Tuesday, July 12, 2011

“Can you hear me now?” At some point, organizations are going to realize these hacktivists are serious (and their security isn't)

http://www.databreaches.net/?p=19548

Anonymous Leaks 90,000 Military Email Accounts in Latest #AntiSec Attack

July 11, 2011 by admin

Sam Biddle reports:

Booz Allen Hamilton is a massive American consulting firm that does a substantial amount of work for the Pentagon. This means they’ve got a lot of military business on their servers—which Anonymous hacked. Today they’ve leaked it.

The leak, dubbed ‘Military Meltdown Monday,’ includes 90,000 logins of military personnel—including personnel from US CENTCOM, SOCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors. Their correspondences could include exchanges with Booz Allen’s highly brassy staff of retired defense folk: current execs include three former Directors of National Intelligence and one former head of the CIA. Anon was also kind enough to gut 4 GB of source code from Booz Allen’s servers. Anon cites the firm’s alleged complicity in the SWIFT financial monitoring program as at least partial motive for the attack.

Read more on Gizmodo.

Over on ReadWriteWeb, Dan Rowinski writes:

In terms of what Anonymous found in the Booz Allen Hamilton servers, there are certainly items that will get people fired. One of the bigger items is Boox Allen Hamilton’s association with security company HBGary. Booz Allen Hamilton and HBGary Federal proposed software for a sophisticated program (dubbed Metal Gear by Anonymous) that would allow security teams to control “sock puppet” online identities in social media spheres that would attempt to steer conversation about certain topics. One way or another because of this program, Anonymous claims that all U.S. military personnel will now have to change their passwords.

“And thanks to the gross incompetence at Booz Allen Hamilton probably all military [p]ersonnel of the U.S. will now have to change their passwords,” Anonymous wrote.

[From the ReadWriteWeb article:

… gained access to 90,000 military emails, four gigabytes of source code (which was erased from the Booz Allen Hamilton servers) along with login credentials and other sources of information that Anonymous can hack along the intelligence community's digital infrastructure.



Hacktivists again...

http://www.databreaches.net/?p=19569

German police hacked, suspect tracking data stolen

July 12, 2011 by admin

Darren Paul reports on another hack revealed last week:

Usernames, passwords, and coordinates stolen in data haul.

Hackers have broken into the German Federal Police and swiped location data used to track suspects.

The attack launched by the left-wing n0-N4m3 Cr3w hacking group compromised a server used by the country’s customs service.

It then published the contents including location coordinates, license plate and telephone numbers, police usernames and passwords, and a GPS application.

Read more on CRN



Isn't Google correct?

http://www.wired.com/threatlevel/2011/07/google-wiretap-appeal/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Google Seeks Immediate Appeal of Street View Wiretap Ruling

Google is demanding a federal judge grant it permission to appeal a decision that approved a federal wiretapping lawsuit over its interception of unencrypted Wi-Fi traffic.

The Mountain View, California, media giant responded late Friday to a Silicon Valley federal judge’s June 29 decision in nearly a dozen combined lawsuits seeking damages from Google for eavesdropping on open, unencrypted Wi-Fi networks from its Street View mapping cars. The vehicles, which rolled through neighborhoods across the country, were equipped with Wi-Fi–sniffing hardware to record the names and MAC addresses of routers to improve Google location-specific services. But the cars also secretly gathered snippets of Americans’ data.

Google claims it is was not a breach of the Wiretap Act to intercept data from unencrypted, or non-password-protected Wi-Fi networks. Google said open Wi-Fi networks are akin to “radio communications” like AM/FM radio, citizens’ band and police and fire bands, and are “readily accessible” to the general public — a position rejected by U.S. District Judge James Ware.

… It was the first ruling (.pdf) of its kind, and Google wants the 9th U.S. Circuit Court of Appeals to review Ware’s decision “before forcing it to proceed with protracted litigation at the district court,” Ruben wrote.

Google said it didn’t realize it was sniffing packets of data on unsecured Wi-Fi networks in about a dozen countries over a three-year period until German privacy authorities began questioning last year what data Google’s Street View cars were collecting. Google, along with other companies, use databases of Wi-Fi networks and their locations to augment or replace GPS when attempting to figure out the location of a computer or mobile device.



“It's for the children!” After all, the Post Office keeps a copy of every letter you mail... Oh, no – I mean the phone company records all your calls... No, forget that. None of that stuff happens.

http://www.pogowasright.org/?p=23693

Unhappy meal: Data retention bill could lure sex predators into McDonalds, libraries

July 11, 2011 by Dissent

Chris Soghoian writes:

On Tuesday, the Republican-controlled House Judiciary Committee will hold a hearing in support of mandatory data retention legislation. The bill that they have proposed requires that Internet Service Providers, such as Comcast and Time Warner, save records of the IP addresses they assign to their customers for a period of 18 months.

Data retention is a controversial topic and loudly opposed by the privacy community. To counter such criticism, the bill’s authors have cunningly (and shamelessly) named it the Protecting Children from Internet Pornographers Act of 2011. This of course means that anyone who opposes data retention must go on record as opposing measures to catch sexual predators.

Read more on Ars Technica.



For the Ethical Hackers...

10 Privacy Tools To Browse The Web Anonymously


No comments: