Security

The FBI has made a series of raids at addresses across the US and arrested 16 people accused of participating in Anonymous-branded cyberattacks. Arrests were made in Alabama, Arizona, California, Colorado, the District of Columbia, Florida, Massachusetts, Nevada, New Jersey, New Mexico, and Ohio, with further raids and equipment seizures conducted in New York.

14 of those arrested have been charged with conspiring with others to damage computer systems belonging to PayPal. PayPal was the victim of a distributed denial of service attack performed by Anonymous after the site blocked the ability to donate money to WikiLeaks, an action named "Operation Avenge Assange." The defendents range in age from 20 to 42 years old, with 11 males and two females; the 14th defendent has had his or her name withheld.

Separately, a 21-year-old man was arrested for breaking into the InfraGard Web site, tweeting about what he did, and providing instructions so that others could also break in.

Finally, another 21-year-old man was arrested for stealing confidential information from AT&T's systems while working as a customer support contractor. This is the data that was published as part of LulzSec's retirement from the public eye.

The statement issued by the Department of Justice says that in concert with the arrests in the US, one arrest was made in the UK, and four in the Netherlands.

Fox News is reporting that the arrest in the UK was of an unnamed 16-year-old whose online handle is tflow. tflow was prominent within Anonymous' denial of service and hacking operations, and a member of LulzSec too.

Prior to news of tflow's arrest, the handful of people behind breakaway Anonymous splinter group LulzSec—which yesterday came out of retirement to break into News International's servers—said on their IRC channel that they are unaffected by the arrests and raids. Members of the group have speculated that the DoS participants are being targeted because they're readily traced, especially if they use the LOIC tool that Anonymous has often used to perform such attacks. Typical usage of this tool does nothing to mask identities, making it relatively easy to track down its users. LulzSec members, in contrast, have used software such as Tor and anonymous VPN connections to mask their identities.

If tflow has indeed been arrested, he would be the first member of LulzSec to be apprehended; his arrest might also indicate that LulzSec wasn't as anonymous as it thought it was.

Read the comments on this post

LulzSec is back making headlines for itself with an attack aimed at Rupert Murdoch, beleaguered boss of News Corporation. Hackers broken into into servers belonging to News International's, the News Corp subsidiary that owns Murdoch's UK newspapers, and published a fake report of the media mogul's death. Masquerading as a copy of daily tabloid The Sun, the report claimed that Murdoch ingested a large quantity of palladium before stumbling into his garden and dying.

The bogus page was published on a hacked server used to host a preview of upcoming changes to another News International paper, The Times. The hackers then forced The Sun's homepage to redirect to the hacked server. The influx of traffic rapidly overwhelmed the preview server, causing it to generate errors and subsequently get taken down. The redirect currently goes to LulzSec's Twitter page. The reason for this peculiar scheme is apparently that the The Times system has been rooted; the The Sun machine has not.

Individuals affiliated with LulzSec and Anonymous are also claiming to have hacked into News International's mail servers, with a press release due tomorrow. News International is, of course, being targeted in the wake of the News of the World phone hacking scandal that has already caused the resignation of several high-ranking executives within the Murdoch empire, and the closure of the newspaper in question.

Earlier in the day, tweets were also made purporting to be the e-mail addresses and password of various News International employees, including former Chief Executive Rebekah Brooks.

Read the comments on this post

Hackers have reverse engineered the femtocells used by British mobile operator Vodafone, and discovered that they can be used to eavesdrop on callers and used to fraudulently place calls and send text messages. Femtocells are being used increasingly often to provide better phone reception in areas with a weak signal. They contain short-range mobile base stations—typically with a range of 30-60 feet—paired up with Internet connections. Users within the range of the femtocell have their calls routed over a home Internet connection to the mobile operator's system.

Vodafone calls its femtocells Sure Signal. The Sure Signal costs £50, and supports up to 32 phone numbers belonging to 3G phones or Internet dongles. They can be used by any Vodafone customer, whether contracted or pay-as-you-go, with an Internet connection of 1Mbps or faster.

The Do Not Track efforts led by self-managed advertising groups aren't going as well as some might hope, with at least eight participating companies continuing to track users across the Web even after they opt out. The finding highlights the weaknesses of an entirely voluntary system: just because the companies say they will do it doesn't necessarily mean that they will.

The Network Advertising Initiative (NAI) is one of several self-regulating groups aimed at adopting voluntary codes of conduct when it comes to advertising to users online. Late last year, those groups (including the NAI) announced that they would begin pushing the Advertising Option Icon, an icon that is meant to let users know which sites are participating in behavioral tracking. Users would then be able to easily opt out of any behaviorally targeted advertising if they so choose. Collectively, the groups represent some 5,000 other companies that advertise online, though use of the icon itself is voluntary as long as they offer the opt-out functionality.

Servers belonging to IRC Federal, a West Virginia IT company whose clientele included NASA, the Departments of Justice and Defense, and the US Army and Navy, have been broken into, with documents, databases, and e-mails published in yet another hack performed under the AntiSec banner.

The announcement of the hack and release of the documents was named "Fuck FBI Friday II." The original Fuck FBI Friday was Lulz Security's announcement that it had hacked a local affiliate of the FBI's cybercrime community InfraGard. IRC Federal's connection with the FBI is rather more tenuous—the company is privately held, providing services to the government.

After 32 raids across Italy (and one in Switzerland), 15 alleged members of Anonymous have been arrested. The detainees, aged between 15 and 28 with five under 18, have been accused of performing denial of service attacks on Italian Web sites belonging to the government, and on both state and private broadcasters.

The Italian authorities are describing one of the suspects, a 26-year-old Swiss-Italian going by the monkier "Phre," as a "leader" of the hacking group. A further 30 suspects are still being sought.

Researchers at Kaspersky Labs analyzing the 4.5 million-strong Alureon botnet (also known as TDL and TDSS) have branded it "practically indestructible." Law enforcement agencies have had some success recently at disrupting and bringing down botnets, with Coreflood, Rustock, and Waledac all successfully disrupted. The design of TDL's underlying rootkit is going to make similar retaliatory action much harder to pull of.

TDL-4 has been specifically designed to avoid destruction—whether by law-enforcement, anti-virus software, or competing botnets. On installation, TDL-4 will remove other rootkits, an act which both deprives competing operators of income and reduces the chance that the user will notice that their system is behaving strangely and attempt to repair it. The goal of a rootkit is to remain undetected, and that includes noticing that a computer simply isn't behaving correctly.