An anonymous reader writes “It’s been found that the Btrfs file-system is vulnerable to a Hash-DOS attack, a denial-of-service attack caused by hash collisions within the file-system. Two DOS attack vectors were uncovered by Pascal Junod that he described as causing astonishing and unexpected success. It’s hoped that the security vulnerability will be fixed for the next Linux kernel release.” The article points out that these exploits require local access.
hypnosec writes with news that two security consultants have found vulnerabilities in Call of Duty: Modern Warfare 3 and the CryEngine 3 graphics engine that could harm game makers and players alike. Presenting at the Power of Community (POC2012) security conference, the researchers demonstrated how a denial-of-service attack could affect Modern Warfare 3, and how a server-level attack on CryEngine 3 allowed them to “create a remote shell on a game-player’s computer.” “‘Once you get access to the server, which is basically the interface with the company, you can get access to all of the information on the players through the server,’ Ferrante said. In general, game companies don’t seem to be very focused on security but rather on performance of the game itself, Ferrante said. Adding security checks can slow down games, and if the companies don’t deem the problem a very critical issue, it will usually be ignored. ‘These are games that have a very large market,’ Auriemma said.”
Trailrunner7 writes “Controversial document-sharing site WikiLeaks was back online Monday evening after sustaining a week-long distributed denial-of-service attack. The organization apparently received some extra capacity and assistance from Web performance and security firm Cloudfare to counter the 10 gigabits per second of bogus traffic that overwhelmed servers for numerous WikiLeaks domains and several supporters’ sites. Targets included WikiLeaks’ news aggregation site and its donations infrastructure, which it calls the Fund for Network Neutrality. A few days ago the organization posted a statement describing what it surmised was a DNS amplification attack. ‘Broadly speaking, this attack makes use of open DNS servers where attackers send a small request to, the fast DNS servers then amplify the request, the request has now increased somewhat in size and is sent to the server of wikileaks-press.org. If an attacker then exploits hundreds of thousands of open DNS resolvers and sends millions of requests to each of them, the attack becomes quite powerful. We only have a small uplink to our server, the size of all these requests was 100,000 times the size of our uplink.’”
Qedward writes “Iran is privately being blamed for a major cyberattack on the BBC that blocked access to its popular Persian TV service and disrupted the Corporation’s IT using a denial-of-service attack. The multi-pronged March 2 attack took down much of the BBC’s email, overloaded its telephone switchboard with automatic phone calls, and blocked a satellite feed for the BBC Persian station. BBC servers were also on the end of a DDoS. In an unprecedented tactic, the BBC has trailed a speech to be given this week to the Royal Television Society in which Director General Mark Thompson will mention the attacks in some detail while stopping short of formally naming Iran as the perpetrator.”
There is a code upheld by members of Sicilian mobsters called omerta. It is considered a code of honor, of value, of principal. It is the “code of silence” that means that members do not give evidence to authorities or rivals about the activities of the organization. When an organization is brought down by police there is a good chance that there was a snitch involved. Omerta was broken.
The FBI arrested five members of hacker groups LulzSec and Anonymous today for various computer crimes associated with the year long battle the groups have waged against corporations and governments across the world. The most recent and damaging was the hack of U.S. intelligence contractor Stratfor in December.
One of the leaders of the movement went by the name of Sabu. His real name, according to a Fox News report, is Hector Xavier Monsegur from New York City. Sabu has been a rogue member of the group, disagreeing with other members of Anonymous and being one of the most vocal advocates of chaos.
It has been difficult to tell who and what Anonymous was. As the group grew and evolved it became extremely fractured. Anybody could lob a denial of service attack at some major corporation and claim and hacks against anybody that wronged the group. Sabu is also a traitor and a hypocrite. For all his bravado, he had been working with the FBI for months to implicate other members of the group. Knowing that, see his tweets from the last week below. Caution, strong language.
