Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
What we can learn from LulzSec                    PHDAYS 2012
About Me• Jerry Gamblin• Network Security Specialist  – Missouri House Of Representatives• Jerry.gamblin@gmail.com• jerryg...
About Me
About Me
Why I am giving this talk…
Why I am giving this talk…
Why I am giving this talk…
Overview•   The Players•   The Vigilantes•   The Tools•   The Campaigns•   What we learned.•   How We Can Stop It.
The Players
Who is who?                 Anonymous      Anti-Sec               Lulzsec
Anonymous
Anonymous
Anonymous• First active as a hacking group in 2008• Originated on:  – 4CHAN  – Futaba ( Japanese variant of 4CHAN)  – Ency...
LOLCATS
Membership"[Anonymous is] the first Internet-basedsuperconsciousness. Anonymous is a group, inthe sense that a flock of bi...
Mission StatementWe [Anonymous] just happen to be a group ofpeople on the internet who need — just kind ofan outlet to do ...
Not So Anonymous
What A Hacker Looks Like…
What A Hacker Looks Like?
LulzSec•   Anonymous all-star team.•   Had 4 to 9 active members.•   Highly active and technical.•   "Laughing at your sec...
Sabu
Anarchaos
Topiary
Kayla
TFlow
Viral
Recursion
Anti-Sec• Anti-Sec was the re-merger of lulzSec and  anonymous in late June 2011.
W0rmer & CabinCr3W
The Vigilantes
th3j35t3r•   @th3j35t3r•   Anti-Jihad hacker•   XerXes DDOS tool•   Leads the anti-anonymous crusade on twitter•   Went of...
BacktraceSecurity• backtracesecurity.com• @backtracesec• Gave a talk at Defcon19 about exposing anon.  – Anonymous and the...
The Tools
IRC• Mostly on irc.2600.net• Anonymous channels  – #Anonymous  – #Antisec• Anti-anonymous channels  – #AntiAntiSec  – #Pro...
Twitter• Used mainly for press relations and public support.• Main accounts:   – @anonymousirc   – @anonymousabu   – @your...
PasteBin.com• Public and anonymous clipboard.• Developed to easily share source code.• Used by Anonymous to share dox and ...
CloudFlare.com
CloudFlare.com•   Distributed cloud IDS/IPS.•   Hides your real server IP.•   Stops DDOS attacks.•   FREE!
Hidemyass.com• VPN Service• Anonymous internet identity  – 18,000 unique IP addresses
Doxing• Public dump of an individuals personal  information.• Often leads to real life harassment.
Blackout Faxing
Low Orbit Ion Cannon
Low Orbit Ion Cannon• Network stress testing tool.  – (Read DDOS tool)• Written by Anonymous members.• Hivemind  – Allows ...
SQLMAP• Open source database penetration testing tool.• Works on the major SQL databases   – MySQL   – Oracle   – PostgreS...
SQLMAP
No Known 0-Days
The Campaigns
Epilepsy Foundation ForumsDate            March 2008Targets         Epilepsy Foundation of America                National...
No Cussing Club
No Cussing ClubDate            January 2009Target          McKay HatchAttack Method   • Posted his and his families addres...
Operation TitstormDate            February 2010Target          Australian government for passing anti- pornography law    ...
Operation Payback
Operation PaybackDate            September 2010Target          Aiplex Software for DDOSing sharing sites after they refuse...
Operation Avenge AssangeDate            December 2010Target          Companies who stopped process donations to Assange or...
Operation Sony
Operation SonyDate            February 2011Target          Sony for their lawsuit against George Hotz who hacked the      ...
Operation Tunisia
Operation TunisiaDate            May 2011Target          Tunisian Government WebsitesAttack Method   DDOS:                ...
Operation EgyptDate            May 2011Target          Egyptian Government WebsitesAttack Method   DDOS:                  ...
HBGary FederalDate            February 2011Target          Aaron Barr for a talk he was going to give on exposing         ...
Operation Anti-SecDate            February 2011Targets         Police associations and federal security contractors for th...
Operation OrlandoDate            June 2011Targets         The city of Orlando for the arrest of “food not bombs”          ...
Orlando Mayor
Operation BartDate            August 2011Target          BART for shutting down cell phone repeater services to stop      ...
Operation DarkNet
Operation MegaUploadDate            January 2012Targets         Anyone involved in the criminal case against Megaupload.At...
Vatican Website Attacks
Operation RussiaDate            February 2012Targets         Email accounts of prominent pro-Kremlin activists and        ...
What we learned.
Not Advanced; But Persistent
Target by Association
Guilty by Association
Sympathetic Industry?• Brings recognition to their jobs.• Helps increase funding.• Get to LULZ at the victim.
How can we stop it?
Real Security Awareness
Real Security Awareness
Hack Yourself
Hire a Penetration Tester
Help Your Associates
Listen!
Есть вопросы?
Contact Info• Jerry Gamblin• Network Security Specialist  – Missouri House Of Representatives• @jgamblin (twitter)• Jerry....
Благодарю вас!
#LulzSecReborn(They are making a comeback)
What we can learn from LulzSec
Upcoming SlideShare
Loading in …5
×

