STE WILLIAMS

Federal prosecutors filed charges against three men accused of carrying out website attacks as part of an extended campaign linked to the Anonymous hacking crew.

Cody Kretsinger, 23, of Phoenix was accused of participating in a hack of the Sony Pictures website that exposed the names, email addresses, and passwords of thousands of consumers. He was arrested Thursday morning on charges of conspiracy and the unauthorized impairment of a protected computer. He was scheduled to appear in federal court later in the day.

According to an indictment unsealed in Los Angeles federal court after his arrest, Kretsinger was a member of LulzSec, which is said to be a splinter group of Anonymous. The document alleged that from May 27 to June 2, he and his colleagues made “tens of thousands of requests for confidential data” using SQL injection techniques, which pass powerful database commands to a website’s backend system by including them in search boxes and other input fields of poorly secured websites.

Once the gang obtained the data, they posted it online and bragged about the exploit over Twitter, prosecutors said. To cover his tracks, Kretsinger allegedly used the hidemyass.com proxy service, and he completely wiped his hard drive afterward.

Kretsinger’s arrest came the same day that federal officials charged two men with participating in distributed denial-of-service attacks on websites belonging to the County of Santa Cruz, about an hour’s drive south of San Francisco. According to an indictment filed in federal court in San Jose, California, Christoper Doyon and Joshua John Covelli carried out the attacks in retribution for the enforcement of a law that prohibited the overnight camping within the Santa Cruz city limits. The December 2 DDoS assault took the website offline, prosecutors said.

Covelli, 26, of Fairborn, Ohio, was one of 13 people previously charged with participating in the Anonymous-organized DDoS of PayPal in December. His next court appearance is scheduled for November 1.

Christopher Doyon, 47, of Mountain View, California, and Covelli, allegedly were members of the People’s Liberation Front, another Anonymous splinter group. They allegedly used the High Orbit Ion Cannon to bombard the Santa Cruz County servers with more traffic than they could handle, causing damages exceeding $5,000.

In the past few months, dozens of people in North America and Europe have been snared in a trans-Atlantic investigation into a string of attacks attributed to LulzSec and Anonymous. Earlier this month, UK police charged three men and a 17-year-old for various computer offenses, including DDoS attacks in December on PayPal, Amazon, MasterCard, Bank of America, and Visa.

In July, US authorities charged 13 people with participating in the same DDoS campaign, which was waged to punish companies for refusing to process donations to WikiLeaks. Additional arrests have taken place in Spain, the Netherlands, and elsewhere.

Over the past 18 months, Anonymous and its offshoots have engaged in a DDoS and hacking spree that’s also hit the Public Broadcasting System, Arizona law enforcement officers and others.

If convicted, Kretsinger facest a maximul sentence of 15 years in prison. Doyon and Covelli face as much as 15 years. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/22/anonymous_arrests/

Federal prosecutors filed charges against three men accused of carrying out website attacks as part of an extended campaign linked to the Anonymous hacking crew.

Cody Kretsinger, 23, of Phoenix was accused of participating in a hack of the Sony Pictures website that exposed the names, email addresses, and passwords of thousands of consumers. He was arrested Thursday morning on charges of conspiracy and the unauthorized impairment of a protected computer. He was scheduled to appear in federal court later in the day.

According to an indictment unsealed in Los Angeles federal court after his arrest, Kretsinger was a member of LulzSec, which is said to be a splinter group of Anonymous. The document alleged that from May 27 to June 2, he and his colleagues made “tens of thousands of requests for confidential data” using SQL injection techniques, which pass powerful database commands to a website’s backend system by including them in search boxes and other input fields of poorly secured websites.

Once the gang obtained the data, they posted it online and bragged about the exploit over Twitter, prosecutors said. To cover his tracks, Kretsinger allegedly used the hidemyass.com proxy service, and he completely wiped his hard drive afterward.

Kretsinger’s arrest came the same day that federal officials charged two men with participating in distributed denial-of-service attacks on websites belonging to the County of Santa Cruz, about an hour’s drive south of San Francisco. According to an indictment filed in federal court in San Jose, California, Christoper Doyon and Joshua John Covelli carried out the attacks in retribution for the enforcement of a law that prohibited the overnight camping within the Santa Cruz city limits. The December 2 DDoS assault took the website offline, prosecutors said.

Covelli, 26, of Fairborn, Ohio, was one of 13 people previously charged with participating in the Anonymous-organized DDoS of PayPal in December. His next court appearance is scheduled for November 1.

Christopher Doyon, 47, of Mountain View, California, and Covelli, allegedly were members of the People’s Liberation Front, another Anonymous splinter group. They allegedly used the High Orbit Ion Cannon to bombard the Santa Cruz County servers with more traffic than they could handle, causing damages exceeding $5,000.

In the past few months, dozens of people in North America and Europe have been snared in a trans-Atlantic investigation into a string of attacks attributed to LulzSec and Anonymous. Earlier this month, UK police charged three men and a 17-year-old for various computer offenses, including DDoS attacks in December on PayPal, Amazon, MasterCard, Bank of America, and Visa.

In July, US authorities charged 13 people with participating in the same DDoS campaign, which was waged to punish companies for refusing to process donations to WikiLeaks. Additional arrests have taken place in Spain, the Netherlands, and elsewhere.

Over the past 18 months, Anonymous and its offshoots have engaged in a DDoS and hacking spree that’s also hit the Public Broadcasting System, Arizona law enforcement officers and others.

If convicted, Kretsinger facest a maximul sentence of 15 years in prison. Doyon and Covelli face as much as 15 years. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/22/anonymous_arrests/

Federal prosecutors filed charges against three men accused of carrying out website attacks as part of an extended campaign linked to the Anonymous hacking crew.

Cody Kretsinger, 23, of Phoenix was accused of participating in a hack of the Sony Pictures website that exposed the names, email addresses, and passwords of thousands of consumers. He was arrested Thursday morning on charges of conspiracy and the unauthorized impairment of a protected computer. He was scheduled to appear in federal court later in the day.

According to an indictment unsealed in Los Angeles federal court after his arrest, Kretsinger was a member of LulzSec, which is said to be a splinter group of Anonymous. The document alleged that from May 27 to June 2, he and his colleagues made “tens of thousands of requests for confidential data” using SQL injection techniques, which pass powerful database commands to a website’s backend system by including them in search boxes and other input fields of poorly secured websites.

Once the gang obtained the data, they posted it online and bragged about the exploit over Twitter, prosecutors said. To cover his tracks, Kretsinger allegedly used the hidemyass.com proxy service, and he completely wiped his hard drive afterward.

Kretsinger’s arrest came the same day that federal officials charged two men with participating in distributed denial-of-service attacks on websites belonging to the County of Santa Cruz, about an hour’s drive south of San Francisco. According to an indictment filed in federal court in San Jose, California, Christoper Doyon and Joshua John Covelli carried out the attacks in retribution for the enforcement of a law that prohibited the overnight camping within the Santa Cruz city limits. The December 2 DDoS assault took the website offline, prosecutors said.

Covelli, 26, of Fairborn, Ohio, was one of 13 people previously charged with participating in the Anonymous-organized DDoS of PayPal in December. His next court appearance is scheduled for November 1.

Christopher Doyon, 47, of Mountain View, California, and Covelli, allegedly were members of the People’s Liberation Front, another Anonymous splinter group. They allegedly used the High Orbit Ion Cannon to bombard the Santa Cruz County servers with more traffic than they could handle, causing damages exceeding $5,000.

In the past few months, dozens of people in North America and Europe have been snared in a trans-Atlantic investigation into a string of attacks attributed to LulzSec and Anonymous. Earlier this month, UK police charged three men and a 17-year-old for various computer offenses, including DDoS attacks in December on PayPal, Amazon, MasterCard, Bank of America, and Visa.

In July, US authorities charged 13 people with participating in the same DDoS campaign, which was waged to punish companies for refusing to process donations to WikiLeaks. Additional arrests have taken place in Spain, the Netherlands, and elsewhere.

Over the past 18 months, Anonymous and its offshoots have engaged in a DDoS and hacking spree that’s also hit the Public Broadcasting System, Arizona law enforcement officers and others.

