77 Law Enforcement websites hit in mass attack by #Antisec Anonymous

Because of FBI’s actions against Anonymous and Lulzsec including several arrests, Now AntiSec supporters have targeted 77 law enforcement domains and walked away with everything on them. 77 domains were hosted on the same server. Few weeks before AntiSec targeted Arizona police departments, leaking personal information and other sensitive data, in response to immigration laws passed by the state. This time however, the latest law enforcement raid by AntiSec is in response to actions taken by the FBI.

77 US law enforcement institutions were attacked including : 20jdpa.com, adamscosheriff.org, admin.mostwantedwebsites.net,alabamasheriffs.com, arkansassheriffsassociation.com,bakercountysheriffoffice.org, barrycountysheriff.com, baxtercountysheriff.com,baxtercountysherifffoundation.org, boonecountyar.com, boonesheriff.com,cameronso.org, capecountysheriff.org, cherokeecountyalsheriff.com,cityofgassville.org, cityofwynne.com, cleburnecountysheriff.com,coahomacountysheriff.com, crosscountyar.org, crosscountysheriff.org,drewcountysheriff.com, faoret.com, floydcountysheriff.org, fultoncountyso.org,georgecountymssheriff.com, grantcountyar.com, grantcountysheriff-collector.com,hodgemansheriff.us, hotspringcountysheriff.com, howardcountysheriffar.com,izardcountyar.org, izardcountysheriff.org, izardhometownhealth.com,jacksonsheriff.org, jeffersoncountykssheriff.com, jeffersoncountyms.gov,jocomosheriff.org, johnsoncosheriff.com, jonesso.com, kansassheriffs.org,kempercountysheriff.com, knoxcountysheriffil.com, lawrencecosheriff.com,lcsdmo.com, marioncountysheriffar.com, marionsoal.com, mcminncountysheriff.com,meriwethercountysheriff.org, monroecountysheriffar.com, mosheriffs.com,mostwantedgovernmentwebsites.com, mostwantedwebsites.net,newtoncountysheriff.org, perrycountysheriffar.org, plymouthcountysheriff.com,poalac.org, polkcountymosheriff.org, prairiecountysheriff.org,prattcountysheriff.com, prentisscountymssheriff.com, randolphcountysheriff.org,rcpi-ca.org, scsosheriff.org, sebastiancountysheriff.com, sgcso.com,sharpcountysheriff.com, sheriffcomanche.com, stfranciscountyar.org,stfranciscountysheriff.org, stonecountymosheriff.com, stonecountysheriff.com,talladegasheriff.org, tatecountysheriff.com, tishomingocountysheriff.com,tunicamssheriff.com, vbcso.com, woodsonsheriff.com

In 77 law enforcement domains were attacked, resulting in the theft of 5-10GB worth of sensitive documents. Some of the data lifted in the AntiSec raids includes training files, and the personal information like names, addresses, phone numbers, Social Security Numbers, usernames, and passwords of more than 7,000 officers from dozens of police departments.
“[The compromised data] also contained jail inmate databases and active warrant information, but we are redacting the name/address info to demonstrate how those facing the gun of the criminal injustice system are our comrades and not our adversaries. On the other hand, we will be making public name and contact information about informants who had the false impression that they would be able to ‘anonymously’ snitch in secrecy.”

“We demand prosecutors immediately drop all charges and investigations against all ‘Anonymous’ defendants,” Attacker said.

“To law enforcement: your bogus trumped-up charges against the Anonymous PayPal
LOIC attacks will not stick, nor will your intimidation tactics stop us from exposing your corruption. While many of the recent ‘Anonymous’ arrestees are completely innocent, there is no such thing as an innocent cop, and we will act accordingly.”

“To our hacker comrades: now is the time to unite and fight back against our common oppressors. Escalate attacks against government, corporate, law enforcement and military targets: destroy their systems and leak their private data.”

