Hacktivist collective Anonymous gets help with attacks against Westboro Baptist Church, which pledged to picket funerals of shooting victims in Newtown, Conn.

Mathew J. Schwartz, Contributor

December 20, 2012

5 Min Read

Who Is Hacking U.S. Banks? 8 Facts

Who Is Hacking U.S. Banks? 8 Facts


Who Is Hacking U.S. Banks? 8 Facts (click image for larger view and for slideshow)

The hacktivist collective Anonymous, hacker Cosmo The God, and the botmaster known as The Jester, have continued their press against Westboro Baptist Church (WBC), after the group said it would picket the funerals of people killed at the Sandy Hook Elementary School in Newtown, Conn.

Westboro Baptist Church, an independent group that self-identifies as a church, is known for picketing the funerals of members of the armed services who have been killed in action in Iraq and Afghanistan.

On Wednesday, 15-year-old Cosmo The God, who's a member of Underground Nazi Hacktivist Group (UG Nazi), apparently took over the Twitter account of Fred Phelps Jr., who's the son of Westboro leader Fred Phelps Sr. The compromised Twitter page header was changed to read "Ooooooooops!" and bear the name of Cosmo. On Wednesday, multiple tweets began listing the names of the people killed at Sandy Hook Elementary School. The hijacked Twitter account remained active until Thursday morning, at which point it was suspended by Twitter.

[ Want more background on Anonymous? Read Who Is Anonymous: 10 Key Facts. ]

Suggesting that the real Cosmo was behind the exploit, a Wednesday tweet from the hacked Twitter account was retweeted by the Cosmo The God Twitter feed, making it the first account activity there since a June 28 post announcing that "me and Josh were arrested early monday morning." Interestingly, the retweet was later missing, which may have been due to Twitter suspending the account of Fred Phelps Jr.

The takeover of Phelps' Twitter account was a repeat of Cosmo's apparent takeover of Westboro spokeswoman Shirley Phelps-Roper's "Dear Shirley" Twitter feed earlier in the week. Cosmo reportedly accomplished the takeover by exploiting a vulnerability in Twitter's trouble-ticket system, which allowed him to close requests from account owners before Twitter had responded to them.

Members of Westboro have yet to publicly respond to the recent Anonymous, Cosmo, or Jester attacks.

Earlier this week, Anonymous released personal details about the group's members, including social security numbers and dates of birth, via Pastebin as well as multiple Twitter channels, including @LulzExecutive and @Shm00pLOL, both of which have since been suspended by Twitter. Anonymous also filed for a death certificate in the name of Phelps-Roper, to prevent her from using her social security number. Anonymous members also have been publishing the phone numbers of hotels in Connecticut where members of the group are saying, and urging people to phone the hotel operators and request that they refuse to do business with Westboro.

Under the banner of #OpWBC -- as well as #OpWestBor -- on Twitter, members of Anonymous also have vowed to dismantle Westboro using every available means. To that end, members of the group have been urging people to sign a White House petition calling for Westboro to be labeled as a "hate group" and to have its tax-exempt church status revoked by the IRS. As of Tuesday, the petition had received more than 227,000 signatures, far in excess of the 25,000 needed to trigger an official response from the White House.

This week, approximately 10 of the 19 websites operated by Westboro also appear to have been disrupted by a hacker and distributed denial-of-service (DDoS) botmaster known as The Jester. He previously has provided assistance to Anonymous when it sought to knock websites offline. According to a Wednesday post to the Jester's Twitter feed: "I'm not trying to violate #WBC's civil rights. I'm just making best use of mine. And I'm non-violent. They hate that."

One reason it had been difficult for Anonymous participants to disrupt the Westboro websites on their own was because Westboro had contracted with DDoS and threat mitigation provider Black Lotus Communications to keep its websites online. But after that fact came to light, Black Lotus Wednesday announced that it would donate all revenue it's received from Westboro to charity, and began soliciting recommendations for which charities it should choose.

On Twitter, numerous people began lauding Black Lotus for dropping its support for Westboro, and making recommendations for where the money should go.

"We have received overwhelming support for donations to be given to various groups supporting the Newtown community, veterans groups like the Wounded Warrior Project, and LGBT groups like The Trevor Project," Jeffrey Lyon, Black Lotus Communications president, told Wikinews. The company's Twitter channel also called out United Way of Connecticut's Sandy Hook fund as a potential recipient.

Reached by email, Lyon confirmed that the money would be donated to charity, although his company has yet to make a formal announcement. He also confirmed that Westboro would remain a customer, at least for now. "As a security firm, it is our duty to defend our clients even in those cases where we disagree with their actions," he said. "WBC is non-violent and has not put anyone's lives at risk so our supposed authority to terminate the account under terms of service, as suggested by the protesters, is extremely weak. At that point the only option if we chose to cease our relationship would be non-renewal of service at end of term."

He said those facts had been relayed to protestors. "I reached out to @YourAnonNews and asked what they felt the best course of action would be given these facts," said Lyon. "They agreed to ask their supporters if our idea of gifting all ongoing WBC revenue to charity would be a positive outcome and the vast majority agreed."

Furthermore, noting that "the revenue we receive from WBC is very minimal," Lyon said the company would make its own, out-of-pocket donations, beginning with $2,000 to the United Way's Sandy Hook School Support Fund. He said the company planned to make an official announcement later this week.

Whether it's for monetary gain, revenge or embarrassment, hackers want your organization's data, and they will stop at almost nothing to get it. In the How Attackers Find And Exploit Database Vulnerabilities report, we look at the vulnerabilities attackers target, how they get in and what they do once they get there. More importantly, we recommend how to close those holes and establish a layered security approach that includes products, processes and constant vigilance. (Free registration required.)

About the Author(s)

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights