The Indian government cyber snooping program is becoming so pervasive that it makes the US Prism operation look harmless. India is giving its security agencies and even income tax officials the ability to tap directly into e-mails and phone calls without oversight by courts or parliament, several sources said.
The excuse is that the move will help safeguard national security, because that excuse is always trotted out when governments do evil things. The Central Monitoring System (CMS) was announced in 2011 but there has been no public debate and the government has said little about how it will work or how it will ensure that the system is not abused.
The government started to quietly roll the system out state by state in April this year, according to government officials. Eventually it will be able to target any of India’s 900 million landline and mobile phone subscribers and 120 million Internet users.
Cynthia Wong, an Internet researcher at New York-based Human Rights Watch said that if India doesn’t want to look like an authoritarian regime, it needs to be transparent about who will be authorized to collect data, what data will be collected, how it will be used, and how the right to privacy will be protected.
Three months after hackers working for a cyberunit of China’s People’s Liberation Army went silent they appear to have resumed their attacks using different techniques.
The Obama administration had bet that “naming and shaming” the groups, first in industry reports and then in the Pentagon’s own detailed survey of Chinese military capabilities, might prompt China’s new leadership to crack down on the military’s team of hackers. But it appears that Unit 6139 is back in business, according to American officials and security companies.
Mandiant, a private security company that helps companies and government agencies defend themselves from hackers, said the attacks had resumed but would not identify the targets. The victims were many of the same ones the unit had attacked before. Mandiant said that the Chinese hackers had stopped their attacks after they were exposed in February and removed their spying tools from the organisations they had infiltrated.
But in the last two months, they have begun attacking the same victims from new servers and have reinserted many of the tools that enable them to seek out data without detection. The subject of Chinese attacks is expected to be a central issue in an upcoming visit to China by President Obama’s national security adviser, Thomas Donilon. However little is expected to come of it, the Chinese have always denied that they have a hacked anyone, ever.
Anonymous has restarted its attack against North Korea and once again is using a North Korean Twitter account to announce website scalps.
The Twitter account @uriminzok was the scene of announcements about the hacked websites during the last stage of Op North Korea, and reports have tipped up there again.
The first wave of attacks saw a stream of websites defaced or altered with messages or images that were very much not in favour of the latest North Korean hereditary leader, Kim Jong-un.
They were supported by a Pastebin message signed by Anonymous that called for some calming of relations between North Korea and the US, and warned of cyber attacks in retaliation.
“Citizens of North Korea, South Korea, USA, and the world. Don’t allow your governments to separate you. We are all one. We are the people. Our enemies are the dictators and regimes, our goals are freedom and peace and democracy,” read the statement. “United as one, divided by zero, we can never be defeated!”
Before the attacks restarted, the last Twitter message promised that more was to come. It said, “OpNorthKorea is still to come. Another round of attack on N.Korea will begin soon.” Anonymous began delivering on that threat in the early hours this morning.
More of North Korean websites are in our hand. They will be brought down.
— uriminzokkiri (@uriminzok) April 15, 2013
We’ve counted nine websites downed, defacements and hacks, and judging by the stream of confirmations they happened over a two hour period. No new statement has been released other than the above.
— uriminzokkiri (@uriminzok) April 15, 2013
Downed websites include the glorious uriminzokkiri.com, a North Korean news destination. However, when we tried it we had intermittent access.
Last time around the Anonymous hackers had taken control of North Korea’s Flickr account. This week we found the message, “This member is no longer active on Flickr.”
A cyberattack campaign, dubbed #OpIsrael by hacking group Anonymous failed to bring down the Israeli government websites over the weekend.
Yitzhak Ben Yisrael, of the government’s National Cyber Bureau said that while the attack did take place, it did hardly any damage. Ben Yisrael said that Anonymous lacked the skills to damage the country’s vital infrastructure. And if that was its intention, then it wouldn’t have announced the attack before hand.
“It wants to create noise in the media about issues that are close to its heart,” he said, as quoted by the Associated Press news agency.
Posters using the name of the hacking group Anonymous had warned they would launch a massive attack on Israeli sites in a strike they called #OpIsrael starting April 7. Last week, a leading hacker going by the handle of “Anon Ghost” said that “the hacking teams have decided to unite against Israel as one entity…Israel should be getting prepared to be erased from the Internet,” according to Israeli media reports.
Israel’s Bureau of Statistics was down on Sunday morning but it was unclear if it was hacked. Defense and Education Ministry as well as banks had come under attack the night before but the security shrugged it off.
