onsdag den 11. maj 2011

The hackers hacked: main Anonymous IRC servers invaded

War rages between competing factions within the hacker collective Anonymous after this weekend's drama-filled takeover of the main Anonymous IRC server network. That network, used by Anons to plan and conduct attacks, was taken over by one of its own, an IRC moderator known as "Ryan."


His attack has sparked a debate over the "leadership" of Anonymous.


Hacking the hackers


The main Internet chat servers used by Anonymous have been run by a group called "AnonOps," which provides communications platforms for the group. Pointing IRC clients at anonops.ru or anonops.net would connect anyone to the servers, where they could then join channels like "#OpSony" and participate in various Anon activities.


Though Anonymous is often described as leaderless, factions like AnonOps by necessity have a loose structure; servers must be paid for, domain names must be registered, chat channels must have at least some moderation. Ryan was one of those IRC mods, and this weekend he proceeded with an attack that seized control of the AnonOps servers away from the small cabal of leaders who ran it.


Those leaders include people with handles like "shitstorm," "Nerdo," "blergh," "Power2All," and "Owen"—and if you're paying attention, you'll remember that HBGary Federal's Aaron Barr had fingered Owen as one of three "leaders" of all Anons.


The most popular channel on the old IRC servers now says simply, "anonops dead go home." Ryan also put up a set of chat logs showing Owen and others reacting to the weekend's massive denial of service attacks against AnonOps that culminated in the server takeover. (In the transcript below, "doom" is one of the AnonOps servers.)


Owen -> SmilingDevil: we lost a numbe rof servers last night
SmilingDevil -> owen: :P we need some more security.
Owen -> SmilingDevil: dude
Owen -> SmilingDevil: it forcved level3 to stop announing a /24
Owen -> SmilingDevil: it was in the gbps range
Owen -> SmilingDevil: doom alone got hit with 1 gb
SmilingDevil -> owen: gigabit or gigabyte?
Owen -> SmilingDevil: all leafs went down
Owen -> SmilingDevil: add it all up
Owen -> SmilingDevil: yeah huge
SmilingDevil -> owen: :P we need a hidden irc server for the admins.
SmilingDevil -> owen: that only they know about
Owen -> SmilingDevil: um thats called the hub
Owen -> SmilingDevil: :)
SmilingDevil -> owen: did they take that too?
Owen -> SmilingDevil: but anyhow
Owen -> SmilingDevil: we suffered alot of damage
The "old" leaders released a statement this morning explaining what happened over the weekend and why IRC remained down:


We regret to inform you today that our network has been compromised by a former IRC-operator and fellow helper named "Ryan". He decided that he didn't like the leaderless command structure that AnonOps Network Admins use. So he organized a coup d'etat, with his "friends" at skidsr.us . Using the networks service bot "Zalgo" he scavenged the IP's and passwords of all the network servers (including the hub) and then systematically aimed denial of service attacks at them (which is why the network has been unstable for the past week). Unfortunately he has control of the domain names AnonOps.ru (and possibly AnonOps.net, we don't know at this stage) so we are unable to continue using them.


Not everyone buys the explanation. One Anon pointed out that the Zalgo bot in question is controlled by a user named "E," not by Ryan.


Second, Zalgo can only see chan msgs and msgs to zalgo. The net staff is saying (pretty much) Ryan used Zalgo to steal server passwords (false, I know server protocol) which were tranfered in channels in plain text for the to see (true).


Third: Take everything AnonOps says with a grain of salt. They're putting out lies and not telling the whole story.


Others pointed out that E and Ryan are friends and that E was actually recommended as an op by Ryan.


However it happened, the end result was that Ryan redirected some of the AnonOps domain names he had control over, he led an attack on the IRC servers with denial of service data floods, and he grabbed (and then published) the non-obfuscated IP addresses of everyone connected to the IRC servers. Ryan apparently also gained root access to the Zalgo network services bot, which is presumably how he harvested the non-obfuscated IP addresses, though it's not clear exactly what Zalgo did or how much access it provided Ryan.


Clashing factions


Ryan is associated with 808chan, a 4chan splinter site and apparent home of the recent denial of service attacks on AnonOps. Ryan is "DDoSing everything that he doesn't own with his band of raiders from 808chan," says one Anon.


The 808 brigade apparently valued big botnets, and made users prove their abilities before letting them participate. AnonOps had a more democratic ethos; anyone could show up, configure the Low Orbit Ion Cannon attack tool, and start firing at Sony or others.


"It's an open network where everyone, mostly newfags can join and not have to prove they're able to wield a botnet and can just join a channel of their choosing, fire up LOIC and hit some organization for reasons they believe are right," said one Anon.


Ryan's control of AnonOps extends to some of the actual domain names, including AnonOps.ru. This wasn't a hack; he was actually given administrative control over the domains some time ago by AnonOps leaders.


One Anon explained the reason for this, saying: "As for the domains, they were transferred to Ryan after some of us got vanned so he can keep the network up. What he did certainly wasn't the plan." (Getting "vanned" refers to getting picked up by the police.)


According to another Anon, the current fight was precipitated when Ryan's IRC credential were revoked. "You morons don't realize Ryan IS LEGALLY THE OWNER OF DOMAINS," he wrote. "Nerdo and Owen removed Ryan's oper, Ryan took domains."


Smoky back rooms?


Among Anons arguing over what happened this weekend, the key debate involves the issue of leaders. Anonymous also said it was leaderless and memberless, but is it? The AnonOps statement above claims that Ryan was angry at the "leaderless" structure of the group and wanted to set himself up as king; again, though, not everyone is so sure.


Owen, for instance, helps to shape the conversation and planning in IRC. One Anon complained privately to me that Owen has booted him from the IRC servers—and thus from the place where all the real work against Sony was taking place several weeks ago. "Owen has not only told me that he doesn't really give a shit about freedom of speech, he's also moderately against the action that's being taken on Sony," this Anon said.


Owen and others conduct some of their work in private, invite-only channels, which leads some Anons to suspect that the really important operations and hack attempts are only discussed in a virtual back room. As one Anon put it yesterday:


"Have you ever been in one of their invite-only chats? This is no bullshit. EVERYTHING is decided on them, the eventual course of the operation, the hivemind's target, the channel's topic, everything. Why all this secrecy? These invite-only chats have NO reason to exist. You want to keep out trolls? Turn on mute, and give voice to a few. At least we can see what is being written."


Others were even angrier. A former AnonOps member wrote:


From the fucking beginning (during the hack at Aiplex which started Operation Payback) there has been an secret club, an aristocracy in AnonOps, deciding how operations will play out in invite-only channels.


It's obvious, for they control the topic, the hivemind, the guides, every single thing behind the scenes.


I don't know if the Owen's current bureaucracy is to be trusted, or Ryan's new delegation (from 808chan!) is.


What I do know is that AnonOps no longer has a good reason to exist. The insane amount of power the channel operators wield, and the reputations gained by their NAMES, causes them to become dictator-like, as "power corrupts".


Why did we leave the comforts of the womb of anonymous imageboards, and end up in name-fagging circlejerks controlled only by a few? Why?


Anonymous, this is bullshit. Neither side, neither Ryan's coalition of hackers nor Owen's bureaucracy can be trusted.


Others argued against this equivalence. "Ryan was the dictator, not the one who decided to solve the dictator problem," said one. Another responded, "Lol, how do you know? For all you know, Owen and Ryan are just the classic generals duking out to take over."


For his part, Ryan told the UK's Thinq today that he shared the concerns over private decision making. Owen and the other leaders "crossed the barrier, involving themselves in a leadership role," Ryan said. "There is a hierarchy. All the power, all the DDoS—it's in that [private] channel."


But among those who backed AnonOps, one thing was clear: Ryan needs to get got. Anons quickly embarked on a mission to find Ryan "dox," and quickly unearthed what they said was his full name, his home address (in Wickford, Essex, UK), his phone number, his Skype handle, and his age (17).


