• leaking hype : much buzz no fuzz

    there are the guys from the openleaks.net initiative who want to restart wikileaks as it was meant to be and not became to be. Good intentions, sharp criticism but no website yet

    there are the guys from the brusselsleaks initiative who want to get material about the European institutions and shadowy agreements published. Many articles online and in the press but not one document yet.

    the bulgarians have published also one with some interesting material but you can't compare it with wikileaks.

    When wikileaks started it already had a bunch of documents before it was announced.

    oh and how can they be trusted ?

    don't ask me if you want to risk your career because it can be that the version of the document you have in your hand has only one letter that has changed somewhere and that is your unique identifier.

    also be assured that there will be much less notetaking, much less paperwork and much more logging and cleandesk policies coming your way

  • the gawker lifehacker total hack (passwords included) also Belgians compromised

    A few days ago some hackers found it necessary to publish the total database and source code of some of the most influential techblogs around (like lifehacker)

    they didn't only publish it online, they also decrypted a list with about 2000 users accounts and the logins and passwords that were used

    this all can be found in a torrentfile that is quite popular for the moment - the http downloads are in fact advertising for payable piratehosters (who host pirated material that you can download for a monthly fee - incredible but true that they are still online after so many months)

    In that list you can also find emailadresses for certain countries, but that list is only part of the global set.

    Maybe you should control  if you have ever subscribed to their services in your life with one of your emailadresses

    use this service http://www.didigetgawkered.com/

    more information can be found here http://www.diigo.com/list/mailforlen/Security

    and now some comments you will probably not read in many places

    * how stupid can the gawkerpeople be to let people use passwords of one letter or combinations that have no security at all ? They publish all these articles about security and than you look at the list of passwords and you think 'what is this shit'

    * how many times did the gawkerpeople clean out their list. If you ask all your subscribers at least once a year if they want to stay member, than you maybe a cleaner list but an active list (in which you will have to click to stay activated)

    * how will those hundreds of thousands of ITpeople from all over the world be informed that their account has been compromised. Some may have used the same passwords (especially the more difficult ones) in other environments (good hunting)

    * the sites have lost their total source code, up for the zeroday injections because now you can play with all the code of the whole environment (and infect thousands of visitors in a few days)

    so yeah tech is fun and tech is around since long but that doesn't make it secure

  • follow the changing game about wikileaks and its cybercampaign (botnet over ?)

    After the reversal and the nonsense of the so-called ping-attacks (called it DDOS when it is hardly a coucou except on very specific infrastructure sometimes when nobody is watching that part of the store) it seems that they are changing tactics and want now to distribute the material more massively on the internet (that is more wise as tactic).

    http://twitter.com/#!/list/mailforlen/wikileaks    following the most important wikileaks tweetstreams at the moment

    and you can find also more at http://www.netvibes.com/mailforlen or here

    oh and just to make it even more exiting : there are now false anon_twitters and accounts and false wikileaks accounts and people calling for new attacks and spreading false news and appeals and links

    why wouldn't that surprise me, if you want to play undercover, spy and black_op don't be surprised you are outsmarted in the end by the real professionals (who can also goof up enormously)

    so this "cyberwar" is slowly coming to an end and we will wait what the reaction will be when

    * he will be sent to the UK jail - a swedish court or extradited to the US

    in each case police and official websites of these country may expect some attack-traffic. You can find here all the information about how to divert this and you have now the time to prepare. It is important that the CERT (responsable for the coordination) knows on forehand what will happen that can impact the attackflows going to their sites (you will always have some idiots who will continue).

