‘Anonymous’ Declares War On Corrupt Mainstream Media

As of June 1st, Ghost Squad Hackers – the same group leading #OpIcarus – have launched a series of coordinated attacks against leading members of the corporate mainstream media. Giving credit where credit is due, Tec.mic and Softpedia were the first to report the operation. But their reports only tell a portion of the whole story, we will explain why in a moment.

 

Broadly speaking, the goal of the #OpSilence is to attack all the corrupt major news networks that mislead and censor information from the general public. More specifically, the news agencies who conceal the crimes of Israel, while misleading the population about the mistreatment of the Palestinian people. The operation is off to a quick start, Ghost Squad has successfully” carried out DDoS attacks on CNN and FOX News” already just this month. More attacks are promised, NBC and MSM appears to be their next target.

 

https://t.co/T7LxqJjzQN “FOXNEWS” Email server has been crashed for 8+ hours by #GhostSquadHackers #OpSIlencepic.twitter.com/uS5zWm75SQ

— s1ege (@s1ege_) June 1, 2016

 

 

When Tech.mic and Softpedia presented their coverage of the hacks, they included images and references directly to Anonymous. But upon reading these articles, Ghost Squad had a message of their own that they want everyone to hear:

 

ALL OF THE MEDIA WHO REPORTS ON OUR ATTACKS #OPSILENCE IS GSH OP NOT ANONOP WE ARE NOT AND I REPEAT NOT ANONYMOUS

— s1ege (@s1ege_) June 1, 2016

 

 

It is no secret Ghost Squad has a close affiliation with Anonymous; I am sure this is how the group got started in the first place. The group insists they speak for themselves, they are essentially trying to get their own reputation – credibility.

 

But there is a second layer to this discussion highlighting the recent divide within Anonymous. There has been a “Civil War” of sorts in recent months, and the reputation of the Anonymous collective as a whole has been damaged. Last winter, prominent hacktivist group Ghostsec also cut their ties with Anonymous. In a statement they said “Anonymous has a habit of shooting in every direction and asking questions later.” In other interviews they imply that Anonymous has developed a reputation for behaving immature – more concerned with silly DDoS’ing attacks than changing the world.

 

Since the quarreling of #OpWhiteRose many people have splintered off, or left Anonymous entirely – just another in the long list of strange effects Donald Trump has had on the entire world. Ghost Squad is one of the groups effected by this ‘Civil War.’ In the time since this happened last March, the group has exploded onto the scene, quickly becoming one of the most influential and talked about hacking groups in the entire world in 2016.

 

I have no doubt about the origins of this operation though, this goes back to#OpMediaControl which began last June. The operation called for the hacking of every major news network in the United States, testing their email systems, DDoS’ing web sites, attempting to hack in teleprompters or live feeds – anything you could think of. Last I heard back in December, they were still trying to recruit people to join them for an event this summer. Sound familiar to what Ghost Squad is doing right now?

 

For the purposes of accuracy, AnonHQ News reached out to our contacts in #OpMediaControl. We gave them a preview of the article and asked them what they thought. They showed us a press release dating May 28, 2016, a video proclaiming that#OpMediaControl has been re-engaged. Of course, #OpSilence proceeded to begin June 1st. In another interesting note, earlier last month Anonymous Resistance Movement, one of the groups behind #OpMediaControl, conducted an interview with GhostSquad. So as you can see, the two groups are well acquainted with one another – these operations are no coincidence.

Ghost Squad may be stepping up from the pack here, but make no mistake, this operation has been in the making for over a year and Anonymous led the way.

 

Source:  http://macedoniaonline.eu/content/view/29562/61/

Anonymous Announces #OpSilence, Month-Long Attacks on Mainstream Media

Members of the Ghost Squad Hackers team, one of most active Anonymous sub-divisions, have carried out DDoS attacks on CNN and FOX News as part of a new hacktivism campaign.

Called OpSilence, the campaign’s goal is to attack all mainstream media that fails to report on the Palestine war or the true crimes happening in Syria, one of the hackers told Mic.

#OpSilence will take place during the entire month of June 2016

The operation will be run similarly to #OpIcarus, a month-long series of attacks that took place in the month of May against various banks around the world.

Any hacktivism group is welcomed to join, and the campaign comes on the heels of OpIcarus, which just ended yesterday.

Ghost Squad Hackers didn’t wait for June to start to begin their attacks, and they’ve already hit the email servers of FOX News and CNN. The group has been changing tactics lately, switching from DDoSing public websites to attacking mail servers, as they did most recently against the Bank of England.

Other hackers have taken a pro-Palestine stance before

Taking a pro-Palestine stance isn’t something strange for hackers, many others supporting this cause as well. The previous group that did so was CWA (Crackas With Attitude), whose hacked targets include CIA Director John Brennan’s personal AOL email account, FBI Deputy Director Mark Giuliano, US National Intelligence Director James Clapper, and President Barack Obama’s Senior Advisor on science and technology John Holdren.

The group is also responsible for hacking the JABS US national arrests database. They also leaked details for 2,400 US government officials, 80 Miami police officers, 9,000 DHS employees, and 20,000 FBI staffers.

Back in February, the group’s leader, a sixteen-year-old boy, was arrested in East Midlands, England.

External Source: http://www.ddosattacks.net/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media/

 

Internal source:  http://news.softpedia.com/news/anonymous-announces-opsilence-month-long-attacks-on-mainstream-media-504760.shtml

Anonymous Leads the Pack for 2016’s Trending Hacktivist Groups

Based on collected threat intelligence and social media hype, SurfWatch Labs says that Anonymous maintained its position as top trending hacktivist group, followed by Turk Hack Team (THT), New World Hacking (NWO), and Ghost Squad Hackers.

The data reveals that, compared to other years, hacktivism has slowed down and lost momentum but has still managed to cause enough damages to gain mainstream media attention.

The security firm says that government agencies were hit the hardest by hacktivism campaigns, with the most hype having been generated around the now-infamous COMELEC hack by Anonymous Philippines and Lulzsec Philippines, during which details for around 50 million Filipino voters were leaked.

2016 is a down year for hacktivism, but groups generated enough hype

Besides this incident, hacktivist groups generated a lot of attention to their causes via the massive DDoS attack on BBC at the start of the year, the DDoS attacks on Donald Trump’s websites part of #OpTrump, the DDoS attacks on the Bank of Greece part of #OpIcarus, and the ones on Nissan part of #OpKillingBay.

Other smaller hacktivism incidents that also brought a lot of attention to causes and the groups behind them were the attacks on the Bank of Cyprus, the takedown of ISIS Twitter profiles following the Belgium attacks, and the leak of data from NASA’s internal network.

The top five hacktivism campaigns during the first months of 2016 were #OpTrump, #OpKilling Bay, #OpWhales, #OpIsrael, and #OpAfrica. #OpIcarus was not included since it’s supposed to last for the entire month of May, but the campaign is sure to become a mainstay in Anonymous’ standard operations.

SurfWatch Labs also points out in its report that former big names such as the Syrian Electronic Army and Lizard Squad seem to have fallen off the face of the earth, with the company seeing no to little activity from its members. Taking into account that the US has filed former charges against members of the Syrian Electronic Army, the group’s members are probably busy avoiding getting arrested.

Source:  http://news.softpedia.com/news/anonymous-leads-the-pack-of-2016-s-trending-hacktivist-groups-504605.shtml

DDoS attacks still growing…and stronger

Cybercriminals are strengthening their DDoS attacks with more amplification and new methods to refine their botnets, according to the just released “Kaspersky DDoS Intelligence Report for Q1 2016.”

DDoS attacks employing amplification/reflection strategies remain a favorite tool for miscreants, with targets running from presidential candidates to security companies. And attacks at the application level remain high.

Hackers are more and more using the DNSSEC protocol to carry out DDoS attacks, the report found. This strategy enables them to minimize DNS spoofing attacks, while amplifying the power of their incursions.

Attackers target the .gov domain as well as security companies, particularly those offering anti-DDoS services, the report found. While security company sites are well protected, they still remain a favorite target because they are being used as test beds, the researchers determined.

The number of DDoS attacks declined a bit compared to last year, but their strength has increased fourfold.

 

Source:  http://www.scmagazine.com/ddos-attacks-still-growingand-stronger-kaspersky/article/492765/

Popular VPN service fights back against DDoS ransom demand

But today — a full five days before the ransom demand came due — the company struck back, going public with the demand and promising to withstand any attack criminals attempted. “We apologize for any disruption as a result of these attacks; please know that we will do everything in our power to thwart them,” the company wrote in a blog post today. “But let us reiterate: no matter what happens, we simply will not pay these garden-variety thugs.” (The line was later removed.)

It’s a common scheme for web criminals, who often see small services as more likely to comply with the demands. In recent years, similar attacks have targeted Meetup, Feedly, Fastmail, and even Greek banks, often demanding higher and higher sums the longer sites wait to pay. There are a number of paid and open-source protections against denial-of-service attacks, but unpatched servers and other devices have made it easy for criminals to keep pace, ever larger attacks in recent years.

 

Source:

http://www.theverge.com/2016/4/20/11471862/cloak-vpn-ddos-ransom-demand

 

DDoS now a cover for something more sinister

Police are taking DDoS attacks seriously, as they are being used as a front to cover bigger assaults.

