LulzSec member "Neuron" Tracked Down Via HideMyAss's Logs

One more member of the hacking group LulzSec, known as "Neuron", may be arrested if traced by their use of a British anonymous VPN , following a similar arrest last week of Cody Kretsinger, who was arrested by the FBI last Thursday for allegedly hacking into the Sony Pictures website, had been identified via his use of HideMyAss's proxy service to disguise his IP  address when connecting to the Sony Pictures site.

However a pastebin log shows that "Neuron" claims to use HideMyAss's Service in order to protect his identity.HideMyAss also posted a lengthy note regarding this topic of their blog after this new emerged.

HideMyAss " It first came to our attention when leaked IRC chat logs were released, in these logs participants discussed about various VPN services they use, and it became apparent that some members were using our service. No action was taken, after all there was no evidence to suggest wrongdoing and nothing to identify which accounts with us they were using. At a later date it came as no surprise to have received a court order asking for information relating to an account associated with some or all of the above cases. As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company we will cooperate with law enforcement if we receive a court order (equivalent of a subpoena in the US). " 

LulzSec is going down #The Fourth Arrest 

BART Police Database Hacked by Anonymous #OpBART

Database with information about the members of the police BART (Bay Area Rapid Transit) is exposed by anonymous hackers in the #OpBart operation.

The database, published on Pastebin, contained information on names, addresses and accounts for more than 100 police officers. The Pastebin also contained a link to the campaign OpBart that is executed by Hacktivist group Anonymous.

The reason behind Anonymous operation is “censorship” of the subterranean cellular voice and data network in San Francisco’s Bay Area Rapid Transit system (BART) while people protesting about the fatal shooting of a homeless man by BART(Bay Area Rapid Transit) police.

Anonymous user database attacked BART before. During the campaign OpBart published data on the 3000 accounts of the police obtained from the site MyBart.

The group argues that they protest the recent shootings, organized by Bart Police, as well as the agency’s decision to disable wireless connections to disrupt the protests in San Francisco.

While the Police Officers Association website BART (BART Police Officer’s Association) was unavailable, the agency published a message on their official website, which condemned the attack.

“We condemn this latest attack on the working men and women of BART,” interim general manager Sherwood Wakeman said in a statement. “We are deeply concerned about the safety and security of our employees and their families. We stand behind them and our customers who were the subject of an earlier attack. We are deeply troubled by these actions.”

No matter who carried out this attack securing the data is one of the most important steps that we should care about, if we have such sensitive information we need to keep them offline so no one can have them. Or we need to have a security audit and periodic penetration test to have a clear idea if our databases are vulnerable to attack or not.

Facebook threat allegedly from rogue Anonymous members

Members of Anonymous took to Twitter and Pastebin on Wednesday to distance themselves from a threatened cyber attack against Facebook that is reportedly supposed to take place on Guy Fawkes Night in November.

The Anonymous members who spoke out against the proposed attack said the hackers involved in the planned Operation Facebook action aren't representative of the whole group.

And therein lies a problem for Anonymous; there is no defined organization within the hacktivist group.

Not all members take part in every action, no one person runs the group or can tell others what to do and no one person speaks on behalf of the group either.

In the past, this lack of hierarchy has seemed to serve the group well as alleged members have been arrested and other members have preached that an idea can't be arrested and the group will persist.

Now, it seems, some members aren't happy with the ideas of others.

In July, an allegedly rogue band of members started a YouTube page and Twitter account stating that Anonymous would launch a cyber attack on Nov. 5, the day in 1605 when Guy Fawkes famously tried to blow up London's House of Lords and kill England's King James I but was instead arrested.

On Wednesday, Anonymous members offered differing accounts of just what Operation Facebook is. Some called it a hoax, while others said the plan was being conducted by an offshoot of Anonymous and was something the hacktivist group didn't condone.

In a few tweets from the @Anonops Twitter account, one of the many mouthpieces of Anonymous on the micro-blogging service, the story changes from Operation Facebook not being an authentic Anonymous action to it being something a limited number of Anonymous members are a part of:

TO PRESS: MEDIAS OF THE WORLD... STOP LYING! #OpFacebook is just ANOTHER FAKE! WE DONT "KILL" THE MESSENGER. THAT'S NOT OUR STYLE #Anonymous

Dont be silly. Important things are happening in the world to deal with quirks like#OpFacebook. Lets keep our style & moral #Anonymous

#OpFacebook is being organised by some Anons. This does not necessarily mean that all of#Anonymous agrees with it.

We prefer to face the real power and not to face to the same medias that we use as tools.#OpFacebook #Anonymous

One person who identified him- or herself as a member of Anonymous took the blame and said the whole deal was a misunderstanding in a statement published on the website Pastebin.

The Pastebin statement said that Operation Facebook wasn't meant to be a cyber attack on Facebook, but rather an attempt to build a new social network to rival Facebook, one that doesn't share or sell its users' information.

The project didn't gain much traction and became one of the founding pieces of AnonPlus, a social network Anonymous is working on building after its members were kicked out of Google+.

The statement reads:

Op facebook began several months ago, and had between 10 and 20 members. At its conception it had one goal:

To bring attention to the fact that facebook stored the data of user accounts.

This later developed into a second goal:

To develop an ethical, anonymous facebook alternative.

Development began on the site (albeit slowly), and all was well for a few days. Then came news of anonplus, an anonymous social network, similar to the one that was being developed at #opfacebook. The site in development by #opfacebook was slowing to a halt  and so i decided to offer the source to the team at anonplus.

The person who posted the statement, who didn't offer up his or her name (fitting for a member of a group called Anonymous, right?), said that being able to hand off Operation Facebook to those working on AnonPlus was a relief because he or she was getting bored with the undertaking.

I expected them to accept my offer of free source code and a mostly functioning site that would have reduced the embarresment[sic] they subjected themselves to with the epic fail of anouncing[sic] a site before they started coding.

Operation Facebook, the statement said, should have come to an end at that point. But that didn't happen because an online chat room "channel" where Anonymous members discussed Operation Facebook wasn't shut down by anyone.

Nobody ever removed the channel, and so at some point rumours began as to what #opfacebook was.

The plan before it was scrapped had been a mass deletion of facebook accounts, however it was decided that a mass deletion of facebook accounts would occur on november the 5th, however this was decided to be a bad idea and so it was removed from the pad. Unfortunately, this left only the draft of a message to facebook, warning that they would "never forget" the 5th of november. At some point, somebody saw the near-empty channel and joined it. Rumours were spread ranging from 0-day exploits in facebook to physical attacks on the server. Soon #opfacebook gained around 40 people who expected an attack on facebook.

With people seeing the Operation Facebook plans, even though the original planners had given up on the ideas, the cyber attack concept was resurrected by mistake, the statement said. And when the media caught on to this, expectations for Operation Facebook rose even further, with some 200 people wanting to take part, the statement said.

Anyway, the whole thing is a massive cluster... and i feel responsible, so can someone sort that ... out?

#OpFacebook - Anonymous Going To Attack Facebook on November 5 , 2011

#OpFacebook - Anonymous Going To Attack Facebook on November 5 , 2011

Anonymous have declared to destroy Facebook on Nov 5 or may be this is another fake anonymous hacker with a fake operation who made accounts named Op_Facebook (Twitter)  FacebookOp (Youtube) .


Anonymous notices the citizens  
" We wish to get your attention, hoping you heed the warnings as follows:
Your medium of communication you all so dearly adore will be destroyed. If you are a willing hacktivist or a guy who just wants to protect the freedom of information then join the cause and kill facebook for the sake of your own privacy. "

The group said in its message that "Operation Facebook" would be begin November 5. It claimed the social network, based in Palo Alto,Calif., provides information to "government agencies" so they can "spy on people." If Operation Facebook is real, it could mark a new phase for Anonymous, which in recent weeks has joined forces with the remnants of the more tightly knit hacker group LulzSec to target law enforcement agencies in an ongoing operation called Antisec.

