From the language used in the hack and those claiming responsibility, the attack seems to have come from a Chinese group according to WP Sauce. The actual damage was not immediately present until the hackers released all of the Web sites users’ account details – including passwords – onto the Internet for other hackers to have their way with. The unfortunate thing is that the passwords were stored in plain text making it ridiculously easy for the hackers to obtain them.

While the site is in Chinese, HackTeach has images that illustrate the extent of the damage and just how unprepared the India Microsoft Store was for an attack like this.

Microsoft has not yet commented on the hack, but I’m sure they will once they’re able to fully grasp how far this attack went.

The only thing we can say is that if you have an account on the Indian Microsoft store, change your password now.

“So Foxconn thinks they got ‘em some swagger because they work with the Big Boys from Intel, Microsoft, IBM, and Apple? Fool, You don’t know what swagger is. They say you got your employees all worked up, committing suicide ‘n stuff. They say you hire chinese workers ’cause you think the taiwanese are elite. We got somethin’ served up good…real good. Your not gonna’ know what hit you by the time you finish this release. Your company gonna’ crumble, and you deserve it”.

Apparently the hackers are big fans of Apple products and take a “slight ” interest in Foxconn because of their affinity for the iPhone, but it is not their overarching purpose:

“…we are not hacking a corporation for such a reason and although we are slightly interested in the existence of an Iphone 5, we are not hacking for this reason”

What is the real reason for their mischief?:

“We hack for the cyberspace who share a few common viewpoints and philosophies. We enjoy exposing governments and corporations, but the more prominent reason, is the hilarity that ensues when compromising and destroying an infrastructure.”

So mainly, these guys are just in it for the thrill of the hunt. Their slogan is, “Hacking Today for an Entertaining Tomorrow”. They would like to viewed as entertainers. I like it! Anyhow, they do admit that their work, “..reveals an almost unknown feeling of a menacing satisfaction”. But also admit that, “Of course with funding ourselves we did have our limitations”.

Despite their limited funding, they imply that we can expect to see more works from them and they will persist and “encourage not to continue quelling such a natural emotion but to embrace it”. Good to hear from the guys at Swagg Security (and Hacking).

A blogger using the name “someLuser” posted details on how to access these feeds in January. According to “someLuser” anyone who knows a cameras IP address can access a live feed from the device even if it is password protected.

“someLuser” comments on the design of the security system:

“There does not appear to be a way to disable access to the video stream, I can’t really believe this is something that is intended by the manufacturer. Lets see who is out there ,”

He lays out exactly how hackers can gain access to the feeds. In the following days readers of the blog went on to access over 600 different camera feeds using the methods provided by “someLuser”.

Since then Trendnet has become aware of the problem and has traced the flaw back to updates and a code loaded back in 2010. The flaw effects 26 different models. Since first becoming aware of the flaw on January 12th, the company has been frantically been working to update its firmware.

Trendnet’s director of global marketing, Zak Wood told the BBC in an interview:

“We anticipate to have all of the revised firmware available this week. We are scrambling to discover how the code was introduced and at this point it seems like a coding oversight,”

What irony? The security company wired the biggest threat right into their customers homes. Would you trust these meat heads? I hope people using these products are seriously reconsidering their purchase.

A Symantec representative commented on the attempt:

“In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide”.

Here are some segments from the impatient ‘Anonymous’ @YamaTough hacker as he negotiates the $50,000 demanded payment from a Symantec employee:

“If you are trying to trace with the ftp trick it’s just worthless. If we detect any malevolent tracing action we cancel the deal. Is that clear? You’ve got the doc files and pathes [sic] to the files. what’s the problem? Explain.”

“If we dont hear from you in 30m we make an official announcement and put your code on sale at auction terms. We have many people who are willing to get your code. Dont f*** with us.”

Apparently, the Hackers were on to Symantec for contacting higher authorities but never the less continued in their negotiations until they finally cut contact with the Symantec employee who claimed they needed more time:

“Since no code yet being released and our email communication wasnt also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we’ve made mirrors so it will be hard for you to get rid of it.”

Symantec insists that users of their products are not under any significantly higher risk of attack due to the theft however; Symantec asked its PCAnywhere users to disable the product until the company could issue a software update. They assure clients that this will protect them against attacks resulting from the theft of the source code.

That’s where Mykonos comes in, a security company that protects Web sites from attacks by wasting a hacker’s time instead of using an easily breakable wall.

“If you break in, I want to have fun with you,” David Koretz, CEO of Mykonos, told Technology Review. He says that the computer security industry is “too timid” and that the solution is making hackers’ lives “tedious and difficult.”

The software goes into action when it detects an intruder by offering false data and phony software vulnerabilities. This is intended to waste the hacker’s time and force them to give up out of desperation.