While to date police have considered distributed denial-of-service (DDoS) attacks to be a low-level crime, they are now starting to take them a lot more seriously.

According to Mike Hulett, head of operations at the National Crime Agency’s Cybercrime Unit, DDoS attacks have risen up law enforcement’s agenda for a couple of reasons.

Speaking at the Security & Counter Terror Expo in London he said: “This is something that I wouldn’t say law enforcement has ignored over the years, but it’s been seen as relatively low level. It’s a bit like swatting a fly, it’s an annoyance thing: ‘We don’t really want to launch an investigation against it, do we?'”

However, this approach has now changed because “something different is happening with DDoS”, Hulett said, describing how previously, organisations could fend of DDoS attacks with relative ease, but now, they’re becoming more difficult to fight against.

“Normally it’s something big business can deal with and mitigate as a matter of course. We’ve seen some recent examples of companies — which I won’t name — which can’t mitigate against these DDoS attacks.

“So what’s happening out there? What’s changing? What’s different about DDoS now to what it was before?,” he said, detailing how law enforcement agencies are changing their approach to this style of attack — which security researchers have warned is getting bigger and more dangerous all the time.

But while Hulett said DDoS is still classed as a “lower level” priority, he described how it’s important for the police to get a better grip on it because it remains what police describe as a “gateway crime” — a way for young people to get involved with organised crime, something police are keen to prevent.

DDoS is also increasingly used as a distraction technique to draw cybersecurity teams away from more destructive attacks, a technique seen during last year’s TalkTalk hack.

“The TalkTalk attack was exactly that. It started off as a DDoS — which is the first time the company realised something was going wrong with its systems — but what they weren’t spotting was that the DDoS was a mask for an SQL injection going on at the same time,” Hulett explained.

“This is how DDoS is changing. It’s not just the annoyance factor — ‘look at me, I’m so clever, I’ve taken down this website’, for example — sometimes it’s actually a mask for something more sinister going one elsewhere. It’s something we’re seeing increasingly used as a distraction technique,” he said.

Source: http://www.zdnet.com/article/denial-of-service-attacks-now-a-cover-for-something-more-sinister/

Hackers deface Philippine govt websites

MANILA: Hackers launched a series of New Year’s day attacks that temporarily shut down several Philippine government websites including the office of the vice-president, officials said Monday.

Vice President Jejomar Binay said hackers calling themselves the PrivateX group brought down his official website for 15 hours Sunday and denied access to mostly migrant Filipinos checking on his office’s activities.

The website provides information on the programmes, projects and services of his office, which also serves as a portal for country’s more than nine million overseas workers to air their concerns and grievances.

“On January 1, 2012 at about 4 pm, the official website of the Office of the Vice President was hacked by the PrivateX group, which caused the site to be down by more than 15 hours,” Binay said in a statement.

He said his website was hosted by the state-run Advanced Science and Techology Institute (ASTI) which had already launched an investigation into the incident.

“We have been informed that ASTI is looking into the incident and will put in place the needed safeguards,” he said.

The same group had also defaced the websites of the Philippine Nuclear Research Institute, the anti-piracy Optical Media Board and two others run by small government agencies.

Little is known about the PrivateX group, but in a message it left on the defaced websites, which Binay’s office had taken down, it said its purpose was to show how vulnerable Philippine websites were to such attacks.

The emphasis of its attacks was to call out “the government’s action toward cyber security.”

“We are anonymous. We are legion, we don’t forgive. We don’t forget. United as one, divided by zero. Expect us,” the statement said.

Cutwail Botnet Launches yet another Spam Campaign

Researchers from M86 Security Labs have observed the Cutwail/Pushdo botnet reportedly executing one spam campaign that has different topics like Automated Clearing House, orders for airline tickets, scanned document, or Facebook notification.

Although there aren’t any malware attachments in the mentioned spam mails, M86 states that the malicious payload gets launched through web-links that take onto sites, which host the malware.

In addition within Facebook, the payload is served through web-links like ‘See all Requests’ or ‘Confirmation of Friend Request,’ which on clicking, leads the user onto a malware-hosted site.

Meanwhile, the captions within the website-based spam look similar to Rick Mayor wants to be friends on Facebook or Alexander Tomlinson wants to be friends on Facebook. Noticeably, in these captions, the letter cases used are varied and the profile names too randomly chosen.

Further, the spam message may appear as one authentic Facebook notification. Nevertheless on inspecting carefully, it shows the inherent web-link diverts onto a malware-hosted site.

One more fake message, which tells the recipient bought a flight ticket using his credit card, is also the theme of this spam. Here too, clicking on the web-link to get more information takes the unwitting end-user onto a malicious site.

Occasionally, the websites that are connected to given links might actually be lawful; however, cyber-criminals perforce controlled them and inserted the same malicious content.