What we can learn from LulzSec

2,490 views

Published on

Published in: Technology
  • Be the first to comment

What we can learn from LulzSec

  1. 1. What we can learn from LulzSec PHDAYS 2012
  2. 2. About Me• Jerry Gamblin• Network Security Specialist – Missouri House Of Representatives• Jerry.gamblin@gmail.com• jerrygamblin.com• @jgamblin (twitter)
  3. 3. About Me
  4. 4. About Me
  5. 5. Why I am giving this talk…
  6. 6. Why I am giving this talk…
  7. 7. Why I am giving this talk…
  8. 8. Overview• The Players• The Vigilantes• The Tools• The Campaigns• What we learned.• How We Can Stop It.
  9. 9. The Players
  10. 10. Who is who? Anonymous Anti-Sec Lulzsec
  11. 11. Anonymous
  12. 12. Anonymous
  13. 13. Anonymous• First active as a hacking group in 2008• Originated on: – 4CHAN – Futaba ( Japanese variant of 4CHAN) – Encyclopædia Dramatica
  14. 14. LOLCATS
  15. 15. Membership"[Anonymous is] the first Internet-basedsuperconsciousness. Anonymous is a group, inthe sense that a flock of birds is a group. How doyou know theyre a group? Because theyretraveling in the same direction. At any givenmoment, more birds could join, leave, peel off inanother direction entirely."—Chris Landers. Baltimore City Paper, April 2, 2008
  16. 16. Mission StatementWe [Anonymous] just happen to be a group ofpeople on the internet who need — just kind ofan outlet to do as we wish, that we wouldnt beable to do in regular society. ...Thats more orless the point of it. Do as you wish. ... Theres acommon phrase: we are doing it for the lulz.‘—Trent Peacock. Search Engine: The face of Anonymous, February 7, 2008.
  17. 17. Not So Anonymous
  18. 18. What A Hacker Looks Like…
  19. 19. What A Hacker Looks Like?
  20. 20. LulzSec• Anonymous all-star team.• Had 4 to 9 active members.• Highly active and technical.• "Laughing at your security since 2011!"
  21. 21. Sabu
  22. 22. Anarchaos
  23. 23. Topiary
  24. 24. Kayla
  25. 25. TFlow
  26. 26. Viral
  27. 27. Recursion
  28. 28. Anti-Sec• Anti-Sec was the re-merger of lulzSec and anonymous in late June 2011.
  29. 29. W0rmer & CabinCr3W
  30. 30. The Vigilantes
  31. 31. th3j35t3r• @th3j35t3r• Anti-Jihad hacker• XerXes DDOS tool• Leads the anti-anonymous crusade on twitter• Went offline May 9th.
  32. 32. BacktraceSecurity• backtracesecurity.com• @backtracesec• Gave a talk at Defcon19 about exposing anon. – Anonymous and the rise of the Adhocracy
  33. 33. The Tools
  34. 34. IRC• Mostly on irc.2600.net• Anonymous channels – #Anonymous – #Antisec• Anti-anonymous channels – #AntiAntiSec – #Prosec
  35. 35. Twitter• Used mainly for press relations and public support.• Main accounts: – @anonymousirc – @anonymousabu – @youranonnews – @anonops – @anoncmd – @lulzsec
  36. 36. PasteBin.com• Public and anonymous clipboard.• Developed to easily share source code.• Used by Anonymous to share dox and dumps of stolen information.
  37. 37. CloudFlare.com
  38. 38. CloudFlare.com• Distributed cloud IDS/IPS.• Hides your real server IP.• Stops DDOS attacks.• FREE!
  39. 39. Hidemyass.com• VPN Service• Anonymous internet identity – 18,000 unique IP addresses
  40. 40. Doxing• Public dump of an individuals personal information.• Often leads to real life harassment.
  41. 41. Blackout Faxing
  42. 42. Low Orbit Ion Cannon
  43. 43. Low Orbit Ion Cannon• Network stress testing tool. – (Read DDOS tool)• Written by Anonymous members.• Hivemind – Allows machines to join a voluntary botnet.• Open source project hosted on sf.net
  44. 44. SQLMAP• Open source database penetration testing tool.• Works on the major SQL databases – MySQL – Oracle – PostgreSQL – Microsoft SQL• “Wizard” mode.• Ability to give you a root shell on Linux machines.• Open source project hosted on sf.net
  45. 45. SQLMAP
  46. 46. No Known 0-Days
  47. 47. The Campaigns
  48. 48. Epilepsy Foundation ForumsDate March 2008Targets Epilepsy Foundation of America National Society for EpilepsyAttack Method Posting flashing images on the forums frequented by epilepsy sufferers in the attempt to cause seizures and migraine headaches.
  49. 49. No Cussing Club
  50. 50. No Cussing ClubDate January 2009Target McKay HatchAttack Method • Posted his and his families address, email and phone number online. • Harassed him via email and phone calls. • Pizza bombed his house. • Subscribed him to over 100 pornographic magazines.
