STE WILLIAMS

WikiLeaks – and Julian Assange – could get caught up in the investigation into the LulzSec takedown saga because it published the internal emails of Stratfor, the private global intelligence firm that was attacked by Anonymous hackers, it has emerged.

A warrant authorising the arrest of the prime suspect in the Stratfor raid revealed that an FBI supergrass persuaded hackers to use a server controlled by the feds to store the emails.

Whistle-blowing site WikiLeaks began publishing emails from the intelligence biz last month to show “how a private intelligence agency works, and how they target individuals for their corporate and government clients”.

The site refuses to explain how it came by the “Global Intelligence Files” but the dates covered by the emails – from July 2004 to late December 2011 – are consistent with the hacktivists’ ransacking of Stratfor back in December as part of a high-profile and much publicised cyber-assault.

Hackers made off with email spools and credit card information from Stratfor’s insecure systems.

Responding to WikiLeaks’ release, the so-called GIFiles, George Friedman, founder and chief exec of Stratfor, suggested some of the emails might be forgeries while admitting others could be accurate. He alleged that the Anonymous attack was the source of the information:

As most of you know, in December thieves hacked into Stratfor data systems and stole a large number of company emails, as well as private information of Stratfor subscribers and friends. Today WikiLeaks is publishing the emails that were stolen in December. This is a deplorable, unfortunate – and illegal – breach of privacy.

Some of the emails may be forged or altered to include inaccuracies. Some may be authentic. We will not validate either, nor will we explain the thinking that went into them. Having had our property stolen, we will not be victimized twice by submitting to questions about them.

Jeremy Hammond, 27, of Chicago, Illinois, was arrested and charged with access device fraud and hacking offences on Monday night. Hammond, alleged to go by the name of Anarchaos, is suspected of being involved in December’s Anonymous hack on Stratfor. His arrest came after Hector Xavier Monsegur, 28, accused of being LulzSec kingpin Sabu, was outed as an FBI informant since the time of his arrest in New York last June.

Monsegur was instrumental in leading federal investigators to Hammond, a 34-page criminal complaint prepared to authorise a raid on his house reveals.

The 27-year-old trusted Monsegur and, it is alleged, let slip that he had been collared for protesting at the Republican National Convention in New York City in 2004 and an offhand remark that his pals had been arrested at a climate change protest called Midwest Rising earlier this year.

These schoolboy mistakes and others like them allowed disparate online handles to be linked to one identity for investigators to target.

A week-long surveillance operation was then initiated on 28 February that included monitoring of his movements and a tap on his wireless internet connection to log websites Hammond visited. It turned out Hammond frequently went online using the Tor anonymisation service. Meanwhile Monsegur continued to help investigators by noting when Anarchaos went on and offline and correlating it with Hammond’s movements.

Hammond was already on a long list of potential suspects because of his 2005 conviction for hacking into a “politically conservative website and stealing its computer database, including credit card information”. He never made the mistake of revealing his real IP address when he logged into a chat server, the error that reportedly undid Monsegur, but he let slip enough information for the feds to latch onto his alleged identity as an Anonymous hacktivist anyway.

Next page: The days before the Stratfor hack

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/08/strafor_anon_arrest_analysis/

Italian hackers affiliated with hacktivist collective Anonymous pushed the Vatican’s website offline last night. The hack was in “retribution” for the child abuse scandals in the Catholic Church and Vatican-endorsed acts going back thousands of years, the group claimed in a message.

A Jesuit father confirmed to the The Catholic News that the Vatican and the Vatican’s news service L’Osservatore had been offline for several hours yesterday mid-afternoon. The sites were temporarily redirecting to other sites carrying a message from Anonymous, Italian newspapers said. Both sites are now back up and functioning.

The DDoS attack was accompanied by a a list of historical grievances, now on paste-bin, explaining that the DDoS hit was retribution for the Holy See’s ideological stance on abortion, condoms, its tax status in modern Italy as well as its acts “through the ages” – including burning books, executing its enemies and selling indulgences.

The Vatican takedown looks to be part of a wave of attacks that followed the arrest of LulzSec members in Britain, Ireland and America. Spanish security firm PANDA were also hit on Tuesday night.

The Vatican was hit by a WikiLeaks style scandal a month ago, where high-level internal documents were leaked to the press.

We’ve asked the Osservatore for a statement. Sadly The Register is not accredited with the Vatican press office. The last update on the Vatican Information Service – from yesterday – only expounds on the theory that Silence is Indispensable for Prayer. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/08/anonymous_italy_hit_vatican/

Security researchers are appealing for help after discovering that part of the Duqu Trojan was written in an unknown programming language.

Duqu is a sophisticated Trojan reckoned to have been created by the same group behind the infamous Stuxnet worm. While the finely tuned Stuxnet worm was designed to home in on specific industrial control systems – namely systems controlling high-speed centrifuges used by Iran’s controversial nuclear enrichment plants – Duqu was created to fulfil the slightly different role of a backdoor where intruders could slip into SCADA-based systems and nick confidential information.

Securo-boffins at Kaspersky Lab have discovered during their research that Duqu uses the mystery code to communicate with its Command and Control (CC) servers once it infects a compromised machine. Researchers at the Russian anti-virus firm have named this unknown section the “Duqu Framework”.

Unlike the rest of Duqu, the Duqu Framework is not written in C++ and it’s not compiled with Microsoft’s Visual C++ 2008. The Kaspersky research team has gone some way in unravelling the mystery language used by the Duqu Framework, but still needs addition help. So far, the researchers have worked out what the mystery code does, but are still mostly in the dark about the grammar and syntax of the programming language, they said.

Kaspersky Lab researchers explained:

It is possible that its authors used an in-house framework to generate intermediary C code, or they used another completely different programming language. However, Kaspersky Lab researchers have confirmed that the language is object-oriented and performs its own set of related activities that are suitable for network applications.

The language in the Duqu Framework is highly specialised. It enables the Payload DLL to operate independently of the other Duqu modules and connects it to its dedicated CC through several paths, including Windows HTTP, network sockets and proxy servers. It also allows the Payload DLL to process HTTP server requests from the CC directly, stealthily transmit copies of stolen information from the infected machine to the CC and even distribute additional malicious payload to other machines on the network, creating a controlled and discreet form of spreading infections to other computers.

Having gone as probably as far as they can, Kaspersky Lab is appealing to the programming community for support in analysing the mystery language used to build the malware. It wants to hear from coders who recognise either a framework, toolkit or a programming language that can generate similar code.

The creation of a dedicated programming language to construct the communications module shows how skilled the developers were, as well as providing evidence that significant financial resources were ploughed into developing the Duqu Trojan project.

“Given the size of the Duqu project, it’s possible that an entirely different team was responsible for creating the Duqu Framework as opposed to the team that created the drivers and wrote the system infection exploits,” explained Alexander Gostev, chief security expert at Kaspersky Lab. “With the extremely high level of customisation and exclusivity that the programming language was created with, it is also possible that it was made not only to prevent external parties from understanding the cyber-espionage operation and the interactions with the CCs, but also to keep it separate from other internal Duqu teams who were responsible for writing the additional parts of the malicious program.”

Duqu was first detected in September 2011, but Kaspersky Lab reckons the first trace of Duqu-related malware dates all the way back to August 2007. The Russian security firm has logged more than a dozen incidents of Duqu infection, with the vast majority of victims located in Iran.

More details about the Duqu Trojan and its mystery communications modules can be found on Securelist, Kaspersky Lab’s research site, here. Researchers at Kaspersky, which has carried out a great deal of top-notch analysis work on the topic, were the first to find the “smoking code” linking Stuxnet and Duqu. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/08/duqu_trojan_mystery_code_riddle/

The People’s Liberation Army is actively arming and developing its soldiers with advanced information warfare capabilities which would represent a “genuine risk” to US military operations in the event of a conflict, a new report has alleged.

Contractor Northrop Grumman’s detailed 136-page report (PDF) for the US government on the cyber threat posed by China was released on Thursday.

The contractor asserts that the People’s Republic has come to believe that information warfare (IW) and computer network operations (CNO) are a vital part of any military operation and are integrating them with traditional components under a framework known as “information confrontation”.

It argues that the Chinese military is constantly evaluating US command and control infrastructure and will therefore likely “target these system with both electronic countermeasures weapons and network attack and exploitation tools” in the event of a conflict.

As Chinese capabilities in joint operations and IW strengthen, the ability to employ them effectively as either deterrence tools or true offensive weapons capable of degrading the military capabilities of technologically advanced nations or hold these nations’ critical infrastructure at risk in ways heretofore not possible for China will present US leaders and the leaders of allied nations with a more complex risk calculus when evaluating decisions to intervene in Chinese initiated conflicts such as aggression against Taiwan or other nations in the Western Pacific region.

The report also reveals the extent to which China’s military relies on academia and the commercial IT sector to boost RD efforts; according to the contractor, 50 state universities are receiving grants to help them carry out information security and warfare research.

Huawei, ZTE and Datang are also all named in the report as having close collaborative ties with the PLA, with the former named as an “advanced source of technology” for the military.

Rather than isolate certain state owned IT firms as exclusively “defense” in orientation, the PLA, often operating through its extensive base of RD institutes, alternately collaborates with China’s civilian IT companies and universities and benefits as a customer of nominally civilian products and RD. The military benefits because it receives the access to cutting edge research. This work is often carried out by Chinese commercial firms with legitimate foreign partners supplying critical technology and often sharing the cost of the RD.

A secondary benefit to the PLA of this strategy is the ready access to the latest commercial off-the-shelf (COTS) telecommunications technology brought in by China’s access to the foreign joint ventures and international commercial markets.

The report goes on to warn that joint ventures of the Symantec Huawei type could lead to a risk of intellectual property theft and long-term erosion of competitiveness for Western firms.

The close relationship between China’s large multinational telecoms and hardware-makers and the PLA also creates a potential for state-sponsored or directed attacks against the supply chain for equipment used by military, government and private industry, the report warns.

This is, of course, all territory we’ve visited before, with the US House of Representatives already investigating (PDF) the national security risk posed by the likes of Huawei and ZTE, although the report should get more than a cursory read in Washington, given its author and the amount of detail it goes into.

Huawei in particular has come in for a huge amount of scrutiny, given president and CEO Ren Zhengfei served in the People’s Liberation Army while a US intelligence report last year tied chairwoman Yun Safang to the mysterious Ministry of State Security.

The firm was even forced to walk away from a proposed acquisition of server biz 3Leaf after pressure from the United States government.

It’s also interesting to compare the current Northrop Grumman report with its 2009 predecessor (PDF), which was much more circumspect about the role of academia and especially commercial technology enterprise in China’s military affairs.

These reports focus entirely on the threat posed by China, of course, so there is no mention of the fact that the US, UK and other nations obviously have their own offensive and defensive cyber warfare strategies.

The UK coalition takes this sort of thing particularly seriously, having upgraded cyber attacks to a tier-one threat, and in its Cyber Security Strategy released in November 2011 explained that GCHQ would be receiving more funds to help it detect attacks and counter-attack.

The document also revealed a new Cyber Defence Operations Group would be installed at the Ministry of Defence from next month. Overseen by Air Marshall Sir Stuart Peach, head of the new Joint Forces Command, the group will have a mission to develop “new tactics, techniques and plans to develop military cyber capabilities”.

For its part, China has always vehemently denied any allegations that it is involved in state-sponsored hacking, most notably last June when the Chinese ambassador told attendees at the Worldwide Cybersecurity Summit that the country was fully supportive of the fight against cyber crime.

It has been a little more reticent in explaining developments in the military, however. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/08/northrop_grumman_china_pla/

Analysis The man named by the FBI as infamous hacktivist Sabu was undone by an embarrassing security blunder, it has emerged.

The alleged LulzSec kingpin eventually copped to a battery of hacking charges last August and was reported to have been “co-operating” with the FBI in the months leading up to yesterday’s arrests.

Police locked onto Hector Xavier Monsegur, an unemployed 28-year-old from New York – allegedly LulzSec hacktivist supremo Sabu – after he apparently made the mistake of logging into an IRC chat server without using the Tor anonymisation service¹.

According to Robert Graham of Errata Security Monsegur exposed his IP address, which allowed federal investigators to request records from ISPs and track down his location to a flat shared with his two sons on Manhattan’s Lower East Side.

“They caught him because just once, he logged onto IRC without going through Tor, revealing to the FBI his IP address,” Graham claims. “This reveals a little bit about the FBI, namely that they’ve infiltrated enough of the popular IRC relays to be able to get people’s IP addresses. We’ve always suspected they could, now we know.”

It’s unclear precisely when investigators identified Monsegur as a prime suspect in the case. However by early June separate digital sleuthing by various parties – most notably @backtracesec and purported ex-military anti-WikiLeaks hacker The Jester (th3j35t3r) – led to the public fingering of Monsegur as Sabu.

Monsegur was NOT the only person named as Sabu². The Jester previously named (he later apologised for his error) an innocent Portuguese web designer as a suspect, for example. Pastebin has been full of various documents giving multiple “identities” and background details for supposed members of LulzSec and Anonymous for months.

However the fact that Monsegur was named at all caused investigators to fear he would destroy evidence if they failed to act quickly. The Puerto Rican immigrant’s flat was raided on 7 June last year.

Fox News reports that agents had already obtained a warrant to pull Monsegur’s Facebook file, and said they found evidence that the suspect had traded credit card numbers with other hackers. This was enough to execute a warrant to seize equipment and arrest Monsegur.

The report said investigators had coerced the unemployed dad into co-operating by threatening him with two years in prison away from his children on the easy-to-prove ID theft charges alone if he failed to turn informant on the rest of the LulzSec crew. The feds also persuaded him to turn over the encryption keys on his battered laptop, allowing them to obtain evidence of Monsegur’s “hacking activities”.

“It was because of his kids,” an FBI source told Fox News. “He’d do anything for his kids. He didn’t want to go away to prison and leave them. That’s how we got him.”

Monsegur was bailed on the identity theft charges and returned home after agreeing to act as an informant against his erstwhile hacktivist colleagues, officials told Fox News. Neither his family nor his “brothers” in Anonymous and LulzSec were left any the wiser that he was then working as a co-operating witness, his “handlers” said.

Sabu’s anti-capitalist rants and brazen boasts continued after Monsegur’s changed status, they said. But a minority – most notably a hacktivist using the handle Virus – suspected he might have been acting as a federal informant around this time.

Virus was suspicious when Sabu disappeared offline for about a week and by his later alleged inducement to hack into Backtrace Security (an outfit tracing members of LulzSec) for money – an offer Virus declined. Virus confronted Sabu with his suspicions that he might be a snitch in a heated exchange, recorded on PasteBin here.

Just a normal New Yorker

These suspicions were isolated and the vast remainder of LulzSec and legions of members of hacktivist collective Anonymous continued to follow Sabu’s lead.

What they didn’t know was that for the last eight months or so, and certainly from the time in mid-August when Monsegur secretly pleaded guilty to a slew of hacking offences, was that the feds had been monitoring exchanges and gathering evidence against them as well as passing on information that was used to minimise the damage caused by some of the planned operations. From mid-August onwards, sources told Fox News, Monsegur allegedly worked almost out of the FBI’s New York City offices almost every day.

Later his handlers allowed him to work using a laptop provided by the FBI while under close 24-hour monitoring and supervision.¹

Monsegur was watched by his federal handlers while maintaining the same habits and online presence, spending between eight and 16 hours a day at his computer and often working through the night. His FBI handlers orchestrated an elaborate disinformation campaign, using the AnonymousSabu Twitter account and interviews with journalists to spread disinformation.

Ironically, the man alleged to be the frontman and chief rabble-rouser for #FuckFBIFridays – a weekly event in the Anonymous calendar – had been cheering on attacks against law enforcement systems from behind an FBI desk, while at the same time working to minimise any damage, the G-men said.

Monsegur reportedly worked with his handlers to mitigate the damage caused by the hack on 70 law enforcement websites in July 2011, minimising the amount of information that came out a month later. The suspect worked with the FBI to inform 300 government, financial and corporate entities in the US and elsewhere of problems of their systems that had come to the attention of hackers, his handlers said.

He also apparently fact-checked boastful claims frequently made by hacktivists who, as before, continued to come to Sabu with plans for operations, the FBI said.

On one occasion, at the behest of his FBI handlers, Monsegur successfully ordered the end of a DDoS attack against the CIA. “You’re knocking over a bee’s nest,” he warned his associates. “Stop.”

He then allegedly helped the FBI track down and gather evidence against his hacking associates, information that only became public with the unsealing of his indictment [PDF] and the arrest of suspected hacktivists in the US, Ireland and the UK on Tuesday.

Monsegur adapted to his new status to the point that he reportedly attempted to pass himself off as a federal agent when he was collared by New York city cops last month, Gawker reports.

Next page: How Monsegur’s role became public

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/07/lulzsec_takedown_analysis/

Updated: In a predictable backlash against the sweep that has netted suspected LulzSec members in America and Europe, Anonymous has defaced some web pages of the security firm Panda Security.

As previously reported by The Register, the arrests turned on the assistance of Hector Xavier Monsegur, known in LulzSec circles as Sabu. Anonymous has added another name-to-blame to the list, accusing Panda Security of helping the FBI by infiltrating chatrooms and message boards.

The promo page, Panda Security’s “Cybercrime Files”, has been defaced with a long statement denouncing Sabu, and accusing the security company of “working with Law Enforcement to lurk and snitch on anonymous activists”.

Panda’s defaced promotional page.

The attackers list a total of 36 of the company’s pages which it says have been defaced, some of which have either been restored or were listed by mistake.

“Anonymous existed before LulzSec and will continue existing,” the post also states.

More seriously, the defaced page – still available at the time of writing – also shows email addresses and passwords apparently obtained in the attack.

The Register also notes that following December’s attack on Stratfor, at least some Anonymous members were suspicious of Sabu, calling him a possible “agent provocateur” in a statement posted on Pastebin.

Update: Panda Security released a statement on its Facebook page about the hack on Wednesday:

On March 6th the hacking group LulzSec, part of Anonymous, obtained access to a Panda Security webserver hosted outside of the Panda Security internal network… The attack did not breach Panda Security’s internal network and neither source code, update servers nor customer data was accessed. We continue investigating the cause of the intrusion and will provide more details as soon as they become available.

®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/07/panda_sec_attacked_by_anon/

Two-thirds of Android anti-malware scanners failed to protect against a range of malware in independent tests.

AV-Test put 41 different virus scanners for Android through their paces. Almost two-thirds of these scanners are not yet suitable for use as reliable products, identifying less than 65 per cent of the 618 types of malware tested.

Packages that detected more than 90 per cent of the Android malware thrown at them included Droid security software from Avast, Dr Web, F-Secure, Ikarus, Kaspersky, Zoner and Lookout.

Products that picked up more than 65 but less than 90 per cent of Android malware included applications from established desktop players (AVG, Bitdefender, ESET, Norton/Symantec, QuickHeal, Trend Micro, Vipre/GFI and Webroot) and a couple of mobile specialists (AegisLab and Super Security).

Android security products from Bullguard, Comodo, G Data, McAfee, NetQin and Total Defense fell into the third range (detection of between 40 to 65 per cent). AV-Test said these products generally provided reliable malware protection against a few families, but fell down elsewhere – probably due to inadequate mobile malware sample collection.

A fourth group of Android security products provided detection rates of less than 40 per cent – basically completely unreliable. These products – none of which came from recognised security vendors – generally failed to react even when smartphone users opened well-known Android Trojan, much less detecting anything amiss during a regular scan.

The findings are of concern because of the growth in malware (largely Trojans) targeting Android devices over the last year or so. Threats for Android smartphones include phishing Trojans, banking Trojans, spyware, bots, SMS fraud Trojans, premium diallers and fake installers.

