About these ads

Archive

Archive for July 20, 2011

The Two Faces of Hacking

July 20, 2011 1 comment

My colleague Massimo Biagiotti suggested me this interesting matrix from IEEE which originally indicated some of the biggest and best stories assessed along two dimensions: innovation and impact.

Actually I cleaned it up a little bit in order to show only some of the events happened in 2011, which were inserted in the original matrix. As a reference I left some events of the previous years (inserted in the original matrix as well) in order to have a kind of normalization. They include the infamous Ufo Hacker, the Greek Cellphone Caper, and finally the Palin’s Email Hacking.

As you may easily notice, Stuxnet deserves the Top of the Rock for Innovation and Impact. The infamous malware (the terror the nuclear power plants) has divided the infosec community in different factions: those who consider the malware as the first example of next-gen cyber-weapons developed (maybe by Israel and the U.S.) to seriously damage and delay the Iranian nuclear program (whose development took at least ten years of work), or those who consider it the work of an amateur, a script kid, possibly an astronomer with knowledge of the Holy Bible. Regardless of the real origin, because of its huge exploitation of 0-day vulnerabilities (which make it really contagious) the malware has established a new level, and probably a new standard for the information security landscape.

The RSA breach ranks in a considerable position as well. As known, compromised seeds were used to attack several main contractors of U.S. Defense (L-3, at the beginning of April but disclosed at the end of May, Lockheed Martin, on May, the 22nd, and Northrop Grumman on May, the 26th). As I told in one few posts ago I am afraid that also the Mother of All Breaches, that is the breach of 24,000 files by a Contractor, happened in March but disclosed by Pentagon last week, may be somehow related to the RSA Breach. As a consequence of the latter breach, a classified US military weapons system will have to be redesigned. Because of the impact, this breach should also be included in the matrix.

Probably the effects of the Epsilon Data Breach have been underestimated, since it is likely that security concerns, in terms of phishing, for the owners of breached e-mail addresses will last for years.

Obviously the matrix could not miss the infamous Anonymous and LulzSec Hacking groups. Their actions are considered quite simple with a major impact for the Lulz Boat. The Anonymous group is perhaps unfairly considered only for DDoS, and probably the matrix was drawn before the events of the last days such as the Monsanto Hack performed by Anonymous (whose impact is quite huge and denotes a growing interest of the group towards social problems), or the Sun Hacking (at this link some technical details on the hack).

Finally a quick consideration, of course it is a coincidence, but I could not help noticing that the author of the Ufo Hack, Gary McKinnon, has been diagnosed with the Asperger’s Syndrome, a form of Autism. Curiously the same disease has been diagnosed to Ryan Cleary, the alleged LulzSec member arrested in U.K. on June, the 21st. Probably some individuals suffering of autism spectrum disorders establish with machines the links and relationships they are not able to establish with the other human beings. This explains in part why they are so able with hacking…

Again, thanks to Massimo for reporting this really interesting (and enjoying) link.

About these ads

Someone has been arrested for using LOIC

July 20, 2011 6 comments

Probably LOIC is not so safe as it was supposed to be.

Yesterday FOX News (curiously the American province of the Murdoch Empire which had suffered an hacking attack by the Lulz Boat the day before) was the first to report of three FBI Raids at the New York homes of three suspected members of notorious hacking group Anonymous early Tuesday morning. Later on the same day more details came clear, including the fact that the raids were part of a wider ongoinhg operation involving, to date, more than 35 search warrants issued by FBI (for a total of 75 searches to date), after which sixteen suspected members of Anonymous were arrested in Florida, New Jersey and California (more details in the official FBI press release including the names of the arrested individuals).

The arrested individuals were considered responsable for the DDoS attacks against Visa, Mastercards, PayPal and more, after the companies decided to suspend donations for WikiLeaks.

In the same hours, again according to Fox News, officers from the Metropolitan Police’s E-Crime Unit in London arrested a 16-year-old boy in South London Tuesday afternoon, on suspicion of breaching the Computer Misuse Act. The suspected individual could be Tflow, a key member of the infamous hacker group LulzSec, and he has beeen charged of the Infragard hacking, an affiliate to FBI, on June, the 3rd 2011.

This is not the first example of raid against alleged Anonymous members since similar police actions were performed a couple of weeks ago in Italy and Switzerland leading to the arrest of 15 individuals, and also in similar in Spain last month, which saw another three suspects arrested.

If we exclude the arrest of the alleged Lulzsec member, as I already suggested, probably in many cases the alleged Anonymous members are “Would-be” hacker, recklessly involved in hactivism campaigns on the wave of enthusiasm butwithout the necessary skills. This explains the low average age of the teens purportedly involved. As a confirm I found this interesting post on ReddIt in which a family man tells, triggering the predictable comments from taxpayers, of an FBI in his house with a search warrant (20 agents, guns drawn) because they seemed to believe his 13 year old son was an integral part of the ANON ddos attack on Paypal (I must confess that for an European grown with Sci-Fi U.S. Movies like I am, the imagine of 4 cars and a black van filled with FBI agents invading a common house is priceless). It looks like this is not the only example.

No One has ever been arrested for using LOIC? Not anymore…

Follow

Get every new post delivered to your Inbox.

Join 2,898 other followers