xorl %eax, %eax

News: Recent Hacks

with 4 comments

Unfortunately, I didn’t have time to blog about all the neat recent hacks that took place. For this reason I’ll publish this post that basically summarizes the most important (in my opinion) hacks.

- Gregory D. Evans / LIGATT Security Ownage
You can find everything you need at the attrition.org‘s website here. You know, this is one of the attacks that most people knew it was coming and it makes perfectly sense to both the security industry and security enthusiasts seeing Gregory D. Evans getting owned like this.

- Nasdaq Hack
I don’t know anything apart from what’s already public regarding this hack. Consequently, I won’t comment anything here. You can find information in all the major news media sites such as Reuters, CNBC, MSN Breaking News, etc.

- rootkit.com ownage
Most people interested in computer security are aware of rootkit.com which is a community interested in everything about rootkits. It was created on 1999 and many members occasionally release techniques and tools mainly regarding rootkit development. Yesterday their hacked MySQL database was released to public through stfu.cc website.

- HBGary Ownage
Another recent attack to a whitehat is this one. This was a payback attack from the Anonymous who also released more than 4.5GB of private data via torrent which you can find here. Their message to HBGary is:

Greetings HBGary (a computer "security" company),

Your recent claims of "infiltrating" Anonymous amuse us, and so do your attempts at using Anonymous as a means to garner press attention for yourself. How's this for attention?

You brought this upon yourself. You've tried to bite at the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face. You expected a counter-attack in the form of a verbal braul (as you so eloquently put it in one of your private emails), but now you've received the full fury of Anonymous. We award you no points.

What you seem to have failed to realize is that, just because you have the title and general appearence of a "security" company, you're nothing compared to Anonymous. You have little to no security knowledge. Your business thrives off charging ridiclous prices for simple things like NMAPs, and you don't deserve praise or even recognition as security experts. And now you turn to Anonymous for fame and attention? You're a pathetic gathering of media-whoring money-grabbing sycophants who want to reel in business for your equally pathetic company.

Let us teach you a lesson you'll never forget: you don't mess with Anonymous. You especially don't mess with Anonymous simply because you want to jump on a trend for public attention, which Aaron Barr admitted to in the following email:

"But its not about them...its about our audience having the right impression of our capability and the competency of our research. Anonymous will do what every they can to discredit that. and they have the mic so to speak because they are on Al Jazeeera, ABC, CNN, etc. I am going to keep up the debate because I think it is good business but I will be smart about my public responses."

You've clearly overlooked something very obvious here: we are everyone and we are no one. If you swing a sword of malice into Anonymous' innards, we will simply engulf it. You cannot break us, you cannot harm us, even though you have clearly tried...

You think you've gathered full names and home addresses of the "higher-ups" of Anonymous? You haven't. You think Anonymous has a founder and various co-founders? False. You believe that you can sell the information you've found to the FBI? False. Now, why is this one false? We've seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information you've "extracted" is publicly available via our IRC networks. The personal details of Anonymous "members" you think you've acquired are, quite simply, nonsense.

So why can't you sell this information to the FBI like you intended? Because we're going to give it to them for free. Your gloriously fallacious work can be a wonder for all to scour, as will all of your private emails (more than 44,000 beauties for the public to enjoy). Now as you're probably aware, Anonymous is quite serious when it comes to things like this, and usually we can elaborate gratuitously on our reasoning behind operations, but we will give you a simple explanation, because you seem like primitive people:

You have blindly charged into the Anonymous hive, a hive from which you've tried to steal honey. Did you think the bees would not defend it? Well here we are. You've angered the hive, and now you are being stung.

It would appear that security experts are not expertly secured.

We are Anonymous.
We are legion.
We do not forgive.
We do not forget.
Expect us - always.

---

Quick 'n dirty way to read the emails in a human-readable format:
1. Get a client. http://www.mozillamessaging.com/thunderbird/
2. Get a file renaming tool. http://www.bulkrenameutility.co.uk/Download.php (Windows)
3. Rename all the mail files so that they have a .eml extension.
4. Drag & drop them into Thunderbird.
5. Enjoy.		

- EU Carbon Trading Hack
This another of these attacks that I cannot comment since I have zero knowledge beyond what’s already said by the media. So, here are a couple of links for the interested reader… CBS News, The Register, BusinessWeek, etc. This a very interesting subject especially for Greece since it involves data from stolen accounts from Greece among other countries.

I’m fairly sure that there are many more attacks such as the “Egyptian government hacks” one on high profile systems but I’m trying to blog just about the most important (always in my opinion). Feel free to contact me if I missed some cool recent hack. :)

About these ads

Written by xorl

February 7, 2011 at 05:41

Posted in hax, news

4 Responses

Subscribe to comments with RSS.

  1. Very impressive the HBGary Ownage Annonymous letter. I don’t know of where the HBGary – Annonymous war come from, but is seems that that HBGary deserves what happened to him.

    Sorry for my bad english.

    P.S.: First comment in xorl. I really think that this is one of the best blogs in the net.

    See you.

    Newlog

    February 7, 2011 at 13:13

  2. Isn’t it rather awkward to distribute this over p2p? Wouldn’t many of the seeders/leechers be members of Anonymous?

    GMT

    February 7, 2011 at 19:48

  3. Actually rootkit.com db was released on rootkit.com, under this link:

    http://www.rootkit.com/mysqlbackup_02_06_11.gz

    Surprisingly the link was stile live many hours after the attack.

    ikoz

    February 8, 2011 at 02:04

  4. To date, we have uncovered at least 1260 (and counting..) rootkit.com accounts with email/password pairs reused to login to http://twitter.com.

    The test was done automatically with ‘mechanize’ with random selection of accounts that use @gmail.com.

    There are 11380 accounts that use @gmail.com. This translates into over 10% password reuse rate.

    The work is being published at http://dazzlepod.com/rootkit/

    An independent research indicates >30% password reuse rate based on their study on rootkit.com and Gawker accounts:

    http://www.lightbluetouchpaper.org/2011/02/09/measuring-password-re-use-empirically/

    Dazzlepod

    February 18, 2011 at 15:06


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 64 other followers