                                                                                       One of the Anonymous Leader Claim that "Operation                  Facebook" is Fake. He tweeted as shown above.

Press Release of #Op_Facebook 

Operation Facebook

DATE: November 5, 2011.

TARGET: https://facebook.com

Press:
Twitter : https://twitter.com/OP_Facebook
http://piratepad.net/YCPcpwrl09
Irc.Anonops.Li #OpFaceBook
Message:

Attention citizens of the world,

We wish to get your attention, hoping you heed the warnings as follows:
Your medium of communication you all so dearly adore will be destroyed. If you are a willing hacktivist or a guy who just wants to protect the freedom of information then join the cause and kill facebook for the sake of your own privacy.

Facebook has been selling information to government agencies and giving clandestine access to information security firms so that they can spy on people from all around the world. Some of these so-called whitehat infosec firms are working for authoritarian governments, such as those of Egypt and Syria.

Everything you do on Facebook stays on Facebook regardless of your "privacy" settings, and deleting your account is impossible, even if you "delete" your account, all your personal info stays on Facebook and can be recovered at any time. Changing the privacy settings to make your Facebook account more "private" is also a delusion. Facebook knows more about you than your family. http://www.physorg.com/news170614271.html

http://itgrunts.com/2010/10/07/facebook-steals-numbers-and-data-from-your-iph....

You cannot hide from the reality in which you, the people of the internet, live in. Facebook is the opposite of the Antisec cause. You are not safe from them nor from any government. One day you will look back on this and realise what we have done here is right, you will thank the rulers of the internet, we are not harming you but saving you.

The riots are underway. It is not a battle over the future of privacy and publicity. It is a battle for choice and informed consent. It's unfolding because people are being raped, tickled, molested, and confused into doing things where they don't understand the consequences. Facebook keeps saying that it gives users choices, but that is completely false. It gives users the illusion of and hides the details away from them "for their own good" while they then make millions off of you. When a service is "free," it really means they're making money off of you and your information.

Think for a while and prepare for a day that will go down in history. November 5 2011, #opfacebook . Engaged.

This is our world now. We exist without nationality, without religious bias. We have the right to not be surveilled, not be stalked, and not be used for profit. We have the right to not live as slaves.

We are anonymous
We are legion
We do not forgive
We do not forget
Expect us

AnonPlus Hacked By SyRiAn Cyb3r Army

Boom Third Attack on AnonPlus.com  . Anonplus.com had been hacked once by AKINCILAR and then Th3 Pr0 & SaQeR SyRia now The SyRiAn Cyb3r Army Hacked it for the third time 


After the hacking gang Anonymous took credit for defacing Syria's Ministry of Defense website, a Syrian group retaliated on Monday by posting gruesome photos on Anonymous embryonic social network. 
The defacement of AnonPlus (http://anonplus.com/), the site Anonymous set up last month when it was booted off Google+ — did not include the name of the group responsible.


Where as Anonymous Claim that, AnonPlus is not their any Official site. Lulzsec leader Sabu tweeted "Turns out people were correct: anonplus.com was a troll domain. Belongs to "fro" aka "cnaperth" aka "Adam Bennett" from Perth, Aussie."

RefRef - DDOS Tool By The Anonymous

RefRef - DDOS Tool By The Anonymous

Previously you saw the source code of XerXes by The Jester . The Anonymous Team Have Also Developed their own DDoS tool which is said to exploit SQL vulnerabilities to support the group's future campaigns. Previously they had been using LOIC for many of their operation . But due to this tool many of the Anonymous got caught may the tool was not capable of hiding their tracks . So this time they made their own.