The company has received $4 million in funding this week from a number of Web and technology leaders.

The company’s software is primarily aimed at hackers who use automated tools that identify and exploit weaknesses in Web sites.

Koretz says that wasting a hacker’s time “changes the economics” of attacking Web sites. He said that the software makes hacking more like bank robbery, which is easily managed.

The software first makes sure that it isn’t attacking a legitimate user. It does this through the use of small snippets of code injected into Web pages that are sent out to a computer using the site. If the data snippet is altered, the software automatically notes the IP address of the potential hacker.

If the hacker is using a Web browser to probe the site, a small tracking file known as a “supercookie” is injected into it. If they aren’t using a browser, the hacker’s computer is fingerprinted. When the same computer returns, the software knows and reacts appropriately.

The software sets up the illusion that the hacker is making progress. “We can intercept their scans and inundate them with fake values,” Koretz said. “It takes much longer [for an attacker to scan a site], and the results are useless.”

He said that a scan might usually take five hours, but would take 30 with his software. The other tactic is to offer up a fake password and log in page. They are essentially hacking the hacker.

Some computer security experts are not convinced though. They’re concerned that annoying hackers would just lead them to come back more powerful than before, fueled by vengeance.

Koretz agrees that a revenge outcome is possible, but he hopes that most hackers will just ascribe the deception as bad luck and move on to another target.

He predicts his tactic will become more widespread once traditional anti-hacking methods are proved ineffective.

Yama Tough has been tweeting about Norton and Symantec throughout the month. Here are some earlier tweets leading up to this one:

The Inquirer shares the following statement on the matter from Symantec:

“The code for Norton Utilities that was posted publicly is related to the 2006 version of Norton Utilities only. That version of the product is no longer sold or supported. The current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006. The code that has been posted for the 2006 version poses no security threat to users of the current version of Norton Utilities.”

“Furthermore, we have no indications that the code disclosure impacts the functionality or security of any of Symantec’s other solutions. Lastly, there are no indications that customer information has been impacted or exposed at this time. As always, in general, Symantec recommends that users keep their solutions updated which will help ensure protection against any new possible threats.”

I guess we’ll find out this week if the statement is accurate.

We here at WebProNews we have already given you a guide on how to navigate the post-SOPA Internet, but suppose there was an alternative that would obviate any need to even deal with an Internet burdened with the bureaucratic cangue of the United States government. In other words, what if you could use a different Internet altogether?

What if there were two Internets? Is freedom of speech and access to information important enough to you that you’d hop aboard a user-created and -controlled Internet? Does SOPA scare you that much? Let us know in the comments below.

If one is to ever exist, the architects of that straight line to Internet freedom will be Hackerspace Global Grid, a cabal of hackers that have taken up the cause of creating a satellite-based communication network that would be capable of establishing an “uncensorable” Internet. It’s just one of the many goals of their ambitious project to pioneer a global grass-roots space program. Think of it as open-source outer space mission.

It all started in August at the Chaos Community Camp when Nick Farr issued a call to hackers to begin planning to build an Internet that couldn’t be censored by any government, citing the possibility of a SOPA’ed Internet as to why hackers – and everybody, really – should have an Internet unencumbered by censorship. HGG responded with the proposal of creating a satellite-based network capable of “defense against terrestrial censorship of the Internet.”

While HGG states that an alternate Internet incapable of being censored is one possible utilization of such an ambitious project, it’s just one of the many uses from a distributed satellite ground station network. Essentially, it’s a communication network that puts an emphasis on an open-source community of technology development. While there are numerous goals with undertaking this satellite-for-hackers project, the first goal of Farr is to establish a resistance against Internet censorship. “The first goal is an uncensorable Internet in Space,” Farr told BBC. “Let’s take the Internet out of the control of terrestrial entities.”

So how will this ambitious goal of hacking space pan out? Two members of the HGG team, hadez and Andreas Hornig, spoke with WebProNews about how this mission developed and where it will go. As mentioned above, this call to arms is “a direct answer to Nick Farr, Lars Weiler, and Jens Ohlig’s call for a ‘Hacker Space Program,” said hadez.

Hornig, who is actually more of an engineer than card-carrying hacker, adds, “Members of our two groups, shackspace and Constellation (me), came together and joined efforts. For my side I had an idea about a distributed ground station network for my group and my university. I asked in HAM radio boards for help and a shackspace member found me and invited me to the shackspace, because I’m in their proximity. Because both groups share a lot of goals and we knew the project’s tasks are very challenging, we joined forces and combined our objectives and technical goals.”