If convicted, Kretsinger facest a maximul sentence of 15 years in prison. Doyon and Covelli face as much as 15 years. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/22/anonymous_arrests/

Federal prosecutors filed charges against three men accused of carrying out website attacks as part of an extended campaign linked to the Anonymous hacking crew.

Cody Kretsinger, 23, of Phoenix was accused of participating in a hack of the Sony Pictures website that exposed the names, email addresses, and passwords of thousands of consumers. He was arrested Thursday morning on charges of conspiracy and the unauthorized impairment of a protected computer. He was scheduled to appear in federal court later in the day.

According to an indictment unsealed in Los Angeles federal court after his arrest, Kretsinger was a member of LulzSec, which is said to be a splinter group of Anonymous. The document alleged that from May 27 to June 2, he and his colleagues made “tens of thousands of requests for confidential data” using SQL injection techniques, which pass powerful database commands to a website’s backend system by including them in search boxes and other input fields of poorly secured websites.

Once the gang obtained the data, they posted it online and bragged about the exploit over Twitter, prosecutors said. To cover his tracks, Kretsinger allegedly used the hidemyass.com proxy service, and he completely wiped his hard drive afterward.

Kretsinger’s arrest came the same day that federal officials charged two men with participating in distributed denial-of-service attacks on websites belonging to the County of Santa Cruz, about an hour’s drive south of San Francisco. According to an indictment filed in federal court in San Jose, California, Christoper Doyon and Joshua John Covelli carried out the attacks in retribution for the enforcement of a law that prohibited the overnight camping within the Santa Cruz city limits. The December 2 DDoS assault took the website offline, prosecutors said.

Covelli, 26, of Fairborn, Ohio, was one of 13 people previously charged with participating in the Anonymous-organized DDoS of PayPal in December. His next court appearance is scheduled for November 1.

Christopher Doyon, 47, of Mountain View, California, and Covelli, allegedly were members of the People’s Liberation Front, another Anonymous splinter group. They allegedly used the High Orbit Ion Cannon to bombard the Santa Cruz County servers with more traffic than they could handle, causing damages exceeding $5,000.

In the past few months, dozens of people in North America and Europe have been snared in a trans-Atlantic investigation into a string of attacks attributed to LulzSec and Anonymous. Earlier this month, UK police charged three men and a 17-year-old for various computer offenses, including DDoS attacks in December on PayPal, Amazon, MasterCard, Bank of America, and Visa.

In July, US authorities charged 13 people with participating in the same DDoS campaign, which was waged to punish companies for refusing to process donations to WikiLeaks. Additional arrests have taken place in Spain, the Netherlands, and elsewhere.

Over the past 18 months, Anonymous and its offshoots have engaged in a DDoS and hacking spree that’s also hit the Public Broadcasting System, Arizona law enforcement officers and others.

If convicted, Kretsinger facest a maximul sentence of 15 years in prison. Doyon and Covelli face as much as 15 years. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/22/anonymous_arrests/

Federal prosecutors filed charges against three men accused of carrying out website attacks as part of an extended campaign linked to the Anonymous hacking crew.

Cody Kretsinger, 23, of Phoenix was accused of participating in a hack of the Sony Pictures website that exposed the names, email addresses, and passwords of thousands of consumers. He was arrested Thursday morning on charges of conspiracy and the unauthorized impairment of a protected computer. He was scheduled to appear in federal court later in the day.

According to an indictment unsealed in Los Angeles federal court after his arrest, Kretsinger was a member of LulzSec, which is said to be a splinter group of Anonymous. The document alleged that from May 27 to June 2, he and his colleagues made “tens of thousands of requests for confidential data” using SQL injection techniques, which pass powerful database commands to a website’s backend system by including them in search boxes and other input fields of poorly secured websites.

Once the gang obtained the data, they posted it online and bragged about the exploit over Twitter, prosecutors said. To cover his tracks, Kretsinger allegedly used the hidemyass.com proxy service, and he completely wiped his hard drive afterward.

Kretsinger’s arrest came the same day that federal officials charged two men with participating in distributed denial-of-service attacks on websites belonging to the County of Santa Cruz, about an hour’s drive south of San Francisco. According to an indictment filed in federal court in San Jose, California, Christoper Doyon and Joshua John Covelli carried out the attacks in retribution for the enforcement of a law that prohibited the overnight camping within the Santa Cruz city limits. The December 2 DDoS assault took the website offline, prosecutors said.

Covelli, 26, of Fairborn, Ohio, was one of 13 people previously charged with participating in the Anonymous-organized DDoS of PayPal in December. His next court appearance is scheduled for November 1.

Christopher Doyon, 47, of Mountain View, California, and Covelli, allegedly were members of the People’s Liberation Front, another Anonymous splinter group. They allegedly used the High Orbit Ion Cannon to bombard the Santa Cruz County servers with more traffic than they could handle, causing damages exceeding $5,000.

In the past few months, dozens of people in North America and Europe have been snared in a trans-Atlantic investigation into a string of attacks attributed to LulzSec and Anonymous. Earlier this month, UK police charged three men and a 17-year-old for various computer offenses, including DDoS attacks in December on PayPal, Amazon, MasterCard, Bank of America, and Visa.

In July, US authorities charged 13 people with participating in the same DDoS campaign, which was waged to punish companies for refusing to process donations to WikiLeaks. Additional arrests have taken place in Spain, the Netherlands, and elsewhere.

Over the past 18 months, Anonymous and its offshoots have engaged in a DDoS and hacking spree that’s also hit the Public Broadcasting System, Arizona law enforcement officers and others.

If convicted, Kretsinger facest a maximul sentence of 15 years in prison. Doyon and Covelli face as much as 15 years. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/22/anonymous_arrests/

Microsoft lawyers have sealed their victory over the operators of what was once the world’s biggest source of spam after winning a court case giving them permanent control over the IP addresses and servers used to host the Rustock botnet.

The seizure was completed earlier this month when a federal judge in Washington state awarded Microsoft summary judgement in its novel campaign against Rustock, which at its height enslaved about 1.6 million PCs and sent 30 billion spam messages per day. The complex legal action ensured that IP addresses and more than two dozen servers for Rustock were seized simultaneously to prevent the operators from regrouping.

Now the attorneys are turning over the evidence obtained in the case to the FBI in hopes that the Rustock operators can be tracked down and prosecuted. Microsoft has already offered a $250,000 bounty for information leading to their conviction. It has also turned up the pressure by placing ads in Moscow newspapers to satisfy legal requirements that defendants be given notice of the pending lawsuit.

According to court documents (PDF), the Rustock ringleader is a Russian citizen who used the online handle Cosma2k to buy IP addresses that hosted many of the Rustock command and control servers. Microsoft investigators claimed the individual distributed malware and was involved in illegal spam pitching pharmaceutical drugs.

“This suggests that ‘Cosma2k’ is directly responsible for the botnet as a whole, such that the botnet code itself bore part of this person’s online nickname,” the Microsoft motion stated.

In a blog post published Thursday, Microsoft said the number of PCs still infected by Rustock malware continued to drop. As of last week, a fewer than 422,000 PCs reported to the seized IP addresses, almost a 74 percent decline from late March. It also represented significant progress since June, when almost 703,000 computers were observed.

The Rustock takedown has been a rare bright spot in the ongoing fight against computer crime. After it was initiated, federal authorities waged a similar campaign against Coreflood, another notorious botnet estimated to have infected 2 million PCs since 2002. In a step never before taken in the US, federal prosecutors obtained a court order allowing them to set up a substitute command and control server that forces infected machines to temporarily stop running the underlying malware.

In June prosecutors declared victory in the case.

Taking down botnets is a good start, but it does little stop criminals from setting up new ones. Microsoft’s determination in tracking down Cosma2k and his cronies could go a step further, by showing would-be botherders there are consequences to their crimes, no matter where in the world they may be located. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/22/microsoft_refers_rustock_to_fbi/

Security researchers at Trend Micro have discovered a sophisticated cyberspy network geared towards attacking systems in Russia and neighbouring countries.

