Author Archives: Ulrik
4:20 international cannabis dag
I anledning af den internationale cannabis dag er mennesker begyndt at stimle sammen på pladsen foran Christiansborg. Der er tradition for at begynde indtagelsen af det forbudte rusmiddel kl 20 minutter over fire, men allerede flere timer før er folk begyndt at samle sig på pladsen.
Anonymous UK slår til
Forleden dag lukkede et DDos angreb flere statslige hjemmesider i England. Og aktionen lader til at fortsætte, noget lader til at være planlagt til den 14. april
Aktionerne sker, i følge AnonOpUK, i protest mod beslutningen om at udlevere tre brittiske statsborgere til retsforfølgelse i USA.
Samtidigt har Anonymous iværksat en kampagne mod CISPA (Cyber Intelligence Sharing and Protect Act), et amerikansk lovinitiativ i stil med de ellers nu kuldsejlede PIPA og SOPA initiativer. En international underskriftindsamling blev 5. april igangsat via AVAAZ.org, idag, efter en uge, har foreløbigt lidt mere end 628.000 personer skrevet under.
Lulzsec arresteret
I følge New York Times har myndighederne i Chicargo, i Irland og i Storbritanien arresteret fem personer, der sigtes for at stå bag hackergruppen LulzSec / AntiSec. De fem personer skulle angiveligt stå bag disse handles: Kayla, Topiary, Pwnsauce, Palladium og Anarchaos. Arrestationerne sker i forbindelse med at Hector Xavier Monsegur har erkendt sig skyldig i 12 anklager for at skaffe sig uautoriseret adgang til computersystemer. Mr. Monsegur har skrevet på twitter under navnet The Real Sabu.
Det fremgår af New York Times at ‘Sabu’ de sidste par måneder har samarbejdet med myndighederne.
Gensyn med en klassiker
Fra Chaplins “Diktatoren”, desværre lige så aktuel i dag som for 70 år siden.
Stop ACTA
Her en god forklaring på hvad ACTA er:
Anonymous hacker Gækenlands justitsministerie
update: 24 timer senere er det eneste der findes på siden denne tekst: “This site is under construction”
Her er hvad der kunne ses på det Græske justitsministeries hjemmeside efter at Anonymous igen har været på spil:
Hvis man altså overhovedet får noget svar fra serveren, som, medens dette skrives, lader til at være sat helt ud af spillet efter et velkoordineret ddos angreb. Der er kun en vej ud af gældskrisen for Grækerne: revolution!
Det er valgår i USA
Primærvalget er i fuld gang i USA. Så kan vi andre blot håbe på at den bedste mand vinder.
Operation M4yh3m
I et “Official Emergency Communique” gør hacker fællesskabet ‘Anonymous’ status over en række angreb, rettet imod amerikanske sikkerhedsinstitutioner.
[*] STRATFOR.COM
1. Over 75,000 credit cards with name, address, company, and cvv information.
2. Over 860,000 names and addresses to all Stratfor's past and present "private client list"
3. 25,000 tickets for their it.stratfor.com support system
4. Mail Spools (were handed over to professionals: coming soon!)
[*] NYCHIEFS.ORG
1. Mail spools for 10 NY Police Chiefs
2. Over 300 usernames and md5-hashed passwords for all NY Chiefs
3. Several "Law Enforcement Sensitive" and "For Official Use Only" documents
[*] CSLEA.COM
1. Mail spools for 3 CSLEA employees including the webmaster Ken Fair
2. Credit card information for over a hundred agents and supporters
3. 2500 cleartext, user-supplied passwords of all CSLEA members
4. Various stolen database files for internal forums and other portals
[*] SPECIALFORCES.COM
1. Usernames, passwords, emails, addresses, & phone numbers for 14k customers.
2. Credit card information for 8,000 customers.
At dømme ud fra indledningen til dokumentet, der iøvrigt omfatter en omfangsrig log af angrebne, så lyder det ikke som om vi har set det sidste til Anonymous endnu:
Welcome comrades around the world and thanks for joining us for our end of the year crime spree. 2011 is over and what a chaotic year it's been: brutal tyrants and inept dictators were overthrown while multinational corporations and lazy security contractors were systematically targeted for embarrassment and elimination. Was it the year of protests, occupations, revolutions? The year of the hacktivist? Looking back, we’re not quite sure what the hell it was, but we certainly had lots of laughs contributing to the mayhem by owning pretty much anything and everything we wanted to.
