About these ads


Archive for July, 2011

It’s A Cruel Summer

July 31, 2011 5 comments

The Cruel Summer the title of this post refers to, is not the famous ’83 pop hit by Bananarama, but just a brief summary of what is happening on Information Security, most of all for those companies and istitutions falling among the target of Anonymous.

Yesterday the latest: as part of the #Antisec operation and in retaliation for the raids and the arrest again alleged Anonymous and LulzSec members (provided they are the right ones), Anonymous attacked 77 U.S. Law Enforcement Institutions, defacing and destroying their servers.

In the attack, as usual announced by Twitter, massive amounts of confidential and personal information were stolen (10 Gb according to Anonymous), including emails, passwords, classified documents, internal files, informant lists, and more.

Moreover 7,000 law enforcement officials’ private data were posted, including: social security numbers; email accounts and passwords; phone numbers and home addresses.

Here is the list of the compromised domains:

20jdpa.com, adamscosheriff.org, admin.mostwantedwebsites.net,
alabamasheriffs.com, arkansassheriffsassociation.com,
bakercountysheriffoffice.org, barrycountysheriff.com, baxtercountysheriff.com,
baxtercountysherifffoundation.org, boonecountyar.com, boonesheriff.com,
cameronso.org, capecountysheriff.org, cherokeecountyalsheriff.com,
cityofgassville.org, cityofwynne.com, cleburnecountysheriff.com,
coahomacountysheriff.com, crosscountyar.org, crosscountysheriff.org,
drewcountysheriff.com, faoret.com, floydcountysheriff.org, fultoncountyso.org,
georgecountymssheriff.com, grantcountyar.com, grantcountysheriff-collector.com,
hodgemansheriff.us, hotspringcountysheriff.com, howardcountysheriffar.com,
izardcountyar.org, izardcountysheriff.org, izardhometownhealth.com,
jacksonsheriff.org, jeffersoncountykssheriff.com, jeffersoncountyms.gov,
jocomosheriff.org, johnsoncosheriff.com, jonesso.com, kansassheriffs.org,
kempercountysheriff.com, knoxcountysheriffil.com, lawrencecosheriff.com,
lcsdmo.com, marioncountysheriffar.com, marionsoal.com, mcminncountysheriff.com,
meriwethercountysheriff.org, monroecountysheriffar.com, mosheriffs.com,
mostwantedgovernmentwebsites.com, mostwantedwebsites.net,
newtoncountysheriff.org, perrycountysheriffar.org, plymouthcountysheriff.com,
poalac.org, polkcountymosheriff.org, prairiecountysheriff.org,
prattcountysheriff.com, prentisscountymssheriff.com, randolphcountysheriff.org,
rcpi-ca.org, scsosheriff.org, sebastiancountysheriff.com, sgcso.com,
sharpcountysheriff.com, sheriffcomanche.com, stfranciscountyar.org,
stfranciscountysheriff.org, stonecountymosheriff.com, stonecountysheriff.com,
talladegasheriff.org, tatecountysheriff.com, tishomingocountysheriff.com,
tunicamssheriff.com, vbcso.com, woodsonsheriff.com

It has been an hard Week-End, started with the hack of ManTech, and just ended (maybe) with this further resounding action…

Luckily this dirty July is nearly over… from the meteorological point of view, this summer is not very hot, at least in Italy, the same can not be said for Information Security for which I do not remember a month so troubled. Will it end here, or will the peak (of meterological and information security temperatures) be reached in August?

About these ads

Italian Anonymous Owned

July 29, 2011 1 comment

It looks like the CNAIPIC Hack is really a never ending story… I wonder why each event occurring in Italy, however dramatic, must always have an ironic twist. I already discussed about the shadows surrounding the Italian Cyber Police Hack: few hours ago the latest episode of the farce, an hacker called evil18 defaced the Italian Anonymous Blog with an image of His Holiness Benedictus XVI, who fools the Italian Anonymous for the doubts surrounding the event:

In an Italian characterized by a deep German accent, the Pope (“His Holiness owns you”) fools the alleged perpetrators (“Beautiful Children Go Home”), quoting what it seems to be a chat fragment in which the alleged authors declare they will soon release the entire dump (so far only two releases of the promises three have been published).

The mistery continues…

Kudos to Guelfoweb for reporting the link!

Anonymous Claims ManTech, Another FBI Contractor, Hacked

July 29, 2011 4 comments

Event quite common in the last times, it looks like another FBI contractor has been hacked, as a consolidated tradition, on Friday. This time the victim is ManTech and the hack has been claimed by Anonymous with a preview twitted by the AnonymousIRC account:

If confirmed the hack could sound quite embarassing, since, as mentioned on the tweet, nearly one year ago, Mantech won a $100M contract for FBI cybersecurity services.

On the other hand, Friday risks seriously to become a black day for FBI after other two infamous attacks happened on the same day (for what Anonymous defines #FFFriday): on June, the 3rd, 180 usernames, real names, passwords, and email addresses were leaked from another FBI contractor, Infraguard, and posted publicily by the LulzSec; on July, the 9h, IRC Federal was hacked, and the content of the leak, dumped at The Pirate Bay.

But also Monday is not a particular safe day for U.S. contractors after Anonymous attacked consulting firm Booz Allen Hamilton on July, the 12th, and released details of internal data including 90,000 military emails and passwords.

And The Winner Is…

July 28, 2011 1 comment

The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the security community.

The awards are given out once an year. The fifth annual ceremony will take place on Aug 3rd, 2011 in Las Vegas at the BlackHat USA security conference.

In 2011 there will be nine award categories:

  • Pwnie for Best Server-Side Bug
  • Pwnie for Best Client-Side Bug
  • Pwnie for Best Privilege Escalation Bug
  • Pwnie for Most Innovative Research
  • Pwnie for Lamest Vendor Response
  • Pwnie for Best Song
  • Pwnie for Most Epic FAIL
  • Pwnie for Lifetime Achievement
  • Pwnie for Epic Ownage

Do you remember the hacking matrix I posted several days ago, emphasizing impact and innovation as two key factors in hacking? Well, it looks like the panel of the judges did recognized the value of these two factor (together with a certain amount of shallowness in case of Sony).

(Nearly) all the events drawn in the matrix, which happened in 2011 deserved a nominee for the prize, with the exception of Epsilon Data Breach, whose likely category, Most Epic Fail, has been literally monopolized by Sony with 5 nominations.

RSA deserved a nomination as well in the category “Lamest Vendor Response”, while the category Epic Ownage has been monopolized by LulzSec. Even if LulzSec has been appointed only once for “hacking everyone”, there is also a nomination for Anonymous for “hacking HBGary Federal”, probably this is a mistake since it looks clear that HBGary Federal was hacked by the Lulz Boat as well (as also ironically stressed by the LulzSec group itself).

The other two nominations for the Epic Ownage? Bradley Manning and Wikileaks (but I would also have inserted Lady Gaga since a fake Lady Gaga CD was used to perform the leak, and… most of all Stuxnet, who ranked at the top for impact an innovation in this matrix. Stuxnet is considered the first of a new generation of Cyber-weapons even if, so far, no other malware of similar sophistication has been detected (but U.S. Department of Homeland Security fears a modified Stuxnet variant could soon attack U.S. Infrastructure).

Interesting to notice, as suggested by Network World, whoever will win the Epic Ownage prize will be, in theory, a criminal for the law, consequently Law enforcement could be seriously interested to see if anyone actually shows up to this year to accept the prize for Epic Ownage at Black Hat, since all the nominees will face possible criminal charges.

At this link a complete list of the nominations.

Anonymous Denies Paternity For the CNAIPIC Hack

July 27, 2011 4 comments

The CNAIPIC Hack is becoming paradoxical. Yesterday Italian Security Professional (and Italian Newspapers) are literally gone crazy in analyzing the event, divided between those who claimed a huge and real damage (in terms of image and substance) for Cyber Italian Police, and those who raised doubts on the event, supported by the few details provided concerning the incident, together with the uncertain identity and origin of the attackers.

A couple of hours ago the last “coup de théâtre”: an official statement (in Italian) from the Italian Anonymous in which they (and the LulzSec) deny the paternity of the attack and dissociate themselves feom the hack (after dedicating ample space to the leak in their blog, claiming responsibility for it), because of the impossibility to verify the veracity of the information. Similarly, after so much noise, the tweets from the two groups are silent since 5/6 hours.

According to the Italian Anonymous the hack is exclusively attributable to the crew NKWT LOAD which is in no way related to Anonymous or LulzSec, and which is the only to possess the 8gbs of data. As a consequence, they may not confirm the accusations against CNAIPIC. At the same way they do not know which vulnerability was exploited to perform the hack.

At the beginning the action seemed a clear retaliation for the Italian Cyber Police raids against the Italian Anonymous splinter cell, but now differente hypotheses are open: a hoax, real data leaked from an Internal source, a simple 8 Gb USB key lost from a contractor or rather an attack from a foreign cyber army (with the attempt to introduce a red harring against the Anonymous)? To be continued with one clear evidence: when dealing with Italian Affairs, using a local expression, “The situation is always desperate but never serious”.

Tweets Like Weapons

July 27, 2011 2 comments

Thanks to Andrea Zapparoli Manzoni for suggesting the original concept of Consumerization of Warfare and this update.

If the Cyberspace is the fifth domain of war, social media are likely destined to became the major sub-domain.

In a previous post we defined “Consumerization of Warfare” the growing use of consumer technologies such as Social Networks and Mobile for Military purposes (such as propaganda or espionage).

The most obvious examples of this trend are represented, on a global scale, by the influence (also recognized by President Obama) that social media had for the Wind of Changes blowing from Maghreb to the Middle East. In this contest they were used for different purposes: for witnessing the real extent of the events (which was a key factor in fostering the Allied intervention in Libya), for virally spreading propaganda and psyops information, and, last but not least, in a strict military context, as a further evidence to “strong authenticate” coordinates for Nato Missile Attacks in Libya.

But this approach is not limited to social media. Mobile devices are the natural companions of social media, so U.S. Army, U.S. Marines, and National Security Agency are just evaluating the use of COTS (Commercial Off-The-Shelf) products for military purposes and is evaluating several different commercially available smartphones and tablets, properly hardened and secured.

In particular, despite privacy and reputation issues, social media have proven to be a powerful device for spreading information. Consider for example a single event: Osama Bin Laden’s death. Tweets dealing with this event averaged 3440 TPS from 10:45 to 12:30pm ET on May 2 2011, reaching a peak of 5106 TPS around 11:00pm ET.

Such a formidable weapon must be fully exploited for defensive and offensive purposes, consequently the newcomer in this warfare is none other than the Pentagon, which is asking scientists to figure out how to detect and counter propaganda on social media networks in the aftermath of Arab uprisings driven by Twitter and Facebook. The US military’s high-tech research arm, the Defense Advanced Research Projects Agency (DARPA), has put out a request for experts to look at “a new science of social networks” that would attempt to get ahead of the curve of events unfolding on new media.

The program’s goal is:

To track “purposeful or deceptive messaging and misinformation” in social networks and to pursue “counter messaging of detected adversary influence operations,”

according to DARPA’s request for proposals issued on July 14.

The idea to build fake personas to manipulate the social arena is not completely new (and one of the players involved was just the well known HBGary Federal), but this time the scope is pretty much wider, aiming to change the course of events by massive (counter)information campaigns (think for instance to video and images coming from Libya which were crucial to foster the Allied Intervention).

I am not sure Zuckerberg & Co. will be very happy that their creatures are considered, against their will, a battlefield from The Pentagon…

The Hand of The Lulz Boat For the CNAIPIC Hack?

July 25, 2011 4 comments

After the initial surprise more details are being divulged about the CNAIPIC Hack disclosed this morning. CNAIPIC stands for Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche) and in practice corresponds to Italian Cyber Police.  The event was so resounding to deserve ample space on foreign press as well, starting from BBC, which shows that it has not a mere technical meaning.

Several quick considerations:

  • As already stated, CNAIPIC played a primary role during the Campaign of July in which 15 alleged Anonymous members were arrested in 32 raids carried on in Italy and Switzerland. At first glance, this hack seems a clamorous retaliation… But this is too much simple and in my opinion there’s more… During the above mentioned raids, the Italian Police (a statement not reported by local press) reported that: Out of all of the current hacker groups, Anonymous is the largest, but is also populated by the least technical people. Some of its members carry out attacks using software downloaded from the Internet and do not carry out the most basic attempts to secure their IP address. A clear reference to the fact that, until then, the activities of the Anonymous/LulzSec  cells in Italy were mainly focused on disruptive DDoS against several sites related to Government, Finance, Telcos and utilities probably made with LOIC without precautions. This attack has shown a much greater level of complexity and this can be easily intended as a kind of “revenge inside the revenge”: Anonymous is not (only) LOIC made DDoS.
  • BBC reported that the Anonymous hacker group received the files from a “source”, implicitly suggesting an internal origin for the leak (also suggested by Gizmodo). Honestly speaking I do not agree with this interpretation. As a matter of fact the first tweet announcing the leak on the @AnonymousIRC account was a mere forward from an original tweet by @anonesc (who admitted not to have further details since only forwarded the info). Guess who gave the first tweet? Yes, it was Sabu (thanks to Punto 1 for reporting the info), an old acquaintance, the alleged leader of the LulzSec Group. I have already indicated that this hack resembled the one perpetrated against HBGary Federal which was already performed by Sabu, which could be involved in this hack as well the fact that he was the first to report the CNAIPIC leak cannot be considered a coincidence. Moreover, so far no details concerning the leak were given, not even from the Italian Anonymous and LulzSec.
  • The statement was first written in English, of course with the purpose to reach a wider audience. Gizmodo suggests that “the broken English indicates a foreign agent—maybe Italian—and might hint at the possibility of this being an inside job” (considered the average level of English knowledge in Italy the fact that the first statement was written in English should exclude an internal origin but this is a personal consideration :-)). Anyway, the first statement lacks the irony (and the grammar) of the Lulz pastebins (but it looks like the Lulz Boat had a dedicated member, Topiary, for “public relations”). Curiously, the same statement in Italian was released several hours later and, honestly speaking, is a broken Italian, suggesting a quick translation from the original statement, perhaps with Google Translator or a similar tool, without further deep revisions. In any case, to me, it sounds more likely that the hack was performed with a foreign hand: if I were in an Italian attacker’s shoes I would have reserved more attention to my own language.

In any case, internal or external origin, the action is destined to raise many controversies in Italy, making even more bloody the fight against Anonymous.


Get every new post delivered to your Inbox.

Join 2,945 other followers