Thursday, February 7, 2013

Anonymous Hits Federal Reserve in Hack Attack

As officials in Washington continue to discuss and warn about cyber-attacks, members of Anonymous claimed to have breached a computer system that the Federal Reserve uses to communicate with bankers in emergencies such as natural disasters and potential acts of terrorism.
On Super Bowl Sunday, members of the group tweeted that they had compromised 4,000 bankers’ credentials from the Federal Reserve.
“Now we have your attention America: Anonymous’s [sic] Superbowl Commercial 4k banker d0x via the FED,” the group tweeted, using the @OpLastResort handle on Twitter.
“The Federal Reserve System is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product,” A Federal Reserve spokesman said in a statement.
“The exposure was fixed shortly after discovery and is no longer an issue. This incident did not affect critical operations of the Federal Reserve System,” the spokesman said.
According to officials, the user data from the Emergency Communications System was compromised, but no financial or monetary policy information was on the system that was breached.
According to federal law enforcement officials, the FBI has opened an investigation into the incident. An FBI spokesperson declined to comment.
Recent activity from Anonymous and the reference to Operation Last Resort concern the death of Aaron Swartz, an Internet developer and activist who started the website  Reddit.  Swartz was indicted by the Justice Department in July 2011 on charges of wire fraud, computer fraud, unlawfully obtaining information from a protected computer and recklessly damaging a protected computer.
Swartz allegedly had downloaded vast information from JSTOR, an online library of academic and scholarly journals and articles that are available for a fee. Swartz believed the articles in JSTOR should be disseminated free of charge. Swartz committed suicide on Jan. 11, 2013 as he believed he was going to be facing a lengthy prison term – possibly as much as 35 years.
Last month, Anonymous hacked the website of the United States Sentencing Commission, also in response to Swartz’s death.
The case has garnered the attention of Congress, with members of the House Oversight and Government Reform Committee writing to Attorney General Eric Holder about how the Justice Department handled the case.
The Justice Department has agreed to brief the committee on the Swartz prosecution, but no date has been set on the briefing, according to a Justice official.

Anonymous Indonesia defaces Myanmar tourism site

Anonymous Indonesia has breached a Myanmar tourism site in retailiation against the government's treatment of the Rohingya people.
The hacktivist group announced late-Wednesday in a Twitter post it had defaced the tourism site,, which provides travel and location information, lodging and sights. A message left in the defacement said the site's data was safe and that the message was meant for the Myanmar government.
"We call on the government of Myanmar to stop the violence and the expulsion against Rohingya based on humanitarian," the message read.
The defacement also contained a link to a news report by The Nation on how the Myanmar government considered the Rohingya race as illegal immigrants and had refused to grant them citizenship rights.
In a Twitter reply to ZDNet Asia on Thursday, Anonymous Indonesia apologized for the defacement and explained it merely wanted to inform the Myanmar government not to expel and oppress the Rohingya race. "They are also part of the people of Myanmar who have long settled in Myanmar," the post read.
Visitors to on Wednesday evening were greeted with the following message from Anonymous Indonesia.
The Web site was restored when ZDNet Asia accessed it at 2pm Singapore time.
Anonymous Indonesia also launched a series of attacks on Indonesian government sites last week which affected, among others, the Law and Human Rights Ministry, the Social Affairs Ministry, the Business Competition Supervisory Commission,and the Central Statistics Agency, a separate report by The Jarkata Post noted.
The hacktivist group said these cyberattacks were in retailiation against the arrest of Wildan Yani Ashari, who had been accused of hacking President's Susilo Bambang Yudhoyono's personal Web site.

Wednesday, February 6, 2013

Anonymous Claims Wall Street Data Dump

The hacktivist collective Anonymous said that it's published a document dump that targets executives at financial services firms.

"Now we have your attention America: Anonymous's Superbowl Commercial 4k banker d0x via the FED," said a Sunday tweet from Operation Last Resort. A followup tweet from the same Twitter channel said, "Yes we posted over 4000 U.S. bank executive credentials."

Operation Last Resort is the name for an Anonymous campaign that seeks "reform of computer crime laws, and the overzealous prosecutors," and which was launched after Internet activist Aaron Swartz committed suicide. Although Swartz had long battled depression, numerous people have come forward to criticize the Department of Justice's handling of his case, including prosecutors' apparent strong-arm tactics.

