Tagcyberwar

Anonymous/Telecomix Hacktivist Peter Fein Speaks Out

peter fein

Anonymous member Peter Fein deanonymizes himself in a video interview with BBC:

Anonymous ‘hactivist’ goes public on cyber protests

See also: My video interview with Fein and The Doctor.

CloudFlare Speaks Out About Their Experience Hosting LulzSec

My colleague Kit Dotson writes:

In every statement about allowing LulzSec to use their free service, CloudFlare has been pointed about mentioning that while they had received queries from law enforcement—they had never been asked by any authority to terminate service. Of course, the company had very little information to provide about their free client because all that’s needed to sign up is an e-mail address, a username, and a password.

Prince describes the experience as causing several existential crises for his colleagues, after all, who wants to be described as the person who provided anonymity to a group of hackers? Still, in the end, they decided that it was not their job to act as censors when housing information on hacking subjects itself is not illegal.

SiliconAngle: CloudFlare Speaks Out About Their Experience Hosting LulzSec

Prince also said ““You can’t pay for pen testing like this.” No kidding!

The Rise of the Hactivist

From SiliconAngle:

Hacktivism is the result of mashing up the words hack and activism and was coined in 1998 by Omega, a member of the Cult of the Dead Crow hacker crew. By definition, hacktivism is the use of computers and computer networks as a means of protest to promote political ends or “the nonviolent use of legal and/or illegal digital tools in pursuit of political ends”. Hacktivism can be in the form of web site defacements, redirects, denial-of-service attacks, information theft, web site parodies,virtual sit-ins, typosquatting, and virtual sabotage. Wikipedia also defines hacktivism as “the writing of code to promote political ideology: promoting expressive politics, free speech, human rights, and information ethics through software development.”

Inside the World of Wannabe Cyberspooks for Hire

Many of you have probably heard about the internal e-mails from the security firm HBGary. Ars Technica summarizes much of it in a length article, including HBGary’s aspirations to provide various PSYOPS services – such as cartoons and social media propaganda management – to federal agencies. Ars Technica details one proposal the firm sent to DARPA, which agency declined to fund:

So Barr and Hoglund drafted a plan to create something like a lie detector, except that it would look for signs of “paranoia” instead.

“Like a lie detector detects physical changes in the body based on sensitivities to specific questions, we believe there are physical changes in the body that are represented in observable behavioral changes when committing actions someone knows is wrong,” said the proposal. “Our solution is to develop a paranoia-meter to measure these observables.”

The idea was to take an HBGary rootkit like 12 Monkeys and install it on user machines in such a way that users could not remove it and might not even be aware of its presence. The rootkit would log user keystrokes, of course, but it would also take “as many behavioral measurements as possible” in order to look for suspicious activity that might indicate wrongdoing.

What sort of measurements? The rootkit would monitor “keystrokes, mouse movements, and visual cues through the system camera. We believe that during particularly risky activities we will see more erratic mouse movements and keystrokes as well as physical observations such as surveying surroundings, shifting more frequently, etc.”

But HBGary was also interested in applying its techniques for private clients as well:

But the e-mails also remind us how much of this work is carried out privately and beyond the control of government agencies. We found no evidence that HBGary sold malware to nongovernment entities intent on hacking, though the company did have plans to repurpose its DARPA rootkit idea for corporate surveillance work. (“HBGary plans to transition technology into commercial products,” it told DARPA.)

And another document, listing HBGary’s work over the last few years, included this entry: “HBGary had multiple contracts with a consumer software company to add stealth capability to their host agent.”

The actions of HBGary Federal’s Aaron Barr also serve as a good reminder that, when they’re searching for work, private security companies are more than happy to switch from military to corporate clients—and they bring some of the same tools to bear.

When asked to investigate pro-union websites and WikiLeaks, Barr turned immediately to his social media toolkit and was ready to deploy personas, Facebook scraping, link analysis, and fake websites; he also suggested computer attacks on WikiLeaks infrastructure and pressure be brought upon journalists like Glenn Greenwald.

His compatriots at Palantir and Berico showed, in their many e-mails, few if any qualms about turning their national security techniques upon private dissenting voices. Barr’s ideas showed up in Palantir-branded PowerPoints and Berico-branded “scope of work” documents. “Reconnaissance cells” were proposed, network attacks were acceptable, “target dossiers” on “adversaries” would be compiled, and “complex information campaigns” involving fake personas were on the table.

Ars Technica: Black ops: how HBGary wrote backdoors for the government

One of the more interesting proposals was for a “persona management” software for the Air Force. Raw Story has more details on this project. A mysterious company called Ntrepid eventually won that contract.

This isn’t the Air Force’s first foray into social media propaganda, it launched a blog commenting campaign in 2009.

DARPA’s New Crowdsourcing Initiative to Target Pets

DARPA dog

Right now, only 1 percent or so of America’s population contributes to the country’s defense and offense. In its new budget, Darpa announces a $25 million effort to build tools that’ll rope in the other 99 percent. Doesn’t exactly explain how. But think crowd-sourcing, plus a touch of machine learning to pair peeps up. The program is called “Unconventional Warfighters,” and the idea is to tap three pools of potential contributors.First, Darpa is looking to plug in “futurists, inventors, hobbyists and tinkerers who approach military problems from an unconventional perspective.” Then, the agency would like to call upon “military Veterans, including disabled Veterans, who have deep knowledge of the missions and the operational environment.” Lastly, Darpa wants those veterans’ pets.“Animals are another class of potential contributors,” the agency explains in its budget. “This is not a new idea, as animals possessing special abilities such as dogs and dolphins have been used before to perform military tasks such as mine detection. The new aspect to be examined under Unconventional Warfighters is the potential for creating new sensor, processing, communication and actuator systems specially adapted to enable animals to execute tasks beyond their natural capabilities.”

Darpa’s New Recruits: You, Your Grandpa and Your Dog

(via Arkenberg)

US Blames China for Web Vandalism

The US is blaming China for recent government web site hacks. Sounds like more new Cold War crap to me. The story also mentions the fact that “American hackers have vandalized scores of Chinese Web sites since the spy plane collision.”

Websites operated by the departments of Labor and Health and Human Services were working properly Sunday after being vandalized one day before by hackers who federal officials believe are from China.

A picture of Wang Wei, the Chinese pilot who was killed in a collision with a U.S. Navy spy plane April 1, was posted Saturday on the Department of Labor’s website. Agency spokesman Stuart Roy compared the vandalism to graffiti: “You can lock up a store so the merchandise is safe,” he said, “but you can’t stop somebody running by with a can of spray paint.”

© 2014 Technoccult

Theme by Anders NorenUp ↑