Anonymous prepares strike against PROTECT IP Act in Operation Payback

The notorious hacktivist group Anonymous, which was recently blamed for the hack on Sony PlayStation Network is preparing for yet another assault. The group is calling its members and supporters for Operation Payback, on the lines of Operation Payback that attacked websites of companies like PayPal and Mastercard in support of Wikileaks founder Julian Assange.

The latest assault is being prepared in a response to recent actions of the U.S. Government, the RIAA, the MPAA and others. “For some time now, powerful interests have been vigorously lobbying the US Government in a campaign to censor the Internet. The PROTECT IP Act is the result of their campaign. Through domain seizures, ISP blockades, search engine censorship, and funding cuts to allegedly copyright infringing websites, the PROTECT IP Act will take Internet censorship to the next level. In its present form, this act threatens the very foundation on which the Internet was built: freedom of thought,” the hacktivist group said on its website explaining the motivation of attack.

The group claims that instead of reducing piracy, this bill endangers the free flow of information. Through domain seizures, ISP blockades, search engine censorship, and the restriction of funding to websites accused of infringement, this bill promises to take Internet censorship to the next level. Furthermore, it violates the citizens ‘ rights to due process, to free speech, to free expression and to legal representation at their hearing.

Anonymous is known to launch DDoS attacks as a form of protest. The group apart from bringing down PayPal and Mastercard, claimed responsibility for DDoS attacks against The Westboro Baptist Church and New Zealand Parliament websites. The group however, denied involvement in the attack on Sony PSN. Lately, the group’s own IRC website was hacked by one of its members, post which the IRC was shifted to another website.

Now, Anonymous is calling upon its supporters to join its IRC channels (Internet Relay Chat) to coordinate and launch the attack(s).

Chinese search engine Baidu sued by New Yorkers

China’s biggest search engine, Baidu was sued on Wednesday by eight New York residents who accused China’s biggest search engine of conspiring with the country’s government to censor pro-democracy speech, Reuters reported.

The lawsuit claims violations of the U.S. Constitution and according to the plaintiffs’ lawyer is the first of its type.

It was filed more than a year after Google Inc declared it would no longer censor search results in China, and rerouted Internet users to its Hong Kong website.

Baidu did not return a request for a comment.

According to the complaint filed in the U.S. District Court in Manhattan, Baidu acts as an “enforcer” of policies by the ruling Communist Party in censoring such pro-democracy content as references to the 1989 Tiananmen Square military crackdown.

This censorship suppresses the writings and videos of the plaintiffs, who are pro-democracy activists, to the extent that they do not appear in search results, the complaint said.

It also violates laws in the United States because the censorship affects searches here, according to the complaint.

“We allege a private company is acting as the arm and agent of a foreign state to suppress political speech, and permeate U.S. borders to violate the First Amendment,” Stephen Preziosi, the lawyer for the plaintiffs, said in an interview.

Preziosi said the alleged censorship also violates federal and New York civil rights laws, as well as New York’s human rights law, on the grounds that “an Internet search engine is a public accommodation, just like a hotel or restaurant.”

The lawsuit seeks $16 million in damages, or $2 million per plaintiff, but does not seek changes to Baidu’s policies.

“It would be futile to expect Baidu to change,” Preziosi said. The plaintiffs live in the borough of Queens in New York City and on Long Island.

China’s Internet censorship practices are viewed as reflecting its belief that keeping a tight grip on information helps the government maintain control. There have been mounting concerns in China that open dissent on the Internet could contribute to destabilizing the country.

Searches for terms deemed sensitive by Chinese censors are routinely blocked, and search engines such as Baidu voluntarily filter searches.

China also blocks social networking sites Facebook, Flickr, Twitter and Google’s YouTube, and President Hu Jintao has called for additional oversight and “mechanisms to guide online public opinion.

Google effectively pulled out of China last spring by redirecting inquiries on its main Chinese-language search page to a website in Hong Kong, avoiding direct involvement in any censorship by the “Great Firewall of China.”

US Strategy for Cyberspace says that US will retaliate hostile acts in cyberspace with military means

“When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. We reserve the right to use all necessary means – diplomatic, informational, military, and economic – as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests. In so doing, we will exhaust all options before military force whenever we can; will carefully weigh the costs and risks of action against the costs of inaction; and will act in a way that reflects our values and strengthens our legitimacy, seeking broad international support whenever possible.”

