Attacks/Breaches
3/8/2012
05:04 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%
Repost This

Revenge: LulzSec Supporters Claim To Dump Symantec AV Source Code, Hack Vatican

Wave of high-profile retribution attacks in the wake of arrests of LulzSec hackers and its leader's secret work for the FBI -- and new developments with three of the suspects

Despite the shock that has rocked the LulzSec and Anonymous movement in the wake of the FBI's arrest of its leader and fellow members, the hacktivist group didn't waste much time in firing off retribution attacks. In its latest move, it claims to have posted Symantec's Norton AntiVirus 2006 source code online. The group also downed multiple Vatican websites last night.

A Symantec spokesperson says the company is aware of the supposed source-code posting -- which was made to The Pirate Bay -- and is investigating.

The hacker behind the apparent source-code dump, YamaTough, yesterday tweeted warnings that he would be leaking more from his Symantec code-theft spoils in response to reports of the arrest of LulzSec leader Sabu and five other hackers associated with the group's activities. YamaTough was apparently behind the posting online earlier this month of source code for Symantec’s pcAnywhere software. That led to Symantec warning its customers to upgrade pcAnywhere and to patch the software.

The apparent Symantec code-dump, as well as the DDoS attack on the Vatican, were on the heels of an attack on Panda Security.

Pedro Bustamante, senior research adviser in the office of the CTO at Panda Security, said the hackers accessed information for Panda marketing campaigns and "some obsolete credentials" for users who hadn't been with the company for more than five years.

Why the Catholic Church? A tweet from an Anonymous account claims it was for the "pure, simple lulz." But an AP report says Anonymous said it was in protest of the "corrupt Roman Apostolic Church" and in response to its "doctrine, to the liturgies, to the absurd and anachronistic concepts that your for-profit organization spreads around the world."

But a security expert says there's likely a connection to a recent report about a previously failed attempt by Anonymous to hack the Vatican. The report, released by Imperva last week, basically provided a study of how the attack was deflected and how the group was unable to finish the job. "The DDoS attack on the Vatican website may be a response to a recently published analysis by security company Imperva, which assisted the Vatican in defending against an unsuccessful hacking campaign, including an ineffective DDoS attack, by Anonymous last summer," said Neil Roiter, research director for Corero.

[A new report details an online assault launched in August by the hacktivist collective Anonymous that lasted for 25 days, and which was designed to disrupt a specific event. See Report Offers Insight Into Anonymous' M.O.. ]

The hacktivist underground was shaken this week by news that Sabu, who was identified by the FBI as Hector Xavier Monsegur, a.k.a. Sabu, Xavier DeLeon, and Leon, had pled guilty to 12 counts of computing hacking conspiracies and other crimes, including the infamous hacks of HBGary Federal, HBGary, Sony, Fox, and PBS, and had been working for the FBI since the summer as a double agent to help nab other members of LulzSec.

Along with Monsegur, Ryan Ackroyd, a.k.a. Kayla, lool, and lolspoon; Jake Davis, a.k.a. Topiary and Atopiary; Jeremy Hammond, a.k.a. Anarchaos, sup_g, burn, yohoho, POW, tylerknowsthis, and crediblethreat; Darren Martyn, a.k.a. pwnsauce, raepsauce, and networkkitten; and Donncha O'Cearrbhail, a.k.a. Palladium, were all charged with various computer crime offenses. Palladium appears to allegedly have been behind the leaked law enforcement conference call earlier this year that was intercepted by Anonymous, and was also charged in a separate complaint with "intentionally disclosing an unlawfully intercepted wire communication," according to the FBI.

HBGary, one of LulzSec's high-profile victims, called the arrests "good news." "We were appreciative of the hard work that a lot of FBI field offices put into [the case]," says Jim Butterworth, CSO of HBGary. "It wasn't a huge celebratory day [for us], but it was good news."

Butterworth says even with the high-profile arrests, Anonymous won't disappear by any means, nor will its activities. "This truly underscores that Anonymous is a brand name and anyone can step up" and use it, he says. "I don't believe we've heard the end of this."

Meanwhile, suspect Hammond, who is charged with allegedly hacking Stratfor, has a long history of activism. He was a featured speaker at DefCon12 in 2004, where he did a controversial talk on electronic civil disobedience rife with anarchist rhetoric that included invoking physical violence. He went by "CrimetheInc" and described himself as an anarchist hacker revolutionary and "an experienced political activist."

His talk elicited protests from the audience when he called for people to disrupt the Republican National Convention at Madison Square Garden, including shutting off power to Madison Square Garden and shutting down charter buses for the convention. "Let them call us terrorists: I'll still bomb their buildings," Hammond said towards the end of his session.

A DefCon official then stepped up to the podium and stated that the conference neither condoned nor associated with violent and illegal acts, and that in the eyes of law enforcement, these actions suggested by Hammond would be considered terrorism.

Meanwhile, the Associated Press reported yesterday that O'Cearrbhail, a.k.a. Palladium, had been released without charges by Irish police. This wasn't the first time he had been arrested and released for alleged hacking charges, either. According to the AP, Irish police are working on new evidence for prosecutors to use against him. Martyn already had been released and is in a similar situation, with new charges likely pending.

According to the AP article, it can take prosecutors months or years to determine whether to file charges, and the release of suspects is common.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Senior Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
westernunion.black
50%
50%
westernunion.black,
User Rank: Apprentice
12/12/2012 | 6:04:59 PM
re: Revenge: LulzSec Supporters Claim To Dump Symantec AV Source Code, Hack Vatican
*****Please add me when you trust me,We will business good with all customer
Infor Contact Yahoo/Mail support 24/24:-á

***Our Yahoo to support : Westernunion.black
***Mail to support -á -á -á: westernunion.black@yahoo.com

-á -á -á********THANKS YOU AND WELCOME ALL********
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web