Members of Anonymous have released an intercept of a conference call between investigators at the FBI and Scotland Yard during which operations against hacktivist group were discussed. During the 17-minute call – which was released as an MP3 file and distributed on YouTube and elsewhere – investigators can be heard discussing …
Pay IT staff ~20K
get monkeys and end up with security holes big enough to sail the titanic through.
Pay it staff...
You mean the ones they use in India?
Or someone that...
doesn't know how to use the rollcall function on a conference line.
Change password for each con call.
Once all in, perform roll call.
Any annons, silences and unknowns, disconnect;. issue new details.
Not the only method to obtain the call recording.. Any one of the attendees could have been on a system with call recorder that could be insecure/exposed, or even the host service might have been recording the call so that attendees could d/l later. So at least n+1 systems that could be responsible...
Please don't suggest this
Our internal hackers frequently listen in to senior management calls to find out what's going on. It's far more illuminating that the company intranet.
I read somewhere
that the FBI didn't even have email until about a decade after every criminal was using it. I forget where I read that, probably some conspiracy site full of lies.
In times like this I like to reflect on an episode of the animated Dilbert series:
Dilbert: What are you doing?
Dogbert: I'm putting false information on the internet.
Dogbert: It's fun.
Was that before or after the Clipper Chip Perversity proposed by President Klingon?
we know what the fbi had in 2000
and it was a sandbox
they don't put mission crit stuff on networks you can easily access which is why this is funny they don't know......
I LOVE IT....
FBI AND SCOTLAND YARD HAVE BEEN TANGO'D
How do you recover from this embarrassment?
Arrest and extradite the 12 year old hackers of course.
Respect to Anonymous.
RE: I LOVE IT....
This is a massive security breach, correct. But it also shows how stupid the Lultwitz and Anonyputzes are - you should NEVER give away the news that you have an inside source or access! What complete idiots! Professionals would keep schtum and mine the source for as long as possible, but the FBI and Met will now review security, check for leaks and plug any security holes, removing any advantage the tw@ivists might have had. So all this bragging does is reinforce the idea that these are just skiddiots playing at being big, bad haxors.
> Complete Idiots and skiddiots
> Who have managed a massive security breach
Really, doublethink much?
There is nothing there that says they haven't been mining the security hole for ages.
It could well have been that the compromised email address they had been using had its password changed in light of other hacks and so the anons with no further access went public.
You're right. They're kids...
...just playful and boastful - and damaging.
But are there _real professionals_ even deeper into the FBI and Scotland Yard, and keeping quiet?
"[they] will now review security, check for leaks and plug any security holes, removing any advantage the tw@ivists might have had."
That's what sensible organisations would do (better late than never, a mistake is an improvement opportunity, etc).
We're talking about the FBI and the Met here.
What are the odds?
....they never had unfettered access in the first place, and all they ever had was a leaked email with the conference call sign-in details, presumably given to them by some sympathetic peon who happened to have them pass through his/her hands as part of their administrivia-based employment for either the Met, the FBI, or either of their comms providers.
FBI and Met vs two factor authentication.
If anyone who really cared about security was setting up a con-call between two self-important over-rated security agencies of questionable competence, wouldn't they perhaps want some kind of two-factor security? Something the participant knows (the email details) and something the participant has (a challenge/response mechanism of some kind)?
Maybe someone will invent something like that one day.
Correct me if I'm wrong
But I believe the stated goal of Antisec was to force the authorities to upgrade their security. After all, if Teh Terrists can listen in on given FBI conference call, then everyone's at risk - including Lulzsec.
this breach is months and months old its matter of time befor eit gets found or leaked
dont act foolish , go ahead fix it we/they/them/us/you will get back in
you cant stop freedom
Anyhting made by idiots is just idiotic
Or this is smoke and mirrors.
They may never have had access, but claim to have had to distract the FBI from where this recording actually came from. For all we know, this could have been discovered on some retired bit of equipment they skip-dived. They might have been given it by someone inside one of the groups involved in the call. They might have ghosted the call and recorded it due to lax security.
Still, wonder how long it'll be before the FBI/Met go kicking some doors down and make some arrests.
They have been infiltrated by an Undercover Secret Policeman
who's been shagging everyone like crazy and has since gone native.
Most people seem to have this idea that emails are secure, and only the sender and recipient can read them.
It's made worse by the "encrypt" button in email clients like Lotus Notes. People assume that only the recipient, in another company can magically decrypt it.
