Monday, August 15, 2011

The boys are still active, but sounding more and more juvenile.

http://www.databreaches.net/?p=20142

#Anonymous claims to have hacked BART; posts employee and rider data

On August 11, the Bay Area Rapid Transit (BART) suspended wireless service. According to a statement posted on their web site the next day, their intent was to address an expected protest following an officer-involved shooting on July 3:

Organizers planning to disrupt BART service on August 11, 2011 stated they would use mobile devices to coordinate their disruptive activities and communicate about the location and number of BART Police. A civil disturbance during commute times at busy downtown San Francisco stations could lead to platform overcrowding and unsafe conditions for BART customers, employees and demonstrators. BART temporarily interrupted service at select BART stations as one of many tactics to ensure the safety of everyone on the platform.

Their actions resulted in a lot of criticism, much of it tagged #opbart on Twitter and drawing parallels to Mubarak’s heavy-handed attempts to quash Egyptian protests earlier this year.

Criticism was soon followed by hacktivism, it seems.

Your Website has been hacked and database has been leaked by: ### ### #t0nicwater #Bl4ckAbby #NaDa #Tanko #Anonymous #hackers

Dear Bay Area Rapid Transit, The People and All Government Agencies, We are Anonymous, we are your citizens, we are the people, WE DO NOT TOLERATE OPPRESSION FROM ANY GOVERNMENT AGENCY. BART has proved multiple times that they have no problem exploiting and abusing the people. First they displayed this by the two recent killings by BART police. Under no circumstance, unless police are shot at, make police killings acceptable. Non-lethal weapons were available to use during both incidents, providing even that was necessary, but instead they shot to kill. Next they violated the people’s right to assembly and prevented other bystanders from using emergency services by blocking cell phone signals in order to stop a protest against the BART police murders. Lastly, they set up this website called mybart.gov and they stored their members information with virtually no security. The data was stored and easily obtainable via basic sqli. Any 8 year old with a internet connection could have done what we did to find it. [i.e. Low hanging fruit... Bob] On top of that none of the info, including the passwords, was encrypted. It is obvious BART does no give a fuck about its customers, funders and tax payers,THE PEOPLE. The governments and government agencies of the world are becoming tyrannical and oppressive, and the people are responding and will not take your shit for much longer. The people will fight this oppression with protests, demonstrations, riots, hacking, ddos, online attacks and by any other means. We will not allow ourselves to be killed, exploited, or get shitted on. From the streets of Chile, England, Portland, San Francisco, Oakland, the people are rising up and we will support each other and stand in solidarity against any injustice. Worldwide resistance is happening, we will participate in solidarity against oppression. SOLIDARITY IS OUR WEAPON. Thus below we are releasing the User Info Database of MyBart.gov, to show that BART doesn’t give a shit about it’s customers and riders and to show that the people will not allow you to kill us and censor us. This is but the one of many actions to come. We apologize to any citizen that has his information published, but you should go to BART and ask them why your information wasn’t secure with them. Also do not worry, probably the only information that will be abused from this database is that of BART employees.

The statement was followed by a listing of what appears to be over 2,450 first and last names, email addresses, phone numbers, street addresses with city/state/zip, and unencrypted user passwords, among other fields.

As of the time of this posting, www.bart.gov is still online, but the mybart.org home page remains defaced.



For now, you have to install the app to make your phone searchable. In future, perhaps the app will be pre-installed. After all, “It's for the children!”

Search the World's Smartphone Photos

"Researchers have devised and tested a system called Theia that can perform an efficient parallel search of mobile phones to track down a target photo. It could be used to perform a realtime search for a missing child accidently caught in a photo you have just taken or the location of a criminal or political activist. You might think that the security and privacy aspects were so terrible that you just wouldn't install the app. However exceptional photos of a sporting or news incidents are worth money and the profit motive might be enough for you to install it."



What, you think the secret police share their data?

http://www.pogowasright.org/?p=24034

Brits are not sure what personal information the gov’t holds about them

Carrie-Ann Skinner reports:

The Equality and Human Rights Commission has slammed the way the government uses and stores personal data about UK citizens.

In the Protecting Information Privacy report, the Commission called the existing system “deeply flawed” and revealed Brits are not really sure what information is held about them by the government and it is difficult to hold someone accountable when misuse of data occurs. Furthermore, it expects privacy breaches to “get worse in the future” because the demand for personal information is likely to increase and new ways of collecting, storing and sharing data are found.

Read more on PC Advisor.

[The report is available at:

http://www.equalityhumanrights.com/publications/our-research/research-reports/research-reports-61-70/#69



Interesting idea...

http://www.pogowasright.org/?p=24031

DRM for Privacy: Part 2

Ryan Calo writes:

In my previous post, I talked about the problem of online tracking and some of the solutions on offer. In this post, I will propose a potential legislative model drawn from copyright law. Several scholars (e.g., Pam Samuelson) have argued that intellectual property holds lessons for privacy. Others have specifically explored whether copyright might.

I am not aware of any argument that the legal protection afforded efforts at digital rights management should be applied to efforts to safeguard one’s web surfing behavior. People with long institutional memories were able to point me to some great technical papers (e.g., this one and this one ) applying DRM techniques to safeguarding personal data.

Read more on Concurring Opinions.



Acquisition as defense?

http://news.cnet.com/8301-30685_3-20092367-264/googles-page-explains-motorola-acquisition/

Google's Page explains Motorola acquisition


No comments: