The release of the source code had been trumpeted by Anonymous on January 4.

Symantec Norton Antivirus source code published by indian hackers pastebin.com/ciExRzr3“

— Anonymous (@YourAnonNews) January 4, 2012

Upon news of Symantec’s announcement, Anonymous did a victory dance on Twitter.

Yes #Anonymous has SymantecpcAnywhere source code. Yes we found 0days. Yes Symantec is panicking. Problem, officer? goo.gl/FhyPX

— Anonymous (@YourAnonNews) January 26, 2012

With middle-finger flourish, Symantec responded that Anonymous had not stolen their code. But, they did recognize that it was in the hands of Anonymous now.

Yesterday, Symantec announced a patch and free upgrade to all pcAnywhere customers, even those not normally eligible for an upgrade. This move effectively renders Anonymous’ possession of its code a moot point.

So, what is the purpose of grabbing and releasing code for a product when a quick patch release prevents its use? To make Symantec dance in public for a couple of days?

There has been a lawsuit filed against Symantec, alleging that the company scares people into buying its software by making misleading claims about the health of their computers. The lawsuit is filed by private parties, not affiliated with Anonymous.

We would love to hear from Anonymous about what purpose their actions serve. Is there something inherently evil about Symantec that they wish to highlight? About the (bloated) Norton Utilities software? Is it related to the lawsuit? What public statement does this make? If Symantec ends up being seen by the public as victims of unscrupulous hackers (as opposed to being seen as bumbling in its own security), does that mean the move backfired?

In contrast with all the laudable moves Anonymous has made in the past year or so (e.g. support of activists in Tahrir, support of Wikileaks, support of the #Occupy movement), why should the general public not see this as a mean-spirited adolescent prank?

SC Magazine is reporting that cyber criminals have opened an online store selling Web traffic by hijacking other Web site’s traffic. The shop injects hidden integrated frames into pages of legitimate Web sites to redirect visitors to the buyer’s URL.

Integrated frames split pages into parts that are used to embed windows from another Web site. When an iframe’s height and width is set to zero, it becomes invisible.

Customers can purchase 1000 visitors through the online store for an average of $4.

Regional traffic prices do vary with 1000 Dutch visitors costing $18 while 1000 visitors from Australia is only $8. One thousand visitors from the U.S. is only $12.

The shop will also purchase redirected traffic from others. Sellers can inject their own iframes and sell the resulting traffic to the shop.

The operator said that the service does not record any IPs, no one will ban your account and they don’t care what you’re promoting.

The shop can adjust prices automatically based on supply and demand.

The site was originally created for personal use but was opened for public use after the realisation that money could be had.

There are “legal” options to buy Web traffic, but what this shop offers is definitely illegal. If you want to increase your Web traffic, use the old fashioned method of promoting via social media like Facebook and Twitter.

That’s where Mykonos comes in, a security company that protects Web sites from attacks by wasting a hacker’s time instead of using an easily breakable wall.

“If you break in, I want to have fun with you,” David Koretz, CEO of Mykonos, told Technology Review. He says that the computer security industry is “too timid” and that the solution is making hackers’ lives “tedious and difficult.”

The software goes into action when it detects an intruder by offering false data and phony software vulnerabilities. This is intended to waste the hacker’s time and force them to give up out of desperation.

The company has received $4 million in funding this week from a number of Web and technology leaders.

The company’s software is primarily aimed at hackers who use automated tools that identify and exploit weaknesses in Web sites.

Koretz says that wasting a hacker’s time “changes the economics” of attacking Web sites. He said that the software makes hacking more like bank robbery, which is easily managed.

The software first makes sure that it isn’t attacking a legitimate user. It does this through the use of small snippets of code injected into Web pages that are sent out to a computer using the site. If the data snippet is altered, the software automatically notes the IP address of the potential hacker.

If the hacker is using a Web browser to probe the site, a small tracking file known as a “supercookie” is injected into it. If they aren’t using a browser, the hacker’s computer is fingerprinted. When the same computer returns, the software knows and reacts appropriately.

The software sets up the illusion that the hacker is making progress. “We can intercept their scans and inundate them with fake values,” Koretz said. “It takes much longer [for an attacker to scan a site], and the results are useless.”

He said that a scan might usually take five hours, but would take 30 with his software. The other tactic is to offer up a fake password and log in page. They are essentially hacking the hacker.

Some computer security experts are not convinced though. They’re concerned that annoying hackers would just lead them to come back more powerful than before, fueled by vengeance.

