I am now reading the Bloomberg story and things now get enormously weird if they are exactly wording what happened or how the specialists described it (journalists can be creative in rephrasing what you have said)
"The hackers clocked in at precisely 9:23 a.m. Brussels time on July 18 last year, and set to their task. In just 14 minutes of quick keyboard work, they scooped up the e-mails of the president of the European Union Council, Herman Van Rompuy, Europe’s point man for shepherding the delicate politics of the bailout for Greece, according to a computer record of the hackers’ activity."
so, if one can hack in 14 minutes a mailserver would you call that safe enough to host the emails of the highest officials of the European Union ? No double authentification and probably no penetration test which would have showed the vulnerabilities that the hackers have found.
"Observed for years by U.S. intelligence, which dubbed it Byzantine Candor, the team of hackers also is known in security circles as the Comment group for its trademark of infiltrating computers using hidden webpage computer code known as “comments.”
and they didn't warn the Security officers of the European presidency the first time they accessed the mailbox of the European President if they were watching this the first time ? What were they thinking ? Cool, that will make some international press, let's see what they can do more ? Where is your loyalty and responsability ? Did you ever think of the consequences this could have ? Even if the servers were not well protected, that doesn't give you a reason to not report. If this was a real crime, you would even be open for prosecution for non-assistance !!!! I am sure that you would hurry to the phone to warn the DHS if it were the American President.
"Exploiting a hole in the hackers’ security, the researchers created a digital diary, logging the intruders’ every move as they crept into networks, shut off anti-virus systems, camouflaged themselves as system administrators and covered their tracks, making them almost immune to detection by their victims."
So they had a hole and they kept it all to themselves to make some publicity for themselves while it is the secret service and the national cyberdefense organisations (too many to list) who should be 'in' on it.
It is too late to come clean now, you should have gone to the police with this and helped them with following them and trying to protect their past targets and all of this .... could have been done without leaving trails also. Or don't you think that your and our police aren't capable of such operations and that you are that much better, that you are the saviors of the planet and that everything depends on the chosen few ?
I know you won't read a comment like this while everybody is screaming defense, scandal, attack them
but let us ask the other question, if there is a fire, do you stand by and take pictures or do you help the firemen ?
Anonymous has since the new data interception laws that are being discussed in Australia attacking Governmental websites and an ISP AAPT.
In total there has been 40GB of data that has been 'looted' of which about 1.3 customer data of the ISP (more about that later). There has been no dumps, but clean releases in which there is for example no financial data (even if that data is present and is now in the hands of 'anonymous' outsiders and should be considered as unsafe and to be changed).
the files are disappearing from pastebin and the net but re-appearing on Anonymous websites like here
and the really interesting file is this one
"Anyway, so far can present 27mb of compressed data, but most importantly we want to direct your attention to the file dsdweb-tracking.mdb. This file gives us some insights on how the Australian government was monitoring its citizens activity. Let us explain what you see here:
HitDate|SearchID|PageTitle|PageType|MemberID|FirstName|Surname|Organisation|Email|Classification|Postcode|Region|Browser|IPAddress|HttpReferer 4/11/2001|9:41:32 AM|538|Regional Development|17|2|Jenny|Rogan|Jenny.Rogan@sd.qld.gov.au|5|4000|2|Mozilla/4.0 (compatible; MSIE 5.01; Windows NT)|172.21.4.199
These lines show what the Australian government is interested in and what they are tracking. The data below was reformatted but you can view the complete database dsdweb-tracking.mdb in the archive (not linking to direct file since it is 200mb).
HitDate - The date the specific Search was initiated SearchID- The ID of the search PageTitle- The title of the page that was searched PageType- They have their own categories of the logging software MemberID- Firstname Surname Oragnization Email Classification- They classify with their own systems Postal Code Region Browswer- What browser they were using IPAddress - IP address of the user HttpReferer - Referer-URL (Previous website, where it was linked from)
well, there is more to come they promise
oh, and the best I have kept for the last, how did they do it
The government servers was the easiest part, a simple LFI bypass of the authentification
The ISP AAPT was breached with a Cold Fusion exploit that was known but the ISP said they had forgotten about the server .....
need I say more ?
if you can expect them, you should prepare for them and not keep your gates closed but the holes in your wall unfixed
Global Payments, which back in the spring reported a data breach in which information associated with an estimated 1.4 million payment cards was stolen, has revealed that expenses associated with investigations, fines and remediation has hit $84.4 million.
and that is without the reputation damage and the loss of business or possible business
why Blackberry is the most secure phone (and you should have one if you want some secure communications)
it means that if you have Android you will have to install other security apps to increase the security.
That it is still not advisable to jailbreak an Apple.
Authorities in South Korea have arrested two computer programmers suspected of hacking into Korea Telecom's customer database and stealing personal information on approximately 8.7 million mobile subscribers. According to the provider, these data included user names, telephone numbers, and resident registration numbers. Police are also investigating seven other suspects accused of selling this information to telemarketers, as part of an operation that began in February.
As the Korea Times reports, authorities believe the hackers made at least $877,000 from selling this information to marketers, who purportedly used it to contact customers whose contracts were about to expire, as well as those deemed likely to switch providers. The identities of the two men arrested have not been released, though the Times reports that one is a 40-year-old male whose family name is Choi.
that is the real title, not that the hackers got arrested
will those who have bought the data now be arrested and punished because if they didn't buy there wouldn't be a market for it, at least a real world market with real businesses
it is not in Syria, but in the US a few kilometer away from Disney Land or world
but while the world is watching the Olympics and trying not to watch Syria although that is difficult
that little city is in 'state of emergency'
quite strange to look at the pics and vids and articles
2 persons shot dead by the police, riots since 5 days and
military with machine guns on the street (no not the beans pistols (very strange pic that)
#anaheim on twitter
an army exercise in crowd control (the city gives the perfect environment)
and as the riots going on and the level of military intervention becomes more apparent and as a consequence the protest go on (and get national) the national interest is increasing and the questions
lots of questions
it is America, not Syria
the military should not be on the street and the police should protect people, not shoot them while they are arrested and handcuffed
Free wifi in the US may be legally totally intercepted - except if you install your routers correctly
The law also has a section protecting certain parts of the wireless spectrum, as defined by Federal Communications Commission rules. But since the law was written, the uses of those parts of the spectrum have changed. Some of the channels on Wi-Fi routers use spectrum that is protected, but some don’t.
Different Wi-Fi routers come set to different default channels, but most allow people to change the channel to avoid interference with other nearby routers. According to a literal reading of the law, channel 11 is the only fully protected one. Channels 7 through 10 are partially covered, depending on other technical aspects of the router. And with channels 1 through 6, you’re on your own, Bankston said
Cryptocat lets you instantly set up secure conversations. It's an open source encrypted, private alternative to other services such as Facebook chat.
Messages are encrypted inside your own browser using AES-256. Encrypted data is securely wiped after one hour of inactivity.
this makes it more easy to use for the masses without having to install tor and consorts
This is another of such kind of investigation which gives you the feeling that you don't know the real story behind - or even can appreciate if it is really true - nor can say anything about the impact of the hacks (if there were 4 such hacks)
first any important emailaccount can be expected to be attacked or hacked, so enabling the best of protection around them and the information in it (or even thinking of using email as a way of sending important information) is just something totally normal (should be)
so the real question that is arising is
how could they hack this emailaccount if one had used double authentification (usb, fingerprint or whatever) and how could have done something useful with the information if that information was encrypted and protected against data leakage
or was there no such protection
and than the question is that such protections should have been put in place and why they weren't, why in the hell somebody thought that the emailaccounts of the most important European leaders in these times of total financial mayhem and with several regional conflicts going on wouldn't be attacked by the best-paid professional hackers and shouldn't have all these protections (supposing that they would be hacked at one point anyway and so the information in it should be protected if it leaves the mailbox).
and than you read that they were attacked not once but 4 times
hu, attacking a mail server 4 times and not going into red alert is something that is really strange, who in the hell did the forensics and decided that it wasn't important
strange world there between the superleaders
so your website was hacked
defaced at first sight
but the message says that a mirror was taken (of the server, of the files, the client data of what)
in fact in that case of everything and you have to presume that it is about everything that will have to worry about
besides the fact that they probably have taken a copy of the total code and customization and that you will have to rebuild everything as new - better even in a totally different environnement
Nothing was removed from server!!!