On Twitter, some Anons began spreading the word that Ryan had "betrayed" Anonymous, and that he had done so "to mess up all after having stolen PSN credit cards." No evidence for this last assertion was provided.


As the old AnonOps team attempted to get a handle on what had happened—and after they switched to an Indian domain name—they expressed irritation with early media mentions ("fail reporting") of the attack.


"Some 'mainstream' media is calling this the 'insider threat,'" they wrote, "which isn't really a fair representation, AnonOps doesn't have any corporate secrets, its run by the people for the people on a basis of mutual trust. Drama happens almost 24/7, occasionally drama overspills the network.


"Also we must remind the press AnonOps DOES NOT EQUAL Anonymous, saying they are one and/or the same thing in a blog/article just makes you look stupid. AnonOps is just a IRC network and a few other services that ANYONE can use, its not the only place Anonymous gather, and unlikely to be the *last* (see Streisand effect)."


But will the AnonOps leaders ever gather on a forum they don't control? Ryan took great delight in posting the following alleged comment from Owen to another AnonOps leader: "yo odnt honestly think we're goign to some other irc where we have no control do you?"


Of course, Anonymous has always been about drama and "the lulz," so the current confusion may not even bother them that much; this is just par for the course. But it's certainly amusing to others.


"Lmao. You fucking twits can't even keep your shit safe," wrote someone watching the debacle. "This literally made me laugh out loud. Not lol, but laugh. You all are so stupid."
tirsdag den 10. maj 2011

On 20th day of PlayStation Network down time, Anonymous hits back

As Sony's PlayStation Network reaches its 20th day of global down time, Global 'hacktivist' group Anonymous has hit back over critics suggesting it is to blame with its strongest message yet.

The Financial Times reported over the weekend that it had spoken to members of the cyber-activist group, who had admitted that its members were "likely to have been behind the recent hacking attacks on Sony".


The hacks have famously led to an unauthorised third-party accessing details related to 77 million PSN accounts and 24.6 million Sony Online Entertainment subscriptions. Sony told US Congress that subsequent to the attack, it had found a file on its PSN servers bearing Anonymous slogan: 'We are legion.'

Anonymous has been engaged in anti-Sony campaign ever since the company began court proceedings against hacker George Hotz in January - particularly in reaction to Sony obtaining the IP addresses of all the people who visited Hotz' blog, something Anonymous deemed "'offensive against free speech and internet freedom".

However, Anonymous has repeatedly denied having any involvement in the attacks, or any will to access consumer credit card details.

Now the group has fired over a press release entitled: 'Sony, I am disappoint', once again denying it is responsible for bringing down PlayStation Network, and attacking the Financial Times and others in the media for pointing the finger over the PSN hack.

Read what Anonymous wrote by following this link, also the source:
http://www.computerandvideogames.com/300602/news/on-20th-day-of-playstation-network-down-time-anonymous-hits-back/?cid=OTC-RSS&attr=CVG-News-RSS
mandag den 9. maj 2011

Exclusive: Third attack against Sony planned

A group of hackers says it is planning another wave of cyberattacks against Sony in retaliation for its handling of the PlayStation Network breach.
An observer of the Internet Relay Chat channel used by the hackers told CNET today that a third major attack is planned this weekend against Sony's Web site. The people involved plan to publicize all or some of the information they are able to copy from Sony's servers, which could include customer names, credit card numbers, and addresses, according to the source. The hackers claim they currently have access to some of Sony's servers.
Should the planned attack succeed, it would be the latest blow in a series of devastating security breaches of Sony's servers over the past month. The failure of Sony's server security has ignited investigations by the FBI, the Department of Justice, Congress, and the New York State Attorney General, a well as data security and privacy authorities in the U.K., Canada, and Taiwan.
Several weeks ago the hacker group known as Anonymous targeted several Sony Web sites, including Sony.com and SonyStyle.com, with a distributed denial-of-service (DDoS) attack in retaliation for what its members saw as Sony's unfair legal action against hacker George Hotz. Two weeks ago Sony's PlayStation Network, along with its Qriocity service and Sony Online, were the target of an attack that exposed the personal information of more than 100 million Sony customers. Sony was forced to shut down PSN, Qriocity, and Sony Online, and is currently working to bring them back online after rebuilding the security of its servers.
Sony says it doesn't know who orchestrated what it's calling a "highly sophisticated, planned" attack, but it has dropped hints that the group Anonymous is involved. Kazuo Hirai, chairman of Sony Computer Entertainment, told a Congressional subcommittee in a letter yesterday that the intruders on its servers planted a file named "Anonymous" containing the statement "We are Legion," part of the group's tagline.
Anonymous issued a statement yesterday denying it was involved in the PSN breach. "While we are a distributed and decentralized group, our 'leadership' does not condone credit card theft," the statement said.
Now it seems the same group of hackers that was able to infiltrate the PSN servers is planning to hit back against Sony.
Sony did not immediately respond to a request for comment.


Read more: http://news.cnet.com/8301-31021_3-20060227-260.html#ixzz1LqghE03v

As Sony counts hacking costs, analysts see billion-dollar repair bill

The recent data breach involving Sony Corp.'s online videogame services has knocked more than 6% off the Japanese electronics maker's shares, with some analysts estimating the incident could cost the company over a billion dollars as it takes steps to soothe and protect customers.

What might be more difficult to quantify, though, is the potential impact on Sony's future business prospects: if data security concerns damage Sony's brand image, some say that could undermine the company's efforts to establish a business model that links gadgets to an online network of games, movies and music.

"It could take months for the security woes to settle, and how this may affect consumer confidence in Sony's online services in a long run is harder to assess," said Mizuho Investors Securities analyst Nobuo Kurahashi.

Click here to find out more!Kurahashi estimates that the data breach will cost Sony about Y100 billion, or $1.25 billion from lost business, various compensation costs and new investments--assuming that no additional security problems emerge. The cyber attacks on Sony in recent weeks involved the theft of personal data that include names, passwords and addresses from accounts on its PlayStation Network and Sony Online Entertainment gaming services. Sony has also said that more than 10 million credit-card numbers may have been compromised.
fredag den 6. maj 2011

LastPass Security Notification


Update 5, ~1:30am 05/06 EST:

We've added the option for you to say that you know your master password is strong and to avoid password change, we apologize for not having that available when we announced.

We've identified an issue with roughly .5% of users that impacted their master password change, and will be contacting you tomorrow rolling you back to before the change.

Our focus right now is on ensuring we can resolve users with issues, we'll continue to provide updates here.

Update 4, ~10pm EST:
Joe's interview with PCWorld covers more details on what happened, what our thought process has been, and what this means for our users:http://www.pcworld.com/article/227268/exclusive_lastpass_ceo_explains_possible_hack.html.

We continue to work as quickly as possible to address user support.

Update 3, ~4:30pm EST:


Logging in offline should be working everywhere if you have logged in using that client before, if you're having problems with this please attempt to login via the website: https://lastpass.com/?ac=1 that should now take you through an email process to enable your current IP.

If you're having problems getting your data with pocket, make sure you're selecting to login to the local file, not logging in at LastPass.com.

If you changed your password and are now having problems we'll help with that too, please email us if that's the case and include your LastPass email address.

For those who haven't been prompted, and have continued to use LastPass without issue -- we've judged the risk to be low if you're using the same IP -- we're only raising the issue once that changes.

Finally if you have issues with password changes please email us at support@lastpass.com, we can revert you, or we can pull data from backups, but please try LastPass Icon -> Clear local cache first.

Update 2, 2:15pm EST:

Record traffic, plus a rush of people to make password changes is more than we can currently handle.

We're switching tactics -- if you've made the password change already we'll handle you normally.
If you haven't the vast majority of you will be logged in using 'offline' mode so you can still use LastPass like normal and get back to your day, only syncing of new password should suffer (and you'll see the bar).

As load lowers we'll increase the percentage of people being sent through email validation / password changing.

For people experience problems please email us at support@lastpass.com -- we have seen a few reports of bogus data post change, we think this is due to you downloading a stale copy and if you go to LastPass Icon -> Clear Local Cache and try again it should work.

