Oh the irony!
Barrett Brown was indicted last week on 12 new counts. The first was “Traffic in Stolen Authentication Features.” These authentication features (belonging to credit card numbers) were lifted from Stratfor by LulzSec/AntiSec around Christmas last year.
- Brown is not accused of being a member of LulzSec or AntiSec.
- Brown is not accused of being involved in the Stratfor hack.
- Brown is not accused of making fraudulent use of the credit card details.
He is accused that
On or about December 25, 2011, in the Dallas Division of the Northern District of Texas and elsewhere, defendant Barrett Lancaster Brown, aided and abetted by persons known and unknown to the Grand Jury, in affecting interstate commerce, did knowingly traffic in more than five authentication features knowing that such features were stolen and produced without lawful authority, in that Brown transferred the hyperlink “http://wikisend.com/download/597646/stratfor_full_b.txt.gz” from the Internet Relay Chat (IRC) channel called “#Anonops” to an IRC channel under Brown’s control called “#ProjectPM,” said hyperlink provided access to data stolen from the company Stratfor Global Intelligence, to include 5,000 credit account numbers, the card holders’ identification, and the authentication features for the credit cards known as the Card Verification Values (CVV), and by transferring and posting the hyperlink, Brown caused the data to be made available to other persons online without the knowledge and authorization of Stratfor Global Intelligence and the card holders.
In other words, Barrett Brown has been indicted for posting a link on the internet. He did nothing more than that. That’s more than a bit worrying. Is the FBI going to come after anyone posting a link to a file containing information it doesn’t wish to be public? What does that do to the freedom of the press?
But that link for which Brown has been indicted has been made public by the indictment. Now I believe I am outside of the FBI’s jurisdiction (McKinnon and O’Dwyer and indeed Assange may think differently), but the signatories to the indictment are not. Candina S Heath (Assistant United States Attorney, Northern District of Texas) has her name printed. The others I cannot decipher:
In the interest of justice, then, I confidently await at least three new indictments with almost exactly the same wording as Brown’s, naming three new defendants who, by making public the same hyperlink, “caused the data to be made available to other persons online without the knowledge and authorization of Stratfor Global Intelligence and the card holders.” Unless, of course, every single one of the 5000 cardholders (and for that matter every single Stratfor client mentioned in the leaked file) has given explicit consent for the disclosure…
Jeffrey Carr tweeted about my blog on Akamai and Anonymous (Anonymous and the ‘threat’ against Akamai and Josh Corman).
Interesting to say the least.
But before saying anything else, I should stress that I am taking this tweet and the TechWeekEurope report on Josh Corman’s RSA 2012 comments at face value. I cannot personally corroborate either.
Firstly, the idea that being ‘kind’ yesterday should excuse being ‘unkind’ today seems strange. Corman’s latest reported comments are not capable of being misconstrued:
Anonymous has very few hackers, it has very few activists… It is very misleading to call the groups hacktivists. The common attribute is angst. The talented ones are either quitting or starting to do things that are more clandestine.
If accurate, the purpose of these sentiments can only be to belittle and perhaps ridicule Anonymous. The reality is, ridicule and disinformation are Authority’s most effective weapons against Anonymous. This explains why Anonymous questioned his motives.
But this is not what intrigues me most about Carr’s tweet. It is the comment, “trying to help Anonymous become a more effective org”. It is a fundamental contradiction in terms that displays a basic misunderstanding of Anonymous. In fact, I would go further. If someone really does understand Anonymous and tries to help it become a more effective organization, then that person has an ulterior motive and is actually trying to weaken Anonymous.
Anonymous is not an organization. Its strength is that it is not an organization. In fact I suggest that its survival depends upon it never becoming an organization. Organizations have structures. Structures have hierarchies. Hierarchies have heads – and heads can be beheaded.
Think of LulzSec. It was taken apart because it had at least a nominal head in Sabu. By first taking Sabu, the FBI was able to destroy LulzSec. It also explains why the US is expending so much effort on getting Assange – by attacking the structure of Wikileaks it will ultimately destroy Wikileaks. So long as Assange is a primary focal point for Wikileaks, Wikileaks has a weakness. But by having no structure, Anonymous becomes a Hydra.
I don’t know whether any such thinking exists within the Anonymous movement. I suspect the ‘official’ line is that it is governed by its own ‘collective consciousness’. On one level this is a weakness because it allows different factions to act out their own predilections in the name of Anonymous. The collective (not the organization) cannot denounce these acts because it would deny the principle of collective consciousness. As a result, winning the hearts and minds of the unaligned public becomes difficult and highly susceptible to ridicule and accusations of terrorism.
But it does have one huge strength. The mere fact that Anonymous exists is a testament to increasing worldwide discontent with the political and social status quo. As this discontent, illustrated by the Occupy Movement, continues to grow, so Anonymous will continue to strengthen. Becoming ‘organized’ will provide a weakness that the authorities will exploit. So it must continue with its disorganized and decentralised lack of structure. It will make the battle longer; but it is the only way it can win. Organizing itself will destroy itself.
A simple glance around the contemporary threatscape shows that cyberwar is getting increasingly confused and complicated: confusticated, in fact. Nation states are (allegedly) attacking nation states; criminals are attacking infrastructures; nation states are (allegedly) controlling criminals; criminals are attacking the people; and the people are rebelling against their governments.
Let’s start at the top: state-sponsored cyber attacks. It came to the surface with Aurora two years ago – and incidentally, the gang behind it, whether state- (for which read ‘China’) sponsored or not, is still active – blossomed with Stuxnet and Duqu and went into overdrive with Flame and Wiper. The last four are all (allegedly) part of a US/Israeli campaign against Iran; and this is not cyber-espionage, this is pure war.
The thing about Wiper is that it is destructive. It attempts to be – and succeeds in being – a new form of ‘stealth’: it self-destructs to avoid being taken alive. And as far as is known, there is still no live Wiper in captivity. First, as far as we understand, it steals data; then it destroys data; and then it kills itself.
After Wiper we had Shamoon, and this is where things start to get complicated. Shamoon seems to be a poor copy of Wiper, and is believed to have been used to attack the Saudi oil company, Aramco – and possibly the Qatari energy company RasGas two weeks later. Now we are in the land of conjecture. Shamoon could have been designed and used by traditional criminals; but that idea doesn’t quite hang together.
Another theory points the finger at Iran. Shamoon, it suggests, is an Iranian retaliatory strike following Stuxnet and Flame; and targeting Aramco because of the Saudi promise to increase oil production to offset the effect of sanctions against Iranian oil. This theory suggests that since Iran was the primary target of Wiper, it more than any other source would be well-positioned to develop a copy – and indeed Shamoon does appear to be a poor copy of Wiper.
This political theory of Shamoon is supported internally by the malware itself. Part of its data wiping process is to use a fragment of a JPG file. That picture has now been recognised: it is a picture of a burning US flag. What we don’t know is whether Shamoon is state-produced in the same way as Stuxnet, Flame and Wiper; or whether it is produced by criminals ‘encouraged’ by the state. Incidentally, we are in exactly the same position with Aurora. The gang behind Aurora, called the Elderwood gang by Symantec, is still very active and still targeting primarily US defense companies. Is it China or Chinese criminals or Chinese criminals ‘encouraged’ by China?
The simple fact is the confustication of modern cyberwarfare means we neither know nor are likely to know the answers to these questions: plausible deniability lies at the heart of all cyber criminality.
Now let’s consider hacktivism, the ‘civil war’, or just civil rebellion part of cyberwarfare – Wat Tyler Vs the king. Anonymous is the seminal hacktivist – but not the only actor. Since the demise of LulzSec, Anonymous has largely undertaken its protest through DDoS (not entirely, since it was involved in first stealing huge volumes of Iraqi emails, and then leaking them to WikiLeaks). But now it has been ‘joined’ by NullCrew, adding to the hacking power of AntiSec. AntiSec may be mainstream Anonymous; but NullCrew is separate. It just has similar sympathies, and many of its recent hacks have been performed in the name of the Anonymous-led and politically motivated #OpFreeAssange.
Both AntiSec and NullCrew are seriously ‘talented’ hackers. AntiSec recently stole a large number of Apple UDIDs from either the FBI or BlueToad, depending on who you believe. Null Crew hacked a Cambodian Army site, Logica, Cambridge University, the European Space Agency and more and more. 0x00x00, perhaps a member of NullCrew, perhaps not, has undertaken his own Assange campaign, breaking into numerous websites and leaving an Assange poster calling-card.
But while we’re talking about hacktivism, let’s not forget that the king has his own men – the FBI (and SOCA) acting within the king’s law, and Jester – that ‘hacktivist for good’ – acting outside of it. The latter recently took on and took out a well-respected site, Cryptocomb, in what Cryptocomb openly described as a ‘state-sponsored’ attack. Now, if this isn’t confusticating enough, there is even a civil war within the rebels. One faction has been calling for a more organised Anonymous with a supreme council directing operations – only to be slapped down by the existing Supreme Council of One, Commander X. There will be no Supreme Council for at least as long as Commander X remains in charge (which, of course, he is not, other than by general consensus). Confused yet?
Well let’s summarize. There is a legal cyberwar being fought by the US and Israel (and if you believe the cyber-underground, the UK was involved – shortly before his very strange death, it is claimed that Mr Williams had been commuting between GCHQ and the NSA, and had just started talking about whistleblowing on something; all just before Stuxnet exploded. AntiSec claims on Pastebin, “And then you have Gareth Williams (31), the GCHQ hacker murdered and ‘bagged’ inside a MI6′s ‘safe’ house (we’d hate to see what the unsafe ones look like) in August of 2010 after talking about being curious about leaking something to Wikileaks with fellow hackers on irc.”
Then there is an illegal war of retaliation being fought by Iran, together with old-fashioned cyberespionage from China. And finally, the war against terror has spread to the battle against Anonymous (always classified as cyberterrorists, and therefore within the purview of the war on terror, by the king’s men) in an attempt to quell the cyber rebellion.
But – and we have to stress this – it is all conjecture, allegation and confustication. The problem is, we haven’t mentioned that primary weapon of all warfare used by all antagonists against all enemies: disinformation. And all sides are very good at it.
John Young is one of my heroes. In many ways he is the prototype WikiLeaks – less showy, less flamboyant, but as honest as a summer’s day in the Arctic is long. He’s like an old-fashioned editor before the money-men took over: publish and be damned, so long as it is true.
Jester is a pain in the backside. Jester is a self-righteous, self-proclaimed, self-promoting hacktivist for good.
Jester doesn’t seem to like the truth. He doesn’t seem to like government sins made public. He seems to think that American and other allied soldiers are fighting and dying in Afghanistan and other theatres of war to protect the western politicians, regardless of how corrupt, or deceitful they may be. He seems to want to be the arbiter of what we are allowed to know. In short, he wants to defend a way of life that isn’t worth defending.
Needless to say, Jester doesn’t like John Young or his websites. He says that Cryptocomb leaked to Fox News the true name of the Navy SEAL who has authored a book due to be published next month on the killing of Osama bin Laden. Cryptocomb says, “The suggestion that Cryptocomb leaked a story to Fox News is simply crazy.” One is an inveterate liar and self-aggrandizing distorter of the truth, and the other is Cryptocomb. The Fox News story, incidentally, is here: Fox News Outs The Navy SEAL Who Wrote An Anonymous Book On The Bin Laden Raid.
But, true to character, Jester took the law into his own self-righteous hands and launched a successful denial of service attack on Cryptocomb. He tweeted:
A quick check on Cryptocomb did indeed show problems:
I’ll come back to that comment later. But then Jester tweets:
and Cryptocomb is back up. The only indication of any removed file from Cryptocomb that I can find is “th3j35t3r takes down Cryptocomb”. It’s gone. Can’t even find it on Google cache. Lucky I took a quick, sadly partial screenshot earlier:
I cannot be certain that this is the file that Jester refers to. It looks possible, and could be used to justify his second tweet; but it’s certainly not a file leaking a SEAL name to Fox News. Is this a victory for Jester? Well he’d certainly like us to think so; but it’s pretty meaningless either way since Cryptocomb still links to the full Fox News expose.
Let’s go back to Cryptocomb’s earlier comment. State sponsored attack? Well I’ve often wondered. Earlier today in the UK it became known that an arrested Facebook troll is actually a serving policeman. The victim commented, “When [Olympic diver] Tom Daley was trolled, within 24 hours someone was traced and arrested.” For her it took nine months and a high court judgement. On Tuesday the FBI arrested at least the ninth alleged member/associate of LulzSec. It seems self-evident that when law enforcement decides it wants or need to catch someone, it can and will. Consequently, it’s impossible to avoid the conclusion that the FBI is turning a blind eye to the antics of Jester. And if that’s the case, no amount of plausible deniability can change the fact that this was indeed a state sponsored attack by collusion if not direction.
By way of introduction I will start by pointing to two stories I did for Infosecurity Magazine. The first is Bieber Hackers and the Anonymous image problem (7 June 2012), in which I argue that Anonymous will lose the battle for hearts and minds because the general public cannot distinguish between the unprincipled hangers-on (like UGNazi) and the politically motivated Anonymous-proper.
The second story was last week: WikiLeaks starts to publish Syrian emails (6 July 2012). This story introduces the Syria Files, the start of WikiLeaks’ publication of 2.4 million Syrian emails; and I mention that I had been told by Anonymous that the documents had come from their OpSyria campaign.
Between these two articles, Anonymous published its own paper called ‘Operation Rebuild the Hive’. It recognizes some of the image problems:
Anonymous has shown its weak point, EACH OTHER. We have let the world see we can be easily deterred from our main goals by simply turning on each other. Not only have long time friends become enemies, but also we have steered possible New Blood from wanting to join. Do not forget where we come from, Do Not forget why we fight, Do not forget the people who we have helped along the lines. We as a collective must Regroup, Rethink our strategies, and REBUILD not only each other, but ourselves.
Operation Rebuild the Hive
How? Well, much is what you would expect. By supporting newcomers and keeping them safe; by loving one another; by discussing new operations and agreeing them before executing them. But there is another theme that runs through the proposals: Anonymous should be Anonymous – full stop. Everyone should change their Twitter display names to Anonymous “so we can all be one, and not just an individual.” Operations and defacements should “Display the name Anonymous, so that we as a hive can stand out and not just a crew.” And, “we move as ONE. Do not let yours or someone else’s ego get in the way of who and what we are.”
If this approach were adopted, then a major structural problem within Anonymous would be eliminated. If UGNazi, or any other crew, wants to call itself UGNazi – or any other name – it is by definition NOT Anonymous.
But then, later in the day of my second article, Anonymous publicly claimed responsibility for the Syria Files. Its announcement starts with a bit of a put down to my little article in Infosecurity: “there seems to be one very obvious question that no one is asking. Where exactly did WikiLeaks get all these E-Mails? This press release is written and addressed to the media and the world to answer this important un-asked question.” Um, er, actually, I did ask…
However, my bruised ego aside, it continues
On February 5, 2012 at approx. 4:00 PM ET USA an Anonymous Op Syria team consisting of elements drawn from Anonymous Syria, AntiSec (now known as the reformed LulzSec) and the Peoples Liberation Front succeeded in creating a massive breach of multiple domains and dozens of servers inside Syria. This team had been working day and night in shifts for weeks to accomplish this feat. So large was the data available to be taken, and so great was the danger of detection (especially for the members of Anonymous Syria, many of whom are “in country”) that the downloading of this data took several additional weeks.
Anonymous Operation Syria – Press Release
This shows that the lesson hinted at in the Rebuild document has not gone home. Anonymous still talks about AntiSec and LulzSec and Anonymous Syria. The problem is that anybody can claim to be AntiSec or LulzSec or Anonymous Isle of Wight. Surely one small start in protecting the Anonymous image would be the elimination of all crews. If some bieber hacking group calling itself Cr3wP01s0n then claims the kudos and protection of acting in the name of Anonymous in taking down some village charity shop, the world would know, this is not Anonymous.
Anonymous still has much to do before it wins the battle for hearts and minds. And it is a battle it must win if it is to succeed. Anonymous must be seen to be what it really is: a force for the people; not a just bunch of script kiddies out for the lulz.
TheWikiBoat’s OpNewSon, which commenced at midnight on Friday 25th May, falls somewhere between a fail and an abject fail.
It was announced on 11 April. “On the day of the operation, we plan to hit and attack several high corporate entities,” said TheWikiBoat. “Those targets are none other then the ones who ultimately rule: the high revenue making companies of the world.” The attack would be multi-phased: first a DDoS followed by a hack resulting in the leak of “highly classified data from the targets”.
Somehow, this description grew into an attack on 46 major global companies, including Bank Of America, Apple, Wal-Mart, Tesco and others. I can find no source for this, so it could either be journalistic licence or a passing comment on an IRC channel. I did a preview of OpNewSon on Infosecurity Magazine: TheWikiBoat’s OpNewSon fires today.
But OpNewSon never matched its claims. In the event, it seems that only one site, BethBlog, was attacked with debatable success. BethBlog is the online home of Bethesda Software, a game developer and publisher and not of “the ones who ultimately rule”. In security terms it would be classified a soft target.
So what do we make of TheWikiBoat now? Is it a group of wannabees looking for the notoriety of LulzSec and the fame of Anonymous, but with more chutzpah than skill? That is bound to be the first reaction, and it may well be right. It may also be wrong.
TheWikiBoat seems to be blaming VoxAnon for pulling the IRC channel and effectively leaving the wiki boat without a rudder. Given the global nature of its members and the many different time zones involved, it became impossible to focus the fire power. Could be. Or it could be the group just didn’t get the LOIC critical mass; it could be they didn’t have the fire power to focus.
Either way, you cannot imagine either Anonymous or LulzSec making such a mess of such a well publicised plan. Personally, I hope TheWikiBoat disbands. If they have skills, then they should use their skills for good. Lulz for lulz sake is just childish. And if they are wannabees, they should simply grow up. There is already too much wrong in this world to add to it.
My news stories on Infosecurity Magazine from Monday 02 April until Thursday 05 April…
The UK faction of Anonymous has announced a campaign against the Home Office in protest against extradition arrangements with the US, and the European Arrest Warrant (EAW). It is timed for 9:00pm on Saturday.
05 April 2012
Pastebin to be better purged of ‘hurtful’ hack dumps
“I am looking to hire some extra people soon to monitor more of the website’s content, not just the items that are reported. Hopefully this will increase the speed in which we can remove sensitive information,” says Jeroen Vader, owner and developer of Pastebin.
05 April 2012
TIBCO announces intent to acquire LogLogic
TIBCO Software Inc., a Palo Alto, California-based company, has announced a definitive agreement to acquire LogLogic Inc, a privately owned firm based in San Jose.
05 April 2012
UK hacker G-Zero jailed for using Zeus and SpyEye
Edward Pearson, aka G-Zero, has been jailed for 26 months at Southwark Crown Court for “making an article for use in fraud and two counts of possession of an article for use in fraud.”
04 April 2012
Mac users: “If you have no real need for Java, remove it”
Discussing the latest drive-by threat to Mac users that exploits an unpatched Java vulnerability known as CVE-2012-0507, Graham Cluley of Sophos blogs, “My advice is that if you have no real need for Java, remove it.”
04 April 2012
Cloudmark takes issue with Ofcom
Last month, the independent regulator and competition authority for the UK communications industries, Ofcom, published its ‘Adults media use and attitudes report’, noting that in some areas ‘levels of concern’ are decreasing.
04 April 2012
1.5 million infected with drive-by malware in February
A detailed statistical analysis from Barracuda Labs shows the extent of and danger from drive-by downloading on the internet: more than 10 million users were exposed to drive-by exploits in February 2012 alone.
03 April 2012
‘Procure Secure’: a new guide for monitoring cloud computing contracts
A 2011 ENISA survey demonstrated that many cloud customers do not regularly monitor their information security and concluded that customers only “find out about failing security measures when it is already too late.” This new report, ‘Procure Secure’, provides the necessary parameters for customers’ continuous security monitoring in the cloud.
03 April 2012
For online piracy, ‘three strikes’ works, says HADOPI
HADOPI says ‘three strikes’ laws work; but they don’t increase entertainment industry profits points out TorrentFreak. Can piracy actually increase legal sales?
03 April 2012
CCTV increasingly accepted by UK public
A new survey commissioned by D-Link shows that the UK, already the world’s most surveilled nation, is increasingly attracted to the use of CCTV.
02 April 2012
Imperva analyzes LulzSec’s attack tool
In its latest Hacker Intelligence Initiative report, Imperva analyzes remote and local file inclusion (RFI/LFI) attacks as favored by LulzSec.
02 April 2012
GCHQ to get real-time access to personal traffic data
The EC Data Retention Directive is already in force in the UK as a Statutory Instrument – The Data Retention (EC Directive) Regulations 2009. A proposed new bill will now force ISPs and telecommunications providers to make this data available to law enforcement in real time.
02 April 2012
My news stories on Infosecurity Magazine for Thursday 15, Friday 16 and Monday 19 March…
Duqu: a government intelligence agency built cyberweapon?
Last week Kaspersky Lab announced that it had discovered an unrecognized programming language within the Duqu worm code. It asked the research community for help in diagnosis; and the research community responded.
19 March 2012
Four EU Member States to take part in ENISA’s ‘security week pilots’
Four EU Member States are planning to run national ‘security weeks’ during October 2012. The aim is to develop a fully-fledged combined EU and US Security Month by 2014.
19 March 2012
LulzSec’s Kayla given bail
Ryan Ackroyd, a 25 year-old Brit from South Yorkshire, was granted bail at Westminster Magistrates’ Court pending a plea and case management hearing at Southwark Crown Court scheduled for 11 May.
19 March 2012
Did Anonymous accidentally blow covert surveillance of Assad’s emails?
On 6 February hacktivist group Anonymous delivered a threatening email to Bashar Assad’s personal email account. On 7 February his use of that account ceased.
16 March 2012
Trends and truths in DDoS attacks
Neustar has analyzed the evolution of DDoS attacks over the last year, showing the techniques that are used and the problems that will come.
16 March 2012
Password managers on mobile devices – fail
Elcomsoft, a computer and mobile forensics specialist, is today presenting the results of its analysis of mobile device password managers at Amsterdam’s BlackHat Europe conference.
16 March 2012
Kaspersky’s February malware scorecard
Kaspersky Lab has published its monthly malware report for February, discussing Duqu, Google Wallet and Google Analytics, mobile threats and attacks on corporate networks.
15 March 2012
2011 Global Encryption Trends Study
Ponemon’s Global Encryption Trends Study commissioned by Thales is a treasure trove of insights into the corporate view of security.
15 March 2012
Quis custodiet ipsos custodes – Who watches the watchmen?
The Dutch Big Brother Awards for 2011 have been announced. There are three prize categories: People, Companies and Government.
