CISPA Bill Passed by Representatives Again – Trouble on the Horizon!

The Cyber Information Sharing and Protection Act, AKA CISPA, has once again passed in the US House of Representatives. Reminder that this bill gives government agencies and their other agencies access to personal, private user data to help monitor for the presence of hackers.

Now, when CISPA was first passed, Senate said NO! Also, President Barack Obama has said that he’d veto the bill if it came through his office. Because of the different privacy issues, many advocates against this bill will fight it to the end.

This bill has been backed by bigwig business for a long period of time, almost since the beginning of the talks of this bill. Maybe it could be the big government contract ($$$) for these big businesses that seem attractive or maybe could be the fact that these business truly believe to end hackers’ abilities.

Will it completely stop hacker initiatives? Probably not. However, it would provide the ability to try to limit some of the bigger initiatives.

Government sectors of China, Russia, etc. are a bit of a cyberthreat to the United States, information access is what the US will need if it wants ahead of the game. Do you agree?

Of course the president of the US doesn’t want it passed if it violates the rights of citizens. But, in the end, realize that if money among other things, like personally-identifiable-information were to be stolen every year — and people would realize this, then people should have no problem with their data being accessible to US authorities rather than hackers.

The bright side would be, is if government authorities have access to your private data, it isn’t going to spread around like wildfire, unlike what’d happen if a hacker got a hold of it.

It’s easy to do an Internet search for lists of email addresses, and pull up loads upon loads of private email addresses that hackers posted in public to humiliate those that haven’t been smart enough to keep it secret.

Spammers and phishers, all the time, access your private information on Facebook, if you accidentally click the wrong link or follow a malicious email link – which asks you to ‘enter your Facebook username and password to continue.’

Some people argue that the government doesn’t care for internet users but rather cares for the money they’d get. Well, actually, if you think about it, the government is paying these big businesses to participate in the information sharing process, so the American people’s pocketbooks/wallets can be protected, and their own privacy.

Who else has protested this? Anonymous:

Even the Reddit co-founder is urging the US Government to NOT pass it.

What should be our take? You decide. My vote is neutral. I see this bill as a good thing in spots (because of potentially ending hacker initiatives and malware/virus threats), however, it poses a major privacy threat. For most advocates of privacy, I agree with them.

Your opinion matters too! Contact your local senator and let your voice be heard. It’s usually best to write a letter, which provides good results. Providing written documentation of a fair but firm protest is the best way to go.

Anonymous Says “Expect Us 2013” – #OpNewBlood – McAfee Underestimates

Anonymous is not going away. Just wanted everyone to know that. It’s not a likely thing for them to disappear at all. From what McAfee made it sound like, is that Anonymous was low-key and not a big threat. However, it is to be disagreed with. They could strike crazy at any time with a hacking attack.

Their year-in-review video details what they have done, and it is clear they have similar plans in 2013, if not more. Some are saying the next mission to finally carry out is “#OpNewBlood”. This is actually an old plan, but they’re still carrying it out. There are already tons of posts on Twitter discussing #OpNewBlood, and how many people can freely join Anonymous. Some have linked to how to set up chatting in IRC and how to be anonymous when browsing the Internet. Many recruiting efforts are underway, such as AnonyOnion. Can anyone LOL?

Their press release on AnonNews characterizes an “Expect Us 2013” banner. See for yourself. Apparently, a lot of the new operations would be led by @Crypt0nymous.

Anyway, back to the details about the video, it details info about the temporary shutdown of websites belonging to The US Department of Justice, the FBI, the Motion Picture Association of America – which were all in protest of the indictment of MegaUpload. Although the sites were temporarily down, it sent a message of protest against the US Government, in hopes to say that people still have a voice.

However, the hacktivism continues, and is showcased in the video. It shows newsreels of Anonymous’ intervention in Syria, when the Syrian Government shut down Internet access for a day. Apparently, from what also showed up in the video involved Anonymous’ “cyberwar” against the Israeli Government – when clearly it is a problem with Syria and other neighboring countries.

“The operations which are listed in the video are only examples, there are far more operations,” Anonymous wrote in the statement. “Some of them still running, like Operation Syria. We are still here.”

Despite such threats, and other details that Anonymous threw in the faces of the viewers of the video (with a lot of them saying F*CK YEAH!), many other underestimate their presence. But, what risk can we take in computer security? The first time we let our guard down, Anonymous will strike. They do it every time. Never let your guard down in computer security. McAfee: We’re calling out to you. Stop spreading the message giving people the idea that Anonymous is going to be less active or less threat. We don’t need anymore damage. The more we stay aware, the better protected we will be.

This “syncopathic” (goth jargon: syncope=fainting, pathic=motivation) approach is common for Anonymous…meaning they are silent (kind of when you faint), and then all of the sudden they jump up (motivate quickly) and go into hacking/activism.

Expect Anonymous or get a reality check! That’s all we’re saying here. It’s not worth the mess/damage to let your guard down.

Anonymous Claims Leak of 3000 Donors for Israel

Hacktivist group Anonymous today claimed to have leaked the personal information — including home address, phone numbers, and email addresses — of over 3,000 individuals who are said to have donated to pro-Israel group, Unity Coalition for Israel.