Did you enjoy looting and plundering the pocketbooks of the rich and powerful during Lulzxmas? Did you enjoy using and abusing the personal emails and passwords of feds and corporate executives? How about all those "Law Enforcement Sensitive" documents stolen from NY police chief emails? And that epic cslea.com defacement on New Years Eve? Yes, many lulz were had during this past week, and rest easy fellow pirates, that was only a taste of the chaos to come.
We're ringing in the new year with another exciting #antisec zine release, and this is a big one. Lots of servers were rooted and rm'd. More than a few clueless sysadmins had their .bash_history and mail spools spilled. A lot of cops got doxed — shit, with all the live passwords being dropped here one could easily own police departments in nearly every U.S. state.
To match this truly epic hacking spree, we also had to go on an epic shopping spree. In an act of loving egalitarian criminality, we used company credit cards to make donations to dozens of charities and revolutionary organizations, including the Bradley Manning Support Organization, the EFF, the ACLU, CARE, American Red Cross, Amnesty International, Greenpeace, some commies, some prisoners, various occupations, and many more unnamed homies. It took weeks of hard work, but it paid off: to the tune of over $500,000 dollars liberated in total. Some examples we publicized were eventually returned: other payments made more discretely were confirmed to have been received and changed to hard cash. Of course, we had to engage in some pranks as well. What’s life without a little laughter at the expense of the 1%? We sent Pop-Tarts to the sysadmins with the hopes they would appreciate the humor. We also transferred to ourselves some form of anonymous currency that can't be traced or returned. Maybe we even sold or traded some of these cc dumps and password lists with other black hat comrades for botnets and 0days. Fuck em' if they can't take a joke!
While we attacked the institutions of capitalism, it would only make sense to attack those who enforce it, the inherently oppressive protectors of property and purveyors of social control; the pigs, the fuzz... the police. Do you remember a month ago when the mayors of over eighteen major cities in the U.S. collaborated with the swine to launch a coordinated attack on Occupation sites? The indiscriminate, and unprovoked, arrest and brutalization of thousands of protesters? We the 99% face an endless cycle of evictions and layoffs, while the powerful elite laugh all the way to the bank, comforted by their lucrative federal contracts and billion dollar bailouts. All our lives we have been robbed blind, and now it's time to start pointing our guns in the right direction.
In retaliation for this unprovoked, premeditated police-state brutality, we executed our own raid against New York and California police targets. And no, we will not be using pepper spray or tasers: we'll leave that for the boys in blue. Did you think we forgot? Did you think we would let you kick us out of our parks, teargas us, send veterans to the hospital, and conspire with other police forces to repress our uprising? We do not forgive, we do not forget: our vengeance will swallow you whole, and we will shit you out in to a place more hellish than the prisons you fill.
On New Years Eve, our while revolutionary comrades brought the noise to the front of jails across the world in support of the incarcerated, we were opening fire on the websites and emails of the 1%, publishing stolen information from police departments in both California and New York. From coast to coast we lulzed as we hit the top police chiefs: skimming their private email and Facebook accounts, blissfully abusing their internal law enforcement portals, and making off quick with their private documents which we then published on tor hidden services and BitTorrent. Finally, we defaced their websites and rm'd their servers, live on IRC and Twitter for the whole world to see.
While we attacked police targets, we also decided to go after their supply chain. We bring you the full story of how we gutted the military and law enforcement equipment supply store, SpecialForces.com. Truth be told, we had been keeping quiet about this particular target for a time while we lived large off its pillaged goods. However, just prior to this release, a former member leaked the cleartext password lists, and some media picked up on it. Now that the jig is up, the full story of this owning can be told. To top this target off, we threw in some credit cards and home address info to thousands of their mostly military and police customer base. Hope they don't mind. Just kidding.
