Posts tagged hacking

War on Anonymous: British Spies Attacked Hackers

NBC News reports that British intelligence engaged in a distributed denial of service (DDoS) attack on Anonymous:

A secret British spy unit created to mount cyber attacks on Britain’s enemies has waged war on the hacktivists of Anonymous and LulzSec, according to documents taken from the National Security Agency by Edward Snowden and obtained by NBC News.

The blunt instrument the spy unit used to target hackers, however, also interrupted the web communications of political dissidents who did not engage in any illegal hacking. It may also have shut down websites with no connection to Anonymous.

According to the documents, a division of Government Communications Headquarters (GCHQ), the British counterpart of the NSA, shut down communications among Anonymous hacktivists by launching a “denial of service” (DDOS) attack – the same technique hackers use to take down bank, retail and government websites – making the British government the first Western government known to have conducted such an attack.

Writing in Wired, McGill University’s Gabriella Coleman says the British government tactics are an extrajudicial danger that affects us all:

Whether you agree with the activities of Anonymous or not — which have included everything from supporting the Arab Spring protests to DDoSing copyright organizations to doxing child pornography site users — the salient point is that democratic governments now seem to be using their very tactics against them.

The key difference, however, is that while those involved in Anonymous can and have faced their day in court for those tactics, the British government has not. When Anonymous engages in lawbreaking, they are always taking a huge risk in doing so. But with unlimited resources and no oversight, organizations like the GCHQ (and theoretically the NSA) can do as they please. And it’s this power differential that makes all the difference

…But here’s the thing: You don’t even need to believe in or support DDoS as a protest tactic to find the latest Snowden revelations troubling. There are clearly defined laws and processes that a democratic government is supposed to follow. Yet here, the British government is apparently throwing out due process and essentially proceeding straight to the punishment — using a method that is considered illegal and punishable by years in prison.

FJP: Read that last line again. So, for example, a hacker fined $183,000 and put on probation for participating in 1 minute of a DDoS attack. And here’s a search across the FBI’s Web site for its prosecutions for DDoS attacks.

At a young age you can have more influence than at any time in journalistic history and the mistakes you make at a younger age are more visible than ever before.

Sree Sreenivasan, Chief Digital Officer, Columbia University, to the New York Times about last week’s indictment of Matthew Keys. The 26-year-old deputy social media editor at Reuters was charged by federal prosecutors with assisting members of Anonymous in defacing a 2010 Los Angeles Times story. Under the Computer Fraud and Abuse Act, Keys could face fines of up to $750,000 and 25 years in prison.

New York Times, Hacker Case Leads to Calls for Better Law.

The hackers changed the headline of a Times story from “Pressure Builds in House to Pass Tax-Cut Package” to “Pressure Builds in House to Elect CHIPPY 1337.”

Information is an existential threat to these regimes.

James Lewis, a cybersecurity expert, to the Wall Street Journal. Chinese Hackers Hit U.S. Media.

Yesterday we noted that the hackers in China have infiltrated the New York Times’ computer systems.

Today, the Wall Street Journal reports that it — along with Reuters and Bloomberg among others — has also been hacked:

Chinese hackers for years have targeted major U.S. media companies with hacking that has penetrated inside newsgathering systems, several people familiar with the response to the cyberattacks said. Tapping reporters’ computers could allow Beijing to identify sources on articles and information about pending stories. Chinese authorities in the past have penalized Chinese nationals who have passed information to foreign reporters.

Journal sources on occasion have become hard to reach after information identifying them was included in emails. However, Western reporters in China long have assumed that authorities are monitoring their communications and act accordingly in sensitive cases…

…Among the targets were a handful of journalists in the Beijing bureau, including Jeremy Page, who wrote articles about the murder of British businessman Neil Heywood in a scandal that helped bring down Chinese politician Bo Xilai, people familiar with the matter said. Beijing Bureau Chief Andrew Browne also was a target, they said.