Sheriff Montgomery’s , of Baxter County, Arkansas, website is among the 77 recently targeted by AntiSec.
As of Saturday evening, baxtercountysheriff.com remains offline. A mirror of the site’s defacement by AntiSec is here. Additionally, cityofgassville.org, was offline as well. It too is listed as one of the 77 sites targeted by AntiSec.

http://www.thehackernews.com/2011/07/77-law-enforcement-websites-hit-in-mass.html

Topiary 'known' to police says network giant

Frontline Lulzsec hacking member Topiary's identity and whereabouts were known to British police, chief technology officer of Prolexic Paul Sop has said.
While debate raged over whether British Police had arrested Topiary.
Scotland Yard released the name of a teenager, Jake Davis, it arrested in the Shetland Islands last week on suspicion of involvement with the LulzSec hacking group.
It has yet to emerge if the arrest man was the LulzSec identity Topiary, a concept contested by some online groups dedicated to uncovering the groups' participants.
Paul Sop, chief technology officer at Prolexic could not say if Topiary was in police hands, or talk specifically about the international police operation to locate and identify suspected online criminals within Anonymous and LulzSec because of non-disclosure agreements.
But he confirmed that police knew who and where Topiary was.
“Yes, I’ve read about the speculation. But you know I can’t say anything, right?” Sop said.
His company used its global IP network and technical specialists to defend businesses against Distributed Denial of Service (DDoS) attacks.
In doing so, it had harvested countless IP addresses and other data from DDoS attacks launched against customers and supplied them to law enforcement.
“With that many eyes watching the long and protracted attacks [by LulzSec and Anonymous] it’s not really possible to stay anonymous," Sop said.
"Police efforts are slow and protracted – they have to be because evidence must be transferred and it cannot be compromised".
Sop predicted the hacking groups' continued attacks against government intelligence and police agencies and scores of businesses would be “just more damning for them”.
Prolexic was not the only private sector company to assist the police investigations into Lulzsec and Anonymous.
A sworn affidavit by an FBI agent had revealed PayPal supplied the IP addresses of 1000 participants in DDoS attacks launched against its network in December.
Many of the DDoS participants had used the LOIC (Low Orbit Ion Cannon) software which made it easy for non-technical users to participate in coordinated attacks against nominated targets.
But in doing so, their IP addresses were recorded on the logs of victims, or with specialists like Prolexic.
A report  last year by researchers from the University of Twente in the Netherlands compared the use of LOIC for DDoS attacks to "overwhelming someone with letters, but putting your address at the back of the envelope".
The IP addresses were all there, in logs,” Sop said. “It’s rather daft – like throwing a brick through a window with your address taped to it," he said.
The philosophical ideology that united much of the Anonymous and Anti Security movement had helped investigators build profiles, Sop said.
Yet for all the attacks against Prolexic customers, Sop was warm to the movements’ broad ambitions to fight censorship and corruption.
“I don’t disagree with the messages, but the methods affect hundreds of thousands of innocent people. Look at the attacks on Sony – that affected thousands of people who just wanted to play PlayStation. When it was down, I couldn’t enjoy gaming with my son.”

http://www.scmagazine.com.au/News/265445,topiary-known-to-police-says-network-giant.aspx

Massive DDoS attack mitigated

Prolexic Technologies, a company specializing in Distributed Denial of Service (DDoS) mitigation services, has announced that it successfully mitigated another major DDoS attack of unprecedented size in terms of packet-per-second volume. Prolexic cautions that global organizations should consider the attack an early warning of the escalating magnitude of similar DDoS threats that are likely to become more prevalent in the next six to eight months.
The attack was directed against an Asian company in a high-risk e-commerce industry. It generated larger than usual TCP SYN Floods and ICMP Floods, both of which are common DDoS attack methods. There was nothing common, however, about the magnitude of the attack.
According to Prolexic chief technology officer Paul Sop, the volume of the attack reached levels of approximately 25 million packets per second (pps), a rate that can overwhelm the routers and DDoS mitigation appliances of an internet service provider (ISP) or a major carrier. In contrast, most high-end border routers can forward 70,000 pps in typical deployments. In addition, Prolexic’s security experts found 176,000 remotely controlled PCs, or bots, in the attacker’s botnet (robot network). This represents a significant threat as typically only 5,000 to 10,000 bots have been employed in the five previous attacks mitigated by Prolexic.
“The customer attempted to mitigate these repeated DDoS attacks for many months with solutions from its ISP and its carrier before approaching Prolexic,” said Sop. “Defeating this attack is a testament to our unrivaled capacity and our unique position as the only global DDoS mitigation provider with the experience and bandwidth to successfully fight these gigantic attacks.”
To mitigate this high-magnitude attack without putting the burden on a single carrier, Prolexic distributed traffic among several of its global Tier 1 carrier partners and scrubbing network centers. Prolexic was able to help the client maintain service availability throughout the duration of the attack. While Prolexic was fighting this particular threat, it simultaneously helped another client who was experiencing a 7 Gbps DDoS attack.

