Attacks/Breaches
12/20/2012
11:15 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Continues Westboro Church Attacks

Hacktivist collective Anonymous gets help with attacks against Westboro Baptist Church, which pledged to picket funerals of shooting victims in Newtown, Conn.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
The hacktivist collective Anonymous, hacker Cosmo The God, and the botmaster known as The Jester, have continued their press against Westboro Baptist Church (WBC), after the group said it would picket the funerals of people killed at the Sandy Hook Elementary School in Newtown, Conn.

Westboro Baptist Church, an independent group that self-identifies as a church, is known for picketing the funerals of members of the armed services who have been killed in action in Iraq and Afghanistan.

On Wednesday, 15-year-old Cosmo The God, who's a member of Underground Nazi Hacktivist Group (UG Nazi), apparently took over the Twitter account of Fred Phelps Jr., who's the son of Westboro leader Fred Phelps Sr. The compromised Twitter page header was changed to read "Ooooooooops!" and bear the name of Cosmo. On Wednesday, multiple tweets began listing the names of the people killed at Sandy Hook Elementary School. The hijacked Twitter account remained active until Thursday morning, at which point it was suspended by Twitter.

[ Want more background on Anonymous? Read Who Is Anonymous: 10 Key Facts. ]

Suggesting that the real Cosmo was behind the exploit, a Wednesday tweet from the hacked Twitter account was retweeted by the Cosmo The God Twitter feed, making it the first account activity there since a June 28 post announcing that "me and Josh were arrested early monday morning." Interestingly, the retweet was later missing, which may have been due to Twitter suspending the account of Fred Phelps Jr.

The takeover of Phelps' Twitter account was a repeat of Cosmo's apparent takeover of Westboro spokeswoman Shirley Phelps-Roper's "Dear Shirley" Twitter feed earlier in the week. Cosmo reportedly accomplished the takeover by exploiting a vulnerability in Twitter's trouble-ticket system, which allowed him to close requests from account owners before Twitter had responded to them.

Members of Westboro have yet to publicly respond to the recent Anonymous, Cosmo, or Jester attacks.

Earlier this week, Anonymous released personal details about the group's members, including social security numbers and dates of birth, via Pastebin as well as multiple Twitter channels, including @LulzExecutive and @Shm00pLOL, both of which have since been suspended by Twitter. Anonymous also filed for a death certificate in the name of Phelps-Roper, to prevent her from using her social security number. Anonymous members also have been publishing the phone numbers of hotels in Connecticut where members of the group are saying, and urging people to phone the hotel operators and request that they refuse to do business with Westboro.

Under the banner of #OpWBC -- as well as #OpWestBor -- on Twitter, members of Anonymous also have vowed to dismantle Westboro using every available means. To that end, members of the group have been urging people to sign a White House petition calling for Westboro to be labeled as a "hate group" and to have its tax-exempt church status revoked by the IRS. As of Tuesday, the petition had received more than 227,000 signatures, far in excess of the 25,000 needed to trigger an official response from the White House.

This week, approximately 10 of the 19 websites operated by Westboro also appear to have been disrupted by a hacker and distributed denial-of-service (DDoS) botmaster known as The Jester. He previously has provided assistance to Anonymous when it sought to knock websites offline. According to a Wednesday post to the Jester's Twitter feed: "I'm not trying to violate #WBC's civil rights. I'm just making best use of mine. And I'm non-violent. They hate that."

One reason it had been difficult for Anonymous participants to disrupt the Westboro websites on their own was because Westboro had contracted with DDoS and threat mitigation provider Black Lotus Communications to keep its websites online. But after that fact came to light, Black Lotus Wednesday announced that it would donate all revenue it's received from Westboro to charity, and began soliciting recommendations for which charities it should choose.

On Twitter, numerous people began lauding Black Lotus for dropping its support for Westboro, and making recommendations for where the money should go.

"We have received overwhelming support for donations to be given to various groups supporting the Newtown community, veterans groups like the Wounded Warrior Project, and LGBT groups like The Trevor Project," Jeffrey Lyon, Black Lotus Communications president, told Wikinews. The company's Twitter channel also called out United Way of Connecticut's Sandy Hook fund as a potential recipient.

Reached by email, Lyon confirmed that the money would be donated to charity, although his company has yet to make a formal announcement. He also confirmed that Westboro would remain a customer, at least for now. "As a security firm, it is our duty to defend our clients even in those cases where we disagree with their actions," he said. "WBC is non-violent and has not put anyone's lives at risk so our supposed authority to terminate the account under terms of service, as suggested by the protesters, is extremely weak. At that point the only option if we chose to cease our relationship would be non-renewal of service at end of term."

He said those facts had been relayed to protestors. "I reached out to @YourAnonNews and asked what they felt the best course of action would be given these facts," said Lyon. "They agreed to ask their supporters if our idea of gifting all ongoing WBC revenue to charity would be a positive outcome and the vast majority agreed."

Furthermore, noting that "the revenue we receive from WBC is very minimal," Lyon said the company would make its own, out-of-pocket donations, beginning with $2,000 to the United Way's Sandy Hook School Support Fund. He said the company planned to make an official announcement later this week.

Whether it's for monetary gain, revenge or embarrassment, hackers want your organization's data, and they will stop at almost nothing to get it. In the How Attackers Find And Exploit Database Vulnerabilities report, we look at the vulnerabilities attackers target, how they get in and what they do once they get there. More importantly, we recommend how to close those holes and establish a layered security approach that includes products, processes and constant vigilance. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
MACDONALDBANK
50%
50%
MACDONALDBANK,
User Rank: Apprentice
12/20/2012 | 5:37:45 PM
re: Anonymous Continues Westboro Church Attacks
Phelps should be locked up in an insane asylum!
ANON1234301472779
50%
50%
ANON1234301472779,
User Rank: Apprentice
12/20/2012 | 6:30:00 PM
re: Anonymous Continues Westboro Church Attacks
Good. WBC is a hate group.
tech_head
50%
50%
tech_head,
User Rank: Apprentice
12/20/2012 | 7:02:18 PM
re: Anonymous Continues Westboro Church Attacks
YES!!!!
Mikie B
50%
50%
Mikie B,
User Rank: Apprentice
12/20/2012 | 7:32:44 PM
re: Anonymous Continues Westboro Church Attacks
While I respect and honor the first Amendment, I feel the actions Westboro Church performs at funerals for the departed are in BAD taste. I applaud Anonymous in their endeavers.
Labrat
50%
50%
Labrat,
User Rank: Apprentice
12/20/2012 | 10:09:33 PM
re: Anonymous Continues Westboro Church Attacks
When a so called "church" has the audacity to boycott children's funerals, the government ought to sweep in and arrest the entire bunch. Just who does this Phelps creep think he is anyway? I hope that he rots on the toilet for his blaspheme.
Labrat
50%
50%
Labrat,
User Rank: Apprentice
12/20/2012 | 10:11:32 PM
re: Anonymous Continues Westboro Church Attacks
I hope that all hackers around the world attack this persona non grata and all who stand with him.
EVVJSK
50%
50%
EVVJSK,
User Rank: Apprentice
12/23/2012 | 2:26:13 PM
re: Anonymous Continues Westboro Church Attacks
God CLEARLY wants these attacks on Westboro to continue, because he is allowing it to happen. I applaud these efforts as they are not causing any real harm and serve to show the Westboro people that their message (and more importantly the way they chose to deliver it) has consequences. They are entitled to their opinions(as crazy and unfounded as they are), however the method they chose to use to thrust it upon people who are grieving is in the poorest of taste. As ye sow, shall ye reap Westboro !
nodwink
50%
50%
nodwink,
User Rank: Apprentice
12/23/2012 | 8:51:09 PM
re: Anonymous Continues Westboro Church Attacks
I would like to let you know about a petition that I have started. I would like to have the zip code of Topeka, Ks. changed. You may or may not know that Topeka, Ks. is where the HATE group WESTBORO BAPTIST CHURCH, is located. Why is this significant? The zip code for Topeka, Ks. is 666--. (last two numbers change with the region in the city). I would like to change the zip code to 888--, which would represent loving kindness, instead of hate.
We have all heard of Westboro Baptist Church, if you aren't familiar with the name, maybe you've heard of their actions. These are the people who protest at our soldiers funerals when they come home from fighting for our freedom. These are the people who planned to protest at the funerals of the five Amish girls executed in their Pennsylvania school. These are the people who stomp on our American flag at these demonstrations. These people also enjoy tax exempt status as a church. This is a hate group, plain and simple.
Now they are demonstrating at the funerals of the 26 people who were killed last week in the most recent school shooting in Newtown, Connecticut. They are holding up signs saying that the shooter was sent FROM GOD to kill them to send a message that this is God's punishment for America's tolerance of homosexuality. How much hatred must a person have inside of them to carry a sign that reads GǣThank God for dead babiesGǥ?
According to Wikipedia, The WBC is not affiliated with any Baptist denomination, including the two largest Baptist denominations, the Baptist World Alliance or the Southern Baptist Convention, both of which have denounced the WBC over the years. The church describes itself as following Primitive Baptist and Calvinist principles
The number 666 symbolizes hatred, like the swastika has also come to symbolize hatred. The swastika was once a prominent religious symbol that now represents the hatred and maniacal mind of one man in particular. To me, the number 666 doesn't bring forth images of the devil, but if I see someone sporting the number, I think of hate. I think that making the cult Westboro Baptist Church write 888--, (loving kindness), in their address on all of their HATE MAIL, fliers, and group information, would be essentially like making them replace the hate with hearts and kittens. :)
Granted, this will not make a difference in the way that they think, but will give us the opportunity to voice our disdain for them in a peaceful, yet powerful way. To have this group know, that we did this simply to take the hate out of something as basic as their zip code, would be awesome. They would have to write this everyday, and be reminded everyday that we will not tolerate their hatred. It is a very peaceful, yet potentially powerful change.
Please share this message with everyone that you can.
The petition is here:
http://www.change.org/petition...
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
1/1/2013 | 4:24:12 AM
re: Anonymous Continues Westboro Church Attacks
Breaking the law, even if it is to do something that most would consider moral, is still breaking the law.

First Amendment protects speech - somewhat vague, right? It doesn't protect speech that you necessarily agree with, it protects all speech.

Welcome to the world of cyber-vigilantism...

Andrew Hornback
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4262
Published: 2014-07-28
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-...

CVE-2013-4840
Published: 2014-07-28
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.

CVE-2013-7393
Published: 2014-07-28
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions...

CVE-2014-2974
Published: 2014-07-28
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

CVE-2014-2975
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.