STE WILLIAMS

Anonymous hunts neo-Nazis with WikiLeaks-style site

• 
• 
• 
• 

Loads of alleged donors, right-wing players to send those pizzas to

By John Leyden • Get more from this author

Posted in Bootnotes, 4th January 2012 12:23 GMT

Free whitepaper – Low-latency switches power in high-frequency trading

Members of Anonymous have re-doubled their offensive against German neo-Nazis.

The hacktivists of Operation Blitzkrieg this week launched a WikiLeaks-style website that aims to expose members of the far-right National Democratic Party (NPD) and other extremist groups, Der Spiegel reports. Nazi-leaks.net (German) already features a list of alleged donors to the NPD. It also hosts what OpBlitzkrieg claims are internal emails, a list of contact details purported to belong to far-right newspaper subscribers, and customer data allegedly hacked from neo-Nazi online stores.

Some of the data, such as the internal emails, had been previously disclosed, but other information is new. The launch of the site this week represents the latest phase of OpBlitzkrieg, which launched early last year with a string of DDoS attacks.

A representative of the NPD told German newswire DPA that it was considering legal action against nazi-leaks.net. The publishers of right-wing weekly newspaper Junge Freiheit (Young Freedom) have already launched a legal suit against the site’s “anonymous operators”. ®

Free whitepaper – Low-latency switches power in high-frequency trading

• 21 commentsPost a comment

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/04/anon_op_blitzkrieg/

Popular text file sharing service Pastebin.com has returned online following a denial of service attack on Tuesday.

The site, which allows users to anonymously upload (potentially large) documents and share them, has become a favourite resource for hacktivists from Anonymous and elsewhere over recent months. Anonymous uses Pastebin to upload data dumps and to post announcements of planned operations. The site also serves at an internet clipboard for programmers and many other users.

However a quick perusal of the trending pastes on Pastebin suggests the majority of the most widely read posts relate to Anonymous, hacktivism or the Occupy movement.

Pastebin confirmed the attack on Tuesday, via its official Twitter account, but without providing any clues about possible suspects or motives.

“Slowly getting things back under control,” it said. “Sorry for the downtime slow loading site guys, we are doing our best to stop this attack.”

This tweet followed one hour after an earlier update confirming an attack. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/04/pastebin_ddos_recovery/

A Saudi Arabian hacking group claims it has leaked information on up to 400,000 Israelis, including names, addresses and credit card details.

The data dump follows a reported attack on Israeli websites and has already led to fraudulent use of the sensitive info. Credit card biz Isracard said it had issued 6,600 of the 14,000 cards revealed.

However Dov Kotler, chief exec of Isracard, a unit of Bank Hapoalim, said that much of the data is either “incorrect or invalid”, Reuters reports. Only an unspecified percentage of the credit card details released were were actually valid. Even so the lifted data trove has been used to make a number of unauthorised internet purchases.

Kotler said Isracard has blocked transactions on cards that have been exposed, adding that anybody who suffered any losses as a result of the breach will be reimbursed. In the meantime the firm has set up an app on its website so that customers can find out if they are affected, a development that by itself suggests that a substantial number of people have been hit.

Israeli paper Haaretz reports that Israeli credit card companies say leaked list is repetitive and only includes the details of 14,000 Israelis. Much of the data came from a hack on popular sports website One.co.il, it adds.

The data dump was carried out by a member of group-xp, the self-described “largest Wahhabi hacker group of Saudi Arabia”. In a statement accompanying the release, the group said it had already used the stolen credit cards to purchase computing resources, such as VPNs and renting cloud clusters. It released the data partly to put Israeli banks at the expense of issuing new credit cards and partly through a desire a make Israeli-issued credit cards more untrusted globally.

The statement links to a series of files that purport to offer details on 400,000 credit cards. One of these five files is marked “184 working fresh Israeli credit cards”, a tacit admission by the hackers that data in the other files is outdated and therefore high on useless. Other uploaded files claim to offer personal information on more than 22,000 Israeli business people – names, addresses, phone numbers, passwords and so on. Another file purports to offer information on 500 people who donated to “Israeli Zionist Rabbis”. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/04/israel_credit_card_hack_fallout/

Details of the US military’s wish-list for non-lethal devices have been published online and show some interesting new technologies, as well as some more familiar ones that are to be beefed up.

The non-lethal weapons (NLW) book was posted online by researchers at Public Intelligence, and covers both existing weapons currently in use by the US military such as tasers and pepper spray, with new tools that the Pentagon would like to add to their arsenal. Such weaponry is described in the materials as vital for conflict resolution without force, and for winning the “hearts and minds” of the local populace by not leaving chunks of their hearts and minds strewn everywhere.