You can access your data via LastPass in offline mode or by downloading LastPass Pocket : https://lastpass.com/misc_download.php (choose your OS).

---

We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.

We take a close look at our logs and try to explain every anomaly we see. Tuesday morning we saw a network traffic anomaly for a few minutes from one of our non-critical machines. These happen occasionally, and we typically identify them as an employee or an automated script.

In this case, we couldn't find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server). Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transfered and that it's big enough to have transfered people's email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn't remotely enough to have pulled many users encrypted data blobs.

If you have a strong, non-dictionary based password or pass phrase, this shouldn't impact you - the potential threat here is brute forcing your master password using dictionary words, then going to LastPass with that password to get your data. Unfortunately not everyone picks a master password that's immune to brute forcing.

To counter that potential threat, we're going to force everyone to change their master passwords. Additionally, we're going to want an indication that you're you, by either ensuring that you're coming from an IP block you've used before or by validating your email address. The reason is that if an attacker had your master password through a brute force method, LastPass still wouldn't give access to this theoretical attacker because they wouldn't have access to your email account or your IP.

We realize this may be an overreaction and we apologize for the disruption this will cause, but we'd rather be paranoid and slightly inconvenience you than to be even more sorry later.

We're also taking this as an opportunity to roll out something we've been planning for a while: PBKDF2 using SHA-256 on the server with a 256-bit salt utilizing 100,000 rounds. We'll be rolling out a second implementation of it with the client too. In more basic terms, this further mitigates the risk if we ever see something suspicious like this in the future. As we continue to grow we'll continue to find ways to reduce how large a target we are.

For those of you who are curious: we don't have very much data indicating what potentially happened and what attack vector could have been used and are continuing to investigate it. We had our asterisk phone server more open to UDP than it needed to be which was an issue our auditing found but we couldn't find any indications on the box itself of tampering, the database didn't show any changes escalating anyone to premium or administrators, and none of the log files give us much to go on.

We don't have a lot that indicates an issue occurred but it's prudent to assume where there's smoke there could be fire. We're rebuilding the boxes in question and have shut down and moved services from them in the meantime. The source code running the website and plugins has been verified against our source code repositories, and we have further determined from offline snapshots and cryptographic hashes in the repository that there was no tampering with the repository itself.

Again, we apologize for the inconvenience caused and will continue to take every precaution in protecting user data.

The LastPass Team.


torsdag den 5. maj 2011

NZ Parliament DDoS a success: Anonymous

he hacktivist collective Anonymous said it has disrupted access to the New Zealand Parliament website to protest against the country’s new three-strikes copyright law.
In a message sent to media and posted on YouTube, Anonymous said it was “disappointed with many of [the New Zealand Government’s] actions” and that it won’t sit around watching people getting their Internet freedoms and rights taken away.
The Parliament site operational but access to it has been sporadic over the past two days.
Anonymous said it was protecting the citizens of New Zealand and sending a message to the Government in the form of a protest by attacking the website. The hacktivists said they will continue to take down the Government website unless the copyright law was repealed.
The new law that goes into effect in September assumed internet users who received infringement notices for downloading copyright-protected media were guilty.
After users received three notices they can be taken to the Copyright Tribunal by rights owners.
Account holders have to prove that they are not guilty of copyright infringement and, if they fail, face fines of up to NZ$15,000 ($11,000).
tirsdag den 3. maj 2011

[NEW THEFT] Sony announces theft of data from its systems.

Tokyo, May 3, 2011 - Sony Corporation and Sony Computer Entertainment announced today that their ongoing investigation of illegal intrusions into Sony Online Entertainment LLC (SOE, the company) systems revealed yesterday morning (May 2, Tokyo time) that hackers may have stolen SOE customer information on April 16th and 17th, 2011 (PDT).  SOE is based in San Diego, California, U.S.A.
This information, which was discovered by engineers and security consultants reviewing SOE systems, showed that personal information from approximately 24.6 million SOE accounts may have been stolen, as well as certain information from an outdated database from 2007.  The information from the outdated database that may have been stolen includes approximately 12,700 non-U.S. credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, Netherlands and Spain.
With the current outage of the PlayStation® Network and Qriocity™ services and the ongoing investigation into the recent attacks, SOE had also undertaken an intensive investigation into its system. Upon discovery of this additional information, the company promptly shut down all servers related to SOE services while continuing to review and upgrade all of its online security systems in the face of these unprecedented cyber-attacks. 
On May 1, Sony apologized to its customers for the inconvenience caused by its network services outages.  The company is working with the FBI and continuing its own full investigation while working to restore all services.

