The first global cyber war has begun

[winston smith]

Anonymity.

So "anonymous" are a co ordinated group of people who are not anonymous to each other but believe it is necessary to remain hidden because of potential persecution (like the masons).

I cant understand why a LOIC would be released by clever IT people affiliated to an ideal (that believes in anonymity) and yet gives absolutely no identity protection to any of the non IT people who choose to accept the use of this software as a form of protest.

Maybe the internet started out as a military project that became an inspired form of individual expression and is now becoming a simple way of collecting our data.

[Plutonia]

Anonymity.

So "anonymous" are a co ordinated group of people who are not anonymous to each other but believe it is necessary to remain hidden because of potential persecution (like the masons).

Erm... that not quite it...

Their definition of themselves - in part:

... Anonymous is the only immortal troll on the internet, which means they will never be banned.

Anonymous is infinity divided by 0.= Syntax error.

Anonymous is not a person, nor is it a group, movement or cause: Anonymous is a collective of people with too much time on their hands, a commune of human thought and useless imagery. A gathering of sheep and fools, assholes and trolls, and normal everyday netizens. An anonymous collective, left to its own devices, quickly builds its own society out of rage and hate...

WARNING: NOT Work Safe Link

I cant understand why a LOIC would be released by clever IT people affiliated to an ideal (that believes in anonymity) and yet gives absolutely no identity protection to any of the non IT people who choose to accept the use of this software as a form of protest.

Probably part of the joke- put unsecure LOIC in the hands of newbs and point them at something. Lulz ensue.

Maybe the internet started out as a military project that became an inspired form of individual expression and is now becoming a simple way of collecting our data.

And people engaging in conversation like TV was never invented.


To see Anonymous in their natural habitat, you have to go into the chans, but don't go without protection.

[yossarian]

toywar.jpg

Die Zürcher, die vor Assange kämpften
Von Constantin Seibt am 24.12.2010

Der sensationellste Konflikt des Jahres war Wikileaks gegen die USA. Dazu gab es einen Vorläufer. Um Weihnachten 1999 kämpfte in Zürich die siebenköpfige Kunstgruppe etoy gegen den Milliardenkonzern eToys.

http://www.tagesanzeiger.ch/digital/internet/Die-Zuercher-die-vor-Assange-kaempften/story/28849792

10 Ways Hackers Have Punked Corporations and Oppressive Governments
By Peter Ludlow and Burcu Bakioğlu, AlterNet
Posted on October 19, 2010, Printed on December 25, 2010
http://www.alternet.org/story/148521/

WikiLeaks and Julian Assange have been much in the news lately, but hacktivism -- the nontraditional use of computing technology to advance political causes -- has been around for a long time. Here we offer a primer on 10 of the most significant hacktivist actions of all time.

1. Electronic Disturbance Theater

In 1998, Electronic Disturbance Theater (EDT) developed and utilized a tool called Floodnet to target the Pentagon, the White House, the School of the Americas, the office of Mexico’s president, the Mexican Stock Exchange and the Frankfurt Stock Exchange, all in support of the Zapatista guerrilla movement in Mexico. Floodnet, which has subsequently been released as part of EDT’s “Disturbance Developer Kit,” allowed users to participate in a sit-in attack on these sites by a simple click on an icon on EDT's Web site. The Floodnet software then directed the participating computers to continually attack the target Web sites. It has been estimated that 10,000 people accessed Floodnet in this two-day action resulting in targeted servers being hit at a rate of 600,000 hits per minute.

2. The Internet Black Tigers (Sri Lanka)

An offshoot of the Liberation Tigers of Tamil, the Black Tigers showed that slick tools like Floodnet weren’t necessary to carry out a denial of service attack. The Tigers, protesting the Sri Lankan government, organized email bombings (flooding servers with email) that attacked the Sri Lankan consulates in Seoul and Ottowa, taking them offline. The message flooding the servers was also quite simple: "We are the Internet Black Tigers and we’re doing this to disrupt your communications."

3. Hong Kong Blondes

The Hong Kong Blondes was an underground network of Chinese students spread across at least three continents. It was started by Blondie Wong, who had reportedly witnessed his father being stoned to death during the 1966-'76 Cultural Revolution. Primarily protesting censorship and the violations of human rights that occurred in China, the group launched cyberattacks against the "Great Wall" -- a series of firewalls put in place to block access to Western Internet sites. With members operating inside and outside of China, the group claimed to have found significant security holes within Chinese government computer networks and claimed to have defaced government Web sites, torn down firewalls and even disabled Chinese communication satellites. They worked to forewarn political dissidents of imminent arrests.

