what we can learn from lulzsec
DESCRIPTION
TRANSCRIPT
What we can learn from LulzSecPHDAYS 2012
About Me
• Jerry Gamblin• Network Security Specialist – Missouri House Of Representatives
• [email protected]• jerrygamblin.com• @jgamblin (twitter)
About Me
About Me
Why I am giving this talk…
Why I am giving this talk…
Why I am giving this talk…
Overview
• The Players• The Vigilantes• The Tools• The Campaigns• What we learned. • How We Can Stop It.
The Players
Who is who?
Anonymous
LulzsecAnti-Sec
Anonymous
Anonymous
Anonymous
• First active as a hacking group in 2008• Originated on:– 4CHAN– Futaba ( Japanese variant of 4CHAN)– Encyclopædia Dramatica
LOLCATS
Membership
"[Anonymous is] the first Internet-based superconsciousness. Anonymous is a group, in the sense that a flock of birds is a group. How do you know they're a group? Because they're traveling in the same direction. At any given moment, more birds could join, leave, peel off in another direction entirely."
—Chris Landers. Baltimore City Paper, April 2, 2008
Mission Statement
We [Anonymous] just happen to be a group of people on the internet who need — just kind of an outlet to do as we wish, that we wouldn't be able to do in regular society. ...That's more or less the point of it. Do as you wish. ... There's a common phrase: 'we are doing it for the lulz.‘
—Trent Peacock. Search Engine: The face of Anonymous, February 7, 2008.
Not So Anonymous
What A Hacker Looks Like…
What A Hacker Looks Like?
LulzSec
• Anonymous all-star team.• Had 4 to 9 active members.• Highly active and technical. • "Laughing at your security since 2011!"
Sabu
Anarchaos
Topiary
Kayla
TFlow
Viral
Recursion
Anti-Sec
• Anti-Sec was the re-merger of lulzSec and anonymous in late June 2011.
W0rmer & CabinCr3W
The Vigilantes
th3j35t3r
• @th3j35t3r• Anti-Jihad hacker• XerXes DDOS tool• Leads the anti-anonymous crusade on twitter• Went offline May 9th.
BacktraceSecurity
• backtracesecurity.com• @backtracesec• Gave a talk at Defcon19 about exposing anon.– Anonymous and the rise of the Adhocracy
The Tools
IRC
• Mostly on irc.2600.net• Anonymous channels– #Anonymous– #Antisec
• Anti-anonymous channels– #AntiAntiSec– #Prosec
• Used mainly for press relations and public support.• Main accounts:– @anonymousirc– @anonymousabu– @youranonnews– @anonops – @anoncmd– @lulzsec
PasteBin.com
• Public and anonymous clipboard.• Developed to easily share source code. • Used by Anonymous to share dox and dumps
of stolen information.
CloudFlare.com
CloudFlare.com
• Distributed cloud IDS/IPS. • Hides your real server IP. • Stops DDOS attacks.• FREE!
Hidemyass.com
• VPN Service• Anonymous internet identity– 18,000 unique IP addresses
Doxing
• Public dump of an individuals personal information.
• Often leads to real life harassment.
Blackout Faxing
Low Orbit Ion Cannon
Low Orbit Ion Cannon
• Network stress testing tool.– (Read DDOS tool)
• Written by Anonymous members.• Hivemind– Allows machines to join a voluntary botnet.
• Open source project hosted on sf.net
SQLMAP
• Open source database penetration testing tool. • Works on the major SQL databases– MySQL– Oracle – PostgreSQL– Microsoft SQL
• “Wizard” mode. • Ability to give you a root shell on Linux machines.• Open source project hosted on sf.net
SQLMAP
No Known 0-Days
The Campaigns
Epilepsy Foundation Forums
Date March 2008
Targets Epilepsy Foundation of AmericaNational Society for Epilepsy
Attack Method Posting flashing images on the forums frequented by epilepsy sufferers in the attempt to cause seizures and migraine headaches.
No Cussing Club
No Cussing Club
Date January 2009
Target McKay Hatch
Attack Method • Posted his and his families address, email and phone number online.
• Harassed him via email and phone calls. • Pizza bombed his house.• Subscribed him to over 100 pornographic magazines.
Operation Titstorm
Date February 2010
Target Australian government for passing anti- pornography law dealing with animated pornography.
