The Antisec Typhoon seems unstoppable and has apparently hacked another Defense Contractor. Continuing their campaign against law enforcement agencies and related organizations, driven by the infamous hash #FFFriday, this time they have targeted Richard Garcia, the Senior Vice President of Vanguard Defense Industries (VDI). During the Breach nearly 4,713 emails and thousands of documents were stolen.
According to TechHerald, AntiSec targeted VDI’s website due to their relationship with several law enforcement agencies from Texas and other parts of the U.S., as well as their relationship with the FBI, the DHS, and U.S. Marshals Service. Moreover, with this hack Antisec (in)directly targeted FBI since Richard Garcia is the former Assistant Director in Charge of the FBI’s field office in Los Angeles. To those supporting AntiSec, this alone is reason enough to target VDI and release Garcia’s corporate email to the public.
As usual the attack had been anticipated by an enigmatic and threatening tweet:
The emails were taken after AntiSec breached VDI’s website, based on the popular WordPress platform. According to Antisec source, VDI had two outdated plugins installed on their website, which had its development outsourced to a local marketing company in Texas. Although the person from AntiSec did not disclose the exact method used to access Garcia’s email, he stated that the hack was performed through the VDI website, and that his password was rather weak.
VDI is the responsible for ShadowHawk, an unmanned helicopter that can be tasked with aerial surveillance or equipped for military usage. At its base, the ShadowHawk comes with CCD TV optics, or an upgraded version includes CCD TV optics and FLIR optics. A third version, for military or law enforcement usage only, can be equipped with a single or multiple shot 37 mm or 40mm grenade launcher, as well as a 12g shotgun, and thermal cameras.
The is only the last leak to Defense Contractor, scroll down the list for attacks targeting Defense Contractors in this very troubled year:
| Feb 5
Anonymous hacks HBGary Federal Web Site, copies tens of thousands of documents, posts tens of thousands of emails online and usurps CEO Aaron Baar’s Twitter Account.
| Apr 6
An E-mail dated April 6, sent to 5,000 employees of U.S. Defense Contractor L-3 warns of an attack attempt made with compromised SecureIDs. It is not clear if the attack was successful (it was revelead half a month later). This is in absolute the first attack perpetrated with RSA Seeds.
This is the first known (and the only officially recognized so far) attack perpetrated with compromised SecureID seeds targeting a U.S. Defense Contractor. This Attack was detected before any sensitive information could be stolen. 100,000 accounts were locked as a precaution.
Third U.S. Defense Contractor attacked using Compromised RSA Seeds. Attacked detected before any sensitive data was stolen.
| Jun 3
As part of the FFFriday campaign, LulzSec steals 180 usernames, real names, hashed and plain text passwords, are acquired and posted publicily
| Jul 8
Anonymous attacks IRC Federal and dumps the content of the attack on a torrent available at The Pirate Bay. The dumped content include databases, private emails, contracts, development schematics, and internal documents for various government institutions.
Anonymous attacks consulting firm Booz Allen Hamilton and releases details of internal data including 90,000 military emails and passwords. Estimated cost of the breach is around $5,400,000.00.
The Pentagon reveals to have suffered a breach of 24,000 documents in March, during a single intrusion believed to have been perpetrated by a Foreign Country. As a consequence of the Intrusion, a classified U.S. Military Weapon System will need to be redesigned after specs and plans were stolen during the breach.
| Jul 28
Anonymous hacks Mantech International Corporation, another FBI Contractor, as a consolidated tradition on Friday, and releases details of internal data and documsnts.
| Jul 29
As part of the Antisec operation and in retaliation for the raids and the arrest again alleged Anonymous and LulzSec members, Anonymous attacks 77 U.S. Law Enforcement Institutions, defacing and destroying their servers.
| Aug 1
||PCS ConsultantsAnother U.S. Government contractor, PCS Consultants gets hacked by Anonymous & Antisec. Hackers extract website Database and leak it on the internet via Twitter on Pastebin (as usual!). Leaked Data include Admin’s and 110 users emails, plus passwords in encrypted hashes.||?|
| Aug 16
Antisec targets Richard Garcia, the Senior Vice President of Vanguard Defense Industries (VDI). During the Breach nearly 4,713 emails and thousands of documents are stolen. As consolidated tradtion, the torrent is released on Friday, August the 19th.
|Vulnerability in WordPress Hosting Platform|
- Vanguard Defense Industries compromised by AntiSec (thetechherald.com)
The Cruel Summer the title of this post refers to, is not the famous ’83 pop hit by Bananarama, but just a brief summary of what is happening on Information Security, most of all for those companies and istitutions falling among the target of Anonymous.
Yesterday the latest: as part of the #Antisec operation and in retaliation for the raids and the arrest again alleged Anonymous and LulzSec members (provided they are the right ones), Anonymous attacked 77 U.S. Law Enforcement Institutions, defacing and destroying their servers.
In the attack, as usual announced by Twitter, massive amounts of confidential and personal information were stolen (10 Gb according to Anonymous), including emails, passwords, classified documents, internal files, informant lists, and more.
Moreover 7,000 law enforcement officials’ private data were posted, including: social security numbers; email accounts and passwords; phone numbers and home addresses.
Here is the list of the compromised domains:
20jdpa.com, adamscosheriff.org, admin.mostwantedwebsites.net,
bakercountysheriffoffice.org, barrycountysheriff.com, baxtercountysheriff.com,
baxtercountysherifffoundation.org, boonecountyar.com, boonesheriff.com,
cameronso.org, capecountysheriff.org, cherokeecountyalsheriff.com,
cityofgassville.org, cityofwynne.com, cleburnecountysheriff.com,
coahomacountysheriff.com, crosscountyar.org, crosscountysheriff.org,
drewcountysheriff.com, faoret.com, floydcountysheriff.org, fultoncountyso.org,
georgecountymssheriff.com, grantcountyar.com, grantcountysheriff-collector.com,
hodgemansheriff.us, hotspringcountysheriff.com, howardcountysheriffar.com,
izardcountyar.org, izardcountysheriff.org, izardhometownhealth.com,
jacksonsheriff.org, jeffersoncountykssheriff.com, jeffersoncountyms.gov,
jocomosheriff.org, johnsoncosheriff.com, jonesso.com, kansassheriffs.org,
kempercountysheriff.com, knoxcountysheriffil.com, lawrencecosheriff.com,
lcsdmo.com, marioncountysheriffar.com, marionsoal.com, mcminncountysheriff.com,
meriwethercountysheriff.org, monroecountysheriffar.com, mosheriffs.com,
newtoncountysheriff.org, perrycountysheriffar.org, plymouthcountysheriff.com,
poalac.org, polkcountymosheriff.org, prairiecountysheriff.org,
prattcountysheriff.com, prentisscountymssheriff.com, randolphcountysheriff.org,
rcpi-ca.org, scsosheriff.org, sebastiancountysheriff.com, sgcso.com,
sharpcountysheriff.com, sheriffcomanche.com, stfranciscountyar.org,
stfranciscountysheriff.org, stonecountymosheriff.com, stonecountysheriff.com,
talladegasheriff.org, tatecountysheriff.com, tishomingocountysheriff.com,
tunicamssheriff.com, vbcso.com, woodsonsheriff.com
It has been an hard Week-End, started with the hack of ManTech, and just ended (maybe) with this further resounding action…
Luckily this dirty July is nearly over… from the meteorological point of view, this summer is not very hot, at least in Italy, the same can not be said for Information Security for which I do not remember a month so troubled. Will it end here, or will the peak (of meterological and information security temperatures) be reached in August?
Event quite common in the last times, it looks like another FBI contractor has been hacked, as a consolidated tradition, on Friday. This time the victim is ManTech and the hack has been claimed by Anonymous with a preview twitted by the AnonymousIRC account:
If confirmed the hack could sound quite embarassing, since, as mentioned on the tweet, nearly one year ago, Mantech won a $100M contract for FBI cybersecurity services.
On the other hand, Friday risks seriously to become a black day for FBI after other two infamous attacks happened on the same day (for what Anonymous defines #FFFriday): on June, the 3rd, 180 usernames, real names, passwords, and email addresses were leaked from another FBI contractor, Infraguard, and posted publicily by the LulzSec; on July, the 9h, IRC Federal was hacked, and the content of the leak, dumped at The Pirate Bay.
But also Monday is not a particular safe day for U.S. contractors after Anonymous attacked consulting firm Booz Allen Hamilton on July, the 12th, and released details of internal data including 90,000 military emails and passwords.
Update July 14: Database Re-leaked
A couple of hours ago Anonymous re-leaked the info of 2,500 Monsanto employees enriched with further data. The reasons are explained in the following statement:
We previously leaked 2551 emails and names of MonsantoCo employees and associates for the whole internets to see.
Immediately following this, attacks were made attempting to access/change the password on the OpMonsanto Twitter account as well many failed login attempts on 2 corresponding email accounts.
The paypal account used to finance the operation was reported and all assets frozen. Somebody, most certainly, is mad at us
We didn’t appreciate that very much, so we updated the leaked database to include
the previously redacted city/state/country and phone numbers.
Operations remain unaffected, this is just the beginning.
In response to some attempts to hack the #OpMonsanto Twitter account, Anonymous decided to disclose further information about the leaked records (Cities and Phone Numbers). The last phrase of the statement sounds particularly threatening: This is just the beginning… And it is further confirmed by a gloomy tweet. A warning for Exxon (#OpExxon) as well, the next alleged target?
Few hours after the attack to consulting firm (and military contractor) Booz Allen Hamilton, Anonymous has performed another resounding operation. As part of their #OpMonsanto, the Anonymous have leaked info of 2500 employees belonging to Monsanto, including their home address.
The reasons behind the attacks have been explained with a subsequent tweet:
are an aftermath of the WikiLeaks affair and concern the alleged strategy used by Monsanto to push GMO. Few days ago Anonymous warned Monsanto to expect something “more serious than a DDOS” after the company filed lawsuits against organic farmers for labeling their product as not containing growth hormones. At the end something more serious than a DDOS happened…
- Another One Bytes The Dump (paulsparrows.wordpress.com)
It looks like that security issues for US Military contractors never end. The consulting firm Booz Allen Hamilton is only the last which has fallen under the blows of anonymous. In the name of the #AntiSec operation hackers claimed today that they compromised a server released internal data, including about 90,000 military e-mail addresses. Due to the huge amount of data leaked, the operation was called #MilitaryMeltdownMonday.
We infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!). We also added the complete sqldump, compressed ~50mb, for a good measure.
The entire statement is available on pastebin, while the leaked data have been inserted into a torrent at The Pirate Bay, and are also already available on pastebin, although password are hashed (but not salted).
We also were able to access their svn, grabbing 4gb of source code. But this was deemed insignificant and a waste of valuable space, so we merely grabbed it, and wiped it from their system.
It was clear that something was in the air since a couple of days, as some tweets announced “the biggest day in #anonymous‘ history according to sabu”:
This might be an indication that the ghost of the infamous group LulzSec played a crucial role in the attack to Booz Allen Hamilton. As a matter of fact Sabu, is the alleged leader of the infamous group LulzSec, and also the alleged author of the hack to HBGary Federal, another military contractor hacked earlier this year becouse of its CEO Aaron Barr claimed to have unmasked some Anonymous members. In response to his actions, the hackers dumped 71,000 emails which revealed, among the others things, that HBGary had worked with Booz Allen Hamilton to develop a response plan for Bank of America based on what the bank feared might be an upcoming leak of its internal documents by WikiLeaks.
The Anonymous statement also paints the contractor as another player involved (together with HBGary) on a military project, dubbed Operation Metal Gear by Anonymous (for lack of an official title) designed to manipulate social media, and as a revolving door of military-related conflicts of interest, and argues that the firm has been involved in mass surveillance projects.
