The ugly dark side of Facebook memes
James Denham does not have a strong social media following. He’s basically anonymous; type his name into Google, and you’re not going to find anything about him. But in January, Denham ran across an image of what appeared to be two teenagers cruelly hanging a puppy by a string and posted it to his Facebook wall. Text on the image implores users to “share this picture” and contact authorities if they recognize the perpetrators.
The photo has since been shared over 70,000 times from this profile, making it among the most widely viewed content on the site. Yet what Denham didn’t realize at first is this image has been circulating on the Internet for years, and the culprits were identified long ago. Read more...
Anonymous says it hacked Chinese government sites
China was struggling Thursday to restore several government websites that international hacking group Anonymous says it attacked in an apparent protest against Chinese Internet restrictions.
On a Twitter account established in late March, Anonymous China listed the websites it says it hacked over the last several days. They include government bureaus in several Chinese cities, including in Chengdu, a provincial capital in southwest China.
Some of the sites were still blocked Thursday, with error messages shown. Read more...
Too Big To Fail: Why Anonymous And Hacktivism Will Go On After Sabu
Earlier today, authorities descended on a hacker called Sabu and five of his cohorts, who are now in custody, with more than a little love lost between him and the bigger Anonymous group with which they were associated. The reports claim that Sabu (real name, Hector Xavier Monsegur) had been an informant for months over the group’s hacking, distributed denial of service, and other attacks used to bring down websites against which they were protesting.
That’s an explosive betrayal that seems almost too dramatic to be true. But while the news today has surely rocked a lot of people, for those closely involved with this movement, experts in the field of online security believe it is unlikely to make much of a difference longer term.
Quite simply, Anonymous is too big to fail. Read more...
Hacker on hacker: Zeus bot master dupes Anonymous backers into installing password stealer
Hackers have duped supporters of the Anonymous group into installing the Zeus botnet, which steals confidential information from PCs, including banking usernames and passwords, security researchers said last week.
According to Symantec, someone modified a link to a popular distributed denial-of-service (DDoS) attack tool to direct users to a Zeus bot Trojan instead.
The replacement of a Zeus client for the "Slowloris" DDoS tool took place on the day after Anonymous launched strikes against websites operated by the U.S. Department of Justice, the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), and others in retaliation for the arrest of four men associated with the popular Megaupload "cyberlocker" site on charges of copyright infringement, money laundering and racketeering. Read more...
Anonymous threatens to DDOS root Internet servers
An upcoming campaign announced by the hacking group Anonymous directed against the Internet's core address lookup system is unlikely to cause much damage, according to one security expert.
In a warning on Pastebin, Anonymous said last Thursday it would launch an action on March 31 as part of "Operation Global Blackout" that would target the root Domain Name System (DNS) servers.
Anonymous said the attack has been planned as a protest against "our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun".
The DNS translates a Web site name, such as www.idg.com, into a numerical IP (Internet Protocol) address, which is used by computers to find the Web site. Read more...
Threatened by Anonymous, Symantec tells users to pull pcAnywhere’s plug
Symantec this week took the highly unusual step of telling users of its pcAnywhere remote access software to disable or uninstall the software while it fixes an unknown number of bugs.
Security experts said the move was unprecedented for a company of Symantec's size.
"This is the first time I have seen a company of Symantec's scale tell their customers to stop using a shipping product, especially one that many users depend on for remote access," said HD Moore, chief technology officer of Rapid7, and the creator of the popular Metasploit penetration testing toolkit.
"It's certainly a new precedent for a security breach," added Andrew Storms, director of security operations at nCircle Security. "Talk about dirty laundry getting aired."
Symantec's recommendation was blunt. Read more...
‘Anonymous’ hackers target US security think tank
The loose-knit hacking movement "Anonymous" claimed Sunday to have stolen thousands of credit card numbers and other personal information belonging to clients of U.S.-based security think tank Stratfor. One hacker said the goal was to pilfer funds from individuals' accounts to give away as Christmas donations, and some victims confirmed unauthorized transactions linked to their credit cards.
Anonymous boasted of stealing Stratfor's confidential client list, which includes entities ranging from Apple Inc. to the U.S. Air Force to the Miami Police Department, and mining it for more than 4,000 credit card numbers, passwords and home addresses. Read more...
Anonymous breaches San Francisco’s public transport site
The hacking collective Anonymous released personal data on Sunday belonging to more than 2,000 public transport customers in the San Francisco area in retaliation for the Bay Area Rapid Transit (BART) system's shutdown of mobile phone service on Thursday night.
The data came from myBART.org and consists of user names, last names, addresses and telephone numbers for riders who used the website to manage their accounts. On Monday, the site was a blank white page with the message that it was unavailable for "renovation." Read more...
Syrian hackers retaliate, deface Anonymous’ social network
A Syrian hacker group retaliated today by vandalizing AnonPlus, Anonymous' social network site.
After the hacking gang Anonymous took credit for defacing Syria's Ministry of Defense website, a Syrian group today retaliated by posting gruesome photos on Anonymous' embryonic social network.
The defacement of AnonPlus -- the site Anonymous set up last month when it was booted off Google+ -- did not include the name of the group responsible.
The University of Toronto's Citizen Lab, based at the Munk School of Global Affairs, however, credited the AnonPlus defacement to the "Syrian Electronic Army" in a message posted to Twitter.
Defcon: The lesson of Anonymous? Corporate security is weak
Anonymous has run up quite a score against corporations, governments and law enforcement agencies, but for all these warnings corporate executives are turning their heads from the real problem -- their network security is terrible, a panel of experts concluded at Defcon.
The particularly high profile attack against security firm HBGary by the hacker collective earlier this year caught the attention of C-level executives for a few weeks, but then they relaxed, says krypt3ia, a panel member, a security blogger and longtime infosec practitioner.
The executives could have redoubled efforts to better defend their networks, but that's not what's happening. Rather than invest in better security, they're looking to hedge the economic impact if they do get hacked, he says. Read more...
AntiSec hackers dump data after hacking police websites
The war between law enforcement and the Anonymous hacking collective continued this weekend as hackers dumped a 10GB database that included private emails and information sent by confidential informants. Hackers say they stole information during an attack on more than 70 small-town law enforcement agencies.
The hackers, an Anonymous-affiliated group known as AntiSec, say that they hope to "embarrass, discredit and incriminate police officers across the US," in retaliation for ongoing arrests of Anonymous members.
AntiSec said that it had compromised servers at Brooks-Jeffrey, a Mountain Home, Arkansas, company that runs a computer store and online marketing firm. Brooks-Jeffrey Marketing builds websites for sheriffs' agencies throughout the southern United States. "It took less than 24 hours to root BJM's server and copy all their data to our private servers," AntiSec said in a statement, posted Saturday. Read more...
Anonymous suspect ‘Topiary’ charged over DDoS attacks
The 18-year-old teenager identified by police as the spokesman for the hacking groups Anonymous and Lulz Security was charged on Sunday with five offenses and expected to appear Monday in a London court.
Jake Davis, 18, was arrested in the Shetland Islands on Wednesday. He is alleged by police to be "Topiary," a spokesman who did interviews with media and ran a prolific Twitter account documenting frequent denial-of-service attacks and data theft escapades of Anonymous and LulzSec.
Davis was charged with conspiring with others to conduct DDoS attacks against the website of the Serious Organised Crime Agency, a British law enforcement institution similar to the U.S. Federal Bureau of Investigation. Read more...
10 best practices to prevent data and privacy breaches
The antics of groups like Anonymous and LulzSec over the past few months have made data breaches seem inevitable. If information security vendors like HBGary and RSA Security aren't safe, what hope does an average SMB have? It is true that there is no silver bullet, and no impervious network security, but there are a variety of things IT admins can do to prevent network breaches and protect data and privacy better.
The Web safety and online identity protection experts at SafetyWeb.com and myID.com helped put together a list of 10 different data and privacy breach scenarios, along with suggestions and best practices to avoid them.
1. Data breach resulting from poor networking choices. Names like Cisco and Sun are synonymous with enterprise-level networking technologies used in large IT departments around the world. Small or medium businesses, however, generally lack the budget necessary for equipment like that. If an SMB has a network infrastructures at all, it may be built around networking hardware designed for consumer use. Some may forego the use of routers at all, plugging directly into the Internet. Business owners can improve network security and block most threats by using a quality router, like a Netgear or Buffalo brand router and making sure to change the router password from the default. Read more...