This is a story I never thought I'd write. After all, while we're all for finding and fixing flaws in systems, hacking goes a bit against our principals. Well, certain kinds of it at any rate, there's a debate there that I will not be starting as it becomes complex in a hurry. One of the most notorious groups known is Anonymous, those folks in the Guy Fawkes masks. You've likely seem them around if you look at news of the tech slant.
The thing is, lately the news coming from them isn't too scary -- well depending on who you are. The organization has been active and a couple of groups of people certainly should be scared, as Anonymous is not to be taken lightly when it comes to a fight or attack.
Kickstarter projects are ten a penny these days, as startup after startup vies for attention and financing. While many projects fall by the wayside, just a handful come to fruition and one of the latest is a handy USB dongle that allows for secure, anonymous web browsing. In just 45 days the campaign reached its target of $60,000, meaning that larger scale production can now go ahead on the line of security-focused USB sticks.
Webcloak is designed as an alternative to the likes of Tor, offering users a secure, self-contained browsing environment. This not only helps to keep browsing anonymous, but also protects against the threat of viruses, and its blend of hardware, encryption and "secure access" software has been designed with ease of use in mind.
Lizard Squad, the group believed to be behind the Christmas DDoS attacks on Xbox Live and PlayStation Network now has a new target -- Tor. Just a week ago, the leader of the Tor Project, Roger Dingledine, warned that the anonymizing network could come under attack, and now it seems as though his prediction was correct.
War has already been declared on Lizard Squad by Anonymous, but this does not seem to have been enough to deter the group from its attacks. Reports suggest that more than 3,000 Tor relays have been compromised, and there are fears that this could impact the anonymity Tor was designed to offer.
Hacker outfit Lizard Squad was seemingly responsible for the misery of thousands of gamers this Christmas after a series of DDoS attacks were launched on the PlayStation Network and Xbox Live. Mega's Kim Dotcom stepped into the breach and was seemingly -- temporarily -- successful in negotiating with the group and getting them to stop the attacks.
While the gaming networks appear to have come back online for some, this is not enough for Anonymous -- yes, that Anonymous. The international activist group has declared war on Lizard Squad, saying that the hackers have "made an enemy" and warning that "now you are all going down".
Roger Dingledine, leader of the Tor Project, has warned it could be the subject of an attack this week. In a blog post, he cautioned users that the project had learned that directory authorities might be seized in an attempt to incapacitate the network. Dingledine does not hint at who might be responsible for a future attack, but reassured users that anonymity would be maintained.
Directory authorities are used by Tor clients to help route traffic through the network, ensuring that users remains anonymous at each stage. An attack on directory authorities would probably have little effect to start with, but there is potential to take down the network if enough servers were targeted.
A Distributed Denial of Service attack is no different from someone repeatedly tapping F5 in their web browser, at least accordingly to loose hacktivist collective Anonymous. The group (or someone claiming to be affiliated with it at least) has added a petition to the White House's We the People website, asking the US government to recognize DDoS as a legal form of protesting, and comparing it to the international "occupy" movement.
The petition also calls for the immediate release of those who have been jailed for DDoS attacks, and for their records to be cleared.
Over the long weekend I saw McAfee had predicted that the threat from Anonymous would decline in the new year. The group apparently disagrees and has posted a video boasting of its accomplishments in 2012 and stating emphatically: "We are still here".
The two minute and twenty second video, posted to YouTube, lays out a rather lengthy list of past endeavors including attacks on government websites in the United States, Syria and Israel, as well as on groups such as the Motion Picture Association of America and the infamous Westboro Baptist Church.
Yesterday registrar and web hoster GoDaddy went down for several hours, taking millions of websites along, too. Within an hour, Twitter accounts associated with hacktivist group Anonymous took credit. Today, GoDaddy blames "corrupted router data tables". Meanwhile AnonymousOwn3r claims denial of service attack and hack -- and within the hour publicly posted what supposedly is GoDaddy "source code and database".
Somebody's lying here. But whom?
As I write, domain registrar and web hoster GoDaddy is inaccessible -- and a heap load of websites with it. Typically when sites go dark like this, they are under a direct denial of service attack. Anonymous claims responsibility, via Twitter, but there is yet no official word from GoDaddy as to the cause and whether there might be a security breach.
