Hacker group Anonymous fights back, in support of #MegaUpload

Is this really happening? After hearing about the MegaUpload shut down, the hacker or ‘hactivist’ group Anonymous is already taking a stance on the situation, and fighting back. They have already taken down Justice.gov and UniversalMusic.com and shot off a tweet saying:


As of this writing, both sites are down, see screen shots below. One can only assume that they will be or are already targeting other sites to take down in regards to this MegaUpload piracy issue. More to come I am sure.

UPDATE 1: Anon is going hard. They just took down riaa.org!
UPDATE 2: MPAA.org is down as well!

Symantec admits its networks were hacked and source code stolen

After having first claimed that the source code leaked by Indian hacking group Dharmaraja was not stolen through a breach of its networks, but possibly by compromising the networks of a third party entity, Symantec backpedalled and announced that the code seems to have exfiltrated during a 2006 breach of its systems.


Symantec spokesman Cris Paden has confirmed that unknown hackers have managed to get their hands on the source code to the following Symantec solutions: Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere.

And while he claims that the only customers that should be somewhat worried are those using pcAnywhere, ITIC analysts Laura DiDio says that that might not be the whole truth. "Unless Symantec wrote all new code from scratch, there are going to be elements of source code in there that are still relevant today," she shared with Reuters.

In the meantime, a hacker that goeas by the handle of "Yama Tough" and is part of the aforementioned group has announced the release of the source code for Norton Antivirus, but then backed up saying that the group has decided to delay it until it has had the chance to take advantage of the vulnerabilities in the code.

He then announced the release of pcAnywhere code for the blackhat community to exploit, but the group has yet to deliver on the promise.

"Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information," commented Paden.

Identities of likely Koobface gang members revealed

It was a well-known fact in security circles that some researchers were involved for quite some time in an investigation aiming at revealing the identities of the individuals behind the Koobface worm and the botnet it created.


In the past week, details about a likely member of the "Ali Baba & 4" group (as they dubbed themselves) were made public by researcher Dancho Danchev on his blog and, as the story begun to unfold, security firm Sophos and the NYT revealed the names of the five individuals thought to be part of the KoobFace gang.

Their names are Anton Korotchenko (a.k.a. “KrotReal”); Stanislav Avdeyko, (“leDed”); Svyatoslav E. Polichuck (“PsViat” or “PsycoMan”); Roman P. Koturbach (“PoMuc”); and Alexander Koltysehv (“Floppy”), and they all apparently live in St. Petersburg, Russia.

The NYT reveals that Facebook, law enforcement officials and security investigators involved in the investigation have known their identities for years, but the fact that they are still free to live their rather comfortable lives and travel to around the world points to an unfortunate reality: it is extremely hard to prove conclusively that these individuals are guilty.

Facebook started its own investigation into the gang shortly after the Koobface worm first began to spread on the social network in 2008, and it took them only weeks to link the attacks to the suspects.

In 2009, independent researcher Jan Drömer mounted his own investigation. Starting with crucial information gleaned from one of the Koobface C&C servers and searching for links to it on the Internet - IP addresses, domain registration information, underground and legitimate forum posts, social network accounts and more - he made a beeline to the aforementioned group of individuals.

According to him, there is a variety of reasons behind the success of the Koobaface gang: they misused powerful online services to spread the worm, didn't overdo on the size of the botnet, haven't aimed at making the worm perfect but invested just enough revenue to earn more than enough money, and have operated in countries whose law enforcement agencies haven't a good record when it comes to cooperating with their US and European counterparts.

Currently, none of the five individuals have been charged of crimes and no law enforcement agency has confirmed they are under investigation or even commented on the situation.

All who are interested in a fascinating blow-by-blow report of how Jan Drömer and SophosLabs' Dirk Kollberg followed the crumbs to the suspected Koobface gang members - go here.

Analysis of Stratfor Site Breach Reveals Weak Passwords, Poor Enforcement

Update from Hacked and discredited: Anonymous takes down Stratfor

Stratfor’s clients include the U.S. Army and Air Force and the Miami Police Department, and a report released by Identity Finder, an identity theft and data loss prevention company in New York, stated that personal information about Stratfor’s subscribers with first names starting with A to M were already released. Information about those with first names beginning with N to Z are believed to be soon released in the coming week, along with 2.7 million email copies.

Information obtained from the hack so far released include:

• 50,277 unique credit card numbers (9,651 not expired)
• 86,594 e-mail addresses (47,680 unique)
• 27,537 phone numbers (25,680 unique)
• 44,188 encrypted passwords (50% can be cracked with ease)

While users need to select stronger passwords to access on online services, enterprises also need to enforce strong security policies for the Web sites and applications.

As Stratfor continues rebuilding its Website after the cyber-attack in which email addresses of its subscribers and other personal details were leaked, the company is coming under fire for its weak passwords and security policies.

Using a group of lists containing common passwords, names of people in Congress, words from the King James Bible, various computer jargon and programming phrases, previously dumped lists from Gawker and other sites and other lists, Hashcat was able to crack 25,690 passwords. A more extensive list that used words and phrases from various languages as well as common 3- and 4-character passwords, among others, yielded 21,933 additionally cracked hashes. It took Hashcat less than an hour to crack over 47,000 password hashes, according to the analysis.

The list of cracked password showed a high degree of passwords that used birthdates, names of family members, or something with a personal reference (such as 'ford1996'). Unlike "throwaway" passwords, such as '123456' and 'qwerty,' these personal passwords are more likely to be re-used on other sites because they are easier for the user to remember.

Detailed analysis here.