Displaying items by tag: Hacking

It seems that nothing is sacred anymore as someone has hacked Sesame Street’s YouTube channel. The channel was hacked on Sunday and all of the content replaced with Porn. On the profile page was a note from someone claiming responsibility for the attack (See Below). So far one of the people listed has already denied any involvement in the attack. The inappropriate content was visible for about 20 minutes before Google’s own internal mechanisms shut it down for “repeated or severe violations of our Community Guidelines.".


The attackers replaced the profile information with the statement below;
“WHO DOESN'T LOVE PORN KIDS? RIGHT! EVERYONE LOVES IT! IM MREDXWX AND MY PARTNER MRSUICIDER91 ARE HERE TO BRING YOU MANY NICE CONTENT! PLEASE DON'T LET SESAME STREET TO GET THIS ACCOUNT BACK KIDS :( PLEASE...LET ME AND MRSUICIDER91 HAVE IT AND WE GONNA MAKE ALL THE AMERICA HAPPY!”

This latest attack shows just how vulnerable YouTube is and how important it is for companies to maintain security on their sites. It also is a good lesson for parents that forget how bad the Internet can be. There really is no place where you can just let your kids browse freely, even sites like Disney.com can be hijacked and replaced with something bad.

Stunts like this are rather distasteful and while I have supported (to a limited degree) many of the “activist” activities in the hacking community I feel that a single act like this ruins any positive actions that are currently on-going. I do wonder how long it will be before the conspiracy theories about this start popping up though. In the mean time I hope that the community find and “corrects” the people that are responsible whoever they turn out to be.

Discuss this in our Forum

When you think about social activist groups you often think of Green Peace, or maybe the Suzan Colman foundation, perhaps your mind may hit on groups like the Shriners. I do doubt that you think of Anonymous. When Anonymous comes to mind many people (too many perhaps) think “Hacker!” and all that this negative title has to offer. Anonymous does have only themselves to blame on this one though as through the years many of their members have perpetrated some very unsavory acts. The one that really comes to my mind was the releasing of personal information (including home addresses) of police officers. This act (which was, from what I hear, very unpopular even inside Anonymous) put many innocent people in danger; spouses and children to be exact.  

So we are sure that the question that must be mulling around in the heads of some of the more clear thinking members of the ever changing group is; “How to change the way Anonymous is viewed by the world?” They can no longer just hack companies and gain the same level of response they once did. Defacing a web site is becoming as common and mundane as graffiti painted on the wall of an abandoned building. Sure people look at it, read about it, and then file the incident away in the “just another hacker” section of their minds.  Anonymous needs something to work with that still has mystique but also hits these companies where it counts.

To accomplish this Anonymous has started their own analysis group. This group is reportedly staffed by Anonymous members whose regular jobs are in the Legal, Financial and Analytical world already. Together this new offshoot will use cough “unconventional” methods to identify and expose fraudulent activity and (as they put it) bad corporate stewardship.  This type of “attack” is something that the rest of the world can understand (if not get behind). After all, while the methods differ drastically then results are identical to what the judicial branches of our respective governments claim they are working towards.

Still it is very hard to get a good feel for the motives and psychology of a collective like Anonymous. Usually to find this you look at the movies and ideology of the leader(s). With Anonymous there is no stated leader and there is no group in control. It truly is a collective. Anyone can make a suggestion and those that agree jump in. This is Anonymous’ strength and weakness. As we have seen the smaller splinter groups that have cohesion are quickly infiltrated and run to ground by law enforcement. So while not having a leader helps prevent this, it also makes keeping focus nearly impossible. This is what is responsible for the many projects that have simply died out, or never even started on the date in question. This makes me wonder how long the analytics group will stay focused and if this effort will be enough to maintain momentum, which as we have said is one of the downsides to being a true collective.

Personally, I really hope that this project can meet their stated ends and uncover some of the corruption and fraud that does exist out there. I hope that it is successful enough that some of the more subversive plans and elements will turn their efforts to this instead of releasing information that has the potential to harm innocent people; something that Anonymous claims to be very much against.

Discuss this in our Forum

With all the news about Facebook today I was reminded of something that was talked about almost a month ago. This is the threat against Facebook from Anonymous stating that on November 5th they will take a social networking giant off of the net. I began to think about the pros and cons of that threat and was wondering if it made any sense to make that claim. On the one hand there is no denying that Facebook is becoming more and more arrogant. They are making changes that are not liked and often implementing services that there is no way to opt out of. This is the type of thing that makes people leave a site like Facebook. We have watched as they, much like Google, have brushed privacy concerns aside and in the case of some features risked the safety of their users (with the auto tagging feature). Yet they have pushed ahead with these things. This all on its own would have provoked many of the Anon clan in to action.

However, on the other hand Facebook represents something that Anon does believe in; Freedom of expression. Sure you cannot post anything you want and there are rules, but it is a form of global mass communication on a scale that nothing else can match. Taking it down would be to go against some of the foundations that Anon stands on; Free Internet, Free Speech and Free Expression.

I would not be surprised to find out that there are some arguments going on right now over if they should or should not take down Facebook on the 5th of November. Remember Anon is not a group but a collective “We are Legion” is in every statement they put out. Lately this statement seems to have broken down as more and more splinter groups pop up with a “leader” These groups are at odds with each other at times and if the rumors are true there is something of an underground war going on in the community. My guess is that some Anon “members” are not happy with the way things are going and what groups like Lulzsec, and others are doing when they release personal information on the families of police officials or informants and put their very lives in danger.  This kind of behavior and this type of in-fighting could be a serious blow to Anon and could in some cases lead to the authorities catching more and more participants.