Too many people are ignorant, and think that owning lots of consumer electronics makes them technically competent.
tip for you
encrypt your message with two types a encryption before you use the email program and just attack it and hten encrypt again....
might help stuff like the carnivore and echelon and hte new program they use and those hundreds a pcs they have decrypting your messages get painfully slow when we all do it
SO after a decade of hackers is the net actually a bit safer? Have you learned to be safer and keep your data safer ? HAVE YOU?
>Have you learned to be safer and keep your data safer ? HAVE YOU?
and it makes me sad...
Technically savvy former News of the World employees have been called in to consult with the cyber crimes division.
Their extensive backgrounds in phone hacking will be invaluable.
Dunno about anything else...
...but the occupants of sheffield are up in arms.
Sheffield has more than a Macdonalds . .
. . . It also has a burger king.
No Burger King
It shut a couple of years ago. Although I think there are still some in the burbs
Only the one by Castle Market was shut (KFC, Greggs & No 1 Chinese buffet offered cheaper food)
The one in the train station is thriving alongside M&S, Upper Crust and other high-end establishments..
Anon coz i stil have to live there for a year and everyone would be on my case 8 while 5!
You meant to say "eight until five", as the words you accidentally chose did not make any sense?
"The agency has reportedly launched an investigation into the leak..."
They just don't know when to stop, do they?
Good tactics boys
Lets really motoivate the cops to put your asses behind bars...
if you listen to the call
All their time is taken up investigating 15 year old kids for defacing their school websites. Honestly the call was so boring, I had to grip the arm rests because i fell into a coma multiple times and my head was banging on the desk.
it's comforting to know that all this anti terror legislation is being used to fight terrorism and has nothing to do with extraditing kids and vulnerable adults for any minor non violent offense they can find in the Facebook dragnet... oh wait.
trust me when i say they will make someone a patzy but it again won't be the real deal.....
his name is robert poulson
I can just imagine the call
1. Read email detailing time and dial-in number, along with passcode.
2. Use Skype to dial in.
3. beep "??? has joined the conference" (read this part in the sexy robo-operator lady voice)
4. Yeah, er random-law-enforcement-agency guy here"
Conferencing hardware / software is so shabby and delicate. People are constantly getting disconnected. Law enforcement types not being the most technically adept bunch. I can easily imagine how one might just just slip right in.
In my experience, just join first
You don't seem to get any kind of rundown of who's already connected when you join, hence the annoying start of every phone conference of "Who are we waiting for?", "Is everybody here?".
Thus if somebody connected say 20 min. before the meeting (or possibly only 2min given that these are Government) and kept their mic muted, I doubt anyone could know.
Though even if they did join late, it is rather unlikely they'd notice or remember.
On top of that, there's no way to eject people if you realise they shouldn't be there!
The thing that people tend to forget is that pretty much all these dial-in conference systems are just as secure as saying "We'll meet blindfolded in this cafe to discuss the secret things".
The pin is the name of the particular cafe, and there's a chime on the door so you can hear when people enter and leave, but you've no idea who is there already.
There are very few companies that would accept doing that.
In your *missing* experience, you mean....
In most teleconference systems, the 'owner' of the channel needs to connect first, if you try to connect earlier, you are put on a waiting queue...
I like to be on time, as a matter of principle, so I often end up on that queue
So, Anonymous is rectuiting...
...News of the World employees now, eh?
Was it 0000# by any chance?
No, that's far to easy to guess. It must be something highly secure that no-one would guess, like 1234#...
It'll be whatever the manual for that conference call software says is the factory-set password. But 1234# is probably a good bet :-)
Unless they've got the "force strong password" option set - then it'll be 4321#
If it was a Philips PBX, it MUST have been 0000# because there never was a way to change it.
Damint, now i have to change the combination on my suitcase
The conferance host always uses the same chairman and participant codes and publishes both in the eMail invite.
Which means anyone else he's used it with knows it, which leads to fun, I've been on calls where a participant dials in as the chairman forcing the chairman to dial in as a particpant, he never commented on it.
Other gems are that when someone leaves, they just transfer the numbers to someone else. When a senior sales person leaves, they don't change all the codes in the sales team so it is not unknown for sales people to dial into their old companies to see what's going on.
And usualy no one challenges blanck call identifiers.
...these guys can hack into anything!
they hacked into my ploughmans
there was pickle left all over the work surfaces, a smashed window, and dog mess everywhere.
then afterwards someone snuck in and stole my ploughmans. I was really upset.
More off to the slammer
Dumber than dumb but I'm sure they'll have fun in the slammer. Morons.
something even better
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Feature Scotland's BIG question: Will independence cost me my broadband?
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great