Avian Gamers Network

Forum
It is currently Thu Mar 28, 2024 8:54 am

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 15 posts ] 
Author Message
PostPosted: Thu Jun 16, 2011 4:15 am 
Offline
Site Admin
User avatar

Joined: Mon Oct 29, 2001 9:01 pm
Posts: 2417
Location: Baton Rouge, LA / Kuwait / Kandahar
Is there more hacking going around than usual?

Major hacks on PlayStation Network, Citigroup, IMF, Google, Lockheed Martin, US Senate, CIA and many more have been happening lately.

Then there is Richard Clarke’s Report of the China’s Cyberassault on America. To me it looks like big time hacking in on the rise. Just Google Hacked

What do you think is going on?


Top
 Profile  
 
PostPosted: Thu Jun 16, 2011 7:05 am 
Offline
User avatar

Joined: Mon May 20, 2002 8:01 pm
Posts: 1722
Location: Greenland, Nuuk
Gotta agree that there has been alot of hacking.
Also it is focus by the news.

LulzSec tend to claim responsability.

I have no idea for the reason behind it, but I find it odd that alot a hacking begins not long after Pentagon said that hacking is an act of war.
http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html?mod=rss_whats_news_technology&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wsj%2Fxml%2Frss%2F3_7015+%28WSJ.com%3A+What%27s+News+Technology%29

However note that it is talking about hacking that destroys the infrastructure of the USA, like the powergrid.


Most of my friends - and alot of commentators in danish newspapers - agrees that it is a bunch of kids downloading scripts and executing them.

Looking at the tactics. Most of the recent attacks has been DDoS attacks.
Only one I can think of which was damaging was the cracking of Sony where alot of personal information was stolen.
The rest has just been about breaking the camels back.

_________________
1st Feb 2008
Madson wrote:
Woo hoo! another laptopper like me! Wow that sounded wierd just now...


Top
 Profile  
 
PostPosted: Thu Jun 16, 2011 7:23 am 
Offline
User avatar

Joined: Mon May 20, 2002 8:01 pm
Posts: 1722
Location: Greenland, Nuuk
Although if one were to look at the conspiration, of a group provocating USA to start a war at some point, this topic will become more political.

I suggest moving this topic if it should go too far down that road.

_________________
1st Feb 2008
Madson wrote:
Woo hoo! another laptopper like me! Wow that sounded wierd just now...


Top
 Profile  
 
PostPosted: Thu Jun 16, 2011 8:57 am 
Offline
Site Admin
User avatar

Joined: Mon Oct 29, 2001 9:01 pm
Posts: 2417
Location: Baton Rouge, LA / Kuwait / Kandahar
Don’t f*ing steer it that direction.


Top
 Profile  
 
PostPosted: Thu Jun 16, 2011 9:09 am 
Offline
User avatar

Joined: Mon May 20, 2002 8:01 pm
Posts: 1722
Location: Greenland, Nuuk
Well we do agree on the fact that there is alot more high-profile hacking than usual.

Conspirations aside...
Why does group like LulzSec hack the major coorperation?
They themselves claim that it is to show security vulnerabilities...
On the other hand, LulzSec specifically, did hack and grap alot of sensitive accountinformation from Sony. Reportedly 16.000 users has been affected one way or another.

But most of those hacks has been DDoS, which is really hacking if you ask me.
It is more akin to loading a bridge to it's breaking point. In other words, shutting down a service.

So again...
Why?

_________________
1st Feb 2008
Madson wrote:
Woo hoo! another laptopper like me! Wow that sounded wierd just now...


Top
 Profile  
 
PostPosted: Thu Jun 16, 2011 9:14 am 
Offline
Spammer
User avatar

Joined: Thu Feb 14, 2002 9:01 pm
Posts: 4118
Location: Laramie, WY
Well, the PS network was in retaliation for Sony coming down hard on the guy who cracked the PS3 to allow users to put their own OS on it like they used to be able to do before Sony decided to take that away.

Sony was also clearly warned not to go after the guy. Frankly, I'm torn on that issue. I have a PS3. I own the hardware, I don't license it. If I want to put a different OS on it, mod it, or use it for purposes for which it was not intended, it is my hardware to do with as I please. If I'm pirating software, that is probably not OK. Sony can ban me permanently from using their network for cheating in games. But how I'm using the hardware I purchased is none of their business.

If the hack of the PSN hadn't at the same time stolen credit card info of users (mine included) I would fully support the actions of Anonymous. The main problem is that they aren't "fighting for the little guy," they are fighting because they can and will take whatever they can at the same time.

It is interesting to see the developments going on around the world with hacking, however. I think there are a lot of people who feel they have been disenfranchised and who feel almost betrayed by their governments, politicians, big banks, etc. Resistance and pushback is probably inevitable. However, the forms that pushback takes is likely to vary drastically. Obviously protesting doesn't do any good to make changes, especially in places like Syria where it will get you shot. I think large scale hacking attacks by sophisticated groups will become a large part of various 'resistance' groups efforts. They will be more protected from physical harm and they can have a very large impact compared to their actual numbers. The damages to Sony are immense. I don't know if Sony would decide to not go after someone again because of it, but they were ridiculed publicly for over a month as their entire online infrastructure was completely destroyed and had to be rebuilt. Sony looks damn incompetent, and still had to fork over enough to buy a years's worth of fraud monitoring and insurance for millions of individual users.

_________________
Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!


Top
 Profile  
 
PostPosted: Thu Jun 16, 2011 9:36 am 
Offline
Site Admin
User avatar

Joined: Mon Oct 29, 2001 9:01 pm
Posts: 2417
Location: Baton Rouge, LA / Kuwait / Kandahar
PBS got hacked after they did a negative wikileak article. Some of these attacks seem political; some seem like attempts at identity theft. The China stuff is like a miniature war, which is a whole other level.

I think this stuff is more focused and serious than just some kids messing around. These guys have an agenda. If you do not cave to their ideology they’re going to turn your world upside down.

The PSN stuff totally screwed Sony in so many ways. They will be lucky if their suffering last just one year. This screwed their plans for the entire year; including their whole E3 info cascade.


Top
 Profile  
 
PostPosted: Thu Jun 16, 2011 9:40 am 
Offline
User avatar

Joined: Mon May 20, 2002 8:01 pm
Posts: 1722
Location: Greenland, Nuuk
True... but then who are these guys and what is the ideology...?

It's can't only be dusgrunteled gamers...

_________________
1st Feb 2008
Madson wrote:
Woo hoo! another laptopper like me! Wow that sounded wierd just now...


Top
 Profile  
 
PostPosted: Thu Jun 16, 2011 10:05 am 
Offline
Spammer
User avatar

Joined: Thu Feb 14, 2002 9:01 pm
Posts: 4118
Location: Laramie, WY
Azzameen85 wrote:
True... but then who are these guys and what is the ideology...?

It's can't only be dusgrunteled gamers...


That's the dangerous part. We don't know who they are. They aren't all disgruntled gamers. What they will do next I don't know, but companies and governments who don't take the threat seriously will have a very difficult time surviving, let alone holding on to legitimacy.

_________________
Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!


Top
 Profile  
 
PostPosted: Thu Jun 16, 2011 10:27 am 
Offline
User avatar

Joined: Mon May 20, 2002 8:01 pm
Posts: 1722
Location: Greenland, Nuuk
Cetera wrote:
Azzameen85 wrote:
True... but then who are these guys and what is the ideology...?

It's can't only be dusgrunteled gamers...


That's the dangerous part. We don't know who they are. They aren't all disgruntled gamers. What they will do next I don't know, but companies and governments who don't take the threat seriously will have a very difficult time surviving, let alone holding on to legitimacy.


Well... we ought to assume there ARE disgruntled gamers among them.
But it would not be surprising that there are a number of oppotunist in there who are using the LulzSec as a anonymity cover...

