Mute & Static Movement - Anonymous
posted by Keito
Major banks hit with biggest cyberattacks in history
posted by Keito
2012-09-29 16:57:00'There's a good chance your bank's website was attacked over the past week.
Since Sept. 19, the websites of Bank of America (BAC, Fortune 500), JPMorgan Chase (JPM, Fortune 500), Wells Fargo (WFC, Fortune 500), U.S. Bank (USB, Fortune 500) and PNC Bank have all suffered day-long slowdowns and been sporadically unreachable for many customers. The attackers, who took aim at Bank of America first, went after their targets in sequence. Thursday's victim, PNC's website, was inaccessible at the time this article was published.
Security experts say the outages stem from one of the biggest cyberattacks they've ever seen. These "denial of service" attacks -- huge amounts of traffic directed at a website to make it crash -- were the largest ever recorded by a wide margin, according to two researchers.
Banks get hit by cyberattackers all the time and typically have some of the best defenses against them. This time, they were outgunned.
"The volume of traffic sent to these sites is frankly unprecedented," said Dmitri Alperovitch, co-founder of CrowdStrike, a security firm that has been investigating the attacks. "It's 10 to 20 times the volume that we normally see, and twice the previous record for a denial of service attack."
To carry out the cyberattacks, the attackers got hold of thousands of high-powered application servers and pointed them all at the targeted banks. That overwhelmed Bank of America and Chase's Web servers on Sept. 19, Wells Fargo and U.S. Bank on Wednesday and PNC on Thursday. Fred Solomon, a spokesman for PNC, confirmed that a high volume of traffic on Thursday was affecting users' ability to access the website, but he declined to go into more detail.
Denial of service attacks are an effective but unsophisticated tool that doesn't involve any actual hacking. No data was stolen from the banks, and their transactional systems -- like their ATM networks -- remained unaffected. The aim of the attacks was simply to temporarily knock down the banks' public-facing websites.
To get hold of all the servers necessary to launch such huge attacks, the organizers needed to plan for months, Alperovitch said. The servers had to be compromised and linked together into a network called a "botnet."
That level of pre-planning is a deviation from the kinds of denial of service attacks launched at banks in the past by so-called "hacktivists." Typically, hacktivists use home PCs infected with malware to amass their botnets. Attacks on this scale would be impossible to carry out with home PCs -- users too frequently turn them off or disconnect them from the Internet.
The Islamist group Izz ad-Din al-Qassam Cyber Fighters publicly claimed responsibility for the attacks in what it called "Operation Ababil", but researchers are divided about how seriously to take their claims. The group has launched attacks in the past, but those have been far less coordinated than the recent batch.
Sen. Joe Lieberman, an Independent from Connecticut, said in a C-SPAN interview on Wednesday that he believed the attacks were launched by Iran.
"I don't believe these were just hackers who were skilled enough to cause disruption of the websites," he said. "I think this was done by Iran ... and I believe it was a response to the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions."
A call requesting comment from the Department of Homeland Security's cybersecurity office was not immediately returned.
A cybersecurity firm following the attacks also expressed doubt about the connections between the Cyber Fighters and the bank attacks. On social networks and chat forums, the group urged its followers to use a mobile "low orbit ion cannon" -- a software tool typically used by Anonymous and other hacktivist groups to direct a massive flood of traffic at a targeted site.
That tool was not used in the attack, according to Ronen Kenig, director of security products at network security firm Radware.
"Supporters of this group didn't join in the attack at all, or they joined in but didn't use that tool," said Kenig. "The attack used a botnet instead." He doesn't think the Cyber Fighters would have access to a botnet as advanced as the one used by the attackers.
But CrowdStrike's Alperovitch said he is "quite confident" the perpetrator was the Izz ad-Din al-Qassam Cyber Fighters, since they announced each attack well before it was carried out, and the attack wasn't that sophisticated -- it just took significant planning. PNC was the last target on the lists the Cyber Fighters have circulated, but more attacks could still be coming.
Both researchers agree that the controversial anti-Muslim YouTube video was not the initial impetus for the attacks, as the Cyber Fighters claimed in messages recruiting volunteers to join in. Before the video was even released, the group claimed responsibility for similar attacks.
"The video is simply an excuse," Alperovitch said. "It's a red herring."'
RAP NEWS X: #Occupy2012 (feat. Anonymous & Noam Chomsky)
posted by Keito
What developers can learn from Anonymous
posted by Keito
2012-08-29 20:59:29'The reason Anonymous has a permanent place in our collective imagination: For a time, its organizational model worked very well.
I've been credited with coining the term "do-ocracy." When I've had the opportunity to lead an open source project, I've preferred to "run" it as a do-ocracy, which in essence means I might give my opinion, but you're free to ignore it. In other words, actual developers should be empowered to make all the low-level decisions themselves.
When you think about it, the hacker group Anonymous is probably one of the world's most do-ocratic organizations. Regardless of where you stand on Anonymous' tactics, politics, or whatever, I think the group has something to teach developers and development organizations.
As leader of an open source project, I can revoke committer access for anyone who misbehaves, but membership in Anonymous is a free-for-all. Sure, doing something in Anonymous' name that even a minority of "members" dislike would probably be a tactical mistake, but Anonymous has no trademark protection under the law; the organization simply has an overall vision and flavor. Its members carry out acts based on that mission. And it has enjoyed a great deal of success -- in part due to the lack of central control.
Compare this to the level of control in many corporate development organizations. Some of that control is necessary, but often it's taken to gratuitous lengths. If you hire great developers, set general goals for the various parts of the project, and collect metrics, you probably don't need to exercise a lot of control to meet your requirements.
Is it possible to apply do-ocracy outside of open source and hacktivism? Not to the same degree Anonymous does, but in moderate amounts, it could improve the overall quality of our software and our jobs.
Vision and culture rule
Anonymous members pick targets and carry out actions based on the general vision and culture of the group. Whether in a do-ocracy or not, vision goes a long way.
Some years back I worked for a network equipment company. It was probably one of the worst jobs I've ever had, complete with rows of beige cubicles highlighted with sickly green trim. Not only was I told to write my Java classes mostly in caps, with few files and minimal whitespace, but each day we had hours of conference calls with a team in New Jersey. Our computers were vintage and our shell connection was slow. The "vision" was to try and catch up with whatever Cisco was doing.
Internally, the project was considered a success, but to me it was clearly a failure. I'd be shocked if the company kept a single customer from leaving, and I'm virtually positive it didn't land new ones. The website was horribly confusing and unattractive. It was intended to be a B2B site. The dilapidated culture of the company and its hollow objective coupled with a bizarre need for control yielded predictable outcomes.
Consider how Anonymous works. It started with a general vision of anarchistic attacks against centers of power. Over time, this has become specific to punishing "bad behavior" and grabbing attention. There is no five-year plan (that we know of). Something happens, folks come together -- in an IRC chat or other medium -- and collaborate on their work. Despite the lack of an overall plan, tactical successes occur.
On the other hand, lack of a plan causes Anonymous to be a slave to the news cycle. While I'm not saying its activities at the height of the Arab Spring didn't contribute, key strategic objectives were not accomplished -- for instance, the repeated calls by freedom fighters to bring down Gadhafi's satellite TV channel. This is where a plan would be helpful. I've seen a lot of organizations function with neither shared vision or a plan. I've yet to see a successful software project without both.
Control has its limits
Many managers believe that if they aren't getting the results they want, they can just put pressure on the team. But as a developer who's transitioned to a management role, I can tell you that the more I push that button, the less effective it is.
Consider the misadventures of our hacker anti-heroes. Where Anonymous has had a central nerve, it has been attacked, which has led to arrests. The effects have trickled down and negatively affected the group.
We can also see this in server architecture. There are still clustering platforms managed through a central server -- the weak point in everything from Hadoop to WebSphere. Yet we're watching the evolution of these architectures away from central control. This results in less predictability in some circumstances, but makes them more robust in the long term.
That metaphor is transferrable to the management of software projects. Yes, setting expectations, establishing norms, and spurring motivation can have great positive effect and avert crises. I am not advocating for anarchy. But the loose affiliation model of Anonymous, an organization notorious for wreaking chaos, has more to teach than many of us would like to admit.'
Hackers Dump Millions of Records From Banks, Politicians
posted by Keito
2012-08-28 20:59:58"TeamGhostShell, a team linked with the infamous group Anonymous, is claiming that they have hacked some major U.S. institutions, including major banking institutions and accounts of politicians, and has posted those details online. The dumps, comprised of millions of accounts, have been let loose on the web by the hacking collective. The motivation behind the hack, the group claims, is to protest against banks, politicians and the hackers who have been captured by law enforcement agencies."