Early warning and escalating threats
“Prolexic sees this massive attack in Asia with millions of packets per second as an early warning beacon of the increasing magnitude of DDoS attacks that may be on the horizon for Europe and North America in the next 6 to 8 months,” Sop said. “High risk clients, such as those extremely large companies in the gaming and gambling industries in Asia, are usually the first targets of these huge botnets just to see how successful they can be.”
Prolexic cautions that the next quantum leap in DDoS attacks will not necessarily center on bandwidth, but rather on increasing the volume of packets per second to such a high level that carriers cannot handle the overload. According to Sop, these extremely high packet-per-second DDoS attacks are especially insidious because they can cause collateral damage to carriers long before the “bad traffic” ever reaches its intended target.
Overwhelmed by the deluge of Internet traffic, carriers try to cope by passing around the excessive traffic like a “hot potato” from one to another. Ultimately, the carriers must “black hole” the IP address of the attack target and in doing so they unwittingly help the hacker to achieve the goal of creating a “zero route” which crashes the victim’s site. In addition, the continuous shifting of traffic from carrier to carrier can seriously affect the performance of multiple web sites, not just the intended target.
“Prolexic has invested millions to be ready for this type of DDoS attack and while we have only seen this botnet once in the Western Hemisphere to date, it is likely to follow a common pattern and become much more prevalent,” Sop said. “The good news is that Prolexic is already well ahead of the game and has proven that we can stop attacks of this magnitude.”

http://dateline.ph/2011/08/01/massive-ddos-attack-mitigated/

Media Moguls body discovered

http://media.smh.com.au/technology/tech-talk/murdochs-the--sun-hacked-2501674.html

Hackers who broke into the News Corporation network and forced its British websites offline claim to have stolen sensitive data from the company including emails and usernames/passwords.
All of News Corporation's British websites were taken offline today following an attack on the website of tabloid The Sun, which earlier today was redirecting to a fake story about Rupert Murdoch's death.
Further pain is expected for the media mogul as the hacker group responsible for the attack claims to have also stolen emails and passwords for News International executives and journalists. It said it would release more information tomorrow.

Hacked ... LulzSec put a fake story on The Sun's website saying Rupert Murdoch was dead. Photo: Screengrab

Websites for The Sun, The Times, BSkyB and News International were all inaccessible this morning.
It is believed News took the decision to pull the plug on its entire British network of sites following the hack attack on The Sun. This may have been to prevent further damage and stop unauthorised users from accessing private emails with the hacked login details.
The infamous hacking group LulzSec have claimed responsibility for taking over The Sun's website, linking to a site with the fake story under the headline "Media moguls body discovered", with "Lulz" printed at the bottom of the page.

Taken over ... The Sun website was redirecting to the LulzSec Twitter page.

The site displaying the fake story then crashed because of heavy traffic, before The Sun's website redirected to LulzSec's Twitter page.
"TheSun.co.uk now redirects to our twitter feed. Hello, everyone that wanted to visit The Sun! How is your day? Good? Good!," the hackers wrote.
The fake Murdoch death story claimed the mogul "ingested a large quantity of palladium before stumbling into his famous topiary garden late last night".
In a tweet, LulzSec member Sabu suggested the group had also stolen News International journalists' emails or email login details. "Sun/News of the world OWNED. We're sitting on their emails. Press release tomorrow," Sabu wrote.
Sabu and other LulzSec members then began tweeting what they claimed were the usernames and passwords of top News International executives.
About 9am AEST, network administrators at The Sun appeared to have cottoned on to the hack and the entire Sun website was pulled down. Visitors were greeted with an error message.
LulzSec showed no fear of repercussions on its Twitter feed. "Arrest us. We dare you. We are the unstoppable hacking generation and you are a wasted old sack of sh--, Murdoch," read one post.
LulzSec, which had announced it was disbanding last month following the arrest of alleged members, is a global loose-knit hacker group in the same vein as Anonymous. It has targeted the US Senate, CIA, military technology contractor Booz Allen Hamilton and other government and corporate targets, purportedly for fun.
Lulz is a variation of the internet slang lol, which means laugh out loud. LulzSec members claim they do it "for the lulz", or laughs.
The group appears to have reformed just to target News International in Britain.
"Thank you for the love tonight. I know we quit, but we couldn't sit by with our wine watching this walnut-faced Murdoch clowning around," Lulzsec tweeted.
News International's websites, newsint.co.uk and newsinternational.co.uk, are also down, for unknown reasons.
The hacking of The Sun website comes as the phone hacking scandal continues to engulf News International.
A former News of the World journalist, Sean Hoare, who was one of the whistleblowers on phone hacking, was found dead at his home in Watford, about 40 kilometres from London.
Police said the death was unexplained, but not considered suspicious.
Murdoch, his son James and former News International chief executive Rebekah Brooks are scheduled to appear before members of parliament tonight, Australian time, to be grilled about what they knew about phone hacking.
News Ltd in Australia and News International in Britain are both subsidiaries of Murdoch's global News Corp empire.