_________________
1st Feb 2008
Madson wrote:
Woo hoo! another laptopper like me! Wow that sounded wierd just now...


Top
 Profile  
 
PostPosted: Thu Jun 16, 2011 11:22 am 
Offline
Site Admin
User avatar

Joined: Mon Oct 29, 2001 9:01 pm
Posts: 2417
Location: Baton Rouge, LA / Kuwait / Kandahar
All these attacks have not been LulzSec. Anonymous and Idahc have also been active.

This is a good article detailing the these groups and what they have been up too.


Quote:
Every day there's another report of a computer hack. Yesterday it was a video game company and a U.S. Senate database. And today it could be the Federal Reserve. There's no doubt that there's a wave of attacks going on right now, against different targets and with seemingly different motives.



The questions on everyone's mind are who is behind these computer attacks and why are they doing it. This FAQ will help answer those questions in at least some of the cases.

Who is Anonymous?
Anonymous is the best known of the groups that are currently active and publicly taking credit for, even publicizing in advance, attacks on Web sites. It's a decentralized group that specializes in organizing distributed denial-of-service (DDoS) attacks designed to shut down sites, particularly in support of freedom of speech. Past targets have included the Church of Scientology, BMI, the governments of Egypt and Iran, and companies owned by conservative activist billionaires Charles and David Koch. They also conducted a massive compromise of the security firm HBGary Federal, which had reportedly been working with the FBI to identify the leaders of Anonymous.

They launched a series of effective DDoS attacks against PayPal, Visa, and MasterCard late last year after the companies stopped enabling WikiLeaks to receive contributions through those means. Sources told CNET that the group has undergone a loss of membership and radical shift in direction and organizational participation since the arrest of a 16-year-old alleged member in the Netherlands late last year, the arrest of five people (ages 15-26) in the U.K. in January, and the issuing of more than 40 arrest warrants in the U.S. Member identities were reportedly leaked on the Internet as well. The group's strong anti-establishment and political messages have led some to call them hacktivists, which refers to activists who hack. It's unclear how many people participated in their campaigns, which they call "operations," because their system is designed to allow for confidential participation.

Who have they targeted recently and why?
Anonymous pretty much started the recent spate of hackings against Sony, hitting several Sony sites with a DDoS in early April in retaliation for Sony taking several PlayStation 3 hackers to court. PS3 "modder" George Hotz and Sony eventually settled out of court. But attacks on Sony continued, with a major breach at the PlayStation Network that exposed 77 million customer records and at Sony Online Entertainment where more than 24 million records were exposed. Sony has suggested connections between Anonymous and the breaches. While Anonymous was admittedly behind the initial DDoS, it says it wasn't behind the PSN and Sony Online Entertainment breaches, and hasn't claimed credit for any other Sony attacks. Last week, Spanish police arrested three people accused of taking part in Anonymous activities and Anonymous members retaliated by hitting the Spanish National Police Web site. This week, Turkish police arrested 32 people, including eight who were teens, within days of the group launching a campaign to shut down a Turkish government site in response to new Internet filtering laws. Yesterday, Anonymous was planning an attack on the site of the Federal Reserve for today.

Who is LulzSec?
LulzSec first popped up in early May seemingly out of nowhere. But sources told CNET that the group is a spinoff from Anonymous ranks, but with no pretense of having a political message or moral principle. Indeed, the group's name, LulzSec--a derivative of LOL (laugh out loud) combined with security--is a strong indication that the group's motivation is to just hack for kicks and entertainment. The group makes a lot of jokes and taunts on Twitter and today said it would take hacking target requests. "Pick a target and we'll obliterate it. Nobody wants to mess with The Lulz Cannon - take aim for us, twitter."

Who have they targeted?
LulzSec began publicizing its hacking in May with the compromise of the Web site of the Fox TV show "X Factor" and exposed personal information of contestants, followed by release of internal Fox data. The group also has taken credit for hacks of Sony Music Japan, Sony Pictures, Sony BMG Belgium and Netherlands, Sony Computer Entertainment Developer Network (allegedly stealing source code) and Sony BMG, according to this timeline.