About 90 minutes ago, GoDaddy tweeted: "Status Alert: Hey, all. We're aware of the trouble people are having with our site. We're working on it". Then 5 minutes ago: "So many messages, can't get to you all... Sorry to hear all your frustration. We're working feverishly to resolve as soon as possible". Well, I guess that confirms Twitter isn't hosted by GoDaddy.
The list of more than a million unique device identifiers (UDIDs) which hacktivist collective #Antisec said it had stolen from the Federal Bureau of Investigation may have originated from publishing company BlueToad Inc., researcher David Schuetz found over the weekend. Following the FBI's initial denial of #Antisec's claims and Schuetz's research, BlueToad on Monday announced it believed its systems were the ones compromised. It is still unclear who compromised Blue Toad's system, and where #Antisec actually obtained the list.
"I’m still not completely clear on all the technical details," Schuetz wrote in his research blog. "Was BlueToad really the source of the breach? How did the data get to the FBI (if it really did at all)? Or is it possible this is just a secondary breach, not even related to the UDID leak, and it was just a coincidence that I noticed? Finally, why haven’t I noticed any of their applications in the (very few) lists of apps I’ve received?"
#Antisec, The loosely-organized black hat security collective formerly known as Lulzsec has released a file containing a million and one (1,000,001) Apple Unique Device Identifications (UDIDs), and their related APNs (Apple Push Notification Service) tokens, as well as a certain amount of personal user information. The group claims the information was not taken from Apple directly, but rather though a vulnerability exploit on FBI Agent Christopher K. Stangl last March.
The group claims there were actually more than twelve million UDIDs on Stangl's Dell Vostro notebook, as well as an incomplete list of zip codes, mobile phone numbers, home addresses, and whatever personal detail fields could be obtained. Antisec said there were no other files in the same folder that mention the list or its purpose.
This week, the loosely connected online activist and hacking community Anonymous began a new "operation": attacking the Ukrainian government.
In retaliation to Ukraine's take down of popular BitTorrent tracking site Demonoid, Anonymous is seeking "revenge against all criminals responsible" in the country's government.
In what the loosely-tied hacker group Anonymous calls #OpSaveTheArctic, over 1,000 email credentials and Hash checks of email passwords from five major international oil giants were released. The companies targeted included Exxon Mobil Corporation, Shell Petrochemical Corp., and BP Global; as well as the Russian based Gazprom Corporation and Rosneft Petroleum Corp.
The data dumped on anonymous text post website Pastebin includes 317 emails and their unsalted MD5 hashed passwords from a hack on Exxon mobil from June. Added July 13th: a further 724 emails and hashed passwords from BP, Gazprom, and Rosneft, and 26 emails with clear-text passwords from Shell Petroleum. Also listed: all of the internal mail system information, detailing routers, operating system type, database details and server hardware vendor. Further detailing of the type of data gained is available at the DC/Nova/Maryland network security blog site NovaInfoSeco.com.
On Monday, hacktivist group Anonymous announced it will be releasing 1.7 gigabytes of private data it has acquired from the United States Department of Justice, in an event it called "Monday Mail Mayhem." The group claimed the act was being done to "spread information, to allow the people to be heard and to know the corruption in their government. We are releasing it to end the corruption that exists, and truly make those who are being oppressed free."
New York-based security company Identity Finder ran an analysis on the data after it was released on Tuesday, and found the file dump actually contained no sensitive personal information, no secret internal documents, and no internal emails.
Streaming music content is too restrictive, believes hacktivists Anonymous. Six members of the group have released Anontune, a web-based application that aims to aggregate streaming music online and place it in a central location. AnonTune currently accesses the catalogs of YouTube and SoundCloud, although the developers plan to add content from other services including Yahoo Music, Myspace Music, Bandcamp and others in the future.
True to the groups name, users will be able to listen to tracks anonymously, and Anonymous itself will not store the tracks. Instead it depends on the catalogs of the services it aggregates, thus leaving the sticky copyright issues to those sites. Recording Industry Association of America's Waterloo, indeed. The next one, if Napster wasn't enough a computing generation ago.