There are really few doubts, this is the most (in)famous hacking collective. There is no new day without a new resounding action. They are Anonymous. They are Legion. They do not forgive. They do not forget. Expect Them.
B like Barrett Brown
Considered one of the early members, Barrett Brown is the alleged spokesperson of Anonymous.
C like Chanology (AKA Project Chanology, AKA Operation Chanology)
A protest movement against the practices of the Church of Scientology by Anonymous. The project (or Operation) was started in response to the Church of Scientology’s attempts to remove material from a highly publicized interview with Scientologist Tom Cruise from the Internet in January 2008 and was followed by DDoS attacks and other actions such as black faxes and prunk calls.
D like DDoS
Distributed Denial of Service (abbreviated DDoS) is the preferred weapon by Hackitivsts, since it does not need particular hacking skills and may also be centrally controlled (with a hive mind who define the target). The preferred tool for perpetrating DDoS attacks is LOIC, although next-gen tools are under development.
E like Encyclopædia Dramatica
A satirical open wiki, launched on December 10, 2004 and defunct on April 14 2011. It is considered one of the sources of inspiration for The Anonymous.
F like Fawkes Guy AKA Fawkes Guido
Guy Fawkes (13 April 1570 – 31 January 1606), also known as Guido Fawkes, belonged to a group of provincial English Catholics who planned the failed Gunpowder Plot, a failed assassination attempt against King James I of England. His stylised mask designed by illustrator David Lloyd and used as a major plot element in the “V for Vendetta“ Comic Book, is the symbol for the Anonymous. The failure of the Gunpowder plot has been commemorated in England since 5 November 1605.
The Antisec Typhoon seems unstoppable and has apparently hacked another Defense Contractor. Continuing their campaign against law enforcement agencies and related organizations, driven by the infamous hash #FFFriday, this time they have targeted Richard Garcia, the Senior Vice President of Vanguard Defense Industries (VDI). During the Breach nearly 4,713 emails and thousands of documents were stolen.
According to TechHerald, AntiSec targeted VDI’s website due to their relationship with several law enforcement agencies from Texas and other parts of the U.S., as well as their relationship with the FBI, the DHS, and U.S. Marshals Service. Moreover, with this hack Antisec (in)directly targeted FBI since Richard Garcia is the former Assistant Director in Charge of the FBI’s field office in Los Angeles. To those supporting AntiSec, this alone is reason enough to target VDI and release Garcia’s corporate email to the public.
As usual the attack had been anticipated by an enigmatic and threatening tweet:
The emails were taken after AntiSec breached VDI’s website, based on the popular WordPress platform. According to Antisec source, VDI had two outdated plugins installed on their website, which had its development outsourced to a local marketing company in Texas. Although the person from AntiSec did not disclose the exact method used to access Garcia’s email, he stated that the hack was performed through the VDI website, and that his password was rather weak.
VDI is the responsible for ShadowHawk, an unmanned helicopter that can be tasked with aerial surveillance or equipped for military usage. At its base, the ShadowHawk comes with CCD TV optics, or an upgraded version includes CCD TV optics and FLIR optics. A third version, for military or law enforcement usage only, can be equipped with a single or multiple shot 37 mm or 40mm grenade launcher, as well as a 12g shotgun, and thermal cameras.
The is only the last leak to Defense Contractor, scroll down the list for attacks targeting Defense Contractors in this very troubled year:
| Feb 5
Anonymous hacks HBGary Federal Web Site, copies tens of thousands of documents, posts tens of thousands of emails online and usurps CEO Aaron Baar’s Twitter Account.
| Apr 6
An E-mail dated April 6, sent to 5,000 employees of U.S. Defense Contractor L-3 warns of an attack attempt made with compromised SecureIDs. It is not clear if the attack was successful (it was revelead half a month later). This is in absolute the first attack perpetrated with RSA Seeds.
This is the first known (and the only officially recognized so far) attack perpetrated with compromised SecureID seeds targeting a U.S. Defense Contractor. This Attack was detected before any sensitive information could be stolen. 100,000 accounts were locked as a precaution.
Third U.S. Defense Contractor attacked using Compromised RSA Seeds. Attacked detected before any sensitive data was stolen.
| Jun 3
As part of the FFFriday campaign, LulzSec steals 180 usernames, real names, hashed and plain text passwords, are acquired and posted publicily
| Jul 8
Anonymous attacks IRC Federal and dumps the content of the attack on a torrent available at The Pirate Bay. The dumped content include databases, private emails, contracts, development schematics, and internal documents for various government institutions.
Anonymous attacks consulting firm Booz Allen Hamilton and releases details of internal data including 90,000 military emails and passwords. Estimated cost of the breach is around $5,400,000.00.