We're calling upon all allied battle ships, all armies of darkness, to rise up and use and abuse all the personal information of these tyrannical agents and supporters of the 1%. You wanted lulz? With the sheer amount of passwords, credit cards, and mail spools we plastered all over the internet, you can guarantee that the richest and most powerful people will continue to get owned hard well into 2012.
Læs hele balladen her.
Anonymous vokser i styrke
I et “Official Emergency Communique” gør hacker fællesskabet ‘Anonymous’ status over en hel række af angreb rettet imod amerikanske sikkerhedsinstitutioner og offentliggør en omfangsrig log. I slutningen af dokumentet ses der også fremad:
/*******************************************************************************
OUTRO: FOR THE LOVE OF TEH LULZ, WAREZ, AND REVOLUTIONZ
*******************************************************************************/
Thanks for joining us for our epic end of the year hacking spree. We hope you had as much fun reading this text file as our enemies have had crying about it. Too bad, NY Police Chiefs. So sad, CSLEA. And Stratfor, umad? Get used to failing hard because this is 2012 now, and you had better believe all hell is busting loose.
These conclusions usually end with more political rants, leetspeak, bragging and scene drama, but these days we are just too busy owning shit. We believe our history of high profile ownings speak for themselves. However in the aftermath of some of these hax there have been a number of rumors and accusations floating around questioning our motives or doubting our legitimacy. Who are these voodoo haxors owning all these targets? Was this not the work of Anonymous?? Why is Barrett Brown such an attention whore?? Is Antisec an inside job!? A false flag operation?!? Do they really shag top models??!!
Of course the mainstream media, right-wingers, conspiracy theorists and other nattering nabobs of negativism are always picking up on any perceived or invented 'disputes' or 'splits' within Anonymous in a vain display of yellow journalism in order to discredit and divide us. It is hard to believe that anyone can take seriously any random 'emergency anonymous statements' on pastebin that condemn other operations, since there is no central leadership, no party platform, no top down hierarchy, no lotus domino nor sap, no one in any position of authority to decide what is or isn't 'official'. Whether this is the work of butthurt Stratfor customers, spineless pacifists, pro-sec player haters or advanced counter-intelligence operations remains to be seen.
Yes this week of mayhem was our work, the work of Anonymous: sporting team colors, we hacked all them servers and dropped all them databases. We spend most of our time underground, frequently changing names and bouncing between boxes, only surfacing to wreak havok against the servers of our white hat corporate enemies and gloat about our antics through dozens of Twitter accounts and IRC servers. Though we have chosen to work as Anonymous, the fact is we have been around owning shit for many many years before Anonymous hit the scene. We have watched our fellow Anons mature over the years as they became more politically conscious, started attacking more relevant targets, and was learning some coding and intrusion skills. Finally, after watching the hilarious reaction of some of Anonymous's targets as they raged, we decided to throw our black hat into the fight and get down with teh lulz. We are anonymous, we are rocking hard, and everyone is welcome to join the popular front and be proud to be part of it.
The underground has raised some concerns regarding what many see as younger script kiddies without talent or discipline. We are similarly frustrated with the amount of half-owned targets prematurely ejaculated on pastebin, and the rampant use of public exploit code without understanding the vulnerabilities behind it. Let's clarify these issues with the hopes someday these kiddies will finetune their skills and become dang up someday and become hackers on their right after having learnt from their own fails hard way, we point to keep in mind we never let the enemy know how and when we're gonna strike: we do not announce our targets ahead of time. We quietly break in, own everything in sight, own some more, and only then release teh dumps-- after we make sure everything's fully exploited and malware well placed. But you will never see us reveal our initial intrusion techniques, publish exploit code, or notify vendors: We do not just support the non-disclosure movement, we actively attack the corporate security industry: a long trail of rm'd boxes, password dumps and mail spools from state contracted security and intelligence corporations will testify to this.
We kicked off this operation more than six months ago with every intention on bringing the black hat ruckus, the armed insurrectionary fury to Anonymous. In that time, we have demonstrated how HBGary, ManTech, IRC Federal, Vanguard Defense Industries, and Booz Allen Hamilton contract with the federal government to develop technology to monitor and suppress anyone deemed "dissident." When our comrades were brutalized and arrested, we delivered swift retaliation against police targets in Arizona, Texas, and several other southern states. We have proven our capabilities and intentions, repeatedly demonstrating that even the most invincible of corporations and government institutions will crumble.