The Sunday dox – a.k.a. data dump -- appears to contain about 4,600 records, including people's names, email addresses, institutions, IP addresses and login IDs, as well as their salted and hashed password, including the salt that was used. The records stretch to nearly 700 pages, and per the Anonymous tweet, appear to have been obtained from the Federal Reserve System.

The "bankd0x" -- as Anonymous has dubbed it -- initially was published on Pastebin, as well as to the Alabama Criminal Justice Information Center website in an HTML file titled "oops-we-did-it-again.html." After the Alabama state government removed the page, Anonymous reposted it on what appeared to be a Chinese government website.

Is the data legitimate? A small, random sample of the published information revealed names and email addresses that do appear to be real. Other people who investigated the data also suggested that it was legitimate. "OK, I called a few of them," said one Reddit user. "What must be so problematic for the Federal Reserve is not the information so much as this file was stolen from their computers at all. The ramifications of that kind of loss of control is severe."

The timing of the financial data dump appears to have been designed to call attention to a Jan. 28 letter sent to Attorney General Eric Holder by two key members of the House Oversight and Government Reform Committee. Signed by committee chairman Darrell Issa (R-Calif.) and ranking member Elijah Cummings (D-Md.), the letter demands answers to seven questions related to the Swartz case, as well as prosecutors' use in general of the Computer Fraud and Abuse Act (CFAA), and their practice of issuing superseding indictments. The legislators gave Holder a deadline of Monday to schedule a related briefing with them.

The bankd0x isn't the first attack launched by Anonymous as part of Operation Last Resort. Last week, the group hacked the website of the U.S. Sentencing Commission, which establishes sentencing policies and practices for the federal courts, to add a hidden Asteroids game. The group also distributed an encrypted file "warhead," for which it promised to later distribute the decryption keys, unless its CFAA reform demands were met.

At press time, the U.S. Sentencing Commission's website resolved to a single page that said the website "is currently under construction," and that listed a handful of links and contact phone numbers.

Also last month, Anonymous defaced a Massachusetts Institute of Technology website, denouncing the charges that had been filed against Swartz, demanding that the CFAA be reformed, and calling for more open access to information.

Tuesday, February 5, 2013

Federal Reserve Confirms Security Breach, Calls Anonymous Hack Claim 'Overstated'

A Federal Reserve spokesperson confirmed a temporary security breach of its computers to The Huffington Post on Tuesday morning.
"Information was obtained by exploiting a temporary vulnerability in a website vendor product," the spokesperson told HuffPost in a phone interview, adding that the problem was "fixed after discovery and is no longer an issue."
According to the spokesperson, who asked not to be identified by name, the breach "did not affect critical operations."
The confirmation comes in the wake of a claim by hacker group Anonymous on Sunday that it had stolen sensitive information on 4,000 American bank executivesfrom Federal Reserve computers.
Although the security breach has now been confirmed, the spokesperson called Anonymous' claim "overstated," and would not comment on the nature of the data obtained other than to confirm that contact information was taken.
Earlier this week, ZDNet reported that "login information ... credentials, IP addresses, and contact information of American bank executives" were listed in a spreadsheet posted to a government site that Anonymous had hacked.
Even if the breach might not have been as serious as publicized by Anonymous, it is the first actual leak of information achieved by the group's Operation Last Resort. Launched in January, OpLastResort is the Anonymous response to the suicide of Internet activist Aaron Swartz. The group demands "reform of computer crime laws" and investigation of "overzealous prosecutors."
Federal Reserve computers have been hacked before. In 2010, a Malaysian man was arrested in a credit card scheme after managing to hack into and damage 10 computers associated with a Federal Reserve training system, Bloomberg News reported at the time. However, no data or information was accessed or compromised in that attack, a spokeswoman told Bloomberg.
In 2011, Federal Reserve developers discovered a cross-scripting bug in Adobe ColdFusion software, which is used by some Federal Reserve Bank websites. Such cross-site scripting allows an attacker to gain high-level access privileges to sensitive information by way of injecting malicious client-side scripts.
"Web developers working for the Federal Reserve Bank of Atlanta discovered thecross-site scripting vulnerability as part of an internal development project," ThreatPost, an Internet security blog, reported at the time.
In December 2011, Adobe released a patch for ColdFusion that fixed weaknesses it said could be exploited in "a cross-site scripting attack."
In an e-mail to HuffPost, Adobe senior communications manager Wiebke Lips wrote that the company could not comment on the specific breach confirmed Tuesday by the Federal Reserve. According to Lips, a patch released Jan. 15 by Adobe "addressed four vulnerabilities" that had been observed in active attacks against ColdFusion customers.
"These types of attacks are often referred to as 'zero-days' because a fix is not available at the time of the attack," Lips wrote. "As soon as these vulnerabilities were reported to Adobe, we immediately addressed them in the software and provided the fix."
According to an Adobe security bulletin, the recent patch for ColdFusion fixed loopholes that could have enabled a hacker to "circumvent authentication controls, potentially allowing the attacker to take control of the affected server ... could result in information disclosure from a compromised server."
Although it is unclear whether hackers used the recently patched vulnerabilities as a vector for attack, if a third party gained access to sensitive information through ColdFusion, it would follow that computers belonging to the Federal Reserve may have been compromised because their software was not up-to-date.
The Federal Reserve spokesperson would not elaborate on its security systems other than to say that measures against attacks were "absolutely" in place.

