Hackers gain over yahoo’s 400,000+ accounts
Police are saying little else – such as whether those arrested are suspected of acting under the guise of the activist group Anonymous, or what websites they’re accused of attacking.
MONTREAL – Six people have been arrested amid a rash of cyber-attacks launched by the activist group Anonymous against Quebec government websites.
The arrests were made in different Quebec cities in an operation that involved five police forces – the RCMP, the Surete du Quebec, and three municipal forces.
Those arrested faced a variety of charges Tuesday, including mischief, conspiracy, and unlawful use of a computer. Three of them were minors. The arrests took place in Rimouski, Sherbrooke, Forestville, Montreal and Longueuil, Que.
Police offered no other clues about the case, other than to say the attacks were on “public” and “parapublic” websites. They said they did not want to jeopardize their ongoing case by sharing details, such as whether those arrested operated under the “Anonymous” name.
Cyber-activists have, under the group name “Anonymous,” mounted numerous campaigns in different countries and on occasion defaced websites of organizations they oppose. A recent target has been the Quebec government because of its anti-protest law.
Self-described Anonymous activists have recently hacked into a variety of websites linked to the Quebec government – including the province’s education and public-safety departments, as well as that of the provincial Liberal party.
But police Tuesday did not specifically link the arrests to Anonymous. They also did not specify what websites those arrested were accused of attacking.
“Police authorities want to indicate that they take this kind of crime very seriously,” the police said in a statement. “They will use every means at their disposition to find the authors. These people expose themselves to criminal charges, regardless of whatever intention prompted their action.”
Last month, hackers managed to disable more than a dozen websites, including the sites of the Education Department, the Quebec Liberal party and the Montreal police force.
The circle then appeared to broaden. In addition to Formula One car-race spectators having their information published online, footage was released from an exclusive birthday party held for a member of the powerful Desmarais family.
People claiming to operate under the name “Anonymous” sent an ominously worded email to more than 100 people who bought tickets to the Formula One Grand Prix weekend in Montreal.
“If you intend to use a car, know that your road may be barricaded,” said a document described as a ‘Notice to Grand Prix Visitors.’
“If you want to stay in a hotel, know that we may enter it. If you seek to withdraw money from a bank, know that the shattering glass may sting. If you plan on watching a race, know that your view may be obscured, not by exhaust fumes but by the smoke of the fires we set. Know that the evacuation order may not come fast enough.”
There were protests at a number of sites related to the June 7-10 Grand Prix, and attempts to paralyze some of them, but police acted pre-emptively. Over that weekend, they either created barriers blocking access to certain public places, or detained people suspected of planning to disrupt events.
The police reaction brought a counter-reaction from protesters and their supporters: that law enforcement violated fundamental freedoms, such as the right to free mobility and expression, by making arbitrary detentions in what amounted to “political profiling.
LinkedIn Confirms Millions of Account Passwords Hacked
LinkedIn Wednesday confirmed that at least some passwords compromised in a major security breach correspond to LinkedIn accounts.
Norweigan IT website Dagens IT first reported the breach, noting that “Two days ago a package on the 6.5 million encrypted passwords posted on a Russian hacker site.
Vicente Silveira, Director at LinkedIn, confirmed the hack on the company’s blog Wednesday afternoon and outlined steps that LinkedIn is taking to deal with the situation. He wrote that those with compromised passwords will notice that their LinkedIn account password is no longer valid.
“It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases,” Linkedn director Vicente Silveira said in the blog post.
The file only contains passwords hashed using the SHA-1 algorithm and does not include user names or any other data, security researchers say. However, the breach is so serious that security professionals advise people to change their LinkedIn passwords immediately. An SHA-1 hash is an algorithm that converts your password into a unique set of numbers and letters. If your password is “LinkedIn1234,” for example, the SHA-1 hex output should always be “abf26a4849e5d97882fcdce5757ae6028281192a.” As you can see that is problematic since if you know the password is hashed with SHA-1, you can quickly uncover some of the more basic passwords that people commonly use.
Here’s what Imperva found: The most common password used was “123456,” followed by “12345″ and “123456789.” All in all, more than half a million people chose passwords composed of only consecutive numbers. So, if a hacker tried to log in to all RockYou accounts with just one password attempt–123456–every hundred or so attempts would yield a compromised account. Dozens of attempts can be scripted every second, so Imperva estimates that using this technique would only take around 15 minutes to hack 1,000 accounts.
Hackers took down control of satellites
A US report recently claimed that hackers had managed to interfere with two military satellites, but one expert argues the amount of energy required would be too great for ordinary hackers.
Satellites Landsat-7 and Terra AM-1 have been to control of the hackers for almost 12 minutes,the reports
But as satellite communications enthusiast Paul Marsh explained at the London Security B-Sides event in April, there are reasons to doubt the reports. He spoke about a similar story, reported in the late 1990s, about hackers supposedly accessing UK military satellite communications network SkyNet and ‘nudging’ one satellite out of synch.
“First off,” he explained, “jamming a satellite is easy to trace. Every time a command is sent up to the satellite, it gets counted. If you send one wrong frame up to then a red light will start flashing at RAF Oakingham.”
Marsh presented some back- of-the-envelope calculations for the power that would be needed to launch a “brute force” attack on a Skynet satellite.
He used Google Earth to estimate that the dish that controls Skynet satellites from RAF Oakingham is about seven meters in diameter, meaning the transmitted power is about five million watts.
Marsch said he doubted whether hackers would have had the wherewithal to send tracking and telemetry data up to the Skynet satellite. Whether Chinese hackers have that capability now is just one more matter of speculation to add to the opaque field of cyber warfare.