LulzSec hacked the site of PBS.org late last month, leaked passwords, and pasted a spoof news article on the site claiming that deceased rappers Tupac Shakur and Biggie Smalls were alive and residing in New Zealand. The group claimed they were punishing PBS for a Frontline program on WikiLeaks that they claimed was biased against the whistleblower site. LulzSec also has targeted Nintendo and the Web site of FBI partner Infragard in an attempt to embarrass the agency. LulzSec said it took the action against Infragard because of a plan by the Obama administration to classify cyberattacks as acts of war. Among the passwords on the Infragard site was one used by the CEO of botnet tracking firm Unveillance. The CEO told CNET that the hackers used the password to read his e-mails and listen in on conference calls and that they threatened to extort money and botnet data from him. Botnets composed of compromised computers are typically used to send spam and to launch DDoS attacks.

LulzSec recently went public with data stolen from a U.S. Senate Web site and released data stolen from the site of Bethesda Softworks, a subsidiary of gaming company ZeniMax Media. The group also recently compromised a site at the U.K. National Health Services. LulzSec did not release the information publicly, but sent an e-mail to the agency warning them about the problem and then released a redacted version of the e-mail to the public.

Who is Idahc?
Another hacker who has taken credit for attacking Sony is known as Idahc. He has identified himself as a 18-year-old Lebanese computer science student. In an interview this week with Andy Greenberg at Forbes, Idahc said he began hacking for "justice," then it became a game and now he's trying to prompt organizations to improve the security of their Web sites. "I don't hack for 'lulz' but for moral reasons," he said in the interview, adding that he considers groups like LulzSec to be "black hat," or criminal, hackers, and that he is a "gray hat" hacker.

Who has Idahc targeted?
Idahc claims to have stolen 2,000 records from Sony Ericcson's e-commerce site in Canada, leaked a database from Sony Europe, and compromised a Sony Portugal site. Meanwhile, there have been other copycat-type attacks on Sony, specifically a hacker with the alias "k4L0ng666" took credit for hacking Sony Music Indonesia and has reported a long list of other Web site defacements to cybercrime archive Zone-H. And someone with the handle "b4d_vipera" claimed responsibility for hacking Sony BMG Greece.

What about other big recent attacks? Are these all related?
In the past few months there have been a string of other computer hacking incidents, but they are not all linked. Unlike the Sony and other attacks conducted by Anonymous and LulzSec which were done to expose security weaknesses and embarrass a target and get publicity, other types of attacks are more malicious.

For instance, the networks of Citigroup and the International Monetary Fund were compromised recently. Reports have speculated that the IMF was targeted by a foreign government possibly wanting access to insider information that could affect financial markets. It's also unknown who is behind the Citigroup incident, although The New York Times reported that whoever did it managed to get in through the main customer Web site and then leapfrogged between different customers by inserting various account numbers into the browser address bar repeatedly. The data from accounts could be used for financial fraud, although the thieves apparently did not get card expiration dates or security codes, which will make the data more difficult to use.

Then RSA warned customers in March that its system had been compromised and data was stolen related to its SecurID two-factor authentication devices, which are widely used by U.S. government agencies, contractors, and banks to secure remote access to sensitive networks. Within a few months, reports trickled out about breaches at three defense contractors: Lockheed Martin, L-3 Communications, and Northrop Grumman, the first two of which confirmed that the attacks were related to SecurIDs. It's unclear who is behind the attacks, but when it comes to military espionage foreign governments or nation states are often suspected. In this case several experts speculated it could be China.


Google announced earlier this month that it had thwarted an attack aimed at snooping on hundreds of Gmail accounts owned by U.S. and other government officials, journalists, and political activists that appeared to originate in China. Chinese representatives have denied any involvement.

