Uncategorized Archive

As of June 1st, Ghost Squad Hackers – the same group leading #OpIcarus – have launched a series of coordinated attacks against leading members of the corporate mainstream media. Giving credit where credit is due, Tec.mic and Softpedia were the first to report the operation. But their reports only tell a portion of the whole story, we will explain why in a moment.


Broadly speaking, the goal of the #OpSilence is to attack all the corrupt major news networks that mislead and censor information from the general public. More specifically, the news agencies who conceal the crimes of Israel, while misleading the population about the mistreatment of the Palestinian people. The operation is off to a quick start, Ghost Squad has successfully” carried out DDoS attacks on CNN and FOX News” already just this month. More attacks are promised, NBC and MSM appears to be their next target.


https://t.co/T7LxqJjzQN “FOXNEWS” Email server has been crashed for 8+ hours by #GhostSquadHackers #OpSIlencepic.twitter.com/uS5zWm75SQ

— s1ege (@s1ege_) June 1, 2016



When Tech.mic and Softpedia presented their coverage of the hacks, they included images and references directly to Anonymous. But upon reading these articles, Ghost Squad had a message of their own that they want everyone to hear:



— s1ege (@s1ege_) June 1, 2016



It is no secret Ghost Squad has a close affiliation with Anonymous; I am sure this is how the group got started in the first place. The group insists they speak for themselves, they are essentially trying to get their own reputation – credibility.


But there is a second layer to this discussion highlighting the recent divide within Anonymous. There has been a “Civil War” of sorts in recent months, and the reputation of the Anonymous collective as a whole has been damaged. Last winter, prominent hacktivist group Ghostsec also cut their ties with Anonymous. In a statement they said “Anonymous has a habit of shooting in every direction and asking questions later.” In other interviews they imply that Anonymous has developed a reputation for behaving immature – more concerned with silly DDoS’ing attacks than changing the world.


Since the quarreling of #OpWhiteRose many people have splintered off, or left Anonymous entirely – just another in the long list of strange effects Donald Trump has had on the entire world. Ghost Squad is one of the groups effected by this ‘Civil War.’ In the time since this happened last March, the group has exploded onto the scene, quickly becoming one of the most influential and talked about hacking groups in the entire world in 2016.


I have no doubt about the origins of this operation though, this goes back to#OpMediaControl which began last June. The operation called for the hacking of every major news network in the United States, testing their email systems, DDoS’ing web sites, attempting to hack in teleprompters or live feeds – anything you could think of. Last I heard back in December, they were still trying to recruit people to join them for an event this summer. Sound familiar to what Ghost Squad is doing right now?


For the purposes of accuracy, AnonHQ News reached out to our contacts in #OpMediaControl. We gave them a preview of the article and asked them what they thought. They showed us a press release dating May 28, 2016, a video proclaiming that#OpMediaControl has been re-engaged. Of course, #OpSilence proceeded to begin June 1st. In another interesting note, earlier last month Anonymous Resistance Movement, one of the groups behind #OpMediaControl, conducted an interview with GhostSquad. So as you can see, the two groups are well acquainted with one another – these operations are no coincidence.

Ghost Squad may be stepping up from the pack here, but make no mistake, this operation has been in the making for over a year and Anonymous led the way.


Source:  http://macedoniaonline.eu/content/view/29562/61/

MOSCOW, 26 May (BelTA) – The special services of the CIS member states have carried out the first stage of the CIS counter-terrorism exercise Cyber Anti-terror 2016, the press service of the CIS Anti-Terrorism Center told BelTA. According to the source, security agencies and special services of the CIS member states carried out a number of search and respond actions coordinated by the CIS Anti-Terrorism Center to detect and suppress acts of cyber-terrorism as part of the first stage of the CIS counter-terrorism exercise Cyber Anti-terror 2016 on 23-25 May. In particular, with assistance of the CIS Anti-Terrorism Center experts from Armenia, Belarus, Kazakhstan, Kyrgyzstan, and Russia practiced the detection and filtering of DDoS attacks staged by imaginary terrorists against a critical piece of infrastructure (a power engineering industry installation) located in Belarus. The experts determined IP subnets of the accomplices of the imaginary terrorists and their geographical locations. The experts then used minimal data provided by the collective-access information systems of the CIS states, including the specialized database of the CIS Anti-Terrorism Center and fingerprint databases, to determine the identity of the cyber-terrorists, document their illegal activities, and prevent their attempt to disrupt control over the critical installation. The efforts resulted in the simultaneous arrest of the imaginary cyber-terrorists in Armenia, Belarus, Kazakhstan, Kyrgyzstan, and the Russian Federation. The equipment they used to commit crimes was seized. Results of the first stage of the CIS counter-terrorism exercise Cyber Anti-terror 2016 will be summed up when top officers of the counter-terrorism units of the security agencies and special services of the CIS member states convene in Minsk on 31 May – 2 June. A counter-terrorism operation will be staged then to free hostages and neutralize terrorists at a strategically important installation (the Lukoml state district power plant). The press service of the CIS Anti-Terrorism Center told BelTA that joint counter-terrorism exercises are an important component in practical interaction between the member states of the Commonwealth of Independent States. The main purpose of the exercises is to improve the readiness of security agencies, special services, and other power-wielding agencies of the CIS member states to work together to counteract terrorist threats and challenges. Practical experience is accumulated and the best practices are shared during such exercises.

Source: http://eng.belta.by/society/view/first-stage-of-cis-counterterrorism-exercise-cyber-antiterror-2016-over-91638-2016/

The hackers’ collective, Anonymous, seems to be slowly changing how they do things, to the extent that one division is now hacking for trading financial reports in order to expose firms in the US and China that are trying to cheat on the stock market. This particular group of hackers goes by the name Anonymous Analytics.

According to Softpedia, the division was formed in 2011 by ex-Anonymous hackers who got tired of launching Distributed Denial of Service (DDoS) attacks and hacking into companies to make a point.

In order to find the hidden information about companies that might be inflating their values, Anonymous Analytics spend their time analysing the stock market and searching the internet for clues.  This is often done using techniques that might not be legal or ethical.  And once they have the information, this group of hackers will publish financial reports exposing companies. This has caused at least one company’s stock price to fall. So far, Anonymous Analytics has compiled publicly available financial reports on 11 firms, most of which are from China and the US.

Anonymous Analytics efforts in releasing the truth has damaged buyers’ confidence in the stocks belonging to a Chinese lottery machine service provider and games developer called REXLot Holdings.  This company along with others had inflated its revenue and the amount of cash it had from interest earned on its balance sheet before being caught by the Anonymous Analytics.


Bringing down stock market cheats

On 24 June 2015, Anonymous Analytics published a report on REXLot’s activities, which caused the stock price to plummet from $HK0.485 (4p, 6¢) down to $HK0.12, before the firm completely suspended its shares from trading. Bloomberg reported on the incident at the time but RexLot refused to respond despite repeated attempts.

When REXLot decided to return to the stock market on 18 April and they submitted a 53-page report about their financial status. Anonymous Analytics read the report and decided to publish a countering report. The second report was even worse and advised investors to urgently sell their stock, causing the company’s stock price to fall again by 50%.

A week after the report which exposed REXLot was released, the company had to admit in a report to the Hong Kong stock exchange that it could not honour all the bond redemptions requested by holders; which amounted to HK$1.85bn, due to the fact that it just didn’t have sufficient cash resources.

In fact, REXLot said it was trying to gain the bondholders’ consent to let it have more time to dispose of some assets in order to generate the cash needed to make the payments.

While it is a rather unusual approach for the hacking collective, Anonymous Analytics’ efforts seem to having a much greater impact than its attempts to troll Islamic State with Rick Astley music videos or DDoS-ing random companies in different countries to make a point.