That isn’t a proposal from a technically challenged US Senator, but the text from the new US International Strategy for Cyberspace. This means you DDoS US and they’ll retaliate with missiles. This is perhaps the most extreme defense strategy against cyberattacks that any country has ever proposed, leave alone implementing it.

The new US cyberspace policy is meant to encourage ‘responsible behavior’ and oppose those who would seek to disrupt networks and systems, thereby dissuading and deterring malicious actors, while reserving the right to defend these vital national assets as necessary and appropriate. According to the policy, the United States will continue to strengthen its network defenses and its ability to withstand and recover from disruptions and other attacks. For those more sophisticated attacks that do create damage, US will act on well-developed response plans to isolate and mitigate disruption to its machines, limiting effects on our networks, and potential cascade effects beyond them.

The new policy has come in the wake of increasingly number of attacks on critical infrastructure that can potentially disrupt power, water and other utility services in the United States. More so, US on many occasions has indicated that they have ‘concrete evidence’ that the cyber attacks on their military websites and sensitive establishments have been coming from China, which is increasingly getting hungry for information.

Asia becomes top spam continent: India contributes 7.1% to worldwide spam

Security firm Sophos has published its latest report into the top twelve spam relaying countries, covering the first quarter of 2011. Despite remaining at the top, the USA’s proportion of the global spam output fell significantly from 18.83% to 13.7% of all spam relayed from compromised computers. The United Kingdom also saw a drop, with its spam pollution falling from 4.54% to 3.2% of total global spam relayed, the UK moving down from fifth to sixth place in the dirty dozen. India was seen as the biggest contributor to Spam in Asia, contributing to 7.1% of worldwide spam.

Sophos warns that the continued growth in popularity of mobile platforms and social networking means that the number of spam attack vectors is increasing and computer security still needs to be at the forefront of people’s minds.

“Although the USA and UK contribution to the global spam problem has decreased in percentage terms, it is essential for organizations not to become complacent,” said Graham Cluley, Senior Technology Consultant at Sophos.

“Financially-motivated criminals are controlling compromised zombie computers to not just launch spam campaigns, but also to steal identity and bank account information. Users need to be educated about the dangers of clicking on links or attachments in spam mails – and many computers may already be under the control of cybercriminals. Businesses and computer users must take a more proactive approach to spam filtering and IT security in order to avoid adding to this global problem.”

Mozilla defies DHS request to take down MafiaaFire Add-on

Immigration and Customs Enforcement, a division of DHS, has seized dozens of domains in an effort to crack down on piracy and copyright infringement, blocking access to the sanctioned websites via the most common domain URL.

From time to time, Mozilla receives government requests for information, usually market information and occasionally subpoenas. Recently the US Department of Homeland Security contacted Mozilla and requested that Mozilla remove the MafiaaFire add-on.  The ICE Homeland Security Investigations unit alleged that the add-on circumvented a seizure order DHS had obtained against a number of domain names. Mafiaafire, like several other similar  add-ons already available through AMO, redirects the user from one domain name to another similar to a mail forwarding service.  In this case, Mafiaafire redirects traffic from seized domains to other domains. Here the seized domain names allegedly were used to stream content protected by copyrights of  professional sports franchises and other media concerns.

Mozilla has initially refused a Department of Homeland Security request to remove the third-party tool. To evaluate Homeland Security’s request, Mozilla has asked them several questions similar to those below to understand the legal justification:

• Have any courts determined that the Mafiaafire add-on is unlawful or illegal in any way? If so, on what basis? (Please provide any relevant rulings)
• Is Mozilla legally obligated to disable the add-on or is this request based on other reasons? If other reasons, can you please specify.
• Can you please provide a copy of the relevant seizure order upon which your request to Mozilla to take down the Mafiaafire  add-on is based?

According to the Mozilla, they haven’t received any response from Homeland Security nor any court order so far.

One of the fundamental issues here is under what conditions do intermediaries accede to government requests that have a censorship effect and which may threaten the open Internet. Others have commented on these practices already.  In this case, the underlying justification arises from content holders legitimate desire to combat piracy.  The problem stems from the use of these government powers in service of private content holders when it can have unintended and harmful consequences.  Longterm, the challenge is to find better mechanisms that provide both real due process and transparency without infringing upon developer and user freedoms traditionally associated with the Internet.

Kaspersky Lab Obtains US Patent for Rootkit Detection and Treatment System

Kaspersky Lab has obtained a US patent for a method of combating rootkits that has already been implemented in a number of its security products.