  51. 51. Operation TitstormDate February 2010Target Australian government for passing anti- pornography law dealing with animated pornography.Attack Method DDOS: • Australian Parliament Defaced: • Australian Prime Minister Fax Attack: • Australian Government communications department.
  52. 52. Operation Payback
  53. 53. Operation PaybackDate September 2010Target Aiplex Software for DDOSing sharing sites after they refused to remove copyrighted material.Attack Method DDOS: • ACS:Law • Australian Federation Against Copyright Theft • ACAPOR • Ministry of Sound • Spanish Copyright Society SQLI: • UK Intellectual Property Office Defaced: • GeneSimmons.com
  54. 54. Operation Avenge AssangeDate December 2010Target Companies who stopped process donations to Assange or stopped hosting wikileaks content.Attack Method DDOS: • PostFinance • Swedish Prosecution Authority • EveryDNS • MasterCard • Borgstrom and Bodström • Visa • PayPal • PayPal API • Sarah Palin • Joseph Lieberman Aborted DDOS: • Amazon
  55. 55. Operation Sony
  56. 56. Operation SonyDate February 2011Target Sony for their lawsuit against George Hotz who hacked the PS3.Attack Method SQLI: • Sony PlayStation Network • Sony Online Entertainment • Sony BMG America • Sony Music Japan • Sony BMG Greece • Sony Portugal
  57. 57. Operation Tunisia
  58. 58. Operation TunisiaDate May 2011Target Tunisian Government WebsitesAttack Method DDOS: • President • Prime Minister • Ammar 404 • Ministry of Industry • Ministry of Foreign Affairs • Tunisian Stock Exchange
  59. 59. Operation EgyptDate May 2011Target Egyptian Government WebsitesAttack Method DDOS: • Cabinet Minster • Ministry of the Interior • Ministry of Communications and Technology
  60. 60. HBGary FederalDate February 2011Target Aaron Barr for a talk he was going to give on exposing anonymous members at a bsides event in San Francisco.Attack Method HBGary.com • SQLI hbgary.com Aaron Barr • Released SSN • Released personal emails • Took over his twitter account • Remotely Wiped IPAD/IPHONE • Exposed his World of Warcraft character name. • Obviously the most embarrassing.
  61. 61. Operation Anti-SecDate February 2011Targets Police associations and federal security contractors for the arrest of anonymous and lulzsec members.Attack Method DDOS: United States Court of Appeals for the Ninth Circuit SQLI: IRC Federal Booz Allen Hamilton Vanguard Defense Missouri Sheriffs Association Texas Police Chiefs Association Arizona Department of Public Safety DOX: Richard Garcia
  62. 62. Operation OrlandoDate June 2011Targets The city of Orlando for the arrest of “food not bombs” members for handing out food in city parks without a free permit.Attack Method DDOS: • Orlando Mayor’s website SQLI: • Roman Catholic Diocese of Orlando • Rotary Club of Orlando • Orlando Chamber of Commerce Threat of Physical Violence: • Orlando Mayor
  63. 63. Orlando Mayor
  64. 64. Operation BartDate August 2011Target BART for shutting down cell phone repeater services to stop protest of the murder of Oscar Grant.Attack Method SQLI: • BART Police Officer’s Association • MyBART.org
  65. 65. Operation DarkNet
  66. 66. Operation MegaUploadDate January 2012Targets Anyone involved in the criminal case against Megaupload.Attack Method DDOS: UMG (Universal Music Group) Warner Brothers Music MPAA RIAA United States Department of Justice FBI
  67. 67. Vatican Website Attacks
  68. 68. Operation RussiaDate February 2012Targets Email accounts of prominent pro-Kremlin activists and officials. Dispensing that information at @OP_Russia on twitter.Attack Method Email Hack of: Kristina Potupchik Press secretary for Nashi youth movement Oleg Khorokhordin Deputy head of the Department for Internal Affairs at the Presidential Administration Vasily Yakemenko Head of the Federal Agency for Youth Affairs
  69. 69. What we learned.
  70. 70. Not Advanced; But Persistent
  71. 71. Target by Association
  72. 72. Guilty by Association
  73. 73. Sympathetic Industry?• Brings recognition to their jobs.• Helps increase funding.• Get to LULZ at the victim.
  74. 74. How can we stop it?
  75. 75. Real Security Awareness
  76. 76. Real Security Awareness
  77. 77. Hack Yourself
  78. 78. Hire a Penetration Tester
  79. 79. Help Your Associates
  80. 80. Listen!
  81. 81. Есть вопросы?
  82. 82. Contact Info• Jerry Gamblin• Network Security Specialist – Missouri House Of Representatives• @jgamblin (twitter)• Jerry.gamblin@gmail.com• www.jerrygamblin.com
  83. 83. Благодарю вас!
  84. 84. #LulzSecReborn(They are making a comeback)

×