Anonymous pwns security firm that probed its membership
The Anonymous hacking collective took revenge on a security firm that had investigated its membership on Sunday. HBGary Federal has been seeking to uncloak the identities of senior members of Anonymous involved in attacks against financial services firms, such as PayPal and Mastercard, that had suspended accounts run by …
This topic is closed for new posts.
Irony!
Authority figure has plan to "deal with those sneering punks on the corner once and for all" and ends up in way over their heads. It's like a sitcom. (Except that it's funny.)
The assumption that Anonymous had (or has) shown their strength, considering the organization name, seems pretty poor.
just a thought.....
had any one put this possibilty up yet?
that there may be another group other than annonymous doing the attack? i mean annonymous has reputation but this attack seems a bit to concise and too specific to be really the work of our fav anarchistic fun loving caffeine junkies. compare the recent attacks on paypal and credit companies this one seems a bit off. i cannot put my finger on it but it seems something is not right here and some one else may be using the annonimus reputation to their ends and goals that annon does not subscribe to.
just athought...
Penetrated ..
"ROFL! The pretend wannabe "security" company did no such thing. I have to laugh. How does one "infiltrate" and "penetrate" public WIDE OPEN Internet Relay Chat networks where everybody is welcome? LOL."
Yeah.. like 4CHAN - it's an exclusive club - OMG how do I join .. it's so fucking hard. At least The Jester was smart enough to pave the way but avoid the backlash. These asshats didn't. No pity headed their way - they better get back to "cracking" WiFi networks and bleating about zero day vulns. (assumption : I don't know what they actually do since their website has been down the whole day and google has their hacked site in cache ).. giggles to self.. fucking amateurs ... jeeezuz ;)
Hearts for Valentines day .. maybe they will have their website back by then.
Not a good advert for a security firm
Its hardly a good advert for HBGary Federal who are a security firm when your site gets pawned. Im guessing they may loose some of there customers of that one since a large amount of emails have been posted online.
If your going to try and sneak about looking for anon then at least make sure your website is bullet proof
I think you are all missing somthing...
There was always those who would claim that an open port was invitataion to connect, making a DDoS not unauthorized use (a theory I do not subscribe to). From the couple of writeups (although none particularly technical, unfortunately (if anyone has a more technical writeup, I'd like to see it)) I've read of this, It invovled obtaining passwords through fraud. If those who commitied the attack can be traced, there will be a much stronger case. In addition the phone-calls and threats can be construed as personal harrassment.
In the US, there is now a better claim to charge Anonymous members under RICO. Until now there where no attempts at getting anything, so it would be hard to argue under Hobbs for extortion. Now there is a pretty clear violation of the Hobbs Act (the passwords were obtained "with his consent, induced by wrongful use of actual or threatened force, violence, fear, or under color of official right"). Wire fraud also would have occured.
A RICO violation is up to $25,000 and 20 years per count. As far as I can tell, it requires proving beyond a resonable doubt the act occured and that the person was a member of the "crimanl enterprise" when it did occur. There is no requirement the individual commited the act. (Remember this was created to go after mafia dons, who generally didn't commit the acts themselves)
I think I'll take some of that popcorn too, this could get fun.
(IANAL, this is based on information from all over the internet, YMMV)
DDOS .. is illegal
DDOS is illegal , annoying and very easy to prove. Your IP with the traffic that you generated will appear in the server/s that you target. It is TRIVIAL to lookup you up based on IP and time.
The amount of traffic you create will be limited by your up speed and the shapers/routers/QOS rules/SLAs/proxys/line speeds for your location etc etc etc .. between you and the target.
The only way to hide is to aggregate clients and control them to strike a single target to overwhelm it with traffic (while obfuscating the source) i.e. it requires HIDDEN COMMAND AND CONTROL ( orchestration and collaboration - very easily read as RICO ) .
Beer ... this is getting to interesting... fucking popcorn is making me thirsty.
Yes, DDoS is Illegal, but
RICO has an extensive but very spacific list of offenses that can be charged under it. The relevent ones are the fraud(s) and extortion.
until now, fraud was not relevent, and extortion really wasn't relevent because of the legal definition:
"Under the Hobbs Act, a defendant engages in extortion only if he "obtains" or attempts to "obtain" the property of another "with his consent, induced by wrongful use of actual or threatened force, violence, fear, or under color of official right." Since these protest activities do not obtain or attempt to obtain the property of another (they simply attempt to interfere with the business of another), it is difficult to depict them as acts of extortion."
-- http://ricoact.com/ricoact/faq.asp#peta (IANAL, but this guy is)
LOIC does not have hidden command and control, and I can find no part of RICO which applies. Extortion does not, as from the passage quoted above. The list of offenses which qualify as “racketeering activity” is in TITLE 18, PART I, CHAPTER 96, § 1961. The full listing of the text of the RICO act can be found at Cornell University's web site, if you can find something I missed:
http://www.law.cornell.edu/uscode/html/uscode18/usc_sup_01_18_10_I_20_96.html
Well, thats the end of that 'security' firm
Bye Bye HBGary, you will not survive this. That rumbling sound? Thats your customer base running over the hill to your competitors. Bye Bye. Good riddance.
We'll see who gets the last laugh
I doubt the clowns from "anonymous" will be laughing from a prison cell after being convicted of hacking.
So called 'security' companies
These 'security' companies are mostly hot air. It was quite revealing to watch who was downloading the HBGary e-mail torrent from the Pirate Bay - some of the security companies that were downloading the torrent were doing it from their offices via a public IP address that showed by reverse lookup exactly who they were!
Security? I don't think so!
I want ringside seats
When you urinate through somebodies letter box,
knocking on the door to ask how far it went
is going to start a fight.
Anonymous - defending freedom of speech on the internet.
And from the comments it seems many of you took that joke seriously.
Joke Alert - because anyone who thinks Anonymous are defending anyone or anything other than their own rights to act like a complete set of c*@ts (sorry Sarah) needs the joke of them defending internet freedom of speech HIGHLIGHTED with a big icon.
Not so anonymous
Don't forget that on the internet you are not "anonymous" as you claim to be: http://www.simpleweb.org/reports/loic-report.pdf
come to think of it....
Anonymous should know that Mr Barr is not stupid. He has their secret info stored offline somewhere. You think he would store it in his email or online? duh. Arcording to the BBC "He said he did not intend to hand the information over to the authorities unless forced to, but did plan to present his findings at a conference in San Francisco later this month." The fanboys went berserck and "Mr Barr's Twitter account was filled with a sequence of racial and sexual slurs, along with a string of personal details such as his mobile phone and social security numbers."
Man they even stoop as low to make racist remarks.. I think Mr Barr will hand over his evidence to the police. One thing that "Anonymous" should realise is that they did not invent the internet and you are not really anonymous on it. It just takes a little flash of cash and some geniuses can bring down this organisation in a matter of days.
"This organisation"
So, flashing a little cash can hire a genius to bring down 'this organisation'?
That presupposes there's an organisation to bring down...
Playing whack-a-mole is going to be a lot more rewarding if there's a mole there to begin with - what you're advocating is professional shadow-boxing... I wonder if you're touting the tickets?
RE: "This organisation"
Puts his hand up! After all, in concultancy terms this is called a "money-machine" - you can keep the gig rolling on indefinately and keep charging the customer as you keep whacking moles, and after each mole you say to the customer "Well, that was a big mole, but the LEAD mole is still somewhere out there, but we're getting close, should only take another six months of fully-expensed man days....." Etc, etc, etc.
Egyptian Democracy
Ah yes, the people took to the streets and their leaders heard their cries of outrage and responded, now there's to be a free and open election isn't there? Democracy in action in the middle east at last! Hoorah for democracy and freedom!
Wait....no...I see no sign of such. What I do see is that the current government is "in negotation with the opposition parties to form a new cabinet."
No voting.
Oh.
Who's the opposition then? Ahh... that'd be the "Muslim Brotherhood", another group that the people of Egypt have expressed their doubts about having democracy at the heart of their agenda.
So much for democracy. Glad that the outcome wasn't influenced by the west in any way....oh...wait...
Plus Ca Change, non?
Re: Egyptian Democracy
"So much for democracy. Glad that the outcome wasn't influenced by the west in any way....oh...wait...
Plus Ca Change, non?"
Mais ouis, plus c'est la même chose. Robespierre, ou est tu? ;-)
No choice in the USA
"And if you don't like some law (or what your government is doing) get off your arse and change it. You know you are living in a democracy?"
In the US, it's not a direct democracy, the people have no say on what laws are passed. The gov't passed VERY unpopular laws (that in a direct democracy would have been voted down). The people have very little say in the matter, the Dems and Reps have almost identical political views (both want huge, intrusive, and costly gov't while claiming they want to cut costs) to the point that it's effectively a one-party system. I've voted for true change, but we get clowns like Obama instead.
I don't know what the solution is -- we've had third party candidates that initially had 10, 15, 20% popular support -- but then, the polls will ask "do you support the Dem or the Rep". I've gotten called twice for polls -- once the poll asked "Press 1 for the Rep, 2 for the Dem, or 9 for another candidate" and when I pressed 9 it said "that choice is invalid". The other time, I got a live person, but they HUNG UP ON ME when I said I was voting 3rd party and obviously didn't record my choice. So, then the polls lie and claim people only support one of the two main candidates. At that point, support for the third party candidate evaporates as a lot of those 10, 15, 20% decide they "don't want to throw away their vote" on someone who can't win, and throw away their vote on someone they don't want in office.
"I'll stick to calling people who are accountable (to me as a voter) and abide by the law as the "good guys"."
I don't know anyone that meets this definition. Due to our effective one-party system, most of our politicians are not accountable to anyone; unless they do something REALLY stupid, their opponent will have the same political views anyway so they have little to fear in terms of being voted out. And even if they are voted out, this gives the voter little power since the replacement will just behave the same way. They also tend to not be law abiding, up to and including passing laws they KNOW are unconstitutional (Senator Patrick Leahy was the only one with the balls to vote against the unconstitutional PATRIOT Act for instance -- despite all of them swearing to uphold the constitution).
That's not to say I consider Anonymous "the good guys" either. It amuses me that they pwned this security firm so thoroughly, but indeed Anonymous is a loose cannon.
@david wilson
"Also, do you have any link to evidence for your claim that the government said London was 45 minutes away from destruction?"
Blair's foreword to the dossier said that Saddam's "military planning allows for some of the WMD to be ready within 45 minutes of an order to use them". Fair enough, that doesn't mean they could strike London within 45 min but that's how the media reported it.
And how did the govt respond to the publications? Hoon said he didn't know the media was publishing that version of the story because he "didn't read the papers because he was out of the country". Sorry, that's a pathetic excuse. Surely he has a lackey who reads the papers for him and can report to him by phone / email / whatever !? Later he said he didn't bother correcting the media because "it's too hard to get them to print corrections"? WTF!?
No doubt if the media had corrected the story earlier the govt would have found something else to pitch to the public to convince them to go to war. As I said before, the difference between the 3rd and 1st world is simply how sophisticated and sneaky the manipulation is.
@magnetik
>>"Fair enough, that doesn't mean they could strike London within 45 min but that's how the media reported it."
All the media, or just some of it?
Surely you're not reckoning a newspaper saying something as being the same as the government saying what the newspaper actually said?
That'd be like assuming that everything the Daily Mail makes up about the EU is some kind of official position unless the government denies it.
Anyway, as far as I can see, it was primarily parliament that *had* to be sold the idea of war, and whatever MPs may claim now for their reasons for supporting it, I'm not sure I'd really trust what they say..
Certainly, it's understandable that people who voted for a war and then realised it wasn't as simple as they hoped would claim that *anything* that was even potentially misleading was what *really* made them vote in favour, as that gets them neatly off the hook.
That said, if an MP woke up for long enough to hear '45 minutes' and didn't try and find out what the hell it was supposed to mean, the blame for their vote seems to be at least partly theirs.
I'd wonder how many MPs who now claim to have been misled would still be doing that even if things had worked out nice and cleanly?
More to this story is coming out...
"The e-mails ThinkProgress acquired are available widely on the web. They were posted by members of “Anonymous,” the hactivist community responsible for taking down websites for oppressive regimes in Tunisia, Egypt, and American corporations that have censored WikiLeaks. Anonymous published the emails from HB Gary Federal because an executive at the firm, Aaron Barr, was trying to take Anonymous down. Barr claimed that he had penetrated Anonymous and was hoping to sell the data to Bank of America and to federal authorities in the United States. In response, members of Anonymous hacked into Barr’s email and published some 40,000 company e-mails.
It is widely believed that Wikileaks has sensitive information about Bank of America, and plans to expose it later this year. This revelation prompted Bank of America to hire the law/lobbying firm Hunton and Williams, which in turn, according to the e-mails posted online by Anonymous, hired HB Gary Federal and other firms to go after Anonymous and supporters of Wikileaks. For instance, one proposal from HB Gary Federal and its associates proposed targeting Salon reporter and Wikileaks-supporter Glenn Greenwald with “actions to sabotage or discredit” him."
http://thinkprogress.org/2011/02/10/lobbyists-chamberleaks/
Very interesting...
Do you think some people in the Bank of America are getting a little worried?
Makes you wonder what those leaks really do say about them!
You guyz
lots of confusion here. :/
The hack was mainly done by a 16 year old girl, and involved a social engineering attack on the sysadmin.
TL:DR of events : Main reason for the fued this is a 'security researcher' named Aaron. He was attempting to sell data scraped poorly scraped from social networking sites implicating innocent people as 'ringleaders' of anonymous. Had he succeeded innocent people would have been arrested.
The IRC chatlog of the event (including HBGary president attempting to negotiate) can be found here: http://pastebin.com/x69Akp5L
This topic is closed for new posts.