Cyberespionage efforts against either human rights activists or high-tech Western firms have been going on for a few years. Examples include the Operation Aurora attacks against Google and more recent attempts to hack into the networks of defence contractors such as Lockheed Martin and Mitsubishi Heavy Industries.

Many of these attacks are blamed on China, an accusation the country routinely denies, in part by arguing that it is a victim rather than a perpetrator of such attacks.

The so-called Lurid attacks identified by Trend Micro have hit 47 victims including diplomatic missions, government ministries, space-related government agencies and other companies and research institutions in 61 different countries. But what really sets the attacks apart is that most of the victims are in Russia, Kazakhstan and Vietnam instead of the US or Western Europe. Curiously the common servers running the attack are located in the UK and US.

The Lurid Downloader (AKA Enfal Trojans) that features in the attack has previously been used against Western victims and the Tibetan community. This time around the malware is been pushed towards potential victims using either booby-trapped Adobe files or .RAR archive files containing Trojan code that poses as a screensaver. The attack relies of well-known vulnerabilities, one of which dates back to 2009, rather than zero-day attacks.

Infected systems phone home to command-and-control servers and upload particular documents and spreadsheets. Although Trend does not have access to the contents of files, it has determined the type of data beamed back to base in the more than 1,400 files extracted in the attacks.

“Although our research didn’t reveal precisely which data was being targeted by the attackers, we were able to determine that, in some cases, they attempted to steal specific documents and spreadsheets,” writes Trend Micro researcher Nart Villeneuve.

Rik Ferguson, director of security research communication EMEA at Trend Micro, told El Reg that some of the affected sites used Trend Micro’s technology, which helped detect the attack. subsequent detective work led researchers back to two command and control servers, hosted by different ISPs (one in the US and one in the UK). Beyond saying the attack was likely to be motivated by cyberespionage, rather than profit, Ferguson was reluctant to speculate on who might be behind the attack or their motives. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/22/russia_cyberespionage_attack/

Exclusive Leading UK ISPs are now privately agreed on the principle of restricting access to websites in response to hastily obtained court orders, according to sources close to discussions that took place in Westminster this week. The shift follows the landmark Newzbin2 ruling in July, which affirmed the responsibility ISPs have to enforce copyright laws.

However, the structure and processes acceptable to both ISPs and creative industries have yet to be tabled, and significant concerns remain in the Internet industry over legal issues and costs.

Rights-holders reacted a little more positively, pointing to the acknowledgement of greater responsibility, lower costs and speedier access to justice than offered by current legal processes. Although one source was cautious:

“Don’t expect a signing ceremony or even a public announcement, it’s going to be more of a voluntary solution through accretion,” he told us.

The change of heart was evident at the latest in a series of regular industry discussions chaired by Culture Minister Ed Vaizey on Monday this week, according to multiple sources familiar with the discussions. It’s the latest in a series of meetings designed to produce a self-regulatory substitute for the Digital Economy Act’s Section 17 and 18 web-blocking powers. The government has said it won’t implement these, but wants ISPs and creative industries to devise a replacement acceptable to both. This was the first meeting since June, and also the first since the Newzbin2 ruling.

June saw a voluntary plan floated (and leaked), which saw strong opposition in BT, the defendant in the Newzbin2 case. This has now been sidelined. Instead, ISPs will still demand a court order but work on an expedited process. Fighting Newzbin2 cost Hollywood studios an estimated £1m and took 18 months – and that’s the heart of the dispute. Copyright enforcement options today are expensive and impractical. Reports that ISPs will be asked to turn around court orders in an hour, however, are inaccurate, according to multiple insiders. But ISPs will respond to court orders that have been processed more quickly.

“ISPs have had to acknowledge that being a mere conduit is not an absolute defence,” said one industry representative.

While conceding the main issue, ISPs privately point to several positives for service providers: they’ll respond to court orders on a per-site basis, rather than lists of sites, and believe fewer pirate sites will be requested by rights-holders.

Industry association ISPA told us it was concerned about the costs of setting up the blocking solutions on smaller ISPs.

That leaves much of the detail to be decided. One is the nature of the “evidence test” a court will need to block access.

And at least two sources on different sides of the talks agree, glumly, that we may see more litigation before a voluntary self-regulation concord takes effect.

Vaizey held a second meeting on the subject of site-blocking on Tuesday, an open meeting attended by anti-copyright groups including The Pirate Party and the Open Rights Group, and blogger activists.

Yet there’s little mistaking the direction talks are taking. By opposing every single copyright enforcement measure ever proposed – and there have been some quite insane proposals – activists have only accelerated the marginalisation of what may be quite rational objections.

Bootnote

One objection raised was that small UK web businesses “would need weekend cover” under a less Pirate-friendly copyright enforcement regime.

So Shoreditch entrepreneurs don’t work at weekends, then? As a small UK web business here at El Reg we can affirm nothing ever happens to websites between Friday night and Monday morning.. Phew. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/22/isp_web_blocking/

Bargain-basement cybercrooks have begun selling a cut-price botnet tool on underground forums for just €10 or less a pop.

The so-called Aldi Bot is a functional botnet builder that requires minimal configuration beyond entering the name of a command-and-control server, which comes with the tool. The malware – which was possibly named for the discount supermarket, although of course it has no connection to the German chain – is capable of extracting saved passwords from the browser cache of compromised machines.

Aldi Bot, whose code appears based on the recently leaked ZeuS source code, is also capable of running distributed denial of service attacks on targeted websites, according to an analysis of the tool by anti-virus firm G Data. Compromised machines might also be used as a proxy for anonymous surfing. As such the tool might be employed by perverts hunting for child abuse images on the net.

Getting the malware onto machines would require setting up bobby-trapped websites or similar trickery, such as distributing emails with infectious attachments. Most antivirus tools already detect Aldi Bot, which first appeared on underground forums late last month. The basic package does include instant messaging support. Shortly after launching the sale the author of the bot dropped his prices even further from €10 to €5. By comparison, licences for the admittedly far more sophisticated and functional ZeuS variants used to set you back thousands of dollars.

The seller punting the tool explains its low, low prices by saying he’s not in it for the money, adding that he wants to offer a “people’s bot” to the masses. Acceptable payment methods include Paysafecard and Ukash.

A video posted by the author shows attacks on a website maintained by the German police. These and other factors suggest that the seller may be a German hacker who wants virus distribution to retail at little more than the cost of a pint of beer.

More details on the malware can be found in a write-up by G Data here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/22/aldi_bot/

A US military satellite is to be fitted with equipment which will enable it to detect hostile action and inform ground controllers what’s going on, according to reports.

In space, nobody can hear your victim scream … yet

Lieutenant General Ellen Pawlikowski of the US Air Force told reporters including those of Aviation Week on Wednesday that a classified satellite is now planned to go into space equipped with a Self-Awareness Space Situational Awareness (SASSA) package, kit which the Pentagon has been working on for some time.

The US military and intelligence agencies operate a mighty fleet of spacecraft, with missions ranging from navigation and timing like the well-known GPS constellation – which makes almost all satnavs and a surprising amount of other Earthbound civilian electronics work, as well as guiding missiles etc – to blacker-than-black top secret spying and surveillance.

Most of these satellites, while in touch with ground control stations some or all of the time, have no sensors which would let them know if they were being meddled with or attacked – and this is a real possibility as more nations acquire space capabilities or groundbased gear such as jammers or lasers which can reach into space. As things stand, a satellite could simply go offline for a while or permanently, and its controllers would never know what happened to it.

That’s where SASSA and various other US military space hardware comes in. SASSA itself would let a satellite know if it was being jammed, blinded or scrambled: other, dedicated spacecraft would be able to watch events in Earth orbit and perhaps detect or monitor sneaky anti-satellite operations involving actual intercepts and collisions.

It would seem the idea is not so much to mount any particular defence or retaliation against hostile anti-satellite efforts, but rather to establish clearly who is behind them. As action against another nation’s spacecraft is a massive no-no under international convention, it is usually only worth doing if one can be sure that nobody will be sure who did it (or even sure that any action took place, perhaps).

SASSA and such efforts would seem to mean that attacks on US satellites will soon be much less deniable: which is, perhaps, why we are being told about them in advance. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/09/22/sassa_to_fly/