You are here

Security breaches 2012

This page is in continuation of the page Security breaches 2011 (http://openspace.org.in/UIDaadhaarsecurity2011), and goes on up to 11 June 2012. After the incidents of that day and 29 May, and the revelation of cyberwarfare sanctioned at the highest levels, those who are not convinced never will be.

Remember, though a website can always be backed up (and the password changed), when the Aadhaar website is hacked, the data once gone (your finger prints and iris scans) cannot be put back and neither can you change them--your fingerprints and iris--and they are essentially going to be your biometric passwords for a variety of services.

"There are only two types of companies those that have been hacked and those that will be." Robert Mueller, Director, FBI, keynote speech at the RSA conference, 1 March 2012

11 June 2012
Over 1,400,000 IDs were compromised in US based public health databases alone (in 2012 to date). These were linked to their social security numbers.

10 June 2012
Hours ahead of its planned protest against certain incidents of internet censorship in India , hacker collective Anonymous attacked and brought down the website run by Computer Emergency Response Team India (CERT-I n), the country's premier agency dealing with cyber security contingencies.

The site was restored later in the evening. The group organized street protests in 16 cities, including Chennai ,in theevening . "This is your response team #india ! They can't even protect themselves . How will they protect others ," read a tweet from @opindia _revenge , the group'stwitter handle . "We will keep attacking http://certin .org .in and http ://india.gov .in ! #GOI, ready to face ups and downs ?" the hackers said .

7 June 2012
Anonymous brought down the website of MTNL in a DDoS attack.

6 June 2012
Over six million passwords were stolen in a hack of the professional networking site linkedin.com. Earlier today, it was reported that a user in a Russian forum uploaded 6,458,020 hashed LinkedIn passwords.

Later in the day, Ars Technica reported that a list of about 1.5 million passwords appeared to include users of dating website eHarmony.

29 May 2012 (2)
Do you really think Aadhaar is going to use all Indian hardware and software made by patriotic Indians?... when the vendors list proves otherwise.... and here is what happened to the Americans when they did this kind of outsourcing (apart from the perils of the Internet that is). UK researchers discover backdoor in American military chip made by the Chinese.

U.K.-based security researchers have found a backdoor that was “deliberately” inserted into an American military chip to help attackers gain unauthorized access and reprogram its memory, according to a draft research paper.

Sergei Skorobogatov, a researcher at Cambridge University, discovered that a military-grade silicon device made by California-based Microsemi Corp., the ProASIC3 A3P250, contained a glitch that would allow individuals to remotely tweak its functions. “This permits a new and disturbing possibility of a large scale Stuxnet-type attack via a network or the Internet on the silicon itself,” the paper suggests. The Stuxnet worm, discovered in 2010, targets industrial systems.

The backdoor was obscured within the security mechanism of the chip with robust countermeasures to prevent access by others, a likely indication that it had been deliberately implanted, said Christopher Woods, a researcher at U.K.-based Quo Vadis Labs who collaborated on the research. The duo did not disclose further details in their paper, citing a “confidentiality agreement.”

The backdoor is “close to impossible to fix on chips already deployed” because software patches can’t fix the bugs.

27 May 2012 (2)
Protesting Anonymous hackers defaced BJP websites.

Through its Twitter account (@opindia_back) it announced thatwww.mumbaibjp.org and www.bjpmp.org.in were hacked by the group. After the hacking, the group posted a message to web users, asking them to organize protests against "web censorship" in India on June 9.

While the message was displayed on the homepage of www.mumbaibjp.org, on www.bjpmp.org.in it was inserted as a page at bjpmp.org.in/ads/anon.html. On Mumbai BJP website the message was accompanied by a catchy tune embedded through a YouTube link.

27 May 2012 (1)
Protesting hackers target social sites on RComm platform . Users of the service who tried to access popular websites like Facebook, Twitter, Yahoo and Gmail instead saw a message from the hackers announcing their protest against their "freedom being taken away".

