Hackers take over sentencing commission website
Source: seattlepi
WASHINGTON (AP) The hacker-activist group Anonymous says it hijacked the website of the U.S. Sentencing Commission to avenge the death of Aaron Swartz, an Internet activist who committed suicide.
The website of the commission, an independent agency of the judicial branch, was taken over early Saturday and replaced with a message warning that when Swartz killed himself two weeks ago "a line was crossed."
The hackers say they've infiltrated several government computer systems and copied secret information that they now threaten to make public.
Read more: Link http://www.seattlepi.com/business/technology/article/Hackers-take-over-sentencing-commission-website-4225428.phpto source
johnfunk
(6,113 posts)Good on Anonymous. It was the height of cruelty to threaten Swartz with a longer and more draconian sentence than murderers, rapists, or banksters.
Melinda
(5,465 posts)Anonymous took control of the U.S. Sentencing Commission website in the early morning hours of January 25... they then seized govt files and encrypted them for distribution around the world. They are calling the first set of files a "warhead" in a campaign they're calling "Operation Last Resort." Oh, and they purportedly have a set of files on every justice sitting on SCOTUS.
There were 2 attacks; the site was down by by 3:00 am pacific time and remains down at this time. It's been dropped from the DNS, and IP address (66.153.19.162) still returns the defaced contents.
So Anonymous has issued an ultimatum to the US govt, and if the demands are not met: "Warhead - U S - D O J - L E A - 2013 . A E E 256 is primed and armed. It has been quietly distributed to numerous mirrors over the last few days and is available for download from this website now. We encourage all Anonymous to syndicate this file as widely as possible." link to full statement.
Pertinent part from link above: "With Aaron's death we can wait no longer. The time has come to show the United States Department of Justice and its affiliates the true meaning of infiltration. The time has come to give this system a taste of its own medicine. The time has come for them to feel the helplessness and fear that comes with being forced into a game where the odds are stacked against them."
Full video:
They're pissed about Aaron Swartz death, and they are NOT playing.
1monster
(11,012 posts)Dare we hope that we have a watch dog over our government and that the watch dog is more powerful AND incorruptable?
reACTIONary
(5,771 posts)...that they are marginally competent juvenile delinquents.
Lordquinton
(7,886 posts)Ash_F
(5,861 posts)Do kids still say bushwhacked? Did they ever?
But I don't think 'powerful' is the right descriptor. Neither is "marginally competent" though. They are likely among the best technical professionals of the next ruling generation.
reACTIONary
(5,771 posts)Hardly. They rely on careless and sloppy server administration using old, well-worn exploits that that could be prevented simply by keeping the software up to date and changing the passwords. With the large number of public service web sites out there it just takes a little time to find one in the area of interest that is vulnerable.
Its pretty pitiful all the attention they get for such lame and insignificant vandalism. It's like getting front-page coverage for spray painting graffiti on the sidewalk.
Ash_F
(5,861 posts)Supposedly these young folks will be replacing the sloppy admins they defeated over and over.
Who then are the competent ones out there, in your view? They don't work for the government. They don't work for the banks. They don't even seem to work for the internet security firms. Anonymous has hit them all and aired all their dirty laundry.
reACTIONary
(5,771 posts)...of many, many units, departments, offices, etc., etc. Most of them do what they are focused on (say sentencing guidelines) well, but are not necessarily up to snuff in all areas (say, running a web site). They rely on subcontractors, and, sometimes just the people in the office who have other more important responsibilities. It isn't surprising that mistakes are made.
Right now, somewhere there is a government security guard taking a nap when he should be vigilant. However, that guard isn't guarding the entrance to the NSA. Experience, competency and vigilance vary widely and depend on the needs, focus and resources of the specific branch organization. "The government" isn't incompetent just because of one or a few incidents.
My organization has been subject to several state-sponsored attacks over the course of the last several years. Our security team is world-class and fights back tooth and nail. State-sponsored attacks like this are way, way, way beyond the capabilities of the anonymous script kiddies. There is absolutely no comparison between this incident and the real war that is being waged. The script kiddies would get nowhere at our site.
Speaking of state-sponsored attacks, the recent distributed denial of service attacks on several American banks, while not very innovative and mostly just annoying, were state-sponsored, not anonymous script kiddies.
This is a high stakes game, but it is also extremely costly. Its worth it in some cases, but it is way beyond the capabilities and resources of the typical government office that is just trying to do a public service by getting some information out to the public in a timely, cost effective way. And isn't very much subject to threats anyway.
I think you should cut them some slack and be more appreciative of their efforts to make our lives a bit better.
Ash_F
(5,861 posts)Also:
"My organization has been subject to several state-sponsored attacks over the course of the last several years. Our security team is world-class and fights back tooth and nail. State-sponsored attacks like this are way, way, way beyond the capabilities of the anonymous script kiddies. There is absolutely no comparison between this incident and the real war that is being waged. The script kiddies would get nowhere at our site. "
haha, I see you are one of those elite keyboard ninjas, fighting secret wars to save humanity and all that. I will back off now.
reACTIONary
(5,771 posts)...with respect to Anon. And I think that police and prosecutors that are trying to break conspiracies need a credible and significant threat to be able to take down a criminal organization.
FYI I'm not actively involved in computer security, I am just inordinately affected by it and so a bit more aware about what is going on. When an incident occurs, those on the "front line" give us enough information to help us help them and to motivate vigilance and care. So I get a bit more information than the general public and it has a bit more personal significance.
bemildred
(90,061 posts)And that is our government, thinking itself well able to decide what WE ought to do, well able to tell the whole world what to do. A little humility is required, now and then.
reACTIONary
(5,771 posts)...or the arrest and prosecution of someone who was caught breaking, entering and stealing... or a group of self aggrandizing juvenile delinquents who have pulled a largely meaningless and insignificant stunt?
bemildred
(90,061 posts)reACTIONary
(5,771 posts)... is not something that is left up to the individual to be "able to decide what WE ought to do". Prohibiting it is not an infringement on individual liberty. Nor is it in any way "telling the whole world what to do".
And competency in understanding, defining and enforcing justice has nothing to do with competency in setting up a secure web site for information sharing.
bemildred
(90,061 posts)You think property is what matters. I don't. I think people matter. Fuck property.
reACTIONary
(5,771 posts)... you don't think that people who are stolen from are important. Fuck them.
bemildred
(90,061 posts)Why do you, for that matter? Are you a fan of incompetent web security?
reACTIONary
(5,771 posts)... to protect you whenever you step out of the house, why should I care if you are shot, robbed, and left for dead? What business is it of mine?
bemildred
(90,061 posts)reACTIONary
(5,771 posts)... the firm that handles my security: Solitary, Poor, Nasty, Brutish and Short.
bemildred
(90,061 posts)reACTIONary
(5,771 posts)I don't want to be presumptuous, but your response leads me to believe that you don't have a clue.
bemildred
(90,061 posts)A newly discovered exploit in a technology standard known as universal plug and play (UPnP) is big enough that hackers on the Internet could remotely access and control millions of compatible devices like cameras, printers and routers, security researchers said Tuesday.
Researchers working for the security firm Rapid7 said they found bugs in the UPnP standard that exposes personal devices to being remotely accessed and controlled. That means an enterprising hacker could, say, exploit the bug to print unwanted messages on a personal printer, or turn on a webcam unbeknownst to the owner.
A hole this large has likely already been exploited on a selective, individual basis, researchers warned, noting that something like 40 to 50 million network devices make use of UPnP.
Rapid7?s announcement was confirmed Tuesday night by the United States Computer Emergency Readiness Team (US-CERT), which warned that hundreds of vendors that supply network-enabled hardware rely upon UPnP, including major firms like Ciscos Linksys, D-Link, Belkin and Netgear. The agency recommended those manufacturers begin immediately updating their software to close the vulnerability a process which could take months.
http://www.democraticunderground.com/1014385672
This is the kind of crap that we get when people get fat, dumb, and happy on the web, botnets, spam, and infections.
reACTIONary
(5,771 posts)...and they should be enforced.
Occulus
(20,599 posts)I was wondering how long that would take.
Less than 24 hours.
I heard about this yesterday, live, on Security Now with Leo Laporte and Steve Gibson.
The actual numbers are around 81 million devices using vulnerable hardware, manufactured by 1500 vendors.
The only answer at this time is to disable UPnP completely, both on the routers in question and in the OS if the OS has it turned on. Please note that this issue is OS-independent; Windows, *nix, and MacOS are all vulnerable.
Let me say it more clearly for the Apple fanboys: you are just as vulnerable to this issue as any Windows user.
bemildred
(90,061 posts)Not necessarily the top end technically, but "some assembly required".
Having worked in defense back in the 90s, I'm surprised this doesn't happen more, esp. given the government's fondness for Microsoft software. I suppose part of the reason is lack of motivation, who wants to break into Justice Dept. computers? But also they are cheap about technical help, won't pay what you can get elsewhere, and the emphasis is on empire building, not excellence in execution.
MelungeonWoman
(502 posts)They understand the gravity of the actions they are taking. It will be interesting to see if the forces they combat are as dismissive of their talents as you are.
reACTIONary
(5,771 posts)...I laughed out loud. It's a bunch of self-aggrandizing hyperbolic rubbish. I'm totally amazed anyone would take it seriously. Totally lacking in gravitas.
That's not "combat". That's spray paint.
MindPilot
(12,693 posts)Bring it!
20score
(4,769 posts)If only people in positions of power did the right thing, they would be unnecessary. Until then....
bir
(2 posts)When I win the Lottery, I am SO going to Support Anonymous, Its about time We the People take back our Government
BlueJazz
(25,348 posts)I know assembly Language and a few other languages and feel I'm fairly decent ...and not nearly as good as my friends..when it comes to breaking things up.
But these Guys/Gals are WAY, WAY beyond that.
I'd hate to have them with their sights set on me.
reACTIONary
(5,771 posts)...left his password set to "password". Big deal.
FreeBC
(403 posts)I agree that there is a pattern of prosecutor misconduct across all levels of government that goes unaddressed, but I don't think that hacking this website and issuing threats improves the situation. I think this sort of action is considered to be vandalism by most people and I don't think vandalism is a very effective way to win people to your point of view.
christx30
(6,241 posts)to stop the misconduct. They threaten you with 10-20 years to get you to accept the breadcrumbs to have some kind of a life. If I was in their crosshairs I would probably kill myself, innocent or not. Truth and innocense do not matter at all. Prosecutors do not care about the law at all. They want to make a name for themselves and they want to control people. Anything that can be done to hurt them is more than welcome.
BlueJazz
(25,348 posts)..crooked the system has become.
As far as Prosecutors...most of them act like the most ruthless individuals on earth.
reACTIONary
(5,771 posts)20score
(4,769 posts)Any particular reason?
reACTIONary
(5,771 posts)...I'm expressing my opinion. What's wrong with that?
Occulus
(20,599 posts)despite demonstration of such on more than one occasion, well....
Let's just say it sounds very much as if your discrediting of their abilities sounds as if it's to a purpose.
Frankly, what's coming from you on this thread sounds very much like "damage control" of the HBGary kind.
reACTIONary
(5,771 posts)... found this:
http://arstechnica.com/tech-policy/2012/03/the-hbgary-saga-nears-its-end/
"Jim Butterworth told us that there was a "very good chance" that the perpetrators of the hack would be caught. And so it has come to pass....
...this week [the FBI] brought down their quarry with a string of indictments and the possibility of lengthy jail terms. With the arrests, the HBGary Federal hack saga is largely concluded...
... everyone in LulzSec except one member, avunit, had been identified, and every identified member except pwnsauce had been arrested."
A really smart crew*. Their lives are definitely on hold right now. Hopefully not ruined in the long term.
(*Some kids, some young adults.)
Nihil
(13,508 posts)Maybe they are an ex-admin who got fired because someone found that his password
was still set to the default ...?
Katashi_itto
(10,175 posts)reACTIONary
(5,771 posts)...I'm discussing. What's with the innuendo?
bemildred
(90,061 posts)Which fact one can easily see. Watch for the first official spokesperson who chooses to address these activites directly. (It will be some sort of denial, but it wlll also be a "tell", because I can guarantee you they don't want to spread the idea around.)
2pooped2pop
(5,420 posts)hacking if we don't let them have total control of it to hunt down the bad, terrible, foreign, men, who are going to destroy our entire country by web sabotage. This will be the line of reason they use, but it is really to stop anyone like Anonymous from getting THEIR info.
Fire Walk With Me
(38,893 posts)and turned it into the vintage Asteroids game.