The Security Circus. Wikileaks Published
-
Upload
kerrie-booker -
Category
Documents
-
view
225 -
download
5
Transcript of The Security Circus. Wikileaks Published
The Security Circus
Wikileaks
• Published <1000 US Gov't diplomatic cables froma leak of 250,000
• Distributed an encrypted "Insurance" file by BitTorrent• Widely assumed to contain the complete,
uncensored leaked data• Encrypted with AES-256--no one is ever getting in
there without the key• Key to be released if Assange is jailed or killed,
but he is in UK now resisting extradition to Sweden and the key has not been released
Anonymous
http://www.indybay.org/newsitems/2011/08/16/18687809.php
Operation Payback
• 4chan's Anonymous group• Attacked Scientology websites in 2008• Attacked the RIAA and other copyright
defenders• Using the Low Orbit Ion Cannon with
HiveMind (DDoS)• "Opt-in Botnet"
HB Gary Federal
• Aaron Barr• Developed a questionable
way to track people down online
• By correlating Twitter, Facebook, and other postings
• Announced in Financial Times that he had located the “leaders” of Anonymous and would reveal them in a few days
Social Engineering & SQLi
• http://tinyurl.com/4gesrcj
Leaked HB Gary Emails
• For Bank of America– Discredit Wikileaks– Intimidate Journalist Glenn Greenwald
• For the Chamber of Commerce– Discredit the watchdog group US Chamber
Watch
– Using fake social media accounts
• For the US Air Force• Spread propaganda with fake accounts
• http://tinyurl.com/4anofw8
Drupal Exploit
OpBART
• Dumped thousands of commuter's emails and passwords on the Web– http://www.djmash.at/release/users.html
• Defaced MyBart.org– http://www.dailytech.com/Anonymous
%20Targets%20Californias%20Infamous%20BART%20Hurts%20Citizens%20in%20the%20Process/article22444.htm
Booz Allen Hamilton
• "LulzSec" hacked it in July 2011• Dumped 150,000 US Military email addresses
& passwords– http://www.forbes.com/sites/andygreenberg/
2011/07/11/anonymous-hackers-breach-booz-allen-hamilton-dump-90000-military-email-addresses/
Missouri Sheriff's Association
• Hacked by AntiSec, another part of Anonymous
• Published credit cards, informant personal info, police passwords, and more– https://vv7pabmmyr2vnflf.tor2web.org/
Th3j35t3r
• "Hacktivist for Good"• Claims to be ex-military• Originally performed DoS attacks on Jihadist
sites• Bringing them down for brief periods, such
as 30 minutes• Announces his attacks on Twitter, discusses
them on a blog and live on irc.2600.net
Jester's Tweets from Dec 2010
Th3j35t3r v. Wikileaks
• He brought down Wikileaks single-handed for more than a day
– I was chatting with him in IRC while he did it, and he proved it was him by briefly pausing the attack
Wikileaks Outage
• One attacker, no botnet
Th3j35t3r
• After his Wikileaks attack• He battled Anonymous• He claims to have trojaned a tool the Anons
downloaded• He claims to pwn Anon insiders now
Jester's Tweets
Westboro Baptist Outage
• 4 sites held down for 8 weeks• From a single 3G cell phone
– http://tinyurl.com/4vggluu
LulzSec
• The "skilled" group of Anons who hackedUS Senate AZ PolicePron.com Booz HamiltonSony NATOInfragard The SunPBS Fox NewsH B Gary Federal Game websites
Ryan Cleary
• Arrested June 21, 2011• Accused of DDoSing the UK’s Serious Organised Crime
Agency• http://www.dailymail.co.uk/news/article-2007345/Ryan-Cleary-Hacker-
accused-bringing-British-FBI-site.html
T-Flow Arrested July 19, 2011• http://www.foxnews.com/scitech/2011/07/19/leading-member-lulzsec-
hacker-squad-arrested-in-london/
Topiary Arrested
• On 7-27-11• http://www.dailymail.co.uk/news/article-
2021332/Free-Radicals-The-Secret-Anarchy-Science-sales-rocket-Jake-Davis-seen-clutching-copy.html
– http://mpictcenter.blogspot.com/2011/08/how-i-out-hacked-lulzsec-member.html
Stay Out of Anonymous
• http://mpictcenter.blogspot.com/2011/08/stay-out-of-anonymous.html
Case Studies
Dan Kaminsky
• Link Ch0a
Jacob Applebaum
• Link Ch 0b
Boris Sverdkik
Security Curmudgeon
• Link Ch 0e
Byron Sonne
• Link Ch 0g
Gregory D. Evans
Sam Bowne