Anonymous, internet hacking collective, has compromised and defaced the myBART website leaking the phone numbers and passwords of customers. The group targeted BART (Bay Area Rapid Transit) after a decision to block cell phone communication to prevent co-coordinated protests.
Anonymous members, in a statement with leaked information, said that these actions were unacceptable saying “they violated the people’s right to assembly and prevented other bystanders from using emergency services by blocking cell phone signals in order to stop a protest against the BART police murders.” They also said that they used a simple SQL injection, mockingly saying “any 8 year old with a internet connection could have done what we did to find it. On top of that none of the info, including the passwords, was encrypted.”
BART said in a statement that they decided to interrupt the cell phone service on selected train stations as “a civil disturbance during commute times at busy downtown San Francisco stations could lead to platform overcrowding and unsafe conditions for BART customers, employees and demonstrators”. BART say that they “made available certain areas of its property for expressive activity” and that paid areas such as train stations and carriages were not available to “conduct or participate in assemblies or demonstrations or engage in other expressive activities”.
Concerns about the legality of blocking cell phones have been reported by San Francisco Chronicle who point out that a 1967 ruling found that non-disruptive political activity could not be prohibited.
The myBART website has been taken down and currently says “this site is currently under renovation.” BART representatives saying “BART’s website infrastructure is wholly separate from any computer network involved in the operation of BART service”
72 large organizations from the around the world including 22 government organizations and 13 defense contractors as well as the United Nations have been comprised over three years according to a McAfee whitepaper investigation.
McAfee say there was a “state actor” as most of the attacks had “no commercial benefit to be earned from such hacks.” Some security analysts say that China was behind the attacks though McAfee has not released any further details of the country of origin. An industry breakdown has been revealed showing the wide-spread scope of the attack.
Dmitri Alperovitch, VP Threat Research at McAfee, said that every company with valuable trade secrets were likely already hacked or about to be hacked and that “the great majority of the victims rarely discovering the intrusion or its impact.”
McAfee started Operation Shady RAT (RAT stands for Remote Access Tool in the security industry) in mid-2006 after they gained access to “one specific Command & Control server used by the intruders.” The intruders used a Trojan virus in an email to gain access to machines and spread the virus throughout the targeted company. Companies in the United States received 49 attacks followed by Canada with 4 as well as South Korea and Taiwan with 3, other countries listed by McAfee having two to one victims.
“An Olympic Committee of a nation in Asia” was compromised for the longest time for 28 months whilst other organizations including an accounting firm, the International Olympic Committee, an US state, two US government contractors and four other companies were involved in what could be a “quick smash and grab operation that did not require a persistent compromise of the victim.”
Jake Davis, also known as his hacking pseudonym of Topiary, has made an appearance in UK courts and was granted bail with a ban from using the internet and a curfew from 7am to 10pm. Another LulzSec member, Sabu, started a hashtag for Topiary with the fitting #FreeTopiary which became a trending topic.
The alleged PR front on Twitter for the group wrote fake stories and press releases which they say provided “lulz.” One story appeared on the PBS website, which was started after airing a negative WikiLeaks television show, with details of the continued life of Tupac and Biggie and the second appeared on the Sun website with an article that Rupert Murdoch was dead.
A statement released by LulzSec said “Jake Davis brought lulz to the oppressed.” and confirmed that he was from the Shetland Islands saying “from the remote and desolate Shetland islands, Jake’s voice reached millions. Perhaps the success of his message was in its simplicity.” The full message was posted on Pastebin, a popular website for sharing text.
Jake Davis, 18, was arrested late last week as part of an investigation into hacking by The Metropolitan Police Service’s Police Central e-Crime Unit. A full list of e-crime offenses which Jake Davis was charged with has been made available by the MET.
LulzSec Exposed believe that the Metropolitan Police Service (MET) have arrested the wrong person after been tricked into believing that Topiary was Daniel Chatfield after misleading emails. The MET yesterday released a press statement that Topiary, the PR spokesperson for LulzSec, was arrested and was being interrogated.
LulzSec Exposed have previously said that the real Topiary lives in Sweden according the their ‘dox’ on the LulzSec member. The bloggers behind LulzSec Exposed said that they “gave them a taste of their own medicine to expose them and show them they aren’t Internet GODS. “
The Metropolitan Police Service’s Police Central e-Crime Unit have arrested “Topiary” who they believe is a LulzSec spokesperson. The 19-year-old was believed to have been arrested in the remote Shetland Islands in Scotland. The police are searching the address.
In a public statement, The Metropolitan Police say that Topiary is “believed to be linked to an ongoing international investigation in to the criminal activity of the so-called ‘hacktivist’ groups Anonymous and LulzSec”
Another address is Lincolnshire is also been investigated in relation to the investigation but has not been arrested. The e-crime unit say an “ongoing investigation into network intrusions and Distributed Denial of Service (DDoS) attacks” is currently underway.
Topiary deleted all the tweets from his account at an earlier date (but one) and said in his bio that he “worked with Anonymous, LulzSec, and other such paragons of intense cyber victory.” LulzSec has continued hacking after telling uses that they would quit after 50 days, LulzSec has not commented on this event via Twitter.
The arrest of Topiary follows the arrest of a 16-year-old who they believe is a prominent member as well as 19-year-old Ryan Cleary who ran the IRC chat channel for LulzSec.
LulzSec has rejoined the hacking scene to hack The Sun, a News Corporation tabloid , with a fake article on the death of Rupert Murdoch.The seemingly sleeping LulzSec quit earlier this year after hacking into Sony, Fox (also News Corporation) and the US government websites including Senate.gov and affiliates of the FBI.