Sabu has been disavowed by the so-called Anonymous leadership for some time. When hackers went after Stratfor, it was Sabu leading the charge. Other leaders from Anonymous quickly posted a press release on Pastebin calling Sabu and his followers, “opportunistic attention whores.”
“Stratfor has been purposefully misrepresented by these so-called Anons and portrayed in false light as a company which engages in activity similar to HBGary. Sabu and his crew are nothing more than opportunistic attention whores who are possibly agent provocateurs. As a media source, Stratfor’s work is protected by the freedom of press, a principle which Anonymous values greatly.”
According to the Fox News report, Sabu was arrested in secret last June and was pleaded guilty to 12 hacking charges Aug. 15. That means that Sabu has been cooperating with the FBI for the better part of a year. Last July, three suspected LulzSec/Anonymous hackers were arrested and charged and charged with malicious computer crimes. Sabu claimed he was not part of the arrest and tweeted a video about Anonymous that has seen more than 90,000 views on YouTube.
We know now that Sabu had already been arrested at that time.
For the last week Sabu has been tweeting against the federal prosecutors that chased him down and eventually the arrests that were announced today. His last tweet was about 18 hours ago and stated: “Die Revolution sagt ich bin, ich war, ich werde sein.” That loosely translates to, “The revolution I am saying, I was, I would be.”
Two Twitter accounts associated with Anonymous have claimed responsibility for a denial of service attack on the Interpol website, which is currently out of commission. The international law enforcement agency arrested 25 suspected hackers in more than a dozen cities across Europe and Latin America today. Interpol’s “Operation Unmask” followed what it called “a series of coordinated cyber-attacks originating from Argentina, Chile, Colombia and Spain.”
Interpol’s statement on Operation Unmask cites attacks on Colombian government websites, Chile’s national library and a Chliean electric company. Police from Argentina, Chile, Colombia and Spain carried out the arrests, seizing 250 computers and mobile phones, as well as credit cards and cash. Suspects ranged in age from 17 to 40.
At press time, the Interpol site is struggling to recover, but it is no longer completely down.
Trailrunner7 writes “A group of researchers has released a tool that they say implements a denial-of-service attack against SSL servers by triggering a huge number of SSL renegotiations, eventually consuming all of the server’s resources and making it unavailable. The tool exploits a widely known issue with the way that SSL connections work. The attack tool, released by a group called The Hacker’s Choice, is meant to exploit the fact that it takes a lot of server resources to handle SSL handshakes at the beginning of a session, and that if a client or series of clients sends enough session requests to a given server, the server will at some point fail. The condition can be worsened when SSL renegotiation is enabled on a server. SSL renegotiation is used in a number of scenarios, but most commonly when there is a need for a client-side certificate. The authors of the tool say that the attack will work on servers without SSL renegotiation enabled, but with some modifications.”
Lucas123 writes “After six days of spotty service and outages with its online and mobile sites, Bank of America today said it has not been the victim of a denial of service attack, hacking or malware. Yet, the bank has set up a new homepage that it says will help customers navigate to the proper online service. Internet monitoring service Keynote said the outage is unprecedented in banking. ‘I don’t think we’ve seen as significant and as long an outage with any bank. And I’ve been with Keynote for 16 years now,’ said Shawn White, vice president of operations for web monitoring service Keynote Systems. In the meantime, a BofA spokeswoman continued to divulge what might be happening, saying ‘We’re not going to get into the technical details. We’re not going to comment on the technicalities of what we do.’ Speculation among experts has been that the site is under attack.”
mask.of.sanity writes “An Australian blogger who blew the lid on emerging domain-name fraud campaigns has received death threats from the scammers. His blog and domain parking company are still being hit with a large distributed denial of service attack that has the death threats embedded as HTML links within its logs. Australia’s government CERT team and the U.S. Secret Service (blog servers were hosted on U.S. soil) are pursuing the botnet’s command and control servers. Ten days later, the victim is still being attacked and is fighting a cat-and-mouse game as IP address ranges change.”