4. WANK Worm

According to Julian Assange, the WANK worm is the first instance of hacktivism. On Oct. 16, 1989, during the Cold War when nuclear war was an immediate possibility, hackers hit the NASA computers with the WANK Worm. Two days prior to the launch of the plutonium-fueled Galileo space probe from the Kennedy Space Station, NASA employees logged on to see a humorous yet frightening welcome screen: "Your computer has been officially WANKed. You talk of times of peace for all, and then prepare for war," and "Remember, even if you win the rat race, you're still a rat." The machines of the U.S. Department of Energy and NASA worldwide had been penetrated by the anti-nuclear WANK (WORMS AGAINST NUCLEAR KILLERS) worm.

Once inside NASA’s system, the WANK worm began to travel through the network of interconnected computers, crawling through any holes in the security system. While the worm attack did not stop the shuttle launch, the recovery from the attack did require a massive expenditure of money and effort. Because the worm avoided attacking the computers in Australia and New Zealand and the worm source code showed specific instructions to avoid infecting machines in New Zealand, it is suspected that the attack originated from Australia. Some have credited the Melbourne-based hackers, Electron and Phoenix.

5. Net-strike Attack Devised by the Strano Network

On December 21, 1995, a group called Strano Network conducted what is recognized as the first Internet sit-in. The action targeted the Web sites of various French government agencies to protest French nuclear and social policies. A web sit-in occurs when the attackers generate a sufficient volume of traffic to a Web site, preventing any legitimate traffic from accessing the site. In this case participants from all over the world were instructed to point their browsers toward designated sites and constantly reload the pages. Because of the excessive traffic, the targeted Web sites were made unavailable.

6. UrBaN Ka0s

On June 30th, 1997, the Portuguese hacking group UrBaN Ka0s hacked and defaced the site of the Department of Foreign Affairs of Republic of Indonesia and 25 other military and government sites as part of the global protest against the Indonesian government. The goal was to support and bring attention to the people of Timor, who had been oppressed and violated for decades by the Indonesian government. It is by most accounts the first large-scale hacktivist action.

7. Toy Wars

In 1999 an online toy retailer called eToys filed suit against a group of European artists for their use of the web address etoy.com – despite the fact that the artists had been using that Web site for two years before eToys.com came into existence. Depressingly, but not surprisingly, the court sided with the corporation, granting an injunction against etoy on Nov. 29 of that year. What eToys didn’t count on was a group of hacktivists, incensed by the injustice of the court decision, launching an internet sit-in against eToys.com from Dec. 15-25, effectively clogging the Web site during the Christmas shopping season. What was interesting about the sit-in was that it was structured as an online game in which the goal of players was the devaluation of eToys stock. And indeed, eToy’s stock began to fall immediately after the campaign started, and the company went out of business within a short period of time. Some commentators consider the sit-in to be a significant contributing factor to the corporation’s collapse.

8. The World’s Fantabulous Defacers

In November 2000, one of the most prolific hacktivist goups of all time emerged and operated for about two years, defacing, by some estimates, more than 400 Web sites during its operation. Called the World’s Fantabulous Defacers, its modus operandi was to deface institutional Web sites by inserting flash videos and audio files that highlighted human rights violations against Muslim populations (the goal being to raise “global awareness” – which presumably explains why the defacements were in English). Alexandra Samuel, then a PhD student, interviewed two of the principle actors of WFD (M0r0n and nightman), and learned that they had a fairly large portfolio of causes in the Muslim world:

We have defaced FOR many issues, if you look at our defacements it says “FREE KASHMIR, PALESTINE, LIFT THE SANCTIONS ON IRAQ, FREE CHECHNIA.” So you see we are FOR all those people suffering in the world against atrocities!

The WFD appeared to be based in Pakistan (that is certainly consistent with their targets), and they ranged from an interuniversity library network in India to the Web site of the Newspaper Association of America, a Chinese computer company, and a commercial Web site advertising the “Midwest Source for Hip-Hop Info and Gear.” The group itself took its most important defacements to be of the Bollywood Stock Exchange and Cricketbulls.com (a site that trades imaginary shares in leading Indian cricket players). The group supposedly ceased to be active in 2002, and there is some speculation that it was absorbed into some of the larger Muslim hacktivist groups that continue to exist today.