Anonymous released admin logs from servers they hacked at http://pastehtml.com/view/bz8kycy0o.html, Anonymous OpIndia alleged that Reliance had blocked certain web pages, including the Facebook pages of staff protesting against Air India. Reliance Communications spokesperson said that they had "investigated the matter and confirm that all R-Com servers and websites are intact.

20 May 2012
Hackers Target Police, City of Chicago Websites before the NATO summit (supposedly when security would be high!) temporarily crippling them.

17 May 2012
Protesting hackers took down the websites of the Supreme Court of India and the Congress party .

29 April 2012 (2)
In a major systemic flaw (not teething problem) that involves programming error, venal humans and official culpability at senior levels over 30,000 Aadhaar cards were issued using the ID of a person who was not even employed by the UIDAI sub-contractor.

Mohammed Ali, 22-year-old data entry supervisor of Vattepally in Falaknuma blamed for the scam, was terminated by Infrastructure Leasing & Financial Services Limited (IL&FS) in September 2011. He supposedly enrolled 30,000 people, including 870 in the physically-disabled category, after termination in just two months. The physically disabled people did not have hands (no fingerprint) or eyes (no iris), and were not traceable in their declared addresses.

Investigators discovered that after his exit from IL&FS, enrolling agents at the 20 centers in the Old City had been using Mohammed Ali's login and password to carry on enrollments. To upload the Aadhaar card details of an individual, the agent has to log in using a special ID, password and also authorise the details using his thumb impression in the biometric scanner. The probe revealed that the operators at the 20 centers managed to upload details of 30,000 people by authorising them with their own fingerprints. "The system has a flaw. When an agent provides wrong authorisation fingerprint, it rejects on two occasions, but at the third instance it automatically takes the default authorisation print and completes the enrollment process," a civil supplies department (nodal agency for UIDAI) source said.

Probe agencies have realised that some IL&FS officials were in the know of things, but for reasons unknown, allowed the fraudulent enrollments to happen.

Ideally, the enrollment through Ali's ID should not have happened as he was not present at these centres to authenticate details using his fingerprints, but a flaw in the registration mechanism allowed them to carry out the fraud.

29 April 2012 (1)
We all know that VIPs get better security than the commoners in India, and with the craze for 'phoren' foreign dignitaries even more so. But wait a minute. There was an embarrassing security situation when police wireless system failed during the BRICS meeting. This after the 'switch over' was done ahead of the commonwealth games in 2010 itself and in the national capital! Any guesses on how robust the Aadhaar authentication system will be in rural areas?

In March, when the five heads of state (Brazil, Russia, India, China and South Africa) were in Delhi for the BRICS summit, the Delhi Police’s communication system collapsed. The Rs. 100-crore Tetra system was brought in to replace the old wireless sets. Terrestrial Trunked Radio (Tetra) — a professional mobile radio and two-way transceiver — collapsed during a major mock drill in the city on February 15 too, and gave the police problems during the April 15 MCD polls.

28 April 2012
The website of the Afghan Taliban was repeatedly taken down for the third time in less than a year crippled the main website of the Afghan Taliban, with a Taliban spokesman on Friday blaming Western intelligence agencies amid an intensifying cyber war with the insurgents. The unidentified hackers broke into the Taliban's El Emara

Taliban spokesman Zabihullah Mujahid told Reuters that the website was hacked around 12:30 am on Thursday and fixed in three hours, before being breached again at midday and put out of commission again. It was still being repaired on Friday. Unknown hackers brought down the main Taliban website earlier this month, when El Emara's English language page was replaced temporarily with images of Taliban atrocities and photographs of roadside bombs, according to the Long War Journal website, which tracks progress in the war, now dragging into its eleventh year.

Another cyber attack took place on June 20 last year, when false messages were distributed about the death of the Taliban's one-eyed leader, Mullah Mohammad Omar, from both the website and the phones of Taliban spokesman.

23 April 2012
Iran Took Systems Offline After Cyber Attack Hit Oil Industry Multiple targets were hit including the control systems of Kharg Island oil terminal, which handles the majority of Iran's crude oil exports, Iran's Oil Ministry and its national oil company.