Koretz agrees that a revenge outcome is possible, but he hopes that most hackers will just ascribe the deception as bad luck and move on to another target.

He predicts his tactic will become more widespread once traditional anti-hacking methods are proved ineffective.

Anonymous has posted a video in support of Romania’s protests. There is no mention of the database leak, instead focusing on the fight to replace their government. They throw their support behind the citizens and claim that they are going to fight for them.

You must acknowledge the fact that bringing down one man, and choosing another will not solve your problems. This will only perpetuate the political circus that has been unfolding in front of your eyes for 22 years. You must acknowledge the fact that your entire political class is corrupt and does not serve the interest of the people, as it should.

Many of you know that the world is changing, many of you feel that inside. Do not loose hope, for anonymous is by your side. We must stand united against our governments and make our voices heard, for we are the people of the world who want to put an end to the economic and monetary enslavement.

We’ve not been able to contact the Romanian branch of Anonymous to get a statement, but we’ve asked a few other branches of Anonymous for their take on it. Anonymous Sweden speculated that the leak was to “show disclosure on safety issues.”

Various Anonymous twitter feeds have been linking to the database, but we won’t as the database does contain sensitive information with a decryption tool that allows people to easily access the information.

Anonymous has also reportedly attacked a Romanian government Web site for not providing support to the children of Romania. A hacker group going by the name of “lulzcart” sealed the Web site and put an image on the index detailing the take down.

Anonymous has thrown their weight behind pretty much every protest that has happened in the past year from Egypt to Occupy Wall Street. This might be, however, the most controversial data dump yet. People, myself included, tend to become uneasy when national nuclear research is made available for everybody to see.

We’ll keep you updated on everything Anonymous as they happen.

The men involved in this enterprise have been the subject of much investigation by Facebook’s security team, as well as by independent researcher Jan Droemer. But, it’s not like they are taking pains to hide. They post photos of their vacation trips to Monte Carlo, Spain and casinos in Germany. They check in on FourSquare.

“We’ve had a picture of one of the guys in a scuba mask on our wall since 2008,” said Ryan McGeehan, manager of investigations and incident response at Facebook.

The five men in this “gang” are:

* Anton Korotchenko AKA “KrotReal”
* Stanislav Avdeyko AKA “leDed”
* Svyatoslav E. Polichuck AKA “PsViat” and “PsycoMan”
* Roman P. Koturbach AKA “PoMuc”
* Alexander Koltysehv AKA “Floppy.”

Yes, they are Russian. And they operate openly in central St. Petersburg. Which explains why the FBI have not nabbed them. In the absence of cooperation with the police in Russia, Facebook decided to out these guys publicly.

“People who engage in this type of stuff need to know that their name and real identity are going to come out eventually and they’re going to get arrested and they’re going to be targeted,” Joe Sullivan, chief security officer at Facebook said. “People are fighting back.”

How Koobface works, and how you can protect yourself from it, was the topic of an excellent write-up on Sophos.

Still Zappos sent an email around to customers, which said:

First, the bad news:

We sincerely apologize for any inconvenience this may cause. If you have any additional questions about this process, please email us at passwordchange@zappos.com.

TechCrunch shares an email from Zappos CEO Tony Hsieh to the company’s employees which says:

The most important focus for us right now is the safety and security of our customers’ information. Within the next hour, we will begin the process of notifying the 24+ million customer accounts in our database about the incident and help step them through the process of choosing a new password for their accounts. (We’ve already reset and expired their existing passwords.)

Zappos was acquired by Amazon in 2009.

The movie is well written, directed, and the main character is grounded well, with solid acting from the actress. What really sets the movie apart is that it’s based on a true story, and webcam hacking is a practice with thousands of documented cases, according to the short film.

Without further ado, here’s the movie. Prepare for creepiness.

Webcam from ZBros Productions on Vimeo.

If you want to truly be shocked, just search for “webcam hacking” in your search engine of choice. It’s remarkable how easy it is to do, especially with the person being completely unaware. *shudders*

The reason? Well, BlackBerry Messenger, was interestingly the communication channel of choice among rioters, apparently, and RIM indicated that it is cooperating with authorities who may wish to check out the related messages and who has been sending them.

The company tweeted:

The company also said in a statement, “We feel for those impacted by this weekend’s riots in London. We have engaged with the authorities to assist in any way we can. As in all markets around the world Where BlackBerry is available, we cooperate with local telecommunications operators, law enforcement and regulatory officials. Similar to other technology providers in the UK we comply with The Regulation of Investigatory Powers Act and co-operate fully with the Home Office and UK police forces.”