According to Developer "RefRef is a revolutionary DoS java site. Basically, by using an SQL and .js vulnerability, you can send a page request packet from your home computer with embedded .js file, because of the vulnerability in the SQL/Javascript engine on MOST websites, the site actually TEMPs the .js file on its own server. So now the .js is in place on the host of the site. Next since you still have the request, it picks up the .js file, and all of the requesting for packets power happens on the server, not the requestee. I send two packets from my iphone, and everything else happens on the server. Basically eats itself apart, because since both are on the server, its all a local connection."


This DDOS tool #RefRef s set to be released in September, according to an Anon promoting it on IRC this afternoon Developed with JavaScript, the tool is said to use the target site’s own processing power against itself. In the end, the server succumbs to resource exhaustion due to #RefRef’s usage. An attack vector that has existed for some time, resource exhaustion is often skipped over by attackers who favor the brute force of a DDoS attack sourced from bots or tools such as LOIC.


The tool is very effective, a 17-seconds attack from a single machine resulting in a 42-minute outage on Pastebin yesterday. The Pastebin Admins Weren't happy and tweeted 

The effectiveness of RefRef is due to the fact that it exploits a vulnerability in a widespread SQL service. The flaw is apparently known but not widely patched yet. The tool's creators don't expect their attacks to work on a high-profile target more than a couple of times before being blocked, but they don't believe organizations will rush to patch this flaw en masse before being hit.


This means there are a lot of possible targets out there that will be hit at least once. "This tool only makes you vulnerable if you don't keep your systems patched, perform the basic security, which is how Sony got caught with it's pants down," the RefRef developers said.


The tool works by turning the servers against themselves. It sends malformed SQL queries carrying the payload which in turn forces the servers to exhaust their own resources. However, the tool's GUI does have a field for inputting the refresh interval so it might combine traditional forms of HTTP hammering with the new technique.
Some security experts have been skeptical that the success of Anonymous's DDoS attacks can be explained through LOIC alone. They proposed that some of the group's supporters also have access to botnets, a theory that has partially proven to be correct.


source

77 Law Enforcement websites hit in mass attack by #Antisec

More than 77 law enforcement computers were hacked from outside of the United States on Saturday. A hacking group targeted by the FBI is posting the confidential information online. The group intends to do a “rolling release” of information in the days and weeks to come.

The hacking comes on the heels of the arrest of 14 people suspected to be members of the hacking group "Anonymous."

Hackers “AntiSec” and “Anonymous” announced  via Twitter tonight that they absconded with up to10 Giga Bytes of confidential information, including protected witnesses.  They have posted more than 7,000 law enforcement officials’ private information online including: their social security numbers; email accounts and passwords; phone numbers and home addresses on pastebin

The victims of the hacking were unaware of the breach on Saturday night, according to a law enforcement official in Mo., where some of the victims work. Their information was not secure and their emails were open to anybody who knew where to find the information posted by "Anonymous."

The group is threatening to release additional information at PasteBin in retaliation for FBI arrests of 14 alleged computer hackers in the U.S. and Europe, who are suspected to be members of their group.

Supervisory Special Agent Jason Pack of the FBI press office in Washington declined all comment on the breach. The FBI will be releasing an official statement later.

“Anonymous” is also calling for the release of those arrested and a halt to their prosecutions.

The information due to be posted allegedly includes the identity of “snitches,” according to "Anonymous" and additional information about prisoners and witnesses will be posted.  They claim to have redacted the information about prisoners due to sympathy regarding their incarceration.

Websites that were allegedly defaced by the hacking group were "mirrored" at sites hosted by "Anonymous" so people could view them after they were taken off line by their owners. A mirror site is a snap shot in time of a website. The mirror sites are listed by "Anonymous" on their Twitter accounts.

In their Twitter news account, “AnonymousIRC” the group posted the following notice to the FBI.

“Dear @FBIPressOffice, do you know what happens if these people are convicted? This is no threat as we don't know either. But *we* expect us.”

Via - VOGH