“In past operations, the effective employment of NLW resolved escalation of force situations,” the document states. “Specifically, the NLW created the right ‘direct effect’ on the personnel/materiel targeted. The use of NLW has also generated positive ‘psychological effects’ on others in the area and helped to contribute to mission accomplishment.”

The Raytheon Active Denial System microwave gun, which heats up the skin of target without (it’s hoped) causing injury, should be upgraded to allow the beam to be used over much longer distances. Ideally the range needs to be such that the device isn’t in potshot distance from small arms fire, although the amount of power required to do this may be prohibitive. The military would also like the units to be smaller and multidirectional.

Also on the list is a Distributed Sound and Light Array (DSLA) which combines lasers, other lighting and acoustics to disable opponents. The system is designed to disorient people, but may cause retinal scarring and ear damage if used at close range.

Existing technologies are planned for upgrades, including a new form of flashbang grenade to be tested next year that will blind people for ten seconds and subject them to a bowel-watering 143 decibels, while remaining “environmentally safe”. A 40mm grenade-launched version of the munition is also in the cards, as is a grenade version of the standard taser that could increase the range of such devices to hundreds of feet.

Current shotgun-fired beanbag rounds are also to have their range improved and have dye markers attached so the recipient of the round can be identified later. Current laser blinding technology will also be beefed up – with a requested range of three kilometers – although the document does say that a pair of reflective goggles would put paid to this device.

Some of the more esoteric devices include the “Subsurface Non-Lethal Engagement-Impulse Swimmer Gun”, which generates a directional, underwater pulsed sound wave that can be used against frogmen trying to sabotage shipping. The device will induce disorientation and nausea in swimmers within a 150m range.

Those weapons still at the conceptual stage include a pulse generator designed to bring down individuals by firing nanosecond electrical pulses at them until they lose muscle control. A similar system is also planned for stopping cars by overloading electrical circuits, and the Pentagon envisages an aircraft-mounted microwave generator that could be used to fry the electronics of shipping, either on the high seas or for landing craft making an assault.

However, the El Reg prize for the most ambitious NLW on the drawing board is the Laser Based Flow Modification system. This will be used against enemy aircraft to get rid of them without killing anyone, by firing lasers at the leading edge of an aircraft’s wing. This will alter the amount of lift generated by the wing and allow the aircraft to be turned away – or at least that’s the theory. We suspect it’d still cause the plane to crash, but for chutzpah it takes some beating. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/04/military_non_lethal_weapons_revealed/

Fujitsu has been commissioned to develop ‘seek and destroy’ malware, reportedly designed to track and disable the sources of cyber-attacks.

The fledgling cyber-weapon is the result of a three-year $2.3 million project that also involved developing tools capable of monitoring and analysing the sources of hacking attacks, The Daily Yomiuri reports. Deploying the technology would involve clearing both practical and legislative hurdles.

Tracing the source of cyber-attacks is notoriously difficult, mainly because attackers routinely hide behind botnets and anonymous proxies to launch attacks, such as denial of service assaults. The malware reportedly developed by Fujitsu is designed to trace connections back to their controlling hosts before disabling them.

Getting this right is a far from trivial process and the potential for collateral damage, even before hackers develop countermeasures, appears to be considerable. Another problem is that, if the tool is ever released, it could fall into the hands of miscreants who might reverse-engineer it before adapting it for their own nefarious purposes.

The malware is reportedly been tested in a “closed network environment”. The tool reportedly has the greatest potential in tracking back the sources of DDoS attacks. Whether it’s any good at the much more difficult process of picking out stealthy industrial espionage-style information-stealing attempts remains unclear.

Japanese law currently prohibits offensive responses in retaliation to cyber-attacks, another potential problem but one that’s easier to resolve perhaps by updating current laws. The current prohibition has more to do with post-Second World War agreements that restrict Japanese military capabilities than local laws against the creation of computer viruses.

Japan is a prime target for cyber-attacks and suffered numerous assaults last year alone. Reported victims include Japan’s parliament and industrial giant Mitsubishi.

The Defense Ministry’s Technical Research and Development Institute is understood to have outsourced the development of the tool to Fujitsu. A Defense Ministry official played down talk of offensive applications for the software and told The Daily Yomiuri that it was designed for applications such as tracing the source of cyber-attacks against Japanese Self-Defense Force systems. However Prof Motohiro Tsuchiya of Keio University, a member of a government panel on information security policy, said Japan ought to accelerate cyber-weapons development.

Fujitsu declined to comment about the supposed cyber-weapon, citing client confidentiality. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/03/japan_cyber_weapon_research/

The website of global intelligence-analysing firm Stratfor remains offline – a week after hacktivists broke into its poorly secured systems and extracted passwords and credit card details.

Members of Anonymous claimed to have broken into the website and slurped 200GB of sensitive information on Christmas Eve. The hackers claim to have made off with tens of thousands of credit card numbers, emails and other details relating to Stratfor’s clients, including login credentials.

Hacktivists boasted that they planned to use the purloined credit card data to make donations to various charities, though whether or not this happened remains unclear.

Samples from the 200GB of lifted data have been leaked online. Subsequent analysis of the login credentials reveals that many were easily guessable passwords and therefore vulnerable to brute-force attacks.

Stratfor has pulled its website in the aftermath of the attack, which has been reported to the police. In place of the usual content the website has been replaced with a holding statement apologising for the cock-up:

As you may know, an unauthorized party illegally obtained and disclosed personally identifiable information and related credit card data of some of our subscribers.

We are currently investigating this unfortunate event and are working diligently to prevent it from ever happening again. As a result, we have delayed restoring our website until we can perform a thorough security review. Stay tuned for our relaunch.

In the meantime, our main concern is the impact on our customers. As a result, we have provided paid subscribers with identity protection coverage from CSID, a leading provider of global identity protection, at our expense for 12 months.

Security firms slammed Stratfor for making schoolboy errors, such as not encrypting its password database.

Commenting on the hack, Check Point’s UK managing director Terry Greer-King said: “It’s not clear exactly how the hackers gained access to the servers, but once they’d breached the perimeter, sensitive business and personal data was unprotected. This made it easy to access and use for illicit purposes.

“It’s another clear lesson that this type of information needs to be encrypted, no matter how strong the organisation believes its perimeter security measures are. Encryption protects critical data against both accidental disclosure and hacking attempts.”

Stratfor clients include the US military as well as banks and other corporations. Reuters reports that hackers have threatened to upload copied mail spools.

This has yet to happen. The exact motives of the attack are unclear, but the fact that Stratfor provides intelligence services for law enforcement, among others, made them target for anti-sec hacktivists, who delight in exposing the security failings of White Hat infosec firms and consultancies. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/03/stratfor_mega_hack/

Telstra, which hasn’t yet gotten over the privacy breach that required 60,000 password resets in December, has suffered another embarrassment involving customer data.

This time, according to Musicfeeds.com.au, the breach involves customer data being posted to a cloud-based spreadsheet service. The site says the data was apparently put on the Editgrid.com site by a consultant in training (apparently and stupidly using live data).

Telstra has said the data was deleted within an hour of the telco becoming aware of the breach, and access to Editgrid.com has been disabled for all staff.

The Sydney Morning Herald today says customers are complaining that they have yet to hear from the Telco, which is already being investigated by the Federal Privacy Commissioner over the earlier breach.

The new data breach includes customers’ contact details and dates of birth, but according to Telstra, no credit information or passwords.

Editgrid appears to be a feast of private information. While the Telstra spreadsheet has been removed, Google has crawled a large number of spreadsheets containing full names, telephone numbers, physical addresses, e-mail details and business information for a host of individuals who probably aren’t aware that their information is published on the site.

Editgrid has been contacted for comment. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/01/telstra_data_on_stupid_insecure_cloud_spreadsheet/

Part Two As mobile sales and connections continued to soar and break records, just how much your phone knows about you and who can see that information were big subjects in 2011.

The long-smouldering issue in the UK of newspaper journos paying private investigators to break into mobile voicemail inboxes in search of scoops finally exploded.

The idea of PIs working for News International hacking into voicemails of people in the public eye had already been investigated. In 2011, however, it was the story that the News of the World had hacked into the voicemail of a murdered schoolgirl, Milly Dowler, that caused a storm. Other claims followed: that the voicemails of relatives of deceased British soldiers, and victims of the 7/7 London bomb attacks, had also been heard. Suddenly it was no longer the rich and famous who were victims. Now it was ordinary people.

The Murdochs appeared before a Parliamentary committee

PM David Cameron launched an inquiry headed by Lord Justice Leveson into phone hacking and the subject of police bribery by the media – a televised affair that has seen and heard from alleged hacking victims who came forward to tell their stories. Cameron’s director of communications Andy Coulson, who had also served as a NotW editor, was also forced to resign and was arrested. He’s now suing NotW‘s publisher, News International.