The Pentagon reveals to have suffered a breach of 24,000 documents in March, during a single intrusion believed to have been perpetrated by a Foreign Country. As a consequence of the Intrusion, a classified U.S. Military Weapon System will need to be redesigned after specs and plans were stolen during the breach.
| Jul 28
Anonymous hacks Mantech International Corporation, another FBI Contractor, as a consolidated tradition on Friday, and releases details of internal data and documsnts.
| Jul 29
As part of the Antisec operation and in retaliation for the raids and the arrest again alleged Anonymous and LulzSec members, Anonymous attacks 77 U.S. Law Enforcement Institutions, defacing and destroying their servers.
| Aug 1
||PCS ConsultantsAnother U.S. Government contractor, PCS Consultants gets hacked by Anonymous & Antisec. Hackers extract website Database and leak it on the internet via Twitter on Pastebin (as usual!). Leaked Data include Admin’s and 110 users emails, plus passwords in encrypted hashes.||?|
| Aug 16
Antisec targets Richard Garcia, the Senior Vice President of Vanguard Defense Industries (VDI). During the Breach nearly 4,713 emails and thousands of documents are stolen. As consolidated tradtion, the torrent is released on Friday, August the 19th.
|Vulnerability in WordPress Hosting Platform|
- Vanguard Defense Industries compromised by AntiSec (thetechherald.com)
After the initial surprise more details are being divulged about the CNAIPIC Hack disclosed this morning. CNAIPIC stands for Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche) and in practice corresponds to Italian Cyber Police. The event was so resounding to deserve ample space on foreign press as well, starting from BBC, which shows that it has not a mere technical meaning.
Several quick considerations:
- As already stated, CNAIPIC played a primary role during the Campaign of July in which 15 alleged Anonymous members were arrested in 32 raids carried on in Italy and Switzerland. At first glance, this hack seems a clamorous retaliation… But this is too much simple and in my opinion there’s more… During the above mentioned raids, the Italian Police (a statement not reported by local press) reported that: Out of all of the current hacker groups, Anonymous is the largest, but is also populated by the least technical people. Some of its members carry out attacks using software downloaded from the Internet and do not carry out the most basic attempts to secure their IP address. A clear reference to the fact that, until then, the activities of the Anonymous/LulzSec cells in Italy were mainly focused on disruptive DDoS against several sites related to Government, Finance, Telcos and utilities probably made with LOIC without precautions. This attack has shown a much greater level of complexity and this can be easily intended as a kind of “revenge inside the revenge”: Anonymous is not (only) LOIC made DDoS.
- BBC reported that the Anonymous hacker group received the files from a “source”, implicitly suggesting an internal origin for the leak (also suggested by Gizmodo). Honestly speaking I do not agree with this interpretation. As a matter of fact the first tweet announcing the leak on the @AnonymousIRC account was a mere forward from an original tweet by @anonesc (who admitted not to have further details since only forwarded the info). Guess who gave the first tweet? Yes, it was Sabu (thanks to Punto 1 for reporting the info), an old acquaintance, the alleged leader of the LulzSec Group. I have already indicated that this hack resembled the one perpetrated against HBGary Federal which was already performed by Sabu, which could be involved in this hack as well the fact that he was the first to report the CNAIPIC leak cannot be considered a coincidence. Moreover, so far no details concerning the leak were given, not even from the Italian Anonymous and LulzSec.
- The statement was first written in English, of course with the purpose to reach a wider audience. Gizmodo suggests that “the broken English indicates a foreign agent—maybe Italian—and might hint at the possibility of this being an inside job” (considered the average level of English knowledge in Italy the fact that the first statement was written in English should exclude an internal origin but this is a personal consideration :-)). Anyway, the first statement lacks the irony (and the grammar) of the Lulz pastebins (but it looks like the Lulz Boat had a dedicated member, Topiary, for “public relations”). Curiously, the same statement in Italian was released several hours later and, honestly speaking, is a broken Italian, suggesting a quick translation from the original statement, perhaps with Google Translator or a similar tool, without further deep revisions. In any case, to me, it sounds more likely that the hack was performed with a foreign hand: if I were in an Italian attacker’s shoes I would have reserved more attention to my own language.
In any case, internal or external origin, the action is destined to raise many controversies in Italy, making even more bloody the fight against Anonymous.
- Italian Cyber Police Hacked? (paulsparrows.wordpress.com)
This morning the Anonymous tweets are particularly loud in Italy. It looks like a splinter cell of Anonymous hacked the Italian Cyber Police (CNAIPIC) releasing an image previews, two preview archives and a structure of the file archive (links are currently working). According to the related pastebin the content of the whole leak should amount to 8 Gb of data.
The Italian Cyber Police was heavily involved into the 32 raids which led, at the beginning of July, to the arrest of 15 alleged anonymous members in Italy during a campaign which interested the whole country and the Switzerland where the alleged leader of the group resided. Probably, to confirm a consolidated “tradition” of the group, the Anonymous decided to have a clamorous revenge (does this remember the HBGary affair?).
Moreover, this alleged leak follows another resounding leak happened in Italy, nearly in contemporary with the above raids, targeting several of the main Italian Universities.
This July 2011 seems to be endless from an Infosec perspective and, at my memory, I do not remember Italy has ever been involved so much, with actions by both sides.