Oil Ministry spokesman Ali Reza Nikzad-Rahbar told Mehr News Agency on Monday that the attack had not caused significant damage and the worm had been detected before it could infect systems. Iran disconnected computer systems at a number of its oil facilities in response... but Aadhaar will have that luxury, since authentication will be needed 24x7.

12 April 2012
In a rather bizarre case, but probably true of most of the 'undeliverable' numbers, ‘Coriander’ was issued an Aadhaar number--with the photograph of a mobile phone.

An Aadhaar card with number : 4991 1866 5246 was issued in the name of Mr Kothimeer (Coriander), Son of Mr Palav (Biryani), Mamidikaya Vuru (Village Raw Mango), of Jambuladinne in Anantapur district. As the card displayed the photo of a mobile phone, officials have no clue of the address where the card has to be delivered.

“We have completed all formalities, got ourselves photographed almost an year ago after standing in the long lines for days but haven’t received the card so far. The Kothimeer is lucky,” said an old man at the Jambuladinne Panchayat office.

11 April 2012
‘Anonymous’ Knocks CISPA Supporters Offline.

Anonymous knocked offline the websites of prominent defense contractor, Boeing, and two trade associations, TechAmerica and USTelecom.

The website of TechAmerica remained down Wednesday afternoon. USTelecom confirmed that they had been targeted by Anonymous with denial of service attack on Monday morning. The attack on Boeing occurred around 3 PM EST on April 10.

The attacks were in retaliation for the company’s support of a controversial piece of cybersecurity legislation, the Cyber Intelligence Sharing and Protection Act (CISPA).

7 April 2012 (2)
‘Anonymous’ took down the website of the British Prime Minister.

They launched a cyber attack on the website of 10 Downing Street. Hacktivists took down the website at about 10.30pm on Saturday despite announcing it days in advance, raising questions about the effectiveness of Whitehall internet security. Screenshots showed that the Home Office website was inaccessible from 9pm and service was reportedly patchy until Sunday morning.

The spokesman for the Prime Minister said it only lasted for a “couple of minutes”
[We have included the last comment since the government of India and UIDAI will also be using the same lies]

7 April 2012 (1)
‘Anonymous’ took down the Home Office website of the British government.
.
The hacking group ‘Anonymous’ appeared to have shut down the Home Office website on Saturday night, in an apparent protest against extraditions of British citizens to the US and so-called “draconian surveillance proposals.”

6 April 2012 (2)
Hackers break down Mac Firewall; over 6 lakh Apple's Mac computers affected.

6 April 2012 (1)
Sky News admits hacking emails in a case of 'responsible' journalism.

5 April 2012
Anonymous hacked and defaced 485 Chinese government, company, and other general websites . Targets hit in the mass defacement included government sites, its official agencies, trade groups and many others. Some sites were just defaced, but others have had administrator accounts, phone numbers, and e-mail addresses leaked.

The announcement about the defacements was made via an Anonymous China account that was established in March. A list of the 485 sites affected was put on the Pastebin website. Separate Pastebin messages posted email addresses and other personal details stolen when sites were penetrated.

China has one of the most comprehensive web surveillance systems in the world, known as the Great Firewall of China, that reinforces its broader social controls.

On defaced pages, the Anonymous attackers also posted links to advice that could help people avoid official scrutiny of what they do and say online. Government officials denied any had taken place, but many of the sites listed are now offline and a few others displayed a hacked page for a long time rather than their own homepage.

The Anonymous hackers reportedly r successfully attacked some sites a second time once the original defacement was cleaned up .

4 April 2012
A 23 year old British hacker steals 8 million identities

A British hacker has been sentenced to 26 months for stealing 200,000 PayPal accounts, 2,701 bank card numbers, as well as 8,110,474 names, dates of birth, and postcodes of U.K. residents between January 1, 2010, and August 30, 2011, from an undisclosed source.

Using the handle G-Zero, he also hacked into the networks of Nokia and AOL, copying the personal details of more than 8,000 staff members. Following his intrusion, Nokia’s internal network was down for two weeks.

