Hackers stole and leaked Over 1 Million Apple IOS Device ID From FBI

Hackers have dumped online the unique identification codes for one million Apple iPhones and iPads allegedly lifted from an FBI agent's laptop. The leak, if genuine, proves Feds are walking around with data on at least 12 million iOS devices.

The 20-byte ID codes were, we're told, copied from a file extracted from the Dell notebook of a senior federal agent, who was tracking the activities of hacktivists in LulzSec, Anonymous and related groups. Supervisor Special Agent Christopher Stangl's machine was compromised via a AtomicReferenceArray vulnerability in Java in March, the black hats claim.

Once his computer was infiltrated by the hackers, a file was allegedly seized containing 12 million device records that included Unique Device Identifiers (UDIDs), usernames and push notification tokens as well as a smaller number of names, mobile phone numbers, addresses and zip codes. Members of the AntiSec crew leaked edited extracts of this data, having mostly stripped it of fanbois' personal information, on Monday.

The listed UDIDs, which include gadget serial numbers and other data so apps can distinguish between individual devices, appear to be genuine. However, by themselves they may pose only a minimal privacy risk once leaked online, so the effect of the dump is largely confined to embarrassing the Feds - and raising questions as to why agents have the information in the first place.

The most likely source of the data was either an iOS app developer or multiple developers, Mac Rumours speculates.

The Java exploit used in the attack is unrelated to the mega-bugs finally patched by Oracle last week.

It's a matter of record that Stangl was among the agents invited to an FBI-Scotland Yard conference call about the progress of investigations into members of Anonymous back in January. Members of LulzSec infamously eavesdropped on this call and leaked a recording after intercepting an email arranging the chat.

Email addresses exposed by this breach may have been used in a follow-up targeted attack that tricked investigators into visiting a booby-trapped website exploiting an at-the-time Java 0-day vulnerability. Rob Graham of Errata Security expands this plausible theory in this How the FBI might've been owned blog post.

The AntiSec activists behind this week's leak suggest the device info data was used as part of some FBI tracking project involving iOS devices, such as iPhones. Even they are a bit vague on what that might be. However the group goes into some detail in explaining how it apparently swiped the data:

During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of "NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts. no other file on the same folder makes mention about this list or its purpose.

The AntiSec group says it decide to published a portion of the leaked data in response to a keynote speech by the NSA's General Keith Alexander at the DefCon hacker convention in July. In part, Alexander sought to persuade hackers at the convention to consider a career at the NSA, a suggestion that predictably galled the black hats.

LulzSec Hackers betrayed by HideMyAss.com

It was last week, Cody Kretsinger, a 23 years old from Phoenix, Arizona that was allegedly involved in hacking Sony Pictures, got arrested and I was having a battle of the mind on how and what possible means that Feds used to track this guy down.

Well it now seems that what we should believe to be hiding our ass is now exposing our ass. HideMyAss.com allows you to surf anonymously online in complete privacy.

The indictment against Kretsinger says he used a proxy server to hide his identity while carrying out the attack. But it emerged that the site he allegedly used to disguise his identity cooperated with the Feds to track him down.

The details of how it all happened is not yet public, but Hidemyass blog said they had to cooperate with the police when a leaked IRC chat logs that was released, exposed the participants of using various VPN service which their's were among.

It first came to our attention when leaked IRC chat logs were released, in these logs participants discussed about various VPN services they use, and it became apparent that some members were using our service. No action was taken, after all there was no evidence to suggest wrongdoing and nothing to identify which accounts with us they were using. At a later date it came as no surprise to have received a court order asking for information relating to an account associated with some or all of the above cases. As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company we will cooperate with law enforcement if we receive a court order (equivalent of a subpoena in the US).

You can be sure that HideMyAss is not the only provider to be hit with subpoenas and essentially being forced to hand over user data. It’s likely the FBI and other officials are digging deep and requesting similar information from other VPN providers and online services such as Pastebin, Twitter, and other tools and web services commonly used by hackers.

Full indictment is below:

Cody Andrew Kretsinger Indictment

Alleged LulzSec, Anonymous hackers arrested

An Arizona man was arrested today for allegedly stealing data from Sony Pictures Entertainment earlier this year, and two others were indicted on charges of participating in a denial-of-service (DoS) attack that temporarily shut down Santa Cruz County servers late last year.


Cody Andrew Kretsinger, 23, of Phoenix was indicted September 2 by a federal grand jury on charges of conspiracy and unauthorized impairment of a protected computer, the FBI said in a statement. Kretsinger could not be reached for comment.

Separately, 47-year-old Christopher Doyon of Mountain View, Calif., was arrested and appeared before Magistrate Judge Howard Lloyd in U.S. District Court for the Northern District of California in San Jose, according to a U.S. Department of Justice statement released this afternoon. Lloyd ordered that a bail study be done and set a court appearance for September 29 at 1:30 p.m. PT.

Doyon, who allegedly uses the alias "Commander X," and Joshua John Covelli, 26, of Fairborn, Ohio, were indicted on charges of conspiracy to cause intentional damage to a protected computer, causing intentional damage to a protected computer, and aiding and abetting by participating in a distributed DoS attack on Santa Cruz County servers December 16, 2010, shutting down the Web site. A criminal summons was issued to Covelli, aka "Absolem" or "Toxic," to appear before Magistrate Paul Grewal in San Jose on November 1.

In the Sony case, Kretsinger is accused of using proxy services via the hidemyass.com site, designed to offer anonymous Internet access, to probe Sony Pictures Entertainment's computer systems in May, according to the indictment, which was unsealed in U.S. District Court in Los Angeles today.

He and other co-conspirators looked for vulnerabilities and exploited them by means of a SQL injection attack between May 27 and June 2, the indictment says. They then allegedly compromised the Sony system, making "tens of thousands of requests for confidential data," and released the information from Sony on a public Web site and on Twitter.

Kretsinger permanently erased the hard drive of the computer he used to conduct the attack, the indictment alleges. He is due to make an initial appearance in federal court in Phoenix today. The U.S. government will request that he be transferred to Los Angeles to face prosecution. He faces up to 15 years in prison if convicted.

He is alleged to have used the hacker handle "recursion" and is believed to be a member of the LulzSec hacker group.

The LulzSec group, believed to be a spinoff of the Anonymous group of online activists, had bragged about breaking into Sony Pictures' system, posting a statement on Pastebin on June 2 and proof of their attack. "We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts," the statement said. "Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons.'"

A week later, Sony said that actually personally identifiable information of 37,500 customers had been exposed in the breach. The breach was one of a series of attacks targeting Sony and its affiliate sites globally that started in May following a legal spat Sony had with a hacker who had modified his Sony PlayStation 3.

In the San Jose cases, the indictments allege that the attack on Santa Cruz County servers was orchestrated by the People's Liberation Front (PLF), which is associated with the Anonymous group. After the city enacted a law restricting camping in city limits, protesters occupied the courthouse premises and several were charged with misdemeanors, the Justice Department said. In retaliation, the PLF organized the DoS attack, the statement alleges.

Covelli is also separately under indictment in U.S. District Court for the Northern District for allegedly participating in a distributed DoS attack on PayPal in December 2010. His next court appearance in that case is set for November 1 at 9 a.m. PT before Judge Lowell D. Jensen in San Jose. Neither Doyon nor Covelli could immediately be reached for comment this afternoon.

The Justice Department and FBI said they could not comment on the San Jose cases beyond the indictments and statements, so it is unclear exactly where Doyon was arrested. Earlier today, Fox News reported that a hacker who is believed to be homeless was arrested in San Francisco on charges of participating in attacks allegedly carried out by activist group Anonymous on Santa Cruz County government Web sites, and that search warrants were being executed in New Jersey, Minnesota, and Montana. An FBI spokesman said that the agency does not typically comment on search warrants.

Anonymous, LulzSec Urges Paypal BoyCott, Condemns FBi Raids

Anonymous is seriously lashing out today at the FBI and especially at PayPal, urging users of the electronic payments site to empty their accounts.

We encourage anyone using PayPal to immediately close their accounts and consider an alternative. The first step to being truly free is not putting one's trust into a company that freezes accounts when it feels like, or when it is pressured by the U.S. government. PayPal's willingness to fold to legislation should be proof enough that they don't deserve the customers they get. They do not deserve your business, and they do not deserve your respect.

Join us in our latest operation against PayPal - tweet pictures of your account closure, tell us on IRC, spread the word. Anonymous has become a powerful channel of information, and unlike the governments of the world, we are here to fight for you. Always.

The group wants supporters to empty their accounts and avoid using the payment service in protest against the prosecution of a university student who allegedly participated in denial of service attacks against PayPal last year. Mercedes Haefer, a 20-year-old journalism student at the university of Nevada, is among around 14 people facing hacking charges punishable by a sentence of up to 15 years imprisonment and a fine of $500,000. It has been alleged that Haefer had used her home PC to attack PayPal's systems.

In response, Anonymous and LulzSec put out a statement calling for a boycott of PayPal, as the first phase of #OpPayPal.

In recent weeks, we've found ourselves outraged at the FBI's willingness to arrest and threaten those who are involved in ethical, modern cyber operations. Law enforcement continues to push its ridiculous rules upon us - Anonymous "suspects" may face a fine of up to 500,000 USD with the addition of 15 years' jailtime, all for taking part in a historical activist movement. Many of the already-apprehended Anons are being charged with taking part in DDoS attacks against corrupt and greedy organizations, such as PayPal.

What the FBI needs to learn is that there is a vast difference between adding one's voice to a chorus and digital sit-in with Low Orbit Ion Cannon, and controlling a large botnet of infected computers. And yet both of these are punishable with exactly the same fine and sentence.

In addition to this horrific law enforcement incompetence, PayPal continues to withhold funds from WikiLeaks, a beacon of truth in these dark times. By simply standing up for ourselves and uniting the people, PayPal still sees it fit to wash its hands of any blame, and instead encourages and assists law enforcement to hunt down participants in the AntiSec movement.

Quite simply, we, the people, are disgusted with these injustices. We will not sit down and let ourselves be trampled upon by any corporation or government. We are not scared of you, and that is something for you to be scared of. We are not the terrorists here: you are.

Anonymous is now claiming through its Twitter account that PayPal has lost more than 9,000 account in just a couple of hours. The group also claimed that PayPal had taken down its Web page where people can cancel their accounts, though the site seemed to be up and running normally.

WikiLeaks was quick to crow that Anonymous' campaign dealt a "$933M stock crash" this morning for PayPal parent eBay. Shares in eBay did drop about 3 percent at the market open, but have since recovered somewhat.

PayPal was not immediately available for comment, according to CNET's reporter.

Last December, PayPal released to WikiLeaks all existing funds in its account up to that time but cut off the ability of the whistleblowing site to receive future funds from supporters via its PayPal account.

By caving into the law enforcement establishment in freezing the WikiLeaks account, PayPal doesn't deserve the business or respect of its customers, says Anonymous.

In recent weeks Anonymous and LulzSec have rarely stayed with the same target for more than a day at a time, so it will be interesting to see how long #OpPayPal lasts or how it evolves. Security firm Panda has already spotted chatter suggesting a move towards illegal tactics is already being discussed, at least.

How LulzSec Exploited on the Security Mistakes of The Sun

Infamous pranktivist hackers LulzSec exploited basic security mistakes on a News International website to redirect users towards a fake story on the supposed death of media mogul Rupert Murdoch, it has emerged.

The bogus story claimed that Murdoch had died after ingesting a "large quantity of palladium" (a rare metal*) before stumbling into his "famous topiary garden" (an in-joke reference to Topiary, the most famous member of LulzSec).

Later the same trick was used to redirect visitors of The Sun's website to LulzSec's Twitter feed.