Anonymous did have a crakc at the stock market website and the Finance Ministry website but no one there noticed.
Where Anonymous was successful was when it targeted small business. Some homepage messages were replaced with anti-Israel slogans, media said. Israeli hackers hit sites of radical Islamist groups and splashed them with pro-Israel messages.
Anonymous goes after the Massachusetts Institute of Technology (MIT) website after its president called for an internal investigation into what role it played in the prosecution of web activist Aaron Swartz.
MIT president Rafael Reif revealed the investigation in an email to staff that he sent out after hearing the news about Swartz’s death.
“I want to express very clearly that I and all of us at MIT are extremely saddened by the death of this promising young man who touched the lives of so many. It pains me to think that MIT played any role in a series of events that have ended in tragedy,” he wrote.
“I have asked Professor Hal Abelson to lead a thorough analysis of MIT’s involvement from the time that we first perceived unusual activity on our network in fall 2010 up to the present. I have asked that this analysis describe the options MIT had and the decisions MIT made, in order to understand and to learn from the actions MIT took. I will share the report with the MIT community when I receive it.”
Hacktivists from Anonymous defaced two MIT webpages in the wake of the announcement and turned them into memorials for Swartz.
The defacements also had another message, that the government should back away from this kind of prosecution.
“Whether or not the government contributed to his suicide, the government’s prosecution of Swartz was a grotesque miscarriage of justice, a distorted and perverse shadow of the justice that Aaron died fighting for,” they wrote.
“We call for this tragedy to be a basis for reform of computer crime laws, and the overzealous prosecutors who use them.”
Swartz was accused of downloading research documents from academic service JSTOR and using MIT’s networks to do so. If he had been found guilty, he could have been sentenced to up to 35 years in prison.
JSTOR has said that it regrets having been drawn into the case.
Symantec thinks that it has tracked down the people behind the recently discovered Internet Explorer zero-day vulnerability.
The firm says that the zero-day exploit appears to have been discovered by the Elderwood group and is a continuation of its Elderwood project, a name given to attacks and exploits based on the same infrastructure components.
The exploit is used in what is called a Watering hole attack, a system whereby people with a specific interest are targeted after visiting a particular website.
It has a less snappy, but more precise name thanks to Microsoft and this is the Microsoft Internet Explorer ‘CDwnBindInfo’ Use-After-Free Remote Code Execution Vulnerability (CVE-2012-4792).
Symantec informs us that this is a zero-day vulnerability that affects Internet Explorer 8, Internet Explorer 7, and Internet Explorer 6, adding that the Elderwood project has what appears to be “a high level of technical capability,” in a PDF about the group.
The security firm is confident in saying that the group is behind this discovered exploit because of a number of commonalities that it has discovered in the SWF files used. It warned that the group might continue to devise sophisticated exploits over the course of the year.
“All the samples we identified include a function named HeapSpary. HeapSpary is a clear mistyping of Heap Spray, a common attack step used in vulnerability exploitation. In addition to this commonality, there are many other symbols in common between the files,” Symantec said.
“It has become clear that the group behind the Elderwood Project continues to produce new zero-day vulnerabilities for use in watering hole attacks and we expect them to continue to do so in the New Year.”
Hackers have attacked the French Euromillions lottery website, posting a passage from the Koran. The hackers posted a warning people to stop gambling and drinking alcohol in both Arabic and French, with “wine” and “games of chance” described as the “work of the devil”.
The group calls itself the “Morrocanghosts” and the attack said that drinking and gambling would “sow hatred between yourselves and turn you away from God and prayer”. Given a choice between wine and god, the French would probably tell the almighty to bugger off, so this particular hack is not going to go down well.
Euromillions lottery operator La Francaise des jeux (FDJ) reassured customers that no personal data had been affected in the attack, which they said had not touched any of their other games. The attempt to put Islamic values on France is so bizarre that there are suspicions that Morrocanghosts is actually an attempt by the French Right to stir up a hate campaign against Muslims in the country.
The French Right is convinced that allowing too many Muslims into the country is forcing culture changes in a nation which is not renown for its adaptability in such matters. A hack attack which pretends to come from Muslims, who want to stop French drinking and gambling, falls too closely to the Right Wing agenda to be a coincidence.
One of the leaders of the computer hacker group Anonymous has been arrested and handed over to the FBI in Dallas. It is not clear why Barrett Brown, 31, was arrested as the FBI is not saying anything.
