web application hacking

FBI Arrests, Searches Do Little to Quiet Anonymous

ED: FBI Arrests, Searches Do Little to Quiet AnonymousDEK: There are more questions than answers two days after a spate of arrests of alleged members of the group Anonymous, with the group’s core leadership escaping attention. Was the arrest of more than a dozen members of the group Anonymous a decisive blow to the amorphous hacking collective, or an example of federal authorities rounding up “the usual suspects?” Two days after FBI agents conducted raids and searches on homes in nine states and the District of Columbia and arrested 16 suspected members of the anarchic hacking group Anonymous, security experts are asking that very question, as Anonymous promises retribution for the arrests and more hacks, suggesting its core leadership was untouched by the massive law enforcement action. The FBI arrests targeted individuals who participated in a distributed denial of service (DDoS) attacks on the Web sites of Paypal, the online payment Web site in December, 2010, according to a 15 count indictment published in U.S. District Court in San Jose California. Fourteen of the accused are alleged to have distributed a denial of service software application, dubbed LOIC – for the Low Orbit Ion Cannon – and to have used that program to attack servers belonging to Paypal. Two other defendents are linked to the theft and publication of data related to AT&T and the FBI’s Infraguard Program. On Thursday, Anonymous and the affiliated group Lulz Security issued a statement via Twitter lambasting the FBI and “international law authrities” for statements made in the aftermath of the arrests promising further action. “We’re back – and we’re not going anywhere. Expect us,” the statement read. (http://pastebin.com/RA15ix7S) Anonygroup also hinted at new disclosures stemming from hacks of Rupert Murdoch’s Sun tabloid in the UK and a reported breach of systems belonging to NATO. As it stands, none of the sixteen individuals named in the published  indictments shows up in lists of known and suspected leaders of Anonymous, which have been publicized by groups like Backtracesecurity.com, Rather, the arrests and searches appear similar to those conducted in Europe, including the December, 2010 arrest of a Dutch teenager for participating in DDoS attacks on the Web sites of Mastercard and Visa. (http://threatpost.com/en_us/blogs/dutch-arrest-16-year-old-wikileaks-attack-121010) Similarly, 35 searches of homes were carried out on Tuesday, with authorities stressing that, in some cases, the computers seized in those searches may have been involved in DDoS attacks without the knowledge or explicit consent of their owners. Rather than technical leaders responsible for coordinating and carrying out the hacks of firms like HBGary, Sony, The Sun or Booz Allen Hamilton, the Anonymous members brought to court this week  – almost all in their early- to mid twenties – are likely sympathizers who acted as functionaries or low level foot soldiers, helping to coordinate or carry out DDoS attacks. Still in question is the status of arrests and searches carried out in recent weeks on higher level members. They include the rumored arrest of a high ranking member of AnonOps known as “ev0”, the search and arrest of 19 year-old Ryan Cleary of the UK on June 20 and the search of the  Ohio home belonging to Marshal Webb, who used the online handle m_nerva among others.http://threatpost.com/en_us/blogs/home-outed-lulzsec-member-mnerva-raided-ohio-062911There are more questions than answers two days after a spate of arrests of alleged members of the group Anonymous, with the group’s core leadership apparently escaping the attention of law enforcement. 

Fox News Caught Sleeping After Twitter Account Hacked

UPDATE: Rupert Murdoch’s Fox News Network was caught sleeping on Independence day after unknown assailants compromised its @FoxNewsPolitics Twitter account early Monday and sent a string of messages claiming U.S. President Barack Obama had been shot and killed – a macabre display on the U.S.’s Independence Day. 

RSA acknowledged on Monday that a hack at Lockheed Martin was tied to the theft of information on its SecurID tokens. The company offered to replace the tokens for customers, but experts wonder whether RSA should go further and recall SecurID tokens from the market.

A group calling itself Lulzsec took credit for yet another high profile attacks over the weekend, compromising an information sharing program run by the FBI that counts some of the nation’s leading security and private sector firms as partners, then publicizing another hack of electronics giant Sony on Monday.

A high-profile attack on PBS, the U.S. Public Broadcasting System, was made possible by a previously unknown hole in the MoveableType content management software, according to the hacking group that claimed responsibility for the hack.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.