30 March 2012
1.5 million VISA and MasterCard data was hacked. On Friday, March 30, VISA and MasterCard alerted banks about a recent major breach at U.S.-based credit card processor Global Payments.

The alerts also said that full Track 1 and Track 2 data was taken—meaning that the information could be used to counterfeit new cards. This latest breach involved at least 1.5 million accounts.

Krebs on Security, a blog that first reported the incident on Friday, said possibly 10 million accounts had been compromised for over a month, between January 21, 2012 and February 25, 2012. As usual, it wasn’t the company but a security blogger named Brian Krebs who broke the news. It follows a pattern common among other data breaches: customers who may have been affected by the data theft are often the last to know, and they find out weeks—sometimes months—after their credit-card information is extracted.

16 March 2012
112 government websites hacked in the last 3 months
“During the period December 2011 to February 2012, a total number of 112 government websites were hacked,” Minister of State for Communications and IT Sachin Pilot told the Lok Sabha.

IIM-C, Finance Ministry, Planning Commission, Health, Human Resource Development ministries and various State government agencies, were hacked or defaced. The State government websites that came under attack were from Andhra Pradesh, Tamil Nadu, Kerala, Odisha, Uttar Pradesh, Sikkim, Manipur, Madhya Pradesh, Rajasthan, Maharashtra and Gujarat. The website of Bharat Sanchar Nigam Ltd was hacked on December 4, 2011 by the ‘H4tr!ck' hacker group.

Last year the Central Bureau of Investigation website was hacked and defaced by programmers, who identified themselves as the “Pakistani Cyber Army.” It took weeks before the website was restored.

As per industry estimates, over 14,000 government and corporate websites were hacked/defaced in 2011.

10 March 2012
Spies used Facebook to steal Nato chiefs' details

NATO'S most senior commander was at the centre of a major security alert when a series of his colleagues fell for a fake Facebook account opened in his name - apparently by Chinese spies.

It is similar to the so-called "Night Dragon" attacks which targeted executives of some of the world biggest oil and gas companies. The attacks infiltrated the energy companies computer system and looked for how the firms operated. The attackers targeted the Western firms' public websites and specific individuals using Facebook and other social networking sites to learn about them first, and then trying to dupe them into revealing their log in names and passwords.

The hackers were traced to China, to Beijing and investigators found the attacks only happened on week days between 9am and 5pm local time suggesting they were working at an office or a government facility. Last year an executive at a key US defence firm, RSA, opened a personal email with the subject line "2011 Recruitment Plan" and clicked on the attached Excel spreadsheet. The attachment contained a virus, apparently engineered by the Chinese, which opened up RSA's system and allowed access to all its secrets, including its work for the White House, the Central Intelligence Agency, the National Security Agency, the Pentagon and the Department of Homeland Security(DHS).

8 March 2012
Anonymous leaks Symantec source code: Updated Retaliates after Lulzsec arrests THE HACKTIVIST Antisec group has published Symantec Norton AntiVirus 2006 All Platforms Source Code on The Pirate Bay.

Anonymous, with which Antisec is related, has long boasted of its ownership of Symantec code, and this is its latest release in an ongoing campaign against the security firm.

6 March 2012 (2)
Returning the favour, antivirus company Panda Security was apparently targeted after a researcher celebrated reports that LulzSec's former leader had become an informant. An online hacker responded to the arrest of six suspected hackers by hacking and defacing a security firm's Web site.

6 March 2012 (1)
Chinese hackers 'had full access' to Nasa lab that commands 23 spacecraft including missions to Jupiter, Mars and Saturn.

The hackers, operating from an internet address in China, gained full system access in November 2011, allowing them to upload hacking tools to steal user IDs and control Nasa systems, as well as copy sensitive files. The hackers were also able to modify system logs to conceal their actions. ‘The intruders had compromised the accounts of the most privileged JPL users, giving the intruders access to most of JPL's networks,’ said National Aeronautics and Space Administration Inspector General Paul Martin.

The cyber attack was one of 'thousands' of computer security lapses at the space agency. National Aeronautics and Space Administration Inspector General Paul Martin testified before Congress on the breaches. In another attack last year, intruders stole credentials for accessing NASA systems from more than 150 employees. Martin said the his office identified thousands of computer security lapses at the agency in 2010 and 2011.