 http://www.smh.com.au/technology/technology-news/lulzsec-hack-into-murdochs-british-websites-20110719-1hm6r.html#ixzz1SXpjrV8k

90 Sec News- Apple, RSA, Facebook, spyware, scareware, DDoS - June 2011

http://nakedsecurity.sophos.com/2011/07/11/apple-rsa-facebook-spyware-scareware-ddos-90-sec-news-june-2011/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GrahamCluleysBlog+(Graham+Cluley%27s+blog)&utm_content=Twitter

Identifying the hacktivists of the emerging cyberwar

The hacktivist landscape has become increasingly cluttered, and while the anonymity they cling to makes clearly labeling each player difficult, the rising division between these groups is beginning to give them distinct identities.

The Internet has never been a safe place, and since its inception, and introduction to consumers, privacy and security have been a major concern. Of course, now that the average person’s computer skills are many times over what they used to be, that only amplifies the problem. Couple this with the fact that millions and millions of people are uploading mass amounts of personal and sensitive data and you’ve got a recipe for some serious cyber-insecurity. The advent of hackers with a conscience has exacerbated the situation while also putting a new twist on Web ethics.
Anonymous and LulzSec have become household names, and their Internet antics have captured the attention of just about everyone, including the CIA. But as identities and opponents merge, the cyberwar landscape has become confusing. Consider this an introductory course to the who’s who of hackers.

Anonymous

Anonymous first largely appeared on many radars after making worldwide headlines for its attack on the Church of Scientology in what they called Project Chanology. But more recently the group became a household name shortly after the WikiLeaks Cablegate debacle.
When various websites refused to host WikiLeak’s site, and credit card companies wouldn’t offer a way for people to make donations to the group, the hacktivists took it upon themselves to fight WikiLeak’s enemies. Anonymous used a series of DDoS to take down MasterCard, Visa, PayPal and drew the ire of international law authorities.
So where did Anonymous come from? The group organized via popular forum 4chan and past victims include the Church of Scientology, Internet predator Chris Forcand, and censorship proponents worldwide. Many of its actions have been motivated by the groups’ personal morals, which largely focus on freedom of information. Much of its recent work has centered on the Middle East rebellions, and the group has publicly announced its fight against Iran and Egypt. Other notable targets were HB Gary, Sony PlayStation (although Anonymous claimed innocence for the PSN collapse), and Bank of America.
The group’s various press releases and announcements are typically well written and almost business-like, as have been its denials. It has often had to defend itself against many groups claiming to be hacked by Anonymous. There have been rumors of inner turmoil that has led to different factions with separate agendas and personalities. At the moment, AnonNews is down due to DDoS attacks.

LulzSec

If Anonymous is the student body president of hackers, LulzSec is the class clown. The group hasn’t been on the public scene very long, first gaining notoriety about a month ago when attacked Fox.com in retaliation for calling the rapper Common “vile.” But LulzSec’s first breakthrough performance came when it hacked PBS and posted a fake report that Tupac Shakur was alive. The group claimed that this was in response to negative attention directed toward WikiLeaks and Bradley Manning. LulzSec also claimed responsibility for some of Sony’s hacked web properties. Over the last month, LulzSec has also hit the FBI, Nintendo, and the CIA websites.
Despite some of its very serious and established opponents, LulzSec has time and time again affirmed it’s “in it for the lulz.” The group has also been extremely communicative with the public via its Twitter feed and even a phone request line, where it will take suggestions for hacks. The group has more of a prankster air to it then serious freedom defender, although its beliefs seem to align with Anonymous’. LulzSec has taking to mocking its victims more openly and in a more lighthearted tone than Anonymous has, though, giving it an entirely different reputation than its more serious counterpart.