This move comes after they attacked over 650 Israeli sites on November 17th, wiping their databases and leaking the usernames and passwords found within. Clearly, Anonymous is gearing up for an extended campaign against Israel as its conflict with Hamas heats up.

The file on Pastebin is extensive, and we haven’t had time to process it in full, but there appears to be personal information for at least one incumbent US Senator listed, Daniel Inouye of Hawaii, who fought the Nazis in World War II and has developed a close relationship with Israel as a politician.

 

Read more on NextWeb

Go Daddy outages on September 10 not caused by Anonymous DDoS

Go Daddy is finishing recovering from what appears to be a corruption in its router tables. Yesterday, Anonymous blabbered quickly that they had constructed a DDoS attack on GoDaddy.com, causing its servers from being inaccessible from 10 a.m.-4 p.m. PDT. However, Go Daddy CEO claims it’s not true:

The service outage was not caused by external influences. It was not a “hack” and it was not a denial of service attack (DDoS). We have determined the service outage was due to a series of internal network events that corrupted router data tables. Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again.

Go Daddy tweeted the following yesterday during this issue:

Status Alert: Hey, all. We’re aware of the trouble people are having with our site. We’re working on it.

— Go Daddy (@GoDaddy) September 10, 2012

As for if this attack was by hackers… NO it was not.

Kaspersky Anti-Virus 2013 brings you the essential antivirus technologies that your PC needs – in a product that’s easy to download, install and run. Kaspersky Anti-Virus 2013 works behind-the-scenes – defending you and your PC against viruses, spyware, Trojans, rootkits and other threats… all without significant impact on your PC’s performance. Click Here

What We All (in IT) Can Learn from Anonymous Hacking & Activism (mini-whitepaper)

Overview

When talking with several other IT professionals, they happened to know who Anonymous was. Based on hacking, activism, and other protesting events particularly online, Anonymous has become very well known around the IT world. But, the questions today have to do with how all of us (in the IT and business world) can learn from these motives by Anonymous.

Here are some automatic principles that can be learned that applies to all of us in the IT world:

1. Anonymous will not ever cease function, because it is an awesome principle. It requires the hacker to be anonymous, and to not admit identity. Tons of people worldwide do not display their picture with their name online. Ask a “private” person to put their full name online, and they will cower in fear. That is why Anonymous can get away with their motives that are done in secret.
2. The target to bring down Anonymous, is to get them to stop their hacking, and to stop the activism in the streets. It’s not getting anywhere. The collective thinks that we need a perfect world, but sadly, it won’t happen!
3. Membership in Anonymous is a “free-for-all”. Which means that even if your code name gets banned, you can come back as a different code name/IP address and continue contribution on hacking, projects (software), etc.
4. There is probably not a grand-master or leader, just people keeping the same old mission going year after year. It all began with a few voices on 4chan years ago, and keeps on going (8 years now?).
5. Time is of the essence. These people spend countless hours hacking. That means you have to work countless hours fighting back and on prevention.

What Businesses can learn

1. Anyone entering your organization with anonymous identity ideas, or asks to be anonymous (by preference), has probably bad motives.
2. It’s about time to implement better password security policies.
3. It’s also time to implement better database encryption.
4. Ensure good reputation across the entire spectrum of business…why? It attracts awesome workers, makes income rise, and makes the overall feeling of running the company a great type of feeling.
5. Ensure the host server has excellent firewall technology and antivirus. It should not allow even the tiniest of malware threats onto a client server.

What Developers can learn

1. “There may be developers smarter than me in Anonymous, so I need to step up my coding skills and get better encryption.”
2. Encrypting files and databases has never been more important than now. Don’t think it cannot happen to you. That’s what Philips thought, or even AMD thought. You’d think AMD would have proper protection for their WordPress databasing since they know how to engineer root-level microprocessing chips. What gives?
3. If the network is running one or two servers to operate a website, then it DOES need antivirus/firewall software. Don’t think just because your skills in database administration or server management are very good that malware can’t trump your server…you’re wrong. Some of the best administrators/managers have trouble with their server keeping free from malware.
4. If you must get an unknown application from the web, or download it from an “anonymous source”, then run it in a sandbox or virtual machine. Execution of malware could be the end of the life for a server…don’t be tricked…stay protected.
5. Just because your programming skills are awesome doesn’t mean anything. There are a lot of others that think their programming skills are awesome, however, the first time you let your guard down or get prideful – expect trouble.

What IT Security can learn

1. Hackers can get in to nearly anything. Keep up on top standards in IT security. Being one step ahead of the hackers is a good thing.
2. Keep the defense-in-depth method in mind. If you can get it to work, it will help for miles and miles (or kilometers and kilometers).
3. Don’t expect security to be a piece of cake anymore. It’s now the top challenge in IT, and people are being recruited all across the IT stage to work in security. There just isn’t enough warriors on the scene. It’s time to step it up a notch in all aspects of your work. Don’t procrastinate and don’t be pessimistic. Be optimistic about all outcomes of your work, and see the improvement before your eyes!
4. As stated above for businesses: password security is extremely important! Push password security big time. It’s the only chance at keep information secure in personal, business, and enterprise aspects.
5. Push internet security software like there’s no tomorrow. Because for some people’s computers, personal or business, there will be no tomorrow. Not just for computers now, but also for devices such as smart phones, tablets, and PDAs.

