Scotland Yard has arrested five people under the Computer Misuse Act as part of its investigation into alleged attacks by the Anonymous hacking collective.
The five males – aged, 15, 16, 19, 20 and 26 – were arrested in a series of co-ordinated raids on Thursday morning by detectives from Scotland Yard’s Police Central e-Crime Unit (PCeU).
http://www.theregister.co.uk/2011/01/27/anon_hacking_suspects_uk_arrest/
Anonymous’ current target appears to be The Egyptian Ministry of Communications and Information Technology (www.mcit.gov.eg).
http://www.thewhir.com/web-hosting-news/012611_Anonymous_Group_Attacks_Egyptian_Websites_says_Report
On the evening of the 11th of January, a Russian based ISP called Vline Telecom (AS39150) was de-peered from its upstream provider RUNNet.ru. As a result of the disconnect, 9 of the world wide worst Bulletproof Hosters got offline and the number of active Zeus Botnet Command&Control servers dropped from 61 to 41 on 12th of January.
Additionally, in January 2011 I was informed about another takedown of a Ukrainian based ISP called ONLINENET SPD Andreychuk Andrey Alekseevich (AS50722) which resulted in another 5 bulletproof hosters disappearing from the global routing table.
Much more: http://www.abuse.ch/?p=3130
(Credit: PandaLabs)
Read more: http://news.cnet.com/8301-1009_3-20029163-83.html
According to Israeli company Trusteer, which specialises in tracking the activities of Zeus and its variants, there are now at least 26 different configurations to attack one company alone, Money Bookers.
One thing that becomes clear is that along with the other services attacked – Web Money and Nochex, netSpend – this Zeus campaign is going after second-tier companies. Perhaps fearing attention, the criminals appear to be steering clear of large consumer payment services such as PayPal.
http://www.computerworlduk.com/news/security/3257680/zeus-trojan-targets-online-money-services/
Tiversa Inc., a company based in Cranberry Township, Pennsylvania, has evidence that WikiLeaks, which has said it doesn’t know who provides it with information, may seek out secret data itself, using so-called “peer-to-peer” networks, Chief Executive Officer Robert Boback claimed. He said the government is examining evidence that Tiversa has turned over.
China’s alleged hacking campaign against Google and the campaign by “hacktivists” against foes of the anti-secrecy Web site WikiLeaks, merely opening acts?
The group estimates 231,400 patients might have been affected by the breach.
A Fine Gael spokesman said American internet firm ElectionMall, which reported the cyber attack to US authorities, informed the party the FBI were now involved.
http://www.sheffieldtelegraph.co.uk/news/fbi_probes_fine_gael_site_hacking_1_2917183
The Office of the Data Protection Commissioner is investigating
At the largest hacker conference in Europe geeks and nerds show their ethical side: it’s about decentralization, sharing information and free access. “The citizen has to be able to check on the State again”.
by Mirthe Berentsen – De Groene Amsterdammer, 5th January 2011
BERLIN – “It’s not like we want to take revenge at the ignorant civilization, because we have been bullied in the past, are more or less autistic, have long hair and wear glasses. It’s not science fiction dammit, I want you to listen for a moment and become aware of the dangers.” The Dutch Henk becomes agitated when I ask him whether the hackers at this conference are a new world power, because they can access information I have no clue about. “Of course it’s true that we, being hackers, can access certain information. But you do not have to be afraid. Every system administrator, no matter which company, has information others do not have. What is the use of making public that my boss is watching pornography for 10 hours per week on average? What is the use of that to me?”
There are a lot of hackers like Henk at the conference, ready to go to battle and convinced of the power of the internet as a foundation for a transparent future. For four days thousands of hackers, nerds, geeks and scientists gathered to attend lectures and workshops at Berlin’s most important hacker conference 27C3. Organized by Europe’s biggest hacker organization, the Chaos Computer Club which was established in 1981 in Germany. This years theme was “We Come in Peace”. Not an awkward choice in a time when hackers are being compared to criminals and when the lack of insight about hacking seems to increase.
