This week’s computer security review reads like a laundrey list of old topics and older actors — LulzSec, Anonymous, the Symantec source leak, and Duqu were all (seemingly) old news a few weeks or even months ago. New details keep surfacing about these topics that keep them in the limelight and in the fore-front of our thoughts.
25 members of the LulzSec hacking collective were arrested on various hacking and computer security-related charges. At least one member is already out on bail. The fresh round of arrests is the result of a hacker-turned-informant for the FBI who goes by the handle “Sabu”. Sabu was the onetime leader of LulzSec at the height of its operations and since early June has been working as an informant. His information-gathering lead to the arrest of the other LulzSec members earlier in the week.
Sabu (real name Hector Xavier Monsegur, father of two children and unemployed) was pursuaded to inform after warrants for his Facebook profile revealed he was selling stolen identities. The feds used this information as leverage, threatening to jail him and take him away from his children. Monsegur was reportedly found due to a simple mistake — he logged into an IRC server without utilizing anonymization services (such as tor) and the FBI was able to capture his IP address.
In response to the arrests, Anonymous has been relatively more active than normal, staying in the news for everything from hacking the Vatican, running Denial of Service attacks per the norm, and releasing the Symantec Norton Antivirus 2006 source code. Expect increased activity from Anonymous as the group continues to display that it is a capable threat even with the loss of the LulzSec members.
Anonymous Disable Vatican Website:
Anonymous targeted the high-profile Vatican website with a DDOS attack which managed to shut down internal email services hosted on the website for some time. The Vatican is remaining mum on any other damages which may have occurred during the denial of service attack, but it doesn’t appear as if any actual breach occurred. Anonymous elements claimed the attack was in retaliation for the crimes that the church has committed – both over the centuries and more recently with it’s child abuse scandals.
Read more: http://www.washingtonpost.com/national/on-faith/vatican-website-hacked-for-churchs-crimes/2012/03/07/gIQA255SxR_story.html
Anonymous Leaks Symantec Source Code to PirateBay:
Members of the Anonymous group released the source code to Symantec’s Norton Antivirus 2006 product this week. It is currently accessible via a torrent on ThePirateBay.se. Symantec has known about the code theft for some time, having been the victim of a network breach in 2006 during which the source code was first stolen. During this breach, the source code to pcAnywhere was also taken. While at first Symantec was not forthcoming with complete or truthful details concerning the breach, it has since admitted to the breach.
Symantec has advised that as the source is so out-of-date, none of its products are affected by the release, and that the information will likely not be of much use to hackers looking to use it to bypass the antivirus software.
Google Chrome Breached in Pwn2Own and Pwnium Event at CanSecWest Conference:
Pwn2Own and Pwnium are events at the CanSecWest computer security contest that allow hackers to win prizes and infamy by using their 0day attacks to exploit fully-patched popular browsers in windows and demonstrate the (in)security of modern browsers. Pwnium is a recent event set up by Google to replace it’s browsers appearance at the pwn2own contest, canceled over disagreements with Google and the Pwn2Own organizers over the disclosure of exploits. At both events, bugs led security researchers to breach the previously untouched browser, netting researchers a hefty sum in the case of the Pwnium breach — One hacker walked away with a cool $60,000 dollars from Google for his security breach and sandbox escape exploit, which also bypassed DEP and ASLR security measures in Windows to work. A security flaw exploited by Vupen first took advantage in the flash browser plugin and then managed to escape with a sandbox exploit, making it the second exploit hitting Chrome. Patches have already been issued by Google.
Duqu Holds More Mysteries:
Researchers working on Duqu have identified a mysterious programming language that was not compiled or written the same way as the rest of the virus. They are calling on other programmers and security researchers to help identify the programming language in which it was written in order to determine weather or not it was written in a specially-developed language. For now, researchers are referring to the section of the code (specifically the command-and-control communications section) as the “Duqu Framework”.