Good on Anonymous. It was the height of cruelty to threaten Swartz with a longer and more draconian sentence than murderers, rapists, or banksters.

Anonymous took control of the U.S. Sentencing Commission website in the early morning hours of January 25... they then seized govt files and encrypted them for distribution around the world. They are calling the first set of files a "warhead" in a campaign they're calling "Operation Last Resort." Oh, and they purportedly have a set of files on every justice sitting on SCOTUS.

There were 2 attacks; the site was down by by 3:00 am pacific time and remains down at this time. It's been dropped from the DNS, and IP address (66.153.19.162) still returns the defaced contents.

So Anonymous has issued an ultimatum to the US govt, and if the demands are not met: "Warhead - U S - D O J - L E A - 2013 . A E E 256 is primed and armed. It has been quietly distributed to numerous mirrors over the last few days and is available for download from this website now. We encourage all Anonymous to syndicate this file as widely as possible." link to full statement.

Pertinent part from link above: "With Aaron's death we can wait no longer. The time has come to show the United States Department of Justice and its affiliates the true meaning of infiltration. The time has come to give this system a taste of its own medicine. The time has come for them to feel the helplessness and fear that comes with being forced into a game where the odds are stacked against them."

Full video:

Dare we hope that we have a watch dog over our government and that the watch dog is more powerful AND incorruptable?

...that they are marginally competent juvenile delinquents.

Do kids still say bushwhacked? Did they ever?

But I don't think 'powerful' is the right descriptor. Neither is "marginally competent" though. They are likely among the best technical professionals of the next ruling generation.

Hardly. They rely on careless and sloppy server administration using old, well-worn exploits that that could be prevented simply by keeping the software up to date and changing the passwords. With the large number of public service web sites out there it just takes a little time to find one in the area of interest that is vulnerable.

Its pretty pitiful all the attention they get for such lame and insignificant vandalism. It's like getting front-page coverage for spray painting graffiti on the sidewalk.

Supposedly these young folks will be replacing the sloppy admins they defeated over and over.

Who then are the competent ones out there, in your view? They don't work for the government. They don't work for the banks. They don't even seem to work for the internet security firms. Anonymous has hit them all and aired all their dirty laundry.

...of many, many units, departments, offices, etc., etc. Most of them do what they are focused on (say sentencing guidelines) well, but are not necessarily up to snuff in all areas (say, running a web site). They rely on subcontractors, and, sometimes just the people in the office who have other more important responsibilities. It isn't surprising that mistakes are made.

Right now, somewhere there is a government security guard taking a nap when he should be vigilant. However, that guard isn't guarding the entrance to the NSA. Experience, competency and vigilance vary widely and depend on the needs, focus and resources of the specific branch organization. "The government" isn't incompetent just because of one or a few incidents.

My organization has been subject to several state-sponsored attacks over the course of the last several years. Our security team is world-class and fights back tooth and nail. State-sponsored attacks like this are way, way, way beyond the capabilities of the anonymous script kiddies. There is absolutely no comparison between this incident and the real war that is being waged. The script kiddies would get nowhere at our site.

Speaking of state-sponsored attacks, the recent distributed denial of service attacks on several American banks, while not very innovative and mostly just annoying, were state-sponsored, not anonymous script kiddies.

This is a high stakes game, but it is also extremely costly. Its worth it in some cases, but it is way beyond the capabilities and resources of the typical government office that is just trying to do a public service by getting some information out to the public in a timely, cost effective way. And isn't very much subject to threats anyway.

I think you should cut them some slack and be more appreciative of their efforts to make our lives a bit better.

Also:

"My organization has been subject to several state-sponsored attacks over the course of the last several years. Our security team is world-class and fights back tooth and nail. State-sponsored attacks like this are way, way, way beyond the capabilities of the anonymous script kiddies. There is absolutely no comparison between this incident and the real war that is being waged. The script kiddies would get nowhere at our site. "

haha, I see you are one of those elite keyboard ninjas, fighting secret wars to save humanity and all that. I will back off now.

...with respect to Anon. And I think that police and prosecutors that are trying to break conspiracies need a credible and significant threat to be able to take down a criminal organization.

FYI I'm not actively involved in computer security, I am just inordinately affected by it and so a bit more aware about what is going on. When an incident occurs, those on the "front line" give us enough information to help us help them and to motivate vigilance and care. So I get a bit more information than the general public and it has a bit more personal significance.

And that is our government, thinking itself well able to decide what WE ought to do, well able to tell the whole world what to do. A little humility is required, now and then.

...or the arrest and prosecution of someone who was caught breaking, entering and stealing... or a group of self aggrandizing juvenile delinquents who have pulled a largely meaningless and insignificant stunt?

... is not something that is left up to the individual to be "able to decide what WE ought to do". Prohibiting it is not an infringement on individual liberty. Nor is it in any way "telling the whole world what to do".

And competency in understanding, defining and enforcing justice has nothing to do with competency in setting up a secure web site for information sharing.

You think property is what matters. I don't. I think people matter. Fuck property.

... you don't think that people who are stolen from are important. Fuck them.

Why do you, for that matter? Are you a fan of incompetent web security?

... to protect you whenever you step out of the house, why should I care if you are shot, robbed, and left for dead? What business is it of mine?

... the firm that handles my security: Solitary, Poor, Nasty, Brutish and Short.

I don't want to be presumptuous, but your response leads me to believe that you don't have a clue.

A newly discovered exploit in a technology standard known as “universal plug and play” (UPnP) is big enough that hackers on the Internet could remotely access and control “millions” of compatible devices like cameras, printers and routers, security researchers said Tuesday.

Researchers working for the security firm Rapid7 said they found bugs in the UPnP standard that exposes personal devices to being remotely accessed and controlled. That means an enterprising hacker could, say, exploit the bug to print unwanted messages on a personal printer, or turn on a webcam unbeknownst to the owner.

A hole this large has likely already been exploited on a selective, individual basis, researchers warned, noting that something like 40 to 50 million network devices make use of UPnP.

Rapid7?s announcement was confirmed Tuesday night by the United States Computer Emergency Readiness Team (US-CERT), which warned that “hundreds of vendors” that supply network-enabled hardware rely upon UPnP, including major firms like Cisco’s Linksys, D-Link, Belkin and Netgear. The agency recommended those manufacturers begin immediately updating their software to close the vulnerability — a process which could take months.

http://www.democraticunderground.com/1014385672

This is the kind of crap that we get when people get fat, dumb, and happy on the web, botnets, spam, and infections.

...and they should be enforced.

I was wondering how long that would take.

Less than 24 hours.

I heard about this yesterday, live, on Security Now with Leo Laporte and Steve Gibson.

The actual numbers are around 81 million devices using vulnerable hardware, manufactured by 1500 vendors.

The only answer at this time is to disable UPnP completely, both on the routers in question and in the OS if the OS has it turned on. Please note that this issue is OS-independent; Windows, *nix, and MacOS are all vulnerable.

Let me say it more clearly for the Apple fanboys: you are just as vulnerable to this issue as any Windows user.

Not necessarily the top end technically, but "some assembly required".

Having worked in defense back in the 90s, I'm surprised this doesn't happen more, esp. given the government's fondness for Microsoft software. I suppose part of the reason is lack of motivation, who wants to break into Justice Dept. computers? But also they are cheap about technical help, won't pay what you can get elsewhere, and the emphasis is on empire building, not excellence in execution.

They understand the gravity of the actions they are taking. It will be interesting to see if the forces they combat are as dismissive of their talents as you are.

...I laughed out loud. It's a bunch of self-aggrandizing hyperbolic rubbish. I'm totally amazed anyone would take it seriously. Totally lacking in gravitas.

That's not "combat". That's spray paint.

Bring it!

If only people in positions of power did the right thing, they would be unnecessary. Until then....

When I win the Lottery, I am SO going to Support Anonymous, Its about time We the People take back our Government

I know assembly Language and a few other languages and feel I'm fairly decent ...and not nearly as good as my friends..when it comes to breaking things up.
But these Guys/Gals are WAY, WAY beyond that.

I'd hate to have them with their sights set on me.

...left his password set to "password". Big deal.

I agree that there is a pattern of prosecutor misconduct across all levels of government that goes unaddressed, but I don't think that hacking this website and issuing threats improves the situation. I think this sort of action is considered to be vandalism by most people and I don't think vandalism is a very effective way to win people to your point of view.

to stop the misconduct. They threaten you with 10-20 years to get you to accept the breadcrumbs to have some kind of a life. If I was in their crosshairs I would probably kill myself, innocent or not. Truth and innocense do not matter at all. Prosecutors do not care about the law at all. They want to make a name for themselves and they want to control people. Anything that can be done to hurt them is more than welcome.

..crooked the system has become.
As far as Prosecutors...most of them act like the most ruthless individuals on earth.

Any particular reason?

...I'm expressing my opinion. What's wrong with that?

despite demonstration of such on more than one occasion, well....

Let's just say it sounds very much as if your discrediting of their abilities sounds as if it's to a purpose.

Frankly, what's coming from you on this thread sounds very much like "damage control" of the HBGary kind.

... found this:

http://arstechnica.com/tech-policy/2012/03/the-hbgary-saga-nears-its-end/

"Jim Butterworth told us that there was a "very good chance" that the perpetrators of the hack would be caught. And so it has come to pass....

...this week [the FBI] brought down their quarry with a string of indictments and the possibility of lengthy jail terms. With the arrests, the HBGary Federal hack saga is largely concluded...

... everyone in LulzSec except one member, avunit, had been identified, and every identified member except pwnsauce had been arrested."


A really smart crew*. Their lives are definitely on hold right now. Hopefully not ruined in the long term.

(*Some kids, some young adults.)

Maybe they are an ex-admin who got fired because someone found that his password
was still set to the default ...?

...I'm discussing. What's with the innuendo?

Which fact one can easily see. Watch for the first official spokesperson who chooses to address these activites directly. (It will be some sort of denial, but it wlll also be a "tell", because I can guarantee you they don't want to spread the idea around.)

hacking if we don't let them have total control of it to hunt down the bad, terrible, foreign, men, who are going to destroy our entire country by web sabotage. This will be the line of reason they use, but it is really to stop anyone like Anonymous from getting THEIR info.

and turned it into the vintage Asteroids game.