Anonops #12: Spy on the Spyers

quote:

Google's browser binnen 5 minuten gehackt, binnen 24 uur weer gedicht

De afgelopen jaren wist Chrome, de internetbrowser van Google, de hackerswedstrijd Pwn2Own telkens ongeschonden te overleven. Maar dit jaar lukte het een Frans team al binnen 5 minuten om een lek te vinden. En ook in een andere wedstrijd, Pwnium, werd de browser gekraakt. Dat Google een flink geldbedrag had beloofd voor de vinders van een lek, heeft dat waarschijnlijk bespoedigd.

Een Frans team toonde gisteren op Pwn2Own in Vancouver aan hoe de beveiliging van Chrome te omzeilen is. Het is de eerste keer dat Chrome bij deze wedstrijd niet ongeschonden uit de strijd komt. De hackers kregen drie dagen de tijd om het systeem te kraken, maar de Fransen hadden slechts 5 minuten nodig om dit voor elkaar te krijgen. Hun methode willen ze niet vrijgeven.

Pwnium
Op dezelfde dag organiseerde Google haar eigen hackerswedstrijd: Pwnium. En ook daar werd de browser gekraakt. Hier mocht een Russische hacker met de eer strijken. Hij mag bovendien 60.000 dollar (ruim 45.000 euro) op zijn rekening bijschrijven. Google looft sinds kort namelijk verschillende bedragen uit voor hackers die hun browser weten te kraken, dat demonstreren en de hack vervolgens vrijgeven. Hoe gevaarlijker het lek, hoe groter het te winnen bedrag.

Ook bijzonder: vandaag, amper 24 uur later, meldt Google dat het lek alweer gedicht is. En dat is snel, als je het vergelijkt met concurrent Microsoft, die veel vaker te kampen heeft met hacks, en waarbij het soms wel maanden duurt voordat een lek is gerepareerd. Gedicht of niet, Google wacht met het vrijgeven van nadere informatie over het lek totdat is onderzocht of ook andere browsers, zoals Apple's Safari, erdoor getroffen zouden kunnen worden.

Bounty hackers
Door hackers te stimuleren om hacks in besturingssystemen en browsers te vinden, hopen grote internetbedrijven eventuele kwetsbaarheden sneller en doelmatiger te kunnen opsporen, en zo uiteindelijk hun gebruikers beter te beschermen. Goedaardige hackers kunnen kwaadaardige hackers zo voor zijn. Facebook maakt al langer gebruik van deze zogenoemde 'bounty hackers' (premiehackers).

twitter:

oldschooldsl twitterde op vrijdag 09-03-2012 om 20:21:28 #Anonymous successful at obtaining full #Microsoft Windows 7 and #Windows 8 Source Code @Windows reageer retweet

quote:

Justitie kijkt illegaal in buitenlandse computers

Bij de opsporing van cybercriminelen schendt de Nederlandse recherche soms de soevereiniteit van andere landen door buitenlandse computers te kraken. Dit is verboden, maar in de opsporing van cybercrime soms onvermijdelijk, stelt Lodewijk van Zwieten, landelijk officier voor cybercrime en interceptie.

De wet schiet volgens hem tekort als het gaat om de online jacht op bijvoorbeeld pedofielen. De digitale wereld is grenzeloos, maar veel wetgeving is aan landsgrenzen gebonden.

'Terwijl wij voor opsporingsonderzoek toestemming moeten vragen aan buitenlandse instanties, zit een cybercrimineel met één druk op de knop aan de andere kant van de wereld', zegt Van Zwieten. Criminelen voeren in toenemende mate anoniem handel via verborgen kanalen op het internet. En bestaande kinderporno gaat niet alleen sneller de wereld rond, maar heeft ook geleid tot een toename van het kindermisbruik, stelt Wilbert Paulissen, hoofd van de Nationale Recherche.

Tijdens het onderzoek naar de contacten van Robert M., die maandag terechtstaat wegens het misbruik van tientallen kinderen, stuitten rechercheurs op verborgen sites vol kinderpornografie.

Ook tijdens het onderzoek naar het Bredolab-netwerk, toen cybercriminelen wereldwijd 30 miljoen computers met een kwaadaardig virus besmetten, kraakte de recherche computers in het buitenland.

Paulissen pleit voor meer specifieke, juridische kaders voor online opsporing. Het moet wetgeving zijn 'die de snelheid van deze ontwikkelingen kan bijhouden, anders zitten we er constant als opsporingsdiensten achteraan te jagen'.