9. PROJECT CHANOLOGY

Project Chanology (also called Operation Chanology) was a protest movement against the practices of the Church of Scientology by Anonymous, a loosely unorganized Internet-based group that emerged from the 4chan message boards. The project was started as a “mental warfare” response to the Church of Scientology's attempts to prevent the online sharing of a video interview with actor/Scientologist Tom Cruise.

The project was publicly launched with a video posted to YouTube, "Message to Scientology," on January 21, 2008. The project's goals were to "take down all Scientology Web sites as an immediate act of retaliatory censorship, counteract Scientology's attempts to suppress the videos (and other cult materials) by constantly reposting them, and publicize the cult's well-documented history of employing suppressive and violent tactics to mask its illegal or immoral activities." The initial cyber attack, which came in the form of a distributed denial of service attack, was followed by black faxes, prank calls, and other activities intended to disrupt the Church of Scientology's operations.

10. Operation Payback Is a Bitch

Anonymous has been back in action in recent weeks, with the launch of Operation Payback Is a Bitch. Operation Payback started because the RIAA (Recording Industry Association of America) and MPAA (Motion Picture Association of America) have been hiring law firms and programming companies to take down Torrent sites (peer-to-peer computer networks used to share movies and music and other digital media). The stated goal of Operation Payback is to put an end to what Anonymous perceives to be lobbyist-driven infringements of personal freedom online. To counter these actions, Anonymous has launched an elaborate cyberwar campaign against the entertainment companies and the firms that were hired to hunt down and sue the alleged infringers. In recent weeks, Anonymous has launched DDoS attacks against the Web sites of RIAA, Aiplex, and ACS:Law, as well as Gallant MacMillan and its client the Ministry of Sound. All these sites have been taken down for several hours.

The real damage to ACS:Law, however, came after the DDoS attack when, in their haste to put everything in order, ACS:Law exposed the backup of their confidential files containing confidential information. The emails of its only lawyer, Andrew Crossley, in addition to thousands of personal records that were handed over by Internet Service Providers (including Sky, BT and Plusnet) in their hunt for alleged infringers appeared on the Web site, unencrypted. This in turn exposed the crass and humiliating tactics the company used to extract money from alleged infringers through out-of-court settlements. The leaked documents also revealed that only one-fifth of the money collected from damages paid was given to the rights holders, meaning the law firm kept 80 percent of the money before paying ISPs and IP tracking companies.

Over the past two decades hacktivism has expanded its set of methods and also has been successfully used to target all centers of power, ranging from governments and corporations, to religious institutions and well-funded lobbying groups. As a consequence, hacktivist methods and tools are now used fluently by tens of thousands of people around the world. Current government obsession with WikiLeaks is pointless; the jinni is out of the bottle.

© 2010 Independent Media Institute. All rights reserved.

http://www.alternet.org/media/148521/10_ways_hackers_have_punked_corporations_and_oppressive_governments?page=entire

[Plutonia]

This from Cryptome today:

Wikileaks in Gestation 2001

http://marc.info/?l=cypherpunks&w=2&r=2&s=assange&q=b

List: cypherpunks
Subject: mirror volunteers needed
From: Julian Assange <proff () iq ! org>
Date: 2001-10-16 5:03:46

If you are brave and have a unix account/machine with approximately
2Gig of disk free, we need you.

--
Julian Assange |If you want to build a ship, don't drum up people
|together to collect wood or assign them tasks and
proff[at]iq.org |work, but rather teach them to long for the endless
proff[at]gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery



List: cypherpunks
Subject: Re: mirror volunteers needed
From: Alex Shiels <zem () zip ! com ! au>
Date: 2001-10-16 5:20:00

On 16 Oct 2001, Julian Assange wrote:

> If you are brave and have a unix account/machine with approximately
> 2Gig of disk free, we need you.

I have a machine with 2 gig (or thereabouts), located in Australia.
Bandwidth is low (64k ISDN) but the machine is available.

If high bandwidth is a necessity I know someone who might be able to help
depending on the content.

--
mailto:zem[at]zip.com.au F289 2BDB 1DA0 F4C4 DC87 EC36 B2E3 4E75 C853 FD93
http://zem.squidly.org/ "I'm invisible, I'm invisible, I'm invisible.."



List: cypherpunks
Subject: Re: mirror volunteers needed
From: Steve Furlong <sfurlong () acmenet ! net>
Date: 2001-10-16 5:19:54

Julian Assange wrote:

> If you are brave and have a unix account/machine with approximately
> 2Gig of disk free, we need you.

