UK arrests teen suspected of hacking CIA chief

British authorities, with help from the FBI, have arrested a teenager who infiltrated the personal email account of the director of the CIA and posting personal details online.

The 16-year-old boy was arrested in the East Midlands on Tuesday Feb 09 as part of an investigation in to the data breach of John Brennan’s emails last year.

For the past several months, a group calling itself “Crackas With Attitude” has been disclosing private information associated with such high-ranking officials as CIA Director John Brennan, Director of National Intelligence James Clapper, Homeland Security Secretary Jeh Johnson.

Information about rank-and-file employees working for the FBI, Justice Department and the Department of Homeland Security were posted online this week, though sources described the pilfered information as amounting to an internal phone directory.

Authorities suspect so-called “social engineering” may have helped those responsible gain access to the federal systems, according to one U.S. official.

But a spokesman for the South East Regional Organized Crime Unit would neither confirm nor deny what he called “speculation” linking the arrest to the hacks targeting U.S. officials.

Social engineering essentially involves a hacker gaining access to a system by sending an email to someone and pretending to be a known or trusted associate of the recipient.

“There is no indication at this time that there is any breach of sensitive or personally identifiable information,” DHS said in a statement earlier this week.

But officials expressed concern that more sensitive information was accessed and could be released.

In October, a personal AOL email account associated with CIA Director Brennan, and containing personally identifiable information, was hacked, as was an account linked to DHS Secretary Johnson.

Sources said it did not appear Brennan used the account for government business after he became CIA director. Johnson’s targeted account also was not used regularly, sources said at the time.

U.S. authorities began to identify what they thought was a group of suspects at least two months ago, ultimately narrowing in on the 16-year-old in England, the sources said.

Founder of ‘revenge porn’ website held for hacking

The founder of a so-called ‘revenge porn website’ has been arrested and charged by the FBI for allegedly hacking into email accounts and stealing nude photographs to post them online without consent.

Hunter Moore, 27, often described as ‘the most hated man on the internet’, was arrested at his home in Woodland, California. A second man, Charles Evens, 25, was also arrested in the Studio City area of Los Angeles. They face charges including conspiracy, computer hacking and aggravated identity theft as part of a 15-count federal grand jury indictment issued this week.

Evens pleaded not guilty before a federal judge. Moore did not enter a plea and remains in custody in Northern California. If found guilty, they could spend decades behind bars.

According to the 13-page indictment, Moore allegedly conspired with Evens to illegally gain access to victims’ computers to obtain explicit photographs for the purpose of revenge. Moore instructed Evens to hack e-mail accounts in exchange for money.

From 2010 to 2012, Moore ran a revenge porn website IsAnyoneUp.com, which allowed visitors to upload pictures of ex-partners or people who have participated in ‘sexting’ and sent nude pictures of themselves.

In an interview with the BBC, Moore said he made as much as $20,000 a month in advertising revenue. Moore sold IsAnyoneUp in 2012 to an anti-bullying organisation.

“I just monetise people’s mistakes that they made, and it’s kind of a shady business, ” he said at the time.” But if it wasn’t me, somebody else was going to do it.”

His arrest comes shortly after a new California law banned revenge porn websites, making it illegal to post identifiable nude pictures online without consent or with the intent of causing emotional distress. The penalty carries a $1,000 (£617) fine and up to six months in prison.

Pune-based global hacker Amit Vikram Tiwari arrested

In what is being termed as the biggest international hacking scandal, possibly involving corporates, associations and big individuals, coordinated raids were conducted by investigative agencies in India, China and Romania, on the basis of intelligence from Federal Bureau of Investigation about the “organised hacking” happening in three countries and others. In India, the Central Bureau of Investigation conducted raids at four places including Mumbai, Pune and Ghaziabad and arrested the alleged mastermind hacker in India – Amit Vikram Tiwari (31), son of a former army colonel, said sources.

Interestingly, the controversial cricket league – Indian Premier League – is back in news again with the hacking scandal. According to highly placed sources, people connected to the IPL had approached Tiwari for hacking into the some accounts but they reportedly had a dispute over money after which work was not reportedly completed. CBI is investigating the IPL connection with the hacking. Officials refused to divulge details but hinted that some people associated with the tournament wanted high-level hacking done.

The primary investigations have revealed that corporates, individuals and even companies – “the clients” – had approached the hackers either for marriage disputes related issues or commercial purposes, which sources described as “corporate rivalry”.

It is suspected that Amit Vikram Tiwari is main hacker in India but he was in touch with people abroad and master-hackers are based somewhere else. Sources also said that most of clients who approached Tiwari for hacking into email accounts and websites were foreigners. All possibilities — national security, corporate hacking, financial fraud and hacking into government departments and secret units, are being probed by CBI in coordination with FBI.

