jump to navigation

Cyber crime fighters September 26, 2008

Posted by cyberpatrol in cybercrime.
Tags: ,
add a comment

Concordia Journal, 25 September 2008

In the spring of 2007, the government of Estonia, a small independent Baltic state and former Soviet republic, made the decision to remove a Soviet war memorial from the city of Tallinn. The Russian government expressed its disapproval of the action.

Shortly thereafter, Estonia’s national IT network was subject to a cyber attack so intense and prolonged that it impacted the government’s ability to function. Web sites and servers of banks, broadcasters, newspapers and telecoms were also assaulted. The situation was so dire, that – after three weeks – NATO experts were called in to help.

While this type of cyber warfare is the extreme of cyber crime, there is no doubt that as people, business and the public sector have increased their online presence, so have criminals.

Over a year ago, Mourad Debbabi (Concordia Institute for Information Systems Engineering and Concordia University Research Chair Tier I in Information Systems Security) was invited to a meeting that included Canadian law enforcement officials, as well representatives of the banking, telecommunications, financial and public sectors.

“I was the only academic present,” he said.

The purpose of the meeting was to develop a national organisation to fight cyber crime. One of the speakers, an agent from the FBI, described a relatively new organization in the US called the National Cyber Forensics Training Alliance (NCFTA).

The NCFTA is neutral collaborative venue where critical confidential information about cyber incidents can be shared discreetly among industry, academia and law enforcement. The Alliance facilitates advanced training, promotes security awareness to reduce cyber-vulnerability, and conducts research in cyber forensics.

At the end of the meeting, participants asked themselves if such an organization was required in Canada.

“The answer was a resounding, unanimous yes,” said Debbabi.

NCFTA Canada was formally launched in July 2008 with Concordia as its primary host. While the legalities of the collaborative effort are still in negotiation among the partners – which include Bell Canada, the Competition Bureau of Canada, Rogers Communications, and Microsoft Canada – technical operations are starting this fall.

Debbabi, whose research focuses on cyber forensics, explained that the mandate of the organization is quite broad.

“Cyber crime includes any criminal activity where computers or computer systems are either the tool or the target – child porn and exploitation, identity theft, hacking, fraud, and any kind illegal digital transaction.”

Partners will target reductions in and improved defense against activities such as SPAMming, phishing and denial of service attacks like those launched against organizations such as the Church of Scientology earlier this year.

Debbabi underlined that these types of attacks account for billions of lost dollars and uncountable hours of lost productivity each year.

He is currently serving as NCFTA Canada’s Vice-President and a member of the Board of Directors, where his role is to, “ oversee establishment of the organization, its operation and management, and student and research project supervision.”

He is pleased Concordia was chosen as the host institution because, “we have the largest concentration of researchers focused on IT Security and cyber forensics in Canada.”

CIISE offers a master’s degree in the area, which currently has more than 150 students.

Debbabi believes the partnership created through NCTFA will expand students’ access to real world training opportunities and industry’s access to emerging means of dealing with threats.

“As a researcher, I know when I give a forensic toolkit to cyber investigators for testing and evaluation, I will receive significant feedback which will help in the development of better tools. NCFTA Canada is really all about increasing our efficiency at fighting cyber crime. Alone, none of us can achieve much, together we are very much better.”


O’Reilly Hacked for Comments about Palin Hack September 20, 2008

Posted by cyberpatrol in 4chan.org, Anonymous, cyberbullying, cybercrime, Cybercrime groups, cyberterrorism, Hacking, stalking.
Tags: , ,

Wired, 19 Sept 2008

A hacker claims to have cracked the web site of Fox News commentator Bill O’Reilly and purloined a list of subscribers to the site, which includes their names, e-mail addresses, city and state, and the password they use for their registration to the site.

The attack was retaliation for comments that O’Reilly made on the air this week about web sites that published e-mails obtained from the Yahoo account of Alaska Governor Sarah Palin, according to a press release distributed by WikiLeaks late Friday.

The hacker sent WikiLeaks a screenshot of O’Reilly’s subscriber list as proof of the deed, which WikiLeaks has posted online.

This week on his Fox show, O’Reilly slammed web sites, such as WikiLeaks and Gawker, for posting screenshots of e-mails, family photos and a list of contacts taken from Palin’s private e-mail account.

“They’re trafficking in stolen merchandise,” O’Reilly said during one of his shows, calling for their prosecution. He also referred to a site that published the screenshots as “despicable, slimy, scummy.”

In the video above, O’Reilly spoke with Amanda Carpenter, a reporter for Townhall.com who agreed with him and said that a web site that published such information was “complicit” in the hack of Palin’s e-mail account.

“They think it’s newsworthy, even though the information was absolutely, illegally obtained,” she said.

Neither O’Reilly nor Carpenter mentioned the First Amendment protection that media organizations, such as Fox News and Townhall.com, are generally afforded for publishing newsworthy information.

That segment was followed the next day by a segment with Fox News anchor, Megyn Kelly, a lawyer, who explained why the First Amendment would protect the sites. (See video below.)

O’Reilly, disagreed with her, however.

“If your grandma sends you 50 bucks for your birthday and somebody steals the letter and gives it to somebody else and they take the 50 bucks, they’re going to get charged as well as this person who stole the letter,” he said.

Kelly explained that taking stolen money and publishing news were not the same.

“That’s crazy,” he said.

“No it’s not crazy,” Kelly replied. “Because . . . what if somebody obtained a document illegally that proved some massive conspiracy among the presidential candidates and they leaked it to Fox News and we knew it was stolen. You don’t think we’d put it on the air? You’re darn right we would. And it’s not illegal.”

WikiLeaks said in its press release that it had confirmed the authenticity of the list, but didn’t mention how it did so.

Efforts by Threat Level to contact Fox News and some of the subscribers on the list to independently verify the authenticity of the list were unsuccessful.

Web proxy firm working with FBI to trace Palin e-mail hacker September 18, 2008

Posted by cyberpatrol in 4chan.org, Anonymous, cyberbullying, cybercrime, Cybercrime groups, cyberterrorism, Hacking, stalking.
Tags: , , ,

IDG, 18 Sept, 2008

The Webmaster of a proxy service called Ctunnel.com, which may have been used by a hacker to illegally access the e-mail account of Republican vice presidential candidate Sarah Palin, is working with law enforcement authorities to track down the person behind the break-in.

Gabriel Ramuglia, the Athens, Ga.-based Webmaster of Ctunnel, said Thursday that URLs in screenshots of Palin’s e-mail — photos were posted online Wednesday on 4chan.org and other sites — suggested that whoever accessed her Yahoo! account had used his proxy service.

Ramuglia said in an interview that he was contacted by FBI officials last night and asked to retain computer logs of the last few days’ activity on his service and make sure nothing is deleted. Ramuglia, who normally stores only a week’s worth of log data, said he would not have deleted anything anyway because of the illegal nature of what had happened.

Ramuglia is now in the process of importing more than 80GB worth of log data into a database for analysis. He said he’s reasonably confident he can help authorities sift through the logs and trace access back to the originating IP address — especially because the self-professed hacker has admitted using just one proxy service to access Palin’s account.

Notorious board user

The alleged hacker said in an online posting that he gained access by simply resetting the password to Palin’s Yahoo! e-mail account using its password recovery service. That’s according to a description of events posted on a blog site run by conservative syndicated columnist Michelle Malkin.

The first-person account was originally posted on a Web site called 4chan.org by a poster identified only as “Rubico.” That post, along with a related thread, was later deleted from that site — but not before a reader of Malkin’s blog apparently snagged a copy of it and sent it along to Malkin. Rubico’s claims could not be verified and security analysts have been skeptical of the claims.