15 March 2012
It’s always sad, and more than a little embarrassing, when a security site gets owned. But that’s what happened to PandaLabs yesterday evening. AntiSec hit back in retaliation, it said, for PandaLabs’ involvement in the arrest of 25 Anonymous members reported on 28 February. The timing, and indeed the opening statement on AntiSec’s defacement, suggests that it had just as much to do with the FBI yesterday charging six LulzSec hackers, including Sabu (so-called leader of LulzSec) over the Stratfor hack. Sabu had been arrested last summer, but it was never officially announced. Yesterday it became clear that he ‘pled guilty’ at the time – which pretty much confirms that he has been acting as an informant for the FBI ever since.
Reports suggested that he turned President’s Evidence to minimize any prison term away from his family – and any parent will recognize the pressure. AntiSec’s opening statement on the PandaLabs’ defacement accuses PandaLabs of ‘traison’ – “something we don’t forgive”. But then it immediately goes on to say, “Yeah, yeah, we know… Sabu snitched on us. As usually happens FBI menaced him to take his sons away. We understand, but we were your family too (remember what you liked to say?).”
So in one sense PandaLabs was chosen to make a statement to the world: “We’re still here – expect us.”
However, AntiSec specifically accuses PandaLabs of helping “to jail 25 anonymous in different countries and they were actively participating in our IRC channels trying to dox many others.” At the time, because five of the 25 were arrested in Spain, I specifically asked Panda if it had been involved. “This time, we were not involved on this case,” came a very clear reply. I had earlier talked to Panda about its involvement in the takedown of the Mariposa botnet. “We co-operate with the Spanish police and some other institution on a regular basis,” he added, “but we were not informed about it.”
AntiSec also makes it clear that it takes exception to PandaLabs’ technical director, Luis Corrons. It’s personal. He is quoted: “Really good news. I have just read that LulzSec members have been arrested and that their main head Sabu has been working as an informant for the FBI. It turns out he was arrested last year, and since then he has been working with Law Enforcement. As I said, really good news :)” He is also quoted as saying “sometimes if you want to infiltrate and you have to be one of the criminals, you have to do things that you shouldn’t. In that case, you need to be with law enforcement.” To be frank, neither of these statements sound like the Luis Corrons I know – but time will unravel all.
Perhaps more worryingly, AntiSec also claims to have back-doored Panda’s security products. Again, Panda is categoric: “Neither the main website http://www.pandasecurity.com nor http://www.cloudantivirus.com were affected in the attack. The attack did not breach Panda Security’s internal network and neither source code, update servers nor customer data was accessed. The only information accessed was related to marketing campaigns such as landing pages and some obsolete credentials, including supposed credentials for employees that have not been working at Panda for over five years.”
The difficult thing, however, is to see the wider picture and to determine what is really going on. Remember Luis comment: “you have to do things that you shouldn’t.” Well, law enforcement has certainly been doing that in recent years. There’s the German police spyware, and the FBI’s very own CIPAV – and God know’s what that we haven’t heard about. So let’s look at the last week. Twenty-five Anonymous arrests rapidly followed by the disclosure that the Anonymous free DDoS tool (slowloris) had been poisoned with the, frankly, most well-known and feared malware of the day – Zeus – closely followed by charges against the main figures in LulzSec. That reads like a campaign organized by a marketing company to discredit Anonymous and sow seeds of distrust.
Read the DDoS-hacked announcement from Symantec here. Make up your own mind, but to me it simply doesn’t hang together properly. I’ve got a question mark there. Did the FBI poison slowloris? Now go back the Stratfor hack (late December 2011). It happened after Sabu became an informant, yet he is charged over it. Anonymous very clearly denied any involvement, stating “Sabu and his crew are nothing more than opportunistic attention whores who are possibly agent provocateurs.” And yes, Anonymous knew that Sabu had been turned by the FBI. But the wider and more worrying question is this: if Sabu was already working for the FBI when LulzSec hacked Stratfor, does that mean that Stratfor was sacrificed by the FBI on the altar of misinformation? As Luis is quoted: “you have to do things that you shouldn’t.” But if this is true, it’s going too far.