Volgens officier Van Zwieten lopen internationaal alle opsporingsinstanties tegen dezelfde problemen aan en moet iedereen 'met een nieuwe bril naar bestaande regels leren kijken'. Ook voor rechters is cybercrime volgens hem relatief onbekend. 'Zij denken nog wel eens bij een cybercrimineel: dat is een 16-jarig puistenkoppie dat met computers heeft lopen klooien. Maar die puistenkop verdient soms veel meer dan de topman van een nationale bank.'

twitter:

DiabloAnon twitterde op zaterdag 10-03-2012 om 07:17:32 @CrazyLittleOwl A user of the account @LuLzWarfare was killed protesting in Egypt a month or so ago sadly reageer retweet

quote:

Websites attacked by Anonymous #March list

Third list of websites attacked by Anonymous. The list has both hacked and DDoSed websites. The list gets updated daily so stay tuned.

quote:

Op zaterdag 10 maart 2012 11:47 schreef heggeschaarbarbaar het volgende:
Over Pwn2Own: Hackwedstrijden zijn een goed initiatief, maar het genoemde Franse 'team' is commercieel bedrijf genaamd Vupen. Dit bedrijf maakt niet alle hacks openbaar, maar verkoopt de informatie over de werking van de hacks aan geïnteresseerden (overheden, criminelen, ...). Echt veiliger ga ik me daar niet door voelen!

quote:

Op vrijdag 9 maart 2012 18:17 schreef Papierversnipperaar het volgende:


Norton Antivirus all Platforms source code leaks to public

After PcAnywhere source code released Anonymous leaks Norton AntiVirus 2006 All Platform’s Source Code via PirateBay. The source code is available for download since 4:10PM today.

quote:

Curiosity Pwned the Cat

At the beginning of this week just hours before the news of Hector Monsegur’s arrest broke, many of you will have noticed that my twitter profile pic changed from the usual ‘Jester Mask’ to a QR-Code. The timing of this subtle change could not have been more favorable, as interest peaked with the news of @anonymousabu’s demise visits to my twitter profile rocketed. For posterity here’s a grab of said QR-Code:


Up until 30 minutes ago, anyone who scanned the QR-Code using their mobile device was taken to a jolly little greeting via their devices default browser hosted on some free webspace (I have since replaced all QR-Codes in the interests of opsec to point to the end of the internet website). The greeting featured my original profile pic and the word ‘BOO!‘ directly below it as per the screen grab below:


So whats up with that?

Well, the thing about QR-Codes is 99% of the time they will be accessed via a mobile device, and 99% of those will be iPhone or Android devices. This gives me a known and narrow vector to exploit.

Now before you all start freaking out it was a highly targeted and precise attack, against known bad guys, randoms were left totally unscathed. Allow me to explain further……

Embedded inside the webpage with the ‘BOO’ greeting was some UTF encrypted javascript, (I used this site to encrypt it) inside which was some code execution shellcode. When anyone hit the page the shellcode executed. The shellcode was a modified and updated version of the use-after-free remote code execution CVE-2010-1807, a known exploit for Webkit, which facilitated a reverse TCP shell connection to a ‘remote server’ which had an instance of netcat listening on port 37337.

I was going to leave it like this for a full week, however a keen eyed tweep going by the moniker @rootdial spotted the embedded code and asked about it via twitter (he wasn’t being malicious, just wondered if I knew about it.)

Webkit is an SDK component part used in both Safari for iPhone and also Chrome for Android.

quote:

A Long Time Ago, On an Imageboard Far, Far Away....

The idea of Anonymous is simple—freedom of speech and expression. Tracing the concept is a more complicated task. The embers started to glow on various imageboards. These were websites where people could post images and have discussion. No names were used and no registration was needed. There were no rules, only guidelines. Everyone was anonymous to everyone else. Some posts would grow and memes would form, while others would fade away and die, never to be heard from again. It is this open exchange of information that allowed ideas to flourish. You were no one, yet at the same time you were everyone. The only thing that mattered were the ideas.

When you’re allowed to have a name, it takes the focus away from the content itself and puts the focus on you as the creator of that content.