More details, please. Mainly the kind of material to be hosted. Holding
2GB of kiddie porn (horseman alert!) might be objectionable on moral
grounds as well as legal grounds.

What kind of traffic is expected, in terms of connections per hours and
bytes per hour?

Why does it need to be a *NIX machine? Ease of remote access, security,
active content, or the requirements of the mirroring software?

The mirror would presumably need a fixed IP address. Are there any other
requirements?

--
Steve Furlong Computer Condottiere Have GNU, Will Travel
617-670-3793

"Good people do not need laws to tell them to act responsibly
while bad people will find a way around the laws." -- Plato



List: cypherpunks
Subject: Re: mirror volunteers needed
From: proff () iq ! org (Julian Assange)
Date: 2001-10-16 9:56:20

> Julian Assange wrote:
>
> > If you are brave and have a unix account/machine with approximately
> > 2Gig of disk free, we need you.
>
> More details, please. Mainly the kind of material to be hosted. Holding
> 2GB of kiddie porn (horseman alert!) might be objectionable on moral
> grounds as well as legal grounds.

Documents and images. No kiddie porn, but there are still three
other horsemen to choose from. Absolutely legal for now, bar
retrospective legislation, but that won't stop the horse trainers
from pretending otherwise. Constitutionally protected in the US,
but that doesn't mean you won't cop flak from ISP higher-up and
other organisations regardless of where you live.

If you'd be happy to mirror cryptome.org, then you'd probably be
happy to mirror this material.

> What kind of traffic is expected, in terms of connections per hours and
> bytes per hour?

Depends on interest. We can use dns tricks to shape traffic to
reflect your resources.

> Why does it need to be a *NIX machine? Ease of remote access, security,
> active content, or the requirements of the mirroring software?

The anonymous push nature of the mirroring software. We can support
non-unix pull mirrors too, provided there are enough push mirrors
to feed from. The software could be ported to other operating
systems without too much difficulty, but that's another project.

> The mirror would presumably need a fixed IP address. Are there any other
> requirements?

An ability to create mail-aliases, gpg, perl5, and a good sense of humour

Cheers,
Julian.

--
Julian Assange |If you want to build a ship, don't drum up people
|together to collect wood or assign them tasks and
proff[at]iq.org |work, but rather teach them to long for the endless
proff[at]gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery



List: cypherpunks
Subject: Re: mirror volunteers needed
From: Greg Newby <gbnewby () ils ! unc ! edu>
Date: 2001-10-16 13:50:37

On Tue, Oct 16, 2001 at 07:56:20PM +1000, Julian Assange wrote:
>
> > Julian Assange wrote:
> >
> > > If you are brave and have a unix account/machine with approximately
> > > 2Gig of disk free, we need you.
> >
> > More details, please. Mainly the kind of material to be hosted. Holding
> > 2GB of kiddie porn (horseman alert!) might be objectionable on moral
> > grounds as well as legal grounds.
>
> Documents and images. No kiddie porn, but there are still three
> other horsemen to choose from. Absolutely legal for now, bar
> retrospective legislation, but that won't stop the horse trainers
> from pretending otherwise. Constitutionally protected in the US,
> but that doesn't mean you won't cop flak from ISP higher-up and
> other organisations regardless of where you live.

Where's the site? I'm sure some of us might be interested
if we can see whether we care about the content.

> If you'd be happy to mirror cryptome.org, then you'd probably be
> happy to mirror this material.

Thanks for the legal advice. cryptome still has decss.zip (and I'm
damned happy they do). Nearly every other site with it caved to MPAA
pressure. (Publicly) mirroring cryptome isn't for the timid. Asking
people to mirror content that might be dangerous to their status with
their upstream provider requires some more details.

-- Greg



List: cypherpunks
Subject: Re: mirror volunteers needed
From: Greg Broiles <gbroiles () well ! com>
Date: 2001-10-16 18:20:06

At 07:56 PM 10/16/2001 +1000, Julian Assange wrote:
>The anonymous push nature of the mirroring software. We can support
>non-unix pull mirrors too, provided there are enough push mirrors
>to feed from. The software could be ported to other operating
>systems without too much difficulty, but that's another project.

