Anonymous Hack One Gigabyte of Data From NATO 304
GeekTech.in writes "The AnonymousIRC hacking organization have claimed this afternoon that they have hacked into NATO servers. As one of their tweets says: ' Yes, #NATO was breached. And we have lots of restricted material. With some simple injection. In the next days, wait for interesting data :) '"
Again ? (Score:4, Funny)
Re:Again ? (Score:4, Insightful)
This is happening so often that better make a hack.slashdot.org and just add the site that was hacked and when... this is getting old...
Agreed, but what I haven't seen is follow up stories about these breaches. I though Anonymous or LulzSec were due to release loads of News of the World/News International e-mails they'd obtained? Did I miss a story or are they still holding onto it?
Re:Again ? (Score:5, Informative)
Re:Again ? (Score:4)
Re: (Score:2, Insightful)
Or they didn't find anything terribly incriminating and didn't want to pull a Geraldo. Besides, in hacking their email, it's already compromised as evidence, anyway.
Re:Again ? (Score:5, Informative)
Re:Again ? (Score:5, Interesting)
Say what you want about wikileaks but they understood media/marketing. Releasing so much stuff so frequently makes it difficult for the media to absorb and create a media frenzy, which is the only way the plebes ever even hear about stuff like this.
That used to be true. Its not longer true. The largest media outlets created data warehousing applications which allow them to not only comb through these large data releases, but allows them to locate and follow trails of subject matter in which they are interested. It even allows them to discover sub topics, and so on.
Literally, if these groups claim they are not releasing all of their information because media can't digest it, its a lie and is only self serving.
Anyone else notice a lot of shit which Wikileaks was suppose to release was never released in spite of the fact people are still manning the shop? Wikileaks existed solely to benefit, blackmail, extort, and steal information. The fact the information was never released seems to hint it was sold to the highest bidder. Otherwise, according to their claims, a lot of CEOs should be jail by now.
Re: (Score:3)
Re: (Score:3)
No, it was never released. Or I should say, if it has, I sure never read anything about it and I've been watching and looking. One thing I can tell you I'm absolutely sure of, if they have proof of collusion behind the economic meltdown, without a doubt, all roads lead to Goldman Sachs.
Re: (Score:2)
Re: (Score:2)
That's like applauding a pipe for not leaking every time water flows through it. Continuous success is continuous. At what point is there anything to say about that?
Re: (Score:2)
http://www.informationweek.com/news/government/security/229700151 [informationweek.com]
Re: (Score:2)
I'd like to hear about places that either prevented or blocked hacking from occurring JUST ONCE to show that the money spent on IT hasn't been completely wasted.
Not to feed the troll, but...
Places block/prevent hacking -constantly-, but that's not news.
If you spend some time monitoring the traffic on the outside interface of anywhere interesting, the number/variety of attempts are astounding.
Add to that the fact that the people on the inside (especially -not- the IT people) are incredibly apathetic, if not antagonistic toward security and it's really amazing that there aren't more successful attacks.
IOW, STFU, you don't know what you're talking about.
Re: (Score:3)
Most of this is just due to the ineptitude of IT in general, and lazy/bad coding techniques. Preventing SQL injection is elementary, yet LULZSEC and Anon seem to get a huge portion of their data by using it. The majority of the remainder of their data seems to come from social engineering, which IT departments should have weeded out a decade ago. The simple college computer lab support I did back in 2002 had explicit requirements for verification of identify before I did anything concerning accounts, securi
Re: (Score:2)
Lots of stuff gets stopped. Orders of magnitude more stuff gets stopped than actually gets through. No one cares about that. It's what we expect, shit is going on out int he Internet, we stop it from getting to our network. It's only when we fail that it's a story. Think about how crime statistics are reported: There were around 500 murders in New York City last year. That sounds horrible. What are the cops doing? Of course that means that approximately 8.2 million people (plus or minus tourists an
I thought they arrested anonymous (Score:4, Funny)
Like all of them, ever. Not posting as AC because I'm not currently in jail.
Re:I thought they arrested anonymous (Score:5, Insightful)
Re:I thought they arrested anonymous (Score:5, Interesting)
One gets the impression that this new hack is a direct response to the arrest reports. It certainly makes the feds look foolish claiming to have nabbed them.
Re: (Score:3)
Except that NATO didn't arrest anybody, the FBI did. However, NATO is engaged in an illegal and very prominent bombing campaign in Libya. That is the more likely motivation.
Time Warp? (Score:2)
This is getting sad (Score:5, Insightful)
Re:This is getting sad (Score:5, Insightful)
Really if a bunch of vigilantes can do it, imagine what the gov't sponsored Chinese hackers can do!
More like, if a bunch of vigilantes can do it, imagine what the gov't sponsored Chinese hackers do!
Re:This is getting sad (Score:4, Interesting)
I hear this sentiment a lot, but it would imply that the Chinese government is more competent than Western governments who allow for this type of fuck up in the first place.
Is there any evidence that Chinese public sector is somehow more competent than that in the West?
It's quite possible that the opposite is true, that the Chinese are managing to acquire fuck all, and that Chinese government systems themselves are equally vulnerable.
Re: (Score:3)
Re: (Score:2, Interesting)
A recent Chinese military airshow featured a brand new stealth fighter (flying prototype), with features and performance of amazing similarity to our US F-22 Raptor. Ooops.
I think we've already seen what govt sponsored Chinese hackers can do!
1GB hummm (Score:2)
They probably downloaded tons of non-ocrd scanned documents, stored as images
"Yes sir, it's all in the computer!"
Or maybe 100k of data has the most important info... they only have to find an EBCDIC decoder first
Re: (Score:3, Funny)
I am betting on porn... I always bet on porn.
Re: (Score:3, Insightful)
Re:1GB hummm (Score:4, Informative)
I am betting on porn... I always bet on porn.
That's classified. Non classified material cannot get into classified places.
Seriously, if they want security, then they should have "Tiger Teams" , that is people who try to breach security to FIND OUT if it is any good.
Re: (Score:2)
dd conv=ascii <in >out
Re: (Score:2)
iconv works as well
Cloud (Score:5, Insightful)
I certainly don't want to provoke anyone, but I wonder how long it will take until they hack gmail and other cloud-based services, and put all the data into the open?
Thanks to these guys, I'm not so sure anymore whether I like this idea of the cloud.
Re:Cloud (Score:5, Insightful)
You do realize that the things these guys do aren't that spectacular, right? They're little better than script-kiddies.
Real hackers are out there right now doing much, much more. And they aren't telling you about it.
So what you are essentially saying is that you feel perfectly safe, no matter the real situation, unless someone starts describing reality to you.
Anonymous/LulzSec has done a great job of showing people what the internet is really like. It's a very scary place.
Re: (Score:2)
Granted, you make your own mess when you hire the $20/hour web guy out of college who thinks that online transactions are safe because he used magento out of the box, but the real hacking is occuring daily and there's no way to stop it, or even properly monitor it. Even when these are
Re: (Score:3, Funny)
Real hackers are out there right now doing much, much more. And they aren't telling you about it.
Wait, if no one knows what "real hackers" are doing then how do you know they are doing anything?
Re: (Score:3, Insightful)
Your information is every bit as safe as it ever was. Which, as it turns out, might not be as safe as you thought it was.
Re: (Score:2)
Re: (Score:2)
Firstly, for
Re:That's the point (Score:2)
They hack anything and everything, and essentially just demonstrate that poor security is everywhere. Whether that's what they want to prove or not, that's the point they end up making.
Don't trust anyone with your data until they are proven secure, and then always wonder if they made an update that breaks their security.
People trust the cloud, but don't think about what it actually means. Someone else has your data, and you trust them to keep it private, and not use or sell bits and pieces here and there
Re: (Score:2)
Security is easy, very easy. The fact that none of these huge companies or government agencies can do rudimentary things to secure their sites should scare you. Hackers should keep plucking away at them until they either secure their sites or take them down entirely. Hacking should be legal, it's the only thing that tells us if a site is secure from the real bad guys... the ones that don't publish their results.
Re: (Score:2)
> I certainly don't want to provoke anyone, but I wonder how long it will take until they hack gmail and other cloud-based services, and put all the data into the open?
Well, given the fact that gmail now allows over 7.5GB of storage per account, hackers stealing a single GB of data probably wouldn't affect that many users. Of course that doesn't make it right, but it does limit the damage somewhat.
The Ultimate Conspiracy (Score:2)
Hack (Score:2)
"The AnonymousIRC software development organization have claimed this afternoon that they have programmed into NATO servers" Programmed into?
Hate to be a grammar Nazi but the message is a bit twisted. What did they do again?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I have heard of hacks for other sites that use two step authentication that install themselves as browser add-ons and slurp the cookie typed in. Then the blackhat is able to add or remove the second factor authentication, change the password and the account is theirs.
The first line of defense is making sure your endpoint is secure. Compromise that and the game is up, regardless of what authentication one has.