The users of these boards, united together by their views and thoughts, formed the first entity that can be called Anonymous. You have to understand the motivation behind what attracted people to imageboards like these, in order to understand the motivation of the current day Anonymous. Without a check on free speech, people could say and post whatever they wanted. This free marketplace of ideas grew and prospered as more and more people started posting and discussing topics openly. Soon the sense of "anonymous" was born. The idea that you don't have to be someone to be anyone.

It's anarchy at its most vibrant core.

Not a group, but a brand. Not a club, but a franchise. Just a group of people that have the same ideas. When they come together in a united cause...

Read more: http://null-byte.wonderho(...)33700/#ixzz1oj2QynOW

twitter:

torservers twitterde op zaterdag 10-03-2012 om 15:56:26 Monday is World Day Against Internet Censorship and comes with a great announcement. reageer retweet

quote:

Swedish Anonymous activists embark on bold trip to Syria

Activists within the Anonymous culture in Sweden headed to Syria this week amidst the chaos and inhumanity to bring much needed medical supplies and equipment to help the victims of the fragmented country.

#OpTripToSyria started trending on Twitter on Feb. 9 and has been gathering worldwide support very quickly. Supporters of the operation have had the chance to donate to the cause through a link on the triptosyria.wordpress.com web site the anons have established.

For nearly a year, constant protests have been flooding Syria's streets as citizens continue to relentlessly pressure current President Bashar al-Assad to step down. The protests have been hit with violence at the hands of al-Assad's military force. According to the UN, the conflict has claimed more than 7,500 lives.

Motivation for Anonymous's humanitarian mission to Syria had come from various factors, but most notably due to the attacks on the city of Homs.

“I think I had enough when I saw all the tweets from the Swedish activists @SyrienNyheter or more specifically of the babies who died when Assad's militia shut off the power to several incubators,” said an anon who currently goes by the handle TTS.

TTS also related a common creed of the Anonymous culture: that people shouldn't be afraid of their governments, governments should be afraid of their people.

Anonymous donations have come from all over the world and more than 50 people have contributed. “Donations have come from Swedes, Europeans, Asians, Russians, Americans – you name it,” said TTS.

As of March 4, the anons had raised $2,257 US that they will use to purchase the medical supplies they will be bringing. The supplies will include medical kits, water purification tablets, washcloths and antibiotics and painkillers.

Many followers of the twitter account @TriptoSyria have expressed concern about the safety of the individuals who are embarking on the trip.

“There are a lot of concerns that things might go wrong; we could be killed, captured, arrested or robbed, but we can only aim for success," said TTS. "Hopefully, our actions will inspire other people to do the same thing. Risking everything for what we believe is the right thing to do. And we know that our operation will have some kind of impact whatever happens.”

The team of activists is also well trained. Some of them have gone through military training, and have experience in first aid, trauma handling and CPR. However, they have emphasized that the mission is strictly non-violent.

This mission is still a bold endeavour as the United States and other Western embassies have suspended their actions in Syria, due to the elevated security risk.

On the international scale, Russia and China, two countries that initially vetoed the military intervention, seem to be waning in their support of Assad's regime. Both countries have decried the violence in Syria and have dispatched diplomats to the region this week. Victims of conflict in Syria can only hope that this will help bring direct action from the international community to end the loss of innocents.

quote:

Op zaterdag 10 maart 2012 18:06 schreef Ebbao het volgende:

[..]

Ik weet niet of ik op je link wil klikken na het lezen van deze intro..

quote:

Something Stinks in the Story of Sabu

SPOILER

Om spoilers te kunnen lezen moet je zijn ingelogd. Je moet je daarvoor eerst gratis Registreren. Ook kun je spoilers niet lezen als je een ban hebt.

Apparently it has not occurred to anyone that all information in the case of Sabu and the LulzSec arrests, originates from either the FBI itself, or Fox News (through some kind of ‘inside source’). Think about this for a second. What was the law enforcement organization that Anons appear to almost universally hate? The FBI. What was the news outlet known for it’s shoddy reporting and unreliable reports, despised by many Anons? Fox News.

Is it really a good idea to blindly trust information coming from these two, at best questionable, sources? Does anyone really believe that “Fox News would never make this up” or “the FBI would never issue false documents”? There does not seem to be any information whatsoever from any source other than these two, so is it really a good idea to assume the ‘official story’ is what happened?

Yet, never before have Anons and other internet creatures been seen so quickly turning on someone they idolized only days before. The #FuckSabu hashtag is widely used, people are calling for the release of all Anons ‘except for Sabu’, articles are being written detailing how he personally ratted out LulzSec, lured Anons into traps, and in the meantime killed kittens erryday.

