the security circus. wikileaks published
TRANSCRIPT
![Page 1: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/1.jpg)
The Security Circus
![Page 2: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/2.jpg)
Wikileaks
• Published <1000 US Gov't diplomatic cables froma leak of 250,000
• Distributed an encrypted "Insurance" file by BitTorrent• Widely assumed to contain the complete,
uncensored leaked data• Encrypted with AES-256--no one is ever getting in
there without the key• Key to be released if Assange is jailed or killed,
but he is in UK now resisting extradition to Sweden and the key has not been released
![Page 3: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/3.jpg)
Anonymous
http://www.indybay.org/newsitems/2011/08/16/18687809.php
![Page 4: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/4.jpg)
Operation Payback
• 4chan's Anonymous group• Attacked Scientology websites in 2008• Attacked the RIAA and other copyright
defenders• Using the Low Orbit Ion Cannon with
HiveMind (DDoS)• "Opt-in Botnet"
![Page 5: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/5.jpg)
HB Gary Federal
• Aaron Barr• Developed a questionable
way to track people down online
• By correlating Twitter, Facebook, and other postings
• Announced in Financial Times that he had located the “leaders” of Anonymous and would reveal them in a few days
![Page 6: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/6.jpg)
![Page 7: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/7.jpg)
Social Engineering & SQLi
• http://tinyurl.com/4gesrcj
![Page 8: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/8.jpg)
Leaked HB Gary Emails
• For Bank of America– Discredit Wikileaks– Intimidate Journalist Glenn Greenwald
• For the Chamber of Commerce– Discredit the watchdog group US Chamber
Watch
– Using fake social media accounts
• For the US Air Force• Spread propaganda with fake accounts
• http://tinyurl.com/4anofw8
![Page 9: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/9.jpg)
Drupal Exploit
![Page 10: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/10.jpg)
OpBART
• Dumped thousands of commuter's emails and passwords on the Web– http://www.djmash.at/release/users.html
• Defaced MyBart.org– http://www.dailytech.com/Anonymous
%20Targets%20Californias%20Infamous%20BART%20Hurts%20Citizens%20in%20the%20Process/article22444.htm
![Page 11: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/11.jpg)
Booz Allen Hamilton
• "LulzSec" hacked it in July 2011• Dumped 150,000 US Military email addresses
& passwords– http://www.forbes.com/sites/andygreenberg/
2011/07/11/anonymous-hackers-breach-booz-allen-hamilton-dump-90000-military-email-addresses/
![Page 12: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/12.jpg)
Missouri Sheriff's Association
• Hacked by AntiSec, another part of Anonymous
• Published credit cards, informant personal info, police passwords, and more– https://vv7pabmmyr2vnflf.tor2web.org/
![Page 13: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/13.jpg)
Th3j35t3r
• "Hacktivist for Good"• Claims to be ex-military• Originally performed DoS attacks on Jihadist
sites• Bringing them down for brief periods, such
as 30 minutes• Announces his attacks on Twitter, discusses
them on a blog and live on irc.2600.net
![Page 14: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/14.jpg)
Jester's Tweets from Dec 2010
![Page 15: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/15.jpg)
Th3j35t3r v. Wikileaks
• He brought down Wikileaks single-handed for more than a day
– I was chatting with him in IRC while he did it, and he proved it was him by briefly pausing the attack
![Page 16: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/16.jpg)
Wikileaks Outage
• One attacker, no botnet
![Page 17: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/17.jpg)
Th3j35t3r
• After his Wikileaks attack• He battled Anonymous• He claims to have trojaned a tool the Anons
downloaded• He claims to pwn Anon insiders now
![Page 18: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/18.jpg)
Jester's Tweets
![Page 19: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/19.jpg)
Westboro Baptist Outage
• 4 sites held down for 8 weeks• From a single 3G cell phone
– http://tinyurl.com/4vggluu
![Page 20: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/20.jpg)
LulzSec
• The "skilled" group of Anons who hackedUS Senate AZ PolicePron.com Booz HamiltonSony NATOInfragard The SunPBS Fox NewsH B Gary Federal Game websites
![Page 21: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/21.jpg)
![Page 22: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/22.jpg)
![Page 23: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/23.jpg)
Ryan Cleary
• Arrested June 21, 2011• Accused of DDoSing the UK’s Serious Organised Crime
Agency• http://www.dailymail.co.uk/news/article-2007345/Ryan-Cleary-Hacker-
accused-bringing-British-FBI-site.html
![Page 24: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/24.jpg)
T-Flow Arrested July 19, 2011• http://www.foxnews.com/scitech/2011/07/19/leading-member-lulzsec-
hacker-squad-arrested-in-london/
![Page 25: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/25.jpg)
Topiary Arrested
• On 7-27-11• http://www.dailymail.co.uk/news/article-
2021332/Free-Radicals-The-Secret-Anarchy-Science-sales-rocket-Jake-Davis-seen-clutching-copy.html
![Page 26: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/26.jpg)
– http://mpictcenter.blogspot.com/2011/08/how-i-out-hacked-lulzsec-member.html
![Page 27: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/27.jpg)
Stay Out of Anonymous
• http://mpictcenter.blogspot.com/2011/08/stay-out-of-anonymous.html
![Page 28: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/28.jpg)
![Page 29: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/29.jpg)
Case Studies
![Page 30: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/30.jpg)
Dan Kaminsky
• Link Ch0a
![Page 31: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/31.jpg)
Jacob Applebaum
• Link Ch 0b
![Page 32: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/32.jpg)
Boris Sverdkik
![Page 33: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/33.jpg)
Security Curmudgeon
• Link Ch 0e
![Page 34: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/34.jpg)
Byron Sonne
• Link Ch 0g
![Page 35: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/35.jpg)
Gregory D. Evans
![Page 36: The Security Circus. Wikileaks Published](https://reader035.vdocuments.site/reader035/viewer/2022062517/56649efe5503460f94c12c21/html5/thumbnails/36.jpg)
Sam Bowne