STE WILLIAMS

NATO Members Warned About Anonymous

NATO leaders have been warned that the Anonymous “hacktivist” collective might have the capability to threaten member states’ security.

A report for the alliance by Lord Jopling, UK general rapporteur and Tory peer, provides a general (mostly factual) overview of the changing nature of the internet.

One key section deals with the use of social media tools to exchange information by people on the ground during the ongoing Arab Spring protests; another deals with the ongoing WikiLeaks affair and its fallout – and also covers the hack by Anonymous in solidarity with the whistle-blowing site.

Anonymous is becoming more and more sophisticated and could potentially hack into sensitive government, military, and corporate files. According to reports in February 2011, Anonymous demonstrated its ability to do just that. After WikiLeaks announced its plan of releasing information about a major bank, the US Chamber of Commerce and Bank of America reportedly hired the data intelligence company HBGary Federal to protect their servers and attack any adversaries of these institutions. In response, Anonymous hacked servers of HBGary Federal’s sister company and hijacked the CEO’s Twitter account.

Today, the ad hoc international group of hackers and activists is said to have thousands of operatives and has no set rules or membership. It remains to be seen how much time Anonymous has for pursuing such paths. The longer these attacks persist, the more likely countermeasures will be developed, implemented, the groups will be infiltrated and perpetrators persecuted.

Lord Jopling’s report is essentially a policy backgrounder and not a call to action. The document leaves it open as to how exactly members of the hacktivist collective might be “persecuted”, but the general thrust seems to be that this ought to be an extension of previous law enforcement crackdowns. NATO’s role if any in all this seems to be in locking down government and military servers rather than spearheading some military cyber-offensive, much less “taking out” Anonymous-affiliated chat channels.

Only a few years ago, cyberwar barely got a mention in NATO conferences, even in the wake of high-profile cyberattacks on Estonia in April 2007. The ongoing WikiLeaks saga along with the arrival of the industrial-control plant sabotaging Stuxnet worm have changed the game, and this is the real significance of Jopling’s report.

Source

Hackers pwn PBS in Revenge for WikiLeaks Documentary

Hackers aligned with WikiLeaks broke into and defaced the website of US broadcaster PBS over the weekend shortly after it had aired a less than flattering documentary about the whistle-blowing site.

LulzSec took particular offence at the portrayal of presumed WikiLeaks source Bradley Manning during of an episode of PBS’s Frontline news magazine programme. In response, the hackers broke into PBS website before swiping passwords and other sensitive information.

The hacker pranksters uploaded usernames and hashed passwords for the PBS database administrators and users onto Pastebin.com. Even more embarrassingly, the prankster also posted the logins of PBS local affiliates, including plain-text passwords.

Just so everyone would know the hack had happened, LulzSec also defaced PBS’s website, posting a bogus story (cached here) that claimed dead rapper Tupac Shakur was alive and well in and living in the same New Zealand town as nemesis Biggie Smalls. PBS posted a statement on the hack but that was defaced as well with an abusive message posted against Frontline.

Hacks of this type are normally carried out using SQL injection attacks. Flaws in content management systems are also a popular target. However LulzSec said that it had used a zero day exploit in Movable Type 4 on Linux servers running outdated kernels. That in itself would only have allowed LulzSec to deface the PBS website, but the use of the same password across multiple systems within PBS allowed the hackers to pull off a far more deeply penetrative attack.

Since the hack, LulzSec has turned it attention towards patriot hacker Jester, the most prominent member of the anti-Wikileaks cyber-militia, who attacked WikiLeaks after the release of US diplomatic cables. Unsurprisingly, LulzSec claimed his hacks were “lame” before threatening an attack against long-running hacker magazine 2600

Source

HBGary Chief Quits After Anonymous Hack

HBGary Federal chief exec Aaron Barr has resigned in a bid to allow the firm to draw a line under the continuing revelations from the Anonymous hack attack.

Barr was the prime mover in plans to out senior members of Anonymous at the B-Sides security conference last month. But hunter became hunted after the more skilled members of Anonymous hacked into HBGary Federal’s computer network before publishing its email database.

The emails included the revelation that Morgan Stanley, a HBGary client, was hit by the Operation Aurora attacks of late 2009, as well as messages that purported to show HBGary was planning a dirty tricks campaign against WikiLeaks. (more…)

Assange Set To Lose Extradition Case

An expert in UK extradition law says it’s “very likely” that WikiLeaks founder Julian Assange will lose his battle against extradition to Sweden, where he’s wanted for questioning in an investigation into rape and sexual assault allegations.

Julian Knowles, a barrister for law firm Matrix Chambers and the author of books on extradition, told BBC Radio that the legal and factual bases underpinning Assange’s defense during three days of extradition hearings in London earlier this month weren’t persuasive. As a result, Chief Magistrate Judge Howard Riddle, who is scheduled to deliver his judgment on later today, is likely to rule in favor of Swedish prosecutors seeking Assange’s extradition, he said.

“From what I read and heard about the Assange extradition hearing, I think it’s very likely that the Swedish prosecutor will prevail and extradition will be ordered by the senior district judge,” Knowles said during an interview on BBC Radio’s Law in Action program. “In a nutshell, the two preliminary arguments that the defense are running are (one) the prosecutor has no power to issue the warrants and (two) that Mr Assange is only really wanted for questioning and isn’t really wanted for trial and you have to be wanted for trial in order to be properly extradited.” (more…)

WikiLeaks accused of tapping P2P for secret docs

As much as half of the secret documents posted by WikiLeaks may have been siphoned from peer-to-peer users who incorrectly configured their file-sharing software, according to evidence gathered by a security firm.

Tiversa, a Pennsylvania company that in 2009 uncovered confidential blueprints of the US President’s Marine One helicopter being traded over P2P networks, told Bloomberg News the evidence suggests that WikiLeaks volunteers actively sought out confidential documents, despite claims by the whistle-blower website that it doesn’t know who provides it with the information it gets.

“There are not that many whistleblowers in the world to get you millions of documents,” Tiversa chief executive Robert Boback told Bloomberg. “However, if you are getting them yourselves, that information is out there and available.”

The company has turned the evidence over to government officials investigating WikiLeaks, Boback told the news service. An attorney for WikiLeaks called the claim “completely false in every regard.”

Among the findings leading to Tiversa’s claim:

  • Over a stretch of 60 minutes on February 7, 2009, four computers with Swedish IP addresses issued 413 searches over LimeWire and Kazaa for government documents. The searches unearthed a survey of the Pentagon’s Pacific Missile Range Facility stored on a computer in Hawaii. A little more than two months later, the document was renamed and posted to WikiLeaks. The post said the sensitive information “was first publicly revealed by WikiLeaks working with our source.”
  • In late 2009, WikiLeaks published a spreadsheet detailing potential terrorist targets in California’s Fresno County. The document, which noted locations of caches of bomb-grade fertilizers and other potentially vulnerable sites, was inadvertently indexed on P2P networks by a California state employee in August, 2008, more than a year before the secret-spilling site posted it.
  • Also in 2009, WikiLeaks published Army intelligence documents that reported on the movements of Taliban leaders and other confidential details. Those documents were exposed on P2P networks as early as September of 2008, eight months earlier.
  • The Pentagon’s 58-page Afghanistan Order of Battle was available on P2P networks in January 2009. It was posted to WikiLeaks four months later

It’s not the first time WikiLeaks has been accused of trawling public networks for the confidential material it posts. Last Year, The New Yorker reported that WikiLeaks obtained “millions of secret transmissions” that passed over the Tor anonymizing network. WikiLeaks vehemently denied the claim, but so far no correction has been issued by the magazine.

Bloomberg said the information scavenging by WikiLeaks, if true, “would contradict its stated mission as a facilitator of leaked material by insiders whose identities, [founder Julian] Assange has said the group takes measures not to know.

But it seems just as plausible that someone not affiliated with WikiLeaks performed the P2P searches and anonymously provided the resulting documents to WikiLeaks.

Wikileaks given data on Swiss bank accounts

Wikileaks logo Wikileaks has established a reputation for publishing sensitive materials

A former Swiss banker says he will pass on data containing account details of 2,000 prominent people to Wikileaks.

The data – which is not yet available on the Wikileaks website – is held on two discs to be passed on by Rudolf Elmer at a press conference in London.

Mr Elmer, who has given data to Wikileaks before, was fired from Swiss bank Julius Baer in 2002.

He is scheduled to go on trial in Switzerland on Wednesday for breaking bank secrecy laws.

According to a report in Swiss newspaper Der Sonntag, Mr Elmer does not expect the data to become immediately available on the whistle-blowing website, as it must first undergo a vetting process.

He said the data included the offshore accounts of about 40 politicians, and covers accounts at three banks, including his former employer.

Lawyers fear Assange faces death penalty in US

WikiLeaks founder Julian Assange could be imprisoned at Guantanamo Bay or face the death penalty if he’s extradited to the US, his attorneys argued in court papers released Tuesday.

The document, which outlines the defense Assange’s legal team intends to use next month at a hearing over Sweden’s request for extradition, says Assange could be subject to other types of maltreatment that would violate the European Convention on Human Rights. They include the possibility of torture or, they hinted, “extraordinary rendition,” in which the CIA forcibly transfers suspected terrorists to countries where prohibitions against torture aren’t in place.