Really, guys?

For another interesting turn of the plot: does anyone remember how Sabu was initially ‘doxed’? According to this Ars Technica article, his personal information was found when his WHOIS protection dropped after renewing the prvt.org domain, which was known to belong to Sabu.

Wait a second. Who owns Domains By Proxy?

Yes, Domains By Proxy, the WHOIS protection service used by Sabu, is part of GoDaddy. Remember how GoDaddy spoke out in support of SOPA, and was caught in backfire from ‘the internet’? Remember how they have a history of shutting down controversial domains? Remember how they are in US jurisdiction and appear to consider US law enforcement to be important, no matter how bad it may turn out for other people?

Hey, wait a second, GoDaddy has of course always had Sabu’s contact information on file, despite the WHOIS protection! Yet it’s claimed that Sabu was found because he connected to an Anonymous-related IRC network without using appropriate protection – a claim that, considering Sabu’s IRC habits, sounds quite unrealistic.

Something to think about.

Update: Peter Bright from Ars Technica clarified that the WHOIS exposure was not the source for the initial doxing of Sabu. This does not change the above conclusion that GoDaddy has always had Sabu’s contact details (even before the exposure), but it is still worth pointing out.

quote:

Hacker: The FBI Used Our “Dox” to Arrest Sabu (Exclusive)

quote:

A large part of the hacking community was shocked earlier this week to find out that one of the more vocal supporters of the Anonymous movement, Sabu, had been working with the FBI ever since the summer of 2011 when he was arrested.

Few internauts expected that Sabu, now known as Hector Xavier Montsegur from New York, would rat out so many hackers. However, there were some of them, such as the members of the respected TeaMp0isoN group who suspected that something was out of place with the LulzSec crew and this Sabu character.

As a result, in June 2011, TeaMp0isoN made public the true identities of the members of the LulzSec gang. At the time no one gave the incident much attention, because there was a lot of doxing going on and due to the large quantity of incorrect information many of the releases were simply ignored.

While many ignored this release, federal authorities took it very seriously, which ultimately led to the arrest of Sabu and the rest of the story as we know it.

The FBI and other involved law enforcement agencies would have a hard time admitting to have used the data provided by the hackers, but a former TeaMp0isoN member came forward with details that prove how they were able to identify the LulzSecs and how the government got into the possession of that information.

[interview]

quote:

LulzSec's Sabu: 'ask me about the CIA'

When the Guardian spoke to the hacker last year, he was keen to discuss claims he worked for the authorities

Last July the Guardian was investigating the elusive, mysterious individuals behind LulzSec and Anonymous – the loose hacker groups who had suddenly become front page news, as they led a wave of cyber attacks against a range major corporations and law enforcement. One individual, or one hacker name, stood out: Sabu, a proflic hacker often referred to as the leader of the groups.

Getting to Sabu was not easy; he was well aware of the illegal nature of his activities. But that month, the Guardian had a stroke of luck. Sabu objected violently to a piece we had carried, examining – and shooting down – allegations from a rival pro-US hacker that Sabu was using Anonymous and Lulzsec to push an extreme Islamic agenda.

He asked me to join him in an off-the-record internet chat – a conversation that happened seven weeks after Sabu, now unmasked as Hector Xavier Monsegur, had already been picked up by the FBI.

Given the latest revelations about Sabu's activities, that he worked as an informer from after his arrest on 7 June until just a few days ago, I think it is appropriate to publish a few extracts from our conversation.

Sabu – and we cannot even be sure that our correspondant was the real Monsegur and not a US agent – was not representing himself accurately to the newspaper. If anything, he was testing the Guardian out, openly flirting with the notion that he worked for the CIA – and then inviting me to knock him down.

Less than three weeks later, Monsegur pleaded guilty to 12 counts relating to computer hacking in secret, which carry a maximum sentence of 124 years and six months. But there is no sign in the logs of a man under pressure.

Sabu began by denouncing the Guardian's publication of the vague allegations of the supposed Islamic links of the hacker community. Then he switched tack, asking why the paper hadn't published rumours linking him to the CIA, arguing that would amount to an equivalent and equally inaccurate allegation. Given what we know now, the swerve is particularly noteworthy.

In case it is not obvious, my online name is <jamesrbuk>.