Re:Cloud (Score:4, Funny)
Big hairy deal. (Score:2)
I think the government is running out of terrorist and need a new batch of international terrorists with computers. You are not safe they ca
Re: (Score:3)
Well, eventually the feds caught on. They noticed that adding "with computers" to whatever is being done changes everything. For reference, see laws.
Re: (Score:2)
NATO Hacking (Score:5, Interesting)
I know, it's a stupid question but I have to ask it. Why are government and military servers and computers that store sensitive data connected to the internet at all. Shouldn't they be on isolated local networks only?
Re:NATO Hacking (Score:5, Insightful)
Can't reach TFA due to high traffic right now but from TFS it doesn't really say whether anything they stole was that expensive, just that there was "One Gigabyte" of it.
It could just be cafeteria menus.
It'll be a dark day when NATO's enemies hear about next Tuesday's Salisbury steak.
Re:NATO Hacking (Score:5, Funny)
Re: (Score:3)
I know, it's a stupid question but I have to ask it. Why are government and military servers and computers that store sensitive data connected to the internet at all. Shouldn't they be on isolated local networks only?
Because government agencies cooperate and share information routinely over very large distances with their personnel in different states and with agencies of other states as well. NATO is a very large organization comprising of 28 states. This means the military and intelligence agencies of 28 states cooperate with at least a fair degree of regularity, often across the ocean. Each state more than likely has their own internal information and communication system, yes. But to get each member state to agr
Re: (Score:3)
It's either not that sensitive, or someone REALLY fucked up.
Actual classified data is supposed to be airgapped, or protected by NSA Type I crypto. If these guys broke an approved Type I system, that would be some of the biggest news in crypto history.
Re: (Score:3)
Yep. Remember that Wikileaks needed someone on the inside to get the information. I find it highly unlikely that Anonymous got any really important documents. Sure, maybe they were marked classified. That doesn't mean shit.
Government paranoia (Score:4, Insightful)
"Restricted", "sensitive", and "secret" material is low level. That is the level of material that everyone in the military and government bureaucracy has access to. It is the sort of stuff that is either not very sensitive (ie enemy agents could figure it out easily just from observing a base or similar) or has only a small window in which it is useful (ie by the time the enemy could react it would be too late).
These days with the adversarial government/media relationship tons of material is classified like this just to discourage the media from baking scandals, and to prevent citizens from finding out about legitimate scandals (at least in the short term).
What was accessed in this case was probably some boring inter-NATO administrative emails, with the most interesting stuff being up-coming exercises and the like.
The stuff that Wikileaks released that inspired this spate of hackings WAS from an air-gapped computer.
Re: (Score:2)
"Restricted", "sensitive", and "secret" material is low level. [...] It is the sort of stuff that is either not very sensitive (ie enemy agents could figure it out easily just from observing a base or similar) or has only a small window in which it is useful (ie by the time the enemy could react it would be too late).
Intelligence analysis involves a lot of time and effort collating non-secret, but "sensitive" material.
Because frequently, sensitive + sensitive + sensitive = secret.
As an example: Recall the grad student who compiled a map of the USA's fiber infrastructure?
His master's thesis was classified and the Feds pulled all his citations from public access.
Another example: The plane spotters who log tail numbers and figured out the CIA's network of private rendition jets.
The world is full of non-secret information t
Re: (Score:2)
Because there's no point in having a massive intelligence network if your people can't access the info. And it's really not practical to have to travel to a very specific office somewhere to get the data.
All your personal data (and mine) is available in a couple of thousand offices too... and can therefore be hacked as well.
Re:NATO Hacking (Score:4, Insightful)
They *don't* have sensative data stored on networks accessable to the internet. I certainly believe its possible for a NATO web server to contain 1GB of documents... The same kind of crap that you find on publicly owned company intranets, documents and documents of rambling and meeting minutes and useless garbage stored because they're being transparent to the public. For all we know at this point Anonymous *hacked* a bunch of files that were accessible by a internal search engine to the site.
Re: (Score:2)
Sensitive data... again? (Score:2)
By now, with all that happened in the last 6 months on this front, you would have though that any computer holding sensitive information was already moved behind an air gap. That IT security experts would have learned that they cannot protect their networks against attack as long as the network is opened to the outside world.
Either people do not learn, or they are really way to slow at making things change...
Re: (Score:2)
Re: (Score:2, Insightful)
Yah maybe if there were actually real threats that NATO was needed for... they might take security seriously. Given that they are just an excuse for nations to dump money into military contractor pockets (much like the US military who hasn't fought a real threat since the early 40s)... well why should they give a shit?