  • IRC server wikileaks botnet confiscated in Holland : your IP adress is with the police

    the problem with tweets is that they are so short and that people forget the most important things

    so the most important thing is not that the 16 year old boy in Holland has been arrested and was a manager of an IRC channel that was used to attack the servers (even if that is a big word)

    no the most important news is that at the same time the police confiscated a computer and other material and that will probably hold the information about the attacks and the participants

    it will take some time to sort that out

    but when those nutheads are saying that are safe when you install their IRC bot because you are anonymous because of the number of participants, than they are IRRESPONSABLE and in fact lying

    there are so few participants that with some filters one can see in realtime who is doing what

    all the rest is hype to have more people joining this social mugging

    think and do something worthwhile instead of thinking you are a hacker while you just ping some sites

  • why wikileaks has serious defectors and internal questions

    In an interview with SPIEGEL, Daniel Schmitt -- the 32-year-old German spokesman for WikiLeaks who is also the organization's best-known personality after Julian Assange -- discusses his falling out with the website's founder, his subsequent departure and the considerable growing pains plaguing the whistleblower organization.
    http://www.spiegel.de/international/germany/0,1518,719619,00.html

    the rest of the interview is as astonishing

    they will release a new online tool - openleaks  - which they hope will be more useful for the real fighters for internet- and real freedom everywhere in the world - and not only bashing the US.

  • all tools and information about cyberattacks wikileaks on one netvibes page

    http://www.netvibes.com/mailforlen#WIKELAKS_Attack

    but you can also use the hundreds of other links that are already in other categories to research and follow more informationtrends

  • twitter let itself be abused for coordinating wikileaks DDOS attacks

    "anon_operations Account has been restored!! Twitter assured us the closing of our account was accidental. Next target soon!! #PAYBACK #WIKILEAKS #anonops yesterday reply"

    and those DDOS attacks that they are firing are accidental stupidities too ?

    so when is one DDOS acceptable and when is the other criminal ? When is the effect of one DDOS not bad and the effect on the whole network bad ? When is twitter responsable for standing by while anonymous people are trying to influence others to do illegal things (according to most cyberlaw) and when should they intervene ?

    the question is not political. This is not about opinions. Everybody may have an opinion. It is about tactics of social mugging being used and if you accept them or not.

  • wikileaks botnets are hyping but not really downing anymore (new target)

    so they say they have downed moneybookers.com (a minute ago)

    they didn't

    they would take on amazon.com yesterday

    they failed

    so the big cyberwar is just a few thousand mom-and-dad or student amateurs pinging a website

    next target

    interpol.int

    and than they say that the site is down - for a minute or what - but that can also be because the pinger they use doesn't get any response because during the DDOS attack one of the things that you do first is drop all traffic from sources and stop sending responses. It is important also for journalists before saying that a site is down to control it.

    another thing that is being seen is that http access to certain paypal services like api.paypal.com are not available anymore when you type it into your browser, but they are still operating for the services they should be working for and that are webservices. Now it would be possible to bring down such a service with an xml-bomb but to do that you should be a member/user of paypal and than you would not only be recognized but you could be sued for losses that you will never be able to pay back (or anyone else for a fact that doesn't belong to the billionaires of this world).

    so it is important to take their jubilations and retweeting of selffulfilling prophecies (as hundreds of people are retweeting a tweet that a site is down it must be down - no)

    NO it is not down and even if it was not available for a minute or didn't respond anymore to the attacks or to the uptime controllers doesn't mean that anyone else who is seeing or using the site thinks it is down

    so amateurs attackers, do some positive and important stuff that really makes a difference in this world, this is becoming a big joke.

  • how to block access to wikileaks botnet tools/attacke on your network (universities)

    A lot of the downloads seem to come from universities. If universities - which are centers of freedom of speech - don't take action to stop this kind of mugging of freedom of speech they willingly participate in illegal actions - and the consequences. They will have to proof that they have done everything possible to limit the possibilities of abuse of their networks for this kind of actions. They also will protect their infrastructure (as it can be confiscated by the police during an investigation and be lost during weeks or months) and their 'kids' who might not have thought through all the consequences for them and the other users of their networks and infrastructure and may face trial. Remember there are only a few thousand participating in these attacks. It will not be that hard - impossible to find some symbolic victims to be arrested as example.

    In fact this is for any networkadministrator. And it won't be you but your CEO or higher hierarchy that will be held accountable and will be astonished to see the police storming in and confiscating computers and other network infrastructure.

     

    block always access to IRC channels  6667  6669

    block access to

    online attack tools

    pastehtml.com

    hl2forums.com

    pastebin.com

    attack community

    bloggsida.se

    hacktivists.org

    anonops.net

    anonops.com

    anonops.info or anything with anonops in it

    attack targets (https port 443)

    api.paypal.com

    secure.authorize.net

    moneybookers.com

    attack targets (port 80)

    politie.nl

     

  • the wikileaks situation - overview of day 1

    Day 1 took some people some time by surprise and some parts of some installations were not ready to take a small but smart DDOS attacks headon and keep it from rushing to the big frontlines that cyberware was happening before our eyes.

    What we have learned is that

    * the payment processing infrastructure and API processing infrastructure (paypal) will have to be reviewed in its globality and be made more DDOS resistan. Financial infrastructures should better have a better seperation between their financial processing and all the other marketing crap that is online. The more separated the better. The integration of both processes in banking and shopping sites makes them also more vulnerable. 

    * DDOS is here to stay and becomes ever more popular in times of crisis or turmoil

    * the attacks are made by about 30.000 People who have downloaded the tool and some illegally infected computers that have been added to this network

    * those computers are vulnerable and hackable and are using a hackable IRC platform

    * the number of patriotic counterattacks is minimal compared to the resources the US cybercommand has. You can suppose that there is no coordinated counterattack coming from those resources.

    * the legal counteroffensive against wikileaks and its infrastructure goes on, step by step - even if the charges against Assange are weird and stupid. I could think of other ones - if you dare.

    * the bulletproof hosting in Sweden is holding up against the traffic and probably some attacks. Except if they see this as free publicity one can ask who will fit the bill - taking into consideration that many financial donations are blocked. You have to take this one down to bring the network of proxy sites down. It is the new mothership. 

    * the first people are being arrested and charged for participation in this stupid and dangerous campaign.

    * the login, support and other parts of the wikileaks infrastructure are not secure

    * there is a dangerous file called insurance that has many very important names and so on and is socalled encrypted and will be released if something happens to him or other wikileaks members

     

    Most important now is  BE PREPARED

  • the hypocritical position of wikileaks about the botnet attacks

    Wikileaks says that it is not linked to these attacks

    but it also says that it doesn't want to condemn them (they don't support them neither, but that would be too much)

    so at one side you say that you are for freedom of speech and internetfreedom and so on and you protest against DDOS attacks against your site

    and somewhat later you refuse to condemn the same kind of social mugging tactics by some of your supporters against organisations and people that are following the law (of democratic countries) or don't necessary agree with you or some of your actions (some even call to attack the EFF which has done more for internetfreedom that you will ever be able to do in your whole life).

    DDOS attacks have no place in the open and free and social internet that we dreamed about

    You can't be for or against some DDOS attacks, you are for or against DDOS attacks as a tactic. Just as you are for or against terrorism or stonethrowing or other tactics that are diversive.

    The problem even for the Wikileaks community is that we will be talking and disagreeing more about these DDOS tactics that a minority is using instead of what the wikileaks or 'leaking' (which is bigger than wikileaks and sometimes like cryptome totally disagrees with wikileaks) community should be doing and should stand for (and also what it shouldn't leak under which circumstances).

  • prepare for a weekend of wikileaks attacks if you are a target

    you will need to

    * ask your serviceprovider to block all the traffic coming from the online attackforms

    * have a direct communicationline with your service providers to block at their level all traffic to specific parts of your domain that have been chosen to be attacked so they don't arrive at the servers

    * introduce everywhere a 'drop dead' policy for trafic that goes to nonexisting resources, links or old and forgotten infrastructure and domainnames. That is very important for your servers, firewall, routers and mailboxes. Especially look for logging problems (buffer overflows of the cache). This is your weakest point.

    * prepare a legal team so sue the organizers and those that are living in European countries or the US and seem to be organizers and big attackers. You are treating with kids and mom-and-dad-doing-something-naughty kind of attackers. They probably even don't know you are having their IP addresses. For maximum impact these complaints have to be filed in the coming days. This means that upline you will need some copy of that kind of traffic. The better the logging is up the line, the less you have to log and the better your infrastructure can resist. (If for example your ISP says it will log all the attack traffic for you - at a price - you don't have to and can only concentrate on keeping things up. A database can make a 'real-time'report with the IP adresses and the number of attacks and that can be linked to the GEO-IP database to locate the countries)

    * put communication channels in place with the local CERT to be informed and warned about changes and things that could be done to help in your country or another (if for example you are being flooded from say Sweden, than the CERT in for example US will contact the CERT in Sweden and ask for intervention from the local ISP's there to stop it).

    * re-organize your dns so misconfigured traffic is dropped dead or directed to a dropdead router (blackhole) or that old or forgotten domainnames are redirected to the new re-enforced and monitored infrastructure (so it becomes easier to redirect incoming traffic)

    * have a 'standby contract' to be activated so you can have more bandwith, more or another hostingserver(s) in minutes rather than days.

    * have securitypeople permanently on the scene - if you are financial this will be permanent - exclusively monitoring these kinds of attacks (and filtering those criminals ones that try to hide under the stream)

    * have your communicationpeople and ITpeople on standby notice and 'close to the workplace' this weekend

    * get the necessary financial papers signed so that services and products can be delivered without hesitation or that manpower can be sent if necessary

    * setup an external PC on an IP adress that is not linked to your network or firm to monitor the targets that are bein. Do not use the same PC on your network. Use it for blackops or covert action but when you are done, you throw it away (without any harddisk that is - you smash the harddisk in thousand pieces and throw it in the dustbin). That PC may not be linked to your enterprise or an employee of yours. Do not use the same PC for Intelligence and blackops (and not in the same range). With intelligence you are watching what is happening and you are participating (without encouraging or giving any technical information or advise - because than you become a provocateur). Blackop operations are illegal and should be treated like this. Their goal is to disturb the attacks and the infrastructure (for example flooding the IRC channels, sending viruses through their networks, intercepting internal communications on their servers and networks and so on). Do not think that blackops is easy and not without any danger. You have services (governmental and commercial) that are real specialists in this (and don't seem to be really active for the moment). The advise is : you have to do passive intelligence anyway but for black ops you have really to hire the specialists. Do not think that you are James Bond.

    * prepare yourself for these amateurs to become more professional over time (even if they are saying that they are working with the best ITProfessionals in the field, the tactics and methods are nothing of that kind for the moment - lots of hype and easy press - but not very impressive compared to really professional stuff that has been seen over the last years).

    This means that there can be a change of tactics and methods (dns, mail, web2.0, special parts of your infrastructure,.....)

    So forget about all those stupid unrealistic exercises

  • why the wikileaks botnet attacks are pure hypocritical

    I did never see any of those anonymous heros organize an attack on Chinese sites to protest against the big chinese firewall, the limitations on (internet freedom) or the bloody suppression of the Tibetan People.

    I did never see any of those anonymous heros organize an attack on Russian sites to protest the murder of investigative journalists, the limitations of freedom of speech and the persecution and harassment of online democracy groups.

    And that is also the problem with Wikileaks under Assange and that is why - what many people seem to forget - some very important people from the Wikileaks organisation left it in september because they thought he was not pro-democracy (which was the intention at the start - helping people who live in dictatorships or places with very limited freedoms) anymore but anti-american. The goal of Wikileaks was not to become anti-american but to be prodemocracy wherever.

