Tag Archives: Anonymous

Academics and Security Are Not Always Hand-in-Hand…

In two separate articles in SC Magazine, there seems to be a slew of issues with universities maintaining privacy and security.

In the first article, the University of Chicago sent out post cards to their 9,100 employees reminding them of their benefits open season. They added the extra bonus of including the employees social security number on the cards as well. The school stated:

A school official said there is no reason to believe outsiders had misused any of the information. The university also recommended that employees securely get rid of the postcards.

The problem is that it only takes one “outsider” to misuse the information once to potentially ruin someones life.

In the second article, the anonymous hacktivist group GhostShell posted data from multiple universities recently. The leader of the group tweeted about the hack and a link to the pastebin data.

In the Pastebin message, GhostShell said that the recent attacks were launched to bring attention to various grievances the group holds toward the educational systems in the United States, Europe and Asia. The hackers cited growing tuition fees, frequently changing laws and heavily regulated teaching.

Furthermore, the group also noted that many of the systems targeted had already been infected with malware. Since these universities are meant to educate the future in various fields, one of them computer science and technology, it would make sense for these universities to apply the concepts and principles of security within the systems they use.

While governments and other organizations make mistakes, it is understandable that similar things would occur in academia, but regardless of where it happens, the old saying “measure twice, cut once” needs to be driven home in everything we do. If it is sending out a mail merge or a network, good security practices need to be a part of the thought process and the routine.

Tagged , , , , ,

Anonymous Arrest in Dallas…

According to Reuters, a self-proclaimed leader of the hacker group Anonymous, Barrett Brown, was arrested in Dallas on September 12. According to the article, the arrest is a result of Brown’s alleged threatening of an FBI agent via a YouTube video complaining that the agent and the FBI were harassing/threatening his mother and stated the following:

Robert Smith’s life is over

This story is sure to progress and be updated over the coming weeks…

Tagged , , ,

When a DDoS is not a DDoS…

The interim CEO of GoDaddy, Scott Wagner, issued a press release stating that the outage was not a result of a DDoS attack, but rather an internal networking issue that corrupted the routing database. It would appear that GoDaddy is trying to play politically correct in its wording. Whether self-imposed or from an external attacker(s), DDoS is DDoS.

In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. – Wikipedia

The fact that they are choosing to down play the event, makes it seem that GoDaddy is trying to recover from the PR created from the outage that affected their customer base.

On the other side of the issue, the purported hacker of the outage, Anonymous Own3r, tweeted his disdain over the press release when he tweeted the following:

whooa @godaddy is denying that it was hacked by me! they don’t wanna show their cybersecurity is bad this way they would lose customers !

Either way this issue lands, the question will become whether or not GoDaddy Customers view this outage as a result of one of the following:

  • Hacker DDoS Attack
  • Random technical issue
  • Internal incompetence

Only time will tell…

Tagged , , , , ,

These Are Not the UDIDs You Are Looking For…

It is now known that the recent release of the Apple UDIDs was not a result of a hack of the FBI but rather from a compromise of the publishing company BlueToad. In an article posted on the NBC News Red Tape Page, the author Kerry Sanders, discusses the details with the companies CEO, Paul DeHart. According to BlueToad:

Paul DeHart, CEO of the Blue Toad publishing company, told NBC News that technicians at his firm downloaded the data released by Anonymous and compared it to the company’s own database. The analysis found a 98 percent correlation between the two datasets.

“That’s 100 percent confidence level, it’s our data,” DeHart said. “As soon as we found out we were involved and victimized, we approached the appropriate law enforcement officials, and we began to take steps to come forward, clear the record and take responsibility for this.”

 

Tagged , , ,

GoDaddy DNS was a No Go…

– – START UPDATE – –

HackerNews has posted an interview with the purported Anonymous Hacker that attacked GoDaddy. According to the article the hacker known as Anonymous Own3r used an IRC botnet using a script from Pastebin to take the GoDaddy DNS service down. Read the article for more information…

– – STOP UPDATE – –

Yesterday GoDaddy and their customers felt the Internet shut down for them. At around 1725 UTC September 10, GoDaddy experienced what appears to be a DDoS attack that lasted over 4 hours and which GoDaddy states affected all of their 10 million customers. This outage forced GoDaddy to transition their DNS services to their competition – Verisign. In an official statement from GoDaddy below, they do not address the cause of the outage:

At 10:25 am PT, GoDaddy.com and associated customer services experienced intermittent outages. Services began to be restored for the bulk of affected customers at 2:43 pm PT. At no time was any sensitive customer information, such as credit card data, passwords or names and addresses, compromised. We will provide an additional update within the next 24 hours. We want to thank our customers for their patience and support.

Some GoDaddy customers reported that email as well as the web services were unavailable, but some were able to get email web interfaces but unable to send messages. According to domainincite.com, they this level of access during the outage is probably a result of cached DNS entries for those users and that the fact that GoDaddy transferred DNS services to Verisign all points to a DNS compromise or issue.

Even though no root cause was officially addressed, the hacktivist group Anonymous via Twitter claimed responsibility. It is not completely evident thus far if this is fact or if this is another claim that has no merit.

It will be interesting to get the complete story if  GoDaddy is willing to share more about this embarrassing incident.

References:

http://www.godaddy.com/

http://support.godaddy.com/groups/domains-management-and-services/forum/topic/dns-problems-4/

http://www.wired.com/wiredenterprise/2012/09/godaddy-moves-to-verisign/?utm_source=twitter&utm_medium=socialmedia&utm_campaign=twitterclickthru

http://domainincite.com/10403-what-the-hell-happened-to-go-daddy-last-night

Tagged , , , , ,
%d bloggers like this: