AntiSec: While the watchers were away - hackers came out to play
by Steve Ragan - Jul 5 2011, 22:35Last week was vacation time for many in the IT and security community, and many orginizations offered a rare three day weekend for the upcoming holiday. As such, this meant skeleton crews for the operations desk, and security people were placed on call. Holidays often mean that businesses are caught unaware, and this weekend was no exception. Here’s a recap of the holiday mayhem.
Arizona hit for a third time
Last week, the Arizona police suffered another attack. Committed under the AntiSec flag, the third strike targeted the Fraternal Order of Police, and exposed personal emails as well as some curious behavior.
One email account contained pornography, and another some forwarded racist emails, which came from FOP members outside Arizona, and a chain letter depicting an incident in from several years ago in El Paso, Texas. In addition, the FOP attack included 1,200 officer usernames and passwords, as well as credit card details and PayPal details.
“We're doing this not only because we are opposed to SB1070 and the racist
Arizona police state, but because we want a world free from police, prisons and
politicians altogether,” a note from the AntiSec attackers explained.
“Let this third and crushing blow against Arizona police send a strong message to the ruling class around the world. You will no longer be able to operate your campaign of terror against immigrants and working people in secrecy: we will find you, expose you, and knock you off the internet...”
In all there were several FOP websites defaced during the raid.
Fox News hijacked to spread word of a fake assassin
As Steven mentioned, hackers from the ‘ScriptKiddies’ group claimed responsibility for hijacking the official Fox News Twitter account. The result is the image below.
They went on to post an additional five messages related to the fake death. Eventually Fox was able to recover the account. The offending messages have been removed, but an archive can be viewed here.
In a statement, Fox called the messages malicious, and said they will be requesting “a detailed investigation from Twitter about how this occurred and measures to prevent future unauthorized access into FoxNews.com accounts.”
The U.S. Secret Service, as is their routine, will be following-up on the Fox hijacking and the threats to President Obama.
Election Data leaked
Another data leak, attributed to AntiSec and Anonymous, centered on the New South Wales Electoral Commission in Australia. This caused some media outlets to run wild with speculation. However, after the panic disappeared, some research turned up the fact that all of the election data leaked came from a public FTP server. In fact, many media outlets got the data directly from the local council itself.
Keeping with election data, a hacker by the name of Abhaxas posted some data taken from voting systems in Florida. Along with the data, he left a single message:
“So, this is a little ironic. Here is inside details of Florida voting systems. Now... who still believes voting isn't rigged? If the United States Government can't even keep their ballot systems secure, why trust them at all?”
The data isn’t that important, but Abhaxas knows this. “…it’s the fact that access was gained to the system so easily = flawed system,” said a remark on his Twitter feed where the election leak was announced.
“Contractors are the weakest link, outside of secretaries. Hack the contractors and use the info you gain to go farther,” the feed added, hinting at how the data was accessed.
There has been no official statements from Florida on the matter.
Apple survey data leaked to the Web
While nowhere near as serious as the attacks on Sony or the Arizona police, more than two dozen usernames and passwords were leaked to the Web, after someone cracked a web application used by Apple to process support surveys.
Apple has made no comment on the issue. For their part, even Anonymous - who claimed responsibility - pushed this one off as nothing important. Noting that Apple could be a target too, a message on Twitter from AnonymousIRC said that they were “busy elsewhere.”
Sony Music Ireland publishes some interesting news
Finally, the weekend ended with word that Rebecca Black (the girl who taught us all the days of the week) has married R. Kelly and joined the Sony security team.
That news, in addition to two other stories posted to the website, is false.
“Hackers appear to have broken into Sony Music Ireland's site and planted the bogus celebrity stories. It's just the latest in a long line of attacks upon Sony websites, and further embarrasses the company as it tries to protect its online reputation. Sony Music Ireland is presently redirecting visitors to its website to its Facebook page instead,” wrote Sophos’ Gram Cluley, who reported on the hack earlier today.
More information is here.
Comment on this Story