Both hacks relied on exploiting security weaknesses on a site called new-times.co.uk/sun, which had been set up by News International while it was building a paywall for The Times. Hackers used an exploit, identified by The Guardian as likely to be a "local file inclusion" program, to exploit vulnerabilities in order to gain administrative control of this site. The site, although retired, was still linked to NI's Content Management System.

Hackers then used compromised access to the CMS behind The Sun's site to add their own redirection script to the "breaking news" element of the site. The rogue JavaScript was programmed to redirect surfers to locations under the control of hackers once the page reloaded. First it was pointed towards the spoofed story at new-times.co.uk/sun and later towards LulzSec's Twitter feed.

The level of compromised access may have allowed LulzSec access to NI's email database, but this remains unclear.

LulzSec famously disbanded last month after 50 days of mayhem that saw it attack numerous targets including FBI-affiliated security consultancies, UK police agency SOCA, numerous games publishers and Sony. In an update to its Twitter feed the group said it couldn't resist returning for one last gig. "Thank you for the love tonight. I know we quit, but we couldn't sit by with our wine watching this walnut-faced Murdoch clowning around."

The websites of The Sun and The Times were pulled down on Monday following the hack. Both have been restored. The server behind new-times.co.uk has been taken offline, probably permanently.

Meanwhile, the very-much-alive Rupert Murdoch is due to face a grilling from Parliament later today, when he will be expected to answer questions on the News of the World voicemail hacking scandal.

Lulzsec Redirects Homepage Murdoch-Owned 'The Sun' To @LulzSec Twitter Account

Hackers breached the security of Rupert Murdoch's Sun website and briefly redirected many visitors to a hoax article falsely claiming the tabloid media tycoon had been found dead in his garden.

The hack caused many people visiting thesun.co.uk to instead reach www.new-times.co.uk/sun/, which contained a story headlined "Media moguls [sic] body discovered". The breach came as several other Murdoch-owned sites, including The Times,The Sunday Times, newsinternational.co.uk, and rupertmurdoch.co.uk suffered outages that made them inaccessible. The domain name system servers used to revolve many of those sites weren't responding to queries at time of writing.

"Murdoch, aged 80, has said [sic] to have ingested a large quantity of palladium before stumbling into his famous topiary garden late last night, passing out in the early hours of the morning,” the bogus article claimed.

Murdoch-Owned 'The Sun' hacked by Lulzsec

LulzSec Twitter-page bragging

The redirections didn't work consistently, making it possible for many Sun visitors to reach the real site as intended. At time of writing, many attempts to reach the site caused redirects to the Twitter account of LulzSec, the prankster hacker collective that has made sport of attacking sites belonging to Sony, the Central Intelligence Agency, and other high-profile targets. LulzSec took responsibility for the Sun hack as well.

“It's not an easy thing to do,” Jeremiah Grossman, CTO of security firm WhiteHat Security, said of the redirection of The Sun's site. “If you can do that, you would classify it as being hacked.” It wasn't clear if the attackers had targeted the site's content management system, upstream provider, or another component.

DNS servers ns1.newsint.co.uk and ns0.newsint.co.uk, upon which the Murdoch-owned sites rely, did not respond to pings at time of writing. Trace routes to the servers' underlying IP addresses also failed.

AntiSec Targets Apple Survey Server, Releases Post Passwords

Hackers have posted a document that allegedly has user names and passwords for an Apple server. The find, posted via the AntiSec hacking campaign, appears to be a warning that Apple “could be a target too.”

The bigger picture here is that Apple will become an increasing target for these hacker groups if the company provides the right trigger. Apple could represent the Holy Grail for malicious hackers given its stash of iTunes customer data. If Sony, AT&T and the CIA can bring hackers headlines just imagine what Apple could do.

According to the Wall Street Journal, AntiSec includes hackers from Anonymous and the now-decommissioned LulzSec. 9to5 Mac considers the document posted by AntiSec to be relatively benign.

That take looks to be roughly correct, but there’s a warning embedded here. Hackers apparently are too “busy elsewhere” to mess with Apple, but that doesn’t mean the company is bulletproof. One trigger—something that may annoy hackers—could set off a larger attack.

Apple hasn’t commented yet and probably won’t. Today Anti-Sec claims a technical support server. It’s not a big deal yet. The big question is whether Apple’s more valuable servers—iTunes and iCloud—will become targets.

Anonymous Taking Charge As Lulzsec Rolls Out

Hacking season is not over yet. Even though LulzSec, the group of hackers who made a name for themselves by hacking Sony, Nintendo, and PBS among others, called it quits on Saturday, another group wants to pick up the slack.

After announcing the end of its activities, Lulzsec encouraged its 281,870 Twitter followers to follow the account of Anonymous, another hacking organization,  which on Monday published new materials on counter-hacking tools and addresses of U.S. FBI locations. Anonymous also picked up more than 60,000 Twitter followers over the past 24 hours.

Acknowledging LulzSec's retirement, the group released a torrent file containing all the data it obtained over the past seven weeks, including data from prominent targets such as the CIA, U.S. Senate, Sony, and AOL.

Even though LulzSec has been active for only 50 days, the hacking group garnered a significant amount of media attention: "For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could," the group says in a goodbye note.

Anonymous is the hacking group that was alleged (but denied any involvement) to be behind the massive Sony PlayStation Service hack earlier this year.

The files Anonymous released Monday include documents and hacking and counter-hacking tools. The data weighs in at 625MB and its exact source is not mentioned, except a link to the CDI Sentinel program page, which provides free cybersecurity training using a mobile computer lab.

Lulzsec Hacking Group Just Announced that it's finished

The problem for groups shrouding themselves in anonymity is that they can never truly gauge the public or press response to their actions.

Just as it was with Wikileaks and Anonymous, and the impact that 4chan and its crucial elements of anonymity have had on memes and popular culture, these viral constructs are unpredictable, difficult to manage and ultimately, all but impossible to maintain.

What is clear, however, that the supposed six that are mentioned in their press release as being the ones behind the subversive group have called it a day.