2 March 2012
In response to a congressional directive, the US Department of Defense Inspector General has provided to Congress, “an inventory of all identified unauthorized disclosures of SCI [sensitive compartmented information, or classified intelligence] to the public within DoD from the past three calendar years.” The classified IG report also described the actions taken by DoD in response to the leaks, including referrals to the Department of Justice for criminal investigation.

Not strictly a hack, but a good overview, since it lists the leaks ("unauthorized disclosures of SCI to the public") from the US department of defense between December 23, 2008 and December 23, 2011.

1 March 2012
Nothing like turning one of the 'other' side. New Yorker Hector Xavier Monsegur, 28, was exposed as the person behind Sabu, the colorful leader of Lulz Security, a much-feared and talented offshoot of the cyber-activist group Anonymous. Apparently after the 28-year-old entered a guilty plea on August 15 to 12 counts of computer hacking conspiracies and other crimes, he reportedly became an informant, participating in the group's activities while federal law enforcement officials worked to infiltrate the group.

27 February 2012
WikiLeaks began publishing The Global Intelligence Files more than five million emails from the Texas-headquartered "global intelligence" company Stratfor. The emails date from between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal's Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defense Intelligence Agency.

23 February 2012
'Anonymous' hacked into the databases of the Los Angelos County Police and Sheriff and posted contact info and nude pics on the net, including on facebook.

17 February 2012
Anonymous defaced several websites owned and operated by the US government as part of latest protest against online censorship in a massive anti-ACTA attack.

At least half a dozen federal websites belonging to the United States government were disrupted in the latest Anonymous-led assault this week including the US Federal Trade Commission, National Consumer Protection Week, the Consumer Protection Agency, the Federal Trade Commission and others.

15 February 2012
The website of Trinamool congress was hacked. It was restored only a day after it was hacked reportedly by a Bangladesh-based group. The party's website was remodelled before the last assembly election by Hotmail founder Sabeer Bhatia (no stranger to web security). A hacker's group, 'Bangladesh Black Hat Hackers', has on their Facebook page written that the state Chief Minister Mamata Banerjee had reneged on her promise on sharing of Teesta river water with the country.

14 February 2012 (2)
Anonymous defaced and then wiped out the website of Weapons Maker Combined Systems on the one-year anniversary of the uprising in Bahrain in retaliation for sales by the company of chemical weapons. They claimed to have stolen employee names, e-mails, addresses, passwords and client lists, and threatened the site’s administrators that if they helped Combined Systems rebuild its Web site, they would expose those companies’ client lists and e-mails as well. The data uploaded contained several employee user credentials as well as emails and account information of customers.

The Anonymous hackers claimed to have been inside the company’s network for some time but said they were forced to take down the site after Google alerted the company that a hacker had broken into its Web hosts. The hackers posted some of the stolen e-mails on the online bulletin board site Pastebin, including one e-mail, dated Feb. 10, from a Combined Systems Web developer who wrote, “Looks like our Web hosts got hacked.”

14 February 2012 (1)
A valentine's day gift from the Climate Change Deniers. The website of Heartland Institute a conservative public policy think tank was hacked. Published information include original documents containing the institute's budget, Climate Strategy for 2012, many details of the group’s operations, including salaries, recent personnel actions and fund-raising plans, donors and setbacks.

13 February 2012
The Microsoft India Store was hacked and usernames and passwords leaked . The usernames and passwords were kept in plain text.

Following the hack, the members of Evil Shadow Team, posted a message on the Microsoft website saying "unsafe system will be baptized". The story was first reported by www.wpsauce.com.

The Microsoft India Store was hacked and usernames and passwords leaked . The usernames and passwords were kept in plain text.

10 February 2012
Anonymous Takes Down CIA Web Site

"CIA Tango down," a member of Anonymous said on @YourAnonNews, a Twitter feed used by the group. "Tango down" is an expression used by the US Special Forces when they have eliminated an enemy.