<SABU> OK. I'm waiting for the article discussing the potential of me being the leader of a CIA blackops operation and me denying it.

<SABU> can we work on it now?

<SABU> I'll begin my message

<SABU> <jamesrbuk> : I thank you for brining up this serious allegation but I deny being part of the CIA or any black operations unit/organization.

<SABU> I am an activist and security researcher. Not a CIA operative

Moments later, I strayed even closer to what had become Sabu's emerging double life (remember, the indictments released yesterday refer to Monsegur only being a member of Anonymous until 7 June 2011, the day of his arrest). I linked a recent Guardian story – unaware of any ironies – suggesting the FBI had managed to recruit a full quarter of all US hackers as informants:

<SABU> The CIA has done more blackops and terror operations than al-qaeda could ever do

<SABU> so, lets be realistic

<jamesrbuk> Something we covered: http://www.guardian.co.uk(...)hackers-fbi-informer

<SABU> That has literally nothing to do with what I'm talking about

<SABU> and I must say if your article is correct - the FBI is doin a very bad job at recruiting informants.

<jamesrbuk> Well, you were mentioning CIA blackops/etc. It's related.

<SABU> No it is not

At the time, I was bemused if not baffled by our exchange – and totally unable to see any motivation for Sabu's keenness that we start publishing what seemed to amount to little more than conspiracy theories about the operations of Anonymous and Lulzsec.

With hindsight, I wonder whether Sabu was trying in some way to set out a warning, or red flag to other hackers. Or perhaps he was goading me to see if I actually believed he might be a turncoat. Either way, these were signals I missed at that the time.

My other thought, looking back on the logs, is whether Sabu was thinking aloud as to why he was being asked to become an FBI informant rather than being publicly prosecuted. Here's more; here Sabu says some are claiming he had been working "with the CIA" although having closely followed the debate at the time this is not an allegation I can recall having seen aired:

<SABU> When can I expect an article discussing the idea of me being with the CIA and my denial?

<SABU> I'm eager to see this happen.

<jamesrbuk> So I see. May I ask why?

<SABU> Hmm...? is it not obvious?

<jamesrbuk> Not totally. And I'd prefer to hear rather than jump to wrong conclusions

<SABU> There is no wrong conclusion if you have been a part of this conversation

<SABU> You just said there was a claim that I may be a terrorist. You "researched" it and wrote the article

<SABU> There re claims I am with the CIA pushing to get tighter / stricter cyber-laws passed

<SABU> its literally the same shit, two different extremes.

Then, intriguingly, he goes onto say that UK and US goverments have been involved in covert operations, before going to say that he could not be linked to terrorism. Anonymous or LulzSec would not carry out their operations so publicly if they had an ulterior motive.

<SABU> The people are aware that our governments in the UK and the US have involved themselves in black operations in the past. it makes a lot of sense if lets say a rogue group of hackers suddenly began attaking national interests -- spawning a massive overhaul of internet security, theoretically.

<SABU> you're telling me thats not worse than some random jihadist who barely knows how to use a computer in the first place, "hacking"/

<SABU> Also heres where your entire point is flawed into oblivion

<SABU> why would a terrorist release and dump 90,000 INTELLIGENCE COMMUNITY MILITARY PERSONELL PASSWORDS AND EMAILS when they can just intercept military intelligence communications for the next year using this data ?

<SABU> Why would osama bin laden go through all the work of hacking booz allan [a US government and defence consultancy], just to post a pastebin with an ascii art mocking the security of federal contractors.

<SABU> Be realistic.

<SABU> Think.

Even as an FBI informer, Sabu would not be in a position to have evidence to back up his theories that the CIA were angling for a tightening of US cyber laws. Those co-operating with the authorities to mitigate their sentancing are rarely handed US government secrets. Instead, what's interesting is Sabu's internal reasoning for why – hypothetically at least – a compromised organisation (as we know now LulzSec was) might be allowed to continue.

One factor in the decision to make some of this public was an unusual comment towards the end of the conversation, in which Sabu advised me to make sure I kept a log, or transcript, of the chat for later use:

<SABU> AS FOR THE LOG I don't do interviews or usually paste chatlogs so I'm keeping it privately

<SABU> so I suggest you do the same

At this stage, surely Sabu would have known, or at least suspected, that his agreement to turn evidence against other members of Lulzsec would eventually become public. Re-reading this now, one wonders if he was hoping that some of our conversation would eventually become public too - an interview, in effect, at the point when he couldn't speak for himself.

Just over a fortnight after these published exchanges, we now know that Monsegur – aka Sabu – secretly pleaded guilty to 12 counts of computer hacking.

From June to March this year, he – and his FBI handlers – were party to details, often in advance, of hacking attacks including the interception of an FBI conference call, and the seizure of 5m emails from the servers of UK intelligence firm Stratfor, which are currently being published by WikiLeaks.

On Tuesday, charges were lain against five individuals alleged to be core members of Anonymous and Lulzsec – and the man behind Sabu was finally publicly unmasked as a 28-year-old unemployed Puerto Rican living in New York.

quote:

PM Project: Endgame systems

quote:

People who have seen the company pitch its technology—and who asked not to be named because the presentations were private—say Endgame executives will bring up maps of airports, parliament buildings, and corporate offices. The executives then create a list of the computers running inside the facilities, including what software the computers run, and a menu of attacks that could work against those particular systems. Endgame weaponry comes customized by region—the Middle East, Russia, Latin America, and China—with manuals, testing software, and “demo instructions.” There are even target packs for democratic countries in Europe and other U.S. allies. Maui (product names tend toward alluring warm-weather locales) is a package of 25 zero-day exploits that runs clients $2.5 million a year. The Cayman botnet-analytics package gets you access to a database of Internet addresses, organization names, and worm types for hundreds of millions of infected computers, and costs $1.5 million. A government or other entity could launch sophisticated attacks against just about any adversary anywhere in the world for a grand total of $6 million...

Endgame’s price list may be the most important document in the collection. If the company were offering those products only to American military and intelligence agencies, such a list would be classified and would never have shown up in the HBGary e-mails, according to security experts. The fact that a nonclassified list exists at all—as well as an Endgame statement in the uncovered e-mails that it will not provide vulnerability maps of the U.S.—suggests that the company is pitching governments or other entities outside the U.S. Endgame declined to discuss the specifics of any part of the e-mails, including who its clients might be. Richard A. Clarke, former Assistant Secretary of State and special adviser to President George W. Bush on network security, calls the price list “disturbing” and says Endgame would be “insane” to sell to enemies of the U.S.

quote:

'Censuur internet in China en Iran neemt toe'

Burgers in China en Iran hebben in toenemende mate last van censuur op internet, signaleert Reporters Zonder Grenzen. De organisatie, die zich inzet voor persvrijheid, heeft vandaag een lijst uitgebracht met 'Vijanden van het internet'. Daarop staan twaalf landen, waaronder China en Iran.

Terwijl het regime in Peking internetbedrijven dwingt mee te werken aan de digitale censuur, gaat Iran nog een stapje verder met de ontwikkeling van een eigen 'nationaal internet', dat is afgesloten van de rest van de wereld.

Gevangen
Minstens 199 bloggers en journalisten werden in 2011 gevangengezet vanwege hun activiteiten op internet, stelt Reporters Zonder Grenzen. China, Vietnam en Iran namen volgens de organisatie de meeste mensen gevangen wegens ongewenste meningen. Nieuw op de lijst van 'internetvijanden' zijn Bahrein en Wit-Rusland.

In Libië is het na de val van dictator Muammar Kaddafi juist veiliger geworden om je mening te verkondigen op internet, aldus de organisatie.

Dag tegen censuur
Hier het verslag van Reporters Zonder Grenzen op de eigen website, vandaag uitgebracht ter gelegenheid van World Day Against Cybercensorship, de 'Werelddag tegen Internetcensuur'.

quote:

Canada's Parliament summons Anonymous to testify

Idlepigeon sez, "Canada's government has moved to call Anonyomous to testify before the House Affairs Comitte, over threats made to a minister who's been pushing to pass Bill C30---online surveillance legislation. In this very funny piece from the Globe and Mail's Tabatha Southey, the entire Internet shows up to testify."

Anonymous is so nebulous that for the federal government to call Anonymous to testify is almost to call the Internet itself – something the government may regret.

“I'd to thank the committee for the opportunity to speak today,” the first witness might say. “The threats against the minister are grave and on the advice of my consul, Mr. Fry, I'd just like to assure the minister that I … am never gonna give you up, never gonna let you down, never gonna … ”

quote:

Chinezen verdacht van Facebook-aanval op topman NAVO

Chinese cyberspionnen worden ervan beschuldigd via Facebook militaire geheimen te hebben proberen ontfutselen aan NAVO-topman admiraal James Stavridis.