As for Facebook and the 5th of November… I think they are safe, but not because Facebook is secure or well coded (it is not). It is because Facebook really does represent Freedom of speech and expression; even if the owners are rather arrogant and foolish.

Discuss in our Forum

Anonymous has announced they intend to bring the social networking (notworking?) site Facebook down on November 5th.  You might be wondering why Anon would go after Facebook when its founder Mark Zuckerberg has been idolized as a geek and a hacker in many biograph

ies and books.

Plus isn’t Facebook a place where information is freely shared by those that want to share it? Most would have thought that Facebook of all places would be safe. However, it is not and here is why.

This first thing is that Facebook has in the past taken liberty with its user’s images, personal information and has been rumored to pass information along to government agencies in people or groups that may use, let’s say inflammatory language. It has also been rumored (one that no one has been able to confirm) that Facebook maybe allowing advertiser (or governments) to view users preferences and possibly actual pages.  We do know that Anonymous believes this at the very least. Now all of this would be good enough reason for the group of hackers with a cause, but there is more and this is possibly one of the real reasons. You see Facebook is getting ready to launch a facial recognition API that can pull data on people tagged in pictures from sources around the net. It is also rumored to be able to match aliases from dating sites, forums, etc. as long as the API can link the real name with the screen name. This massively privacy invading bit of software has already been declared illegal in Germany and w

e have hopes that other countries will follow.  We believe this is what Anonymous is actually alluding to when they say “for the sake of your own privacy”.  

Much of the rest of their press release (shown in its entirety below) also has truth in it. According to the same German lawmakers that want the Facial Recognition API removed, Facebook makes the removal of the data collected by the software almost impossible to delete even after the image that person was tagged in it removed from the profile.  We think this is what Anon is talking about when they say “your personal info stays on Facebook and can be recovered at any time”, but it is also true that what you put in Facebook stays on Facebook even when you leave.

So will Anon bring down Zuckerberg and his social networking/ information collection site, or is this another threat that the group will lose interest in before the date they have set aside. A date that hold special meaning to the British and which was immortalized in the move “V for Vendetta”. Will Zuckerberg prepare and harden the Facebook servers? I guess we will see on November the 5th.

Discuss this in our Forum

As the BlackHat conference kicks off in Vegas we hear rumors that some of the global Supervisory Control and Data Acquisition (SCADA) hardware is vulnerable over the internet. Although this is really nothing new what is new is that you can often find this hardware just by running the right searches on Google. According to Tom Parker, CTO at FusionX if you know the right strings and the devices you are looking for either have an embedded webserver or are connected to a system that is connected to the internet then you can send it control commands that can not only operate the equipment but could also cause permanent damage to it. Think of the scene in Die Hard 4 when the “bad guys” sent the commands to open up valves along the natural gas lines. This may sound far-fetched but it is not really.

The problem is that these devices are not sophisticated in the way we think about them. For example one that was used in the presentation is a PLC (Programmable Logic Controller) that they purchased with an embedded webserver (usually for easier operation) with this Parker’s team was able to find certain hardware strings and use Google to identify other PLCs on the internet. One even had a password attached to it. These controllers should never be on the internet as once they are compromised a malicious person (or persons) can wreak havoc on the systems they control.

If you ever wanted a clearer indication that the global infrastructure is vulnerable or that the old school corporate society is ignorant of how the world operates; here it is.  We said earlier to imagine Die Hard 4’s “Fire Sale” well in that scenario the hackers had to break into the system; in real life most of the control devices that can be located on the internet are not password protected, use no form of encryption (or simply cannot) and will not work with authentication… Scary when you get right down to it.

Source CNET

Discuss this on our forum

Anon has something of a reputation (like you did not know that). Its reputation is often enough to put fear into people or corporations. So when Anonymous put out a call on their IRC channel targeting PayPal and asking for a mass walkout. Many people left, we would be willing to wager that many of these left because they were scared of Anon hacking the internet bank (yes PayPal is a bank). Of course you have to wonder about why Anon would target PayPal in the first place… Well that is a pretty long story.

Anyone remember Charlie Miller? He is the guy that has hacked more than his share of Apple products (and won a few PWN2Own contests). Well Charlie is back; this time he has found a hole in Macbook Batteries that can allow full control of the Macbook including uploading small programs that are undetectable by virus scanners. The reason they are undetectable is that the code is hidden inside the battery firmware.  Charlie was able to get inside the firmware after digging through it and finding the passwords that allowed him access. Due to Apple’s tendency to use the same password for each line of its products (like the iPhone) it was very easy to spread this exploit to other systems.

Yesterday we were sent a link to some interesting news about a nation-wide crackdown on suspected Anon members. This even included a “hacker” that is fairly close to where I live. The total number of people that were collared was around 15. The FBI and other agencies were very pleased with the day’s activities and went on to say that this was a “major arrest”. However was it really? Do the news or Law Enforcement agencies involved have any clue as to what is really going on? One little indicator that they do not comes up with their timeline; according to most media sources Anon starts as a result of the WikiLeaks incident. However most of the groups involved with Anon pre-date that by many years (in fact Anon does as well).