In a statement via its official Twitter feed this evening:

“Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us.

The support we’ve gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don’t stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.”

After delving into the latest release, around three quarters of a million usernames and passwords across a number of different sites have been hacked, collected and now disseminated to thousands of other users. These login accounts include details of the Battlefield Heroes game, as well as for the website Hackforums.net.

More usernames and passwords relate to the NATO Bookshop, for which the URL of the page now simply redirects to the NATO homepage. It is unclear whether these accounts relate to NATO operations or internal network access.

A screenshot appears to show evidence that a Navy website was hacked into and text replaced with LulzSec slogans. The user appears to be using Ubuntu Linux. Whether this makes a difference or not is unclear at this stage.

Also in this vast cache of data appear to be internal AT&T files, relating to its 4G LTE roll-out, as well as details of just over 90,000 IBM personal phones.

It does not appear any customer data from AT&T has been compromised.

Looking further into the cache, there are IP addresses for organisations such as Disney, EMI and Universal.

No doubt, many may feel cheated in this release. Without the shock and awe of previous torrented caches of hacked data, this release also includes a vast list of IP addresses with simple credentials of “root” and “password”. It also includes AOL related data, which will mean little to so many.

There are, however, a few theories as to why they disbanded today.

Fifty days is a set milestone and they knew it from the start. Today is the birthday of George Orwell, who died in 1950, which may or may not be coincidental. However, considering the person running the Twitter feed, known as Topiary, is British and lives within the United Kingdom — based not only on the writing style and the references to time zones — it’s unlikely that this is the case. It’s now the 26th and the releases came at midnight.

Their identities have been compromised after a series of embarrassing confrontations between white hat versus black hat hackers. The spat has continued between the Jester and LulzSec after the Jester took down their website, along with other Pastebin posts which purport the names of key members of the hacktivist network. Plus, one alleged member of LulzSec, Ryan Cleary, is still in custody in England after his part in the hack on SOCA which means governments are hot on their tales.

They got bored and along with disorganisation, lacking expectations in media coverage, or a slow-down in Twitter followers as a way of gauging reaction that may have put them off their activities. It’s possible that this is the case, but something just seems amiss about their recent activities. The Arizona police department leaks alone were far more damaging — seemingly at least — than the final cache released this evening.

The motions have already been put in place and it is for us, the general population, to take the reigns of #AntiSec into our own hands and revolt against our governments. Considering so many of us voted in our respective governments, it’s unlikely that will happen.

What is interesting, however, is whether this will result in a domino effect in other parts of the world.

With revolutions fully in swing across North Africa and the Middle East, if LulzSec is trying to replicate the anti-government feeling across other parts of the world, this will most likely not succeed.

Unlike with Wikileaks, the diplomatic cables releases ‘legitimised’ the protests and ultimately the revolutions that occurred, by implicating nation states of wrongdoing by other, more democratic nations.

Whether the world can now breathe a sigh of relief, knowing that the group have disbanded — at least publicly, it seems — there is no doubt a group willing to perform very much the same functions, under a different name and a unique ideology.

Hackers exposes former British PM Tony Blair data

Hackers today released what looks like personal information on former British Prime Minister Tony Blair, including the contents of his electronic address book, with contact data for members of Parliament and for what could be Blair's dentist and his mechanic.

The group, Team Poison, claims to have accessed the Blair office's webmail server "via a private exploit" in December of last year. (Though the group said seperately that they've had the information "for 1 year now.") In the document, which was put up on Pastebin around 6:30 p.m. ET on Friday, the hackers claim that they "still have access to the webmail server, [sic] phone numbers may have changed but all the information is legit."

According to the Team Poison Twitter (manned by a hacker called "Trick"), the motive seems to be political — Blair is described as a "war criminal," and Trick seems to imply that those whose information is being released "supported the war in iraq." (How Team Poison knows that Blair's dentist, whose address and phone number appear in the file, was pro-war, is unclear.)

Meanwhile, hacker group LulzSec, which has claimed credit for hacks on Sony, the CIA, the U.S. Senate, and, last night, the Arizona Department of Public Safety, promised in a tweet today that it would be "releasing more goods on Monday!"

LulzSec and TeaMp0isoN have been in a public spat, claiming to have attacked each other's servers and threatening to expose rival members. On Wednesday, someone released information purportedly exposing the identity of a key member of LulzSec who goes by the nickname "Sabu."

TeaMp0isoN was described in a FoxNews.com article yesterday as a group of professional hackers linked to the Palestinian-friendly "Mujahideen Hacking Unit" that defaced Facebook in December. "We're here to show the world that (LulzSec are) nothing but a bunch of script kiddies," Hex0010, a 23-year-old member of TeaMp0isoN, told the Web site, using a derogatory phrase for inept hackers.

The attacks are just the latest in a recent wave of incidents that have left many Web sites defaced, much customer data exposed, and much corporate and government data leaked.

Earlier today, PBS.org, which was defaced in May by LulzSec, was targeted again by "Warv0x (AKA Kaihoe)," according to a Pastebin file. "This wasn't done for fame or fun, just proving LulzSec aren't as good as they think they are," the hacker said in a note on The Hacker News. "I haven't rooted the box or been up to crack the hashes, I'm just proving that most of their attacks are very lame and basic (i'm pretty sure and automated) SQL injections and further privilege escalation, which is just a matter of time."

A PBS.org spokeswoman confirmed to CNET in an e-mail that the site was hacked. "What we have seen is that one area of one Web site--the portraits area of the Web site Becoming American, was defaced," said Jan McNamara of PBS.org. "A very small number of PBS administrator usernames and encrypted passwords were exposed."

Also today, the Guardian released Internet Relay Chat logs that the newspaper said were leaked from a private LulzSec chat room. In the logs, Sabu warns others to be careful who they talk to about the group's activities. "You realize we smacked the FBI today," Sabu says in the logs. "This means everyone in here must remain extremely secure."