And speaking of that collaborative effort required to succeed on far-reaching projects, some readers out there might be wondering how on earth (oh, the pun) can a group of private individuals possibly hope to finance a mission to essentially colonize space? Hornig and hadez welcome any contributions to HGG’s cause since, as you can imagine, this is going to eventually tally up a pricey bill. “We’re open for any support because this project is ambitious,” Hornig said. hadez estimates that the group is “still below 500 EUR in total at this point in huge parts thanks to the fact that there’s a lot of infrastructure present at our local hackerspace “shackspace” in Stuttgart, Germany which we can use.” Eventually, they admit that “there will be a point where a more significant investment will have to be made, especially once we’re going to build more than a few initial ground stations. We have not yet made any decision whether to ask for funding or who to ask.”

Both members of HGG are adamant about maintaining the focus of the project on keeping the system open to both users and contributors while not compromising the goal with monetary contributions. hadez explains that “the core objective is building a fully open system (hardware, software, documentation) and keeping it that way. Funding which does not interfere with this goal and leaves us the same freedom we have currently would be a possibility.” Hornig emphasized the appeal of the importance of the open-source aspect because the group “will rely on volunteers all over the world forming our global sensor and station grid (via Constellation) and higher costs for the hardware will result in less volunteers.”

Everybody got this? Not only will everybody have Internet freedom but we might even be going to space. It’s like a Choose Your Own Adventure, Future Edition. But before everybody gets ahead of themselves there, lets make sure everybody’s on the same page: this communication system isn’t going to support the bandwidth you’d need to stream the final season of Arrested Development in HD. The FAQ from HGG explains:

If you’re in desperate need to communicate you do not care about watching videos on YouTube nor do you want to download the latest album of your favorite band to have the perfect soundtrack for whatever the hell you’re doing. You want to get a message out and receive updates. You want to inform and stay informed yourself. A first step will be providing bare-minimum communication infrastructure for that moment of feaco-rotary intersection that will hopefully never happen. But it did happen, several times during 2011 alone in several places. It will happen again.

Think twitter updates, not video streaming.

While the Internet capability is one of HGG’s many goals, Hornig points out that their broader mission is to create a “fusion” between science and society. “The sensor grid allows us to do research in various fields and communication could also be possible as a side effect,” he said. “Especially in aerospace a lot of people think, what is it good for and they forget that they use space technology all the time, like satellite navigation in their cars and cell-phones, weather forecasts and HD-channels via satellite-TV. But they just use it, they are not an essential part. In HGG they can be part and, even more important, they are relevant for the system in general.”

At any rate, HGG doesn’t want to rule out “high-bandwidth links and geo-stationary community controlled satellites” in the future, but for now this would be an incredible gift to society. And before any of you start feeling deflated about this limitation: stop. Allay any of your first-world disappointments because this is a bigger deal than some people may appreciate. Recall when Egypt’s government “turned off” the Internet last January or when Syria tried to suppress users of iPhones or even China’s Great Firewall – all of these obstacles could potentially be circumvented by HGG’s project. And even here in the United States where a Congressional gerontocracy would limit the expression of speech and access to information via SOPA or PIPA, how far behind is the spectre of a total shutdown of the Internet?

That possibility is a big If (hopefully), but if it becomes a real possibility, people like HGG will be your new best friends.

So, do you think it’ll work? I know it sounds like The Future, but can individual hackers and scientists work together to really create a sustainable communication network that would support an alternate Internet? How do you think private industries would respond to such a bold endeavor? Let us know in the comments below

“The arrest once again sheds light on the increasing amount of DDoS attacks by criminals and hacktivists that are sometime out for financial gain or just looking to make a political or ideological statement,” Mike Paquette, Chief Strategy Officer at Corero Network Security, tells WebProNews.

“Traditionally, DDoS attacks have consisted of massive floods of network packets that overwhelm a company’s bandwidth, routers, firewalls, switches and servers,” he says. “ In 2012, blue chip corporations, retailers, banks and government agencies can expect more sophisticated application layer attacks that cause a denial of service without filling up all of the available bandwidth.”

“In other words, they don’t require a large volume of traffic to have their effect,” Paquette continues. “So in essence the attackers will profile a company’s Web application and build botnet scripts that use ‘heavyweight’ application transactions to overload backend databases and other servers. Attacks using these scripts cause the targeted application to become unreachable, thus making the DDoS attack successful.”

While many of us may think about Simmons as a rock star, Simmons all about business. He talks about this all the time. Have you ever seen the insane amount of Kiss merchandise there is? Simmons himself is always pitching it.

The lesson for businesses is to improve your security.

“In 2012, IT administrators should update their business continuity plans and improve their overall security posture in preparation,” says Corero. “The negative impact of business and productivity losses makes it essential to be diligent in preparation.”

“When working with technology providers, organizations should make sure their DDoS Defense solutions are flexible, improving the likelihood they are able to accommodate future variations of DDoS attack techniques,” he says. “Being prepared, vigilant and ready to act fast will go a long way in thwarting the DDoS attacks of tomorrow.”

They are calling this operation #OpDarknet, and apparently have taken down Freedom Hosting, providers of free hidden web hosting. Anonymous found that Freedom Hosting was hosting a variety of child porn sites on the Tor network, a system that is used to enable anonymity online.

Earlier this month, the folks behind #OpDarknet discovered a section on the Hidden Wiki called “Hard Candy,” any found that is was full of links to child pornography. They took down the links, only to find that they had been restored 5 minutes later. They then discovered that 95% of all the child porn on the list could be traced to one provider: Freedom Hosting. Here’s what happened next, as told by Anonymous:

At apprx 9:00pm CST on October 14, 2011 We identified Freedom Hosting as the host of the largest collection of child pornography on the internet. We then issued a warning to remove the illegal content from their server, which they refused to do.
–

At apprx 11:30pm CST on October 14, 2011 We infiltrated the shared hosting server of Freedom Hosting and shutdown services to all clients due to their lack of action to remove child pornography from their server.
–

At apprx 5:00pm CST on October 15, 2011 Freedom Hosting installed their backups and restored services to their child pornography clients. We then issued multiple warnings to remove all child pornography from their servers, which Freedom Hosting refused to do.
–

At apprx 8:00pm CST on October 15, 2011 despite new security features, we once again infiltrated the shared hosting server at Freedom Hosting and stopped service to all clients.

Anonymous not only shut down the sites, but exposed login details from more than 1,500 users, many who were tied to the most popular site of the bunch, Lolita City.

Here’s their mission statement, as it pertains to #OpDarknet:

The owners and operators at Freedom Hosting are openly supporting child pornography and enabling pedophiles to view innocent children, fueling their issues and putting children at risk of abduction, molestation, rape, and death.

For this, Freedom Hosting has been declared #OpDarknet Enemy Number One.

By taking down Freedom Hosting, we are eliminating 40+ child pornography websites, among these is Lolita City, one of the largest child pornography websites to date containing more than 100GB of child pornography.

We will continue to not only crash Freedom Hosting’s server, but any other server we find to contain, promote, or support child pornography.

That’s the official version of events. Here’s a little more entertaining depiction of how it went down, according to another Anonymous release on pastebin –

We broke down the heavily fortified door of the Pedo fort. We cocked THOR and fired Nyan Nyan bullets in every direction. After a bloody battle with trolls, pedos, and pedo bear, we Anonymous became victorious. What was left of pedo fort, pedo bear, and fellow pedos was a 100 mile hole. Lolita City and it’s neighboring 40+ pedo strongholds were destroyed.

And this video statement takes the same kind of tone, saying that they armed themselves with their “Chris Hansen cannons” to take down the child porn ring.

Anonymous is best known for their attacks on corporations and governmental secrecy, and this is a bit of a departure for the group. If you check the Twitter chatter and YouTube comments for the above video, you’ll see that most people are both impressed and thankful for this operation.

Not everyone thinks it’s a great idea, however. Graham Cluley of Sophos said that “their intentions may have been good, but take-downs of illegal websites and sharing networks should be done by the authorities, not internet vigilantes.”

Maybe Anonymous did something that the authorities were unable to do or they simply did it faster. What do you think? Is this AnonOp something you support? Let us know in the comments.

Luckily, we didn’t visit the Sesame Street YouTube channel yesterday, as we may have had to have a conversation I’m not ready to have yet.

The channel was hacked, and the videos of muppets teaching things were replaced by apparently hardcore porn. Classy, hackers. Classy.

According to TheNextWeb, which broke the news, it was about 22 minutes before Google pulled the content. With YouTube being the second largest search engine (as Google often likes to remind us), I’m guessing that was more than enough time for some children to see some stuff.

Last night, the SesameWorkshop Twitter account tweeted out the following:

That leads to a Facebook post, saying:

We apologize for any inconvenience our audience may have experienced today on ourSesame Street YouTube channel.  Our channel was compromised and we are presently working with YouTube/Google to restore our original content. We always strive to provide age-appropriate content for our viewers and hope to resolve this problem quickly. 

Sophos senior technology consultant Graham Cluley shows a screenshot of what the channel’s profile info was changed to. This includes the user name: Mredxwx. This is a real YouTube user, who has since uploaded this video claiming it was not him:

The hacked profile info also included the message: “WHO DOESN’T LOVE PORN KIDS? RIGHT! EVERYONE LOVES IT! IM MREDXWX AND MY PARTNER MRSUICIDER91 ARE HERE TO BRING YOU MANY NICE CONTENT! PLEASE DON’T LET SESAME STREET TO GET THIS ACCOUNT BACK KIDS PLEASE…LET ME AND MRSUICIDER91 HAVE IT AND WE GONNA MAKE ALL THE AMERICA HAPPY!”

Sigh.