Sony is making this disclosure as quickly as possible after the discovery of the theft, and the company has posted information on its website and will send e-mails to all consumers whose data may have been stolen.
The personal information of the approximately 24.6 million SOE accounts that was illegally obtained, to the extent it had been provided to SOE, is as follows:
  • name
  • address
  • e-mail address
  • birthdate
  • gender
  • phone number
  • login name
  • hashed password.
In addition to the information above, the 10,700 direct debit records from accounts in Austria, Germany, Netherlands and Spain, include:
  • bank account number
  • customer name
  • account name
  • customer address.
SOE will grant customers 30 days of additional time on their subscriptions, in addition to compensating them one day for each day the system is down. It is also in the process of outlining a "make good" plan for its PlayStation®3 MMOs (DC Universe Online and Free Realms). More information will be released this week.

PlayStation Network Security Update


On Tuesday, April 26 we shared that some information that was compromised in connection with an illegal and unauthorized intrusion into our network. Once again, we’d like to apologize to the many users who were inconvenienced and worried about this situation.
We want to state this again given the increase in speculation about credit card information being used fraudulently. One report indicated that a group tried to sell millions of credit card numbers back to Sony. To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list.
One other point to clarify is from this weekend’s press conference. While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form. For a description of the difference between encryption and hashing, follow this link.
To reiterate a few other security measures for your information: Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.
We continue to work with law enforcement and forensic experts to identify the criminals behind the attack. Once again, we apologize for causing users concern over this matter.
Our objective is to increase security so our customers can safely and confidently play games and use our network and media services. We will continue to provide updates as we have them.
mandag den 2. maj 2011

#Anonymous attacks Iranian state websites

























The infamous Anonymous hacking group has crippled a string of Iranian state websites including those of the Office of the Supreme Leader, state police and the Islamic Revolutionary Guards in attacks launched yesterday.

The coordinated Distributed Denial of Service attacks were launched at 5am GMT and targeted more than a dozen Iranian Government sites under the so-called Operation Iran.

Anonymous had timed the attacks to coincide with International Workers' Day, commemorating the first nation-wide general strike in the US, which took place on May 1 in 1886.

"OpIran attacks the governmental websites responsible for oppressing freedom of speech, information or ideas," the group wrote in a statement explaining the reasons for the attacks.

The website of the Office of the Supreme Leader, Sayyid Ali Khamenei, was taken offline about an hour after attacks according to the groups' hit list but had been reinstated at the time of writing.

Anonymous shifted targets hourly and attacked websites including the Iranian Parliament and the Ministry of ICT.

While some websites are back online, it is unknown if more destructive hacking had taken place. The group is famous for DDoS campaigns, but has also claimed responsibility for much more serious attacks involving data theft.

Its most spectacular attack was launched against US security company HBGary Federal and its chief executive Aaron Barr

The Iran DDoS attacks come as the nation's government claimed to have discovered a Stuxnet-like worm reportedly targeting its nuclear facilities.

Director of Iran’s Passive Defense Organisation said the Stars worm - named by Iranian officials - was part of an espionage attack similar to the Stuxnet virus which attacked and disabled about a tenth of the centrifuges that the government uses to enrich uranium.

Attacks against Iranian state websites are continuing.

Hacker posts screenshot of sex video on SPAD website

























The Land Public Transport Commission (SPAD) website was hacked yesterday and a screenshot of the controversial sex video allegedly involving a top politician was posted on its main page.