So here we are, looking into this new year, looking for new adventures, looking for new troubles. Join us in this hacker class war, this battle for freedom. This is our time to rise, this is our call to fight. We will wage guerrilla war on the internets and in the streets, and you better expect us, because none of us are as cruel as all of us.
Læs hele balladen her.
The Stratfor Hack
Her er lidt af Anonymous redegørelse for angrebet mod Stratfor, Austin, Texas.
/*******************************************************************************
ANTISEC DISMANTLES STRATFOR, A MULTI-MILLION DOLLAR INTELLIGENCE CORPORATION
*******************************************************************************/
Soundtrack to the Rev Track #1 - Dead Prez - Hell Yeah
"I know a way we can get paid, you can get down but you can't be afraid
let's go to the DMV and get a ID, the name says you but the face is me
now it's yo' turn take my paperwork, like 1,2,3 let's make it work
fill out the credit card application, it's gonna be bout three weeks of waitin
for American Express, Discover card, Platinum Visa Mastercard,
when we was boostin' shit we was targets, now we walk right up & say charge it
to the game we rockin' brand names, well known at department store chains
even got the boys in the crew a few thangs, Po Po never know who true blame
store after store ya' know we kept rollin' wait 2 weeks report the card stolen
repeat the cycle like a laundrymat, like a glitch in the system hard to catch
comin' out the mall, with the shopping bags, we take 'em right back & get the
cash yeah, get a friend and do it again, damn right that's how we pay the rent
In this release, we will detail the lulzy and agonizing death of Stratfor.com, a premiere "global intelligence" company out of Austin, Texas. Long story short, they got owned hard. Really hard. The sheer amount of destruction we wreaked on Statfor’s servers is the digital equivalent of a nuclear bomb: leveling their systems in such a way that they will never be able to recover. We rooted box after box on their intranet: dumping their mysql databases, stealing their private ssh keys, and copying hundreds of employee mail spools. For weeks we used and abused their customer credit card information (which was all stored in cleartext in their mysql databases), eventually dumping all 75,000 credit cards and 860,000 md5-hashed passwords of their "private client list". And if dumping everything on their employees and clients wasn't enough to guarantee their bankruptcy, we laid waste to their webserver, their mail server, their development server, their clearspace and srm intranet portal and backup archives in such a way that ensures they won't be coming back online anytime soon.
"But why Stratfor?!" came the cries from many butthurt customers, right wingers, confused pacifists, and many others who have never even heard of Stratfor until we blasted their asses off the internet. Now those who are already familiar with Antisec know we have always had a burning hatred for the security and intelligence industries (especially private companies with lucrative federal contracts). After all, these white hat "professionals" work for the corrupt governments and multi-national corporations to develop and protect technology that allow the oligarchical elite to better monitor and repress the general public while plotting for global financial and military dominance. They protect their assets and systems, while providing "accurate" and "non-ideological" intelligence and risk forecasts which the rich depend on to maintain global market stability. Bet they didn't see this coming. Should have expected us. We found out that just like the cracks in the armor of global capitalism, their professional looking website was vulnerable as hell. Despite all their expensive degrees, meaningless certificates, and padded resumes of the elite, they remain woefully clueless in all matters related to security.