LulzSec defaced the Sun website sending visitors to a webpage which contained a false story that Murdoch was found overdosed in a garden. Part of the story saying:
Murdoch, aged 80, has said to have ingested a large quantity of palladium before stumbling into his famous topiary garden late last night, passing out in the early hours of the morning.
The homepage of the News Corporation website has also faced a DDoS which prevents visitors as well as allegedly gaining access to DNS servers with ‘all 1,024 web addresses’ down. As well as this LulzSec say they had gained access to the email logs from the Sun and were prepared to release them.
The targeting of the Sun is most likely related to the infamous News of the World phone hacking scandal which sent Rupert Murdoch’s multimedia empire, News Corporation, including Fox and the Wall Street Journal into deeply scandalous affair.
Meanwhile, a member of LulzSec under the pseudonym of AnonymousSabu posted a screenshot of a defaced website they sent users to and in a separate tweet said:
ATTN Media: Expose Murdoch's corrupt and crumbling empire. #hackgate#antisec#anonymous Time for the real journalists to prove themselves.
Linear Fix was one of the few websites to cover LulzSec’s first hacking attempt. On May 10, the group released details about X-Factor contestants then gained access to LinkedIn and Twitter accounts. They started by distancing themselves from other hacking groups saying ‘we aren’t 4chan or Anonymous, but sometimes we might assist them in our own special way,’ In typical LulzSec fashion they wrote on the Fox 15 Twitter that ‘Fox News 15 has decided to rape its own face. A sad day for our 25 viewers.’ The group only had around 255 followers on May 10 and by May 13 that number grew to 799, today more than 272,000 users follow LulzSec.
The infamous group said that they were hacking purely for the fun, though many hacks had other motives. The group inspired many other hacking groups to set up country-specific hacking groups using the LulzSec brand. A prominent example being LulzRaft, a Canadian-based hacking group. LulzSec has reached a point, today, that the group is no longer centrally controlled as the main members depart from LulzSec. It is likely that the legacy left in the forms of splinter groups will continue as LulzSec said today in Pastebin ‘please don’t stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.’
LulzSec has also chosen some puzzling targets, such as choosing to target gaming websites and developers. The move left fans of the games (Minecraft, League of Legends and EVE Online) confused about the motives of the group. LulzSec has certainly left the security industry thinking of ways to secure their data to protect against SQL injection and storing user passwords in safer conditions, not in plain-text!
The group has not lived without internal controversy. LulzSec Exposed say they released the identities of LulzSec member to ‘humiliate them in the same way they did with hack victims.’ It could be that LulzSec members are trying to escape conviction after the information became available. LulzSec Exposed believes that the same members from Anonymous created LulzSec as a splinter group. The benefits of creating a splinter group is the ability to release thousands of user passwords for little reason whilst Anonymous mostly deals with political hacking called hacktivism.
LulzSec was a very different hacking group, they captured the attention of many news organizations. The group continuously dominated the headlines and each tweet was continuously good-humored, often mocking their enemies. Their 1000th tweet press release shed some light on their continuously release of usernames and passwords from several websites:
Watching someone’s Facebook picture turn into a penis and seeing their sister’s shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos to because he can’t secure his Amazon password is priceless. You find it funny to watch havoc unfold, and we find it funny to cause it.
After targeting government websites, Fox, gaming servers and many other websites, LulzSec said that behind their happy persona they were also ‘people with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you,’
LulzSec praised a recent project called AntiSec saying they ‘truly believe in the AntiSec movement,’ The AntiSec project was between a distributed hacking group called Anonymous and LulzSec. The two groups created splinter groups carrying the LulzSec name but not necessarily containing LulzSec members with groups such as LulzSec Brazil and Italy appearing.
LulzSec voiced their wish for LulzSec splinter groups to continue saying ‘we hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us.’
A new branch of LulzSec in Brazil has aimed a denial-of-service attack at the Brazilian Government portal and the homepage of the President of Brazil. The sub-group tweeted that they had taken down the website with the same tagline of ‘tango down’ whilst LulzSec tweeted ‘our Brazilian unit is making progress. Well done @LulzSecBrazil, brothers!’
The group was started on 19 June, they told their followers in Portuguese that if they got 1,000 followers they would ‘invade’ the website of the Brazil’s government portal.
The Brazil branch is likely part of the Anonymous and LulzSec operation called ‘AntiSec’ which was recently publicized by both groups. An AntiSec video from Anonymous said:
We encourage defacement’s of the enemies websites, and use of the word antisec on any and every website or pro censorship group. Any exposed intelligence the enemy decides to withhold from us, should be brought to light. It’s time to show the corrupt governments of the world that they have no right to censor what they do not own.
The video was posted on YouTube in a format commonly used by Anonymous. AntiSec documents are yet to be released with LulzSec tweeting ‘our next step is to categorize and format leaked items we acquire and release them in #AntiSec “payloads” on our website and The Pirate Bay.’
Ryan Clearly, a 19-year-old student from Essex, has been arrested after a joint probe from the Scotland Yard and FBI into LulzSec, a hacking group which attacked websites such as Sony, US government websites, PBS and several gaming websites and servers.
Ryan Clearly has been identified by detectives as a ‘major player,’ though LulzSec strongly deny this tweeting that the UK police were ‘desperate to catch’ members and that they had ‘arrested someone who is, at best, mildly associated’ with LulzSec. It is believed that Rylan Clearly was involved in running IRC chat servers for LulzSec.
The personal details of Clearly were released by Anonymous, a decentralized mass-hacker collective, published details about Ryan Clearly on their blog on 12 May 2011 in a post called ‘ Ryan Cleary Exposed!’
LulzSec has also released details of two former members who they said ‘tried to snitch on us.’ The group published the IRC chat usernames and current names and addresses, LulzSec said that one was involved in ‘involved in the hacking of the game Dues Ex and was/is involved in countless other cybercrimes.’