferocity of cyber-attacks on the internet reached such a horrendous level that some are now thinking the unthinkable: to let the internet wither on the vine and start up a new more robust one instead.

On being asked if we should start again, many - maybe most - immediately argue that the internet is such an integral part of our social and economic fabric that even considering a change in its fundamental structure is inconceivable and rather frivolous.

I was one of those. However, recently the evidence suggests that our efforts to secure the internet are becoming less and less effective, and so the idea of a radical alternative suddenly starts to look less laughable.

One example of struggling security comes from Neira Jones, head of payment security at Barclaycard. She told me that in the UK alone, identity fraud costs more than £2.7bn every year and affects over 1.8 million people.

We also increasingly have other forms of cyber-attacks from political activists (so called 'hacktivists'), and cyber-espionage and warfare, where the internet has become another stage for global conflict between nations.
Prof Alan Woodward Prof Alan Woodward is a cybersecurity expert at the University of Surrey

We need to understand the root of the problem.

In essence, the internet was never intended to be a secure network. The concept was developed by the Defense Advanced Research Projects Agency (Darpa) as a means of allowing a distributed computer system to survive a nuclear attack on the US.

Those who designed the Internet Protocol (IP) did not expect that someone might try to intercept or manipulate information sent across it.

As we expanded our use of the internet from large, centralised computers to personal computers and mobile devices, its underlying technology stayed the same.

The internet is no longer a single entity but a collection of 'things' unified by only one item - IP - which is now so pervasive that it is used to connect devices as wide-ranging as cars and medical devices.

Many technologies were then built upon this foundation. The best known was HyperText Mark-up Language (HTML) which is what allows web pages such as this to be displayed in the way you view it now.

And, yes, many of these technologies included the ability to secure the data that is being transmitted over the internet. All will have used one of these 'secure' technologies, most usually when buying something over the internet.

Technology to serve

But, stop and ask yourself this, if it is 'secure', why are there so many successful attacks?

Some argue that humans are the weak link and hence changing the internet's underlying technology would not really solve the problem. I take issue with that. Technology serves people not vice versa.

It is unreasonable to expect users in general to understand complex technologies to the degree necessary to ensure they operate securely over the internet.

It's analogous to a house. By default a house should be built to allow it to be occupied safely.

If you chose to start knocking down walls then it is your fault if the house collapses. But if the foundations of any structure are unsound, no matter how strong or unmodified the building on top, there is always a significant risk of safety being undermined through no fault of yours.

Of course, some argue that you can simply underpin structures with shaky foundations. There are other, more secure technologies that could be substituted for the current 'IP'.

This June sees the launch of what many consider to be the next generation of IP (known as IPv6 and IPSec) which is capable of securing all data transmitted over the internet.
Anti-Acta protest in Warsaw Hacktivists have helped create a new stage for global conflict, ProfWoodward says

However, availability of a better technology does not automatically lead to its adoption. Secure alternatives to IP have existed for a long time and yet none have been adopted widely.

In fact, the launch in June is more of a relaunch intended to reinvigorate interest in the next generation of IP which was developed in 1998.

I have my doubts as to its success as the internet has a momentum of its own: without someone mandating its use, or more specifically how it should be used, it is unlikely that it will be deployed to make up for the current shortcomings.
.

Security afterthought

Ever since the internet first changed from an academics' toy to become a commercial tool in the 1990s, security has always been an afterthought.

Only in an environment where the providers of the underlying networks insist upon the use of a single, secure technology, can one have a set of firm foundations.

Sadly, a key characteristic of our current internet is that it is a lawless, unregulated environment. Even governmental attempts at governance have failed as the internet is global and no truly global governance body exists.

Neira Jones summed it up nicely when she said to me that while regulations are trying to address the security void, success will depend on collective responsibility and accountability as well as extensive awareness and education at all levels.
Continue reading the main story
“Start Quote

We can have areas of the internet that are governed by a global body”

While not a popular view, I think that the current internet can only survive if adequate global governance is applied and that single, secure technology is mandated. This is obviously fraught with the much rehashed arguments about control of the internet, free speech, and so on.

Then there is the Herculean task of achieving international agreement and a recognised and empowered governance body.

However, this exists for other shared infrastructures, from aviation to telephony, so it is not impossible.

I think the answer lies somewhere in the middle.

We can have areas of the internet that are governed by a global body and run on technologies which are inherently secure, and we can have areas which are known to be uncontrolled.

They can coexist using the same physical networks, personal computers and user interface to access both but they would be clearly segregated such that a user would have to make a clear choice to leave the default safe zone and enter what has been described as "the seediest place on the planet".

quote:

Updated: FTC dropped security requirements from contract for sites hit by Anonymous

Update: Fleishman-Hilliard is disputing the facts of the hack as presented by hosting provider Media Temple. Bill Pendergast, general manager of the Fleishman-Hillard DC office, told Ars Technica, ""For Media Temple to claim ignorance of hosting the FTC -- or other government -- sites is completely false. In their own words, Media Temple is deep in this area, with what they claim to be the appropriate level of compliance. It's hard to see how their fiction helps anyone get to a constructive outcome." A fully-updated story with the latest information from FTC, Fleishman-Hilliard and Media Temple will be posted shortly.