I get the impression this isn't exactly "mirroring" static content, but
participating in a distributed publishing/retrieval system, a la Freenet
and Mojo Nation or BitTorrent .. or maybe more like Gnutella or Kazaa .. or
even Publius, which was nice but never seemed to catch on.

Is that correct?

> > The mirror would presumably need a fixed IP address. Are there any other
> > requirements?
>
>An ability to create mail-aliases, gpg, perl5, and a good sense of humour

What software are you using? Is it well-known? Debugged? Is the source
available? (well, it's Perl, I guess..)

I don't mind mirroring Cryptome, but I'm pretty wary of installing other
people's newly-hacked-up code in a [quasi-]production environment .. your
proposal creates two kinds of risk. The first, which is relatively familiar
by now, is content risk, from people angry about the content .. the second
is the risk of security problems in the code or its
configuration/installation, and that sounds like a bigger issue to me.

Why not just use one of the existing distributed systems for this content?
If you put content in the Gnutella or Kazaa systems, you can give us
filenames or search strings and then we just make locally cached copies and
leave machines running (even crappy little windows boxes) to create
dispersed hard-to-clobber-them-all content. If you put it in the
Mojo/Freenet/BitTorrent systems, and make the URLs of the content
publically available, helpful people can make local copies of all or parts
of your files pretty easily, too.

Or, alternately, make just content available as a .zip or .tgz, and let
others serve it using FTP/HTTP servers they're already familiar with.

If you can find a way to separate the content risk from the untrusted
software risk, this project (whatever it is) might have a better chance of
success.

--
Greg Broiles
gbroiles[at]well.com
"We have found and closed the thing you watch us with." -- New Delhi street kids



List: cypherpunks
Subject: Re: mirror volunteers needed
From: Steve Mynott <steve () tightrope ! demon ! co ! uk>
Date: 2001-10-16 21:56:00

proff[at]iq.org (Julian Assange) writes:

> An ability to create mail-aliases, gpg, perl5, and a good sense of humour

What and where is the source?

--
1024/D9C69DF9 steve mynott steve[at]tightrope.demon.co.uk

its ok the problem solved itself



End of thread.

[The Hacktivist]

Operation 'Avenge Assange': How anonymous is 'Anonymous'?

By Zack Whittaker | December 16, 2010, 1:00am PST

A new study by the University of Twente (UT) discovered that those conducting distributed denial-of-service attacks against major organisations, including Mastercard, Visa, and PayPal, though describe themselves as ’Anonymous’, they are not in fact anonymous.

The ‘Low Orbit Ion Cannon’ (LOIC) application used to conduct the distributed denial-of-service attack makes no attempt to block the originating IP address and can unveil the identity of individual attackers, the report says.

One of the attacks originated from a Twitter account, @Anon_Operation which tweeted the link to take out Visa.com. In the short space of time, over 38,000 people accessed the site with the setup utility and instructions, causing the massive attack to cripple the site.

The report summarises its finding by stating that, “It became clear, already with the first analysis, that [LOIC]
does not take any precautions to obfuscate the origin of the attack.”

Perhaps more worryingly for attackers, the report states quite clearly that the attackers behind the DDoS attacks are vulnerable to detection not only for the duration of the attack, but even longer.

“In this report we present an analysis of the two versions of the tool named LOIC (Low Orbit Ion Cannon, which is used by the hacktivists to perform their attacks. The main conclusion is that the attacks generated by the tool are relatively simple and unveil the identity of the attacker. Therefore, the name of this hacktivists group, “Anonymous”, is misleading: the hacktivists’ original IP address is shown in clear.”

Describing the data that can be retrievedfrom ISP’s servers:

“The European directive on “the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks” (Directive 2006/24/EC) reports that, taking into account privacy legislation, telecommunication data must be “retained for periods of not less than six months and not more than two years from the date of the communication”.

Such data should be made available ‘for the purpose of the investigation, detection and prosecution of serious crime’. This means that data are technically available, but only to public forces in case that they need to undertake an investigation.”

One of the snippets from the research shows a Wireshark trace of a LOIC operation, and how simple it is to retrace the steps back to the attacker:

4chan and Anonymous are not mutually exclusive, as Christopher Poole (’moot’) explained to me last year:

“‘Anonymous’ imageboard culture started with 4chan. ‘Anonymous’ the group traces its roots to 4chan, but splintered off after the whole Scientology thing. 4chan’s ‘/b/’ board in relation to ‘Anonymous’ the group; they aren’t the same thing. I can’t speak for the ‘Anonymous’ group.”

As Violet Blue describes it:

“It’s important to note that Operation Payback and Anonymous are not the same thing, and they are also not the same as 4chan, nor do they act as Wikileaks or Pirate Bay. This confuses mainstream media, who is used to simple, take-me-to-your-leader answers - but distributed and decentralized are not simple concepts.”

So how anonymous are ‘Anonymous’? Not very, it seems.

http://www.zdnet.com/blog/igeneration/operation-avenge-assange-how-anonymous-is-anonymous/7190?tag=content;search-results-rivers

[b]Footnote - "The whole scientology thing" explained here: http://www.zdnet.com/blog/perlow/the-global-cyber-war-hacks-and-attacks-scorecard/15192?tag=mantle_skin;content

Hahaha this is funny, problem is those IP addys they are seeing arent real...duh. Anon is not stupid.

Well I guess I should say, at least for those who have taken that precaution, alot of newbies joining the payback cause may not know how to do that.


I am also of the opinion that LOIC is a honeypot, I wont touch it.

[The Hacktivist]

Operation 'Avenge Assange': How anonymous is 'Anonymous'?

By Zack Whittaker | December 16, 2010, 1:00am PST

A new study by the University of Twente (UT) discovered that those conducting distributed denial-of-service attacks against major organisations, including Mastercard, Visa, and PayPal, though describe themselves as ’Anonymous’, they are not in fact anonymous.
...
The report summarises its finding by stating that, “It became clear, already with the first analysis, that [LOIC]
does not take any precautions to obfuscate the origin of the attack.”

Perhaps more worryingly for attackers, the report states quite clearly that the attackers behind the DDoS attacks are vulnerable to detection not only for the duration of the attack, but even longer.

“In this report we present an analysis of the two versions of the tool named LOIC (Low Orbit Ion Cannon, which is used by the hacktivists to perform their attacks. The main conclusion is that the attacks generated by the tool are relatively simple and unveil the identity of the attacker. Therefore, the name of this hacktivists group, “Anonymous”, is misleading: the hacktivists’ original IP address is shown in clear.”

Correct me if I'm wrong, but if it can be shown that LOIC has been deliberately misrepresented as anonymous, does this raise the possibility, even probability, that in fact "Anonymous" could be a honey-pot?

If so, it would be yet another clue that Assange, Wikileaks and the Cyber-War are not what they seem.

Anon is real, but it is highly infiltrated at this point and LOIC is one of those attempts. IMO.

[Cosmic Cowbell]

"Facts Supporting Probable Cause"

http://www.thesmokinggun.com/file/paypal-ddos-attack

[KudZu LoTek]

I didn't see this one posted so I'll throw it into the ring:
Designer arrested over Anonymous press release

A bloke named Alex Tapanaris, whose name appeared on the PDF press release circulated by online trouble-makers Anonymous has had his web site disappeared from the web and, according to a post on pastebin.com, the unfortunate chap has been arrested.

The release was circulated last Friday and pretty soon the document's properties were noticed.

As much as I like the idea of groups helping to empower individuals to take appropriate action, it always drives me nuts to see it done without also giving those individuals the means to protect themselves from reprisals. Not everybody who wants to help is a super-mega-l33t-ninja hacker. Between LOIC broadcasting user's IP addresses and this guy getting nabbed because he didn't know to strip the meta-data off his PDF before sending it out, it seems like Anonymous doesn't mind sacrificing people as cannon fodder. That pretty much stands in direct opposition of the "empowering individuals" idea and puts Anonymous that much closer to the groups they claim to be fighting against. Anyhow, just my two cents worth...

[hanshan]

...

bumping this so i know where it is

& fascinated by the practice


...

[winston smith]

Anonymous hits security firm HBGary Federal


In cyberspace they call it “getting pwned”. And that's exactly what happened to American tech security company HBGary Federal when they tried to infiltrate the so-called hacktivist network known as Anonymous.

In an interview over the weekend Aaron Barr, the Washington based company's chief executive, claimed that his firm had successfully infiltrated the shadowy cyber collective behind a series of recent pro-WikiLeaks cyber protests.
Related articles

Anonymous' revenge was swift and brutal. Using sophisticated hacking techniques, the group managed to deface HBGary's website, break into its messaging system to dump 60,000 emails onto it and hijack Mr Barr's Twitter account to tweet abuse and publish his supposed home address and social security number.