Rootkits are malicious programs that can run at the kernel level of an operating system and load when the system boots. This makes rootkits difficult to detect using standard protection tools. Detecting and treating rootkits usually poses a daunting challenge for antivirus vendors. However, the experts at Kaspersky Lab have designed and patented a method that effectively combats the cybercriminals’ most sophisticated creations.

At the heart of patent No. 7921461 is a method of detecting rootkits that creates two images of the operating system during the boot process: one before and the other after drivers are loaded at the kernel initialization stage. The images created in kernel mode include system services that can be identified by a special flag. The presence of a rootkit in the system can be determined by comparing the two images. This comparison identifies whether the system has changed during the boot process and where any change occurred. Based on this data, the system can be treated and the rootkit neutralized.

“The newly patented method is advantageous in that the data is collected while the operating system boots, so the user will not notice any deterioration in system performance,” said Andrey Sobko, inventor of the technology and Head of Driver Development at Kaspersky Lab.

Currently, over one hundred applications filed by Kaspersky Lab are being processed by the patent authorities in the USA, Russia, China and Europe. These pending patents all cover innovative new IT security technologies.

Ceridian and Lookout Services promise better security after exposing 65,000 users’ data

Two companies that maintain large amounts of sensitive information about the employees of their business customers, including Social Security numbers, have agreed to settle US Federal Trade Commission charges that they failed to employ reasonable and appropriate security measures to protect the data, in violation of federal law. Among other things, the settlement orders require the companies to implement comprehensive information security programs and to obtain independent audits of the programs every other year.

The settlements with Ceridian Corporation and Lookout Services are part of the FTC’s ongoing efforts to ensure that companies secure the sensitive consumer information they maintain. In complaints filed against the companies, the FTC charged that both Ceridian and Lookout claimed they would take reasonable measures to secure the consumer data they maintained, including Social Security numbers, but failed to do so. These flaws were exposed when security breaches at both companies put the personal information of thousands of consumers at risk. The FTC challenged the companies’ security practices as unfair and deceptive.

According to the FTC’s complaint against Ceridian, a provider to businesses of payroll and other human resource services, the company claimed, among other things, that it maintained “Worry-free Safety and Reliability . . . Our comprehensive security program is designed in accordance with ISO 27000 series standards, industry best practices and federal, state and local regulatory requirements.” However, the complaint alleges that Ceridian’s security was inadequate. Among other things, the company did not adequately protect its network from reasonably foreseeable attacks and stored personal information in clear, readable text indefinitely on its network without a business need. These security lapses enabled an intruder to breach one of Ceridian’s web-based payroll processing applications in December 2009, and compromise the personal information – including Social Security numbers and direct deposit information – of approximately 28,000 employees of Ceridian’s small business customers.

The other company, Lookout Services, Inc., markets a product that allows employers to comply with federal immigration laws. It stores information such as names, addresses, dates of birth and Social Security Numbers. According to the FTC’s complaint against Lookout, despite the company’s claims that its system kept data reasonably secure from unauthorized access, it did not in fact provide adequate security. For example, unauthorized access to sensitive employee information allegedly could be gained without the need to enter a username or password, simply by typing a relatively simple URL into a web browser. In addition, the complaint charged that Lookout failed to require strong user passwords, failed to require periodic changes of such passwords, and failed to provide adequate employee training. As a result of these and other failures, an employee of one of Lookout’s customers was able to access sensitive information maintained in the company’s database, including the Social Security numbers of about 37,000 consumers.

The settlement orders bar misrepresentations, including misleading claims about the privacy, confidentiality, or integrity of any personal information collected from or about consumers. They require the companies to implement a comprehensive information security program and to obtain independent, third party security audits every other year for 20 years.

Sony blames Anonymous for PSN and SOE hack

Sony has finally broken the ice and replied to the US Commerce Committee on the recent PlayStation hack that affected 77 million users and subsequent attack on Sony Online Entertainment that affected another 25 million users. In a formal letter addressed to members of the House Commerce Committee, Sony Computer Entertainment America, Kazuo Hirai suggests the rogue hacktivist movement Anonymous played a role in the massive customer data breach that now exceeds 100 million records.

Anonymous followers had previously taken credit for a distributed denial of service (DDoS) attack against the Sony websites in early April but refused any involvement in the later hack on PSN and SOE.

Initially, Sony representatives did not seek to connect the hacktivist group with the data breach event. That has changed now that forensic investigators have located a file on the hacked PSN systems named “Anonymous” and containing the movement’s tagline “We are Legion.”

The discovery was enough evidence for Sony’s chairman to state in the letter to Congress that Anonymous was at least partly to blame for the customer data loss event:

“Just weeks before, several Sony companies had been the target of a large-scale, coordinated denial of service attack by the group called Anonymous… Whether those who participated in the denial of services attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know. In any case, those who participated in the denial of service attacks should understand that – whether they knew it or not – they were aiding in a well planned, well executed, large-scale theft that left not only Sony a victim, but also Sony’s many customers around the world,” Hirai’s letter said.

The letter to Congress also sought to counter criticism that Sony waited too long to notify authorities and customers of the breach, stating that the company only released information after it was confirmed in the investigation:

“Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence,” Hirai’s letter said.

Sony has provided a summary of Hirai’s letter to Congress:

In summary, we told the subcommittee that in dealing with this cyber attack we followed four key principles:

1. Act with care and caution.
2. Provide relevant information to the public when it has been verified.
3. Take responsibility for our obligations to our customers.
4. Work with law enforcement authorities.

We also informed the subcommittee of the following:

• Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.

• We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”

• By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken, and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.

• As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.

• Protecting individuals’ personal data is the highest priority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.

• We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer.

Hackers made $11 million in unauthorized transfers to China, says FBI

In a first of its kind report, Federal Bureau of Investigation, U.S. (FBI) has quantified the economic impact of Chinese hackers on U.S. businesses. According to a fraud alert from FBI, U.S. businesses have been taken for at least $11 million over the last year thanks to unauthorized wire transfers to China. Cybercriminals have been compromising the businesses’ banking credentials in order to send money overseas.

At least 20 incidents occurred between March of 2010 and April of 2011 that resulted in the credentials of small-to-medium-sized businesses being compromised. According to the FBI, the typical scenario involves scammers sending phishing e-mails to the business in question, at which time someone enters the business’ banking credentials into a malicious website. The scammers then use the credentials to log into the business’real banking website in order to wire money to “Chinese economic and trade companies.”

In just a year, this resulted in $11 million in losses, with transfer amounts ranging from $50,000 to $985,000 at a time. The total attempted amounts were closer to $20 million, though—the FBI says that many attempted transfers were over $900,000, but the scammers are usually more successful trying smaller amounts. On top of the electronic wire transfers, some of the scammers also sent domestic money mules to the U.S. in order to make further fraudulent transactions.

“The economic and trade companies appear to be registered as legitimate businesses and typically hold bank accounts with the Agricultural Bank of China, the Industrial and Commercial Bank of China, and the Bank of China,” the FBI warned. “At this time, it is unknown who is behind these unauthorized transfers, if the Chinese accounts were the final transfer destination or if the funds were transferred elsewhere, or why the legitimate companies received the unauthorized funds. Money transfers to companies that contain these described characteristics should be closely scrutinized.”

The FBI says that some—but not all—cases seem to involve attacks through malware such as ZeuS, Backdoor.bot, and Spybot.

“My Top 10 stalkers” Facebook scam targets users in specific countries

A new spam campaign, similar to campaigns we have seen in the past, is spreading on Facebook. This one, however, has some interesting twists to it.

A Websense blog has reported that the core of the campaign involves a Facebook app that claims to know who your “Top 10 stalkers” are.

It works by creating an album – “My Top 10 stalkers” – with the description “Check who views your profile @,” followed by a bit.ly URL-shortened link. It then automatically uploads a photo to the app and tries to mark all the user’s friends in the photo.

The bit.ly link redirects the user to a page that uses JavaScript to determine the geographical location of the computer based on its IP address. Depending on the location, the page then redirects users located in specific targeted countries to the Facebook App in an attempt to further spread the infected link. The campaign is targeted at Facebook users in the United States, Canada, United Kingdom (including a specific target for Great Britain), Saudi Arabia, Norway, Germany, Spain, Slovenia, Ireland, and United Arab Emirates.

Hackers have already switched to using a new app. The first illegitimate app was deleted by the Facebook security team. Both apps use exactly the same mechanism to post spam profile messages in Facebook. Regardless of whether the JavaScript redirects the browser to the Facebook app because of its origin, all users are ultimately redirected to a scam page that tries to lure them into completing several fake surveys. Hackers use this method to try to collect personal information such as the user’s home address, e-mail address, or phone number.

If the user tries to navigate away from the page or close the browser, a message appears asking them to stay and complete a “SPAM-free market research survey to gain access to this special content.” Special it may sound, but it is definitely not spam-free!

As always, if a page forces you to Like, Share, or install an application in order to view it, DON’T DO IT! Chances are, it’s spam.