Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/8/2012
05:04 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Revenge: LulzSec Supporters Claim To Dump Symantec AV Source Code, Hack Vatican

Wave of high-profile retribution attacks in the wake of arrests of LulzSec hackers and its leader's secret work for the FBI -- and new developments with three of the suspects

Despite the shock that has rocked the LulzSec and Anonymous movement in the wake of the FBI's arrest of its leader and fellow members, the hacktivist group didn't waste much time in firing off retribution attacks. In its latest move, it claims to have posted Symantec's Norton AntiVirus 2006 source code online. The group also downed multiple Vatican websites last night.

A Symantec spokesperson says the company is aware of the supposed source-code posting -- which was made to The Pirate Bay -- and is investigating.

The hacker behind the apparent source-code dump, YamaTough, yesterday tweeted warnings that he would be leaking more from his Symantec code-theft spoils in response to reports of the arrest of LulzSec leader Sabu and five other hackers associated with the group's activities. YamaTough was apparently behind the posting online earlier this month of source code for Symantec’s pcAnywhere software. That led to Symantec warning its customers to upgrade pcAnywhere and to patch the software.

The apparent Symantec code-dump, as well as the DDoS attack on the Vatican, were on the heels of an attack on Panda Security.

Pedro Bustamante, senior research adviser in the office of the CTO at Panda Security, said the hackers accessed information for Panda marketing campaigns and "some obsolete credentials" for users who hadn't been with the company for more than five years.

Why the Catholic Church? A tweet from an Anonymous account claims it was for the "pure, simple lulz." But an AP report says Anonymous said it was in protest of the "corrupt Roman Apostolic Church" and in response to its "doctrine, to the liturgies, to the absurd and anachronistic concepts that your for-profit organization spreads around the world."

But a security expert says there's likely a connection to a recent report about a previously failed attempt by Anonymous to hack the Vatican. The report, released by Imperva last week, basically provided a study of how the attack was deflected and how the group was unable to finish the job. "The DDoS attack on the Vatican website may be a response to a recently published analysis by security company Imperva, which assisted the Vatican in defending against an unsuccessful hacking campaign, including an ineffective DDoS attack, by Anonymous last summer," said Neil Roiter, research director for Corero.

[A new report details an online assault launched in August by the hacktivist collective Anonymous that lasted for 25 days, and which was designed to disrupt a specific event. See Report Offers Insight Into Anonymous' M.O.. ]

The hacktivist underground was shaken this week by news that Sabu, who was identified by the FBI as Hector Xavier Monsegur, a.k.a. Sabu, Xavier DeLeon, and Leon, had pled guilty to 12 counts of computing hacking conspiracies and other crimes, including the infamous hacks of HBGary Federal, HBGary, Sony, Fox, and PBS, and had been working for the FBI since the summer as a double agent to help nab other members of LulzSec.

Along with Monsegur, Ryan Ackroyd, a.k.a. Kayla, lool, and lolspoon; Jake Davis, a.k.a. Topiary and Atopiary; Jeremy Hammond, a.k.a. Anarchaos, sup_g, burn, yohoho, POW, tylerknowsthis, and crediblethreat; Darren Martyn, a.k.a. pwnsauce, raepsauce, and networkkitten; and Donncha O'Cearrbhail, a.k.a. Palladium, were all charged with various computer crime offenses. Palladium appears to allegedly have been behind the leaked law enforcement conference call earlier this year that was intercepted by Anonymous, and was also charged in a separate complaint with "intentionally disclosing an unlawfully intercepted wire communication," according to the FBI.

HBGary, one of LulzSec's high-profile victims, called the arrests "good news." "We were appreciative of the hard work that a lot of FBI field offices put into [the case]," says Jim Butterworth, CSO of HBGary. "It wasn't a huge celebratory day [for us], but it was good news."

Butterworth says even with the high-profile arrests, Anonymous won't disappear by any means, nor will its activities. "This truly underscores that Anonymous is a brand name and anyone can step up" and use it, he says. "I don't believe we've heard the end of this."

Meanwhile, suspect Hammond, who is charged with allegedly hacking Stratfor, has a long history of activism. He was a featured speaker at DefCon12 in 2004, where he did a controversial talk on electronic civil disobedience rife with anarchist rhetoric that included invoking physical violence. He went by "CrimetheInc" and described himself as an anarchist hacker revolutionary and "an experienced political activist."

His talk elicited protests from the audience when he called for people to disrupt the Republican National Convention at Madison Square Garden, including shutting off power to Madison Square Garden and shutting down charter buses for the convention. "Let them call us terrorists: I'll still bomb their buildings," Hammond said towards the end of his session.

A DefCon official then stepped up to the podium and stated that the conference neither condoned nor associated with violent and illegal acts, and that in the eyes of law enforcement, these actions suggested by Hammond would be considered terrorism.

Meanwhile, the Associated Press reported yesterday that O'Cearrbhail, a.k.a. Palladium, had been released without charges by Irish police. This wasn't the first time he had been arrested and released for alleged hacking charges, either. According to the AP, Irish police are working on new evidence for prosecutors to use against him. Martyn already had been released and is in a similar situation, with new charges likely pending.

According to the AP article, it can take prosecutors months or years to determine whether to file charges, and the release of suspects is common.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
westernunion.black
50%
50%
westernunion.black,
User Rank: Apprentice
12/12/2012 | 6:04:59 PM
re: Revenge: LulzSec Supporters Claim To Dump Symantec AV Source Code, Hack Vatican
*****Please add me when you trust me,We will business good with all customer
Infor Contact Yahoo/Mail support 24/24:-

***Our Yahoo to support : Westernunion.black
***Mail to support - - -: [email protected]

- - -********THANKS YOU AND WELCOME ALL********
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...