Notorious Hackers Of 2013
This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups.
If recent years are any guide, crime-committing hacktivists should loom large. In 2011, LulzSec stormed on to the scene, pulling off 50 days of hacks that mixed technical savvy with PR acumen. But by 2012, the leaders of LulzSec had been arrested, as had many participants in high-profile Anonymous operations, thanks to a concerted effort by the FBI and its counterparts overseas. By the end of 2013, some of the best-known domestic hackers with political aims either were in jail or, in the case of some people arrested in Britain, had already served time and were on parole.
Policing hacks launched from non-allied countries has always been a different story, given the Department of Justice's inability to arrest, extradite, or sometimes even identify suspects operating from certain countries. For example, many crimeware toolkit-driven campaigns that use bots to steal personal financial details and then remove millions of dollars from banks are run from Russia or former Soviet satellites that have no extradition treaty with the United States.
Foreign attackers who hold a political grudge against the United States likewise remain tough to stop. Last year, a group of foreign attackers -- backed by the Iranian government, US government officials have alleged -- launched Operation Ababil, a series of distributed denial-of-service (DDoS) attacks against US banks. Those attacks continued into their fourth wave in 2013, making them the longest-running series of online attacks in history. Despite the timing and the targets being revealed in advance, targeted banks often had difficulty blunting the DDoS attacks.
Also on the overseas tip, US officials increased their denunciation of state-sponsored Chinese hackers in 2013. Though China had long been suspected of hacking businesses and government agencies, government officials began publicly pointing the hack-attack finger after the security firm Mandiant published evidence of what it said was an elite PLA military online hacking team, which it had linked to the theft of intellectual property from US businesses, as well as the theft of US military secrets.
Hacking has long been defined -- loosely, anyway -- in terms of white, black, and gray hats, referring to hackers who pursue ethical computer security research (white hats), people who hack solely for their own gain or at the expense of others (black hats), and people who fall somewhere in the middle (gray hats). Clearly, Chinese APT attacks, crimeware toolkits, bank DDoS exploits, and other leading hack attacks were evidence of black-hat behavior.
But the world turned a lot more gray beginning in the middle of 2013, after Edward Snowden, a National Security Agency contractor, fled to China and began leaking 1.7 million secret NSA documents. Those disclosures, which are ongoing, have begun to pull back the curtain on America's massive online surveillance apparatus. For example, we've learned that the agency hacked into tens of thousands of PCs abroad, as well as hacking into Internet backbone communications or technology giants' datacenters directly, to allow the agency to eavesdrop on foreign and domestic communications.
Who are the good guys and bad guys now? Click the image above for this year's list of the most notorious hackers
This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups.
Anonymous hacking collective
But that didn't stop the collective from protesting perceived injustices. Its Operation Last Resort included hacking the US Sentencing Commission website -- which establishes sentencing policies and practices for the federal courts -- to include a game of Asteroids, to protest federal prosecutors having threatened Reddit co-founder Aaron Swartz with a 35-year prison sentence for downloading millions of documents from the JSTOR archive, which helped drive Swartz to commit suicide. The group also defaced a Massachusetts Institute of Technology website to denounce the institution's failure to protest Swartz's prosecution.
As the year progressed, the campaigns continued, with Anonymous channeling mass anger over the 2008 economic crash -- as well as the fact that no Wall Street executives were ever charged with crimes related to it -- by leaking what it said were passwords for 4,000 financial executives. Rebranded as Operation Wall Street, the effort continued, with the hacktivist collective calling on the public to dox (release sensitive documents on) bank executives.
Anonymous continued with attacks against North Korean websites after the country's leadership threatened to restart a nuclear reactor; OpIsrae" attacks against Israeli websites -- taking sides in the Israeli-Palestinian conflict -- that reportedly fizzled; an OpUSA attack against banks and government agencies that likewise fizzled; and a threatened Guantanamo Bay Naval Base attack that led authorities there to deactivate WiFi and social media.
Meanwhile, Anonymous earned widespread praise in October when its members launched Operation Maryville to highlight the case of two Missouri girls, ages 13 and 14, who were both allegedly raped last year, only to see prosecutors drop charges against one of the girl's alleged attackers. The outcry helped draw attention to the case, leading the state's lieutenant governor to demand that a grand jury investigate.
This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state-sponsored groups.
Stratfor hacker Jeremy Hammond
Anonymous-allied Jeremy Hammond hacked into the private intelligence contractor Strategic Forecasting (known as Stratfor) in late 2011 and then posted the stolen files to a server that now appears to have been owned by the FBI. He also distributed the stolen information to WikiLeaks, which published it as part of its Global Intelligence Files program.
Hammond was indicted in 2012. In May 2013, he pleaded guilty to one count of conspiracy to engage in computer hacking. He admitted to masterminding the Stratfor hack, compromising account information for approximately 860,000 Stratfor users, and publishing stolen data pertaining to 60,000 credit cards. Anonymous later used the cards to make $700,000 in unauthorized donations to nonprofit groups. In addition, Hammond admitted to hacking numerous other organizations, ranging from the FBI's Virtual Academy and the Arizona Department of Public Safety to the Jefferson County Sheriff's Office in Alabama and the Boston Police Patrolmen's Association. Thanks to the hacking count, Hammond faced up to 10 years in prison and up to $2.5 million in restitution.
After Hammond pleaded guilty, but before Judge Loretta Preska sentenced him in November, Hammond's supporters launched a letter-writing campaign in pursuit of leniency, arguing in part that Hammond had been entrapped by the former LulzSec leader Sabu, who'd become an FBI informant six months before Hammond hacked Stratfor, and who was being monitored around the clock by handlers at the bureau.
At the sentencing hearing, Hammond read a statement saying that Sabu had provided him with passwords and root access information for 2,000 different websites. "These intrusions, all of which were suggested by Sabu while cooperating with the FBI, affected thousands of domain names and consisted largely of foreign government websites, including those of Turkey, Iran..." Hammond said, before being cut off by the judge, who told him that the list of target names was to be redacted.
Preska sentenced Hammond to 10 years in prison, to be followed by three years of supervised release.
{{{{ source : http://www.darkreading.com))
No comments:
Post a Comment