Given that the riots themselves are in response to the “authorities,” it stands to reason that the rioters and their sympathizers are not too happy with this. Enter TeaMp0isoN.

While the Inside BlackBerry blog is not currently functional, Mashable was able to capture a message that was displayed there before it went offline entirely. It said:

Dear Rim;
You Will _NOT_ assist the UK Police because if u do innocent members of the public who were at the wrong place at the wrong time and owned a blackberry will get charged for no reason at all, the Police are looking to arrest as many people as possible to save themselves from embarrassment…. if you do assist the police by giving them chat logs, gps locations, customer information & access to peoples BlackBerryMessengers you will regret it, we have access to your database which includes your employees information; e.g – Addresses, Names, Phone Numbers etc. – now if u assist the police, we _WILL_ make this information public and pass it onto rioters…. do you really want a bunch of angry youths on your employees doorsteps? Think about it…. and don’t think that the police will protect your employees, the police can’t protect themselves let alone protect others….. if you make the wrong choice your database will be made public, save yourself the embarrassment and make the right choice. don’t be a puppet..
p.s – we do not condone in innocent people being attacked in these riots nor do we condone in small businesses being looted, but we are all for the rioters that are engaging in attacks on the police and government…. and before anyone says “the blackberry employees are innocent” no they are not! They are the ones that would be assisting the police
- TriCk – TeaMp0isoN -
Greets To: iN^SaNe – Hex00010 – MLT – BlackHacker
- Knowledge is Power . . . . .
#FuckTheFeds
Twitter: @TeaMp0isoN_

Of course it’s not all been BlackBerry messaging uniting rioters. BBC News reports:

Disturbances in Birmingham started in the early evening when gangs of youths gathered in the city centre.

Police said they had been aware of “Twitter intelligence” during the day suggesting there would be trouble in the city.

In a separate article, BBC News reports:

A massive clean-up operation is getting under way in areas affected by the riots across England.

Twitter and Facebook users are harnessing the power of social networking to co-ordinate operations.

Meanwhile, many more police are working more hours to try and keep some kind of order.

A report from Devlin Barrett and Siobhan Gorman at the Wall Street Journal says:

The hackers likely were hoping the officials were conducting administration business on their private emails, according to lawmakers and security experts.

The Obama administration reiterated Thursday that no official messages were compromised. But lawmakers and outside computer-security experts said recent White House history suggests administration officials sometimes use personal email to talk business, despite rules against doing so.

Google is currently said to be working with the Department of Homeland Security and the FBI, investigating the attack.

On June 1, Google wrote on its blog:

Through the strength of our cloud-based security and abuse detection systems*, we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.

It’s important to stress that our internal systems have not been affected—these account hijackings were not the result of a security problem with Gmail itself. But we believe that being open about these security issues helps users better protect their information online.

As you probably know, this isn’t the first time Google has been involved with China-based hacking. About a year and a half ago, incidents actually led to Google directing its Chinese domain to Hong Kong.

Earlier this week, it was reported that the Pentagon has decided that cyber attacks can be considered acts of war, a subject that will be addressed in its cyber strategy, which will be made public (in part) sometime this month. According to the Wall Street Journal, the Obama Administration is not going to raise the matter with the Chinese government until more facts become clear.

It would seem, however, that the Chinese government is raising the matter anyway. Rachel King at ZDNet is reporting that China has refuted claims that it was responsible for the incident, and is accusing the U.S. of starting a global “Internet War”. Meanwhile, neither the U.S. government or Google has pointed the finger at the Chinese government yet.

The FTC alleged that lapses in the company’s data security allowed hackers to obtain administrative control of Twitter, including both access to non-public user information and tweets that users had set as private, and the ability to send out phony tweets from any account.

The privacy policy posted on Twitter’s website stated that “Twitter is very concerned about safeguarding the confidentiality of your personally identifiable information. We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access.” In addition, Twitter offered its users privacy settings that enabled them to designate their tweets as private.

The FTC’s complaint alleged that between January and May of 2009, hackers were able to gain administrative control of Twitter on two occasions.

Under the terms of the settlement, Twitter will be barred for 20 years from misleading users about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.

The company also must establish and maintain a comprehensive information security program, which will be assessed by an independent auditor every other year for 10 years.