“There is a real risk that, if extradited to Sweden, the US will seek his extradition and/or illegal rendition to the USA, where there will be a real risk of him being detained at Guantanamo Bay or elsewhere, in conditions which would breach Article 3 of the ECHR,” the document stated. “Indeed, if Mr. Assange were rendered to the USA, without assurances that the death penalty would not be carried out, there is a real risk that he could be made subject to the death penalty.”

The document went on to cite references from former Alaska Governor Sarah Palin and former Arkansas Governor Mike Huckabee, who have both called for Assange to be treated as a terrorist.

Assange, 39, remains confined to a country mansion outside London on about $410,000 surety while a London court decides whether Assange should be extradited to Sweden. Prosecutors in that country are investigating claims by two women that Assange sexually molested them while visiting Sweden in August. Assange was previously cleared to leave the country after prosecutors there closed their investigation. When it was reopened, prosecutors sought Assange’s extradition, which the WikiLeaks’ founder has opposed.

Assange hasn’t been charged with any crime.

In the defense preview, Assange’s attorneys took issue with the extradition application of Swedish prosecutor Marianne Ny. Requests can be made only after a suspect has been charged with a crime that is subject to extradition, the attorneys argued. What’s more, prosecutors must exhaust all “normal procedures” for interrogating Assange, which has yet to happen, they argued.

“In short, Ms. Ny went from informal discussions about arranging an interview of Mr. Assange straight to the issuance of [a European arrest warrant], without taking the reasonable and proportionate, intermediary step of formally summoning him for an interview or formally requesting his interrogation,” the wrote. “The proper, proportionate and legal means of requesting a person’s questioning in the UK in these circumstances is through Mutual Legal Assistance.”

The defense preview was issued a few hours after Assange appeared at a brief court hearing attended by supporters including Bianca Jagger and heiress/socialite/humanitarian Jemima Goldsmith. ®

WikiLeaks lawyer dubs US subpoena on Twitter ‘harassment’

US prosecutor demands that Twitter hand over data about WikiLeaks and a raft of supporters amounts to harassment, a lawyer for the whistle-blower website says.

The claim comes amid revelations of documents the US Department of Justice secretly filed in federal court seeking detailed information associated with the accounts of WikiLeaks and several of its supporters, including Icelandic Member of Parliament Birgitta Jónsdóttir, founder Julian Assange, and Rop Gonggrijp and Jacob Appelbaum, who are hackers who have worked with Assange in the past. Pfc. Bradley Manning, the US Army intelligence analyst suspected of supplying WikiLeaks with classified government documents was also targeted.

Mark Stephens, an attorney representing the secret-spilling website, told journalists over the weekend that the demands violate the US Constitution’s guarantee against unreasonable searches and seizures and amounts to a shake down.

“The Department of Justice is turning into an agent of harassment rather than an agent of law,” Stephens told Bloomberg News. “They’re shaking the tree to see if anything drops out, but more important they are shaking down people who are supporters of WikiLeaks.”

Stephens went on to tell Bloomberg that similar information was sought from Google, Facebook and eBay’s Skype division. Those companies have yet to confirm or deny that claim.

The government’s dragnet might never have come to light were it not for the actions of Twitter, which under the national security letters filed on December 14 in US District Court for the Eastern District of Virginia was forbidden from notifying its subscribers that their information was being demanded. Lawyers for the micro-blogging filed a motion to unseal the court order and won last week.

The company easily could have complied with the order and faced “zero” liability for doing so, said Christopher Soghoian, a Ph.D. candidate in Indiana University’s School of Informatics and Computing, where he is researching data security and privacy, cyber law.

“It is wonderful to see companies taking a strong stance, and fighting for their users’ privacy,” he blogged. “I am sure that this will pay long term PR dividends to Twitter, and is a refreshing change, compared to the actions by some other major telecommunications and internet application providers, who often bend over backwards to help law enforcement agencies.”

He went on to highlight comments made a few years ago by eBay’s director of compliance boasting that the online auction house “has probably the most generous policy of any internet company when it comes to sharing information.” The site doesn’t require a subpoena “except for very limited circumstances,” the official went on to say.

Meanwhile Iceland’s Foreign Ministry has summoned the US Ambassador to Reykjavik to explain why investigators are dredging up the online activity of an Icelandic lawmaker. It’s not clear when the meeting will take place.

Stephens, the WikiLeaks attorney, said government investigators are using the data demands to learn as much as they can about the comings and goings of the targets, as well as their relationship to each other.

“What they will then do is take that data and analyze it in conjunction with data they get from Google, Facebook and the other social media, so that they can ascertain individuals that they feel they want to pay more attention to,” he told Bloomberg. ®

Feds subpoena Twitter for info on WikiLeaks backer

US authorities have subpoenaed Twitter for information about an Icelandic parliamentarian who until recently was a vocal supporter of WikiLeaks and its embattled founder Julian Assange.

Iceland Member of Parliament Birgitta Jónsdóttir disclosed the legal demand in a series of tweets on the micro blogging site on Friday. The former anarchist was a vocal supporter of the whistle-blower website until recently, when her enthusiasm for Assange cooled following allegations he sexually molested two women during a visit in August to Sweden.

“Just got this: Twitter has received legal process requesting information regarding your Twitter account in (relation to wikileaks),” she wrote in one dispatch. “USA government wants to know about all my tweets and more since november 1st 2009. Do they realize i am a member of parliament in iceland?” she quickly added.

She went on to say she is consulting with a lawyer and intends to fight the demand, which came from officials at the Justice Department.

“They are asking for a lot more then [sic] just my tweets,” she said. “I only got 10 days to stop this via legal process or [Twitter] will hand it over.

A Twitter spokeswoman declined to confirm the account, or say whether the service intends to comply.

“To help users protect their rights, it’s our policy to notify users about law enforcement and governmental requests for their information, unless we are prevented by law from doing so,” she said.

The demand makes Twitter the latest company to get embroiled in the US government’s heated campaign against WikiLeaks. Over the past month, a variety of companies – including PayPal, MasterCard, Visa, and Bank of America – have denied services to WikiLeaks following claims by the State Department that the site was engaged in illegal activity.

Charges have yet to be brought.

Jónsdóttir was the chief sponsor of the Icelandic Modern Media Initiative, which was passed in that country’s parliament in June. The measure reformed media laws to make Iceland an international safe haven for journalists.

According to The Telegraph, Jónsdóttir also managed to get Assange into a US Embassy cocktail party at the ambassador’s residence in Reykjavik. During the event, Assange sipped with Sam Watson, the embassy’s deputy chief of mission, whose embarrassing dispatches concerning the US and UK role following the collapse of Iceland’s bank would later be published on the site.

“He certainly had fun at the party,” Jónsdóttir was quoted as saying. “I said it would be a bit of a prank to take him and see if they knew who he was. I don’t think they had any idea.”

According to Wired.com, the subpoena was served on December 14 in US District Court in Alexandria, Virginia, the same venue of a federal grand jury deciding whether to bring charges against Assange for leaking classified State Department cables.

“I think I am being given a message, almost like someone breathing in a phone,” Jónsdóttir wrote. “If Twitter hands over my information – then no ones information is save [sic] with Twitter.” ®

WikiLeaks’ Julian Assange Now Making $86k/year

WikiLeaks’ main financial arm, the Germany-based Wau Holland Foundation says it has collected about 1 million Euro ($1.3 million) in donations in 2010, the year in which WikiLeaks exploded into public prominence thanks to its release of thousands of classified U.S. documents, according to a new report from the Wall Street Journal.

Wau Holland is the primary but not sole financial provider for WikiLeaks, the Journal reports.

From those donations, Wau Holland has established a Greenpeace-like system of salary payments, as WikiLeaks attempts to legitimize its organization by moving away from purely volunteer-based work, the Journal reports. The move to make salaried employees allegedly comes after a year-long intense internal debate about whether to do so.

The main beneficiary has been founder Julian Assange, who has drawn 66,000 Euros (about $86,000) in salary thus far this year, the Journal reports. Wau Holland has paid a total of 100,000 Euros in salaries to the entire WikiLeaks staff, which means Assange is getting the lion’s share.

WikiLeaks will pay key personnel based on a salary structure developed by the environmental activist organization Greenpeace, the Journal reports. Under the structure, Greenpeace department heads are paid about 5,500 Euros in monthly salary, a Wau Holland spokesman said.

Among the many revelations from the Journal report are several indications that donations to WikiLeaks have dropped off significantly in the second half of the year.

By August, WikiLeaks had raised about 765,000 Euro, which means it has only raised about 235,000 Euro since then, the Journal reports.

Last summer, WikiLeaks said it operated on about 150,000 Euro a year. Now, however, the foundation says it has paid about 380,000 Euro in WikiLeaks expenses, with some invoices for the year still unprocessed. Some of that total is for hardware, Internet access and travel, a Wau Holland spokesman said. But a big factor in the leap is a recent decision to begin paying salaries to staff.

WikiLeaks had also allegedly promised to contribute half of the estimated $100,000 it will cost for the legal defense of Bradley Manning. Recently, however, a WikiLeaks spokesman said it would only donate around $20,000.

As of the writing of this report, it had still not contributed the funds. The Wau Holland Foundation is awaiting advice from its lawyers on whether the donation would be legal under German law, a spokesman told the Journal.