In those logs, there are a few brief references to "Ryan," but it's unclear what Ryan's role is or whether he's the same person as the 19-year-old Ryan Cleary who was arrested earlier this week in Essex, England, on computer charges. Cleary was charged Wednesday in connection with a series of distributed denial-of-service attacks, including one earlier this week on the Serious Organized Crime Agency in the U.K. that was organized by LulzSec and the Anonymous group as part of a campaign to target government and financial organizations.

LulzSec had said that Cleary operated one of the group's chat rooms on his IRC server but that he was not a key member of the group.

A hearing in the case was reportedly scheduled for Saturday morning.

A Leader of Lulzsec Speaks: Worrying is For Fools

He's part of a group that claims to be behind the recent hack attacks against the CIA, U.S. Senate, Sony, Fox, and PBS. If caught, he could face years in prison. But when we chatted with a member of the notorious hacking collective Lulz Security last night, he said he's not worried about a thing.

On Tuesday, headlines blared that the "mastermind" behind the hacking group Lulz Security (or LulzSec for short) had been arrested in England, a 19-year-old named Ryan Cleary. Many assume that with Cleary behind bars and cooperating with police, it's only a matter of time before the rest of the members of the world's most-wanted hacking group fall, too.

But in a Skype chat last night, a leading member of Lulz Security who goes by the alias "Topiary" says his group—whose core is composed of just a handful of hackers—feels no more threatened than when they burst onto the scene in May with hacks of Fox.com and PBS.

Since May, LulzSec has embarked on a stunning spree of public hacks. They hacked PBS in revenge for an unflattering Wikileaks documentary, attacked an FBI-affiliated non-profit, took down the websites of the CIA and British law enforcement, boasting of their exploits on their popular Twitter feed. They stole and leaked information from corporations like Sony in an effort, they say, to expose poor online security.

But LulzSec also leaked the usernames and passwords of 62,000 random people earlier this month. After the leak, LulzSec gleefully reveled in the havoc their fans were wreaking on Amazon and Facebook accounts using the stolen information. When we asked why LulzSec was attacking innocent internet users, Topiary claimed LulzSec had nothing to do with it.

"We didn't touch them. The Twitter horde did," he said, referring to LulzSec's more than 250,000 Twitter followers. Topiary probably felt no need to justify LulzSec's actions because to him, it's all for laughs.

"LulzSec is the expression of energy through comically malicious and entertaining cybermaterials," he said.

Of course authorities don't find LulzSec very amusing, and the FBI is actively hunting LulzSec. But even the arrest of Ryan Cleary in England hasn't put a damper on their fun, according to Topiary.

"What's changed? Ryan isn't part of LulzSec… No LulzSec arrests have been made. Our Twitter hasn't even been suspended," he said.

According to Topiary, media reports have vastly exaggerated Ryan Cleary's connection to LulzSec. "The mass media are clueless and have spun 'LulzSec leader' out of their own asses, when there are no facts to support that Ryan is related to LulzSec," he said.

Topiary points to the charges against Cleary, which include a number of hack attacks that occurred in late 2010, long before Lulz Security existed. However, Cleary is also charged with bringing down the website of the British Serious Organised Crime Agency (SOCA) on June 20th, the same day Lulz Security claimed to have taken it down. Lulz has said on its Twitter that, "maybe he hit SOCA after we did?" It was suspiciously down after we let it up."

Cleary's only connection to LulzSec, Topiary claims, was that he ran a chat server that hosted a public LulzSec "fan room" where supporters could gather. "We had identical fan chats on 2600, AnonOps, Efnet, Rizon, Unreal, etc…" Topiary says, listing off other chat networks.

Threats to LulzSec don't just come from authorities. Rival hackers with names like "Th3j35t3r," "Team P0ison" and "Web Ninjas" have been engaged in increasingly frenzied attempts to identify LulzSec members. LulzSec often responds viciously to people who claim to have identified them, which in turn makes LulzSec's antagonists certain they're right. We asked Topiary why, if these groups really aren't onto anything, LulzSec protests so much.

"They are lonely people that are programmed to feel that they need an enemy at all times," Topiary said. "If we're out of their lives, they don't have much going for them."

LulzSec better be as secure as Topiary thinks it is, because they are embarking on their biggest hack yet. Their latest operation, called "Antisec," is targeting  government agencies and banks with the specific goal of stealing secret documents and leaking them. The first leak will supposedly be released Friday, but Topiary declined to give us a preview.

"As an arrogant and violent sociopath driven to a frenzy by the sense of my own power, I can't divulge the upcoming releases," he said.

After all this bluster, Topiary was asked if he wasn't worried at all about being caught. His response: "Worrying is for fools!"

Source: Gawker

Lulzsec releases hundreds of documents belonging to Arizona Law Enforcement

The increasingly brash hacker group LulzSec released what it says is only the first of many “payloads” to the Internet today: A cache of documents taken from servers belonging to the Arizona Department of Public Safety.

The release, some 446 megabytes of documents that are considered sensitive, is intended, the group says, as a retaliation for a controversial Arizona state law that makes it legal for police officers to question anyone they suspect of being an illegal immigrant. The documents were released via the BitTorrent tracker site The Pirate Bay. More such releases are coming, LulzSec said.

From the LulzSec press release:

We are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 and the racial profiling anti-immigrant police state that is Arizona.

The documents classified as “law enforcement sensitive”, “not for public distribution”, and “for official use only” are primarily related to border patrol and counter-terrorism operations and describe the use of informants to infiltrate various gangs, cartels, motorcycle clubs, Nazi groups, and protest movements.

Every week we plan on releasing more classified documents and embarassing [sic] personal details of military and law enforcement in an effort not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities fighting an unjust “war on drugs”.

Hackers of the world are uniting and taking direct action against our common oppressors – the government, corporations, police, and militaries of the world. See you again real soon!