9 February 2012
Nine official Web sites , including that of the Power Ministry, Maharashtra, Kerala and Uttarakhand Governments, were defaced in the recent past, forcing the authorities to strengthen cyber-security safeguards. The National Informatics Centre (NIC) under the Ministry of Communications and Information Technology said in an RTI reply that
“A number of hacking attempts are made on daily basis on Governments' Web sites hosted on NICNET servers. It is not possible to accurately quantify these. The attempts are usually effectively blocked by security controls put in place,” it said.

The Ministry was asked to give details of hacking attempts being made on the Governments' Web sites in the last ten years (2001-11) along with the names of uniform resource locater (URL) of the portals and source of such attacks.
The Web sites are:
www.kumbh2010haridwar.gov.in,
www.ueppcb.uk.gov.in,
www.gov.ua.nic.in/ujn,
www.cdodoon.gov.in,
www.arunachal.nic.in,
www.bee-india.nic.in,
www.civilsupplieskerala.gov.in,
www.mpcb.gov.in
www.informatics.nic.in

8 February 2012
Hackers from Anonymous post classified German files online, revealing details of the country's military operations in Afghanistan.

Anonymous said it obtained the data from a server at the Bundestag or German parliament. The military documents were collected for an inquiry, now finished, into a September 2009 airstrike by US jets under German orders that killed more than 140 Taliban fighters and Afghan civilians. The inquiry criticized the 2009 airstrike.

7 February 2012
Anonymous Hacks Syrian President's Emails
The hacker collective reportedly released emails from the office of Syrian President Bashar Assad that focus on preparation for his recent interview with Barbara Walters. According to Israeli newspaper Haaretz, hackers compromised the Syrian Ministry of Presidential Affairs' server on Sunday night, and accessed the inboxes of 78 staffers. It apparently wasn't too difficult; many people used "12345" as their password.

Anonymous, meanwhile, initially targeted a few Syrian government Web sites with distributed denial of service attacks, but later changed its tune. Crippling the Internet in the region could have adverse effects on those trying to get the word out, Anonymous said. "Taking a site down momentarily in an already oppressive regime = unhelpful," Anonymous said.

3 February 2012 (2)
The internet certificate provider VeriSign Hacked, Successfully and Repeatedly, in 2010.
Reuters discovered the information in a quarterly U.S. Securities and Exchange Commission filing in October that followed new guidelines on reporting security breaches to investors. The company, unsurprisingly, is saying nothing. The problem for all of us, naturally, is if the certificate system was hacked, allowing the bad guys to forge certificates. (This has, of course, happened before.)
Are we finally ready to accept that the certificate system is completely broken? (Bruce Schneier)

[If you read only one blog on security, read Bruce Schneider. There is also a free monthly newsletter that comes like clockwork every 15th of the month]
3 February 2012 (1)
Hackers attacked Greek government (Justice Ministry) website to protest the government’s signing of a global copyright treaty and its handling of the financial crisis. The ministry was forced to take down its site after a video by activists claiming to be Greek and Cypriot members of the international “Anonymous” group was displayed for at least two hours.

25 January 2012
The computer security firm Symantec customers to disable pcAnywhere software saying it is at increased risk of getting hacked after blueprints of that software were stolen.

The company last week warned customers of the 2006 theft of the source code, or blueprints, to pcAnywhere and several other titles: Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities and Norton GoBack.

"The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident," it said on its website. (bit.ly/wqtxTI) But it did not mention what it did in the intervening 6 years.

24 January 2012
If there can be fake ration cards canfake UIDs be far behind. A generous New Delhi MPs staff signed off address verification for virtually anyone on his behalf--when he was not even in the place!

19 January 2012
In swift retaliation for shutting down Megaupload Anonymous Hits DOJ, Universal Sites

Anonymous was quick to target the Justice Department, Universal Music, the RIAA, and MPAA in the wake of this afternoon's Megaupload announcement, with the Web sites for all four organizations succumbing to distributed denial of service (DDoS) attacks.