California law firm Leiderman Devine said it would be defending Brown at a hearing in Dallas federal court and that he had been arrested on charges of “threatening a federal agent.” Brown was unusual amongst the Anonymous crowd because he was not er anonymous. He used his real name and tended to be quoted as representative of the group.
While he had been watched for some time, it seems that what got him banged up was a rambling video he posted on YouTube Wednesday called “Why I’m Going to Destroy FBI Agent Robert Smith.”
He said that he was fairly certain he am going to do prison time and while swearing like a Fudzilla reporter, Brown said he planned to “ruin” Smith’s life, adding that the FBI has threatened his mother with arrest and posted pictures of his home on line.
It appears that Anonymous has threatened Google’s video sharing web site Youtube with an attack if it does not restore access to a closed-down account.
Youtube has pulled down Anonymous videos before, but it has never raised this much ire. At issue is the web site’s blocking of an account belonging to users called Theanonmessage over a video related to the Kony viral video that spread earlier this month.
Anonymous Messenger @TheAnonMessage
URGENT: #Anonymous vs #YouTube | @YourAnonNews@BreakingNews
“Your block to TheAnonMessage’s account has directly violated first amendment rights of the constitution of the United States. This violation stands against everything our collective believes in. By speaking out against the viral Kony twenty twelve video, Youtube has decided to block a voice of truth,” says a video statement posted ironically to Youtube.
The threat is leveled at Youtube workers as opposed to the web site itself, and this is in line with Anonymous thinking. Through a variety of accounts the hacktivists have always opposed attacks on methods of communication, including Facebook.
“At this time, the collective is thinking of teaching Youtube a lesson. We must stress that the Youtube website will not be affected. It is a medium of communication and knowledge that has fallen in the wrong hands. However, we will take a course of action that will have Youtube executives awake at night and afraid for their sanity.”
Individuals at organisations have been targeted by the hackers before, but usually only if they poke their heads up and comment on or criticise the group and its methods.
Anonymous has promised that it will attack government, corporate and law enforcement web sites every Friday.
The hacker group already has a tradition of attacking web sites on a Friday, which it does under its ‘F*ck FBI Friday’, ‘F*ck CIA Friday’ and ‘Leakday’ banners. From now on this will become more encompassing, according to a short message posted to an Anonymous Twitter account.
#Anonymous Promises Regularly Scheduled Friday Attacks >> bit.ly/hrstfU
“Each and every Friday Anonymous will be launching attacks… with the specific purpose of wiping as many corrupt corporate and government systems off our internet,” it says.
Last Friday the hacktivists ran through US government web sites on a defacement spree. In some cases they were able to delete the web site contents from their servers, in others they took over web pages with anti-ACTA messages.
Other Fridays have seen Anonymous expose the details and messages of law enforcement agencies.
Many hours might have gone into the hacking, we don’t know. We do know that the hackers eventually broke through strong defences, a 12345 password, to gain access to president Bashar al-Assad’s emails.
The same tactic was used to break into almost sixty other accounts, although in some cases the cipher needed a ‘6’ on the end, making it the harder-to-crack 123456.
Anonymous, posting as Lulzfinancial, put the logins on Pastebin, the increasingly popular document sharing web site.
A separate statement from Anonymous places the activity under the banner of Opsyria, which is a movement working to stop government abuse of citizens in that country.
“For the third night in a row, Anonymous has set it’s sights on the Syrian Government, in an operation dubbed #OpSyria. The Syrian government has never been shy at using force against it’s own people. Intense tyranny and oppression have been going on for decades now inside Syria,” it said.
“The Syrian people have had enough and now this government has a revolution on it’s hands. The murders of innocent citizens by this regime have been ongoing. Anonymous has attacked Syrian Government servers and websites as a sign of solidarity with the Syrian people. More websites will follow. We will only stop when Bashar Assad steps down.”
Emails from the government have been posted online, again to Pastebin, and the Israeli newspaper Haaretz has published a number of translations, two sets of PDFs that are here and here.
These include the suggestion that Assad should sit for an interview with television journalist Barbara Walters, because the “American psyche can be easily manipulated”.
The group has danced with Symantec for some time, but now that dance is over. A tweet from the @AnonymousIRC account links to Pirate Bay and Pastebin releases.
The Bittorrent link takes users to a download of PCanywhere source code for remote login software from Symantec, and the statement, “Symantec has been lying to its customers. We exposed this point thus spreading the world that ppl need” – #AntiSec #Anonymous. Spread and share!”
The Pastebin post is a set of emails apparently sent between hacker Yamatough and Symantec, in which the latter apparently was ready to pay $50,000 to retrieve its data.
This was also suggested by long term Anonymous mouthpiece Anonymousabu, who said, “Update regarding Symantec: Stay tuned for the f*cking lulz. Let’s just say Symantec tried to give us 50,000 reasons not to release sources!” before the release went live.
The Real Sabu @anonymouSabu
Update regarding Symantec: Stay tuned for the fucking lulz. Let’s just say Symantec tried to give us 50,000 reasons not to release sources!
6 Feb 12
“We are not in contact with the FBI. We are using this email account to protect our network from you. Protecting our company and property are our top priorities,” says an email apparently sent from a Symantec representative that explains why the firm initially dropped out of the deal.
“We can’t pay you $50,000 at once for the reasons we discussed previously. We can pay you $2,500 per month for the first three months. In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated). Once that’s done, we will pay the rest of the $50,000 to your account and you can take it all out at once. That should solve your problem…. Obviously you still have our code so if we don’t follow through you still have the upper hand.”
Symantec’s official line is that no customer data is affected and that it has fixed any vulnerabilities that its code might have.
“Symantec can confirm that a segment of its source code has been accessed. Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006,” it says in a statement on a page dedicated to the attack.
“Since 2006, Symantec has instituted a number of policies and procedures to prevent a similar incident from occurring. Furthermore, there are no indications that customer information has been impacted or exposed at this time.”
We have asked Symantec to comment on this latest update.
Symantec told us that the emails are genuine but were part of a law enforcement investigation into the attack. It added that the case is ongoing and it would like to stay quiet on the details.
“In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property,” said a spokesperson.
“The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.”
Yesterday we reported that the Brazilian branch of the populist group had attacked four major banks. The attacks have continued today, striking out at three more banks – Citibank, Panamericano, and Febraban.
Earlier the group said:
Translated, it says, “# WARNING OpWeeksPayment Sailors: Increase the volume of your turntables because today we have much TANGO! TRACK …”
The group is protesting over economic inequality in the country and claims that the aim is not to defraud customers. It has also taken down Cielo, a credit and debit card operator.
It announced the attacks on Twitter, with tweets similar to, “# OpWeeksPayment – Sailors WARNING: Target reached! Citibank is drifting! TANGO DOWN!”
“# WARNING OpWeeksPayment Sailors: The febraban.org.br joined the friends there in the sea! This will be grounded for a long time!” another read.
It’s unclear whether attacking eight financial targets will be enough for the busy group or whether more are in the firing line.
Anonymous apparently has declared war on Finland after the country began blocking access to the filesharing web site Pirate Bay.
Yesterday we reported that the large Finnish ISP Elisa, had begun blocking the web site at the order of Finland’s High Court. This news was not taken well by Anonymous, which responded by hacking its ‘enemy’.
“TANGO DOWN http://www.antipiracy.fi Copyright Information & Anti-Piracy Centre In Finland | And We’ll keep it down as long as We want \o/,” wrote the Anon_Finland account on Twitter.
The cause caught the attention of the wider Anonymous hacktivist collective, and the Anonymous Finns got its support.
“Finland is apparently just begging for some sweet, sweet Anonymous action. We shall oblige them. #Elisagate ^_^” wrote Youanonnews.
Anonymous Sabu, one of the more vocal members of the group also took an interest. “Ladies and gents: today we will focus on Finland. and every country like it who has begun a campaign of censorship. First steps to Cyberwar,” he tweeted, adding, “To the Finnish government: Stop censorship or deal with the consequences.”
Elisa is appealing the decision and is calling its block a temporary one. It also said that it installed the block to avoid a fine. It added that it did not make the decision, but the High Court.
The Stratfor, security firm whose website was compromised over the weekend by members of the anarchic computer-hacking group Anonymous, has reported that victims of the attack have had their credit cards used again.
Victims of the attack, mostly employees of major companies or agencies which use Stratfor’s, learnt at Christmas that their names, addresses and credit card details had been published online. The cards were then used to make large donations to major charities.
Now it seems that Stratfor is warning that the cards were being used again if the victims complained to the press. On another webiste Anonymous used another website to mock victims who spoke to the Associated Press about their experience. Its said “We went ahead and ran up your card a bit.”
Stratfor, which is based in Texas, provides analysis that helps customers to reduce their exposure to risk. We would have thought it should have known better and failed to take basic steps to encrypt customer data.