There’s a diverse audience ranging from socially and politically aware hackers who want to change the world from behind their PC screens to boys who like to tinker with computer parts. While there’s a lecture ongoing upstairs about cognitive psychology for hackers and downstairs there’s someone talking about the vulnerability of the GSM signal, a Stradivarius is being played on the basis of music composed via HTML code. In the basement there are hundreds of boys busy picking locks and soldering all kinds of hardware which make lights flicker and spin.
A lot of attention goes to a demo on day three, organized by scientists, hackers and activists. A group which opposes the urge of governments to store more and more information about citizens. Since March of this year it is possible in Germany (just like in The Netherlands by the way) to retain all data relating to internet and (mobile) phone communication. The spokesperson (“Just call me Florian”) is of the opinion that it is of the utmost importance to make people aware of the dangers of this data retention by the government. Henk agrees with him: “One can compare it to the Panopticum of Foucault. Because the government can control you, you will conform to their rules and stop having a critical view regarding your own situation and whether you actually agree to everything. The information of citizens is lying in the streets so to say, while the citizen has little means of checking on the State. Think about debt registration in Tiel (The Netherlands) for example: when you’re a teenager and have not paid your phone bill, then that can cause problems if you want to arrange for a mortgage ten years later. This information has been obtained without you giving permission for that. That should not be possible in a free society, we have to act against that. The citizen has to be able to check on the State again.”
How exactly this could be realized is a difficult question according to Florian. “An organization such as WikiLeaks is a start but it needs to be done in an even better way. But what the Anonymous group went and did, by taking down all these credit card companies, that is really a no-no.” Anonymous, made up from many anonymous ‘so called’ hackers, was attacking MasterCard and VISA in December because they were blocking money transfers to WikiLeaks. “It’s a disgrace to the hacking trade. Real hackers have respect for technology, they want to crack codes not destroy it,” Florian says. Henk: “It does make a statement and will increase the publicity of your actions with a large audience. But let’s be honest here, taking down payment services has nothing to do with hacking.”
WITHIN THE HACKER COMMUNITY certain codes of ethics apply. The most important ones are: decentralization, sharing information, transparency, free access to the internet and through all this, making the world a better place. This ideal is especially being voiced by white hats. A concept that derives from the book ‘Six Thinking Hats’ which psychologist Edward de Bono had written in 1985. A management training aimed at ‘more effective thinking’ by putting on a certain hat and look at a problem from different perspectives. De Bono differentiated six types of hats; hackers only use two: the white hats and the black hats. (Not entirely correct, see: http://en.wikipedia.org/wiki/Grey_hat , ed. ) The white hat hacker is being regarded as an ethical hacker, the hacker that will hack into systems to make the owners aware of the security risks. They will promote an open and transparent internet. White hat hackers will never destroy or misuse a computer system, as opposed to the black hat hackers. These are the stereotype baddies: the hacker who will use his skills for criminal purposes such as hacking banks, stealing information to resell it on the black market or attacking networks of organizations for financial gain.
Companies like to make use of the services of ethical hackers. The Deutsche Post for example has a new e-mail system and wants to secure it as best as it can, issuing a contest for hackers: The Security Cup. Hackers will be asked to attack and hack the site; the winner who is also able to find a solution to the security problem will be able to take home 5,000 euros. Hacker Matthias says, during the award ceremony, that the money is a joke. “It cannot be compared to the amounts of money available on the black market, but it is a safer practice. I work for big companies and important ministries. I cannot mention any names, really I can’t.”
As a hacker you lay the grounds for an attack, you seek out the flaws within a system and develop code to exploit those. Then you explain to your client where the hole in the security is located and someone from the company will then add that final piece of the puzzle. Matthias talks about his old life with big bonuses, the second home in Thailand, the expensive boat, the women and only having to work for a few hours per month. But he says he became depressed and filled with anxiety and therefore wanted to call it quits. It’s a life on the run. Like the life Julian Assange has now. I don’t want that.” Matthias says he knows Assange from the days before WikiLeaks. Assange was respected for his innovative and uncrackable crypto methods. “Aside from the fact that I feel he’s a megalomaniac arrogant bastard, his sudden popularity has surprised me. Nothing about his information is new, at least to a large part of the hackers over here, we knew this all along.”