For its part, a spokesperson for the Chinese government rejects the allegation that it is behind the attacks.

UPDATE: Add the Washington Post to the list.

Hackers in China Infiltrate the New York Times
Via The New York Times:

For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees…
The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.
Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen’s relatives, and Jim Yardley, The Times’s South Asia bureau chief in India, who previously worked as bureau chief in Beijing…
…The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China…
…Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times’s newsroom. Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family.

Image: The Times’ Patrick LaForge keeping things positive in a post on Twitter.

Hackers in China Infiltrate the New York Times

Via The New York Times:

For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees…

The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.

Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen’s relatives, and Jim Yardley, The Times’s South Asia bureau chief in India, who previously worked as bureau chief in Beijing…

…The hackers tried to cloak the source of the attacks on The Times by first penetrating computers at United States universities and routing the attacks through them, said computer security experts at Mandiant, the company hired by The Times. This matches the subterfuge used in many other attacks that Mandiant has tracked to China…

…Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times’s newsroom. Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family.

Image: The Times’ Patrick LaForge keeping things positive in a post on Twitter.

How to Hack Your Way to True Love
Brain Pickings features the story of Amy Webb, a journalist and digital strategist who, after a series of bad dates and heartbreak, turned to data to figure out just what she wants in a man, and reverse-engineered a profile that would attract the type of man she was looking for.

This allowed her to create a “super profile,” her very own custom “algorithm” of love. Once she looked at her data and set up a real profile for herself, it was a matter of time until she met Brian, fell in love, got married, and started a family — your ordinary happily-ever-after fairy tale ending, with an extraordinary side of quantitative and qualitative magic. Read on.

She wrote a book about it all: see here.And a gave a TED Talk: see here.
Image: Cover of Webb’s book.

How to Hack Your Way to True Love

Brain Pickings features the story of Amy Webb, a journalist and digital strategist who, after a series of bad dates and heartbreak, turned to data to figure out just what she wants in a man, and reverse-engineered a profile that would attract the type of man she was looking for.

This allowed her to create a “super profile,” her very own custom “algorithm” of love. Once she looked at her data and set up a real profile for herself, it was a matter of time until she met Brian, fell in love, got married, and started a family — your ordinary happily-ever-after fairy tale ending, with an extraordinary side of quantitative and qualitative magic. Read on.

She wrote a book about it all: see here.
And a gave a TED Talk: see here.

Image: Cover of Webb’s book.

Because like the other cases brought against hackers across the country, the case against Aaron isn’t just about technology providing new means for people to act independently and enact democracy. It isn’t even really about justice and national security. It’s about a broader, systemic battle.

It’s about power.
infoneer-pulse:

A Real-Time Map of Global Cyberattacks

Cyberattacks are happening constantly across the globe, and now you can see what that looks in real-time with [this map by the Honeynet Project](http://map.honeycloud.net/) that shows so many attacks, it looks and feels like it’s straight out of an apocalyptic war movie.
Each red dot that pops up when you go to the map represents an attack on a computer. Yellow dots represent honeypots, or systems set up to record incoming attacks. The black box on the bottom says where each attack is coming from as they come in. The data comes from the members of Honeynet Project’s network of honeypot sensors that choose to publish the attacks. Not all of members of the project, which has more than 40 chapters around the world, chose to push data, which is why more red dots show up in Europe. 

» via The Atlantic

FJP: You sank my battleship?

infoneer-pulse:

A Real-Time Map of Global Cyberattacks

Cyberattacks are happening constantly across the globe, and now you can see what that looks in real-time with [this map by the Honeynet Project](http://map.honeycloud.net/) that shows so many attacks, it looks and feels like it’s straight out of an apocalyptic war movie.