    So shut your mouth about wikileaks and internetfreedom, I think many people around the world will ask themselves - what have they done for me lately

    nothing - nada

  • practical advise who to defer this wikileaks botnet freetime attackers

    I used to work with an organization that came under constant attack from anonymous and their LOIC tool. It's very easy to mitigate these DoS attacks as they're not particularly bandwidth intensive. Simply limiting the connections per IP per interval at the firewall was enough to thwart the attack. I believe properly configured Checkpoints are able to detect and drop these attacks altogether. But listening in to their IRC channel is the best way to stay one step ahead of this group. It's not often attackers broadcast their targets and vectors before firing.
    http://isc.sans.edu/diary.html?storyid=10051

    ah that good old Checkpoint firewall that is a standard in so many big environments

    I think Cisco will also have some tools and policies that may help

    I think some people are happy they have stayed with the big international standard Roll Royces of Security Products and didn't look for cheaper alternatives that aren't necessarily ready to withstand even these small but intelligent attacks.

     

  • attack any target with your mobile thanks to wikileaks botnet

    http://pastehtml.com/view/1ca1trl.html

    and yes you can attack any source with this

    this will be even easier to trace (your mobile number) or buy a throw away card

    also mobile internettraffic can cost a lot of money it you can't use WIFI

  • join operation payback wikileaks botnet on a unsecure network

    http://opbig.bloggsida.se/join-opb

    yes you read it right

    no encryption

    but they don't care about your security or privacy

  • attack any target (even wikileaks.ch) thanks to the online wikileaks botnet tool

    http://files.hl2forums.com/uploads/1e55b2e_JS_LOIC_v0_1.htm

    so for the targets have to block any traffic coming from that page

    that is easy not

    it will be in https

    if you want to know if you are on the target list, there is a new list that is being updated

    but in fact you can attack any destination - even wikileaks.ch if that is your choice  haha

    and you give your computers and networks to them ? You trust them blindly like that ?

    ScreenHunter_01 Dec. 10 00.19.gif

     

  • dutch police arrest 16year old wikileaks botnet-attacker

    If you think that you are untraceable because there are only a few hundred- to thousand participating (which is peanuts in fact for any monitoring and logging software) than you are so wrong (and naïve). There is nothing anonymous about the group anonymous.

    today a 16 year old youngster in Holland has been arrested for his participation in the attacks on paypal and the creditcardcompanies.

    He will be brought tomorrow before the judges and meanwhile his computers and computermaterial has been confiscated (and it can take some time before he will get it back).

    The Ministery of Justice in Holland has said that it will prosecute everyone who participates in these illegal acts of DDOS.

    I think his parents will be very happy and proud.

    Shouldn't you say to your kids-youngsters that there are other ways to participate in the battle if you feel that you must participate in this emotional uprising ?

  • wikileaks for nobelprize says Russia

    Non-governmental organizations should consider nominating Julian Assange for a Nobel Prize, a source in the Russian presidential administration has said.

    Public and non-governmental organizations (NGOs) “should think of how to help” the founder of the whistleblowing website WikiLeaks, the source said on Tuesday, as reported by Interfax news agency.
    http://rt.com/politics/russia-assange-nobel-prize

    untill they publish Russian diplomatic cables

  • global payment processing systems under attack with wikileaks botnet

    this is total madness

    they are attacking the central payment processing system of paypal the most important smallbusiness payment processing system

    they are attacking the central paymentproceesing system of visa and mastercard

    network administrators

    the attacks are going out in https traffic - that is most of the times NOT blocked by networks or ISP's

    api.paypal.com

    secure.autorize.net

    have downtimes costing millions

     

    on port 443 if you didn't know it yet

     

    it is just flabbergasting that such critical infrastructure can be brought down by 500 to a 1000 botnetagents and that the billions invested in cyberdefense and cyberattack by the US government are just standing by - even in covert actions (that also cost billions).

    If I was a president or minister of defense or responsable for cybersecurity I would be mad as hell about that and throw the books at those blablablabla cyberthis cyberthat blablablabla

    Now they have to show that they are up to the job. This is not a socalled cyberwar exercise. This is real. Real money and real attacks and real disruptions of central crirical infrastructure of the cybereconomy. And what are you doing ? Playing legalese ..... What is the use of having NSA, CIA, and a whole other bunch of threeletter agencies if they can't stop the shooting when such parts of the infrastructure go down.