This morning the Anonymous tweets are particularly loud in Italy. It looks like a splinter cell of Anonymous hacked the Italian Cyber Police (CNAIPIC) releasing an image previews, two preview archives and a structure of the file archive (links are currently working). According to the related pastebin the content of the whole leak should amount to 8 Gb of data.
The Italian Cyber Police was heavily involved into the 32 raids which led, at the beginning of July, to the arrest of 15 alleged anonymous members in Italy during a campaign which interested the whole country and the Switzerland where the alleged leader of the group resided. Probably, to confirm a consolidated “tradition” of the group, the Anonymous decided to have a clamorous revenge (does this remember the HBGary affair?).
Moreover, this alleged leak follows another resounding leak happened in Italy, nearly in contemporary with the above raids, targeting several of the main Italian Universities.
This July 2011 seems to be endless from an Infosec perspective and, at my memory, I do not remember Italy has ever been involved so much, with actions by both sides.
Here is the full pastebin content:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ____ _______ ________
| | \ _ \ _____ \______ \
| | / /_\ \\__ \ | | \
| |__\ \_/ \/ __ \_| ` \
|_______ \_____ (____ /_______ /
\/ \/ \/ \/
+Legion of Anonymous Doom+ Release Zero1+
This is a prerelease of a series we are going to make to reveal the biggest in history of European LE cyber operation Evidence exploitation and abuse. Thing’s gonna get published and twittered all over anonymous and lulzsec community.
Today we were granted with the Italian law enforcement Pandora box, we really think it shall be a new era of “regreaissance” to the almighty Homeland Security Cyber Operation Unit in EU.
So we decided to leak everything they got since they were established as a full scale cyber taskforce named CNAIPIC.
This corrupted organization gathered all the evidence from the seized property of suspected computer professional entertainers and utilized it over many years to conduct illegal operations with foreign intelligence agencies and oligarchy to facilitate their lust for power and money, they never used obtained evidence to really support ongoing investigations.
Today we reveal a whole Load of stuff (estimated leak would be over 8Gb) from such owned institutions, just to make it clear all of this stuff was stored on CNAIPIC evidence servers for years while people are doing time in jail waiting for the trial while CNAIPIC used the evidence in the global spy game galore:
Egypt: Ministry of Transport and Communication
Australia: Ministry of Defence
Russia: Atomstroyexport, Diaskan, Sibneft, Gazprom etc.
Ukraine: several embassies and consulates on it’s territory
Nepal: Ministry of Foreign Affairs
Belarus: Ministry of Foreign Affairs, Belneftehim, Belspetzexport
Gibraltar, Cyprus, Cayman Islands etc: Tecno Develp, Line Holdings, Dugsberry Inc, Alpha Prime, Alpha Minerals etc.
Vietnam: PetroVietnam (PTSC), Ministry of Natural Resources (MONRE)
USA: EXXON MOBIL, US Department of agriculture and hundreds of attorneys and DOJ accounts including: McCallion & Associates LLP, Goodkind, Labaton, Rudoff & Sucharow, LLP, and hundreds of bullshit agencies we don’t even know why we pay taxes to support all of them.
So to cut the crap let’s get it over with fellaz…
Is the image preview to get a glimpse on what is meant to be said.
first of 2 preview archives with preview documents to get a general idea.
2nd preview archive
CNAIPIC file structure and listing Part 1
Thank you all,
Stay tuned…4 update on this one.
Not even a single day has passed since the raid of the Italian Police against some alleged Italian Anonymous members, and a new hacker group, whose name LulzStorm reminds unequivocally the Lulz Boat, has been the author of a clamorous action of hacking against several Italian universities.
On July the 6th, the “Silence of the Tweets” following the Italian Police raids has been broken by @LulzStorm (which had not been taking part to #opitaly until then) with some tweets announcing the availability of the Italian University Dump.
Besides the data, the torrent contains a real declaration of war:
unisi.it (Università Degli Studi di Siena)
unisa.it (Università Degli Studi di Salerno)
uniroma1.it (Università La Sapienza di Roma)
antonianum.eu (Pontificia Università Antonianum)
econoca.it (Università Degli Studi di Cagliari, Facoltà di Economia)
uniba.it (Università Degli Studi di Bari)
unibocconi.it (Università Commerciale Luigi Bocconi)
unifg.it (Università Degli Studi di Foggia)
unime.it (Università Degli Studi di Messina)
unimib.it (Università Degli Studi Milano Bicocca)
uniurb.it (Università Degli Studi di Urbino)
unibo.it (Università Degli Studi di Bologna)
unipv.it (Università Degli Studi di Pavia)
unina2.it (Seconda Università Degli Studi di Napoli)
unile.it (Università del Salento)
polimi.it (Politecnico di Milano)
unito.it (Università Degli Studi di Torino)
unimo.it (Università Degli Studi di Modena e Reggio Emilia)
Is not clear if the attack was perpetrated as a revenge for the campaign against the “Italian Chapter” of Anonymous, but, of course, it had ample space on media, rasing many questions and concerns even among non-professionals. The chancellors of the affected universities (among which “La Sapienza di Roma and the Politecnico di Milano, etc), immediately replied that the deployed countermeasures were able to stop the attack and in many cases no sensitive data were stolen.
Even if the attack details have not been unleashed, it looks like this might be yet another occurrence of an SQL Injection attack which may be considered the real lethal weapon of this tremendous 2011 (if we do not consider DDoS attacks which are not considered an elegant vector by “purists”). I do not know if, as Veracode claims, 10.000 bucks would have prevented the Sony Breach, but for sure more secure coding and a more efficient deploying of Web/DB firewall are necessarily needed.
Another aspects concerns the Italian 193/2006 law, which in theory obliges each institutions managing sensitive data (such as passwords), to keep them encrypted. Regulations are useless if not properly audited: I must confess I had the opportunity to analyze the torrent and I may confirm that in several cases leaked data include e-mails and passwords in clear. As a consequence, the question among infosec professionals is legitimate: why those data were not stored in compliance with the above quoted law? Regardless of the method used, if the attackers meant to show security weaknesses (in technology and regulations) probably they were successful, up to the point that several lawyers with expert knowledge in privacy claim that students may in theory obtain compensation for damage caused by poor security measures taken by universities.
In any case the declarations made by the Italian Anonymous suggest that this could only be the first occurrence. Are we ready for that?