Conclusion

There may be no more way to stop Anonymous, but at least we can be 5-10 steps ahead of them. If we do that, we’re showing them they have no future. It will also make it more challenging for hackers, and improve the best of technologies all across the IT spectrum. See for yourself, and try these principles on your specific spectrum. You won’t be sorry!

 

Protection

Get Kaspersky Antivirus for Server now to safeguard your Windows Server!

Please consider a donation to help our project, if we have helped you or your business save money.

Anonymous: Sabu 6-month Sentencing Wait

Sabu, mole hacker of Anonymous small groups Antisec and LulzSec, now has a wait time on his sentence, because of his cooperation with the FBI. The cooperation is done to help the FBI track down hackers involved with Anonymous, and attempt to put an end to the nonsense.

Since the FBI arrested Sabu, or his real name Hector Xavier Monsegur, last June, he’s been working undercover for them. After providing information leading to arrests of several Antisec and LulzSec members, the charges/sentencing is being waited for Sabu.

The reactions from fellow LulzSec/Anonymous members has been utter denial of his original involvement with the group, and how Sabu even got the idea that spilling the details would help the groups’ plans: “Activism and hacking, also known as Hacktivism. It involves protest against the government, corporations, news media, etc. using street protest and online blackhat hacking. Usually the hacking done by these members has been more blackhat style, in which they are doing it for the purpose of damage and to also gain money. Makes Anonymous seem more illegitimate if you look at it like that.

Although unstated what the plea deal was, Sabu is entitled to a maximum charge (after pleading guilty in March) to 124 years in prison. The charges involved 12 federal offenses, including conspiracy to commit computer hacking, and conspiracy to commit bank fraud, among other charges. Some of the things mentioned by Sabu led to other charges for hackers that were also arrested from Anonymous.

Since LulzSec’s & Antisec’s fallout, small hacking groups have appeared and then disappeared, including SpexSec and r00tbeersec. Since Sabu’s leave, Anonymous has never been the same. Who would care? Their unethical behavior must be stopped. The only way to get it to stop is to continue to hold strong to our values and beliefs. The world system cannot be perfect, and they seem to have this idea it can be. The economic difficulties all around the world complicate every year. There is no end to struggle, it’s part of life.

Anonymous Causes Oil Leak and more

Five top international oil companies are the target of Anonymous, who published around 1,000 email addresses for accounts belonging to the firms Shell, BP, Gazprom, Exxon and Rosneft. Online protests against drilling in the Arctic were raised, due to the issue of polar ice caps melting.

Anonymous hackers used the stolen credentials to add signatures to Greenpeace’s “Save the Arctic” petition, but also noted that they are not associated with Greenpeace, they just support its cause.

Credentials for Exxon were released back in June, in which Anonymous noted the credentials obtained were not through a vulnerability in Exxon’s network, “but just because of the mistake of their webmaster!”, suggesting that the administrator misconfigured or mismanaged the website.

Related articles

• Oil Companies Spring a Leak, Courtesy of Anonymous (wired.com)
• Anonymous supports Green Peace, hacks oil companies (betanews.com)

Latest Hacks on AT&T and Comcast

“WikiBoatWednesday” is the latest battle cry from hackers who are targeting corporations and government sites to show support for whistleblower site WikiLeaks and promote other causes or concerns.

A group of hackers has posted to the Web today data that appears to include Comcast employee names, ages and salaries, as well as e-mails and passwords associated with AT&T VoIP service accounts.

Proclaiming the kickoff of “#WikiBoatWednesday…when all the members from @TheWikiBoat fight corruption, leak data, and bring down websites,” the hackers released the data in two different posts to the Pastebin Web site. Several of the Twitter handles used by the group, including @AnonymousWiki, referenced the Anonymous online activist group, but the connection to the larger, decentralized collective is unclear.

Full Story: at CNET

SpexSec Appears and Then Drops Out?

Introduction

What’s being told as similar to Anonymous, a new hacktivist surfaced and then disappeared, naming themselves SpexSec or SpexSecurity. Why they did this is unknown at this time, however, the details of their “one-hit-wonder” (or two hit) are below.

Hacks

The information of approximately 100,000 Tennessee citizens had their personal data leaked such as social security numbers, birth dates, and passwords. Essentially, identities were at stake here! The details can be found here: pastebin.com/u727aBNb

Many of the members of Clarksville-Montgomery County (CMCSS) School System were victims of the hack. CMCSS is blamed for inducing the hack by not patching its computer systems.

They also stole a good number of VISAs, noted here: pastebin.com/dY1C17Xw

Their Wrapup

A post on the group’s Twitter page will show that they have no more plans to hack and attack…

Their statements can be read in a couple of posts:

pastebin.com/Brgic6px

pastebin.com/ZyntMk4r

No information is found for the third hacker, Makaveli. After searching, no information was found.