WEEKLY DATA SECURITY NEWS ROUND UP Ed. 20! February 4-8, 2013
Anonymous Probably Didn’t Post over 4000 U.S. Bank Executive Credentials - So Who Did?
THIS WEEK’S BIG NUMBERS 4,600 - Amount of U.S. Bank Executives that had their information posted - but by who? 250,000
- Amount of Twitter Users who had their login info potentially compromised, but it’s part of a larger Chinese Hacking Campaign
If you’d read any data security news this wee or even tuned into ABC news, one of the things you might’ve stumbled upon is claims that Anonymous has infiltrated the Federal Reserve and posted 4,000 U.S. bank executive credentials as part of its “Operation Last Resort” strike. The reporting, especially seen here on ABC, has plenty of fear-mongering to go around for the evil shadowy hackers. What most people didn’t talk about was the fact that this probably wasn’t Anonymous. Even on the surface, this doesn’t seem exactly like Anon’s core goals. They’re not about causing chaos and publishing many innocent people’s information, they’re about standing up for a cause. The majority of the information published was small bank managers and credit unions, we’re not talking about the big plush bankers that Anon may typically target. But beyond that, substantial evidence has been brought to the table from a Reddit user. A detailed post outlines many reasons why this might not be Anonymous. “We are getting many questions on Facebook and Xero is getting many via this websites contact form regarding Operation Last Resort. While we cannot give you direct proof this is a propaganda operation we can give you the reasons why it appears as such. 1) On Sunday I (Xero Flux) was able to reach AnonymousIRC (one of the more reputable Twitter channels for long term trusted Anonymous activity) and they claim the USSC on @doxbin is a faked, and comprised of data ripped from a two year old document they released. (Typical Cointel style, take others work and give it a facelift.) 2) The night of release they were caught censoring posts asking questions or pointing out that this operation forces all sects to comply and goes directly against the core anon protocol. 3) Nobody on IRC* can vouch for the credibility of those leading this operation. Anonymous is one thing but when your fellow anons are completely clueless who you are and where you came from when you bust out the gates with an operation this scope is quiet suspicious.
DID YOU KNOW? This is our 20th Edition! Go back and check out all our previous Weeklys to catch up on the landscape of the Data Security Industry.
4) The same day literally hours before this release Department of Homeland security named Cyber threats a severe issue and is trying to use this threat to enact SOPA style laws with executive order. This operation gives them a perfect example of WHY. http://rt.com/usa/news/napolitano-us-cyberattack-761/ 5) This paints all anons as hacktivists, something anyone with a brain knows it a complete media machine lie to discredit ACTIVISTS under the same banner. 6) A youtube account claiming/admitting to hacking a government site would not be permitted to STILL be active (Note: It is still up: Day 6). It would be ripped down as soon as the first fed hit the video after the hack. YET it’s still up, with no penalty and everyone ignores this fact. ALL credible sources/anon cells to date have no idea who is running this operation. It came out of thin air and is using old anon operations data claiming its new.
*IRC (mIRC - my Internet Relay Chat) is a very popular and old-school way for communities to gather and communicate in various chat rooms, commonly used by Anonymous. Now, it’s a little bold to claim that the U.S. Government is responsible for such an attack, but the points do paint a clear picture that Anonymous, or at least their big main players, are not involved. It could just as easily be a rogue member looking to sabotage their reputation for some reason, or anyone else with a grudge against them. However, there are plenty ready to hop on the “inside job” train as indicated by following comments. In this case it’s impossible to know until more details are released, but it’s important that when looking at “Operation Last Resort”, everyone should entertain the idea that it may not be Anonymous. If you think about what Anonymous has accomplished in the past, this absolutely blows all other operations completely out of the water in terms of effectiveness and scale, and it doesn’t match up with their core goals. Sources: ABC News, ZDNet, Reddit
Vulnerability Lets Hackers Control Building Locks, Electricity, Elevators and In the K logix Weekly, we’ve covered remote-control hacks on everything from pacemakers to vehicles. This week, there are more additions to the list with building locks, electricity, elevators, and many other critical components controlled by the industrial control system “Tridium”. “The vulnerability in the Tridium Niagara AX Framework allows an attacker to remotely access the system’s config.bog file, which holds all of the system’s configuration data, including usernames and passwords to log in to operator work stations and control the systems that are managed by them.” See, Tridium is unfortunately a industrial control system that has online connectivity. On top of this, the platform is written in Java, which feels like it has a big new exploit every week. This shouldn’t be a feature in such a sensitive system, because if you lose the internet connectivity, you lose a huge percentage of risk. However, “Tridium’s own product documentation for the system touts the fact that it’s ideal for remote management over the internet.” In a Shodan search engine, researchers found 21,000 Tridium access points, that in fact did control actual boxes within critical business structures. One was connected to a medical testing lab at a college. If somebody wanted to, it’s easily exploitable,” McCorkle said. Well, that’s re-assuring. Go ahead Tridium, be proud that you have internet connectivity integrated to your systems, until your own building gets powered down by a hacker remotely controlling everything. Source: Wired
Twitter Hacked - Connection to Chinese Hacking Campaign on Western Media Outlets
@China Hey, Why you hacking us?
@Twitter We’re not hacking anyone right Mao.
Twitter recently revealed that it was hacked and 250,000 users are potentially vulnerable, but that’s not the story here. The story is the NYTimes hacked that we covered last week and this hack is connected, along with reports of the Wall Street Journal and the Washington Post also being targeted recently. “This attack was not the work of amateurs, and we do not believe it was an isolated incident,” he wrote. “The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked. For that reason we felt that it was important to publicize this attack while we still gather information, and we are helping government and federal law enforcement in their effort to find and prosecute these attackers to make the Internet safer for all users.” This is part of a larger (very likely) Chinese campaign against what looks like Western Media Outlets. Reasons for targeting these outlets are unclear, but it’s obvious the motive hasn’t been money with any of these. Information must be a key component, but it’s not about login information necessarily either, and we’re not looking at identify theft. This story will continue to develop as more information is released by each of these breached media outlets, and it’ll be exciting to get more answers behind this expertly executed and targeted campaign on Western Media Outlets. Source: Wired