De militaire topman blijkt herhaaldelijk het doelwit te zijn geweest in een oplichtingszaak via Facebook die zou georganiseerd zijn door cyberspionnen in China, zo meldt The Observer. De spionnen maakten valse accounts in Stavridis' naam in de hoop dat zijn intimi hem daarop zouden contacteren of antwoorden op privé-berichten.

Dit soort van vervalsing op sociale media komt steeds vaker voor. Volgens de NAVO is het niet duidelijk wie verantwoordelijk is voor de webfraude, maar andere veiligheidsbronnen wijzen met de vinger naar China.

Ook bedrijven geviseerd
Vorig jaar werden Chinese criminelen nog beschuldigd van een gelijkaardige operatie met codenaam Night Dragon. Daarbij gaven hackers zich uit voor CEO's van bedrijven in de Verenigde Staten, Taiwan en Griekenland met het oogmerk bedrijfsgeheimen te stelen.

De fraude met Facebook doet de vrees groeien dat de schaal waarop China aan cyberspionage doet groter is dan totnogtoe werd vermoed. Naast hoogeplaatste militairen zou de tactiek ook toegepast worden om op grote schaal interne informatie te verwerven van bedrijven die voor de NAVO werken.

42 miljoen voor beveiliging
De verfijning en de meedogenloosheid waarmee dergelijke cyberaanvallen worden uitgevoerd, doen geheime diensten aan beide kanten van de Atlantische Oceaan vermoeden dat die door staten worden gesponsord.

De NAVO heeft al zijn toplui gewezen op de gevaren van dergelijke impersonaties op socialenetwerksites. Een gespecialiseerd bedrijf krijgt van de NAVO 42 miljoen euro om de veiligheid van het NAVO-hoofdkwartier en 50 andere militaire sites in Europa op te drijven.

Samenwerking met Facebook
Een woordvoerder van de NAVO bevestigt dat Stavridis, die topcommandant van de NAVO voor Europa is, in de voorbije twee jaar verscheidene keren doelwit is geweest. Facebook werkte mee aan het blokkeren van de valse accounts. De NAVO houdt inmiddels regelmatig contact met de account managers bij Facebook, de valse pagina's werden doorgaans binnen de 24 uur verwijderd. Het is echter extreem moeilijk de bron van dergelijke valse accounts te traceren.

Stavridis, die ook de leiding heeft over de Amerikaanse troepen in Europa, is een fervent gebruiker van sociale media. Hij heeft ook een échte Facebookpagina die hij vaak gebruikt om te melden wat hij doet en waar. Vorig jaar meldde hij op Facebook het einde van de militaire campagne in Libië.

quote:

Op maandag 12 maart 2012 14:43 schreef Yuri_Boyka het volgende:

[..]

Nee gewoon informatie waar je hele regeringen, grote machtige duivelse corporaties etc. etc. opdoekt en dat dat een werkelijke grote impact heeft waardoor je serieus de wereld verbetert.

quote:

http://www.thesmokinggun.com/buster/fbi/sabu-still-hiding-857902

The hacker-turned-informant whose undercover work resulted last week in criminal charges against several of his alleged “Anonymous” cohorts remained in hiding today, avoiding an appearance in a New York courthouse to answer a misdemeanor criminal charge.

When Hector Monsegur’s case was called this morning at Manhattan Criminal Court, the 28-year-old snitch was nowhere to be found. Instead, his lawyer approached the bench for an off-the-record conversation with the judge and an assistant district attorney.

At the parley's conclusion, the jurist announced that, due to “extraordinary circumstances,” Monsegur’s case was being adjourned for an arraignment next month. Outside the courtroom, Peggy Cross-Goldenberg, Monsegur’s lawyer, declined to discuss what transpired at the bench, and politely deflected other TSG questions about her client, including whether he was currently under protection by federal officials.

Last month, during the course of his vigorous cooperation with agents, Monsegur--who is known online as “Sabu”--was arrested by the NYPD outside his apartment building in the Jacob Riis housing project on Manhattan’s Lower East Side. According to a criminal complaint, when a cop asked him for ID, Monsegur reportedly said, “Relax. I’m a federal agent. I am an agent of the federal government.”

Monsegur--a federal informant, not a federal agent--was subsequently busted on a misdemeanor criminal impersonation charge.