Justice.gov and universalmusic.com went offline around 430pm Eastern and have been largely unresponsive for the past 1.5 hours. RIAA.com and MPAA.org are also unresponsive.

"Recording Industry Association of America—Department of Justice—Universal Music—all TT, all TANGO DOWN," Anonymous tweeted this evening with the #OpMegaUpload hashtag.

"The Department of Justice web server hosting justice.gov is currently experiencing a significant increase in activity, resulting in a degradation in service," the DOJ said in a statement. "The Department is working to ensure the website is available while we investigate the origins of this activity, which is being treated as a malicious act until we can fully identify the root cause of the disruption."

17 January 2012
The US Federal Bureau of Investigation (FBI) suffered a major embarrassment when online hacker group Anonymous intercepted a telephone call between FBI agents and U.K. authorities involving a joint investigation of the group.

Members of the hacker-activist group obtained details on a Jan. 17 conference call, including dial-in information, and posted a recording of it on Google Inc.’s YouTube website and other Internet sites, according to messages posted on Twitter accounts associated with Anonymous members.

The phone recording suggests a significant security breach of Federal Bureau of Investigation protocols, according to E.J. Hilbert, a former agent in the bureau’s cyber security division. Anonymous reportedly accessed the call because a foreign police official who received the conference call invite forwarded it to a personal account, where it was intercepted by Anonymous.

Barrett Brown, an informal spokesman for Anonymous, said that in an unrelated attack a team of hackers had also stolen more than two years’ worth of e-mails and attachments relating to the 2005 Haditha massacre, in which 24 Iraqi civilians died from the computer servers of Puckett & Faraj, the law firm that represented Staff Sergeant Frank Wuterich, one of the marines accused in actions related to the deaths of Iraqi civilians. A person who answered the phone at Puckett & Faraj’s offices in Alexandria, Virginia, said the firm had no comment beyond confirming that its website was down. The e-mails, which go back as far as 2009, may contain evidence and undisclosed details about the Haditha incident, as well as other cases the firm has worked on.

The e-mails would be posted shortly on a file-sharing site accessible by the public.

12 January 2012
Anonymous targets Israel by publishing SCADA log-in details

Hacktivist group Anonymous has released what it claims to be a series of log-in details for Israeli SCADA systems. The new @FuryOrAnon account, which has been vouched for by one of the group's most prominent Tweeters, @AnonymouSabu, posted a link to the Pastebin page on Twitter on Wednesday. The Pastebin page in question contains what it claims to be a list of ten IP addresses for Israeli SCADA systems as well as log-in details.

SCADA, or supervisory control and data acquisition systems are a vital part of the industrial control systems found in manufacturing, power generation and other facilities. They were targeted famously by the Stuxnet worm which is alleged to have been created by Israel and the US in a bid to disrupt Iran's nuclear programme.

11 January 2012

Turning tables, India hacked into emails of an official American commission that monitors economic and security relations between the US and China, including cyber- security issues.

Hackers posted on the Internet what purports to be an Indian military intelligence document on cyber-spying, which discusses plans to target the US-China Economic and Security Review Commission (USCC) - apparently using technical knowhow provided by western mobile phone manufacturers.

Stewart Baker, a cyber-security policy expert, said the commission "would be a high-priority target for China, since USCC has been one of the most vocal US agencies in warning against Chinese hacking... If it's genuine, it should cause red faces
all around. At USCC for apparently getting hacked by Indian intelligence, and even more so at Indian intelligence for getting hacked by what may be a bunch of amateurs."

5 January 2012
Worm steals 45,000 Facebook passwords
A computer worm stole 45,000 login credentials from Facebook. The culprit is a well-known piece of malware - dubbed Ramnit - which has been around since April 2010 and has previously stolen banking details.

2 January 2012
To no ones surprise, even terrorists manage to get Aadhaar numbers. A suspected Hizbul terrorist, despite being on the most wanted list , obtained a voter ID card, ration card and even an Aadhaar card using fake documents with a fake name, fake father's name with an address in Ghousenagar in Bandlaguda of Chandrayanagutta, Hyderabad. Cyberabad anyone? Happy new year!