If you were looking for a recipe for creating government websites that attract defacement attacks, the acquisition process that led to the creation of a set of recently hacked Federal Trade Commission sites would be a good place to start. Despite a raft of federal security regulations and guidelines for using cloud services, smaller projects often fall through the cracks of security oversight—just as they often do with outsourced marketing projects for large corporations.

The initial language of the FTC's solicitation for the $1.49 million contract that created the sites that were hacked on January 24 and February 17 set out very specific language about the security requirements for the site. But by the time the contract for a set of consumer and business education websites and social media was awarded to public relations firm Fleishman-Hilliard in August of 2011, those requirements were dropped from the statement of work.

In part, the security requirements were dropped because the FTC planned to host the sites with someone other than the winner of the contract. But Fleishman-Hilliard ended up setting up the servers for the sites themselves—on Media Temple's unmanaged server-in-the-cloud service that was never intended for .gov sites. And it appears the FTC signed off on the move.

As a result, the servers provisioned for a number of FTC sites, including a site providing recommendations for business and consumer information security, were configured with an outdated version of the Drupal content management system that offered up a tempting target to Anonymous "antisec" hackers looking to embarrass the government.

When the FTC originally posted the solicitation for bids in May of 2011, the statement of work included strong security language for the project, stating that the servers for the project would be subject to the requirements of the Federal Information Security Management Act of 2002 (FISMA). And as part of those requirements, the FTC's solicitation spelled out contractors' responsibilities regarding data breaches: "The contractor shall be required to prevent and remedy data breaches and to provide the FTC with all necessary information and cooperation, and to take all other reasonable and necessary steps and precautions, to enable the FTC to satisfy its data breach reporting duties under applicable law, regulation, or policy in the event, if any, that a breach occurs… The Information System Security Plan required elsewhere in this document shall include policies and procedures necessary to ensure the timely detection of and reporting to the FTC of data breaches, as well as safeguards to prevent and mitigate the risk of, as well as to remedy, such breaches, if any."

But by the time the contract was awarded, the FTC had struck any reference to security requirements from its amended statement of work. In a "Questions and Answers" document posted by the FTC's Office of Acquisitions on June 3, the office responded to a question on the nature of the security requirements of the project by stating "This information has been deleted from the statement of work." In the same Q&A document, the FTC said that the websites built under the contract "will be hosted by a third-party hosting provider to be contracted separately and directly by the FTC."

That clearly didn't happen. Media Temple, the hosting service that was used to provide the servers for the sites, wasn't contracted by the FTC; instead, the sites were set up by Fleishman-Hilliard, and the hosting provider was unaware they were being used for .gov domains, according to Media Temple chief marketing officer Kim Brubeck.

The result of the process was that a whole set of FTC domains—including business.ftc.com, OnGuardOnline.gov, and the National Consumer Protection Week blog—were left unpatched and exposed to attack, creating low-hanging fruit for attackers like Anonymous. And there are clearly many other civilian federal agencies that have the same problem. Anonymous' Antisec collective claims to have amassed a large number of similar federal sites that it has already compromised.

quote:

ACTA is part of a multi-decade, worldwide copyright campaign

Last week, we observed that major content companies have enjoyed a steady drumbeat of victories in Congress and the courts over the last two decades. The lobbying and litigation campaigns that produced these results have a counterpart in the executive branch. At the urging of major copyright holders, the Obama administration has been working to export restrictive American copyright laws abroad. The Anti-Counterfeiting Trade Agreement (ACTA) is just the most visible component of this ambitious and long-running project.

Ars Technica recently talked to Michael Geist, a legal scholar at the University of Ottawa, about this effort. He told us that rather than making their arguments at the World Intellectual Property Organization, where they would be subject to serious public scrutiny, the US and other supporters of more restrictive copyright law have increasingly focused on pushing their agenda in alternative venues, such as pending trade deals, where negotiations are secret and critics are excluded.

The growing opposition to ACTA in Europe suggests this strategy of secrecy may have backfired. But the US is not giving up. It has already begun work on its next secret agreement, ealled the Trans-Pacific Partnership. Geist told Ars that restoring balance to copyright law will require reformers to be as determined as their opponents have been. He said that donating to public interest groups that focus on international copyright issues is the best way to make sure that the public interest is well-represented.

Exporting copyright law

Countries have been negotiating international copyright treaties for more than a century, but the passage of two treaties in the 1990s represented a turning point in international copyright law.

The Trade-Related Aspects of Intellectual Property Rights (TRIPS) agreement, signed in 1994, made protection of copyrights a requirement of membership in the World Trade Organization. Countries that failed to meet international copyright standards could face trade sanctions. The 1996 World Intellectual Property Organization Copyright Treaty further ratcheted up the minimum requirements for copyright protection—requiring, for example, that signing countries regulate the circumvention of digital rights management schemes.

WIPO's relatively open structure meant that major copyright holders didn't get everything they wanted in the 1996 treaty. For example, Geist said, the United States was unable to get the strong anti-circumvention language it preferred into the WIPO treaty.

"WIPO is a place that's more open than it used to be," Geist told Ars. "Because of the consensus-based approach, there is a necessity to engage in negotiating." Indeed, in recent years reformers have begun to make headway themselves. Treaties to liberalize copyright in ways that benefit libraries and the blind are now under consideration at WIPO.

So, Geist said, the US has increasingly engaged in forum-shopping, bypassing WIPO and pushing for stronger copyright protection in a wide variety of other venues. For example, the United States has negotiated a series of bilateral trade agreements with nations such as South Korea, Australia, and Chile. While they're branded as free-trade deals, they also require the other country to adopt the more punitive copyright regime favored by the United States.

The negotiations over the Anti-Counterfeiting Trade Agreement were part of this trend. In contrast to the relatively open WIPO process, ACTA was negotiated in secret by a relatively small number of mostly wealthy countries. The developing nations who would be the most likely to object weren't invited to participate. The plan was to present the finished treaty to the world on a "take it or leave it" basis.

Unfortunately, the plan didn't work as well as its backers had hoped. Early drafts of the treaty leaked, giving opponents time to organize against the most extreme provisions in the treaty. And the secretive and non-representative nature of the negotiation process created a bad taste in the mouths of many stakeholders. Concerns over ACTA's secretive drafting process may have been as important as any of the treaty's substantive provisions in generating European opposition. If Europe fails to ratify ACTA, it will dramatically weaken the treaty.

Try, try again

But the US isn't giving up. To the contrary, the US and its industry backers seem to have concluded the problem with ACTA was that they didn't try hard enough to lock down the negotiating process. So they're now plowing forward with the Trans-Pacific Partnership. This time, the US has cut the leak-prone Europeans out of the process, limiting negotiations to eight countries such as New Zealand and Peru that are much easier for the United States to intimidate. Presumably, the goal is to enshrine the US's preferred copyright policies in the TPP and then use the TPP as a template for future agreements.

Once the US gets a critical mass of countries to sign a deal, it can then use other carrots and sticks to pressure additional countries to sign on. Geist said one important tool is the so-called "Special 301" list, an annual watchlist of countries Washington considers to have insufficiently strict copyright laws. Not only will countries be pressured to sign onto ACTA, the US may also press them to implement even those provisions of ACTA that the agreement itself labels as optional.

Geist believes that the interests behind SOPA and ACTA are likely to view recent defeats as temporary setbacks. "They're not playing for next year," he said. "They're playing for 10 years and 20 years in the future."

He said that reformers can resist their agenda, but only if they play the same "long game" as their opponents. Ordinarily, the most important thing a citizen of a democracy can do to stop bad public policies is to call their legislators. But in this case, most of the action is occurring in international organizations where individual legislators have little influence.

To fight agreements like ACTA requires organizations with the sophistication and resources to navigate the complex world of international diplomacy. Geist pointed to Knowledge Ecology International, Public Knowledge, and the Electronic Frontier Foundation as examples of organizations with a track record of resisting the drive toward ever-stronger copyright protection.These organizations are "WIPO regulars" well positioned to stay in the trenches and ensure the public interest is well-represented regardless of the venue. Geist said that donating to these organizations is the most effective way for ordinary voters to help resist the worldwide trend toward ever-more-extreme copyright laws.

quote:

Interview: With the 15yo hacker who hacked 5 Australian Government sites and Harvard / #list #rls #legion

^{Published February 19th, 2012}

Over the past 30 hours or so there has been two fairly big story’s that have both come from attacks carried out by the same hacker, first Harvard got exposed and hacked and had emails leaked and then today 5 Australian government websites got hacked.

We had the chance to interview the hacker who is just 15yo and goes by the name PrOtOn and is part of D157UR83D Crew

So here is the main interview raw pasted. as you will see PrOtOn has more plans for the Australian government that involves the AFP ( Australian federal police).

quote:

PrOtOn my first hack was in primary school, i think i was 11

quote:

Interview: With 13yo hacker @s3rverexe who hacked UFC and other high profile sites

Over the past few months there has been a fair few high profile government and non government sites hacked by an anonymous hacker named @s3rverexe .

Well CWN has had a chance to one on one interview them about the recent hacks and to help the public get to know them better as well.