There was also a breach at e-mail marketing service provider Epsilon in April that prompted big companies like Citibank, Chase, Capital One, Walgreens, Target, Best Buy, TiVo, TD Ameritrade, and Verizon to warn customers that their e-mail addresses had been exposed.

And in March someone stole digital certificates from registration authorities associated with Comodo and could have used them to spoof sites like Google, Yahoo, Live.com, and Skype. A 21-year-old Iranian patriot claimed responsibility for the attacks, saying he was protesting U.S. policy and was taking revenge for last year's Stuxnet malware that experts believe was created to shut down Iran's nuclear program.


Top
 Profile  
 
PostPosted: Thu Jun 16, 2011 12:06 pm 
Offline
Spammer
User avatar

Joined: Fri Jun 28, 2002 11:16 am
Posts: 5162
Location: Broomfield, CO
Just a point to make regarding the China aspect.

China has been waging an electronic war against the US for Decades. The only significant difference is that they became exponentially more effective in the last 2 years. Oddly enough, that timing coincided with Yahoo and Google opening offices in China and bringing in a local workforce, then subsequently closing said offices.

A significant possibility I see that hasn't been addressed in depth is the likelihood that China's hackers got immediate access to better training and much better resources thanks to bad over-site on Google and Yahoo's parts.

_________________
"Loose with Dignity"
Robert
Second President, Avian Gamers


DDO - Cannith - AlistairItor - Rogue/Ranger (5/3) - Main
DDO - Cannith - Guijanitor - Paladin/Rogue (4/1)
DDO - Cannith - RicochetItor - Rogue (5)


Top
 Profile  
 
PostPosted: Sun Jun 26, 2011 7:46 am 
Offline
Site Admin
User avatar

Joined: Mon Oct 29, 2001 9:01 pm
Posts: 2417
Location: Baton Rouge, LA / Kuwait / Kandahar
http://www.foxnews.com/scitech/2011/06/ ... latestnews

Quote:
NEW YORK – A publicity-seeking hacker group that has blazed a path of mayhem on the Internet over the last two months, including attacks on law enforcement sites, said unexpectedly on Saturday it is dissolving itself.

Lulz Security made its announcement through its Twitter account. It gave no reason for the disbandment, but it could be a sign of nerves in the face of law enforcement investigations. Rival hackers have also joined in the hunt, releasing information they say could point to the identities of the six-member group.

One of the group's members was interviewed by The Associated Press on Friday, and gave no indication that its work was ending. LulzSec claimed hacks on major entertainment companies, FBI partner organizations, the CIA, the U.S. Senate and a pornography website.

As a parting shot, LulzSec released a grab-bag of documents and login information apparently gleaned from gaming websites and corporate servers. The largest group of documents -- 338 files -- appears to be internal documents from AT&T Inc., detailing its buildout of a new wireless broadband network in the U.S. The network is set to go live this summer. An AT&T spokesman could not immediately confirm the authenticity of the documents.

In an unusual strategy for a hacker group, LulzSec has sought publicity and conducted a conversation with the public through its Twitter account. Observers believe it's an offshoot of Anonymous, a larger, more loosely organized group that attempts to mobilize hackers for attacks on targets it considers immoral, like oppressive Middle Eastern governments and opponents of the document-distribution site WikiLeaks. LulzSec, on the other hand, attacked anyone they could for "the lulz," which is Internet jargon for "laughs."



I did not realize they were so small.


Top
 Profile  
 
PostPosted: Sun Jan 15, 2012 2:04 am 
Offline
Site Admin
User avatar

Joined: Mon Oct 29, 2001 9:01 pm
Posts: 2417
Location: Baton Rouge, LA / Kuwait / Kandahar
The following is an Interesting article about Chinese made Sykiot Malware targeting Pentagon smartcards (CAC cards)

http://www.digitaltrends.com/computing/ ... dium=email

Quote:
New Sykipot variant targets Pentagon smart cards
January 13, 2012 By Geoff Duncan

The stakes are going up in cybersecurity: AlienVault says a new Sykipot variant targets smart cards used by the Department of Defense and the defense industry.
A new variant in the long-standing Sykipot malware family appears to have a new trick up its sleeve. According to AlienVault, instead of just launching spear-phishing email messages, the new Sykipot variant now appears to be targeting credentials of the PC/SC x509 smart cards used by the U.S. Department of Defense and a wide range of corporations and enterprises, including defense contractors.

The Sykipot malware family has been around since at least 2007, and has been used to launch spear-phishing attacks primarily against targets in the United States, particularly in the defense sector. AlienVault claims the attacks originate with command-and-control servers in China.

The new Sykipot variant uses a spear-phishing attack to try to convince targets to open a PDF attachment. That attachment employs a zero-day vulnerability in Adobe’s Acrobat Reader to install the Sykipot malware on the machine. Once installed, Sykipot runs a keylogger to obtain PIN numbers for use with DOD and Windows smart cards. When the smartcard is inserted into a reader, the malware then impersonates an authorized user and enters the PIN in an effort to obtain access to secured information.

According to AlienVault researcher Jamie Blasco, the new Sykipot variant seems to have been created in March 2011, and has turned up in several attack samples since. AlienVault can’t say the malware has successfully obtained DOD or Windows smart card credentials, but said the attack does work.

Sykipot isn’t the first malware to target smart cards and other two-factor authentication schemes, but it is intriguing that the new variation seems to explicitly target smart card systems widely used by the U.S. Department of Defense and the defense industry. The exploit also only operates when the smart card is physically present in the compromised machine, meaning it may be quite difficult for administrators and network security protocols to distinguish between Sykipot access and legitimate uses by the smart card owner.


Top
 Profile  
 
PostPosted: Sun Jan 15, 2012 4:34 pm 
Offline
Spammer
User avatar

Joined: Thu Feb 14, 2002 9:01 pm
Posts: 4118
Location: Laramie, WY
I don't know if anyone hear uses or follows Stratfor.com, but they got hacked in a major way a couple of months or so ago that appears to be politically motivated. It resulted in them going completely offline for a significant period (multiple weeks) and them losing large amounts of data. The breach not only stole all of their subscribers' info and credit cards (which were stored unencrypted) but the hackers were able to steal other info and then destroy backups and servers of Stratfor.

Years ago I was actively trying to get involved in the security side of IT and systems management, but couldn't ever get it to work out with my employment opportunities. I still think information security will be the number one biggest field in IT for the next several decades. Companies, governments, and individuals currently have absolutely no idea what they are about when it comes to securing their own private data and the data of their users and customers.

There is so much out there in terms of variety of technology that needs to interface with each other that I believe it is a virtual if not actual impossibility of securing all data. Most companies that have decent security overlook other vulnerable areas. The only reason the majority of companies haven't been hacked yet is because they haven't been targeted.

As the web matures and becomes more and more essential to all aspects of our lives, not just e-commerce, I think out of necessity you'll see most small businesses and organizations completely lose their web presence and be completely subsumed by bigger organizations that will take over those responsibilities for them. You won't buy from a small vendor online ever. You'll buy from Amazon who will then sell the small vendor stuff for them through their web infrastructure, or you'll get a variety of businesses that will join together in a Co-op to supply and secure a web presence shared by all.

My mom is still very paranoid about shopping online for anything and having her credit card number be stolen. I've pointed out to her that even if she never shops online at all, her credit card is more likely to be stolen than if she shopped exclusively at Amazon.com. Every vendor she's ever used via phone or at a brick-and-mortar store now keeps their books electronically, and the odds are very very good that they don't have the necessary security to protect your info as they aren't thinking about that nor geared for it.

Security is very, very expensive, because it is extremely hard to do and it becomes more and more complicated every single day. The hardest part of all of it for consumers is to find someone they can trust. Whomever comes up with a robust trust relationship and authentication system will be the wealthiest individual or organization on the planet.

_________________
Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 15 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group