Over the past four years Anonymous have gained a reputation for being one of the internet's most mercurial and chaotic meeting spaces for online mischief makers. But in recent months they have achieved global notoriety thanks to a series of cyber assaults on government and commercial websites that are critical of WikiLeaks.

Their denial of service attacks on companies like PayPal, Mastercard and Visa has resulted in intense police scrutiny with recent arrests in Britain, the Netherlands and the United States as well as increased attempts by private security firms to uncover who, if anyone, is behind the organisation.

Mr Barr claimed his firm had managed to infiltrate Anonymous through their chat rooms and claimed that the organisation was being run by a hardcore of 30 members along with 10 who "are the most senior and co-ordinate and manage most of the decisions." Anonymous have always styled themselves as a somewhat anarchic democratic collective with no leadership.

In a message left on HBGary's website, the successful hackers taunted their would-be pursuers with a statement that read: “You think you've gathered full names and addresses of the 'higher-ups' of Anonymous? You haven't. You think Anonymous has a founder and various co-founders? False."

The attack, which was a significantly more complex hack than recent denial of service assaults used by Anonymous, successfully penetrated HBGary's website through a compromised support server. It mirrors a similar modus operandi used by the group to target ACS:Law, a British legal firm that controversially sent threatening letters to alleged file-sharers. Anonymous responded with frequent cyber assaults, including the leaking of a database of 5,000 alleged porn pirates the firm apparently intended to sue.

Greg Hoglund, the founder of HBGary, has promised his own revenge. "They didn't just pick on any company,” he told cyber security journalist Brian Krebs. “We try to protect the US government from hackers. They couldn't have chosen a worse company to pick on."

http://www.independent.co.uk/news/world/americas/anonymous-hits-security-firm-hbgary-federal-2207309.html

I wasnt asking rhetorical questions in my last post. I dont understand whats going on here. I hope it is a loose network of people who just share a philosophy. I can certainly confirm that when I read this article it brought a smile to my face.

[winston smith]

Just took the dog for a walk and still thinking about this.

Heres the website for the "government" man named above. http://www.hbgary.com/

This doesnt look like a company working with the US government. It looks like a man trying to drum up business on the back of anonymous success.

I would still like to know more about these anonymous people. Do they do this in their spare time? If not how do they make money to live? It seems incredible how quickly they can cause problems to big business.

I dont know how relevant this is but i was amazed to find that the entire UK government still runs on IE6 http://www.guardian.co.uk/technology/pda/2010/jul/30/internet-explorer-6-uk-government

Apologies to anyone who responds to something i say and i dont answer. I dont log in very often. I do so hoping to find a recent article by Jeff. I remember taking a day off work when i first found this website so i could read all his stuff.

[hanshan]

Just took the dog for a walk and still thinking about this.

Heres the website for the "government" man named above. http://www.hbgary.com/

This doesnt look like a company working with the US government. It looks like a man trying to drum up business on the back of anonymous success.

I would still like to know more about these anonymous people. Do they do this in their spare time? If not how do they make money to live? It seems incredible how quickly they can cause problems to big business.

I dont know how relevant this is but i was amazed to find that the entire UK government still runs on IE6 http://www.guardian.co.uk/technology/pda/2010/jul/30/internet-explorer-6-uk-government

Apologies to anyone who responds to something i say and i dont answer. I dont log in very often. I do so hoping to find a recent article by Jeff. I remember taking a day off work when i first found this website so i could read all his stuff.

From above:

The attack, which was a significantly more complex hack than recent denial of service assaults used by Anonymous, successfully penetrated HBGary's website through a compromised support server. It mirrors a similar modus operandi used by the group to target ACS:Law, a British legal firm that controversially sent threatening letters to alleged file-sharers. Anonymous responded with frequent cyber assaults, including the leaking of a database of 5,000 alleged porn pirates the firm apparently intended to sue.

Greg Hoglund, the founder of HBGary, has promised his own revenge. "They didn't just pick on any company,” he told cyber security journalist Brian Krebs. “We try to protect the US government from hackers. They couldn't have chosen a worse company to pick on."

Ok - so is HBGary just a fly-by-night company who only think they might be protecting the govmint?
I'm fascinated by the whole subject & know next
to nothing about it. May have to go to the next def-con conf.


...

[Joe Hillshoist]

I wasnt asking rhetorical questions in my last post. I dont understand whats going on here. I hope it is a loose network of people who just share a philosophy. I can certainly confirm that when I read this article it brought a smile to my face.

