UPDATE! Claims LulzSec Leader Arrested In Australia Might Be Dodgey

The self-proclaimed leader of international hacking group Lulz Security has been arrested by AFP – Australian Federal Police – on the New South Wales central coast. The AFP says the 24-year-old man was arrested in the Gosford suburb of Point Clare yesterday.

He has been charged with two counts of unauthorised modification of data to cause impairment and one count of unauthorised access to a restricted computer system. The AFP says he claims to be in charge of Lulz Security, or LulzSec, which has previously claimed responsibility for high-profile hacking attacks, includinga DDS attack that took the CIA website offline, and a hack which caused some serious headaches for Sony Corp.

UPDATE! 24 April 2013: Aush0k has been named as Mathew Flannery - aush0k@live.com – The hacking community is in serious doubt at claims that the man is the leader of the now defunct online activist group LulzSec.

Concerns have also been raised by IT security experts over the Flannery’s employment at Content Security, a business that specialises in online security. The company denied that Flannery had access to any sensitive customer data, in a statement Content Security’s managing director Phil Wurth said ” Flannery was a low level support tech.”

To Date there doesn’t seem to be any evidence at all to suggest that Flannery was even affiliated with LulzSec, or is a leader of the group. Infact the group was disbanded in 2011 because it’s members were arrested.

Flannery seems so far to be all bluster, his Facebook page declares he works for the FBI as a “Special Agent, cybercrime intelligence unit.”

His LinkedIn page has him working for Tenable Network Security - the company denies this emphatically - he also claims to work in Network Security, Penetration Testing and Computer Forensics, though his [confirmed] employer say he works in a Call Centre as low level support.

Perhaps more telling is that the hacktivist community has almost unanimously ditched any notion that Flannery had anything to do with LulzSec :: Read the full article »»»»

Millions of Linkedin User Passwords Hacked

That hub of corporate social networking, LinkedIn is investigating claims that over 6 million of its users’ passwords were leaked onto the internet. Linkedin, which has over 150 million users, is designed to allow professionals to share resume details and network with one like minded corporates.

Hackers have reportedly posted a file containing encrypted passwords onto a Russian web forum. The company has confirmed the leak and says it is currently looking into the reports.

Linkedin Statement: We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts :: Read the full article »»»»

World of the News: Hard Pill to Swallow

“We live in strange times” a quote that has truly lived through the test of time, each generation seems to have blurted this almost useless phrase since pelt clad artists scribbled on the walls of caves in Lascaux.

What’s changed, clearly quite a lot, but not so much! “News travels fast” now there’s a quote we can stick with, that along with Hard Pill to Swallow and you’ve pretty much got a round-up on what news is . . .

Week 1, November 2011

x

CONTINUED: Read the full article »»»»

Hacking Blipverts, now with built-in hologram to combat forgery, don't accept any imitations

This weeks Black Hat and Defcon convention in Las Vegas is generating a lot of buzz in the build up, what are the odds of the FBI turning up and getting hacked for their efforts. This may or may not be connected with LulSec and Anonymous being extra busy this week , making the headlines for many reasons but we at highpants are starting to think they’re in the headlines because that’s the way they like it. We’re just a little chuffed at our scoop on Anonymous, first to publish the Anonymous brag isn’t a shabby thing! With a headline like F_ck FB! Friday though, who could resist.

Clicking fingers at the ready.….

• South Korean mobile phone giant SK Communications has been hacked exposing the details of up to 35 million customers
• Hackers have found a way to unlock BMW, Hyundai and GM cars via SMS, the weaknesses is in the remote control and telemetry systems
• WASP (Wireless Aerial Surveillance Platform) a hacker with wings, this bad boy can sniff out your wi-fi, crack passwords and pose as a cell phone tower to listen in on calls. The unforseen back-lash against yellow remote control planes could be HUGE
• Here are five good reasons hacking will never be stopped
• Lulsec and Anonymous have been making headlines for themselves again this week, have the three stooges of the hacking world gone too far this time. All good hackers know if you lift your chin up too high it will be taken of at the neck. Anonymous announcing it was responsible for the E-Bay stock price drop is a little self-indulgent but still not as funny as the english police chasing their tales trying to figure out if the person they have arrested is the real anonymous
• PayPal hands 1000 IP address of suspected Anonymous accounts to the FBI, FBI asks PayPal to repeat everything after ‘listen closely max’

Buddha’s Brother out…

Anonymous Hacks FBI Contractor in F_ck FBI Friday Attack

In a tweet posted just hours ago, hacktivist group Anonymous has claimed to have “owned” the defense contractor, ManTech International. Anonymous has promised a data release within 24hours. If true, this will be the latest hack in the group’s AntiSec campaign, and in particular its series of – F*ck FBI Friday –  attacks. Previous Anonymous attacks have targeted defense contractors, their favorite bait though are companies who work with the FBI. These attacks have included attacks on the Atlanta chapter of InfraGard and the firms IRC Federal, Unveillance, and Booz Allen Hamilton, all of which provide cybersecurity services and solutions to the U.S. Government. Anonymous identifies ManTech’s work for the FBI and the National Security Agency as its motivation for targeting the company.

The Documents!