With advertisers abandoning the aforementioned Sunday tabloid and the political climate turning hostile, News International chief Rupert Murdoch switched to damage-limitation mode. He closed the NotW on 10 July after 168 years, and after standing by former NotW editor Rebekah Brooks, Murdoch he later accepted her resignation as NI chief executive. It wasn’t enough.

Rupert and son James, head of his dad’s UK business and therefore in charge of the NotW, were summoned before a Parliamentary committee on media affairs to give evidence on the hacking claims. There, both men denied they had any knowledge of the practice of phone hacking inside NotW, a remarkable claim given James had signed off hundreds of thousands of pounds in settlements related to hacking and given Rupert’s famously fastidious involvement in the paper’s running. When a News International lawyer challenged James‘ account, Murdoch junior was called back to Parliament for a heated showdown with committee members, but he stood by his claims of knowing nothing.

The fallout hit Rupert’s business plans, too, as he binned his plot to buy the remainder of satellite broadcaster BSkyB.

The relationship of Murdoch and News International to power was also laid bare: a former senior investigator for the independent Information Commissioner – who’d followed up on possible breaches of the Data Protection Act and who came across 17,000 requests for confidential information from journalists in notebooks owned by a private investigator – told Leveson he was told to lay off because the press was “too big” to take on.

Ironically, Scotland Yard officers later reported, in December, that the voicemails deleted on Dowler’s phone – the catalyst for the entire firestorm – were found to have been deleted not by intrusive NotW journos, but by the voicemail system

Ironically, Scotland Yard officers later reported, in December, that the voicemails deleted on Dowler’s phone – the catalyst for the entire firestorm – were found to have been deleted not by intrusive NotW journos, but by the voicemail system itself, which automatically canned messages after a period of 72 hours.

Voicemails weren’t the only weak point on smartphone privacy; the subject of your phone spying on you also became a hot topic.

An Android app developer published what he said was conclusive proof that 141 million smartphones were secretly monitoring the key presses, geographic locations, and received messages of users with a piece of software from Silicon Valley company Carrier IQ.

Next page: Who’s that inside my phone?

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/01/01/reg_review_of_2011_part_two/

The mother of a 10-year-old boy in Coventry has been expressing her shock after a demonstration model of Apple’s iPhone 4S swore at her son.

Kim Le Quesne told the Coventry Telegraph that her son Charlie was out shopping with his father in a local branch of Tesco, saw the handset in a display and asked the Siri personal assistant software how many people there were in the world. The phone replied by telling the lad that it wasn’t sure what he was saying, and telling him to “Shut the f*** up, you ugly t***.”

“It’s verbal abuse,” Mrs Le Quesne said. “We can’t believe the filth it came out with. He showed my husband what the phone had said to him and my husband found the store manager and said ‘it shouldn’t be saying that’.”

Tesco promised the device would be sent off to Apple for diagnostics, but it seems likely that some merry prankster had changed the username on the device to the offending seven words, so that the phone would default to the phrase no matter what the question. Apple is unavailable for comment over the holiday period.

Mrs Le Quesne told the paper her son went back to the store the next day and saw the same phone was still on the display case. The paper doesn’t note if the poor lad felt abused, or instead tried it again and dissolved into fits of giggles. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/30/apple_siri_swearing_tesco/

Analysis Chinese officials have published a new white paper detailing China’s aspirations in space for coming years. Most media have chosen to focus on Beijing’s vague aspirations toward deep-space and manned exploration, but in fact the concrete details given all point toward a primary emphasis on strategic advantage for China here on Earth.

The white paper can be read in full in English here, courtesy of China Daily. In it, certain definite steps which the People’s Republic intends to take are outlined. Firstly, three new “Long March” rocket launchers will be built:

The Long March-5 will use non-toxic and pollution-free propellant, and will be capable of placing 25 tons of payload into the near-Earth orbit, or placing 14 tons of payload into the GEO orbit. The Long March-6 will be a new type of high-speed response launch vehicle, which will be capable of placing not less than 1 ton of payload into a sun-synchronous orbit at a height of 700 km. The Long March-7 will be capable of placing 5.5 tons of payload into a sun-synchronous orbit at a height of 700 km.