The release followed a day during which a rival group claimed to have attacked and defaced a Web site said to belong to a LulzSec member. The other group of hackers, calling itself TeaMp0isoN — or, in English, Team Poison — a group with a long history of defacing Web sites going back to mid-2009. Fox News managed to interview someone with that group, who called LulzSec a bunch of “script kiddies,” an epithet meant to convey the idea that for all the media attention it has attracted in recent weeks, LulzSec’s actual hacking skills aren’t terribly impressive.

The group defaced a Web site belonging to someone in the Netherlands they say is a member of LulzSec and are on a campaign to name LulzSec members and out them to police. As always, their claims are impossible to vet. But they do suggest that all the media noise that LulzSec is making is starting to grate on other members of the so-called hacker underground. Team Poison isn’t the first to express such sentiment. A group calling itself Web Ninjas has sought to expose the people it says are LulzSec members. And another possibly connected person or group tried to do the same thing before that, and even claimed an arrest that hadn’t occurred.

Doxing: LulzSec under attack from hackers, law enforcement

Hacking group Lulz Security has found itself coming under attack from all angles, drawing unwanted attention from both law enforcement and other hackers groups. Though the group's antics have won it many fans who appreciate LulzSec's anti-establishment leanings, they've also earned plenty of enemies, and those enemies have started to fight back. So far, they've posted LulzSec's "dox"—the names, pictures, and addresses of the people claimed to be the ringleaders of the group.

Since LulzSec first gained prominence, pro-US hacker th3j35t3r ("The Jester") has worked to uncover their identities and embarrass them. th3j35t3r, who has made a name for himself by knocking pro-jihad Web sites offline, has butted heads with Anonymous in the past, opposing the faceless collective's support for WikiLeaks. He worked to disrupt the activities of the AnonOps faction—taking servers offline and revealing names of the participants. Since many of AnonOps' key players moving on to form LulzSec, th3j35t3r's focus has shifted accordingly.

th3j35t3r is staunchly pro-establishment, regarding the LulzSec Distributed Denial of Service attacks on the CIA Website as terrorism, LulzSec members as bullies, and those who have suffered from LulzSec's antics as victims.

Another group claiming to side with LulzSec's victims and oppose LulzSec's campaign against security organizations are "Web Ninjas". Web Ninjas have posted chat logs and dox of a number of alleged LulzSec members.

LulzSec has also been taking heat from the anti-establishment side of the fence, represented by TeaMp0isoN_. TeaMp0isoN_ members don't care about the victims, don't deny their blackhat status, and don't like law enforcement or security companies. Instead, they're motivated by disdain for LulzSec's methods and public profile—they think that LulzSec are "scene fags." LulzSec's tools have been simple SQL injection and Local File Inclusion vulnerabilities, and botnet-powered Distributed Denial of Service attacks: in TeaMp0isoN_'s view, this is not enough to earn the label hacker.

Beyond publishing information about LulzSec team members, TeaMp0isoN_ defaced the Web site of LulzSec and AnonOps participant joepie91. joepie91's relationship with LulzSec and AnonOps has long been something of an oddity; he's open about his participation in the groups, but continues to argue that he does nothing more than talk, and takes no active role in these groups' illegal activities. Whether active or passive, TeaMp0isoN_ plainly regard him as fair game, and doxed him on Twitter.

Meanwhile, LulzSec has been doing some doxing of its own. In the immediate wake of the arrest of British teenager Ryan Cleary, LulzSec claimed he had nothing to do with their group, that position was later softened, with the acknowledgement that Cleary operated an IRC server that LulzSec uses. Claiming that "snitches get stitches", LulzSec then doxed a coupled of individuals whose leaks of private chat logs and other incriminating data apparently led to Cleary's arrest.

Law enforcement agencies aren't standing still, either. After his arrest on Monday night, British teenager Ryan Cleary has been charged by police with creating and operating a botnet and performing Distributed Denial of Service attacks against the Web sites of the Serious Organized Crime Agency (SOCA, the UK's closest counterpart to the FBI), the International Federation of the Phonographic Industry (IFPI), and the British Phonographic Industry (BPI). He faces a custody hearing tomorrow morning.

For the time being, LulzSec appears to be shrugging off the attacks, continuing to laugh, at least in public, at its accusers. The group promises that it will be publishing more stolen documents on Friday: the first fruit from its "Anti-Security" venture, in which it has sought to attack and embarrass computer security companies and law enforcement agencies.

LulzSec chronicle: Cleary charged with hacking offenses

The 19-year-old arrested on Tuesday by London police has been formally charged with launching denial of services attacks.

Ryan Cleary, who was the center of a flurry of reports connecting the dots between him and the LulzSec hacking group, was charged with a bevy of offenses. Cleary, was identified by the BBC, which appeared to use PasteBin to get the name. Cleary was arrested early Tuesday in what appeared to be a score for Scotland Yard and the FBI. It initially appeared that Cleary was a ringleader for LulzSec, which is structured to be a leaderless organization.

However, LulzSec said it was alive and well. According to @anonymouSabu, believed to be a leader of LulzSec, Cleary was ratted out, but he only hosted chats.

Among the key charges:

• Cleary allegedly conspired with others to construct a botnet used in an attack.
• Allegedly launched a DDOS (distributed denial of service) attack was launched June 20 against the Serious Organised Crime Agency to hamper operations.
• Attacked the International Federation of the Phonographic Industry (IFPI).
• Launched another DDOS attack on the British Phonographic Industry (BPI).
• Cleary allegedly was a botnet supplier.

The teen is expected to appear before the City of Westminster Magistrates Court on Thursday. The charges were the latest in an ongoing saga revolving around recent attacks.

LulzSec, Anonymous pose big challenges says Former DHS chief Chertoff

Former Department of Homeland Security chief Michael Chertoff said combating groups like LulzSec and Anonymous pose a unique problem for law enforcement because “the big challenge is attribution.” However, it’s possible that the U.S. government could find itself in a cyberwar with a network.

Chertoff, speaking in New York at a lunch hosted by Opera Solutions, an analytics company, gave a talk largely on cybersecurity. He noted that the U.S. needs to form a cyberattack doctrine that outlines all the nuances of attacks and various degrees of response.