To our surprise, s3rver is just a young kid raging havoc across the Internet at just the age of 13. Some of the sites they have hacked are usa.gov, 80 Brazilian Government Sites in the name of #OpBrazil and of coarse the well know very public attacks on the UFC websites.

Well here is the raw interview that we had with them.

quote:

Attracties van zwembad door hackers te beheren

Door een blunder van de Gemeente Stichtse Vecht kon iedereen een subtropisch zwembad beheren. Van glijbaan tot de temperatuur van het water, alles stond wijd open. Het lek is inmiddels gedicht.

Het lek werd gevonden door twee beveiligingsonderzoekers, die zich op voorwaarde van anonimiteit meldden bij Webwereld. Zij waren vooral bezorgd over het welzijn van kinderen. Het SCADA-systeem van zwembad ' t Kikkerfort stond weken open en bloot op internet. Daardoor konden zaken als de temperatuur van het water en het aan en uit zetten van attracties door iedereen van afstand worden geregeld.

Bezorgd

Aanvankelijk dachten de onderzoekers dat ook de chloortoevoer kon worden geregeld. "Ik heb zelf kinderen en toen ik zag dat het ook om chloor ging, wilde ik dat er meteen iets gebeurde", vertelt een van de onderzoekers tegen Webwereld. "Het is mijn nachtmerrie dat er iets met kinderen gebeurt omdat iemand in een of ander vreemd land een 'grapje' wil uithalen. Als je aan de kassa komt van een zwembad vraag je niet of er een SCADA-systeem in gebruik is."

Webwereld heeft na de melding onmiddellijk contact gezocht met het verantwoordelijke installatiebedrijf, medewerkers van het zwembad en het National Cyber Security Center. Hierop is het systeem van internet ontkoppelt. Pas daarna werd duidelijk dat de hoeveelheid chloor niet kon worden ingesteld. "Dat durfden wij niet te bekijken, want dan ga je een grens over", zeggen de onderzoekers.

Onderhoud

De verantwoordelijke gemeente Stichtse Vecht erkent het probleem en legt uit dat de verbinding naar het systeem wordt opgezet voor onderhoud door de installateur als een probleem niet door medewerkers van het zwembad kan worden opgelost. "Onlangs is dit systeem na onderhoudswerkzaamheden van de installateur niet gesloten, waardoor het - langer dan normaal het geval is - heeft open gestaan", vertelt voorlichter Pieter Doesburg aan Webwereld.

"De gemeente beaamt dat deze werkwijze in het systeem niet veilig is en heeft direct actie ondernomen door de verbinding te beveiligen voor derden. Hierdoor is het in de toekomst niet meer mogelijk om op het systeem te komen", stelt Doesburg. Hij benadrukt dat het niet mogelijk was de gezondheid in gevaar te brengen, maar begrijpt de bezorgdheid wel. "Nogmaals, de gemeente betreurt de gang van zaken en is blij dat - dankzij deze onderzoeksjournalist - ons bewustzijn en handelen op het gebied van veiligheid van IT-systemen is aangescherpt."

VPN-optie

Ook Hollander Techniek, die het systeem heeft geleverd, erkent de situatie en de lezing van de gemeente. Omdat Webwereld meerdere systemen van dit bedrijf heeft aangemeld, hebben zij na melding direct een scan uitgevoerd bij al hun klanten en die gewaarschuwd.

"We bieden de mogelijkheid om de verbinding te beveiligen met een VPN en bieden dat ook altijd aan. Maar ja, dat kost wel geld en niet iedere klant wil dan de extra beveiliging", vertelt Jacob Brobbel, commercieel manager van het bedrijf. Hij wijst erop dat zwembaden moeten rondkomen van een klein budget. "Zwembaden zitten al krap. Ze zien dat [misbruik van SCADA - redactie] niet als een risico, dus daar wordt niet in geïnvesteerd. Het is onwetendheid. Het komt gewoon omdat het [hacken - redactie] ze zelf niet lukt."

In de standaard procedure wordt bij onderhoud eerst met de klant gebeld, waarna die het systeem aansluit op internet. Als het onderhoudswerk klaar is, wordt de klant opnieuw gebeld om dat aan de klant te melden. "Dan staat de verbinding kort open."

Toch is de recente media-aandacht voor SCADA-problemen voor het bedrijf wel reden om te kijken of er toch aanvullende maatregelen in het standaard product kunnen worden opgenomen.

quote:

Scared of Anonymous? NSA chief says you should be

Anonymous has so far plied its trade in "hactivist" exploits. But according to the director of the National Security Agency, it might soon turn its focus to U.S. infrastructure.

According to the Wall Street Journal, citing sources, Gen. Keith Alexander has said in private meetings at the White House and elsewhere that the U.S. must keep a close eye on Anonymous' growth. He reportedly warned that if the organization continues to gain power, it might even take down a part of the U.S. power grid within the next couple of years.

How serious might such an attack on the power grid be? An industry official speaking to the Journal said that the U.S. grid has backups in place to safeguard against attacks. For a limited period of time, however, it could cause trouble.

The NSA's concerns about Anonymous underscore the power the loosely affiliated group of individuals has secured in recent months. The organization played a role in the scandal surrounding WikiLeaks founder Julian Assange, retaliating after Assange's bank accounts were frozen and methods of donations cut off by credit card companies and payment services like PayPal. Anonymous has continued to target individuals and organizations, all with the goal of embarrassing them or revealing what it believes is are injustices.

Anonymous has made no indication that it plans to attack the power grid. And its hacks, while decried by government officials, are celebrated by others who say the group is acting on the average citizen's behalf.

Lately, however, Anonymous has turned its attention toward governments. Earlier this month, the hacking collective claimed to have taken down the CIA's Web site, as well as sites for the Mexican Senate and Interior Ministry. The group also revealed that it accessed identifying information, including Social Security numbers and criminal records, of 46,000 Alabama residents.

Those hacks came just days after Anonymous released hundreds of e-mails purported to come from Syrian President Bashar al Assad's office.

Securing the electrical grid from both hackers and other governments has been a concern for years. So far, however, the U.S. government can't quite decide which agency should be charged with managing its security.

In December, MIT researchers issued a report saying that a single federal agency should be safeguarding the electrical grid. The Obama Administration has argued that the Department of Homeland Security should handle the task, while members of Congress have called on the Department of Energy or Federal Energy Regulatory Commission to take over.

Regardless, MIT isn't convinced that the threats to the electrical grid are something to be too concerned about. The researchers said that only complacency could lead to its downfall.

"Between now and 2030, the electric grid will confront significant new challenges and inevitably undergo major changes," the researchers said. "Despite alarmist rhetoric, there is no crisis here. But we do not advise complacency."

quote:

The Pirate Bay Faces UK ISP Block After High Court Ruling

In a case brought by major recording labels including Sony, EMI and Warner, today a judge in the High Court ruled that The Pirate Bay and its users breach copyright on a major scale. The ruling means that it is almost inevitable that The Pirate Bay will face a nationwide UK ISP blockade in the coming months.

After the MPA won its blocking case against the Newzbin2 Usenet indexing site last year, it became clear that the entertainment industries would seek further injunctions against similar sites.

Predictions pointing towards The Pirate Bay, the world’s largest BitTorrent site, were spot on. This time Hollywood would step aside and leave it to the recording industry to obtain an injunction which would force ISPs to block the infamous torrent site.

Nine labels including EMI , Polydor, Sony, Virgin and Warner, say that The Pirate Bay infringes their copyrights and that several ISPs including BSkyB, BT, TalkTalk, Telefonica and Virgin Media, should implement a blockade under Section 97A of the Copyright, Designs and Patents Act.

Section 97A of the Act gives courts the power to order an injunction against an ISP if it can be proven that it had knowledge that its services were being used to infringe copyright.

In the High Court today Mr Justice Arnold drew parallels with the Newzbin2 case but actually went further by stating that the case against The Pirate Bay and its users was actually somewhat stronger.

He said that the operators of TPB have the power to prevent copyright infringement and noted that the site is prepared to remove torrents if they are mislabeled, child porn, malware or spam.

“As a matter of policy, however, the rights of copyright owners are excluded from the criteria by which the operators of TPB choose to exercise this power,” he said, noting that the site’s owners had treated previous rulings against them with contempt.

“Indeed, according to a statement on the website, the reason for its recent adoption of Magnet links as the default option is that ‘it’s not as easy to block as .torrent files’. This confirms the operators’ determination to do whatever they can to provide users with unrestricted access to torrent files and thereby enable the users to continue to infringe,” Justice Arnold noted.

“In my judgment, the operators of TPB do authorize its users’ infringing acts of copying and communication to the public. They go far beyond merely enabling or assisting. On any view, they ‘sanction, approve and countenance’ the infringements of copyright committed by its users. But in my view they also purport to grant users the right to do the acts complained of.

“It is no defense that they openly defy the rights of the copyright owners. I would add that I consider the present case to be indistinguishable from 20C Fox v Newzbin in this respect. If anything, it is a stronger case,” he concluded.

According to Geoff Taylor, chief executive of the British Phonographic Industry, today’s ruling is a clear indication that The Pirate Bay operates illegally.

“The ruling helps clarify the law on website blocking and we will now proceed with our application to have the site blocked to protect the UK’s creative industries from further harm,” Taylor said.

If things go smoothly for the labels, a nationwide blockade of The Pirate Bay could be in place in a matter of months. We’ll update this post later today with comment from the site’s operators.

quote:

Anonymous Accuse NSA of Fear Mongering

Anonymous hackers have lashed out at NSA comments suggesting it would soon be able to bring about limited power outages using cyber attacks.

Responding to comments allegedly made by the director of the National Security Agency (NSA) General Keith Alexander to The Wall Street Journal, numerous Twitter accounts associated with Anonymous tweeted messages accusing the agency of fear mongering.

"Why would Anons shut off a power grid? There are ppl on life support / other vital services that rely on it. Try again NSA. #FearMongering." read one tweet from YourAnonNews.

Citing people familiar with the matter as its source, The Wall Street Journal reported that Alexander had made the comments during meetings at the White House and a number of other private sessions.

The publication claimed that Alexander had expressed concerns that Anonymous would be able to disrupt power supplies. Alexander had previously publicly expressed concerns about cyber criminals' abilities to disable or even damage computer networks.

The concerns expressed by Alexander refer to the numerous high profile cyber attacks Anonymous has mounted across the world. On multiple occasions the hacktivist collective has successfully breached high-profile companies, law enforcement and military organisations including the FBI, Soca and numerous military contractors.

Alexander's comments come just after Anonymous promised to make a "massive" announcement by the end of the week. The statement was made on Tuesday, stemming from the YourAnonNews Twitter account. While remaining vague about the details, the account posted an ominous tweet promising a large announcement was coming.

"Stay tuned for a MASSIVE announcement from #Anonymous, coming later this week," read YourAnonNews's tweet. Following the message numerous other Anons - the name Anonymous members use to refer to themselves - retweeted the message.

The NSA has not responded to the International Business Times UK's requests for comment on The Wall Street Journal's article.

Read more: http://www.ibtimes.co.uk/(...)sa.htm#ixzz1n3Y7jybl

quote:

The U.N. Threat to Internet Freedom

Top-down, international regulation is antithetical to the Net, which has flourished under its current governance model.

On Feb. 27, a diplomatic process will begin in Geneva that could result in a new treaty giving the United Nations unprecedented powers over the Internet. Dozens of countries, including Russia and China, are pushing hard to reach this goal by year's end. As Russian Prime Minister Vladimir Putin said last June, his goal and that of his allies is to establish "international control over the Internet" through the International Telecommunication Union (ITU), a treaty-based organization under U.N. auspices.

If successful, these new regulatory proposals would upend the Internet's flourishing regime, which has been in place since 1988. That year, delegates from 114 countries gathered in Australia to agree to a treaty that set the stage for dramatic liberalization of international telecommunications. This insulated the Internet from economic and technical regulation and quickly became the greatest deregulatory success story of all time.

Since the Net's inception, engineers, academics, user groups and others have convened in bottom-up nongovernmental organizations to keep it operating and thriving through what is known as a "multi-stakeholder" governance model. This consensus-driven private-sector approach has been the key to the Net's phenomenal success.

In 1995, shortly after it was privatized, only 16 million people used the Internet world-wide. By 2011, more than two billion were online—and that number is growing by as much as half a million every day. This explosive growth is the direct result of governments generally keeping their hands off the Internet sphere.

Net access, especially through mobile devices, is improving the human condition more quickly—and more fundamentally—than any other technology in history. Nowhere is this more true than in the developing world, where unfettered Internet technologies are expanding economies and raising living standards.

Farmers who live far from markets are now able to find buyers for their crops through their Internet-connected mobile devices without assuming the risks and expenses of traveling with their goods. Worried parents are able to go online to locate medicine for their sick children. And proponents of political freedom are better able to share information and organize support to break down the walls of tyranny.

The Internet has also been a net job creator. A recent McKinsey study found that for every job disrupted by Internet connectivity, 2.6 new jobs are created. It is no coincidence that these wonderful developments blossomed as the Internet migrated further away from government control.

Today, however, Russia, China and their allies within the 193 member states of the ITU want to renegotiate the 1988 treaty to expand its reach into previously unregulated areas. Reading even a partial list of proposals that could be codified into international law next December at a conference in Dubai is chilling:

• Subject cyber security and data privacy to international control;

• Allow foreign phone companies to charge fees for "international" Internet traffic, perhaps even on a "per-click" basis for certain Web destinations, with the goal of generating revenue for state-owned phone companies and government treasuries;

• Impose unprecedented economic regulations such as mandates for rates, terms and conditions for currently unregulated traffic-swapping agreements known as "peering."

• Establish for the first time ITU dominion over important functions of multi-stakeholder Internet governance entities such as the Internet Corporation for Assigned Names and Numbers, the nonprofit entity that coordinates the .com and .org Web addresses of the world;

• Subsume under intergovernmental control many functions of the Internet Engineering Task Force, the Internet Society and other multi-stakeholder groups that establish the engineering and technical standards that allow the Internet to work;

• Regulate international mobile roaming rates and practices.

Many countries in the developing world, including India and Brazil, are particularly intrigued by these ideas. Even though Internet-based technologies are improving billions of lives everywhere, some governments feel excluded and want more control.

And let's face it, strong-arm regimes are threatened by popular outcries for political freedom that are empowered by unfettered Internet connectivity. They have formed impressive coalitions, and their efforts have progressed significantly.

Merely saying "no" to any changes to the current structure of Internet governance is likely to be a losing proposition. A more successful strategy would be for proponents of Internet freedom and prosperity within every nation to encourage a dialogue among all interested parties, including governments and the ITU, to broaden the multi-stakeholder umbrella with the goal of reaching consensus to address reasonable concerns. As part of this conversation, we should underscore the tremendous benefits that the Internet has yielded for the developing world through the multi-stakeholder model.

Upending this model with a new regulatory treaty is likely to partition the Internet as some countries would inevitably choose to opt out. A balkanized Internet would be devastating to global free trade and national sovereignty. It would impair Internet growth most severely in the developing world but also globally as technologists are forced to seek bureaucratic permission to innovate and invest. This would also undermine the proliferation of new cross-border technologies, such as cloud computing.

A top-down, centralized, international regulatory overlay is antithetical to the architecture of the Net, which is a global network of networks without borders. No government, let alone an intergovernmental body, can make engineering and economic decisions in lightning-fast Internet time. Productivity, rising living standards and the spread of freedom everywhere, but especially in the developing world, would grind to a halt as engineering and business decisions become politically paralyzed within a global regulatory body.

Any attempts to expand intergovernmental powers over the Internet—no matter how incremental or seemingly innocuous—should be turned back. Modernization and reform can be constructive, but not if the end result is a new global bureaucracy that departs from the multi-stakeholder model. Enlightened nations should draw a line in the sand against new regulations while welcoming reform that could include a nonregulatory role for the ITU.

Pro-regulation forces are, thus far, much more energized and organized than those who favor the multi-stakeholder approach. Regulation proponents only need to secure a simple majority of the 193 member states to codify their radical and counterproductive agenda. Unlike the U.N. Security Council, no country can wield a veto in ITU proceedings. With this in mind, some estimate that approximately 90 countries could be supporting intergovernmental Net regulation—a mere seven short of a majority.

While precious time ticks away, the U.S. has not named a leader for the treaty negotiation. We must awake from our slumber and engage before it is too late. Not only do these developments have the potential to affect the daily lives of all Americans, they also threaten freedom and prosperity across the globe.

quote:

Op dinsdag 21 februari 2012 23:07 schreef n00b13 het volgende:
Leest iemand al die artikelen?

quote:

Op dinsdag 21 februari 2012 23:28 schreef n00b13 het volgende:

[..]

ik wilde je ook niet aanvallen ofzo hoor (lees het net terug en denk: hm..), het was meer dat het zoveel was.

twitter:

anonymouSabu twitterde op dinsdag 21-02-2012 om 23:50:17 Read the story of the 3 greek teenagers arrested for hacking the ministryofjustice.gr? We just showed the world the Greek feds got it wrong reageer retweet

twitter:

AnonymousIRC twitterde op dinsdag 21-02-2012 om 23:54:09 ministryofjustice.gr HACKED BY #ANTISEC. DONT PUT IN JAIL POLITICAL DISSIDENTS #Anonymous #ALLYOURBASEAREBELONGTOUS reageer retweet

quote:

Op woensdag 22 februari 2012 15:08 schreef YazooW het volgende:
Niet helemaal gevolgd over de Grieken, wat hebben ze gedaan nu anon boos is op ze?

quote:

Anonymous Hacks Greek Ministry Website, Demands IMF Withdrawal, Threatens It Will Wipe Away All Citizen Debts

If there is one war that Greece could not afford to join, that is with the global computer hacking collective known as Anonymous. Yet as of minutes ago, that is precisley what happened, after Anonymous, as part of what it now calls Operation Greece, took down the Greek Ministry of Justice (http://www.ministryofjustice.gr/). While the pretext for the hacking appears to have been an arrest of the wrong people, is seems to have angered Anonymous to the point where they have left an extended message of demands on the Greek website, warning that unless the IMF withdraws from the country and the government resigns, all debts of Greek citizens will be wiped clean.

Translated from the Greek:

Citizens of Greece

We are Anonymous.
We watch every day your government abolishes the constitution and institutions of the country.
We see them leading you closer and closer to poverty.
We see them pass laws that deprive you of any right to dignity.
We see them and deliver the country to the IMF and the bankers.
We know about the soup kitchens in schools,
for people who are left jobless and now wait in queues for a plate of food.
We know that your country voted ACTA in your effort to silence and other Greeks.
We know everything ...
The Republic in Greece has died.
He died while a government that has not been elected by the people.
And for this reason that the time for discussion came and went.
Not negotiating anything with any of those who murdered him.
Can you hunt as you like, you can even capture some of us,
When you attempt to silence us ...
But for every one that will capture 3 others will spring up. There are 5 or 10 or 100.
Now the Greeks are all Anonymous.
We are millions against you and the 300 in this war tear gas will not help you.