Intrusions? Data gets lost? Clearly that means they need more budget. This will be a windfall for them.
Re: (Score:2)
Re: (Score:2)
Or Anonymous thinks the data is a lot more sensitive than it really is.
Re: (Score:2)
"By now, with all that happened in the last 6 months on this front, you would have though that any computer holding sensitive information was already moved behind an air gap."
It goes a bit like this:
"Nah, it's nothing to worry about, it'll never happen to us. Now get on with doing your Office 2010 upgrades."
Wha.... (Score:3)
How is it that all these different sites keep getting hacked? I mean, NATO doesn't have access to experts in internet security that are able to defend against these attacks?
I'm not in the field, obviously, and I know that things are always evolving, but it seems to me that there needs to be more layers in web security. Also, why is there not more encryption on sensitive data? Is encryption more costly if it's more complex?
I can understand when a corporation gets hacked, they're going cheap on web security because of the costs. But one would think that truly sensitive information with major geopolitical players would be buttoned up pretty damn tight.
Re:Wha.... (Score:4, Interesting)
The thing is, they are not picking targets and then hacking them, rather they are mass scanning to see what is vulnerable then picking through the list to find stuff they find interesting. With that said, you would expect a military organization not to be the "low hanging fruit".
Re: (Score:3)
Keep in mind most of their targets are large organizations with tons of Internet-connected computers -- one of those machines is bound to have a vulnerability.
Glad to learn that the boys aren't discouraged by (Score:4, Insightful)
Shares (Score:2)
These guys probably have shares in some security company...
Re: (Score:2)
They probably are a security company.
I don't understand.. (Score:2)
why does every piece of data have to be on the fucking Internet. Just because a computer or a network isn't connected to the Internet, it won't instantaneously burn or explosively self-destruct.
Re: (Score:3)
For really important stuff, that's what dedicated lines are for. For the rest, SSH tunnels and VPNs.
It's this habit of putting your secret documents on the same machine that serves your website that's getting people in trouble.
Why keep secrets in the first place? (Score:2)
If governments were more open and didn't try to keep so many secret, it wouldn't be so bad if they got hacked. By definition, if there were no secrets, they'd be nothing to hack. Perhaps this a motivation behind the attacks by Anonymous: they want to show governments that keeping secrets is no longer worthwhile.
I think future governments have three choices: 1. Pay the cost of maintaining highly secure systems to keep their secrets (which can never be guaranteed) 2. endure the costs of their secrets being di
Some reference... (Score:5, Informative)
For those of you who don't understand the military's networks. And there are a lot of you, it seems.
http://en.wikipedia.org/wiki/SIPRNet [wikipedia.org]
http://en.wikipedia.org/wiki/NIPRNet [wikipedia.org]
http://en.wikipedia.org/wiki/Sigint [wikipedia.org]
Re:Again (Score:5, Informative)
Re:Again (Score:5, Interesting)
Makes you wonder though... what would the world be like if people were actually held responsible for their actions and were not able to do things anonymously. Wouldn't that mean that Anonymous should eventually be self exposing?
(I'm not saying it's right/wrong/etc. Just wondering.)
Re: (Score:3, Insightful)
Makes you wonder what would happen in the world if people in the armed forces were actually held responsible for their actions and were not able to do whatever they wanted.
http://www.collateralmurder.com/ [collateralmurder.com]
Re:Again (Score:5, Insightful)
Plenty of people join with nothing but the best intentions; if you think the guys actually pulling the trigger in that video don't lose sleep over it I don't think you know many soldiers. If you simply must condemn someone for that video, by all means - go after the people who attempted to cover it up. Not the poor guys who had to find out after watching the news that they killed innocent men.
War is cruelty. There is no use trying to reform it. The crueler it is, the sooner it will be over. - William T. Sherman
Re: (Score:2)
The problem with that video are the guys who insist on shooting the people, who are obviously just recovering the bodies.
Re:Again (Score:4, Interesting)
Of course the majority of people have nothing "but the best intentions" at heart.
However, my point was if we're going to start attempting to make these "anon" people start owning up for their actions let's start with the ones committing actual atrocities. You know the ones covering up the things Anon uncovers.
And I'm not sure if we watched the same video, but the boys in that one firing the guns didn't seem too hesitant about killing those people. I don't think they're losing any sleep.
My boyfriend is in the marines (gay), so I know a few people in the forces (now that that's out of the way).
Re: (Score:3, Informative)
Like I said... I'm biased... I look at a lack of hesitation as good training. I heard a saying in basic - "Ready, aim, fire, yours, theirs, bodycount and regrets - in that order." and while we could argue all day about the morality of striking targets with no feasible means of fighting back (foot vs chopper) they did everything according to procedure - a procedure that's designed to protect you
Re: (Score:3)
Re: (Score:2)
In such a world, we would neither need nor have Anonymous.
Your brave new world is, however, undesirable. Various organizations keep trying to set the clock to 1984, however.
Re: (Score:2)
It's not my "brave new world" ... I like a bit of anonymity/privacy. I read something about someone's utopia a while back and one of their requirements was total lack of anonymity. I couldn't figure out why it was a requirement for their utopia, but their only rationality for it was crime.
Re: (Score:2)
I'm sympathetic to the notion of full transparency. In a surveillance society you can see that everyone else is human too, and that they do stuff while you're not watching. As reality is even wackier than fiction, I imagine that it would pretty much kill ordinary television, too. On the other hand, I don't believe in governments that don't try to overstep their bounds, which is why I too prefer a world with privacy. Ultimately I don't believe we'd ever get to actually see what everyone was doing all the tim
Re:Again (Score:5, Insightful)
A reasonable state should provide for decreasing levels of privacy as your power increases. For example, those with significant power to sway opinion—politicians, celebrities, etc.—should have much less right to privacy than Joe Random. Indeed, this is the way our privacy laws are structured today.
Where our privacy laws break down is when it comes to corporate privacy and government privacy—the privacy of large groups acting as a single hive mind. These groups should have almost no privacy because they have much greater power than the average citizen. Unfortunately, this is seldom the case, and this is the problem that needs to be fixed—not reducing the privacy of individuals, but rather reducing the privacy of individuals in their official capacity while working together in large groups. That's not very easy to do, though, at least without decreasing their privacy as individuals, which is why things go horribly wrong (whether because you gave them too much privacy and got corruption or too little privacy and got MonicaGate absurdity).
I tend to lean on the side of targeted laws in this area—sunshine laws, open records laws, open meetings laws, etc. When these are insufficient, the flaws should be corrected. When these are ignored, the perpetrators should do jail time to serve as an example to others. If this were happening consistently, we'd have a lot fewer problems with our democracy.
Re: (Score:2)
Re:Again (Score:5, Insightful)
Re: (Score:2)
but seriously, the US government kills innocent people every day of the week.
Except the US government does not intentionally go after unarmed civilians (and no, do not bring up WW2 or Vietnam as counterexamples of that). We don't bomb crowded markets or restaurants, we use precision guided weapons to limit collateral damage as much as possible(and yes, also because 1 bomb is usually cheaper than 50). We train our soldiers to identify hostile targets and not fire indiscriminately. The people we are fighting use civilians as human shields. Our soldiers use themselves to shield civ
Re: (Score:2)
"Except the US government does not intentionally go after unarmed civilians"
Just like Wikileaks ...
Re: (Score:2)
And it's not like it's a new thing, there's a huge history of civilian deaths during EVERY invasions/wars.
Fixed that for you. Civilians have always died and suffered from war. But no government in history has gone to such lengths and measures and the US and other Western governments have in trying to prevent innocent deaths in the legal and cultural environments of their respective militaries. And remember this, for the last 70 years, these soldiers have been risking their lives to protect civilians not of their own state, but of whichever state they are fighting in. They have no connection to these people
Re:Again (Score:5, Insightful)
Seeig as this data is probably along the lines of how many crates of dried parsley some air base is requisitioning doesn't strike me as a life or death matter.
You need to read up on Bletchley Park and Ultra. Mundane information about military units and individuals turned out to be amazingly useful.
Re: (Score:3)
The rumor is that they have an unknown Apache exploit.
Re: (Score:2)
Incompetent developers. I haven't read everything, but my impression is that Anonymous and LulzSec simply used SQL injection for many of their cracks, which is something that any competent web developer should know how to prevent without even trying.
Re: (Score:2)
Re: (Score:2)
exploiting 3rd world laborers
Yeah, right. How dare corporations give them a job that isn't up to 1st world standards! The fact that they take these jobs just shows how badly they need work, and it is wrong to give people a job if it isn't a great one. Better to make it so expensive that it isn't worth it to have the factories there at all, leaving them without 1st world knowledge, resources or money to dig themselves out of their current wretched state. Nevermind the industrialization of 1st world countries was pretty brutal. I want to
Re: (Score:2)
China is already starting to develop its own brand of imperialism. They're buying lots of dirt cheap land in Africa in order to guarantee their own food supply, for example. Not to mention the amount of stuff in the US and Europe that they already own. China is every bit as corporatist as the US.