HELD FOR POSTERITY

Because we know it's not stayng put for long

      _  _                   __   __
   __| || |__ _____    _____/  |_|__| ______ ____   ____        #Anonymous
   \   __   / \__  \  /    \   __\  |/  ___// __ \_/ ___\       #AntiSec
    |  ||  |   / __ \|   |  \  | |  |\___ \\  ___/\  \___       #FUCK
   /_  ~~  _\ (____  /___|  /__| |__/____ \ \___ \ \___  |      #FBI
     |_||_|        \/     \/             \/     \/     \/       #FRIDAY

/*******************************************************************************
***                 FUCK FBI FRIDAY III: ManTech Mayhem                      ***
*******************************************************************************/

Ahoy thar,

Today is Friday and we will be following the tradition of humiliating our friends
from the FBI once again. This time we hit one of their biggest contractors for
cyber security: Mantech International Corporation.

What ManTech has to do with the FBI? Well, quite simple: In Summer 2010 the FBI
had the glorious idea to outsource their Cybersecurity to ManTech. Value of the
contract: 100 Million US-Dollar:

  "The FBI is outsourcing cybersecurity to the tune of nearly $100 million to a
  Washington-area managed services company. The deal shows a willingness in the
  federal government to place IT services more and more in the hands of third
  parties as agencies don't have enough staff on hand to do the job."

  http://www.informationweek.com/news/government/security/226700486

And this is not the only Cybersecurity contract ManTech won; with a quick
internet search you will be able to find lots more. And just a few months back,
in March 2011, ManTech received another 9 Million cybersecurity contract from
the FBI:

  http://www.euroinvestor.co.uk/news/story.aspx?id=11545467

Well done, good sirs. You failed epically. Because we pwned ManTech utterly and
throughly; and we did not need hundreds of millions for it. In fact, we did not
require any funds at all, we did it with Lulz.

So we begin by releasing 400MB of internal data from ManTech, this gives
some insight on how they are wasting the tax payer's money. Most of the
documents in this first batch are related to NATO who, you may recall, made some
bold claims regarding Anonymous earlier this year:

  "It remains to be seen how much time Anonymous has for pursuing such paths.
  The longer these attacks persist the more likely countermeasures will be
  developed, implemented, the groups will be infiltrated and perpetrators
  persecuted"

  http://www.nato-pa.int/default.asp?SHORTCUT=2443

Indeed, it remains to be seen. It also remains to be seen how much longer the
public will accept how completely incompetent law enforcement agencies are
spending their citizens' money to fund even more incompetent federal
contractors. Incidentally, apart from the FBI, ManTech International has some other
clients:

   * Defense Intelligence Agency,
   * National Geospatial-Intelligence Agency
   * National Reconnaissance Office
   * National Security Agency
   * Department of Homeland Security
   * U.S. Navy, Air Force, Army, Marine Corps
   * Missile Defense Agency and DARPA
   * Department of Justice
   * Department of State
   * Environmental Protection Agency
   * NASA, NATO, state and local governments

Great. It's really good to know that you guys are taking care of protecting the
Unites States from so-called cyber threats.

It should also be noted that ManTech, along with HBGary, Palantir, Endgames and
others were involved in the now-dubbed Operation MetalGear to manipulate and spy
on their citizens using persona management software for social networks:

  http://wiki.echelon2.org/wiki/Mantech

We are providing these ManTech documents so the public can see for themselves
how their tax money is being spent. But don't you worry, the U.S. is a rich
country and can afford to waste money, right?

Dear Government and Law Enforcement, we are repeating this message as we have
the suspicion you still do not take us seriously: We are not scared anymore and
your threats to arrest us are meaningless. We will continue to demonstrate how
you fail at about every aspect of cybersecurity while burning hundreds of
millions of dollars that you do not even have.

The director of the U.S. Computer Emergency Response Team (CERT), Randy
Vickers, already resigned from his post, without proving an explanation. Let us
provide you with one: Mr. Vickers realized that he is on the losing side of
this war. A war that should never have been started in the first place. Not
only because the enemy was vastly underestimated and misjudged completely but
even more because it is fought against innocent citizens who simply chose to
protest against the grievance of the government. You cannot win this war and
the sooner you realize this and call for peace, the sooner we can put an end to
this and solve the problems of this world together.

Dear citizens of the U.S. and the world: We are fighting in the name of all the
oppressed and betrayed people. In your name we will continue to fire upon these
laughable battleships until they are no more. Hold on tight while the seas are
rough but we will prevail!

Anonymous
AntiSec

Litchfield Bows Out

Litchfield exposes one last Oracle security bug before walking away from his database battles

Virginaia: In 2001, Larry Ellison brashly proclaimed in a keynote speech at the computing conference Comdex that his database software was “unbreakable.”

“You have this ideal vision of doing something for the greater good,” said David Litchfield, managing director of Next Generation Security Software Ltd. of London, who acknowledged that a small bit of his code might have been used in the attack. “I will probably no longer publish such code.” David Litchfield via The Washington Post

David Litchfield has devoted the last nine years to making the Oracle chief executive regret that marketing stunt. At the Black Hat security conference Tuesday afternoon, Litchfield unveiled a new bug in Oracle’s 11G database software, a critical, unpatched vulnerability that would allow a hacker to take control of an Oracle database and access or modify information at any security level.

“Anything that God can do on that database, you can do” Litchfield