In what the loosely-tied hacker group Anonymous calls #OpSaveTheArctic, over 1,000 email credentials and Hash checks of email passwords from five major international oil giants were released. The companies targeted included Exxon Mobil Corporation, Shell Petrochemical Corp., and BP Global; as well as the Russian based Gazprom Corporation and Rosneft Petroleum Corp.
The data dumped on anonymous text post website Pastebin includes 317 emails and their unsalted MD5 hashed passwords from a hack on Exxon mobil from June. Added July 13th: a further 724 emails and hashed passwords from BP, Gazprom, and Rosneft, and 26 emails with clear-text passwords from Shell Petroleum. Also listed: all of the internal mail system information, detailing routers, operating system type, database details and server hardware vendor. Further detailing of the type of data gained is available at the DC/Nova/Maryland network security blog site NovaInfoSeco.com.
On Monday, hacktivist group Anonymous announced it will be releasing 1.7 gigabytes of private data it has acquired from the United States Department of Justice, in an event it called "Monday Mail Mayhem." The group claimed the act was being done to "spread information, to allow the people to be heard and to know the corruption in their government. We are releasing it to end the corruption that exists, and truly make those who are being oppressed free."
New York-based security company Identity Finder ran an analysis on the data after it was released on Tuesday, and found the file dump actually contained no sensitive personal information, no secret internal documents, and no internal emails.
Streaming music content is too restrictive, believes hacktivists Anonymous. Six members of the group have released Anontune, a web-based application that aims to aggregate streaming music online and place it in a central location. AnonTune currently accesses the catalogs of YouTube and SoundCloud, although the developers plan to add content from other services including Yahoo Music, Myspace Music, Bandcamp and others in the future.
True to the groups name, users will be able to listen to tracks anonymously, and Anonymous itself will not store the tracks. Instead it depends on the catalogs of the services it aggregates, thus leaving the sticky copyright issues to those sites. Recording Industry Association of America's Waterloo, indeed. The next one, if Napster wasn't enough a computing generation ago.
Today, hacktavist group Anonymous put to rest one of the most important debates about Barack Obama. Is he really a US citizen? Only native-born Americans are legally permitted to be president, and early during his 2008 election campaign Obama fought off accusations that he was born in another country and not the great state of Hawaii. The accusations turn out to be true. But his place of origin is farther out. Barack Obama was born on another planet.
Anonymous published the stunning revelatory material to Pastebin, marking its most courageous hack to date. For anyone questioning the group's motivations, the stolen material puts to rest any doubt about being a force of good. Hacktavists obtained emails and other documents from Obama's BlackBerry, along with foiled plans to invade the earth. The White House immediately issued a denial, calling the disclosure a prank.
There are no snow days on the Internet. If you work from home and write online like I do, drudgery never ends. Or does it? This Saturday, Anonymous may change that.
"To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, on March 31, Anonymous will shut the Internet down", so claims a February 19 Pastebin post.
As if Anonymous didn't have enough to boast about. While cybercriminals accounted for the most breaches, "activist groups created their fair share of misery and mayhem last year as well -- and they stole more data than any other group", according to a report Verizon released today in cooperation with Australian, Dutch, English, Irish and US officials. The study attributes 58 percent of data thefts to hacktivists.
"The most significant change we saw in 2011 was the rise of 'hacktivism' against larger organizations worldwide", Verizon reports. "The frequency and regularity of cases tied to activist groups that came through our doors in 2011 exceeded the number worked in all previous years combined".
Hacktivist group Anonymous has released an audio recording of a January 17 conference call which it claims includes members of the Federal Bureau of Investigation and the UK's Scotland Yard discussing their latest anti-hacking efforts. We've embedded the 17-minute long clip above.
The participants in the conference call talk about Anonymous, LulzSec, Antisec, CSL Security and other black hat security groups, the evidence they have against such groups, and their progress in arresting suspects.
A week after telling users to disable its pcAnywhere, Symantec says the remote computing software is now safe to use, with a few caveats. First, the app must be upgraded to version 12.5, and a critical software patch applied to plug the hole.
In a statement posted to its website, Symantec says that it had patched all versions of the software back to 12.0. A patch for 12.0 and 12.1 was released on January 27, following a patch that was released for 12.5 on January 25.
It's not often when a developer tells you outright not to use its software, but that is exactly what Symantec is forced to do in light of the theft of source code. Last month, Hacktavist group Anonymous bragged that it had possession of code that powers several applications, including Norton Antivirus Corporate Edition, Norton Internet Security; Norton SystemWorks and pcAnywhere.
Symantec says the code theft originally occurred in 2006. While at first security experts believed the theft to only be a black eye for the company's reputation, it now appears that the incident is far more serious. Symantec recommends users of pcAnywhere stop using the software immediately until there is a solution to address any security concerns.
"The Site is under maintenance. Please expect it to be back shortly". That's the message I found at Universal Music moments ago. The US Justice Department site isn't accessible at all. You can thank hacktavist group Anonymous, which claims responsibility for these and other SOPA blackouts today in response to the Feds shutting down Megaupload.
There's a certain irony to this evening's attacks. Yesterday, tens of thousands of sites supported a voluntary blackout protesting two bills snaking through Congress -- Stop Online Piracy (SOPA) and PIPA (PROTECT IP Act). Anonymous' attacks, presumably denial-of-service, blacked out sites that either support the legislation or would be responsible for enforcing it. We've gone from voluntary blackout protests yesterday to involuntary ones today. As I write, Recording Industry Association of America is down, too.
This week’s high-profile hack of the US Chamber of Commerce underscores the inadequacy of today’s security policies and technologies. With the holidays quickly approaching and IT staffs stepping away from offices to spend time with family and friends, we face increased vulnerabilities and security threats. We should be more vigilant than ever, reflecting on national security policies and how we can better protect our sensitive data.
Stories like this continue to point to the fact that we need a broad, across-the-board approach. We need to collaborate and inform when breaches take place. We need diplomatic support to reduce the desire or economic benefit to steal. It is time to have a Y2K approach to cyber protection. That means investment and support from the top down.
The United Nations finds itself resecuring its network Wednesday following a hack that resulted in the login details of the employees of several divisions being posted to the Internet. Calling itself TeaMp0isoN, the group calls the UN "a Senate for global corruption" and "sits to facilitate the introduction of a New World Order and a One World Government".
TeaMp0isoN hacked accounts belonging to employees of United Nations Development Programme (UNDP), Organisation for Economic Co-operation and Development (OECD), UNICEF, World Health Organization (WHO) among others. Some of the fault for the hack may lie in the users themselves: TeaMp0isoN notes that several of the user IDs contained no password at all.
Sony's PlayStation Network is once again the target of hackers as Sony disclosed late Tuesday that it had disabled some 93,000 PSN and Sony Online Entertainment accounts. According to the company these accounts had been "tested" by hackers, although a majority of the login attempts failed.
The data was said to be obtained from "one or more compromised lists from other companies, sites or other sources," although chief information security officer Phillip Reitinger said it was likely that the data did not come from Sony itself.
The hacker who breached the DigiNotar certificate authority has come out, or at least claimed to. He appears to be the same hacker who breached Comodo, another CA, several months ago. (Hat tip to F-Secure.) "COMODOHACKER" seems to have a problem with the Dutch government.
He claims to have gotten past numerous sophisticated protections in DigiNotar's systems, the details of which he will divulge later, and that he retains inside access to four other "high-profile" CAs and can still issue rogue certificates from them. He also claims that the password for the PRODUCTION\Administrator account (the domain administrator of certificate network) is "Pr0d@dm1n".
Hackers have again disclosed the personal details of police officers, this time in response to BART's decision to cut off cell phone and Wi-Fi service in its metro stations and tunnels to quell a planned anti-police protest. The decision by hacktivist group Anonymous calls its motives again into question, and could put these police officers at risk.
Data disclosed includes names, home addresses, email addresses and passwords to the site of the BART police union; 102 officers in total had their information disclosed, and the hack has taken the organization's website offline.