Back to Basics

Four British men who belonged to a splinter group of “Anonymous,” an underground organization suspected of perpetrating cyber attacks on sensitive organizations in the United Kingdom and the United States, were imprisoned on Friday following an extensive manhunt by Britain’s Metropolitan Police in London and a plea bargain with the Crown Prosecution Service.

Southwark Crown Court heard how Ryan Cleary, Mustafa Al-Bassam, Jake Davis and Ryan Ackroyd — all members of hacking group Anonymous — met online and created the offshoot group LulzSec with a fifth suspect living in the United States, as well as a number of other people yet to be apprehended, according to the Crown Prosecution Service (CPS).

All of the defendents appeared in court were on bail, except for Cleary who had remained in custody and was escorted under guard into the courtroom, according to Scotland Yard.

The suspects were pleaded guilty to launching a series of hacking attacks on high-profile targets. Many of their attacks involved thousands of virus-infected computers simultaneously sending countless requests to a single computer hosting a web site, so that it is overloaded and was removed from the Internet.

Their hacking attacks usually involved confidential data being extracted and published online for others to access and read. They are also suspected of hacking into the system belonging to the Central Intelligence Agency.

While Ackroyd was responsible for researching and launching many of their hacks, Cleary assisted by allowing the use of his Botnet — a system of virus-infected computers he controlled — to coordinate attacks.

Meanwhile Al-Bassam assisted in discovering and exploiting Internet vulnerabilities, and also created and controlled LulzSec’s web site. Davis acted as the group’s social-media specialist and managed their Twitter and Facebook accounts and the group’s press releases.

Their first victim was a major security firm in the U.S. whose web site pages they replaced with their own. They also accessed personal email accounts of employees, extracting personal data which they published online in February 2011.

Over the next five months, they carried out hacks on organizations causing damage and financial loss estimated to be in excess of £20 million. The prosecution also argued that they put lives at risk when they extracted and published the names and personal information of police officers in Salt Lake City, Utah.

On June 20, 2012, British police officers arrested Cleary at his home address. They seized numerous pieces of equipment, including Cleary’s computer, which contained “indecent images of children,” said police.

“Just five days later, the group announced their disbandment via a press release on their web site. However, on July 18, 2012, the remaining members, excluding Al-Bassam and Cleary, regrouped to launch an attack on a U.K. newspaper’s web site. They re-directed users to a fake article — written by Davis — claiming that News International’s Rupert Murdoch had died,” according to Scotland Yard inspectors.

Al-Bassam was arrested on July 19, 2012, Davis was arrested on July 27, 2012 and Ackroyd was arrested on Sept. 1, 2012. Al-Bassam was arrested on July 19, 2012. All four members subsequently made a plea deal and were sentenced on Friday to a total of seven years.

A top Saudi Arabian Muslim cleric on Friday slammed users of the Twitter.com web site saying the social media site is a meeting place for clowns who make unsubstantiated claims, unjust allegations and incorrect tweets, according to an American-born official with the Israeli National Police, Joel Wasserhaus.

Grand Mufti Sheikh Abdul-Aziz al-Sheikh bashed Twitter during a meeting of Saudi Arabia’s senior religious scholars on Friday.

The Grand Mufti told the Muslim audience that most of young people are wasting their time on chatting and using the Internet, including Saudi youngsters.

Saudi Arabia has three million Twitter users, more than any country in the Middle East, with a growth rate of 300 percent year-on-year, according to a report by the Social Clinic, a social media think tank.

According to the Social Clinic, between 2011 and 2012, the size of the population that has access to Twitter in The Kingdom increased by more than 3,000 percent. The Saudis account for an average 50 million tweets per month most of written in Arabic.

“Saudi Arabia has not been selfish either, with most of the tweets being in Arabic, Saudi Arabia accounts for 30 percent of the global tweets tweeted in Arabic, placing Arabic at the top of the pyramid of the fastest growing languages on Twitter, yes Arabic is the fastest growing language on Twitter,” according to statement published at the Social Clinic web site.

The Saudi Arabian capital of Riyadh is listed as Number 10 among the world’s cities with most Tweets and is the only Arab city in the top 20 cities using Twitter, according to the report.

One of the problems for Muslim countries utilizing Internet social media communications is the use of Facebook.com and Twitter.com by terrorist groups to proselytize and inform Muslims about their aspirations and accomplishments such as bombings and increasing their numbers.

For example, on Feb. 3, 2012, the Somali terrorist group Al-Shabaab complained to Twitter. “For what it’s worth,” they tweeted from their new account, HSMPress1, “shooting the messenger & suppressing the truth by silencing your opponents isn’t quite the way to win the war of ideas.”

PHOTOS.COM

Hackers are using software called remote administration tools (RATs) to infect computers, steal intimate photos, watch people through their webcams and listen to conversations.

These hackers are called ratters, and they share their techniques and the photos and information they steal from computers with other ratters in online forums. For some, it’s a game of cat and mouse. For others, it’s a way to find sexually explicit photos and toy with their victims, whom ratters call their slaves.

The website arstechnica.com explained in an article last week how ratters can remotely turn on webcams and surreptitiously watch everything the webcam can see and listen to everything the computer’s microphone can pick up.

The RATs allow the hackers to look through computer files in search of photos and other information. They can also — and often do — use the computer’s software to startle their victims. For instance, a RAT can activate Microsoft’s text-to-speech software on the remote system so that it reads aloud a string of text. It can open a chat window and play notes from a musical instrument or make sounds at a specific frequency.

According to arstechnica.com, RATs can be entirely legitimate.

Security companies have used them to help find and retrieve stolen laptops, for instance, and no one objects to similar remote login software such as LogMeIn. The developers behind RAT software generally describe their products as nothing more than tools which can be used for good and ill. And yet some tools have features that make them look a lot like they’re built with lawlessness in mind.

Some of the hackers’ RAT attacks are vicious, writes malwarebytes.org. Some are just “fun functions” used to mess with the system (and minds) of the victim.”

Among the nastier things a RAT can do are:

• Find out all system information, including hardware being used and the exact version of your operating system, including security patches.
• Control all the processes currently running on your system.
• View and modify your registry.
• Modify your hosts file.
• Control your computer from a remote shell.
• Modify your start-up processes and services, including adding a few of its own.
• Execute various types of scripts on your system.
• Modify, view and steal your files.
• Put files of its own on your system.
• Steal your stored password.
• Listen to your microphone.
• Log your keystrokes. (Duh.)
• Scan your network.
• View your network shares.
• Mess with your MSN Messenger, steal your contacts and add new contacts.
• Steal from your clipboard (things you’ve copied).
• Control your printer.
• Lock, restart or shut down your computer.
• Update the implant with a new address to beacon to or new functionality.

Ratters use multiple methods to spread their RATs to other computers. These include drive-by attacks, Warez downloads and social networking sites.

In drive-by attacks, hackers embed malicious script in Web pages that activate when you visit the page. The script exploits vulnerabilities in the computer’s system software and implants and executes malware without the user’s knowledge.

Warez downloads, or the downloading of illegal/cracked software, can often lead to also downloading something the user didn’t bargain for: malware tools that give the hackers access to your computer.

Social networking sites are used by hackers who send a link to a group of people all at once with the hope that one or more click on it.

“DHS Insider” information proven accurate

We initially disclosed the existence of Obama’s “cyber-warriors” in an article published on 6 February 2013 under the title DHS Insider: Obama’s cyber-warriors & preparing for collapse. Today, a Texas lawmaker has reportedly caught Obama’s cyber-warriors in action, using fraudulent Twitter accounts to sway the gun control argument. According to Rep. Steve Stockman, Obama is using fictitious Twitter accounts to make it appear that there is more public support for gun control than really exists.

Rep. Stockman analyzed 16 Twitter messages he received favoring Obama’s gun control initiative, finding that 10 out of the 16 were from accounts or people that don’t exist. They are fake accounts, or computer generated spambots, according to Mr. Stockman.

Recent contact with my DHS insider verified that all social media is being heavily infiltrated by full-time workers under Obama’s “Cyber-Warriors for Obama” project that began on January 23, 2013, just two days after his inauguration. According to this insider, over 3,500 people are working to infiltrate various news and political sites on the internet. Their intent is to disrupt, divert topics, marginalize political opponents of Obama, and control as much public sentiment in favor of Obama as possible. “It’s a propaganda  campaign that would make Joseph Goebbels jealous.

” This is merely the start. Expect more,” stated this insider.

No one really denies that Google forked the Sun’s Java when it designed the Android operating system.  What concerned Oracle, which had bought Java from Sun, was that Android use of Java was incompatible with Java.  Google’s successful legal defense largely rested on Tim Bray who had designed Java and Google had hired Bray to work for them a couple of years ago.  Here is a statement from Bray:

But I think there’ll be lots of forks, and I approve. I suspect that basement hackers and university CompSci departments and other unexpected parties will take the Java source, hack groovy improvements into it, compile it, and want to give it to the world. They’ll discover that getting their creation blessed as “Java” requires running the TCK/trademark gauntlet, which isn’t groovy at all. So they’ll think of a clever name for it and publish anyhow.

Which is terrific. I see no downside, and I see huge upside in that the Java mainstream can watch this kind of stuff and (because of the GPL) adopt it if it’s good, and make things better for everybody.

So Google’s argument was that when it was doing the forking, it was fine, even good.  Obviously, both Sun and Oracle didn’t see it the same way and were worried that the incompatibilities would hurt programing for their version of Java.

Well, what a difference a few months makes.  Now Google is forcing Acer to drop the release of a new operating system to compete with Android that involves forking of Android.  Google of course is now making the same argument against Acer that Oracle made against Google.

In a blog post today, Rubin called out Alibaba’s Aliyun platform as a forked version of Android that’s modified to the extent that it’s incompatible with other Android devices. As a member of the Open Handset Alliance, Acer is forbidden from using such an operating system, he said.
“Compatibility is at the heart of the Android ecosystem and ensures a consistent experience for developers, manufacturers, and consumers,” the company said in an e-mailed statement. “Non-compatible version of Android, like Aliyun, weaken the ecosystem.” . . .

The irony of this is not lost on Alibaba:

“Aliyun OS is not part of the Android ecosystem so of course Aliyun OS is not and does not have to be compatible with Android,” said John Spelich, vice president of international corporate affairs for Alibaba. “It is ironic that a company that talks freely about openness is espousing a closed ecosystem.” . . .

Google said that while it built its own operating system, Alibaba took elements of Android to build Aliyun. . . .

So didn’t Google take parts of Java in building its own operating system?  Could someone please tell me what I am missing here?  Thank you.

There is little or no doubt in my mind that the Obama Administration is riddled with radical socialists, if not communists, who do not wish America well. Not to mention a Congress which is legislatively allowed to trade on “insider information” that would send a civilian to jail. So I must ask myself, why would any company voluntarily hand over their “keys to the kingdom” to provide the federal government with direct access to their computers or details security infrastructure. In particular, I can envision a time when an company denying such access and scrutiny may be denied “errors and omissions” insurance because they did not conform to a list of government “best practices” or allow government agencies to scan their systems for security flaws or compliance with other legislated mandates.

How many people are aware of CALEA?

CALEA (Communications for Law Enforcement Assistance Act) is a law that mandates the telecommunications carriers build-in backdoors and other infrastructure modifications that would allow law enforcement agencies, operating with an appropriate warrant, to monitor your unencrypted electronic communications and file transfers.

How many people are aware of Hollywood’s anti-freedom program?

Hollywood magnates and other content controllers have purchased enough legislative firepower to craft laws which demand that certain electronic devices contain GUIDs (Globally Unique IDentifiers) which are embedded in every file you create, save or transmit to others. Ostensibly to prevent copyright infringement, these people employ a legion of legislators to protect their interests while diminishing your rights and freedoms. In fact, one such group, the Motion Picture Association of America, is headed by the disgraced former chairman of the Senate Banking Committee, Chris Dodd (D-CT) whose connections with the Obama Administration are still intact. These are the people who are seeking to federalize all copyright infringement as a federal crime rather than a civil matter. These are the people putting forth laws that allow the wrapping of “public domain materials” in electronic wrappers – and then making it a crime to tamper with the wrappers.

So what about Obama?

White House circulating draft of executive order on cybersecurity

The White House is circulating a draft of an executive order aimed at protecting the country from cyberattacks, The Hill has learned.

The draft executive order would establish a voluntary program where companies operating critical infrastructure would elect to meet cybersecurity best practices and standards crafted, in part, by the government, according to two people familiar with the document.

A spokeswoman for the White House declined to comment on whether a draft for a executive order was being circulated, but said it is one of the options the administration is weighing.

“An executive order is one of a number of measures we’re considering as we look to implement the president’s direction to do absolutely everything we can to better protect our nation against today’s cyberthreats,” said White House spokeswoman Caitlin Hayden. “We are not going to comment on ongoing internal deliberations.”

Considering that this is a voluntary program and that most of the security issues are somewhat well-defined, why the secrecy. You would think that this would be an open initiative upon which industry security experts and freedom-preserving organizations such as the Electronic Frontier Foundation (www.eff.org) could comment on before it was put into place.

Senate Republicans recently blocked cybersecurity legislation, but the issue might be revived by the White House, a federal law enforcement official told the Law Enforcement Examiner on Monday.

The Obama administration officials haven’t forgotten the power of an executive order signed by their boss that could be used to address cybersecurity if the Senate and House of Representatives fail to pass the requested bill.

The wide-reaching legislation, if it had passed, would have given government law enforcement and security agencies power to make decisions regarding the digital defense of critical infrastructure companies against cyber attacks. The Republican senators claimed they were uneasy about giving Washington even more power over the private sector.

“Many corporate security directors believe their own businesses are better able to protect themselves from cyber attacks. If the government wishes to assist, the Obama administration can offer grant money to upgrade cybersecurity programs,” said Thomas Whelan, a former corporate security director now a business consultant during a telephone interview on Monday.

The Democrat majority needed 60 votes to advance the bill to the Senate floor for an official vote, but a motion filed by Majority leader Harry Reid to force a vote failed in a vote of 52-46.

Republican lawmakers were also opposed to the bill for fear that the government will only increase costs for companies running the country’s critical infrastructure without actually reducing the threat of cyber attacks or helping to minimize cyberspace destruction.

If President Barack Obama issues an executive order on cybersecurity, it wouldn’t be the first time that he issued an executive action to bypass Congress, according to security director William Fitzgerald.

When lawmakers in both houses of Congress could not agree on the so-called DREAM Act that would bestow legal status on students illegally living in the United State, Obama announced Immigration and Customs Enforcement and the Homeland Security Department would cease deportations of young immigrants who would have been able to remain in the U.S. had the bill passed.

“Many companies managing vital computer systems are already heavily regulated, so it would be a giant leap for the President to order government agencies to require the industries they regulate to meet his cybersecurity standards,” said Fitzgerald.