According to the Malkin blog reader, 4chan.org hosts multiple boards, each of which is dedicated to specific subjects. The individual who first broke into Palin’s e-mail account apparently belonged to a group called /b/, which the reader described as the “most notorious” of the boards on 4chan.org.. /b/tards, as its denizens are called, are interested only in their own amusement,” the reader claimed.

Reset the password

Rubico allegedly became interested in Palin’s e-mail after reading media reports of her using a Yahoo! e-mail account and decided to try and access it by resetting her password. “It took seriously 45 mins on wikipedia and google to find the info” needed, Rubico claimed. “Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)”

Rubico said it was harder to find the answer to one of the other questions needed for a password recovery: Where had Palin met her husband? After some digging, Rubico determined that the couple first met at Wasilla High School.

He said he used the information to reset Palin’s password and go through her e-mail to see for anything incriminating that might “derail her campaign.”

It was only after finding nothing that the hacker realized how easily he could be caught, since he had used only one proxy to access the account. So he decided to make access to it available to others on the /b/ board by posting Palin’s recently reset password. Rubico claimed he “then promptly deleted everything, and unplugged my Internet and just sat there in a comatose state.”

However, one of the other members of the bulletin board who Rubico described as a “White knight f..,” saw the thread and used the new password to go back into Palin’s account and reset it. That person then sent an e-mail to a “friend of Palin’s” informing her of the new password and what had happened, Rubico claimed.

Alaska Governor Palin’s email account hacked via social engineering September 18, 2008

Posted by cyberpatrol in 4chan.org, Anonymous, cyberbullying, cybercrime, Cybercrime groups, cyberterrorism, Hacking, stalking.
Tags: , ,
add a comment

ZDNet, 19 September 2008

Details describing how someone hacked into the Yahoo Mail account of Republican vice presidential candidate Sarah Palin (pictured) emerged on Thursday.

The hack appears to have been accomplished through little more than social engineering, the process of acquiring personal information through social manipulation. The hackers exploited known weaknesses in Yahoo Mail’s password-recovery feature.

The Knoxville News Sentinel reported that a 20-year-old University of Tennessee student has been contacted in connection to the federal investigation of the break-in.

Since Tuesday, anonymous posters using a forum on the 4chan.org website have been circulating password-protected zip files containing the contents of the now-deleted email account once belonging to Palin. Various posts to the /b/ board have also provided insight into how the hack was carried out.

Like most web account services, Yahoo Mail provides an option to reset or recover one’s user name and password. What is unclear is how the account recovery was rerouted from the alternative email address chosen by Palin to a secondary email address.

One poster said it took only 15 seconds on Wikipedia to answer Yahoo Mail’s prompt for Palin’s birthday.

As regards the prompt for a ZIP code, Wasilla, Alaska, has only two ZIP codes.

However, Palin’s personal security question — ‘Where did you meet your spouse?’ — did slow the process down. The poster claimed it took several tries before they eventually hit upon the correct answer: Wasilla High School.

Webmail accounts are not alone in using online security questions.

In May, Acxiom, a Little Rock, Arkansas-based data-warehouse company, announced it was introducing a biographical authentication service that asks users of online banking and e-commerce sites random questions based on their personal lives, such as “How many fireplaces are in your current residence?”. The answer can be obtained from any US real-estate website.

Company files defamation lawsuit against anonymous Web poster August 23, 2008

Posted by cyberpatrol in Anonymous, cybercrime.
Tags: ,
add a comment

Ann Arbor News, 21 August 2008

After executives at an Ann Arbor venture capital firm discovered an anonymous, negative Internet posting about the company, they weren’t just mad: They decided to sue.

