School of Hacktivism

A like Anonymous

There are really few doubts, this is the most (in)famous hacking collective. There is no new day without a new resounding action. They are Anonymous. They are Legion. They do not forgive. They do not forget. Expect Them.

B like Barrett Brown

Considered one of the early members, Barrett Brown is the alleged spokesperson of Anonymous.

C like Chanology (AKA Project Chanology, AKA Operation Chanology)

A protest movement against the practices of the Church of Scientology by Anonymous. The project (or Operation) was started in response to the Church of Scientology’s attempts to remove material from a highly publicized interview with Scientologist Tom Cruise from the Internet in January 2008 and was followed by DDoS attacks and other actions such as black faxes and prunk calls.

D like DDoS

Distributed Denial of Service (abbreviated DDoS) is the preferred weapon by Hackitivsts, since it does not need particular hacking skills and may also be centrally controlled (with a hive mind who define the target). The preferred tool for perpetrating DDoS attacks is LOIC, although next-gen tools are under development.

E like Encyclopædia Dramatica

A satirical open wiki, launched on December 10, 2004 and defunct on April 14 2011. It is considered one of the sources of inspiration for The Anonymous.[1]

F like Fawkes Guy AKA Fawkes Guido

Guy Fawkes (13 April 1570 – 31 January 1606), also known as Guido Fawkes, belonged to a group of provincial English Catholics who planned the failed Gunpowder Plot, a failed assassination attempt against King James I of England. His stylised mask designed by illustrator David Lloyd and used as a major plot element in the “V for Vendetta“ Comic Book, is the symbol for the Anonymous. The failure of the Gunpowder plot has been commemorated in England since 5 November 1605.

(more…)

Continue Reading School of Hacktivism

Social Espionage

  • Post author:
  • Post last modified:May 1, 2011
  • Post category:Security
  • Post comments:10 Comments
  • Reading time:8 mins read

Updated on 5/6/2011: Primoris Era is Back!

Few days ago the Twitter Community was shaken by the affair of @PrimorisEra AKA “The tweeter who loved me”, a Twitter user with more than 23.000 tweets and 1300 followers, depicting herself as a young, attractive woman with a keen interest in missile technology and national security strategy. Her sudden departure has subsequently created many questions and concerns about the security of information on the Internet and Social Network. As a matter of fact, more than a few Twitter users who work in national security panicked upon hearing the accusation lodged against @PrimorisEra, since it looks like she (or he) allegedly requested sensitive information using Twitter’s Direct Messaging, or DM, service, persuading several young men on Twitter (and Facebook as well) to divulge sensitive information for more than two years.

Albeit this interesting article explains the (alleged) real story behind, and in a certain manner belittles the spy story, social pitfalls (socialeaks) remain more relevant than ever.

This does not sound surprising to me: as soon as my colleague David told me the story (of course by mean of a tweet), the notorious affair of Robin Sage came immediately to my mind: a fake Facebook (and LinkedIn) Profile of a Cyber Threat Analyst, who  was capable to gain access to email addresses, bank accounts and location of secret military units from her 300 contacts, persuading them to be a 25-year-old “cyber threat analyst” at the Naval Network Warfare Command in Norfolk, Virginia, graduated from MIT, with 10 years of work experience, despite her young age (she was also given private documents for review and was offered to speak at several conferences).

Lesson learned? Not at all, (nearly) every security professional should know very well, at least in theory, the story of Robin Sage and the consequent risks connected with a fickle Social behavior, most of all in those blurred cases when professional and personal information overlaps. Never ignore the first rule: young attractive girls have nothing to do with geeks, even if they often have persuading arguments, sometimes so persuading to tear down the personal natural defenses (the first form of “physical” security), especially in those cases (as in the example of Robin Sage) when other trusted peers have already fallen in the (honey)trap, and consequently appear between the contacts of the fake profile.

Even if @PrimorisEra or @LadyCaesar (another pseudonym of her Digital Identity) is not a spy in the pay of any foreign country, the possibility to use the Social Network for espionage, SecOps, or PsyOps is far from being remote. Indeed is a consolidated practice and may already rely on an (in)famous example: the one of Anna Chapman, the 28 years old Russian Spy, living in new york, arrested on 27 June 2010, together with other 9 people, on suspicion of working for Illegals Program spy under the Russian Federation’s external intelligence agency. One of the noticeable aspects of the whole story was just her Facebook profile full of hot pictures (and equally hot comments) used to attract friends, and probably as one of the ways to grab information (curiously it looks like she did not show how many friends she had, as to say, unlike everyone else, that spies apparently know how to deal with Facebook privacy settings.

(more…)

Continue Reading Social Espionage