So the Long March 5 will be liquid-hydrogen fuelled (hence the “pollution free” bit, as like all hydrogen rockets its exhaust is steam) and intended for general-purpose work. But the 6 and 7 models are intended for putting satellites into sun-synchronous orbits, a type of orbit preferred for spacecraft whose primary mission is looking down on the planet beneath. Sometimes this is for wholly scientific purposes, but generally such satellites can be very useful for espionage and military tasks – even if they are ostensibly scientific or commercial in nature, and are genuinely used as such much of the time. And the Long March 6, with “high speed response” will be particularly useful for reactive military/intelligence tasks where time is short – or outright space-warfare anti-satellite missions, if required. A rocket that can send up a spy satellite can also intercept a spy satellite.

Then we learn from the white paper that China will establish a comprehensive set of satellite constellations orbiting Earth, rivalling those of the USA in what they can accomplish. First, there will be a global network of surveillance, sorry, “Earth observation” spacecraft:

[China will deploy] stereo mapping satellites, radar satellites for environment and disaster monitoring, electromagnetic monitoring test satellites, and other new-type Earth observation satellites. It will work to make breakthroughs in key technologies for interferometric synthetic-aperture radar … It will initiate a high-resolution Earth observation system as an important scientific and technological project and establish on the whole a stable all-weather, 24-hour, multi-spectral, various-resolution Earth observation system.

Sure you can use radar sats for “environment and disaster monitoring”, but people didn’t invent them for that. Back in Cold War times, in fact, the Soviets developed radar-ocean-reconnaissance birds for the purpose of locating and tracking US warships at sea – and there can’t be much doubt that the modern-day Chinese military, frequently annoyed by US carrier task forces lurking off its coasts, would like to be able to do this too.

US admirals are much worried these days by Chinese plans to develop missiles capable of knocking out a carrier far out at sea, but in order to launch such a missile successfully you must first find your carrier – which is by no means a simple business without satellites as its umbrella of warplanes prevents normal aerial reconnaissance from locating it.

Then, “electromagnetic monitoring” is electronic intelligence plain and simple.

And there’s more:

Based on “three-step” development plan – from experimental system to regional system and then to global system, China will continue building its Beidou satellite navigation system, implementing a regional Beidou satellite navigation system before 2012, whose navigation and positioning, timing and short-message services will cover the Asia-Pacific region. China aims at completing the global Beidou satellite navigation system by 2020.

Again, satellite navigation-and-timing can be (nowadays mainly is) used for peaceful purposes. The only global-coverage satnav constellation now in service, the US Global Positioning System (GPS), is overwhelmingly used by commercial receivers for non-military tasks.

But GPS was built and is run by the US Department of Defense, not any civilian agency, and it was originally developed with the goal of making America’s intercontinental ballistic missile warheads hugely more accurate, not that of letting minicabs operate more easily.

Using unassisted astro and inertial guidance, an ICBM warhead can strike with enough precision to destroy a city: but aided by GPS it can hit close enough to its target coordinates to take out a deeply buried, hardened missile silo. All of the world’s five major nuclear-weapon states – the UN Security Council permanent five members – possess ICBMs with global range, but only the USA has a global sat-nav constellation it can rely upon completely.

Nowadays satellite navigation is of broader military significance: it is vital to the functioning of smart bombs and other conventional precision weapons of all kinds, not to mention general navigation and operations by ships, aircraft, vehicles and even foot soldiers. And outside the military sphere, many governments around the world look with disquiet on the growing dependence of their civilian shipping, aviation, even in time road and rail transport, on assets controlled by a foreign defence department.

Funnily enough Russia is building up its GLONASS nav-sat fleet again, following the financial troubles of the 1990s, and it is an open secret that much of the push behind the European Galileo system comes from the French military, which has long chafed at being reliant on US assistance to deliver accurate strikes – or even in some cases to keep cellphone coverage up, or aircraft flying in bad weather.

Compared to a global surveillance, navigation and communications fleet and the infrastructure required to maintain these in continuous service – which China says it will build, too – the rest of the announcements in the white paper don’t amount to much. There will be some ongoing experimental manned work in low orbit involving more docking of capsules (already achieved as unmanned tests), and “studies” into a manned moon landing one day. There will be some comparatively cheap and lightweight deep-space unmanned science missions – but this will be “in stages, with limited goals”.

Reading the world’s press, you’d imagine that these latter vague aspirations were the main thrust of the announcements. But the truth is that – just as with the USA and Russia, and to a significant extent with Europe – China’s space programme is all about increasing its security and influence here on Earth, and very little to do with expanding humanity’s frontiers out into space. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/12/30/chinese_space_white_paper/