Officials say that 900 email accounts were hacked between February 2011 and February 2013 by international hackers including Tiwari and 171 accounts out of these belonged to Indians. “It has been alleged that a number of internet websites advertised that the website operators could get access to e-mail account in exchange for a fee varying from $250 to $500. The customers desirous to get unauthorized access, submitted e-mail accounts to these websites. Upon receipt of the order, as well as the e-mail addresses, the website operators gained access to such e-mail accounts and sent a proof of such access to the customers. On receipt of payment from Customers these website operators shared the password with the customers,” said CBI Spokesperson Kanchan Prasad. CBI has booked Tiwari and unknown hackers for criminal conspiracy, theft of information and Section 66 of Information Technology Act.

Sources say that payments were being received by hackers through western union money transfer and web-payment portal paypal.com.

What has baffled investigators is that FBI tracking the scandal. It is being suspected that some accounts related to United States government and big corporates there were also hacked after which FBI tracked the hosting sites, used for hacking, in India, China and Romania. In India, Tiwari and his fellow hackers were using two primary websites – and from Pune.

CBI Director Ranjit Sinha said that this was part of an international law enforcement operation and CBI had registered two FIRs against suspect operators of hacking websites. “The operation is product of an international investigation coordinated by Federal Bureau of Investigation, Department of Combating Organised Crime (DCCO) of Romania, CBI and the Ministry of Public Security (MPS) of China and raids in three countries were carried out simultaneously,” said Sinha.

The FBI officials had been reportedly having regular meetings with CBI in New Delhi over past few months and a preliminary enquiry was registered last month itself and it was decided that coordinated raids would be conducted in all the countries. FBI has launched major operation against hackers located globally last year as part of which Romanian authorities have arrested a hacker known as ‘Guccifer’ on Thursday who was infamous for hacking into accounts of powerful leaders. It is alleged that Guccifer leaked online Colin Powell’s personal emails, an unreleased script of Downton Abbey, and the paintings of George W Bush.

CBI sources say they had no information about arrests made in Romania and China as it was the domain of authorities in those countries and it was only concerned with the probe in India.

CBI officials, after arresting Tiwari from Pune, were bringing him to Delhi for interrogation. He has initially given some inputs about his clients and people whose accounts were hacked. Agency has recovered his computers, laptop and hard-drives for retrieving the data.

Sources say that Tiwari, who had reportedly done his engineering from Pune, had been arrested in 2003 as well for trying to defraud a Mumbai based credit card processing company. Mumbai Police had arrested him for the scandal.

Source : TOI

FBI warns that Anonymous has hacked US government sites for a year

Activist hackers linked to the collective known as Anonymous have secretly accessed U.S. government computers in multiple agencies and stolen sensitive information in a campaign that began almost a year ago, the FBI warned this week.

The hackers exploited a flaw in Adobe Systems Inc’s software to launch a rash of electronic break-ins that began last December, then left “back doors” to return to many of the machines as recently as last month, the Federal Bureau of Investigation said in a memo seen by Reuters.

FBI Warns Anonymous

The memo, distributed on Thursday, described the attacks as “a widespread problem that should be addressed.” It said the breach affected the U.S. Army, Department of Energy, Department of Health and Human Services, and perhaps many more agencies.

Investigators are still gathering information on the scope of the cyber campaign, which the authorities believe is continuing. The FBI document tells system administrators what to look for to determine if their systems are compromised.

An FBI spokeswoman declined to elaborate.

According to an internal email from Energy Secretary Ernest Moniz’ chief of staff, Kevin Knobloch, the stolen data included personal information on at least 104,000 employees, contractors, family members and others associated with the Department of Energy, along with information on almost 2,0000 bank accounts.

The email, dated October 11, said officials were “very concerned” that loss of the banking information could lead to thieving attempts.

Officials said the hacking was linked to the case of Lauri Love, a British resident indicted on October 28 for allegedly hacking into computers at the Department of Energy, Army, Department of Health and Human Services, the U.S. Sentencing Commission and elsewhere.

Investigators believe the attacks began when Love and others took advantage of a security flaw in Adobe’s ColdFusion software, which is used to build websites.

Adobe spokeswoman Heather Edell said she was not familiar with the FBI report. She added that the company has found that the majority of attacks involving its software have exploited programs that were not updated with the latest security patches.

The Anonymous group is an amorphous collective that conducts multiple hacking campaigns at any time, some with a few participants and some with hundreds. In the past, its members have disrupted eBay’s Inc PayPal after it stopped processing donations to the anti-secrecy site Wikileaks. Anonymous has also launched technically more sophisticated attacks against Sony Corp and security firm HBGary Federal.

Some of the breaches and pilfered data in the latest campaign had previously been publicized by people who identify with Anonymous, as part of what the group dubbed “Operation Last Resort.”

Among other things, the campaigners said the operation was in retaliation for overzealous prosecution of hackers, including the lengthy penalties sought for Aaron Swartz, a well-known computer programmer and Internet activist who killed himself before a trial over charges that he illegally downloaded academic journal articles from a digital library known as JSTOR.

Despite the earlier disclosures, “the majority of the intrusions have not yet been made publicly known,” the FBI wrote. “It is unknown exactly how many systems have been compromised, but it is a widespread problem that should be addressed.”