Anonymous vs. LulzSec?

There were rumors that Anonymous and LulzSec were opponents. After a series of DDoS attacks that slowed down various online games because of malicious traffic, some frustrated 4chan users decided to begin their own DDoS retaliation against LulzSec. The group then used its massively popular Twitter account to attack 4chan, which Anonymous took as a personal affront. By later that day, however, both had denied such a rivalry, and the two have since united for Operation Anti-Security to expose faulty handling of user data.

Web Ninjas vs. Anonymous and LulzSec

It’s a good thing Anonymous and LulzSec teamed up when they did, because Web Ninjas has its eye on them. It’s rumored Web Ninjas is the home of Th3J35t3r, who took down WikiLeaks shortly after it posted its stash of confidential diplomatic cables in fall 2010. Whether or not he’s a part of the coalition, the group insists it’s working for a “safer and peaceful Internet for everyone, not some bunch of kids threatening [the] Web and trying to own it for LULZ or in the name of publicity or financial gain or anti-government agenda.” The group released a large amount of information about the alleged identities of LulzSec hackers, including their whereabouts. LulzSec has denied the seriousness and truth behind these revelations, but an associate of the group was arrested today. LulzSec downplayed the amount of his involvement in the group, saying he is largely inconsequential to their operations. LulzSec also released the information of someone they believe attempted to out them.

Idahc

Residing (purportedly) outside this interwoven ring of hackers is Idahc. The Lebanese hacker is reportedly an 18-year-old computer science student and runs a one-man operation seemingly focused on Sony and Sony alone. He personally has moral issues with Sony, particularly for its treatment of George “GeoHot” Hotz and has said “If you want ethics, go cry to Anonymous. True lulz fans, stay tuned in.” He is thought to be behind many if not all of the hacks to various Sony Web properties. Idahc calls himself a grey hat focused on exposing the insecurity of Sony user accounts.

Despite their claims of independence and purported ethical intentions, the very nature of the groups inspires distrust. And it’s difficult to admit that with the apprehension toward supporting what are legally cyber-criminals, comes some sort of interest mixed with understanding: Whether or not you agree with all of their ploys, combating oppressive regimes and censorship while also exposing the careless liberties large corporations is difficult to oppose. Of course if you’re one of the many who’s had their email and password plastered all over PasteBin recently, you might feel otherwise.

In Case You Missed It:

• LulzSec hacked by TeaMp0isoN
• Anonymous takes down PlayStation website; UPDATE: Anon explains attack on Sony
• LulzSec hacks Sonypictures.com, user data compromised
• Operation Wisconsin: Anonymous targets billionaire Koch brothers

http://www.digitaltrends.com/computing/identifying-the-hacktivists-of-the-emerging-cyberwar/

Layer 7 Application attacks - (DDoS)

Security attacks are moving ‘up the stack.’  90% of security investments are focused on network security, yet according to Gartner, 75% of the attacks are focused at the application layer and ‘over 90 percent of security vulnerabilities exist at the application layer, not the network layer.’  SQL Injection and XSS are #1 and #2 reported vulnerabilities and the top two from the OWASP Top 10.  Plus, from Forrester Consulting, the average loss of revenue per hour for a layer 7 DDoS attack is $220,000.  These vulnerabilities are some of the primary routes that are being exploited in many of the recent attacks.
Modern DoS attacks are distributed, diverse and cross the cavity that divides network components from application infrastructure yet many of these attacks are preventable. The problem is that organizations are using outdated network and/or desktop technology to try and protect against sophisticated application security attacks which traditional solutions like network firewalls, IPS or AV systems have little to no visibility or role. It’s like trying to protect a city against a coordinated air attack by digging trenches in the ground. Wrong band-aid for the attack vector. 

It is interesting that these attacks have been around for a while but also shows how hard it is to get protection right, especially when the attacks are blended.  Once a vector is found to deliver, a variety of exploits can be used in quick succession to find one that will work.  Most of these attacks would also have sailed invisibly through an IPS device – no offense to those solutions – they are just not designed to protect the application layer or didn’t have a signature that matched.  A unified application delivery platform with multi-layer visibility is the best way to detect and mitigate multi-layer attacks.

http://psilvas.wordpress.com/2011/06/22/cure-your-big-app-attack/