Appearing on the website were two images, one depicting the alleged politician in the sex video and the other of Opposition Leader Datuk Seri Anwar Ibrahim after court proceedings, with the shots time-stamped Feb 21 and Feb 22 respectively.

A check by The Star showed that the website, www.spad.gov.my was also inaccessible to users.

Accompanying the images was an address link to controversial blogger PapaGomo (Powered by Papa Gomo www.papagomo.com) which featured clips of the sex video after it surfaced on online portal YouTube.

It was believed that SPAD was the only government agency website to be hacked and defaced.

The website was restored at about 7pm.

SPAD chairman Tan Sri Syed Hamid Albar expressed surprise and regret that the website was hacked.

“It is regrettable that such a thing was done by irresponsible people.

“SPAD is a body that is concerned with public transportation. What has it got to do with the issue?” he asked.

He said SPAD would take steps to rectify the website and lodge an official complaint with the Malaysian Communications and Multimedia Commission.

The police have also been alerted.

Source Code is the New Hacker Currency !





































No doubt you've been paying attention to the data breaches pile up lately... but have you noticed a trend?

If you wade through the hype and hyperbole, dig into the details of the most prolific intrusions in recent history you'll notice one thing that shines like a neon sign.

"Source code" is the new hotness on the hacker market. It's quite interesting to see this evolution primarily because many of us are used to defending the 'endpoints'... because that's where the data is, right? I think we may be seeing a shift here. 

Much like the tectonic plates that cause earthquakes, there are some though-forces that are currently colliding deep under the surface and may cause certain mayhem.

"There are no borders"

For many years now, much like you I've been reading articles and hearing talks about how the enterprise attack surface is fractured and splintered -causing an ever-increasing opportunity for breach from the bad guys. 

For the record, I don't disagree... in fact, it's entirely too obvious to disagree with... but there's this subtle point that's been quietly going largely un-noticed. Attacking endpoints may get you at end-user data... but its in exploiting these endpoints as stepping-stones that will get you into the inner sanctum of an organization where the real good stuff is kept tightly locked up (or so we would hope). 

So the idea of a borderless enterprise is scary for multiple reasons: valuable data walks out with the various gadgets a user may have, and exploitation of those end-points will likely lead to a larger, much more serious compromise.

"Work Anywhere, Any Time"

Much to the painful grin of the enterprise security manager, the corporate CIO wants the enterprise 'network' to be everywhere. Some companies go as far as to let employees bring their own devices and allow them to work from those devices. 

Pulling at the extensions in the corporate network is the continually expanding need for people to be able to work remotely, effectively, and at any time. Interestingly enough the extension of corporate applications that have traditionally been installed as binaries on the corporate desktops to web-based applications accessible through a browser has caused serious issues for enterprises big and small. 

That mainframe application was quite good at user control, access provisioning, and so on -but once you turn it into just a database and abstract the access controls to the logic which runs the web application... all bets are off.

It's All About the Source Code

Looking at these opposing forces, and factoring in recent high-profile breaches ... it really does seem to be all about the source code. Specifically it's all about the secrets behind some of the more compelling software that runs security solutions on grand scales. 

RSA was attacked and source code was presumably stolen because millions of users world-wide use their tokens and access control mechanisms to gain access to corporate resources and highly guarded corporate secrets. 

Think about it... how much more sense does it make to concentrate your energy, as an organized attacker, to penetrate and pilfer a security vendor so you can then either find flaws in their source code OR use that source code to understand their systems better? Answer: a lot.

The reason we're seeing security companies as a big, bright, shining target recently is attackers finally had that "light bulb goes on" moment where someone realized that they were sick of hitting each target individually - and wanted a way to hit millions of high-valued corporate safes all at once, potentially.

Think about that.

Now think about where your source code, your corporate secrets, are stored. They're on desktops, laptops, servers, tablets and if you're really unlucky even on PasteBin.net (remember PasteBinFail?)... my point is that the source code that governs the security solutions is the next target.

So if you've got the source code which stands between an attacker and a large customer or a big target - check your systems. You may already be a statistic.

Faste læsere

Leveret af Blogger.