Attack Method DDOS:• Australian Parliament Defaced:• Australian Prime MinisterFax Attack: • Australian Government communications department.
Operation Payback
Operation Payback
Date September 2010
Target Aiplex Software for DDOSing sharing sites after they refused to remove copyrighted material.
Attack Method DDOS:• ACS:Law• Australian Federation Against Copyright Theft • ACAPOR• Ministry of Sound• Spanish Copyright SocietySQLI:• UK Intellectual Property OfficeDefaced:• GeneSimmons.com
Operation Avenge Assange
Date December 2010
Target Companies who stopped process donations to Assange or stopped hosting wikileaks content.
Attack Method DDOS:• PostFinance• Swedish Prosecution Authority• EveryDNS• MasterCard• Borgstrom and Bodström• Visa• PayPal• PayPal API• Sarah Palin• Joseph LiebermanAborted DDOS:• Amazon
Operation Sony
Operation Sony
Date February 2011
Target Sony for their lawsuit against George Hotz who hacked the PS3.
Attack Method SQLI:• Sony PlayStation Network• Sony Online Entertainment • Sony BMG America• Sony Music Japan• Sony BMG Greece• Sony Portugal
Operation Tunisia
Operation Tunisia
Date May 2011
Target Tunisian Government Websites
Attack Method DDOS:• President• Prime Minister• Ammar 404• Ministry of Industry• Ministry of Foreign Affairs• Tunisian Stock Exchange
Operation Egypt
Date May 2011
Target Egyptian Government Websites
Attack Method DDOS:• Cabinet Minster• Ministry of the Interior • Ministry of Communications and Technology
HBGary Federal
Date February 2011
Target Aaron Barr for a talk he was going to give on exposing anonymous members at a bsides event in San Francisco.
Attack Method HBGary.com• SQLI hbgary.comAaron Barr• Released SSN• Released personal emails• Took over his twitter account• Remotely Wiped IPAD/IPHONE• Exposed his World of Warcraft character name.
• Obviously the most embarrassing.
Operation Anti-Sec
Date February 2011
Targets Police associations and federal security contractors for the arrest of anonymous and lulzsec members.
Attack Method DDOS:United States Court of Appeals for the Ninth Circuit SQLI: IRC FederalBooz Allen HamiltonVanguard Defense Missouri Sheriffs' AssociationTexas Police Chiefs Association Arizona Department of Public SafetyDOX:Richard Garcia
Operation Orlando
Date June 2011
Targets The city of Orlando for the arrest of “food not bombs” members for handing out food in city parks without a free permit.
Attack Method DDOS:• Orlando Mayor’s websiteSQLI:• Roman Catholic Diocese of Orlando• Rotary Club of Orlando • Orlando Chamber of CommerceThreat of Physical Violence:• Orlando Mayor
Orlando Mayor
Operation Bart
Date August 2011
Target BART for shutting down cell phone repeater services to stop protest of the murder of Oscar Grant.
Attack Method SQLI:• BART Police Officer’s Association• MyBART.org
Operation DarkNet
Operation MegaUpload
Date January 2012
Targets Anyone involved in the criminal case against Megaupload.
Attack Method DDOS:UMG (Universal Music Group)Warner Brothers MusicMPAARIAAUnited States Department of JusticeFBI
Vatican Website Attacks
Operation Russia
Date February 2012
Targets Email accounts of prominent pro-Kremlin activists and officials. Dispensing that information at @OP_Russia on twitter.
Attack Method Email Hack of:Kristina PotupchikPress secretary for Nashi youth movementOleg Khorokhordin Deputy head of the Department for Internal Affairs at the Presidential AdministrationVasily YakemenkoHead of the Federal Agency for Youth Affairs
What we learned.
Not Advanced; But Persistent
Target by Association
Guilty by Association
Sympathetic Industry?
• Brings recognition to their jobs. • Helps increase funding. • Get to LULZ at the victim.
How can we stop it?
Real Security Awareness
Real Security Awareness
Hack Yourself
Hire a Penetration Tester
Help Your Associates
Listen!
Есть вопросы?
Contact Info
• Jerry Gamblin• Network Security Specialist – Missouri House Of Representatives
• @jgamblin (twitter)• [email protected]• www.jerrygamblin.com
Благодарю вас!
#LulzSecReborn(They are making a comeback)