Only Mirror was taken
Kosova Security Group - Crew
if you are running IIS 6 there is no way you can keep it secure
- Notified by: syhmhfz
- IP address: 188.8.131.52
- System: Win 2003
- Web server: IIS/6.0
- Notifier stats
- This is a CACHE (mirror) page of the site when it was saved by our robot on 2012-07-25 05:57:01
the problem is you are in Germany so before the FCCU will get their hands on the logs and so on, try to explain that all in ..... german
2012/07/28 SA3D HaCk3D M R meteokust.be/x.txt Win 2003 mirror
since 2004 we are watching the .be security
and this server we have seen time after time hacked and hacked again
and even by different attackers
if there were awards for that, they would surely win them easily
maybe its security is as good as the summer weather it informs us about
maybe someone was mad as hell :) or bored by the bad weather
Coming Soon ... 184.108.40.206.
even during holidays you have to monitor all your servers all the time
If you look at their page with their publications of dumps of info
than you can only look quite astonisted
* eset antivirus (but a site in Nepal, which is quite stupid because you can't protect hundreds of websites at the same time, it is better to have one central bunker)
* president of Sri Lanka, Pakistan,...
* some unnamed server of the ONU
* some important administrations somewhere
they are quite international
even if the security professionals who got publicly shamed won't agree
but that is what antisec is all about
just like the lulzsec gang, the ugnazi clan and others they will one day or another get arrested
but in tweets it seems as they don't care that much as it is part of their business, their future, their life, their way of being what they are
which makes them more dangerous than those who ckicken out
I don't chicken out because I don't start that kind of stuff because it is not part of my life or my future
but you still have to bring the sites themselves down a lot quicker
and this may explain that the most promoted childpornsites are now in ..... Russia
"Fifty police officers across the UK have been arrested as part of a crackdown on suspected paedophiles who pay to access child pornography websites, detectives revealed today.
The officers were among 1,300 people arrested on suspicion of accessing or downloading indecent images of children - some as young as five - from US-based Internet sites.
Thirty-five men were arrested in London this morning as part of the investigation - codenamed Operation Ore - following raids on 45 addresses across the capital."
Operation Ore is the UK wing of a huge FBI operation which traced 250,000 paedophiles worldwide last year through credit card details used to pay for downloading child porn.
THe NYT offline always said that it publishes everything that is fit to print because it has been researched and gone over twice at least before.
The online edition wants to uphold the same credibility but that is much more difficult and needs more controls because you can't hack a newspaper in paper.
So last week what is since long called 'content hacking' and is the worst nightmare for the newsmedia if they want to keep some credibility online (especially with those permanent virulent newscycles) happened to the biggest example online of the successfull transformation of an offline Newspaper to a succesful online business (if you don't know how to bypass the paywall that is)
but the faker has done all things right
the whois is in the name of the owner of nyt.com (http://whois.domaintools.com/opinion-nytimes.com) anything different would have immediately risen suspicion (how to do that is a mystery to me)
but the dns servers aren't the same because these are on the ghandi.net servers and the nyt.com servers, but there are many firms who install parts of their servers outside on different infrastructure which leaves naturally a window of opportunity for such hijacking to go unnoticed.
the second part of the operation was to create the webpage in such a manner that it not only looks identical to the NYT but that it behaves like the NYT and is accepted as if it was from the NYT by all additional services on browsers and securityservices and search engines. They were helped with that by the fact that they could copy all the code from the pages which was totally unprotected and unmonitored so the only thing one should do was change the text.
So you have a website that looks like it comes from the NYT and a domainname that looks like it was owned by the NYT. The third thing to do is now to write like the editorialist and the style of the NYT, taking a position that differs a bit from what one should expect, but not too much. In this instance it was defending wikileaks but very carefully worded.
You than launch it on twitter and a bunch of other journalists and ANonymous believe it, retweet it and it becomes the hype of the town untill the person in question tweeted that it was a fake and everybody retweets that it is a good fake.
BUt there is another question looming behind that is becoming even more important with the launch of more than 200 new domeinextensions next year - even if some of them are private (for internal networking reasons).
How in the hell could one sell a domainname with the brandname NYT it without sending a cofirmation mail or alert to the owners or brandmanagers of the brandname.
Because what has been shown here is the perfect example how to set up another phishing site for a government, bank or multinational.
see it for yourself