Occupying Government of Greece
These days are going to vote for a bill that will be the last nail in the coffin of the Greek.
A bill to return the country to a totalitarian rule.
To bring the country and its people in absolute poverty.
We will not allow another misery to the Greek people.
We demand your resignation immediately, and elections.
We demand not paid a cent to moneylenders 'friends' you.
We demand the immediate withdrawal of the IMF from Greece.
The Justice Department was only a small sample of what we're capable of doing
Even you have not seen the full wrath of Anonymous.
For each article of a bill that would shame the vote,
we will shut the system and deleting an Inland Revenue debts of Greek citizens
Debts which requires them to fascist pay.
Can the demonstrations of the Greeks to their encounter with incredible violence,
anexelekta hitting, but the internet is our field. And I love this war.
We are many and we will be brief.

Citizens of Greece, Anonymous is now fighting on your side ...

Government of Greece, let us wait ...

E X P E C T U S !

J U S T I C E I S C O M I N G !

quote:

Statement by Viviane Reding, Vice-President of the European Commission
and EU Commissioner for Justice, Fundamental Rights and Citizenship,
on freedom of expression and information via the Internet, attempts to
block websites, "three-strikes-laws", and ACTA

quote:

The European Commission has therefore decided today to ask the
European Court of Justice for a legal opinion to clarify that the ACTA
agreement and its implementation must be fully compatible with
freedom of expression and freedom of the Internet.

quote:

Database Nationale Theaterkassa gehackt, creditcardgegevens gelekt

Een van de databases van concertkaartensite Nationale Theaterkassa is gehackt. Daardoor zijn adres- en creditkaartgegevens van bijna honderdduizend mensen op straat komen te liggen. De hacker heeft de database, die ook transacties en correspondentie bevat, volledig opengezet.

Dat meldt nu.nl, die de informatie van een andere hacker toegespeeld heeft gekregen. Die hacker kwam erachter dat de database zonder wachtwoord te benaderen was. Onder de gegevens bevinden zich ook 2100 creditcardnummers met vervaldatum, waarvan er nog 226 actief zijn.

De Nationale Theaterkassa heeft de gegevens inmiddels weer ontoegankelijk gemaakt. Ze werden alleen nog gebruikt voor het versturen van een nieuwsbrief.

Ticketsysteem
In een verklaring aan Nu.nl benadrukt de Nationale Theaterkassa dat het huidige ticketsysteem niet betrokken is geweest bij de hack, en dat de gegevens daarvan dus niet inzichtelijk zijn geweest. De gehackte database is sinds 2009 niet meer in gebruik.

Het bedrijf heeft de gegevensdiefstal gemeld bij het Openbaar Ministerie en het Nationaal Cyber Security Centrum. De gebruikers worden geïnformeerd over de hack.

Uit intern onderzoek is gebleken dat de gegevens van 226 creditcards waarvan de geldigheid actueel is, zijn gestolen. De dader heeft alleen het het nummer van deze creditcards kunnen inzien, aldus de Nationale Theaterkassa.

quote:

Jacob Appelbaum is an independent computer security researcher and hacker. He is currently employed by the University of Washington,[1] and is a core member of the Tor project. Appelbaum is known for representing Wikileaks at the 2010 Hope conference.[5] He has subsequently been repeatedly targeted by US law enforcement agencies, who obtained a court order for his Twitter account data, detained him 12[6] times at the US border after trips abroad, and seized a laptop and several mobile phones.

transmediale 2k12: Jacob Appelbaum calls for political action with Anonymous!

quote:

Anonymous reveals Cybersecurity Act of 2012

This week it appears that the NSA has brought forth warnings of the hacker group Anonymous’ ability to take down the power grid at a most opportune time, according to none other than Anonymous. While earlier this week it was warned by the NSA that Anonymous might be targeting the US power grid, the hacker group has noted that they’d do no such thing, as “there are ppl on life support/other vital services that rely on it.” In addition, the group has brought attention today to a new bill that’s looking to get passed in the first part of the year: the Cybersecurity Act of 2012.

You can download and read this bill in its entirety here: Senate Committee Homeland Security and Governmental Affairs, downloading files here: The Cybersecurity Act of 2012, S. 2105 and here: Cybersecurity Support Letter: Reid in PDF form. This bill calls upon the Senate and the House to ratify a bill that would, and I quote, guard against the following:

quote:

Nederland en VS pakken cybercrime gezamenlijk aan

quote:

Nederland en de Verenigde Staten gaan samenwerken bij het aanpakken van cybercriminaliteit. Minister van Veiligheid en Justitie Ivo Opstelten (VVD) heeft daartoe gisteravond plaatselijke tijd in Washington een verdrag getekend.