The company wrote on its Twitter feed that “as part of @BoozeAllen security policy, we generally do not comment on specific threats or actions taken against our systems.”
This is only the last attack to a U.S. Contractor. On July, the 9th, Anonymous attacked IRC Federal, an FBI contractor, and dumped the content of the attack on a torrent available once again at The Pirate Bay. The dumped content apparently included databases, private emails, contracts, development schematics, and internal documents for various government institutions. The attack was performed as a sequel to the first one against Infragard, another FBI affiliate, on June, the 3rd performed (what a coincidence) from LulzSec.
After HBGary Federal, between April and May 2011 three U.S. Defense contractors: L-3, Lockheed Martin and Northrop Grumman were attacked by using compromised RSA seeds, although in this case no one has been identified as the author of the attacks, and also no connection with anonymous has been found.
- Hackers claim they exposed Booz Allen Hamilton data (news.cnet.com)
- 50 Days of Hunt (paulsparrows.wordpress.com)
Like the rest of the information security world, I have been impressed enough by the 50 days of Lulz. Even if one agrees with the detractors which claim that, after the first PSN hack, the LulzSec releases are of poor quality, it is unquestionable that the crew of the Lulz boat has contributed to make to the world aware, although with controversial methods and purposes, about the risks of data security. Moreover the list of their targets shows that this applies both to private and public inistitutions: from corporations to governments.
However there is another aspect I was particularly impressed by, and it was the war fought behind the scene between the bad guys (the LulzSec team), and the good guys as two main characters: an ethical hacker former military called @th3j35ter (already known also for hactivism) and a team of web sentinels, who called themselves Web Ninjas).
Since other characters played a primary role in this modern war as well (@on3iroi and a group called the A-Team), making the timeline and the scene of the crime further complicated and intriguing, I tried to collect all the possible information and references in the picture below. The whole story looks like a mix between a spaghetti western in modern sauce with a spy story (probably Hollywood scriptwriters should consider it for a movie).
What was the most impressive aspect according to my personal opinion? For sure the use of social media for intelligence purposes. Have a look at the way the first member of LulzSec Team Nakomis, was unmasked by @th3j35t3r. Is it Social Espionage, isn’t it?
Somewhat unexpected after 50 days of, apparently unstoppable chaos, the LulzSec Hacker group decided to haul down the flag of war and navigate to calmer shores, in which they will likely not attack other vessels in the sea of Internet.
The alleged dissolution of the group, leading the cyber-attacks at the CIA, U.S. Senate, Nintendo, Sony, SOCA, NATO and others, was announced in a statement, entitled 50 days of lulz in which the group has taken responsibility for the events, reviving the glory days of the AntiSec Movement, while claiming not to be permanently tied to the identity of LulzSec.
For the past 50 days we’ve been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others – vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It’s what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.
Probably this decision was also a consequence of the increasing attention attracted by the group, not only by CIA and FBI (which arrested an alleged 19 years old member of the group, Ryan Cleary, whose real involvement however, is yet to be shown), but also by other hackers: @th3j35t3r, @On3iroi, Web Ninjas and Warv0x (who hacked PBS a second time, just to show that “…LulzSec are just a bunch of script kiddies…”. Against those, in the last days, LulzSec was fighting a war with no holds barred, as in a modern cyberversion of a spaghetti western: on one side the so called good guys trying to unmask the identity of the bad guys with IRC logs leakages, DDOS attacks and anti-LulzSec PHP scripts; on the other side the bad guys claiming the futility of enemy attacks, their poor detective capabilities, and also their “horrible coding” (read this pastebin with the LulzSec fixed version of the PHP script used to scan their domains). At this link the possibile identities of the LulzSec members.
As their last goodbye the LulzSec released a final torrent with data taken from AOL, AT&T, NATO & others.
The motivations of the group can be shared or not, but one thing is certain: the ease with which classified information has been leaked should make us think ….
- The end of LulzSec? Hacking group says it is disbanding, after 50 days of attacks (nakedsecurity.sophos.com)