Besides the internal email correspondence between Stratfor and their "private clients" (which are sure to be quite revealing and embarrassing), what we were really after was the names, addresses, passwords, and credit cards to their customers. Who really pays $39.95 a month for daily right-wing political spam and access to a shitty drupal site? The DHS, FBI, Army, Navy, Bank of America, Raytheon, BAE, Lockheed Martin, Merrill Lynch, BP, Chevron, Monsanto, KBR, Booz Allen Hamilton, Microsoft, International Monetary Fund, and the World Bank are just a few on this list made up of the mightiest corporations and government institutions that exist. We shook the rotten tree of Stratfor and some ugly ass ducklings tumbled out: notorious war criminals Henry Kissinger, Paul Wolfowitz, ex-Vice President Dan Quayle, former CIA director Jim Woolsey, and many, many more. Australian billionaires Malcolm Turnbull and David Smorgon? They're on it. So is Nick Selby from "Police Led Intelligence" who advises pigs on how to secure their systems. Fuck, even notorious white hat right-wing snitch Thomas Ryan from "Provide Security" is up in this shit. And we're really asked why we hit Stratfor!? About the only person we felt bad about doxing was Harry Shearer. Besides the massive headaches these rich scumbags will have to go through to try to recover all their ill-gotten cash, the password information in these databases will ensure many future ownings of the 1%. So we decided to dump it all - not only because we wanted to share the lulz with everybody, but because we wanted to bring absolute mayhem upon the exploitative capitalist system in which Stratfor and it's clients perpetuate. Suckaa!!!
The question is, will Stratfor ever recover? If they manage to clean up the remains of their charred servers, analyze the source of the breach and attempt to put up new websites with the hopes we won't be back for more, will they ever survive as a corporation? Who will trust them ever again? How are their customers going to feel when they realize how hard they've been owned? Will anyone ever take their analysis and risk predictions seriously again? We're excited to hear all the embarrassment and controversy that will ensue in the fallout of this epic death of a corporation, but we'll let the researchers and journalists handle all that.
We don't normally give out security advice, but here's some for free: next time, consider running a free service.
/************************************************
*** HILARIOUS QUOTES FROM OWNED SYSADMINS !!! ***
************************************************/
// TO KICK IT OFF, SOME INSPIRING WORDS OF WISDOM FROM IT MANAGER FRANK GINAC:
"You do realize how preposterous it is to suggest that stratfor simply shutdown completely for 2 days, right? The plan that you've attached paints a gloom and doom picture claiming no chance that such a move will succeed. Does that really seem a rationale conclusion?"
// YOU DONT EVEN KNOW THE EXTENT OF THE GLOOM AND DOOM WE HAVE PLANNED, FRANK
"Attended the TakeDownCon security conference. Focus of the conference was on wireless and mobile security. No vendors pushing product or service at this conference. Instead, great presentations by renowned white hat hackers (good hackers) and security experts. Bottom line is that no mobile platform is secure, including the Blackberry, but there are best practices that minimize the risk of their use within the enterprise. We will be incorporating these best practices in our operation over the coming months."
// INCORPORATING PRACTICES FROM "GOOD WHITE HAT HACKERS"? HOW'D THAT WORK OUT?
"It blew my mind to discover that our email server backups are being stored on the same physical server. I'm affectionately referring to these little discoveries as 'Mooney turds'."
// SO SAD WE RM'D YOUR MAIL SERVER AND ALL BACKUPS, FRANK
"Most if not all of us use professional and social networking sites like LinkedIn and Facebook. All offer levels of privacy ranging from wide open where everyone can see your profile, activities, and posts to closed allowing only your immediate connections (or friends) access. As a private intelligence company we must all take extra care to protect our personal information from those who would use that information to exploit us personally or professionally. Although we don't have hard and fast rules on how to set your privacy settings nor do we restrict use of such sites, I suggest that you temper your need to share with prudence and consider the business that we are in. It's also important to check your privacy settings regularly to ensure that the sites you use haven't changed the meaning or scope of privacy settings -- we've all heard or read the news regarding this practice at Facebook. I suggest that you never include any information in your profile -- regardless of privacy setting -- that could be used to compromise your identity. Specifically, never include: your birth date, your exact street address (although this information can usually be found on the web quite easily), your cell phone number, SSN or other government issued ID number (that should be obvious), or any other information that someone could use to compromise your identity if your account were compromised."
// EVEN WITH ALL THE BEST SECURITY PRACTICES LEARNED FROM THE "RENOWNED WHITE
// HAT HACKERS" WE STILL MANAGED TO STEAL ALL YOUR PERSONAL INFORMATION. UMAD?