AV-Test reckons there were more than 11,000 strains of Android malware, a figure that has grown exponentially over recent months. The figure only crossed over the 2,000 mark at the end of October 2011. That’s still a tiny fraction of the 10-million-plus Windows malware strains out there, but Android malware is well on track to exceed the volume of Mac-targeting nasties.

“The popularity of the Android system has led to a huge increase in the distribution of Android malware,” Andreas Marx, chief exec of AV-Test explained. “This malware is mainly distributed in markets operated by third parties, but even the Google Android Market cannot guarantee that all of its listed applications do not contain any threats.”

Malware detection of free and paid-for Android scanners from the same vendor was the same. Paid-for Android security suites tend to bundle extra features beyond a basic anti-malware scanner, such as application permission control.

Even if an Android security package performs badly in malware detection it may be useful in other ways, such as remote lock and wipe, backup and phone locating, as AV-Test points out.

More information on the tests, including charts and results, can be found on AV-Test’s website here.

The latest tests, the results of which were published on Tuesday, are a follow-up on previous less comprehensive tests of Android anti-malware scanners carried out by AV-Test last year. These earlier tests found that many free-of-charge antivirus products failed to protect Android smartphone against malware effectively. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/07/android_anti_malware_tests/

In a predictable backlash against the sweep that has netted suspected LulzSec members in America and Europe, Anonymous has defaced some Web pages of the security firm Panda Security.

As previously reported by The Register, the arrests turned on the assistance of Hector Xavier Monsegur, known in LulzSec circles as Sabu. Anonymous has added another name-to-blame to the list, accusing Panda Security of helping the FBI by infiltrating chat rooms and message boards.

The promo page, Panda Security’s “Cybercrime Files”, has been defaced with a long statement denouncing Sabu, and accusing the security company of “working with Law Enforcement to lurk and snitch on anonymous activists”.

Panda’s defaced promotional page.

The attackers list a total of 36 of the company’s pages which it says have been defaced, some of which have either been restored or were listed by mistake.

“Anonymous existed before LulzSec and will continue existing”, the post also states.

More seriously, the defaced page – still available at the time of writing – also shows e-mail addresses and passwords apparently obtained in the attack.

The Register also notes that following December’s attack on Stratfor, at least some Anonymous members were suspicious of Sabu, calling him a possible “agent provocateur” in a statement posted on Pastebin. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/07/panda_sec_attacked_by_anon/

Suspects purported to be members of LulzSec have been rounded up on two continents. The international law enforcement operation was apparently aided by the infamous hacktivist group’s alleged erstwhile leader, “Sabu”, who secretly pled guilty to a battery of charges last August.

Police arrested three men and charged a further two with conspiracy largely based on a case filed in New York federal court against Hector Xavier Monsegur, the man alleged to be LulzSec’s former leader, who operated under the hacker handle Sabu. The US Attorney’s Office named the following additional suspects in a statement supplied to the Register:

RYAN ACKROYD, a/k/a “kayla,” a/k/a “lol,” a/k/a “lolspoon,” [23, of Doncaster, United Kingdom] JAKE DAVIS, a/k/a “topiary,” a/k/a “atopiary,” [29, of Lerwick, Shetland Islands] DARREN MARTYN, a/k/a “pwnsauce,” a/k/a “raepsauce,” a/k/a “networkkitten,” [25, of Galway, Ireland] and DONNCHA O’CEARRBHAIL, a/k/a “palladium,” [19, of Birr, Ireland] who identified themselves as members of Anonymous, Internet Feds, and/or LulzSec, were charged in an Indictment unsealed today in Manhattan federal court with computer hacking conspiracy involving the hacks of Fox Broadcasting Company, Sony Pictures Entertainment, and the Public Broadcasting Service (“PBS”). O’CEARRBHAIL is also charged in a separate criminal Complaint with intentionally disclosing an unlawfully intercepted wire communication.

“This is devastating to the organisation,” an unnamed FBI official involved with the investigation told FoxNews. “We’re chopping off the head of LulzSec.”

Monsegur, 28, resident in New York City, was arrested by the FBI in June and has apparently acted as an informant against his crew since.

A copy of the indictment against Monsegur is available via krebsonsecurity.com here (PDF). He’s charged with computer hacking, fraud and conspiracy charges stemming from attacks run by both Anonymous and LulzSec against numerous targets. According to the indictment, Monsegur’s role in the alleged hacks was to look for vulnerabilities in websites that were then allegedly exploited either by him or other hackers.

Monsegur pled guilty on August 15, 2011 to three counts of computer hacking conspiracy, five counts of computer hacking, one count of computer hacking in furtherance of fraud, one count of conspiracy to commit access device fraud, one count of conspiracy to commit bank fraud, and one count of aggravated identity theft. He faces a maximum sentence of 124 years and six months in prison, according to the US Attorney.

A fifth suspect, Jeremy Hammond (alleged to be Anarchaos), of Chicago has been arrested under a separate indictment.

Hammond, who has been arrested on access device fraud and hacking charges, is suspected of involvement in the December Anonymous hack on security intelligence outfit Stratfor.

Davis from Shetland, Scotland was arrested by British police last July and already faces computer hacking offences. The arrest followed weeks after the arrest of Ryan Cleary, a 19-year-old from Essex, who allegedly ran an IRC channel used by LulzSec. UK police also arrested a 16-year-old alleged hacker last July, who can’t be named for legal reasons.

Garda Síochána (Irish police) told the Register they had arrested one adult man in his late teens on Tuesday morning and he’s been taken taken to a Dublin police station for questioning. The suspect was arrested under Section 4 of the Criminal Justice Act, a section of the Irish penal code that covers serious offences such as fraud.

According to the US Attorney:

O’CEARRBHAIL hacked into the personal email account of an officer with Ireland’s national police service, the An Garda Siochana (the “Garda”). Because the Garda officer had forwarded work emails to a personal account, O’CEARRBHAIL learned information about how to access a conference call that the Garda, the FBI, and other law enforcement agencies were planning to hold on January 17, 2012, regarding international investigations of Anonymous and other hacking groups. O’CEARRBHAIL then accessed and secretly recorded the January 17 international law enforcement conference call, and then disseminated the illegally-obtained recording to others.

LulzSec began as a splinter group of Anonymous prior to mounting scores of high-profile hacks over as a seven-week period before disbanding in late June last year. Its targets included HB Gary Federal; defence contractors; police departments; FBI-affiliated security firms; the CIA, the US Senate; online gaming operations, including EVE Online; and corporations including Fox, News Corporation, Sony and many others. Tactics included website defacement and hacking followed by the public release of information housed on insecure systems – including email spools in the case of HB Gary Federal – and occasionally denial of service attacks.

After disbanding, the group returned to the Anonymous fold, most notably taking part in OpAntiSec exercises designed to expose the shortcomings of white-hat security firms as well as operations in support of the Occupy movement, in support of the Arab Spring protests in the Middle East, and in support of WikiLeaks.

The US Attorney’s statement can now be read in pdf here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/06/lulzsec/

Adobe has released an out-of-schedule upgrade for its Flash Player software that tackles two serious vulnerabilities.

The cross-platform update is suitable for users of Windows, Mac OS X, Linux and Solaris. Android punters also need to patch their smartphones to guard against possible attack.

The two flaws involve a memory corruption vulnerability in Matrix3D that could lead to malicious code execution, and a lesser information disclosure vulnerability that stems from integer-handling errors in Flash Player. Both flaws were discovered by security researchers at Google.

There’s no evidence that either of the bugs have been exploited, but Adobe’s decision to release the security patches now, rather than waiting for its next monthly update cycle to come along, indicates that it would be foolish to discount the importance of the flaws simply because they haven’t been weaponised.

Vulnerabilities in Adobe Flash, Acrobat and Java have joined traditional holes in browsers as prime targets for malware-pedlars and hackers.

Users need to upgrade to version 11.1.102.63 of Flash Player. This software is bundled in the latest version of Google Chrome. The software is also available direct from Adobe, as explained in a security alert here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/03/06/adobe_flash_security_update/