Second LulzSec hacker sentenced

Second Member of Hacking Group Sentenced to More Than a Year in Prison for Stealing Customer Information from Sony Pictures Computers

LOS ANGELES—A member of the LulzSec hacking group was sentenced this morning to one year and one day in federal prison for participating in an extensive computer attack that compromised the computer systems of Sony Pictures Entertainment and resulted in personal information of more than 138,000 people being posted on the Internet.

LulzSec Hacker Jailed

Raynaldo Rivera, age 21, known by the online moniker “neuron,” of Chandler, Arizona, was sentenced by United States District Judge John A. Kronstadt. In addition to the prison sentence, Judge Kronstadt ordered Rivera to serve 13 months of home detention, to perform 1,000 hours of community service and to pay $605,663 in restitution.

Rivera pleaded guilty last October to conspiring to cause damage to a protected computer after participating in the attack on Sony Pictures in 2011.

Lulzsec’s goal in the attacks on Sony Pictures and other corporate and government entities, according to a court document, was to see the “raw, uninterrupted, chaotic thrill of entertainment and anarchy” and to provide stolen personal information “so that equally evil people can entertain us with what they do with it.”

Another member of LulzSec, Cody Andrew Kretsinger, who used the online moniker “recursion,” was sentenced in April to one year and one day in federal prison. In addition to the prison term, Judge Kronstadt ordered Kretsinger to serve one year of home detention following the completion of his prison sentence, to perform 1,000 hours of community service, and to pay $605,663 in restitution.

Rivera and Kretsinger studied together at the University of Advancing Technology in Tempe, Arizona. Kretsinger first joined LulzSec, and then he recruited Rivera to join the group, prosecutors said.

Rivera, Kretsinger and others involved in the intrusion obtained confidential information from Sony Pictures’ computer systems by using an SQL injection attack against Sony Pictures’ website. The attackers distributed the stolen data on the Internet, information that included names, addresses, phone numbers, and e-mail addresses for tens of thousands of Sony customers.

LulzSec is known for its affiliation with Anonymous, which is a loose collective of computer hackers and others around the world who conduct cyber attacks and disseminate confidential information stolen from victims’ computers. In 2011, LulzSec engaged in “a two-month rampage of cyber attacks against various corporate and government entities in the United States and the United Kingdom,” according to a sentence memorandum filed by prosecutors.

This investigation into the attack on Sony Pictures’ computer systems was conducted by the Electronic Crimes Task Force (ECTF) in Los Angeles. The ECTF is composed of agents and officers from the FBI, the United States Secret Service, the Los Angeles Police Department, the Los Angeles County Sheriff’s Department, the United States Attorney’s Office, the Los Angeles County District Attorney’s Office, and the California Highway Patrol.

Barrett Brown’s Mother faces Prison

Anonymous hacktivist Barrett Brown’s Mother faces Prison for hiding Evidences

The legal troubles of Barrett Brown, the alleged spokesperson of the hacking collective Anonymous do not seem to be ending as of now. In fact, his mother is also bearing the brunt of his confrontation with the legal system. His mother Karen McCutchin has pleaded guilty to helping her son hide two computers which the FBI wished to seize during a raid on his house last year, and this can cost her a hefty sum as fine and a stint in prison.

Anonymous hacktivist Barrett Brown’s Mother faces Prison for hiding Evidences

It was during the last week that Karen McCutchin had accepted her offense of obstructing the execution of a search warrant and at present she is waiting to be sentenced. She could be sentenced with up to an year in prison and a fine of 100,000 dollars.

It all started on March 6, 2012 when the FBI performed the raid on the house of Barrett Brown in Dallas, Texas so as to uncover evidence and information about his affiliation with the hacking collective Anonymous and their offshoot LulzSec as he was closely linked to both the groups. The FBI wanted to investigate his personal website as he headed the Operation PM and was linked in the hacking of StratFor, a private intelligence agency from which data was stolen. He wasn’t in the house at the time of raid and he moved his computers to his mother’s house nearby. When he was asked by the investigators to hand over his equipment, he denied and then the officers came back with a search warrant for his mother’s house and seized all equipment.

Brown himself wrote about this raid the very next day “They told me that they’d executed a search warrant at my apartment and that the door had been broken in the process, and then asked me if I had any laptops with me here at my mom’s place that I wanted to give them. I responded in the negative, and they left,” “At any rate, the Feds came back a couple of hours later with a search warrant for my mom’s place – they fully intended to take a certain laptop, and did.” 

After this altercation, he wrote more about the inclination of the authorities to prosecute his mom. In fact this was the reason for his posting of a video on YouTube in which he threatened an FBI agent with dire action which led to more stringent charges against Brown when he was finally arrested in September last year. Brown is awaiting prosecution as of now as his hearing has been delayed till September which means that he will have spent a year in prison by then. He has been indicted on three charges and could face up to 100 years in prison.

However, during an interview for a magazine from behind the bars he has mentioned that he is not worried about his trial and he is hopeful that others will continue his crusade. But it is unfortunate that his mother is facing a harsh penalty as a result of his case.