Thursday, March 15, 2012

Hacker threatens to expose Anonymous members, Al Qaeda supporters

By Emil Protaniski

Summary: The Jester has detailed a sophisticated attack he put together last week that stole personal data stored on smartphones belonging to various individuals on his very own “shit-list.”

The Jester, a hacker who has caused trouble for other hackers before, claims to have exploited smartphones belonging to Islamist extremists, Al Qaeda supporters, Anonymous members, and LulzSec/AntiSec members. He says he elevated his privileges on each exploited device, extracted data, and stole address books, call logs, text message logs, and e-mails from targeted victims.
The Jester used his Twitter account (first picture above) to compromise hundreds of smartphones by changing his profile picture to a QR code over a five day period last week. When users scanned the QR code with their smartphone, a link opened in their browser, where an image of The Jester and the text “BOO!” appeared, according to Jester’s Court.
In the background, The Jester exploited a vulnerability in the WebKit engine that powers browsers in Android and iOS. The Jester says he compromised the phones of 500 out of 1,200 individuals who scanned the code via a crafted webpage. He then stole personal data from a significant number of activists.
The security hole he claims to have used, CVE-2010-1807, has been in the public domain since November 2010 and has since been fixed in most browsers. Still, The Jester says he modified the exploit code slightly and still managed to see a 40 percent success rate, presumably on unpatched browsers.
The malicious code he wrote for the attack stole the compromised users’ Twitter credentials via a netcat command. The Jester claims he checked these credentials against a list of known targets before stealing any data. He had a list of enemies:
Here’s a very SMALL sample of the much longer list: @alemarahweb,@HSMPress @AnonymousIRC, @wikileaks, @anonyops, @barretbrownlol, @DiscordiAnon etc etc etc
He noted anyone on his “shit-list” was left unscathed:
EVERYONE else without exception was left totally ‘untouched’ so to speak. This was a Proof of Concept QR-Code based operation against known bad guys, the same bad guys that leak YOUR information, steal YOUR CC nums, and engage in terror plots around the world. I do not feel sorry for them. In the interests of convenience I will be taking the liberty of uploading the captured bad-guy data in a signed PGP encrypted file to a suitable location very soon. How’s that for ‘lulz’?
The Jester this week posted a 143.08 MB text file, which he refers to as the “resulting raw dump of the verbose output log from this exercise,” on MediaFire. It’s encrypted with his PGP Public key, so there’s no way of telling if the contents are what he claims they are, or if he’s just trolling.
Rhode Island State Representative Dan Gordon was supposedly one of the victims. Gordon made it onto The Jester’s “shit-list” for a tweet that reference Anonymous, which The Jester interpreted as approving of the hacktivist group. Gordon reacted angrily to The Jester’s jeers on Twitter. He threatened to report the hacker to authorities for offences ranging from threatening a state official to hacking the mobile phone of an elected politician. Later though, Gordon said he had not scanned the QR code and thus could not possibly have been hacked.
Here are some tweets from The Jester’s account in regards to this particular attack:
Curiosity Pwned the Cat: ‘Curiosity is lying in wait for every secret’. – Ralph Waldo Emerson At the beginning …
Received reports that my latest blog post triggered AVG, I have removed the exploit source & used screen dumps instead
RT @swordandsalt: @th3j35t3r “Never interrupt your enemy when he is making a mistake.” - Napoleon
So @repdangordon WAS on ’shit list’ & scanned QR. Why’s he on the list: & he’s friends w/this guy:
@repdangordon so you & some anon are trying to find me? Man, you are not gonna come out of this looking good Dan
@RepDanGordon @FBIPressOffice I merely stated u were on the list, u seem awful jittery. U need to calm down >> ;-)
@RepDanGordon Go away Dan, I’m sick of helping u embarrass urself. I merely said u were on the list. Hey>> #stolenvalor
@repdangordon be advised, when u file ur complaint to feds, they ARE going need ur cell for forensics to determine IF I hacked u at all ;-(
@repdangordon >> << chatting about #anonymous with his friend @johntiessen << remember him? >>
@repdangordon - I told you before, all I stated was that your name was on the list. You have since proved why.
@repdangordon creates a new twitter under @Rep_gordon in fail attempt to back pedal, however we all know who you are >>
#Checkmate >>>!/th3j35t3r/status/179661949087399937 <<< I'll make you famous >>> #anonymous
It’s unclear whether the clever attack actually worked. Maybe The Jester is just trying to rile up his enemies (it certainly worked for Gordon). We won’t know until he releases the password to the aforementioned file, if ever.

