Anonymous shut down! Ringleaders brought to justice!
Wed, 07/20/2011 - 13:27
Topic Source:
As many readers would no doubt already be aware, the FBI has just arrested 16 "members" of Anonymous in relation to DDoS attacks and intrusions.
The US Department of Justice swiftly issued a press release with the catchy, ALL CAPS title of "SIXTEEN INDIVIDUALS ARRESTED IN THE UNITED STATES FOR ALLEGED ROLES IN CYBER ATTACKS".
So this is a massive blow to "Anonymous" and its sophisticated campaign of mayhem, right?
Wrong.
Wed, 07/20/2011 - 14:48
#2
Tflow
How about the alleged 'core' lulzsec member - Tflow - who was arrested in london ... (16 year old) ...
http://blogs.forbes.com/andygreenberg/2011/07/19/hacker-arrests-may-have...
Wed, 07/20/2011 - 18:01
#3
Exactly! The whole thing is a
Exactly! The whole thing is a farce. And, even funnier, only further demonstrates their fundamental ineptitude in dealing with such things. Which only further emboldens those in-the-know.
Wed, 07/20/2011 - 18:37
#4
Good article, Patrick. Glad
Good article, Patrick. Glad to see some alternative perspective on this. Not only is it a public/media relations campaign, but the authorities will use these lousy numbers to inflate "hacker" arrest statistics to justify the expansion of FBI and cyber security budgets. Did you see this:
http://thedailyattack.com/2011/07/19/as-anonymous-grows-the-fbi-wants-yo...
Thu, 07/21/2011 - 01:06
#5
Well...
It shuts up the reporters... the fact is there are things that can be done to track users on the internet but it's not an easy process.... for example if you bounced off a host, then you'd have to also disable firewalls, IDS systems etc from tracking your access in access logs (however someone would have to be reviewing them to see you doing the attacks). Sure, they may have been part of the team members of anonymous but the fact is that anyone could claim to be part of that crew... using twitter or any outlet is the problem as this gives law enforcement a source ip which they can follow back to an originator.. at that point its just follow the breadcrumbs. At the end of the day, I think there are several interesting factors: A> Will the children, yes children (sub 18 years of age) be tried as adults and imprisoned forever? B>Do we do enough in schools to educate kids on the punishment for these sorts of crimes? C> Organizations that can be breached by children ought to be punished severely for having such weak security controls... most of these breaches are preventable with three controls, firewalls, Intrusion Prevention with SQL injection/CSS detection signatures and a proper patch management program.
Fri, 07/22/2011 - 23:35
#6
You sir, are a supporter of Anonymous
Why are members of the hacker group Anonymous posting on your blog? Every person who has posted here has claimed the name Anonymous! Outrageous! Tomorrow's headlines should read,
- "Journalist Patrick Gray, strong supporter of Internet TERRORISTS!"
Wed, 07/27/2011 - 14:08
#7
soz caps
The US Department of Justice should have at least followed up their tweet with "soz caps".
BTW. Our "feds" are also getting in on the act - I heard on the radio, subsequently read online, that an unemployed truck driver who "brute forced" a password was a "serious threat" to the NBN. Luckily the AFP was able to quickly apprehend this bloke inside of six months.
IMO the serious threat is the guys already inside our systems that nobody knows about!
Thu, 08/04/2011 - 05:12
#8
I believe too that the
I believe too that the serious threat are the guys already inside the system - and what's more I know who they are....they are called IT "management".
I'm gutted Patrick. Every week I listen to your podcast and for many months and it has been motivated about getting into the security side of IT. Now I'm in what you could call a security role working for some big mutli-nationals and I'm totally disappointed. It's true that these big companies have notions of defence in depth model, they talk about compliance, procedures, and they have in there arsenal every security device under the sun. However, I've come to realise that all this infrastructure doesn't mean a thing, if the culture of the company in terms of thinking and apply security practices isn't mature enough.
So it's not hard to understand why the "hackers" are winning. In just a few months of my sec job I've experienced all this.., "we need to add and any, any accept rule to the firewall because our apps aren't working - open up the data flow, we'll look at closing it down later (which of course never happens)", " that proxy keeps getting in the way, lets create rules to bypass it","dont worry, we've only got a few infected machines with that botnet, it's too much of a hassle to clean them up", "that VPNSSL is time consuming to administer so lets make it easier and add an any rule then manage the data flow elsewhere", "we can't possibly change the passwords on all our firewall/proxy/server infrastructure, it will take too much time". It goes on.
What's worse, the managers and directors don't seem to care either. It's availability over all other considerations. The biggest surprise I've experienced is that a company bought a ton of firewalls to show the board of directors that IT is managing "risk" , only then to push out "any any accept" rules so that they don't impact on the company :) They should have saved there money and bought a switch instead.
For many companies, I get the impression that their IT security infrastructure is just a hollow symbolic sham. Additionally, it has amazed me that that half the people in an IT operations department don't understand their companies' IT infrastructure yet have the authority to make changes to it - for better of for worse.
I hope that with the Lulzsec group and the police actually catching real criminals that profit from this lack of security management will push an evolution of security culture.
Sadly, it seems to me that the security tools we have available to us today and the management of these tools just doesn't cut it.
Love it. Now podcast pleaz. Lots of lulz?
~J