A breach of Dutch SSL certificate authority DigiNotar is reportedly much bigger than initially thought, with more than 200 digital certificates having been stolen in July by hackers who breached the company’s network. Using the stolen certificates, hackers can potentially intercept and even alter data Internet users believe to be secure and encrypted. ”About 200 certificates were generated by the attackers,” Dutch security expert Hans Van de Looy told Computerworld, citing anonymous sources. Van de Looy says certificates for mozilla.com, yahoo.com and torproject.org were among those obtained by the hackers. Mozilla’s Johnathan Nightingale, director of Firefox development, confirmed the breach on Thursday. “DigiNotar informed us that they issued fraudulent certs for addons.mozilla.org in July, and revoked them within a few days of issue,” Nightingale said in a statement. BGR reported on Wednesday that the Iranian government has allegedly been using one of the stolen certificates to spy on Gmail users, and at that time the full extent of the DigiNotar breach was unknown. The compromised certificates have all revoked by DigiNotar, but not all Web browsers check for revoked certificates so the impact of this breach will likely be ongoing for some time. More →
Hacker groups like Anonymous and LulzSec capture the bulk of mainstream media’s attention when it comes to hackers these days, but it looks like the Iranian government may have recently pulled off an attack that trumps both hacker groups and then some. According to reports, Iranian hackers with ties to the government have managed to executive an MITM attack that compromises Google’s SSL security. An MITM attack, or Man-In-The-Middle attack, is a cyberattack that allows an attacker to covertly intercept or even modify data as it is being transmitted between two computers over the Internet. Using a certificate issued on July 10th by Dutch SSL certificate authority DigiNotar, Iranian hackers have reportedly been able to spy on communications sent via Gmail and other Google services for more than five weeks. DigiNotar revoked the compromised SSL certificate on Monday, however most browsers do not check to see if a certificate has been revoked by default. As such, Mozilla has already released an update to Firefox and Thunderbird that revokes trust for the DigiNotar certificate, and Google said it will soon release a similar update for Chrome. Apple and Microsoft have yet to address the matter publicly or state if and when we can expect updates to Safari or Internet Explorer. More →
A 22-year old student allegedly associated with the hacking group “Anonymous” has been arrested and charged in the United Kingdom. Peter David Gibson is charged with “conspiracy to do an unauthorized act in relation to a computer, with intent to impair the operation of any computer or prevent or hinder access to any program or data held in a computer or to impair the operation of any such program or the reliability of such data,” the Metropolitan Police said in a statement Thursday. Gibson is out on bail and is scheduled to appear in court on September 7th to stand trial. It is believed that Gibson was involved on a number of Anonymous’s DDOS attacks against large corporations; the “Anonymous Operations” branch of the hacking group most recently attacked Apple. Authorities in the United States and the United Kingdom have arrested a number of hackers believed to be associated with Anonymous and a sub-group called LulzSec. LulzSec spokesperson and hacker Jack Davis, aka Topiary, was arrested earlier this month and released on bail. More →
An alleged member of the notorious hacker collective “Anonymous” has apparently outed himself and quit. The UK-based hacker, who says his real name is Matthew, operated under the pseudonym “SparkyBlaze” during his time with Anonymous. As to his reasons for leaving the group, he points mainly to LulzSec, the AntiSec movement, and Anonymous’ leadership. “When I started with Anon I thought I was helping people but over the past few months things inside anon have changed,” the hacker said in a statement posted to the Web. “I am mostly talking about AntiSec and LulzSec. They both go against what I stand for (and what anonymous says they stand for). Antisec has released gig after gig of innocent peoples information. For what? What did they do? Does anon have the right to remove the anonymity of innocent people? They are always talking about peoples right to remain anonymous so why are they removing that right?” To the Anonymous members he leaves behind, SparyBlaze adds, “You are not helping anyone.” He continues, “Think about the long run. Some thinking now can save you some large legal bills later. And yes i will be there when you get out of court to say: I told you so. There are other ways to help people, just don’t go to anon you are not hurting the governments you are hurting yourselves in the long run.” The hacker’s full statement follows below. More →
BlackBerry maker Research In Motion has agreed to work with London authorities as they begin their investigation into recent riots. According to some Londoners, rioters were using RIM’s BlackBerry Messenger service, along with social networks such as Twitter, to organize the attacks. “It is clear that technology is being used, including in demonstrations, to direct people and undermine the police,” London’s deputy assistant commissioner Stephen Kavanagh told Bloomberg. “It is not for us to to moan about this, but to adapt policing style and deal with it.” RIM typically prides itself on the security of its BBM service and has denied access to governments worried the chat platform could be used for planning terrorist attacks. “We feel for those impacted by the riots in London,” RIM wrote in a recent tweet. “We have engaged with the authorities to assist in any way we can.” Read on for more. More →
In response to the arrests of LulzSec member Topiary and Anonymous PayPal hackers, members of the AntiSec initiative have infiltrated 50 police departments across the United States and stolen 10GB of data. According to a release put out by the group, which includes members from Anonymous and LulzSec, the data includes “private police emails, training files, snitch info and personal info on retaliation for Anonymous arrests.” It also includes social security numbers, address information, passwords, credit card numbers, training files and more. “We hope that not only will dropping this info demonstrate the inherently corrupt nature of law enforcement using their own words, as well as result in possibly humiliation, firings, and possible charges against several officers, but that it will also disrupt and sabotage their ability to communicate and terrorize communities,” a recent press release said. The data was stored on a single server and the hackers said it took less than 24 hours to infiltrate and copy the information. In a release posted on PostBin, the AntiSec movement called on other hackers to join in and “make 2011 the year of leaks and revolutions.” The group also told the government to give up and said “you are losing the cyberwar, and the attacks against the governments, militaries, and corporations of the world will continue to escalate.” More →
When Google first introduced its Chrome operating system, the search giant touted its rock solid security. In an effort to keep hackers out, Google automatically installs the operating system on three different hard drive partitions: one swap partition, one encrypted user partition and one read-only operating system root partition. Despite those security enhancements, VentureBeat says researchers Kyle Osborn and Matt Johanson of White Hat Security’s Threat Research Center were able to break into the operating system using “web-based hacker tricks,” that provided access to Google Docs, the address book, Google Voice messages and emails. The two hackers demonstrated how easy it was during the Black Hat security conference. “This conversation is about the web, not Chrome OS,” a Google spokesperson told VentureBeat. “Chromebooks raise security protections on computing hardware to new levels. They are also better equipped to handle the web attacks that can affect browsers on any computing device, thanks in part to a carefully designed extensions model and the advanced security available through Chrome that many users and experts have embraced.” More →
District Judge Howard Riddle released 18-year old alleged LulzSec hacker Jake Davis on bail Monday morning. Davis hacked under the name “Topiary” online and served as the public face of LulzSec, often publishing press releases and status updates on the group’s Twitter account, before he was arrested on July 27th. The news debunks earlier reports that authorities had been duped into arresting an the wrong man. Authorities in the U.K. said they discovered personal information for more than 750,000 people on Davis’ computers. Davis has been charged with hacking the Sun, Times, Sony and the Serious Organized Crime agency. Davis’ lawyers are highlighting his role as a press secretary for LulzSec and have argued that Davis did not participate in the attacks directly. Davis was released on bail but cannot access the Internet from any device, including from smartphones, The Financial Times said.
Following reports on Wednesday that British police had arrested a 19-year-old suspect thought to be the spokesperson of notorious hacker group “LulzSec,” new information suggests authorities may have been duped into arresting an innocent man. According to DailyTech, a hacker by the name of “The Jester” has discovered and published chat logs that suggest “Topiary,” the hacker reportedly arrested by authorities on Wednesday, is still at large. According to the exposed chat, Sweden-born Daniel Ackerman Sandberg — the alleged real LulzSec spokesperson — recently assumed the online identity of another man in an effort to mislead authorities. Sandberg, who has reportedly changed his name numerous times, is also said to have been caught on video speaking Swedish, further suggesting that the Scottish man arrested Wednesday by British authorities was not in fact LulzSec’s spokesperson. The full alleged chat logs between Sandberg and an anonymous second party can be read below (emphasis applied by DailyTech). More →
The Metropolitan Police Service announced on Wednesday that it has arrested a 19-year old hacker suspected to be a member of both “Anonymous Operations” and “Lulz Security,” also known as “LulzSec.” The hacker, who went by the name Topiary, served as the publicist of both hacker groups and often posted press releases and statements on Twitter. His apartment in the Shetland Islands, Scotland is currently being searched and Topiary is on his way to a police station in London. A second 17-year old person in Lincolnshire, England is also being interviewed but has not yet been arrested. The FBI began raiding apartments and arresting a number of people believed to be involved with Anonymous and LulzSec on July 19th. The hacker groups responded to the arrests and said there is “nothing – absolutely nothing – you can possibly to do make us stop.” During that time, Topiary is believed to have tweeted “Arresting people won’t stop us, FBI. We will only cease fire when you all wear shoes on your heads. That’s the only way this is ending,” from the official LulzSec Twitter account. More →
Reports surfaced on Thursday that Anonymous’ AnonPlus social network was broken into by other hackers who called themselves AKINCILAR. AKINCILAR, also the name of a town in Turkey, left a message and a picture of a dog head on the social network’s logo, which normally depicts a suited man with a question mark as a head. The social network was created as a safe zone for hackers to congregate anonymously after Google removed Anonymous Operations’ account from Google+. The message from AKINCILAR read:
We Are TURKIYE. We Are AKINCILAR.
This logo suits you more..How dare you rise against to the World..Do you really think that you are Ottoman Empire?
We thought you before that you cannot challenge with the world and we teach you cannot be social
Now all of you go to your doghouse..
Read on for more, including Anonymous’ response. More →
Global hacker collective “Anonymous Operations” together with “Lulz Security” on Thursday issued a statement to the FBI and other international authorities. The release is a response to statements made by FBI Director Steve Chabinsky tied to the recent arrest of 14 individuals with suspected ties to the hacker group. ”We want to send a message that chaos on the Internet is unacceptable, Chabinsky told NPR in a recent interview. “[Even if] hackers can be believed to have social causes, it’s entirely unacceptable to break into websites and commit unlawful acts.” Anonymous did not mince words in its response. “These governments and corporations are our enemy. And we will continue to fight them, with all methods we have at our disposal, and that certainly includes breaking into their websites and exposing their lies,” an unnamed Anonymous representative said in a statement. “We are not scared any more. Your threats to arrest us are meaningless tous as you cannot arrest an idea. Any attempt to do so will make your citizens more angry until they will roar in one gigantic choir. It is our mission to help these people and there is nothing – absolutely nothing – you can possibly to do make us stop.” Anonymous’ full statement follows below. More →
The FBI raided the homes of three hackers from the infamous hacking group ‘Anonymous’ in New York, Fox News reported on Tuesday. Reportedly, more than 10 FBI agents stormed the house of Giordani Jordan in Baldwin New York and took “at least one laptop from the premises.” Jordan is suspected to have been behind denial of service (DoS) attacks against a number of firms, including Mastercard and Visa. In addition, agents are also searching homes in Long Island and Brooklyn. The hackers are said to be in their late teens and early 20s. It’s unclear if the hackers were also part of the group LulzSec, which claimed responsibility for hacks against Sony, the U.S. Senate and the CIA. More →