Wednesday, February 29, 2012

2012 : Expect DDoS botnets to be smaller, more effective and more of them

Anonymous mischief continues: US stock exchanges face DDoS attacks The hacktivist group Anonymous launched distributed denial of service attacks on a number of major stock exchanges this week, continuing its reign of information security mischief.

Sacramento security company that was hacked by Anonymous is being purchased


Bee file, 2011. Greg Hoglund and his wife, Penny Leavy-Hoglund, say business at their HBGary security company has rebounded after the initial negative fallout from the widely publicized hacking episode in February. "In a weird sort of way, it has helped our business," Leavy-Hoglund said.

Read more here:
A Virginia firm specializing in international security technologies says it has signed a definitive agreement to acquire Sacramento's HBGary Inc., which was victimized last year by a high-profile cyber attack.
Fairfax, Va.-based ManTech International Corp. did not disclose specific financial terms but characterized the pending transaction as an asset purchase that it hopes to complete in March.
In February last year, the local maker of network-security software and its sister consulting company, HBGary Federal of Washington, D.C., were targeted in a cyber attack by the group Anonymous.
Hackers broke into the sister company's website and uncovered user names and passwords belonging to HBGary. Within hours, the hackers helped themselves to thousands of e-mails from both companies.
Among other things, the e-mails showed that HBGary Federal was developing a high-tech dirty-tricks campaign it planned to offer to the U.S. Chamber of Commerce. The Sacramento company insisted that it didn't know about the plan, as did the U.S. Chamber.
Arrests in connection with the cyber attack were made in the United States and overseas.

Read more here:

WikiLeaks releases leaked emails

Full story: The Advocate                                                     

Associated Press photo by KRISTY WIGGLESWORTHJulian Assange, founder of WikiLeaks looks at paperwork during a press conference in London, Monday.

Placing STOCK in the elections

You're hearing it here first because almost no one else will report on it. Is it fear? Possibly.

Anatomy of an Anonymous Attack on the Vatican

In the middle of last year, the hacking group Anonymous tried but failed to attack various Vatican Internet servers. A report that was just released by Imperva shows the extent of their prowess, and is a blueprint for other corporate security managers who want to try to protect their own networks in the future from miscreants. While the report itself doesn't divulge the destination of the attack, it has been widely reported by the New York Times and other news outlets that it was the Vatican.
Of course, it helps that the Vatican used the Imperva Web applications firewall to protect itself and that the logs could be analyzed to see the sequence of events. They state, and we also believe, that this is the first end-to-end attack analysis of this magnitude.
Imperva found that the attack happened over a period of a month in three different phases: recruitment, reconnaissance for an application attack, and a distributed denial of service (DDOS) attack. Various individuals and computers were involved in each phase, including a core group of skilled hackers that Imperva estimates to be no more than 15 people, and a large collection of volunteers to conduct the DDOS attacks from their own computers and smartphones. Anonymous cleverly uses an array of social media accounts for the recruitment phase to find these volunteers. However, this recruitment means that Anonymous is limited in how quickly it can deploy its resources. But it also means that an observant security officer can see whom they are targeting next by watching the forums and social media discussions.
Here is a summary infographic of these phases.
Some of what was observed include the following:
  • Anonymous uses the same hacking tools that others use, such as SQL injection and vulnerability assessors, to exploit common website and Web server vulnerabilities. There is no secret sauce. They use off the shelf and cheap tools that are easy to use and don't require any financial investment. No surprise there. As the graphic here indicates, they used four common attacks.
  • They have developed custom attack software. "This allows users to attack sites with mobile browsers. However, their mobile tool, though innovative, is not complicated. In fact, it is probably just a few hundred lines of Javascript code. All it takes for an attacker to participate in the attack is to browse to the specific Web page and leave the page open."
  • "Anonymous will try to steal data first and, if that fails, attempt a DDoS attack," says the report.
  • Even while being under a DDOS attack, "there's an opportunity for security team to assess the attack details and, if needed, fine tune the rules in order to detect and block the entire attack more precisely." This is perhaps the best news to date. Coordinating the various volunteers from around the world takes some effort, and a security manager still has an opportunity to step in even while the attack is underway.
  • Analyze your alert logs carefully."The DDoS attack was preceded by a few-days-long phase of reconnaissance. Daily analysis of alert information may help better prepare for tomorrow's attack".
  • Use IP reputation scoring as part of your toolset. In these high-volume attacks, having the reputation of the originating IP address is helpful to screen and block any harmful traffic and understand the intended purpose of the attackers.

