Monthly Archives: May 2013

Image

GCHQ is Following You On Twitter

GCHQ is Following You On Twitter

Hilarious. From DInk

Anonymous and The EDL

Here we go again.  While it’s hard not to sympathise with Anonymous outing the heinous EDL, they do so without accountability.  We don’t know if the list is accurate; we don’t know who to complain to if it is not.

The original list is on Pastebin.  Cached here.

Anonymous viddy-speak

Meanwhile, Anonymous post their announcement in a Youtube Videospeaky thing.  Which says

Good morning members, and leaders of the English Defense League.

We are Anonymous UK. We have been patiently observing your organisation, as you have inflated, indoctrinating our young with your criminal mindset.

You have capitalized on the misfortunes of our peoples, taking advantage of moments of fear, of terror, and of reconciliation, to spread hatred and animosity towards your fellow man.

Your constant belligerence, like a pack of raving ignoramuses, furthering only bigotry and segregation.

You have angered us considerably, and summoned our wrath irrevocably.

Last week, an innocent Drummer, Lee Rigby, lost his life at the hands of two vile and demented human beings in the most horrific, and heinous manner ever witnessed on the streets of Britain.

This villainous public display has thrown the United Kingdom into mourning; every community, and every congregation, extending their deepest condolences.

You however, have used this as another excuse to further spread your campaign of hate, bigotry, and misinformation. Under the guise of national pride you have instigated crimes against the innocent and incited the subjugation of Muslims. We will not allow your injustices, your lies, and your stupidity, to further radicalize our youth into fearing and despising their fellow man.

Our people are desperate for hope, in a hopeless society where our own government neglects us, where society has fails us, it is only natural to seek a relatable change maker. This sort of desperation, this quest for feeling of worth, is what you have taken advantage of.

In this operation, we will begin the systematic and comprehensive dissemination of your cult. We will further expose your falsities and your attempts to censor, to your members, to the British public, and to the world as a whole. You will fall, we can say this with complete confidence. We are everywhere, you cannot hide, you cannot win We are the voices of all and the voice of one. It will not happen over night, but we WILL be victorious.

It’s the cloud

We are Anonymous.
We are Legion.
We do not forgive.
We do not forget.
Expect us.

Translation by HopeNotHate.

Latest DPA and ICO issues

Clyde and Co have published their latest DPA Newsletter.
 photo wwwclydecocomuploadsFilesPublications2013CC003241_Data_Protection_and_privacy_newsletter_280513_pdfpdf_zps83ae99a1.png

Some of the top ICO stories include:

  • Fine of 145,000 Euros for Google
  • Portadown GP Practice slapped and undertakes to do better
  • Met Police; Barnet Council and Manchester Council slapped by the ICO
  • Estate agent fined by the ICO

 

Newsround

Some news, some true
sky apps defaced photo BBCNewsSkyappsdefacedbySyrianElectronicArmyhackers_zps0bd42334.png Sky apps defaced by Syrian Electronic Army hackers. The hackers posted several messages to one of Sky’s Twitter feeds after defacing its apps. Several of Sky’s Android apps have been removed from the Google Play store after they were targeted by the Syrian Electronic Army hacking collective. It follows an attack which saw the logos of six of the UK broadcaster’s apps replaced by that of the SEA. The hackers also breached one of the firm’s Twitter accounts, allowing them to post messages urging users to view the defaced programmes. Targeting apps in this manner marks a new strategy for the group. Its efforts have previously focused on taking over social media accounts used by the media and western political leaders, and publishing what are claimed to be leaked emails and other files from countries in the Middle East identified as “Syria’s enemies”. Israeli newspapers also reported over the weekend that the SEA had mounted a failed attempt to disrupt the water supply in the port city of Haifa.

us weapon plan compromise by china photo USWeaponsPlansCompromisedbyChineseCyberSpiesReport_zpsbbb51a05.png US weapon plans compromised by China. Designs for many of the US’s most sensitive advanced weapons systems have been compromised by Chinese hackers, according to a report prepared for the Pentagon and to officials from government and the defence industry. Among more than two dozen major weapons systems whose designs were breached were programs critical to US missile defences and combat aircraft and ships, according to a previously undisclosed section of a confidential report prepared by the Defence Science Board for Pentagon leaders. Experts warn that the electronic intrusions gave China access to advanced technology that could accelerate the development of its weapons systems and weaken the US military advantage in a future conflict. Advertisement The Defence Science Board, a senior advisory group composed of government and civilian experts, did not accuse the Chinese of stealing the designs. But senior military and industry officials with knowledge of the breaches said the vast majority were part of a widening Chinese campaign of espionage against US defence contractors and government agencies. The significance and extent of the targets help explain why the Obama administration has escalated its warnings to the Chinese government to stop what Washington sees as rampant cyber theft

us warned of  iranian cyber attacks photo USwaswarnedofIraniancyberattacks_zpsf54db20c.png American officials say Iran is behind a new wave of destructive cyber attacks on American corporations and energy firms, according to a report by the New York Times. The May 24 Times article said the targets included American oil, gas and electric companies with a goal of finding ways to seize control of critical processing systems. The Department of Homeland Security warned this month about the cyber attacks, and one government official told the Times, “Most everything we have seen is coming from the Middle East.” Government officials and other experts, according to the report, confirmed a report in the Wall Street Journal that the source of the attacks had been narrowed down to Iran.

new iran cyber attacks photo NewComputerAttacksComeFromIranOfficialsSayNYTimescom_zps23fcb7a5.png New Computer Attacks Traced to Iran. Officials Say. American officials and corporate security experts examining a new wave of potentially destructive computer attacks striking American corporations, especially energy firms, say they have tracked the attacks back to Iran. The targets have included several American oil, gas and electricity companies, which government officials have refused to identify. The goal is not espionage, they say, but sabotage. Government officials describe the attacks as probes looking for ways to seize control of critical processing systems. Investigators began looking at the attacks several months ago, and when the Department of Homeland Security issued a vaguely worded warning this month, a government official told The New York Times that “most everything we have seen is coming from the Middle East.” Government officials and outside experts on Friday confirmed a report in The Wall Street Journal that the source of the attacks had been narrowed to Iran. They said the evidence was not specific enough to conclude with confidence that the attacks were state-sponsored, but control over the Internet is so centralized in Iran that they said it was hard to imagine the attacks being done without government knowledge. While the attackers have been unsuccessful to date, they have made enough progress to prompt the Homeland Security warning, which compared the latest threat to the computer virus that hit Saudi Aramco, the world’s largest oil producer, last year. After investigations, American officials concluded that the Aramco attack, and a subsequent one at RasGas, the Qatari energy company, were the work of Iran

 photo ipcommissionorgreportIP_Commission_Report_052213pdf_zps8361cc2d.png The Report of the Commission on the Theft of American Intellectual Property is published. Speaks about the Chinese threat and recommends some actions.  Cached report here

  • Designate the national security advisor as the principal policy coordinator for all actions on the protection of American IP
  • Provide statutory responsibility and authority to the secretary of commerce to serve as the principal official to manage all aspects of IP protection.
  • Strengthen the International Trade Commission’s 337 process to sequester goods containing stolen IP.
  • Empower the secretary of the treasury, on the recommendation of the secretary of commerce, to deny the use of the American banking system to foreign companies that repeatedly use or  benefit from the theft of American IP.
  • Increase Department of Justice and Federal Bureau of Investigation resources to investigate and  prosecute cases of trade-secret theft, especially those enabled by cyber means
  • Consider the degree of protection afforded to American companies’ IP a criterion for approving major foreign investments in the United States under the Committee on Foreign Investment in the U.S. (CFIUS) process
  • Enforce strict supply-chain accountability for the U.S. government
  • Require the Securities and Exchange Commission to judge whether companies’ use of stolen IP is a material condition that ought to be publicly reported.
  • Greatly expand the number of green cards available to foreign students who earn science, technology, engineering, and mathematics degrees in American universities and who have a job offer in their field upon graduation
Link

Securo-boffins uncover new GLOBAL cyber-espionage operation

Securo-boffins uncover new GLOBAL cyber-espionage operation

Reg article about global cyber malware.  Report here 

Link

Foreign made hardware

Foreign made hardware

The state security for foreign made hardware.    Report published by the USA Government Accountability Office.  Copy here.

IP and Petreaus


The Office of the Privacy Commissioner of Canada publishes new research that shows how much information can be gathered from an IP address. They perform a number of standard lookups such as WHOIS to build a profile of a given IP address and more importantly the person behind that IP address:  you are not as anonymous as you’d like to be.

Somewhat more interesting is the walkthrough of the The Petraeus incident, which shows in detail how ISPs, Google and the like manage their logs and provide them on a court order.

  1. An individual received a number of “anonymous” harassing e-mails and asked the FBI to investigate. Copies of the e-mails were made available to the FBI;
  2. Although the messages were sent from an anonymizing service, the IP addresses from which they were sent were available in the e-mail headers;
  3. From knowledge of the source IP address(es), the FBI was able to identify the organization to which the IP address(es) had been allocated (typically a telecommunications service provider(s);
  4. Upon receipt of administrative subpoenas11, which are issued by law enforcement authorities without judicial oversight, thetelecommunications service provider(s) then provided subscriber information about the IP addresses used to access the originating email account, as well as any other e-mail accounts that were accessed from the same IP address(es). It has been reported that Google gave the FBI information about every IP address used when accessing that account12
  5. The ISP associated the IP addresses with various locations, including hotels;;
  6. Knowing the physical locations from which the e-mails were sent, the FBI was able to obtain lists of people who were at those locations when the messages were sent through the use of administrative subpoenas13
  7. One name kept appearing in guest lists during the times the messages were sent, so this individual was considered the most likely suspect; and;
  8. It was at this point that the FBI sought and obtained a warrant to get access to the contents of the anonymous email account.

The FBI was able to obtain the following information without having to obtain a warrant:

  1. The IP address(es) from which the harassing e-mails were sent;
  2. The names of the telecommunications service providers to whom those address(es) were assigned;The subscriber information associated with the e-mail account used to send the e-mails, along with information about other e-mail accounts that were accessed from the same IP address(es);
  3. The organizations – in this case hotels – to whom the telecommunications service provider had assigned the IP address(es); and
  4. Lists of guests who were registered at those hotels at the time the emails were sent.

Report cached here