‘There is no security’: hackers take down CIA site

Move over Anonymous – a new hacking group is on the block and in just a few weeks it has claimed several high-profile scalps including the CIA, US Senate, an FBI affiliate, Sony and several video games companies.

The CIA’s website has been knocked offline today and the hacker group, which calls itself Lulzsec, has claimed responsibility. The group has amassed more than 150,000 followers on Twitter and yesterday even set up a US phone hotline for people to call and request targets.

Security journalist Patrick Gray, who runs the Risky.biz podcast, said the recent hack attacks proved that “there is no security”.

The Lulzsec hacks come after Australian banks, government departments and other organisations were forced to upgrade their security rapidly following a breach at security provider RSA. The RSA breach resulted in a break-in at defence contractor Lockheed Martin.

Sony, following a major breach of its PlayStation Network that exposed millions of accounts and credit cards, has spent the last few weeks fending off dozens of successful attacks on its networks and websites around the world.

Lulzsec has claimed responsibility for some of these Sony attacks including against Sony Pictures, Sony Music Japan and others.

“The mainstream media are having fun criticising Sony for its poor security, but do we honestly think for a second that the XBox Live network can’t be similarly [hacked],” Gray wrote.

“Is there any target out there that can’t be ‘gotten’?”

Growing list of targets

The group has also targeted the US Senate website, Nintendo, game developer Bethesda Software, FBI-affiliate Infraguard, US media company PBS and several online multiplayer games such as EVEOnlineLeague of Legends and Minecraft.

In many of the attacks, including on Bethesda, the US Senate and pornography website pron.com, Lulzsec also released sensitive data online such as the usernames and passwords of users. These lists even revealed that people with White House email addresses had signed up to watch porn.

“While some people think this is a fun game that can also help point out corporate security weaknesses, the truth is that companies and innocent customers are – in the worst cases – having their personal data exposed,” said Graham Cluley of computer security firm Sophos.

“There are responsible ways to inform a business that its website is insecure, or it has not properly protected its data. You don’t have to put innocent people at risk. What’s disturbing is that so many internet users appear to support Lulzsec as it continues to recklessly break the law.”

Lulzsec claims it is conducting the attacks “for the lulz”, which is internet parlance for “for the laughs”.

Other attacks to hit the news recently include a breach of Gmail accounts connected to activists in China and a hack on the International Monetary Fund.

Australian organisations exposed

James Turner, security analyst at IBRS, said that, for Australian organisations, Lulzsec was concerning.

“Any thinking person would like to have a completely secure website and IT infrastructure, but perfect security is either prohibitively expensive or simply impractical so we try to strike a balance,” he said.

“Lulzsec is raising the issue of IT security at executive levels – which is useful – but not many Australian organisations have pots of cash sitting around that they can dive into for extra IT security budget. And they certainly don’t have slack headcount just sitting on their hands waiting to spring into action.”

He said this meant that Australian organisations could not “do much to significantly improve their IT security in the short term, and this leaves them vulnerable to attack”.

“So while Lulzsec is raising the issue, Australian organisations cannot immediately defend themselves. Sure, the generally low levels of security are not great, but attacking organisations because of their low security is like saying that the victim was asking for it, and that’s just morally bankrupt.

“Let’s not forget that, ultimately, whether the attacker is a group of pranksters like Lulzsec, or hardcore organised crime gangs, the outcome is the same; there is an attacker and a victim. So really, Lulzsec are still muggers, but pretending to be not as bad as the other kind of muggers, who operate in secret.”

Lulzsec v Anonymous

Lulzsec’s arrival on the hacking scene has caused some friction with the other notorious internet hacking collective dubbed Anonymous, which has been responsible for all manner of web attacks including taking down some Australian government websites as part of a protest against internet censorship legislation.

The two groups have been taking potshots at each other over Twitter.

The Lulzsec telephone hotline reportedly received thousands of voicemail messages. One radio show managed to get through and published a recording of their chat online.

Callers are now met with a voicemail message saying: “We are not available right now as we are busy raping your internet. Leave a message and we will get back to you whenever we feel like.”

After the US Senate’s website was hacked over the weekend, the site was targeted a second time this week but a security spokeswoman insisted no sensitive data was exposed.

“They’re getting nothing but the attacks continue,” Martina Bradford, the deputy Senate sergeant at arms, said.

“We’ve been able to stay ahead of the hackers and keep them out of the main Senate network.”

Hackers should use powers for good not evil

Sophos’s Paul Duckin said Lulzsec might only be one person. “Your guess is as good as mine,” he said.

He said Lulzsec appeared to be “attacking targets without rhyme or reason”.

“It could just be one person in his own bedroom mounting [these] attacks.”

A poll of 1500 on the Sophos blog recently found about 40 per cent of its readers believed what Lulzsec was doing was fun and that they were teaching security experts a lesson, Ducklin said. The other 60 per cent said that it was bad and not acceptable.

He said Lulzsec was not proving anything. “It’s a bit like if you throw a brick at a bus shelter it shatters,” he said. “We know it breaks; we already know that. Thanks.”

Ducklin said hackers, instead of using their power for evil, should donate their time to doing something useful. They could do so by visiting a site such as hackersforcharity.org.

The hackersforcharity.org site helps people with little knowledge in computer security and even allows a hacker to help build a website for those in developing nations.

“If you actually have some moral spine as a hacker you can actually give that time away,” Ducklin said.

“Why do you have to destroy and damage stuff and leak people’s personally identifiable information in order to prove a point? Why not just help people and solve the problem instead of being a part of it?”

Read more: http://www.smh.com.au/

Advertisements

US oil deal reveals real reasons behind Libya campaign

The first shipment of Libyan oil arrived to the US on July 8th, following a deal signed by the US and the Transitional National Council, the self-proclaimed legitimate government of Libya. The sale finally reveals the true reasons behind the NATO campaign, previously described as an attempt to provide security for Libyan civilians. The said civilians keep suffering, NATO forces keep trying to break the stalemate and America seems to be the only side of the conflict benefiting from the so-called “rescue operation”.  Meanwhile representatives of Arab and Western countries are meeting in the United Arab Emirates to discuss Libya’s future after the presumed end of Muammar Gaddafi. However Gaddafi doesn’t seem to be in a hurry to give up, which was clearly demonstrated by the lack of results of NATO bombardments of Tripoli.
A plan “to take all necessary measures to protect civilians and civilian populated areas”, declared by the UN Security council resolution is failing miserably. However, while Libyan civilians suffer from the actions of both the rebels and government troops, Libyan oil is getting safely transported to America. As the US State Department confirmed on Wednesday, the rebel government in control of the eastern regions of Libya had made its first sale. The deal followed an April announcement by the Office of Foreign Assets Control at the Treasury Department that established a new licensing policy with Libya. The US had to take this measure to facilitate oil-related transactions with the Transitional National Council.

According to a written statement from the State Department, Tesoro, a U.S. oil refiner, signed a deal with the Transitional National Council based in Benghazi, Libya for 1.2 million barrels of Libyan crude oil. The dollar value of the deal is still unknown.

The statement claims that the true reason behind the deal with TNC is an intention to support the Libyan people. However, one must be extremely naïve to believe that any Libyan person caught in the chaotic cross-fire would get a single cent out of this deal.

As the US is successfully solving its oil problem, Western and Arab leaders are preparing to decide the future of Libya. The members of the so called Contact Group – a coalition of various countries and international organizations that have officially recognized the TNC as the legitimate government of Libya – are to meet in the United Arab Emirates. It is the third meeting of the group tasked with discussing the potential development of the country after the end of the Gaddafi regime.

It’s a surprising fact that despite beginning of oil trade with the TNC, the United States has not recognized the new government of Libya. “We are still considering it but there’s no final decision as of right now,” said a US official, commenting on the possible recognition of the TNC.

While the members of the Contact Group are deciding the future of post-Gaddafi Libya, Gaddafi himself expresses no intention to give up his power. “We will not surrender, we will not give up,” the beleaguered leader declared in response to the intensified bombardment of Tripoli by NATO air forces. NATO has to face the fact that all of its strategies to end the conflict remain nothing but empty words, while the country sinks deeper into chaos.

The latest report of the UN Human Rights Council states that war crimes in the troubled country continue and that means the citizens of Libya keep paying a bloody price for European ambitions and American oil.

By : Vladimir Gladkov

Source : http://www.globalresearch.ca