Source:  http://www.ibtimes.co.uk/anonymous-vigilantes-expose-cheating-firms-who-inflate-their-value-stock-market-1562458

A member of the Anonymous hacker collective has uploaded a video online requesting the impeachment and immediate resignation of Florida Governor Rick Scott.

In videos posted first on Facebook and then on YouTube, the group launches accusations of corruption and complacency when it comes to the state’s dangerous situation regarding its polluted waters slowly dripping into the Atlantic.

The group specifically outlines the case of Lake Okeechobee, whose waters have slowly trickled into the Gulf of Mexico.

“This water could have easily been sent south to the Everglades, but is his greed for big sugar and the land deals to line his pockets,” the hacker group explains in its video.

Further, the group also brings accusations of Governor Scott protecting the state’s corrupt politicians and manipulating the judicial system with the help Pam Bondi, Florida’s Attorney General.

The Anonymous video also reminds everyone that Governor Scott was previously declared guilty of Medicaid fraud.

Anonymous’ ongoing war with the political class

This is neither the first nor the last time when Anonymous goes after political figures, in the US or other countries. Previously, the group issued similar threats against Donald Trump, Ted Cruz, and Denver Mayor Michael Hancock.

Unlike the case of Mayor Hancock, this time, the hacker group hasn’t provided any shred of evidence for their accusations. In most of these cases, the group only launched small DDoS attacks against public institutions or the target’s personal websites.

Long gone are the days when Anonymous would leak sensitive documents to support their claims.

In 2014, Anonymous had another run-in with the state of Florida, when the group targeted the city of Four Lauderdale because of its treatment of the homeless. In 2011, Anonymous also brought down government sites in Orlando, after the city started arresting people giving food to groups of homeless people larger than 25.


Source:  http://news.softpedia.com/news/anonymous-goes-after-florida-gov-rick-scott-for-polluting-the-gulf-of-mexico-504445.shtml

A new botnet has been discovered that takes login credentials from a less-secure site and tests them on banking and financial transactions sites, leaving users who reuse the same password across sites vulnerable to attack.

Internet security firm ThreatMetrix described the botnet in its Cybercrime Report covering the first quarter of 2016. In it, its said that botnet attacks have evolved from large-scale distributed denial of service (DDoS) attacks to low-and-slow attacks which are more difficult to detect. Rather than taking down a site or server, the new botnets mimic trusted customer behavior and logins to access accounts.

The new bots get customer login information from a lower-security site: one with ‘modest sign-up requirements’ for the creation of username/password combinations. The botnets take a list of user credentials from the dark web and run ‘massive credentialing sessions’ on lower-security sites. Often sites that provide content, like Netflix or Spotify, will be targeted for the first phase of attack as they have millions of customers and lower security requirements than most financial institutions and e-commerce sites. “These attacks result in huge spikes over a couple of days with sustained transaction levels of over 200 transactions / second as they slice down the list.” Every time they get a hit with a username/password combination it goes on a list, which is then used to launch a low-and-slow attack on financial and e-commerce institutions. These attacks are difficult to detect and comprised 264 million attacks on e-commerce websites in the first quarter of 2016 alone. They noted an overall 35% growth in bot attacks from the last quarter of 2015 to the first of 2016, a number which is expected to continue to grow.

“With recent data breaches, and the tendency for users to share passwords across websites, cybercriminals find it more lucrative to use a trusted credit card from a valid customer account than it is to attempt to re-use a stolen card that has a limited shelf life. This quarter saw the highest level of attacks on e-commerce with more than 60 million rejected transactions, representing a 90% increase over the previous year.”

Using known combinations targets those who reuse passwords on low and high security websites. While users have been warned against this practice for years, some reports still show that it is common practice. A 2013 report by UK communications watchdog OfCom showed that 55% of adults reuse the same passwords across sites. A similar 2015 study by TeleSign showed 73% of web accounts were protected by duplicated passwords.

Source:  https://thestack.com/security/2016/05/24/new-botnet-targets-password-recycling/