A New Mexico man is facing federal hacking charges for allegedly using the now defunct attack-for-hire service vDOS to launch damaging digital assaults aimed at knocking his former employer’s Web site offline. Prosecutors were able to bring the case in part because vDOS got massively hacked last year, and its customer database of payments and targets leaked to this author and to the FBI.
Facebook is attempting to dismantle a new social networking worm that spreads via an application built to run seamlessly as a plugin across multiple browsers and operating systems. In an odd twist, the author of the program is doing little to hide his identity, and claims that his “users” actually gain a security benefit from installing his software.
At issue is a program that the author calls “LilyJade,” a browser plugin that uses Crossrider, an emerging programming framework designed to simplify the process of writing plugins that will run seamlessly across multiple browsers and operating systems, including Google Chrome, Internet Explorer, and Mozilla Firefox. The plugin spreads by posting a link to a video on a user’s Facebook wall, and friends who follow the link are told they need to accept the installation of the plugin in order to view the video. Users who accept the terms of service for LilyJade will have their accounts modified to periodically post links that help pimp the program.
A bill moving through the U.S. Senate that would grant the government greater power to shutter Web sites that host copyright-infringing content is under fire from security researchers, who say the legislation raises “serious technical and security concerns.” Meanwhile, hacktivists protested by attacking the Web site of the industry group that most vocally supports the proposal.
Earlier this month, the Senate Judiciary Committee passed the Protect IP Act (PDF), a bill offered by its chair, Sen. Patrick Leahy (D-Vt.) that would let the Justice Department obtain court orders requiring U.S. Internet service providers to filter customer access to domains found by courts to point to sites that are hosting infringing content. The bill envisions that ISPs would do this by filtering DNS requests for targeted domains. DNS, short for the “domain name system,” transforms computer-friendly “IP addresses (such as 220.127.116.11) into words that are easier for humans to remember (typing krebsonsecurity into a browser brings you to 18.104.22.168, and vice versa).
The Web sites for computer game giant Eidos Interactive and one of its biggest titles — Deus Ex– were defaced and plundered on Wednesday in what appears to have been an attack from a splinter cell of the hacktivist group Anonymous. The hack comes just days after entertainment giant Sony told Congress that Anonymous members may have been responsible for break-ins that compromised personal information on more than 100 million customers of its PlayStation Network and other services.
A company that is helping the federal government track down cyberactivists who have been attacking business that refused to support Wikileaks has itself been hacked by the very same activists it is investigating.
At the center of the storm is a leaderless and anarchic Internet group called Anonymous, which more recently has been coordinating attacks against Egyptian government Web sites. Late last month, authorities in the U.K. and the U.S. moved against at least 45 suspected Anonymous activists. Then, on Saturday, the Financial Times ran a story quoting Aaron Barr, the head of security services firm HBGary Federal, saying he had uncovered the identities of Anonymous’ leaders using social networking sites and planned to release his findings at a security conference in San Francisco next week.
In early 2000 — ages ago in Internet time — some of the biggest names in e-commerce were brought to their knees by a brief but massive assault from a set of powerful computers hijacked by a glory-seeking young hacker. The assailant in that case, known online as Mafiaboy, was a high school student from a middle-class suburban area of Canada who was quickly arrested after bragging about his role in the attacks.
It wasn’t long before the antics from novice hackers like Mafiaboy were overshadowed by more discrete attacks from organized cyber criminal gangs, which began using these distributed denial-of-service (DDoS) assaults to extort money from targeted businesses. Fast-forward to today, and although vanity DDoS attacks persist, somehow elements in the news media have begun conflating them with the term “cyberwar,” a vogue but still-squishy phrase that conjures notions of far more consequential, nation-state level conflicts.