  • You can download the full Imperva report here.

    Stratfor: M&G made no deal

    Full story: Mail & Guardian                                                           
    On Monday morning Wikileaks began to publish a cache of some five million emails, which were obtained by the hacker group Anonymous from Stratfor , a US-based company which provides intelligence and political risk consulting services to private firms and governments.

    Danish hackers out suspected paedophiles

                                               Submitted by l33tdawg on Mon, 2012-02-27 11:22
                                                                             Credit: Toby Bradbury (Flickr)

    Computer hackers from Denmark have exposed two suspected paedophiles in what they say is an attempt to clean up the web.
    According to the Berlingske newspaper, the hackers, who published the names of two men on Facebook, are associated with the global online activist group Anonymous.
    The hack is thought to be in connection with Op SafeKids, a collective effort, supported by Anonymous, to report child porn websites. One of the hackers, referred to only as ‘Locutuz’, spoke to the Berlingske newspaper. “They should have expected us, and they can expect that this will continue to happen,” Locutuz said, seemingly making reference to the Anonymous calling card: “We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.”


    Police chief says hacked website highlights need for Bill C-30

    Ontario Association of Chiefs of Police president Matt Torigian said an attack on the group's website Friday only highlights the need for the very legislation the hack challenged.

    WikiLeaks publishes Stratfor emails linked to Anonymous attack

    Website says total cache amounts to millions of emails exposing the global trade in intelligence.
    James Ball
    The hacktivist group Anonymous is believed to be the source for emails being published by WikiLeaks from the Stratfor thinktank. Photograph: Louisa Gouliamaki/AFP/Getty

    WikiLeaks has begun releasing a cache of what it says are 5.5m emails obtained from the servers of Stratfor, a US-based intelligence gathering firm with about 300,000 subscribers.
    The whistleblowing site has published 167 emails in its initial release. WikiLeaks says it has partnered with 25 media organisations around the world, including Rolling Stone, McClatchey, the Hindu and Russia Reporter.
    Unlike previous WikiLeaks releases, this latest email cache was apparently obtained through a hacking attack on Stratfor by Anonymous in December 2011 rather than through a whistleblower.
    Anonymous published contact and credit card details from Stratfor and said at the time it had also obtained a large volume of emails for which it would arrange publication.
    One of the largest Anonymous-linked accounts on Twitter, @AnonymousIRC, put out a series of tweets on Monday morning seemingly confirming it was the source of the WikiLeaks release.
    "We promised you those mails and now they'll finally be delivered. Five million (that's 5,000,000) emails at your pleasure," said the Anonymous account.
    "There's a treasure trove of nasty details in those emails. We think there's something for everyone."
    Stratfor describes itself as a provider of "strategic intelligence on global business, economic, security and geopolitical affairs". Guardian analysis of records published after the original Anonymous attack revealed the email account details of 221 UK military staff and 242 Nato officials.
    WikiLeaks said the documents contained details of the inner workings of the private intelligence agency, links between government and private intelligence, and commentary on WikiLeaks itself.
    "The material contains privileged information about the US government's attacks against Julian Assange and WikiLeaks and Stratfor's own attempts to subvert WikiLeaks," the whistleblower website said.
    "There are more than 4,000 emails mentioning WikiLeaks or Julian Assange. The emails also expose the revolving door that operates in private intelligence companies in the United States."
    The email cache is said to contain information on measures taken to track activist and NGO activity for large companies, through media monitoring, and information on the financial sector.
    The hacking attack on Stratfor is subject to an FBI investigation. Several alleged members of Anonymous have been arrested by authorities in the US and UK as part of investigations.
    Stratfor had not at the time of writing commented on the authenticity of the published material.
    WikiLeaks and some of its media partners – including the Yes Men activists who target Dow Chemicals among others – are scheduled to hold a press conference discussing the release at midday on Monday at the Frontline Club in London.