The hardest part—given the high-profile attacks from leaderless groups—is finding the right actors involved. “Do we respond if we don’t know who had bad intent, but can locate the server that is a weapon against us? Do we take out the server in real life or cyberspace? There’s not going to be a clear line and we may take that server out in physical and cyber domains.”

The big question with dealing with hactivists is finding the line where an attack moves from a law enforcement issue to an act of war. Chertoff said that the government would be reluctant to respond to someone “defacing a Web site or stealing data even sensitive data.” But a loss of life could turn an attack into an act of war.

One hypothetical scenario posed by Chertoff was an attack on air traffic control that led to the loss of life. “We are at war with a terrorist network today so we can be at war with a network. When attacks moves from criminality to something that warrants a military response depends,” he said. “This is going to be very fluid.”

Chertoff’s talk was notable because it opened the door to a point where a cyberattack could lead to a response to take out a server. Welcome to the new world.

Other key items from Chertoff:

• Analytics will play a key role in security as the never-ending flow of data will be utilized by both the private sector and government in cooperation.
• He said it was unclear whether the “huge rash of stories about cyberattacks” meant an “increased appetite for these type of intrusions” or just more attention paid to cybersecurity.
• The government needs to create a doctrine on what would be an act of war in the event of an cyberattack. This doctrine would revolve around the following:

1. Determining what attacks are most important and have degrees of response.
2. Consider the vector of attack. Network attacks are the most common, but the supply chain may be more important, said Chertoff. “The big issue we have to be concerned about is the supply chain. The ability to check every chip is not practical. How ensure ourselves that we have hardware and software we can trust? We do need to manage the risk,” he said.
3. Dealing with all kinds of actors. What’s the response against a hactivist, a kid or government?

LulzSec Mastermind Suspect Arrested in Essex, England

The international hunt for hackers believed to have staged high-profile attacks on websites ranging from law enforcement bodies to Sony has led to the arrest of a teenager based in Essex, police say.

The hackers known as LulzSec claim to have been behind attacks on websites around the world, including the UK's Serious Organised Crime Agency (Soca), the US Senate and the CIA, as well as the games firms Nintendo and Sony.

British police said intelligence led them to arrest the 19-year-old at a home in Wickford, Essex, over the distributed denial of service (DDoS) attacks.

The teenager is Ryan Cleary, who lived at his family home. Investigators believe the arrest is significant and linked to the attacks based mainly at websites belonging to US institutions and organisations.

The operation involved two British forces as well as the US Federal Bureau of Investigation (FBI).

The police said they believed the attacks were linked and were carried out by the same group of hackers.

The teenager was being questioned at a London police station while specialist officers examined computer equipment seized from the address he was arrested at.

The Metropolitan police said: "Officers from the Metropolitan police central e-crime unit (PCeU) have arrested a 19-year-old man in a pre-planned intelligence-led operation.

"The arrest follows an investigation into network intrusions and DDoS attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group.

"The teenager was arrested on suspicion of Computer Misuse Act and Fraud Act offences and was taken to a central London police station, where he currently remains in custody for questioning.

"Searches at a residential address in Wickford, Essex, following the arrest last night have led to the examination of a significant amount of material. These forensic examinations remain ongoing.

"The PCeU was assisted by officers from Essex police and has been working in co-operation with the FBI."

On Monday, Soca, the UK national law enforcement unit dubbed the "British FBI", was forced to take its website offline after an apparent attack.

The website was still down early on Tuesday but was back in service later in the morning.

In a message posted on Twitter on Monday, LulzSec said: "Tango down – soca.gov.uk – in the name of #AntiSec." The group later added: "DDoS is of course our least powerful and most abundant ammunition. Government hacking is taking place right now behind the scenes. #AntiSec."

The next day, LulzSec warned again on Twitter of its plans to step up the attacks by hacking into government websites and stealing confidential documents. "Our next step is to categorise and format leaked items we acquire and release them in #AntiSec 'payloads' on our website and The Pirate Bay," the group said.

Separately, the Office for National Statistics said on Tuesday it was investigating claims that the UK census data had been unlawfully accessed, following a message purporting to be from LulzSec.

It said: "We are aware of the suggestion that census data has been accessed. We are working with our security advisers and contractors to establish whether there is any substance to this.

"The 2011 census places the highest priority on maintaining the security of personal data. At this stage we have no evidence to suggest that any such compromise has occurred."

A post to the @LulzSec Twitter account later said: "Not sure we claimed to hack the UK census or where that rumour started."

LulzSec - 1000th tweet statement

Dear Internets,

This is Lulz Security, better known as those evil bastards from twitter. We just hit 1000 tweets, and as such we thought it best to have a little chit-chat with our friends (and foes).

For the past month and a bit, we've been causing mayhem and chaos throughout the Internet, attacking several targets including PBS, Sony, Fox, porn websites, FBI, CIA, the U.S. government, Sony some more, online gaming servers (by request of callers, not by our own choice), Sony again, and of course our good friend Sony.

While we've gained many, many supporters, we do have a mass of enemies, albeit mainly gamers. The main anti-LulzSec argument suggests that we're going to bring down more Internet laws by continuing our public shenanigans, and that our actions are causing clowns with pens to write new rules for you. But what if we just hadn't released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony... watching... abusing...

Do you think every hacker announces everything they've hacked? We certainly haven't, and we're damn sure others are playing the silent game. Do you feel safe with your Facebook accounts, your Google Mail accounts, your Skype accounts? What makes you think a hacker isn't silently sitting inside all of these right now, sniping out individual people, or perhaps selling them off? You are a peon to these people. A toy. A string of characters with a value.

This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn't released something publicly. We're sitting on 200,000 Brink users right now that we never gave out. It might make you feel safe knowing we told you, so that Brink users may change their passwords. What if we hadn't told you? No one would be aware of this theft, and we'd have a fresh 200,000 peons to abuse, completely unaware of a breach.