Is there a link between Vikileaks and Anonymous attacks?


OTTAWA - A parliamentary committee will invite foreign experts in tracing Internet hackers to find the people behind attempts to blackmail Public Safety Minister Vic Toews, QMI Agency has learned.
The House and procedural affairs committee began hearings Thursday to investigate threatening YouTube videos by a group purporting to be the political hacker group Anonymous.
Conservative MP Tom Lukiwski said the scope of the committee's investigation could broaden if another Commons committee uncovers any links between blasts against Toews from the Twitter account vikileaks and the Anonymous video postings.
"If they find any kind of a link then I think in the committee report they may be able to ask Parliament to consider a point of privilege based on what they uncover in their examination," he said about the ethics committee.
Ethics is investigating Liberal Adam Carroll and his use of an anonymous Twitter account to spread details of Toews' messy 2007 divorce to protest Bill C-30, an Internet crime bill that would give police and government agencies powers to snoop without warrants.
No laws were broken when he used computers at the Liberal research bureau to set up the @vikileaks30 account.
He has since resigned.
Carroll has so far refused to appear because of what his lawyer says are health issues.
The committee Lukiwski sits on is only permitted to investigate the Anonymous threats.
"But if ancillary information comes out, which kind of links it to vikileaks, then yes, I think we've got the ability to expand our examination."
The MP said the committee will ask Canadian and international experts to assist.
"We certainly will and we have the ability to ask them specifics as to how can you trace and how did you find, for example, certain members of the Anonymous organization south of the border," he said about recent arrests.
The Anonymous videos said if Toews did not resign and kill Bill C-30, it would post naughty divorce details and other personal matters - which it did.

Anonymous members speak out at surreal SXSW panel

When it's revealed that a prominent member of a clandestine movement has been giving information to the FBI for months, you'd think it would intimidate others in the group into backing off.
And that may have been the case when it was discovered that "Sabu," real name Hector Xavier Monsegur, had been arrested in June and provided information that helped lead to the arrest of five other alleged members of the "hacktivist" collective, Anonymous.
For a few minutes, anyway.
"That night, after everyone found out, it was a bit chilling," said Gregg Housh, one of the few people associated with Anonymous who speaks publicly using his real identity.

Hunting Anonymous could be 'waste of time,' parliamentarians told


OTTAWA — Parliamentarians tasked with investigating what has been deemed intimidating online videos against Public Safety Minister Vic Toews were warned Thursday that a hunt for the culprit — or culprits — could be a waste to time and resources.

MPs on the procedure and House affairs committee were told that trying to track down anyone using the online handle of Anonymous would be difficult, if not impossible to find.

House of Commons security staff have already checked and found that the YouTube videos weren't uploaded from a Parliament Hill account, and have stepped up their online security sweeps in the wake of the messages.

MPs on the committee reviewing whether Toews had his privilege as a parliamentarian breached when Anonymous put up the threatening videos will have to decide whether to attempt to track down the person or people behind the videos. That could involve calling in the RCMP or the intelligence unit responsible for cybersecurity.

"I really don't see how you will be able to figure out who uttered these threats against the minister," said Audrey O'Brien, clerk of the House of Commons.

She told the committee that a search for the Anonymous poster could be "a giant waste of time."

That message from the Commons staff responsible for securing MPs on and off Parliament Hill was received well by some members of the committee, but at least one Conservative wanted the search to commence.

Conservative MP Laurie Hawn said someone needed to be held responsible for the videos attacking Toews and demanding he withdraw the government's controversial online surveillance bill, and be held up as an example for others who would consider doing the same thing.

"Anonymous is a coward," Hawn said, adding he "had nothing but contempt" for anyone who would abuse free speech.

"They're like the Taliban. We're never going to run out of them."

Anonymous is a loosely knit group of online hackers with no central organization, meaning that anyone can claim to be part of the collective and disputes about tactics arise regularly.

The group is responsible for attacks against several high profile websites, including Visa, MasterCard, PayPal and, in Canada, the website for the Ontario Association of Chiefs of Police.

Members of the group have been tracked down around the world in recent weeks, with Interpol saying 25 suspected members of the collective were arrested in Latin America as authorities in Europe and the United States charged six more after they were outed by one of their own.

The ad hoc nature of the group means that someone calling themselves a member could have uploaded the videos to YouTube targeting Toews. The YouTube account has been silent since March 1 when the last video was uploaded.

Parliamentarians were told Commons staff monitor the Internet for hacking threats, and meet daily to discuss how to keep the network and MPs safe.

"Security is evolving everyday," said chief information officer Louis Bard. "They're always something new to discover. The strength we have is the ability to react and I think we've proven that."

Meanwhile, House of Commons Speaker Andrew Scheer ruled that there may be a case that MPs had their privileges breached during a recent visit from Israel's prime minister.

Security on Parliament Hill was heightened for the visit by Prime Minister Benjamin Netanyahu, so much so that parliamentarians were blocked at times from walking around the Centre Block of the Parliament buildings. New Democrat MP Pat Martin filed a complaint with the Speaker's office and on Thursday, Scheer said there may be a "prima facie" case that Martin and other MPs had their privileges violated.

"Security measures cannot override the right of members to unfettered access . . . free from obstruction or interference" Scheer said in his ruling.

That matter will now be referred to the House affairs committee for review.

Anonymous operating system prompts security warnings

BBC News

More than 26,000 people have downloaded an operating system which members of the Anonymous hacker group claim to have created.

The software is based on a version of the open-source operating system Linux and comes outfitted with lots of website sniffing and security tools.
The "official" Anonymous group has distanced itself from the software.
In a widely circulated tweet, AnonOps claimed the operating system was riddled with viruses.
Tool box
The operating system is available via the Source Forge website - a well-known repository for many custom code projects.
The 1.5GB download is based on Ubuntu - one of the most popular versions of the Linux operating system. The software's creators say they put it together for "education purposes to checking the security of web pages (sic)".
It asked people not to use it to destroy webpages.
Soon after the operating system became available, the AnonOps account on Twitter posted a message saying it was fake and "wrapped in trojans".
The creators of the OS denied it was infected with viruses adding that, in the world of open-source software, "there were no viruses".
Code check
After downloading and running the software, Rik Ferguson, director of Trend Micro's European security research efforts, said it was "a functional OS with a bunch of pre-installed tools that can be used for things like looking for [database] vulnerabilities or password cracking".
It also included tools such as Tor that can mask a person's online activities. In many ways, he said, it was a pale imitation of a version of Linux known as Back Track that also comes with many security tools already installed.
Mr Ferguson said he was starting work to find out if there were any viruses or booby-traps buried in the code.
Graham Cluley, senior researcher at hi-tech security firm Sophos, wondered who would be tempted to use it.
"Who would want to put their trust in a piece of unknown software written by unknown people on a webpage that they don't know is safe or not?" he asked.
He warned people to be very wary, adding that some hacktivists keen to support the work of Anonymous had been tricked earlier in the year into installing a booby-trapped attack tool.
"Folks would be wise to be very cautious," he said.