Blog

  • U.S Department of State and several Swedish government websites targeted in DDoS attack

    posted by Keito
    2012-09-04 21:10:26
    'The U.S Department of State and a number of Swedish government websites were among those forced offline in an apparent mass DDoS (Distributed Denial of Service) attack.

    The websites for the Swedish Armed Forces, Courts Administration, and the Swedish Institute (an initiative to promote the country around the world) were among those affected.

    The person behind the Twitter account @TheWikiBoatBR (who does not appear to have an explicit association with Anonymous) posted a string of tweets suggesting responsibility for several attacks. Among those targeted were the Department of State, U.S. Department of Education, Sony, and Harvard University. The State Department site was still offline at the time of publication.

    A DDoS attack is one in which a website’s servers are overloaded by a vast number of systems trying to access them, which often forces the site offline.

    Swedish Armed Forces Communications and Public Affairs representative Therese Fagerstedt told The Local that it was not clear who was responsible, but it appears the DDoS may have been carried out to protest the charges laid against WikiLeaks founder Julian Assange.

    Prosecutors in Sweden want to charge Assange over alleged sex crimes. He has taken refuge at Ecuador’s London embassy since June, and has been granted asylum by Ecuador.

    The #OpFreeAssange hashtag, the same one used by Anonymous to discuss actions against the websites of Interpol and U.K. government websites in recent weeks, was used to talk about the Sweden attacks on Twitter.'

    http://www.dailydot.com/news/state-department-sweden-government-ddos/
  • Computer virus hits second energy firm

    posted by Keito
    2012-09-02 16:33:08
    'Computer systems at energy firm RasGas have been taken offline by a computer virus only days after a similar attack on oil giant Aramco.

    The attacks come as security experts warn of efforts by malicious hackers to target the oil and energy industry.

    The attack forced the Qatar-based RasGas firm to shut down its website and email systems.

    RasGas, one of the world's largest producers of liquid petroleum gas, said production was not hit by the attack.

    The company said it spotted the "unknown virus" earlier this week and took desktop computers, email and web servers offline as it cleaned up.

    The report comes only days after Saudi Arabia's Aramco revealed it had completed a clean-up operation after a virus knocked out 30,000 of its computers. The cyber- assault on Aramco also only hit desktop computers rather than operational plant and machinery.

    Both attacks come in the wake of alerts issued by security firms about a virus called "Shamoon" or "Disstrack" that specifically targets companies in the oil and energy sectors.

    Unlike many other contemporary viruses Shamoon/Disstrack does not attempt to steal data but instead tries to delete it irrecoverably. The virus spreads around internal computer networks by exploiting shared hard drives.

    Neither RasGas nor Aramco has released details of which virus penetrated its networks.

    The vast majority of computer viruses are designed to help cyber-thieves steal credit card numbers, online bank account credentials and other valuable digital assets such as login names and passwords.

    However, an increasing number of viruses are customised to take aim at specific industries, nations or companies.

    The best known of these viruses is the Stuxnet worm which was written to disable equipment used in Iran's nuclear enrichment efforts.'

    http://www.bbc.co.uk/news/technology-19434920
  • What developers can learn from Anonymous

    posted by Keito
    2012-08-29 20:59:29
    'The reason Anonymous has a permanent place in our collective imagination: For a time, its organizational model worked very well.


    I've been credited with coining the term "do-ocracy." When I've had the opportunity to lead an open source project, I've preferred to "run" it as a do-ocracy, which in essence means I might give my opinion, but you're free to ignore it. In other words, actual developers should be empowered to make all the low-level decisions themselves.

    When you think about it, the hacker group Anonymous is probably one of the world's most do-ocratic organizations. Regardless of where you stand on Anonymous' tactics, politics, or whatever, I think the group has something to teach developers and development organizations.

    As leader of an open source project, I can revoke committer access for anyone who misbehaves, but membership in Anonymous is a free-for-all. Sure, doing something in Anonymous' name that even a minority of "members" dislike would probably be a tactical mistake, but Anonymous has no trademark protection under the law; the organization simply has an overall vision and flavor. Its members carry out acts based on that mission. And it has enjoyed a great deal of success -- in part due to the lack of central control.

    Compare this to the level of control in many corporate development organizations. Some of that control is necessary, but often it's taken to gratuitous lengths. If you hire great developers, set general goals for the various parts of the project, and collect metrics, you probably don't need to exercise a lot of control to meet your requirements.

    Is it possible to apply do-ocracy outside of open source and hacktivism? Not to the same degree Anonymous does, but in moderate amounts, it could improve the overall quality of our software and our jobs.

    Vision and culture rule

    Anonymous members pick targets and carry out actions based on the general vision and culture of the group. Whether in a do-ocracy or not, vision goes a long way.

    Some years back I worked for a network equipment company. It was probably one of the worst jobs I've ever had, complete with rows of beige cubicles highlighted with sickly green trim. Not only was I told to write my Java classes mostly in caps, with few files and minimal whitespace, but each day we had hours of conference calls with a team in New Jersey. Our computers were vintage and our shell connection was slow. The "vision" was to try and catch up with whatever Cisco was doing.

    Internally, the project was considered a success, but to me it was clearly a failure. I'd be shocked if the company kept a single customer from leaving, and I'm virtually positive it didn't land new ones. The website was horribly confusing and unattractive. It was intended to be a B2B site. The dilapidated culture of the company and its hollow objective coupled with a bizarre need for control yielded predictable outcomes.

    Consider how Anonymous works. It started with a general vision of anarchistic attacks against centers of power. Over time, this has become specific to punishing "bad behavior" and grabbing attention. There is no five-year plan (that we know of). Something happens, folks come together -- in an IRC chat or other medium -- and collaborate on their work. Despite the lack of an overall plan, tactical successes occur.

    On the other hand, lack of a plan causes Anonymous to be a slave to the news cycle. While I'm not saying its activities at the height of the Arab Spring didn't contribute, key strategic objectives were not accomplished -- for instance, the repeated calls by freedom fighters to bring down Gadhafi's satellite TV channel. This is where a plan would be helpful. I've seen a lot of organizations function with neither shared vision or a plan. I've yet to see a successful software project without both.

    Control has its limits

    Many managers believe that if they aren't getting the results they want, they can just put pressure on the team. But as a developer who's transitioned to a management role, I can tell you that the more I push that button, the less effective it is.

    Consider the misadventures of our hacker anti-heroes. Where Anonymous has had a central nerve, it has been attacked, which has led to arrests. The effects have trickled down and negatively affected the group.

    We can also see this in server architecture. There are still clustering platforms managed through a central server -- the weak point in everything from Hadoop to WebSphere. Yet we're watching the evolution of these architectures away from central control. This results in less predictability in some circumstances, but makes them more robust in the long term.

    That metaphor is transferrable to the management of software projects. Yes, setting expectations, establishing norms, and spurring motivation can have great positive effect and avert crises. I am not advocating for anarchy. But the loose affiliation model of Anonymous, an organization notorious for wreaking chaos, has more to teach than many of us would like to admit.'

    https://www.infoworld.com/d/application-development/what-developers-can-learn-anonymous-200786
  • Oil Producer Saudi Aramco Reveals Cyber Attack Hit 30,000 Workstations

    posted by Keito
    2012-08-29 20:53:43
    'Saudi Aramco, the world's biggest oil producer, has resumed operating its main internal computer networks after a virus infected about 30,000 of its workstations in mid-August.

    Immediately after the Aug. 15 attack, the company announced it had cut off its electronic systems from outside access to prevent further attacks. Saudi Aramco said the virus "originated from external sources" and that its investigation into the matter was ongoing. There was no mention of whether this was related to this month's Shamoon attacks.

    “The disruption was suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network,” Saudi Aramco said over Facebook.

    “We would like to emphasize and assure our stakeholders, customers and partners that our core businesses of oil and gas exploration, production and distribution from the wellhead to the distribution network were unaffected and are functioning as reliably as ever,” Saudi Aramco’s chief executive, Khalid al-Falih, said in a statement.

    However, one of Saudi Aramco’s websites which was taken offline after the attack - www.aramco.com - remained down yesterday. E-mails sent by Reuters to people within the company continued to bounce back.

    Supposed hacktivists have claimed the hit on the oil giant, saying they would hit the company again tomorrow. The group said it was “fed up of crimes and atrocities taking place in various countries around the world”, in a post on Pastebin. They said they were targeting the House of Saud, the ruling royal family of Saudi Arabia, and targeted Aramco as it was “the largest financial source for Al-Saud regime”.

    The group, calling itself the ‘Cutting Sword of Justice’, claimed to have hacked Aramco systems in several countries before sending a virus across 30,000 computers achieving a 75 percent infection rate of all the company’s systems. It refuted suggestions that a nation state was behind the attack.

    Symantec, one of the world’s largest internet security companies, said on the day after the Saudi Aramco attack that it had discovered a new virus that was targeting at least one organisation in the global energy sector, although it did not name that organisation.

    “It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable,” Symantec said in a blog posting about the virus, which it called W32.Disttrack. “Threats with such destructive payloads are unusual and are not typical of targeted attacks.”

    Saudi Aramco’s al-Falih said in his statement yesterday: “Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber attack.”'

    http://thehackernews.com/2012/08/saudi-aramco-oil-producers-30000.html
  • Ex-Lulzsec-Head Sabu Rewarded Six-Month Sentencing Delay

    posted by Keito
    2012-08-25 10:05:30
    '"Ex-Lulzsec-head and hacker Hector Xavier Monsegur a.k.a. Sabu has managed to get his court case delayed by six months – thanks to his cooperation with the US Federal authorities in getting other Lulzsec members behind bars. This news came to light after a court document appeared online, which was filed by the US Government as a request to the US district Attorney. The US Gov put forward an adjournment request "in light of the defendant's ongoing cooperation with the Government." The request has been accepted and now the case has been adjourned till 22 February, 2013."'

    http://yro.slashdot.org/story/12/08/24/0236246/ex-lulzsec-head-sabu-rewarded-six-month-sentencing-delay