Additionally, security researchers state that the ACH-themed e-mails aren’t circulating new, while expectedly Web-surfers are aware that they require being overlooked. However, the spam mails, which are supposedly scanned documents, can pose one real hazard, particularly within office-environments.

Eventually, electronic mails, which look like colleagues in office sent them, apparently containing an image that the office equipment designed must get regarded as immensely doubtful, especially because the sender’s id could be conveniently spoofed so the e-mails appear no less than authentic.

Actually, in these e-mails, the provided URL leads onto an HTML file, which’s the same attack toolkit that was earlier utilized within spam scams like those captioned as “Steve Jobs is Alive” or e-mails relating to phony LinkedIn notifications.

Conclusively, it’s advisable that Web-surfers remain vigilant of such fake e-mails.

FBI warns Idaho residents, businesses of new phishing scam

The FBI’s Cyber Squad says Idaho residents and businesses should watch out for a new phishing scheme.
A new phishing campaign involving personal and business bank accounts, financial institutions and jewelry stores has been discovered by the FBI Denver Cyber Squad.
The campaign involves a variant of the “Zeus” malware called “Gameover.” People receive emails pretending to be legitimate emails from the National Automated Clearing House Association. The email advises a user there was problem with the automated clearing house transaction at the user’s bank and a transaction was not processed. Once the user clicks on the link, the user’s computer is infected with the Zeus or Gameover malware. The malware tracks the user’s real time strokes on the keyboard and steals the user’s online banking credentials.
One such email send Thanksgiving Day to an Idaho Statesman reporter’s work email account said it was from the Electronic Payments Association. It said an ACH payment — ACH stands for Automated Clearing House — transfer of funds had been rejected. Next to “Reason for rejection,” the email said, “Please refer to the report below for more information,” and then provided a link to what purports to be a Microsoft Word document.
The FBI said the thieves use the account information to make wire transfers of the user’s money. A portion of the wire transfers are being transmitted directly to high-end jewelry stores. Investigation has shown the perpetrators contact the high-end jeweler requesting to purchase precious stones and high-end watches. They say they will wire the money to the jeweler’s account and someone will come to pick up the merchandise. The next day when a money mule arrives at the store, the jeweler confirms the money has been transferred or is listed as “pending” and releases the merchandise to the mule. Later on, the transaction is reversed or canceled, and the jeweler is out whatever jewels the money mule was able to obtain.
After the user’s account has been compromised, the thieves conduct what’s called a distributed denial of service attack on the user’s financial institution. Investigators believe the attacks are used to deflect attention from wire transfers as well to make the institutions unable to reverse the transactions if found.
The FBI is asking consumers to be cautious of opening email from senders or email addresses that are not familiar.

F-Secure finds rare digitally signed malware

Researchers at F-Secure have uncovered a rarity–malware that is signed with a valid code-signing certificate stolen from a government.
The malware uses a certificate for mardi.gov.my, which is the Agricultural Research and Development Institute of Malaysia. That agency told F-Secure that the certificate had been stolen “quite some time ago.” It expired at the end of September so is no longer effective for authentication.
The Trojan program, which F-Secure detected as Agent.DTIW, spreads via malicious PDF files that exploit a vulnerability in Adobe Reader 8, according to the F-Secure blog.
“The malware downloads additional malicious components from a server called worldnewsmagazines.org. Some of those components are also signed, although this time by an entity called www.esupplychain.com.tw,” the blog post says.
Code-signing certificates are used to authenticate software so a computer will trust it and run it.
“It’s not that common to find a signed copy of malware. It’s even rarer that it’s signed with an official key belonging to a government,” Mikko Hypponen wrote on the blog.
Stolen digital certificates are used by hackers to trick people into visiting malicious Web sites, as well as trick computers into running untrusted code. They were used with Stuxnet, which targeted SCADA (supervisory control and data acquisition) systems, and more recently with the recently discovered Duqu malware.
Being targeted by hackers is a growing problem for certificate authorities that issue the certificates. Dutch DigiNotar filed for bankruptcy after its system was breached and a hacker was able to generate fake certificates. The same hacker claimed credit for that breach, as well as one involving CA Comodo and its resellers earlier this year.
And this isn’t the first time there has been an issue with certificates from Malaysia. Earlier this month, Mozilla said that Malaysian certificate authority DigiCert Sdn. Bhd had issued 22 certificates with weak keys. While there was no evidence that the certificates were issued fraudulently, the weak keys allowed the certificates to be compromised, Mozilla said.
Meanwhile, Dutch certificate authority KPN said it was suspending the issuing of certificates after finding a distributed denial-of-service tool on one of its Web servers.
Originally posted at InSecurity Complex