Putting aside the trolling element anonymous is anyone who wants to join, or do anything under the name anonymous. Its open source.

Also, the LOIC - some people say its a honey trap, and maybe, but also its a lesson. If you're dumb enough to use something like that that without proper security and sussing it all out you won't make that mistake again.

[Plutonia]

I confess. I’m a member of Anonymous. Hail Xenu.
February 7, 2011 – 3:15 pm, by Bernard Keane

On the weekend, a report appeared in the Financial Times (paywalled, but carelessly copied at Pastebin) on the internet group Anonymous, about which I’ve written a couple of pieces of late. According to the report, senior members of Anonymous face arrest because “they left clues to their real identities on Facebook and in other electronic communications.”

The source of the claim was former US Navy cryptographer Aaron Barr of computer security company HB Gary Federal. Barr claimed to the FT that he had “penetrated” Anonymous – a choice of language guaranteed to induce hysterics at 4chan – and that, in the words of the journalist, “key Anonymous figures” were “fretting”.

It was only near the end of the piece that Barr’s claims began to sound a bit odd. He claimed to have used “LinkedIn, Classmates.com, Facebook and other sites” to infiltrate the group and to have employed such techniques as “comparing the times that members logged on to Facebook and to Internet Relay Chat to make educated guesses as to which electronic identities belonged to the same person.”

Barr had put together a “dossier” on Anonymous, purportedly to provide to the FBI, although this is disputed both by people linked with parent company HB Gary who discussed the matter with Anonymous members online this afternoon and, apparently, by Barr himself. How do we know about the “dossier”? Well, the predictable happened. Barr – who evidently failed to heed the lesson learnt by the Gawker site in December when it sledged Anonymous and got hacked for its trouble – had his company website, email and Twitter account hacked by Anonymous, with a considerable volume of material posted online, including Barr’s dossier. It was the material posted online that had HB Gary’s executives concerned enough to contact Anonymous.

Oh and by the way, methodological note for MSM journalists: for once you’re actually able to use the word “hacked”, which doesn’t mean participating in a DDOS attack.*

Barr’s “dossier” contains a long list of “People” alleged to be in Anonymous, based on what appears to be his monitoring of the IRC channels used publicly by Anonymous to coordinate its efforts in Tunisia, Algeria, Egypt and other Middle Eastern countries – initially bringing down government websites, but eventually in Egypt working to help people on the ground by coordinating information on useable alternatives when Mubarak shut the internet and mobile phones off, providing anonymisation tools and distributing key Wikileaks cables about Egypt via fax. The group is now undertaking similar work as other Middle Eastern regimes come under pressure.

Among the names is my own. Yup, apparently your trusty (or completely untrustworthy, depending on your taste) Crikey Canberra correspondent is supposedly a member of Anonymous. Doubtless my presence in the #op channels – I was undisguised, called myself, strangely, “Bernard Keane” and used “Crikey” as my nick – was the basis for this. I await that special knock on the door that tells you the AFP would like to borrow your computers for a while.

Presumably most of the other people on Barr’s list have similarly been dubbed members of Anonymous because of, say, something they did on Classmates.com.

It’s all very amusing, with this one tiny caveat. It’s apparent that Federal authorities in the US are entirely clueless about some basics about the operation of the internet and internet-based groups. The grand jury request for information in the current investigations of Anonymous is downright bizarre, including a reference to the “internet activist group 4chan” (yes, snarky, offensive image board as “activist group”), information on the “identification and locations of person(s) using or controlling or disseminating denial of service software” (um, your first port of call is Google, folks, because that’s the easiest way to find a version of LOIC), and the most remarkable demand of all, “any and all records, documents, and materials that relate to interactions between any computers of those who were raided and those who are untouchable.”

Well, good to know the Grand Jury knows its old TV shows. Or maybe it’s a shout-out to the Brian De Palma film.

But given this level of ignorance, you wonder whether the FBI might indeed have taken seriously a crock like Mr Barr’s, assuming he indeed wanted to provide it.

Still, the episode was good for what is an early and strong candidate for the funniest media release of the year from Anonymous.

*Update: having accused MSM journalists of failing on this score, I have since been told that in fact the HB Gary Federal episode was cracking, not hacking. #selfrighteousnessfail

[justdrew]

come on. HB Gary? that's absurd. has a single federal contract ever been awarded to this "company" ? Probably Anonymous invented the company and it's spokes critters are assisting in this whole hoax. the joke is on the media