Here is the full pastebin content:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ____ _______ ________
| | \ _ \ _____ \______ \
| | / /_\ \\__ \ | | \
| |__\ \_/ \/ __ \_| ` \
|_______ \_____ (____ /_______ /
\/ \/ \/ \/
+Legion of Anonymous Doom+ Release Zero1+
This is a prerelease of a series we are going to make to reveal the biggest in history of European LE cyber operation Evidence exploitation and abuse. Thing’s gonna get published and twittered all over anonymous and lulzsec community.
Today we were granted with the Italian law enforcement Pandora box, we really think it shall be a new era of “regreaissance” to the almighty Homeland Security Cyber Operation Unit in EU.
So we decided to leak everything they got since they were established as a full scale cyber taskforce named CNAIPIC.
This corrupted organization gathered all the evidence from the seized property of suspected computer professional entertainers and utilized it over many years to conduct illegal operations with foreign intelligence agencies and oligarchy to facilitate their lust for power and money, they never used obtained evidence to really support ongoing investigations.
Today we reveal a whole Load of stuff (estimated leak would be over 8Gb) from such owned institutions, just to make it clear all of this stuff was stored on CNAIPIC evidence servers for years while people are doing time in jail waiting for the trial while CNAIPIC used the evidence in the global spy game galore:
Egypt: Ministry of Transport and Communication
Australia: Ministry of Defence
Russia: Atomstroyexport, Diaskan, Sibneft, Gazprom etc.
Ukraine: several embassies and consulates on it’s territory
Nepal: Ministry of Foreign Affairs
Belarus: Ministry of Foreign Affairs, Belneftehim, Belspetzexport
Gibraltar, Cyprus, Cayman Islands etc: Tecno Develp, Line Holdings, Dugsberry Inc, Alpha Prime, Alpha Minerals etc.
Vietnam: PetroVietnam (PTSC), Ministry of Natural Resources (MONRE)
USA: EXXON MOBIL, US Department of agriculture and hundreds of attorneys and DOJ accounts including: McCallion & Associates LLP, Goodkind, Labaton, Rudoff & Sucharow, LLP, and hundreds of bullshit agencies we don’t even know why we pay taxes to support all of them.
So to cut the crap let’s get it over with fellaz…
Is the image preview to get a glimpse on what is meant to be said.
first of 2 preview archives with preview documents to get a general idea.
2nd preview archive
CNAIPIC file structure and listing Part 1
Thank you all,
Stay tuned…4 update on this one.
It looks like that security issues for US Military contractors never end. The consulting firm Booz Allen Hamilton is only the last which has fallen under the blows of anonymous. In the name of the #AntiSec operation hackers claimed today that they compromised a server released internal data, including about 90,000 military e-mail addresses. Due to the huge amount of data leaked, the operation was called #MilitaryMeltdownMonday.
We infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty. Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!). We also added the complete sqldump, compressed ~50mb, for a good measure.
The entire statement is available on pastebin, while the leaked data have been inserted into a torrent at The Pirate Bay, and are also already available on pastebin, although password are hashed (but not salted).
We also were able to access their svn, grabbing 4gb of source code. But this was deemed insignificant and a waste of valuable space, so we merely grabbed it, and wiped it from their system.
It was clear that something was in the air since a couple of days, as some tweets announced “the biggest day in #anonymous‘ history according to sabu”:
This might be an indication that the ghost of the infamous group LulzSec played a crucial role in the attack to Booz Allen Hamilton. As a matter of fact Sabu, is the alleged leader of the infamous group LulzSec, and also the alleged author of the hack to HBGary Federal, another military contractor hacked earlier this year becouse of its CEO Aaron Barr claimed to have unmasked some Anonymous members. In response to his actions, the hackers dumped 71,000 emails which revealed, among the others things, that HBGary had worked with Booz Allen Hamilton to develop a response plan for Bank of America based on what the bank feared might be an upcoming leak of its internal documents by WikiLeaks.
The Anonymous statement also paints the contractor as another player involved (together with HBGary) on a military project, dubbed Operation Metal Gear by Anonymous (for lack of an official title) designed to manipulate social media, and as a revolving door of military-related conflicts of interest, and argues that the firm has been involved in mass surveillance projects.
The company wrote on its Twitter feed that “as part of @BoozeAllen security policy, we generally do not comment on specific threats or actions taken against our systems.”
This is only the last attack to a U.S. Contractor. On July, the 9th, Anonymous attacked IRC Federal, an FBI contractor, and dumped the content of the attack on a torrent available once again at The Pirate Bay. The dumped content apparently included databases, private emails, contracts, development schematics, and internal documents for various government institutions. The attack was performed as a sequel to the first one against Infragard, another FBI affiliate, on June, the 3rd performed (what a coincidence) from LulzSec.
After HBGary Federal, between April and May 2011 three U.S. Defense contractors: L-3, Lockheed Martin and Northrop Grumman were attacked by using compromised RSA seeds, although in this case no one has been identified as the author of the attacks, and also no connection with anonymous has been found.
- Hackers claim they exposed Booz Allen Hamilton data (news.cnet.com)
- 50 Days of Hunt (paulsparrows.wordpress.com)