//
// Frank Ginac CC Number: 376792323491009 Expiration: 5/2014 CVV: 9385
// Pass (md5): 6c0e721556401ce239ad454e83f0dc60
// Phone: 512-788-3882 Address: 7901 Bee Caves Road #23 Austin, Texas, 78746
"I've called IT again, about both email problems and the fact that the site's down again. There's a ghost in the machine, apparently. It's been a crazy night. Cheers! " // ^ UJELLY, MITNICK?
// THE SENIOR PROGRAMMER KEVIN GARRY GETS WIND SOMETHING AINT RIGHT
"just logged into prod and seeing this in logs (/var/logs/php/php.log)
[06-Dec-2011 20:33:04] PHP Fatal error: Call to undefined function myshellexec() in /var/www/vhosts/www.stratfor.com/includes/common.inc(1707) : eval()'d code on line 11
last shows a lot of concurrent autobot users - rsyncing get hosed up maybe? df on prod seems fine. can we get a full list of any recent changes please""
// BETTER CALL UP OUR TALENTED NEW SYSADMIN NICK GERON
"Re: changes between 3:15a and 4:30a? Major changes in the cabinet. Please send any IP/hostname/dns/whatever weirdness you see my way and I'll try and track it down. Been fighting this cabinet all night. -Nick"
// HOT ON OUR TRAIL!! HAVE WE BEEN DISCOVERED?
On Dec 9, 2011, at 22:16, Nick
> Due to an as yet undetermined cause, there was a significant amount of load on www this evening starting sometime after 6:55PM (first alerts just before 7). Cacti graphs for memory and traffic on www and db2 do not indicate that there was an increase in demand. The only anomalous data point is the increase load/queued processes reported. Unfortunately, I have yet to have time to get detailed diagnostic monitoring up and running, otherwise I would likely have been able to pin down the source. Logs may yet reveal something worthwhile.
>
> Once on the system, I discovered apache processes were consuming the majority of CPU and RAM resources - so much so that the host was swapping heavily. After an apache restart, load quickly dropped to normal levels. This is unlikely related to a (D)DoS attack due to the rapid recovery following the restart and the lack of abnormal traffic patterns.
>
> Inspection of the logs revealed that a local process initiated an initialization script driven restart several times. This led me to another Mooney easter egg. There is a script (/root/apacheup.sh) configured to grab robots.txt from the site via wget and if it fails, will stop/kill and start apache. Looking at the times for this scripted activity shows that they line up with nagios reports that the site was down. There is some question in my mind if the way the script is written could have left orphaned processes around, which after three cycles sapped all available resources. That needs more thought. Its hard to say definitely without more evidence.
>
> -Nick"
// NICK'S SECURITY ANALYSIS: WHEN IN DOUBT, MAKE SHIT UP AND BLAME SOMEONE ELSE
"At 10:00 AM Central on Friday (12/16), you will be required to reset your email password. This process will take just a few moments and it is a task you can perform on your own. Follow the procedure below:"
// TOO BAD WE ALREADY COPIED ALL 160GB OF YOUR MAIL SPOOLS,
// BUT THANKS FOR THE HEADS UP WE'LL BE SURE TO CAPTURE THE PLAINTEXTS !!
"-------- Original Message --------
Subject: Re: User accounts on website
Date: Wed, 7 Dec 2011 13:05:32 -0600 (CST)
From: Kevin Garry
To: Frank Ginac
CC: Nick Geron
both are stored in the database.
usernames are plain text, passwords are one-way md5 encrypted.
employee accounts are treated the same as subscribers in the current (intranet+billing+consumer setup)
thanks
__________________________________
Kevin J. Garry
STRATFOR, Sr. Programmer
ph: 512.507.3047
em: kevin.garry@stratfor.com
----- Original Message -----
From: Frank Ginac
To: Nick Geron
Sent: Wed, 07 Dec 2011 12:56:18 -0600 (CST)
Subject: User accounts on website
How do we store user login info for accounts on the website? Are usernames and passwords stored in the db? Are passwords encrypted? What about employee accounts?
// ONE WAY MD5 YOU SAY, KEVIN?
// Password: L!@u21c3 CC Number: 4744720059117396 Expiration: 8/2013 CVV: 463
Læs hele balladen her.