In a court filing, EDF Ventures accused “John Doe” of defamation for implying in a comment posted on the Web that the people running the firm were dishonest. The comment was made on a California-based Web site called The Funded, which was created to allow entrepreneurs to rate investors anonymously. (more)

Jeremie Dalin: Teen convicted after threat August 22, 2008

Posted by cyberpatrol in 4chan.org, Anonymous, cybercrime, cyberterrorism.
Tags: , ,
add a comment

Lincolnshire Review, 21 August 2008

A teen convicted of falsely making a terrorist threat against Stevenson High School will serve 24 months of probation and must meet other conditions of his sentencing.

Jeremie Dalin, 17, of the 200 block of Bridle Path, Fox River Grove, was sentenced Aug. 15 in Lake County Circuit Court by Judge Christopher Stride. (more)

Similar articles:
Barrington-Courier Review: Teen on probation after posting threats online
Buffalo Grove Countryside: Teen put on probation for posting threatening messages online
Cary Grove Countryside   : Teen put on probation for posting threatening messages online

Government: Cyberbullying is a New Phenomenon, as is Social Networking August 14, 2008

Posted by cyberpatrol in cyberbullying, cybercrime, myspace, stalking.
Tags: , ,
add a comment

Law Blog, 13 August 2008

Last month, when H. Dean Steward, the lawyer for Lori Drew in the MySpace suicide case, filed his three motions to dismiss, he wrote: “If the government’s statutory construction is correct and the [Computer Fraud & Abuse Act] criminalizes violating a website [terms of service], then the statute is void for vagueness because it fails to provide warning of what is prohibited and ensures discriminatory enforcement . . .”

Yesterday, the government, represented by AUSA Mark Krause, shot back, filing three oppositions to the failure to state a claim motion, to the vagueness motion and to the unconstitutional delegation of prosecutorial power motion. (read full article)

The Trolls Among Us August 4, 2008

Posted by cyberpatrol in 4chan.org, Anonymous, cyberbullying, cybercrime, cyberterrorism, Hacking, stalking.

New York Times on the character of “Internet trolls” or better: those behind cyber-crimes:

One afternoon in the spring of 2006, for reasons unknown to those who knew him, Mitchell Henderson, a seventh grader from Rochester, Minn., took a .22-caliber rifle down from a shelf in his parents’ bedroom closet and shot himself in the head. The next morning, Mitchell’s school assembled in the gym to begin mourning. His classmates created a virtual memorial on MySpace and garlanded it with remembrances. One wrote that Mitchell was “an hero to take that shot, to leave us all behind. God do we wish we could take it back. . . . ” Someone e-mailed a clipping of Mitchell’s newspaper obituary to MyDeathSpace.com, a Web site that links to the MySpace pages of the dead. From MyDeathSpace, Mitchell’s page came to the attention of an Internet message board known as /b/ and the “trolls,” as they have come to be called, who dwell there. (go to the remainder of the 10 page article)

Anonymous hacking to destroy for “fun” and harassment of Black Americans July 4, 2008

Posted by cyberpatrol in 4chan.org, Anonymous, cybercrime, cyberterrorism, Hacking.
Tags: , , ,

The story of the 4chan hack against SOHH.com and others.

In the early hours of June 27, 2008, two very popular Hip-Hop musical websites were attacked by individuals calling themselves “Anonymous”. MTV News reported that: “Both companies’ sites were hacked, and instead of the usual hip-hop related news articles and feature stories, readers were shocked to find fake headlines and obviously photoshopped pictures saturated with racial slurs and other offensive terms; the hackers also stole personal information about employees of SOHH.com. A group or individual going by the name “Anonymous” has claimed responsibility.”

The CEO of SOHH.com, one of the attacked sites with over 1.5 million visitors per month, issued a statement, saying:

“It appears that hackers are specifically targeting Black, Hispanic, Asian and Jewish youth who ascribe to hip-hop culture. … Other websites, including AllHipHop and DatPiff forums have also been compromised or threatened this week. … Also, as this is an international issue, it is being addressed by the FBI and the Strategic Alliance Cyber Crime Working Group.”

The sites were defaced with Nazi symbols and targeted the Black community whose members regularly frequent the site for news.

Fake headlines (“JEWS DID 9/11 – Enjoy This White Wimmens, N*gger”)

Fake headlines (“DEAD BEAT NIGRA ORDERED TO PAY 40K IN NIGLET SUPPORT) and racist pictures.

Promoting slavery

Racist comments and pictures

Early research found that the attack had been planned and promoted on 411chan.org where a “Call to Arms” was published on 411chan.org on 23 June 2008:

(nao : slang for now. irc: Internet Relay Chat. A real-time communication system on the internet used for chatting or live coordination of events).

The call for support was posted on a website called 411chan.org, a meeting place of the internet group “Anonymous” especially targeting Black people and minorities.

The systems of SOHH.com were damaged sufficiently to leave the site inaccessible for a week. Also the other attacked sites stayed partially disconnected from the internet.

EncyclopediaDramatica.com, a primary site of Anonymous chronicling the online activities of internet hackers on 4chan.org and 411chan.org, announced on 30 June 2008 that they will continue their “fight against niggers”:

“SOHH.com is a place for gay wiggers [slang: wanna-be niggers] to talk about cRap music using their native tounge of nigger language. Sohh.com is one of the highest-ranked online hip-Hop communities ….

“However, Anonymous has no regard for one’s material gains or how “nannified” a racial demographic is — Anonymous only exists to destroy. That lesson has been made abundantly clear to SOHH.com. …

“As SOHH is down, the leader of the Pro-Nigger Faction started a secondary ‘instead-of-SOHH’ site … The registrations are currently closed, but many of our soldiers managed to get in before the closing. As a result of this, there are currently operations underway to make sure this site does not achieve any sort of prosperity.” (Source: http://encyclopediadramatica.com/SOHH)

(What Anonymous thinks of Black people. Source: http://www.encyclopediadramatice.com/Nigga)

Atheists’ MySpace page restored after hacking incident February 8, 2008

Posted by cyberpatrol in cybercrime, myspace.
Tags: ,
add a comment

Secure Computing, 7 Feb 2008

The “Atheist and Agnostic Group” MySpace page has been reactivated, a month after the page was deleted following a November 2007 hacking incident where unauthorised users renamed it “Jesus is Love.”

The incident is the second reported high profile cyberattack in recent months on a religion-oriented webpage. Last month, the Church of Scientology’s website experienced disruptions after it was threatened by a hacker group.

Bryan Pesta, a Cleveland State University assistant professor and the atheist group’s founder, told the Cleveland Plain Dealer last week that his 35,000-member webpage had been shut down twice by the social networking site since its 2004 founding.

More than 830 MySpace members have signed an online petition calling for the page to be reestablished and protected by the networking site, which is owned by international media conglomerate News Corp.

A MySpace spokeswoman confirmed Wednesday that the site was accidentally deleted in January, but restored this month following its November 2007 defacement by a hacker.

The restored page on Wednesday carried a statement thanking MySpace for reinstating the group.

The page also linked to a petition seeking an agreement “with MySpace to ensure that groups attacked by hackers, phishers, spammers and pinheads can be fixed quickly and effectively.”

Pesta could not be immediately reached for comment.

Last month, a hacker group calling itself “Anonymous” said in a video posted on YouTube that it would “systematically dismantle the Church of Scientology in its present form.” The church’s official website could not be accessed at various times in the days following the threat.

Jose Nazario, senior security and software engineer at Arbor Networks, said last month on his blog that researchers had detected nearly 500 DDoS attacks against the church, with an average size of 15,000 packets per second.

The incident followed the church’s copyright infringement claims following the spread of edited clips from a 2004 promotional video featuring actor Tom Cruise.

Anonymous also claimed that the church filtered anti-Scientology comments posted on YouTube, Digg.com and other websites.

Ken Pappas, security strategist at Top Layer Networks, an intrusion-prevention provider, told SCMagazineUS.com at the time that cyberattackers were likely using botnets to attack the church.