Each red dot that pops up when you go to the map represents an attack on a computer. Yellow dots represent honeypots, or systems set up to record incoming attacks. The black box on the bottom says where each attack is coming from as they come in. The data comes from the members of Honeynet Project’s network of honeypot sensors that choose to publish the attacks. Not all of members of the project, which has more than 40 chapters around the world, chose to push data, which is why more red dots show up in Europe. 

» via The Atlantic

FJP: You sank my battleship?

The Perils of Free Messaging Apps, Specifically WhatsApp

via Worldcrunch:

WhatsApp is set up to make the service friendly to new users who don’t have to provide their own combination of user name and password – they just use the existing info relating to their phone as login data. Telephone numbers are simply and clearly the basis for user names, and WhatsApp passwords — at least on Android phones — are clearly based on a phone’s IMEI serial number.

Granger discovered that to generate a password out of the IMEI number the app just changes the order of the digits – “your password is likely to be an inverse of your phones IMEI number with an MD5 cryptographic hash thrown on top of it.” What that means is that anybody who knows a phone’s IMEI number can figure out the password.

Many apps use IMEI numbers to identify phones, and any installed program can access that information and pass it on to an external database. In the event that what happened to iPhone this week (a hacker group released one million Apple UDIDs) happens to WhatsApp, and a database generated from the phone serial numbers were to be made public, WhatsApp user accounts would be compromised and become targets for spammers. Not that hackers have lost any time — on gray market sites, databases of Android phone serial numbers and corresponding cell phone numbers are sold under the keyword WhatsApp.

FJP: Filing this under- be smart and secure about your online and mobile life.

Al Jazeera website hacked by Syria's Assad loyalists

Via Reuters:

The website of Qatar-based satellite news network Al Jazeera was apparently hacked on Tuesday by Syrian government loyalists for what they said was the television channel’s support for the “armed terrorist groups and spreading lies and fabricated news”.

A Syrian flag and statement denouncing Al Jazeera’s “positions against the Syrian people and government” were posted on the Arabic site of the channel in response to its coverage of the uprising against President Bashar al-Assad which began in March last year.

Anonymous Hacks Hundreds of Chinese Government Sites
Via International Business Times:

The Anonymous hacking collective has landed in China, home of some of the most tightly controlled internet access in the world, and defaced hundreds of government websites in what appears to be a massive online operation against Beijing…
…The defaced homepages carry a statement against the Chinese government along with the traditional Anonymous banner and the generational anthem Baba O’Riley by The Who played in background.
"All these years, the Chinese communist government has subjected its people to unfair laws and unhealthy processes," reads the statement. "Dear Chinese government, you are not infallible, today websites are hacked, tomorrow it will be your vile regime that will fall."
It contains also a message directed at the Chinese people: “Each of you suffers from the tyranny of that regime which knows nothing about you,” reads the message. “We are with you. […]The silence of all other countries highlights the lack of democracy and justice in China. It’s unbearable.”
The defacements also provide a link with tips on how to bypass state censorship.

On Pastebin, Anonymous lists the sites they’ve claimed to have hacked. And yes, Baba O’Riley does play if/when you go to them.

Anonymous Hacks Hundreds of Chinese Government Sites

Via International Business Times:

The Anonymous hacking collective has landed in China, home of some of the most tightly controlled internet access in the world, and defaced hundreds of government websites in what appears to be a massive online operation against Beijing…

…The defaced homepages carry a statement against the Chinese government along with the traditional Anonymous banner and the generational anthem Baba O’Riley by The Who played in background.

"All these years, the Chinese communist government has subjected its people to unfair laws and unhealthy processes," reads the statement. "Dear Chinese government, you are not infallible, today websites are hacked, tomorrow it will be your vile regime that will fall."

It contains also a message directed at the Chinese people: “Each of you suffers from the tyranny of that regime which knows nothing about you,” reads the message. “We are with you. […]The silence of all other countries highlights the lack of democracy and justice in China. It’s unbearable.”

The defacements also provide a link with tips on how to bypass state censorship.

On Pastebin, Anonymous lists the sites they’ve claimed to have hacked. And yes, Baba O’Riley does play if/when you go to them.

Daily Mail made 1,728 potentially illegal requests to private detective

Just when the Daily Mail gets some longread love from the New Yorker, the Guardian reports that Daily Mail journalists paid private investigators about $227,000 to “unearth phone numbers and addresses of public figures over a three-year period, including personal details of the Duchess of Cambridge and her sister Pippa Middleton.”

Via the Guardian:

The tabloid demanded the private information between 2000 and 2003 from Steve Whittamore – whose targets for a range of newspapers included the union leader Bob Crow, the family of the murder victim Holly Wells, members of the England football team and the singer Charlotte Church. The Daily Mail made the most requests, with its sister title the Mail on Sunday spending an estimated £62,000 on 578 requests for information. The Sunday title’s figure was also roughly double the number of requests counted by the information commissioner in a report in 2006…

…Obtaining such personal information is a breach of section 55 of the Data Protection Act, although there is a public interest defence. If anybody working in the public sector was paid money to supply information illegally, it could amount to an offence under the more serious 1906 Prevention of Corruption Act, for which there is no public interest defence. Whittamore himself pleaded guilty to breaches of the Data Protection Act in 2005 and received a two-year conditional discharge.

reuters:

Pressure is building in Britain and Australia for fresh probes into Rupert Murdoch’s News Corp, already under siege over phone-hacking claims, after allegations that it ran a secret unit that promoted pirating of pay-TV rivals.
The Australian Financial Review on Wednesday alleged that News Corp had used a special unit, Operational Security, set up in the mid-1990s, to sabotage its competitors, reinforcing claims in a BBC Panorama documentary aired earlier this week.
“These are serious allegations, and any allegations of criminal activity should be referred to the AFP (Australian Federal police) for investigation,” a spokeswoman for Australian Communications Minister Stephen Conroy told Reuters.
READ MORE: TV piracy claims put more pressure on Murdoch’s empire

FJP: Just finished reading the BBC’s take on this here. — Michael

reuters:

Pressure is building in Britain and Australia for fresh probes into Rupert Murdoch’s News Corp, already under siege over phone-hacking claims, after allegations that it ran a secret unit that promoted pirating of pay-TV rivals.

The Australian Financial Review on Wednesday alleged that News Corp had used a special unit, Operational Security, set up in the mid-1990s, to sabotage its competitors, reinforcing claims in a BBC Panorama documentary aired earlier this week.

“These are serious allegations, and any allegations of criminal activity should be referred to the AFP (Australian Federal police) for investigation,” a spokeswoman for Australian Communications Minister Stephen Conroy told Reuters.

FJP: Just finished reading the BBC’s take on this here. — Michael

News Scandals are Theatrical

Via Journalism.co.uk:

The “current crisis” engulfing UK newspaper journalism has inspired a new fast-turnaround theatre production that will launch in Glasgow at the end of April.

The National Theatre of Scotland and the London Review of Books have teamed up to produce Enquirer, which will be performed in an empty floor of an office block in Glasgow’s digital media quarter at Pacific Quay, before moving to London later in the year.

It is based on more than 50 interviews with people working in the newspaper industry - from reporters to printers and newsagents - conducted by journalists Paul Flynn, Deborah Orr and Ruth Wishart.

The transcripts from the interviews will be edited into a script, and the project will be updated throughout the rehearsal and performance period to reflect the current state of events in the phone hacking story and the Leveson inquiry.

This is devastating to the organization. We’re chopping off the head of LulzSec.

FBI official to Fox News on the arrest of key members of the hacktivist group LulzSec. The Atlantic Wire, FBI Says LulzSec Hacker Kingpin Was an Informant.

Apparently arrested in New York was LulzSec “leader” Hector Xavier Monsegur. Additional arrests occurred in England, Ireland and Chicago.