Linear Fix

MegaUpload Shutdown and Hit With Piracy Indictment

The FBI have taken down MegaUpload.com and charged seven individuals and two corporations, Megaupload Limited and Vestor Limited, with piracy related charges. The FBI, allege that MegaUpload was “running an international organized criminal enterprise allegedly responsible for massive worldwide online piracy of numerous types of copyrighted works”.

The FBI said “the estimated harm caused by the conspiracy’s criminal conduct to copyright holders is well in excess of $500 million. The conspirators allegedly earned more than $175 million in illegal profits through advertising revenue and selling premium memberships”. The indictment alleged that MegaUpload failed to removed content that was pirated by leaving “access through any one of the many duplicate links available for that file” when content was removed. MegaUpload also allegedly encouraged users to upload “infringing content” by paying users.

The FBI say they worked with assistance from law enforcement in New Zealand, Hong Kong, London, the Netherlands, Canada and Germany and with authorities from Australia, Canada and the UK. The seven individuals were from across the world with citizens of Germany, Slovakia, Denmark and Estonia. Law enforcement are believed to have seized around $50 million worth of assets, with 20 search warrants executed. 18 domain names have been seized stemming from a U.S. District Court order.

Anonymous, hacking group, have started a hacking spree branded OpMegaupload. Anonymous have so far taken down BMI, MPAA, RIAA, Universal Music and Justice.gov. AnonymousIRC said in a tweet that around 1500 people were involved in an IRC conversation.

MegaUpload has previously been endorsed by artists including Will.i.am, Kanye West and Snoop Dogg in a video that was controversially taken down by Universal. In the Megaupload song, creators boasted that the website had 50 million a day and accounted for “4% of the internet” and previously in October 2011, MegaUpload was labelled as a  “rogue” site by MPAA.

The full indictment has been made available on Scribd.

Hackers Readying Publication of 2.7 Million Emails from Stratfor

The Anonymous group is readying the publication of Stratfor emails by sorting through the millions of email, believed to be 2.7 million. Messages from Wikileaks distributed via Twitter and Facebook said “milions of emails between some of the most powerful men in the world are about to be released”.

Barrett Brown, a journalist organizing the project, said  in a Pastebin post the original purpose of the hack was to get access to the “2.7 million e-mails that exist on the firm’s servers” not for the credit card information. Brown hopes to “bring to light other instances of corruption, crime, and deception on the part of certain powerful actors based in the U.S. and elsewhere”.

Brown accused “various agents” of the U.S. government of obtaining information using violent methods. Whilst hackers, he said, did not have to “break down the doors of the target, point guns at children, and shoot down any dogs that might have been present”.

A post by Brown on Reddit said “please prepare to help search through them [the emails]“. The group organizing data is called Project PM, which has taken to investigating intelligence companies.

Stratfor says CSID will provide “identify protection” for affected parties of the Anonymous exploit. Stratfor have also delayed the launch of their website to allow for security testing.

Anonymous and LulzSec Hack Stratfor in ‘LulzXmas’

A hacking co-operative formed between LulzSec and Anonymous hackers, ‘AntiSec’, have hacked Stratfor, an American intelligence think-tank. The group stole private client information including credit card details, passwords and phone numbers. The group allegedly collected as much as 200 GB of data.

The breach occurred on December 24 as part of a ‘LulzXmas’ campaign, the company has since taken down the website for maintenance. A statement released by Anonymous said that Stratfor had hired “two outside consultants to try to bail their sorry asses out of the hellhole of a grave we dug them”.

The two main reasons outlined in the statement were  to “bring pain to greedy whitehats willing to flip for a dime on government payrolls. And don’t worry—there’s plenty more havoc in store for the rest of the week”, whilst the group also hinted at giving ” Bradley Manning his holiday feast” to avert further releases.

The group has so far released 25,000 support tickets publicly and lists of credit card details, reportedly being used to make donations to the American Red Cross and CARE.

Due to a lack of website, Stratfor CEO,  George Friedman, published a post on Facebook saying that the release from Anonymous “was merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications”.

Freidman said “we are on top of the situation and will continue to be vigilant in our implementation of the latest, and most comprehensive, data security measures”.

Anonymous Gain Credit Card Information from SpecialForces.Com

Anonymous and LulzSec have continued their ‘LulzXmas’ today, breaking into standard Blowfish encryption used on SpecialForces.com after encryption keys were stolen, according to an Anonymous press release.

The password list of SpecialForces.com was allegedly leaked earlier than expected by an inside Anonymous member, Anonymous said they had the  password lists for “the past few months” and that they have around 14,000 passwords and 8000 credit card numbers including expiration dates from those who purchased from SpecialForces.com.

Anonymous said “we had to contain our laughter when we saw these two ‘hacker proof logos plastered on the SpecialForces.com website”, referring to the GoDaddy and McAfee security seals. GoDaddy explains, on their website, that the Site Scanner Site “looks for malware links on your site and crawls the code for security gaps that a hacker could use to steal customer information”.

The press release said “we’ll continue to have ourselves a merry LulzXmas at the expense of capitalist pigs, corrupt public officials and all those third parties who cater to the continued oligarchic elite worldwide” and ended  “we are here to stay, and by now, you had better damn well expect us, cause the time for simple ‘lulz’ is long past”.

SpecialForces.com sells gear based on equipment used by the Special Forces and Anonymous say that the company mainly sells to “military and law enforcement affiliated individuals”. The SpecialForces.com has yet respond to leaks of customer details.

Anonymous Hacks myBART in #opBART

Anonymous, internet hacking collective, has compromised and defaced the myBART website leaking the phone numbers and passwords of customers. The group targeted BART (Bay Area Rapid Transit) after a decision to block cell phone communication to prevent co-coordinated protests.

Anonymous members, in a statement with leaked information, said that these actions were unacceptable saying “they violated the people’s right to assembly and prevented other bystanders from using emergency services by blocking cell phone signals in order to stop a protest against the BART police murders.” They also said that they used a simple SQL injection, mockingly saying “any 8 year old with a internet connection could have done what we did to find it. On top of that none of the info, including the passwords, was encrypted.”

BART said in a statement that they decided to interrupt the cell phone service on selected train stations as “a civil disturbance during commute times at busy downtown San Francisco stations could lead to platform overcrowding and unsafe conditions for BART customers, employees and demonstrators”. BART say that they “made available certain areas of its property for expressive activity” and that paid areas such as train stations and carriages were not available to “conduct or participate in assemblies or demonstrations or engage in other expressive activities”.

Concerns about the legality of blocking cell phones have been reported by San Francisco Chronicle who point out that a 1967 ruling found that non-disruptive political activity could not be prohibited.

The myBART website has been taken down and currently says “this site is currently under renovation.” BART representatives saying “BART’s website infrastructure is wholly separate from any computer network involved in the operation of BART service”

Private Data Stolen from Sony PSN, Class Action Imminent

Kristopher Johns has filed a class action lawsuit against Sony after the theft of private data from the Sony PSN user database. The suit alleges the use of unsecured data procedures and unreasonable delays in bringing the PSN service back online. The lawsuit has been filed in US District Court for the Northern District of California and there has been no response from Sony at this point of time.

In a email sent to PSN users Sony said that “illegal and unauthorized intrusion into our network,” had been discovered “between April 17 and April 19, 2011.” It advises users to check “account statements and to monitor your credit reports.” It is believed that name, address, email address, birthdate, login details, PSN ID as well as purchase history could of been accessed. More information on the outage and details for protecting privacy for the affected customers are available on the frequently asked questions page on the Sony website.

In a blog post, Patrick Seybold; Sr. Director, Corporate Communications & Social Media; said “the personal data table, which is a separate data set, was not encrypted.” It appears that only credit cards details were encrypted in the database. Sony is currently moving data to a new data center to provide better security in the future. A new software update from Sony will force users to change their password.

Anonymous, separate groups of hacktivists who act anonymously under the group name, have said that they were not responsible. The group was believed as a suspect initially as they started Operation Sony after a lawsuit against George Hotz, a hacker of the iPhone and Sony PlayStation (see above video). The operation reportedly took down the PlayStation website and PlayStation Store and advises users to return Sony products. Anonymous have said they ‘are not aiming to attack customers of Sony.’