Yes, yes, there's always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011. This is the lulz lizard era, where we do things just because we find it entertaining. Watching someone's Facebook picture turn into a penis and seeing their sister's shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos to because he can't secure his Amazon password is priceless. You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it.

Most of you reading this love the idea of wrecking someone else's online experience anonymously. It's appealing and unique, there are no two account hijackings that are the same, no two suddenly enraged girlfriends with the same expression when you admit to killing prostitutes from her boyfriend's recently stolen MSN account, and there's certainly no limit to the lulz lizardry that we all partake in on some level.

And that's all there is to it, that's what appeals to our Internet generation. We're attracted to fast-changing scenarios, we can't stand repetitiveness, and we want our shot of entertainment or we just go and browse something else, like an unimpressed zombie. Nyan-nyan-nyan-nyan-nyan-nyan-nyan-nyan, anyway...

Nobody is truly causing the Internet to slip one way or the other, it's an inevitable outcome for us humans. We find, we nom nom nom, we move onto something else that's yummier. We've been entertaining you 1000 times with 140 characters or less, and we'll continue creating things that are exciting and new until we're brought to justice, which we might well be. But you know, we just don't give a living fuck at this point - you'll forget about us in 3 months' time when there's a new scandal to gawk at, or a new shiny thing to click on via your 2D light-filled rectangle. People who can make things work better within this rectangle have power over others; the whitehats who charge $10,000 for something we could teach you how to do over the course of a weekend, providing you aren't mentally disabled.

This is the Internet, where we screw each other over for a jolt of satisfaction. There are peons and lulz lizards; trolls and victims. There's losers that post shit they think matters, and other losers telling them their shit does not matter. In this situation, we are both of these parties, because we're fully aware that every single person that reached this final sentence just wasted a few moments of their time.

Thank you, bitches.
Lulz Security

LulzSec opens hack request line

The hacker group Lulz Security has opened a telephone request line so its fans can suggest potential targets.

It claims to have launched denial of service attacks on several websites as a result, although it did not detail which ones.

The unspecified hacks formed part of a wave of security breaches that the group called Titanic Takeover Tuesday.

LulzSec has risen to prominence in recent months by attacking Sony, Nintendo and several US broadcasters.

The group publicised the telephone hotline on its Twitter feed.

Callers to the US number are met with a recorded message, in a heavy French accent, by an individual calling themself Pierre Dubois.

While the 614 area code appears to relate to the state of Ohio, it is unlikely that this is its real location.

Lulz Security said it had used distributed denial of service attacks (DDoS) against eight sites suggested by callers.

It also claimed to have hit the websites of gaming magazine The Escapist, and multiplayer games EVE Online and League of Legends.

DDoS attacks typically involve crashing a website by inundating it with requests from computers under the attacker's control.

It is unclear, in this instance, if LulzSec went beyond overloading the sites and sought to gain access to information stored on their servers.

Protest groups

Little is known about Lulz Security, other than their apparent "hacktivist' motivation.

The organisations and companies that it targets are often portrayed as having acted against the interests of citizens or consumers.

Its high profile attack on SonyPictures.com exposed, Lulz claimed, the company's ongoing inability to secure users' personal data.

Along with Anonymous, LulzSec has raised the profile of hacker groups as a potential threat to online services.

Hacktivists see their role as staging valid protests in the most high profile way possible, according to Peter Wood, founder of security consultancy First Base.

"The things they are exploiting at the moment are the sort of mistakes that organisations seem to have been making ever since they connected to the internet.

"Finally there are some players out there who are using them as a means to protest. Whether everyone agrees with them is a different question."

US Senate has been hacked by Lulz Security

The hacking group LulzSec have added Senate.gov to the growing list of organizations whose websites they’ve breached just for the heck of it, including Sony, Fox.com, FBI affiliate Infragard and a porn site. Last night the group released a long list of internal configuration data from the U.S. Senate’s official website, Senate.gov — while none of it appeared to be sensitive, the group appeared to want to show that it could breach the Senate’s computer network.

In a statement LulzSec said: “This is a small, just-for-kicks release of some internal data from Senate.gov – is this an act of war, gentlemen? Problem?” The group’s question refers to recent reports that the U.S. military would respond to cyber attacks against the United States with military force.

The Senate’s deputy sergeant at arms Martina Bradford confirmed to Reuters that LulzSec had broken into a public portion of the Senate site but did not get through a firewall into a more sensitive portion of the network. The hackers also did not compromise any individual senator’s information. “We were responding to their allegations,” Bradford told Reuters. “Basically what we’re saying that the server they got into is for public access and is in the public side.”

“We don’t like the US government very much,” the hacker group which also calls itself The Lulz Boat said. “Their boats are weak, their lulz are low, and their sites aren’t very secure. In an attempt to help them fix their issues, we’ve decided to donate additional lulz in the form of owning them some more!”

The Senate wasn’t LulzSec’s only target–the group also announced a more serious attack against Bethesda Softworks, the Maryland-based game maker behind Brink, yesterday. The group said in a separate statement that it had mapped the company’s internal network and “grabbed all their source code and database passwords, which we proceeded to shift silently back to our storage deck,”Lulzsec said.

The group added they had obtained usernames and passwords for 200,000 gamers but would not publish them. “We actually like this company and would like for them to speed up the production of Skyrim, so we’ll give them one less thing to worry about. You’re welcome!”

Lulz Security Gives Sony a Break Today and Takes Down Terrorist Website

The execs at Sony HQ can wipe the sweat off the brow for the next 30 minutes, because the hacker crew of the SS Lulz is claiming responsibility for AlJahad.com's (temporary) demise. The Islamist extremism site is sunk.

The site was nuked by rival (?) hacker The Jester in March, prompting Lulz Sec to boast of their coup: "ujelly?"

The Jester is likely somewhat jelly. Enjoy your lulz, boys! Nice of you to scrape away something other than vulnerable Sony customer accounts. [via LulzSec]

Subscribe to get the latest news about Anonymous hacking group directly into your inbox.