There is some respect for Assange albeit limited. “I wish Assange and his people all the best, but I rather would not be living from a backpack and being on the run all the time,” the well known Dutch hacker Rop Gonggrijp states at the keynote of the conference. He is also worried about the increasing amount of information the government has collected about its citizens. Gonggrijp gained fame as one of the founders of XS4ALL, hacking electronic voting machines and the Public Transport Card, to demonstrate that these are not safe, and his involvement with WikiLeaks. During the keynote he discusses the situation in The Netherlands. Because of an increasing xenofobia The Netherlands is registering everything about its citizens. The Netherlands once was a country like Sweden or Denmark, a bit like Germany in the nineties, and after a period of political assassinations and crazy political developments we are now heading for the situation in the UK, says Gonggrijp.
With the sympathy for Assange at a minimum level, the support for the American soldier Bradley Manning seems to be at a height which has never been seen before. He was the one leaking the last secret documents to WikiLeaks. Throughout the building there are banners with the words “Free Bradley Manning”. To make Manning’s captivity a littlebit less lonely one can show support by writing him a postcard at the conference which will then be delivered to him personally. “Let’s not talk about Assange anymore but focus on the things that are really important. Such as supporting Bradley Manning, he is a very brave boy who deserves all our attention,” says Daniel Domscheit-Berg. Until recently he was the right hand of Assange and in September he left WikiLeaks. He speaks in a rather chaotic way and apologizes for that and says he is exhausted. In February his book will be published, Inside WikiLeaks. “Last year I was here at the same conference with a friend, with Julian, we felt strong together, were sharing the same ideals. But that is over. There was no unity anymore within the group, everything revolved around Julian and not the quality of the work.”
The media frenzy of the last few months and the upcoming launch of OpenLeaks, the whistleblower site which Domscheit-Berg is putting up, are causing sleepless nights. “I cannot say much about it, but it has the ability to change the future.” He is convinced that we have to be more aware of society in the future. Freedom of communication is not a given if the political pressure continues to increase. Will hackers, journalists and organizations such as the Chaos Computer Club be able to do their work without any barriers? Gonggrijp is of the opinion that this freedom could be under threat: “The consequence of WikiLeaks is that authorities are trying to limit freedom on the internet faster than ever before. The organizations which oppose this will therefore also have to work harder.” The emphasis should be on the importance of access to free information and communication. As Domscheit-Berg puts it: “We will now be able to see just how fragile the foundations of free communication for our future are. It’s up to hackers to show that there’s a different path.”
(My translation. Links added by vRRitti)
Dutch language article: http://www.groene.nl/2011/1/tegen-de-machtige-staat
“The campaigns, which were seeded in a number of Asian and European countries, solicited local individuals who already have – or had established – relationships in the banking industry or were looking for work as online sales administrators”
Anonymous has joined with Tunisian activists to call for end to the government’s stifling of online dissent
http://english.aljazeera.net/indepth/features/2011/01/20111614145839362.html
Stolen personal and financial information which is used, for example, to fraudulently gain access to bank accounts and credit cards, or to establish new lines of credit, has a monetary value. Criminals are trading credit card data for up to $30 per card, bank account information for between $10 – $125 and even your email account data is worth up to $12 in this sophisticated and self–sufficient economy. Criminals are not only interested in details of credit cards and compromised bank accounts, but also our addresses, phone numbers, social security numbers, full names and dates of birth.
All of this stolen data is retailed in the criminal underworld, which is driving a range of new illegal activities, including crimeware distribution and the hacking of corporate databases. This is backed up by a fully–fledged infrastructure of malicious code writers and hackers, specialist web hosts and leased networks of thousands of compromised computers which carry out automated attacks online, to access and steal personal data. As this underground economy has grown in sophistication, ‘service providers’ have also emerged who offer payment card verification number generators.
More: http://www.europol.europa.eu/index.asp?page=news&news=pr110106.htm
Previously: Europol ponders Cyber Crime, Social Media and the challenges to Law Enforcement
Cybercrime presents a major challenge for law enforcement
http://www.europol.europa.eu/index.asp?page=news&news=pr110103.htm
The changing face of cybercrime
http://www.europol.europa.eu/index.asp?page=news&news=pr110104.htm
The hidden risks of social media
http://www.europol.europa.eu/index.asp?page=news&news=pr110105.htm
aimed at extracting sensitive financial data and documents from government employees.
http://www.aolnews.com/2011/01/05/fake-white-house-holiday-e-mail-contained-dangerous-malware/
According to an affidavit filed in support of the search warrant in this case, the students, Tram Vo and Khoi Van, made more than $1.2 million selling software, videogames and Apple gift cards on eBay, and then shipping buyers products that they’d purchased with stolen credit card numbers.
The scam that Vo and Van are accused of has become a big problem for U.S. merchants, according to the affidavit, which was unsealed last week.
Here’s how it works. Using stolen information the criminals set up eBay and PayPal accounts in other people’s names and start selling products — $400 Rosetta Stone software or iTunes gift cards, for example. When legitimate buyers purchase these products using PayPal, the scammers then order them direct from the manufacturer, using stolen credit card numbers. By the time the credit card user reports the fraud, the scammers have already moved their money from PayPal to another bank account. Then they move it offshore to accounts in Canada or Vietnam.
The online merchant is the big loser in the deal, but the consumers whose information was stolen also take a hit, as they have to untangle themselves from the fraudulent credit card transactions and fake eBay and PayPal accounts.
One victim, Susan Higginbotham, of Bemidji, Minnesota, got as many as eight letters a day from banks telling her she’d just signed up as a customer. She also got bills from eBay for the fraudulent transactions, according to the Minnesota Star Tribune, which first reported the investigation on Saturday.
In November, Louisiana authorities working with ICE arrested three students in connection with a similar scam.
The law enforcement operation, run out of ICE’s Cyber Crimes Center in Washington, D.C., has been investigating the Vietnamese crime ring since Sept. 2009 in an action called Operation eMule
Dutch media are reporting that vandals have accessed a data cable center in Heerhugowaard, The Netherlands, belonging to Dutch provider ZIGGO and destroyed some of the fiber-optic cables present. As a result more than 10,000 Dutch citizens and 1,000 businesses were without phone and internet connections today, including two medical centers. The damage appears to be severe so no short term solution is to be expected, according to a ZIGGO spokesperson.
(my summary and translation)
Dutch language article: http://webwereld.nl/nieuws/105262/vandalen-veroorzaken-internetstoring-ziggo—update2.html
Dubbed “Geinimi” based on its first known incarnation, this Trojan can compromise a significant amount of personal data on a user’s phone and send it to remote servers. The most sophisticated Android malware we’ve seen to date, Geinimi is also the first Android malware in the wild that displays botnet-like capabilities. Once the malware is installed on a user’s phone, it has the potential to receive commands from a remote server that allow the owner of that server to control the phone.
Server was cracked using ‘local file inclusion’ weakness and hacking group then worked through system to access passwords and source code, sources say.
Hackers had access to the gossip site Gawker’s content management system (CMS) and password files for around six months, rather than the few days suggested by the company, the Guardian has learnt from sources connected to the break-in.
Gawker Media was targeted because Denton and the staff decided earlier this year to annoy denizens of 4Chan, the anarchic web forum. The members of Gnosis have their origins in 4Chan and the separate but related Anonymous group, but are not affiliated with them, and do not work on the same projects.
More: http://www.guardian.co.uk/technology/2010/dec/29/gawker-hacking-gnosis-six-months
A recent talk at the Chaos Communications Congress revealed how BitTorrent swarms can be exploited to take down large websites with relative ease. A vulnerability in the technology behind so called trackerless torrents makes it possible for someone to trick downloaders of popular files into send thousands of requests to a webserver of choice, taking it down as a result. Basically, this turns BitTorrent into a very effective DDoS tool.
http://torrentfreak.com/bottorrent-using-bittorrent-as-a-ddos-tool-101229/
The FBI has raided a Texas business and confiscated a web server that U.S. officials believe was used to perpetrate so-called DDOS attacks that took down the PayPal site earlier this month.
The investigative site, TheSmokingGun, has secured an FBI affidavit revealing that on December 9 PayPal security officials provided the U.S. government with a number of IP addresses which they allege were used as a platform for the online attacks waged by the groups called Anonymous and 4chan. The hacker groups took down several financial sites whose parent companies had suspended or terminated money transactions to the WikiLeaks group. Among them were PayPal.
The retaliatory attacks were dubbed Operation Payback. The FBI moved in a week after being given the leads from PayPal.
More: http://www.neontommy.com/news/2010/12/fbi-raids-texas-business-tied-operation-payback-attacks-paypal
4chan, the free-form set of anonymous message boards behind such pranks as getting a racial slur atop Google’s list of search topics and “denial-of-service” attacks against high-profile commercial sites, has been out of action since sometime this morning.
http://voices.washingtonpost.com/fasterforward/2010/12/httpstatus4chanorg_site_is_dow.html
See also:
Patriotic ‘hackitivist for good’ may be behind takedown of 4chan.org
http://dailycaller.com/2010/12/28/patriotic-hackitivist-for-good-may-be-behind-takedown-of-4chan-org/
Bank of America’s website isn’t loading for some customers at the moment, the victim of what appears to be another denial of service attack from supporters of Wikileaks.
Greg Mitchell notes that the attack, known as #operationBOA on Twitter, started around noon. Here’s acountdown of the time since the DDoS attack began. It’s coming from the same “Anonymous” groups of hackers who briefly took down Paypal, Visa and MasterCard in recent weeks, after those organizations denied use of their services to Wikileaks.
Last week, Bank of America cut off participation in customer transactions involving Wikileaks.
Reports are coming in that bankofamerica.com is alternately loading and not loading for various web users, but BofA appears to be weathering the storm.
After successes in disabling Paypal, Visa and MasterCard for periods of time, the Anonymous clan has had less success recently. Companies seem to have grown more sophisticated in handling DDoS attacks.
Q: Hundreds of Internet activists recently mounted cyberattacks on companies like MasterCard and Amazon because they had ended their affiliation with WikiLeaks. How dangerous could this kind of action be?
A: We’ve seen over time [street] protests in cities that shut down traffic, and this is not dissimilar in the online world. There may be a disruption for a short period of time, but the bottom line is we continue to work to make sure that the impact is minimal.
More: http://www.newsweek.com/2010/12/21/interview-with-cyber-security-czar-howard-schmidt.html
IMRG, the trade body, will provide protection against politically-driven ‘denial of service’ attacks that threaten Britain’s £57.8bn online shopping industry.
Below is a list of the targets of this ZeuS campaign which I’ve seen so far:
Much more: http://www.abuse.ch/?p=2986
In a new report released this week by Harvard University “Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites”it seems hacker attacks are far more common that most of us would believe, 1300 attack each day!
Last year amidst the turmoil of the aftermath of the Iranian election opposition forces mounted a huge campaign against President Mahmoud Ahmadinejab bringing down his homepage and other government websites over a 24 hour period.
As with anything, a successful strategy will be appropriated. Its believed governments have done exactly the same to quieten opposition.
D0z.me is a “proof-of-concept” URL shortener that attacks a server while re-routing links.
Dutch media are reporting that the Dutch police have arrested 13 individuals who may have stolen and laundered 5.6 million euros from Dutch Bank ABN AMRO. The Bank is reporting that “they left a gate open” and “someone passed by and made use of that.” The issue is said to be resolved almost immediately.
According to the Dutch Association of Banks it would be the first time that people have managed to manipulate banking systems from the outside, without any help from anyone on the inside.
By manipulating the system of the Dutch bank, the suspects managed to transfer the amount to a 26-year-old from Wageningen in The Netherlands who immediately transferred the money to multiple accounts abroad.
By working together with various foreign authorities law enforcement was able to retrieve 2 million euros.
Dutch language article: http://security.nl/artikel/35571/1/Cybercriminelen_stelen_5%2C6_miljoen_bij_ABN_Amro.html
Dutch media are reporting that “Pedo-hunter” Yvonne van Hertum today has filed a criminal complaint against pedophilia society “Martijn”. She has received data from hacker group Anonymous, which apparently had hacked the website of the society. The data is said to show that the members of the pedophilia society are exchanging child abuse images via the society’s website on a regular basis.
Law enforcement has stated that it first will “investigate the evidence” before it will record and process the criminal complaint.
Van Hertum operates the Dutch website Stopkinderseks.com (StopChildAbuse.com).
Dutch language article: http://www.nu.nl/binnenland/2406656/aangifte-pedofielenvereniging-martijn.html
Jeffrey Robert Libman, the vice president and co-director of Webe Web Corporation, a Florida corporation, was sentenced yesterday to 108 months in prison for transporting child pornography, announced Assistant Attorney General Lanny A. Breuer of the Criminal Division and U.S. Attorney Joyce White Vance of the Northern District of Alabama.
Libman, 43, of Ft. Lauderdale, Fla., pleaded guilty in U.S. District Court in the Northern District of Alabama on Sept. 15, 2010, to 16 counts of transporting child pornography. Libman was also sentenced to lifetime supervised release, to follow his prison term.
According to court documents, Webe Web was the registered owner of the website “www.childsupermodels.com,” which purported to be a child modeling website that promoted models 7- through 16-years old and their photographers. It contained hyperlinks to websites containing photographs of individual “child super models” featuring minor female children in various poses and wardrobes. According to court documents, Libman was responsible for building and maintaining these websites.
Libman admitted that the websites pertaining to 16 different children contained illegal images of child pornography. In some of the photos, the victims, all girls aged 8 to 15, were wearing underwear, lingerie, bathing suits and other revealing outfits, and were posed in positions that constituted child pornography.
According to court documents, viewers of the websites could preview a certain number of images for free on the website homepage. If viewers wanted to join the website to access additional photographs, they could purchase a 30-day membership for approximately $30 per month. Libman admitted that the websites depicting the 16 victims generated approximately $1 million in revenue.
Libman also admitted that Webe Web promoted subscriptions to these individual sites through its free advertising website known as Babble Club. On Babble Club’s website, members could receive a free sample of images of the children. According to court documents, the website encouraged the purchase of subscriptions to the individual websites of the children, and hosted discussion boards and groups which were devoted to each individual website. Babble Club members made postings to the discussion boards, which included comments on specific images they liked, the type of clothing and poses they liked, and poetry written to the photographed child. Certain members posted expressions of fondness and devotion for a photographed child.
Much more: http://www.justice.gov/opa/pr/2010/December/10-crm-1453.html
Raids on Tuesday led to the arrest of 42 suspected members of the gang, reckoned to be led by two Romanians, according to Romanian prosecutors.
The group specialised in hacking into the corporate phone systems of Western firms before making calls to premium rate numbers under their control, earning a commission in the process. Victims of the scam included corporates in the US, UK, South Africa and Italy as well as Romania, AFP reports.
http://www.theregister.co.uk/2010/12/17/romania_telecoms_fraud_arrests/
More ominous threats are application-layer DDoS attacks, which target the database server and cripple or corrupt the applications and underlying data needed to effectively run a business, said Craig Labovitz, chief scientist at Chelmsford, Mass.-based Arbor Networks Inc.
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1525260,00.html
