Author Topic: F.B.I. Informant Is Tied to Cyberattacks Abroad  (Read 3029 times)

0 Members and 1 Guest are viewing this topic.

Offline mayya

  • Administrator
  • *****
  • Posts: 7874
F.B.I. Informant Is Tied to Cyberattacks Abroad
« on: April 24, 2014, 21:54:09 PM »
F.B.I. Informant Is Tied to Cyberattacks Abroad

By MARK MAZZETTI
APRIL 23, 2014

 
 

WASHINGTON — An informant working for the F.B.I. coordinated a 2012 campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Iran, Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks.

Exploiting a vulnerability in a popular web hosting software, the informant directed at least one hacker to extract vast amounts of data — from bank records to login information — from the government servers of a number of countries and upload it to a server monitored by the F.B.I., according to court statements.
 
The details of the 2012 episode have, until now, been kept largely a secret in closed sessions of a federal court in New York and heavily redacted documents. While the documents do not indicate whether the F.B.I. directly ordered the attacks, they suggest that the government may have used hackers to gather intelligence overseas even as investigators were trying to dismantle hacking groups like Anonymous and send computer activists away for lengthy prison terms.


Hector Xavier Monsegur aided the F.B.I. after his arrest.

The attacks were coordinated by Hector Xavier Monsegur, who used the Internet alias Sabu and became a prominent hacker within Anonymous for a string of attacks on high-profile targets, including PayPal and MasterCard. By early 2012, Mr. Monsegur of New York had been arrested by the F.B.I. and had already spent months working to help the bureau identify other members of Anonymous, according to previously disclosed court papers.

One of them was Jeremy Hammond, then 27, who, like Mr. Monsegur, had joined a splinter hacking group from Anonymous called Antisec. The two men had worked together in December 2011 to sabotage the computer servers of Stratfor Global Intelligence, a private intelligence firm based in Austin, Tex.

Shortly after the Stratfor incident, Mr. Monsegur, 30, began supplying Mr. Hammond with lists of foreign websites that might be vulnerable to sabotage, according to Mr. Hammond, in an interview, and chat logs between the two men. The New York Times petitioned the court last year to have those documents unredacted, and they were submitted to the court last week with some of the redactions removed.

“After Stratfor, it was pretty much out of control in terms of targets we had access to,” Mr. Hammond said during an interview this month at a federal prison in Kentucky, where he is serving a 10-year sentence after pleading guilty to the Stratfor operation and other computer attacks inside the United States. He has not been charged with any crimes in connection with the hacks against foreign countries.

Mr. Hammond would not disclose the specific foreign government websites that he said Mr. Monsegur had asked him to attack, one of the terms of a protective order imposed by the judge. The names of the targeted countries are also redacted from court documents.

But according to an uncensored version of a court statement by Mr. Hammond, leaked online the day of his sentencing in November, the target list was extensive and included more than 2,000 Internet domains. The document said Mr. Monsegur had directed Mr. Hammond to hack government websites in Iran, Nigeria, Pakistan, Turkey and Brazil and other government sites, like those of the Polish Embassy in Britain and the Ministry of Electricity in Iraq.

An F.B.I. spokeswoman declined to comment, as did lawyers for Mr. Monsegur and Mr. Hammond.
The hacking campaign appears to offer further evidence that the American government has exploited major flaws in Internet security — so-called zero-day vulnerabilities like the recent Heartbleed bug — for intelligence purposes. Recently, the Obama administration decided it would be more forthcoming in revealing the flaws to industry, rather than stockpiling them until the day they are useful for surveillance or cyberattacks. But it carved a broad exception for national security and law enforcement operations.

Mr. Hammond, in the interview, said he and Mr. Monsegur had become aware of a vulnerability in a web-hosting software called Plesk that allowed backdoor access to thousands of websites. Another hacker alerted Mr. Hammond to the flaw, which allowed Mr. Hammond to gain access to computer servers without needing a user name or password.
Over several weeks in early 2012, according to the chat logs, Mr. Monsegur gave Mr. Hammond new foreign sites to penetrate. During a Jan. 23 conversation, Mr. Monsegur told Mr. Hammond he was in search of “new juicy targets,” the chat logs show. Once the websites were penetrated, according to Mr. Hammond, emails and databases were extracted and uploaded to a computer server controlled by Mr. Monsegur.

The sentencing statement also said that Mr. Monsegur directed other hackers to give him extensive amounts of data from Syrian government websites, including banks and ministries of the government of President Bashar al-Assad. “The F.B.I. took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems,” the statement said.


Jeremy Hammond, who was convicted in hacking cases.CreditCook County Sheriff's Department, via Associated PressThe court documents also refer to Mr. Monsegur’s giving targets to a Brazilian hacker. The hacker, who uses the alias Havittaja, has posted online some of his chats with Mr. Monsegur in which he was asked to attack Brazilian government websites.

One expert said that the court documents in the Hammond case were striking because they offered the most evidence to date that the F.B.I. might have been using hackers to feed information to other American intelligence agencies. “It’s not only hypocritical but troubling if indeed the F.B.I. is loaning its sting operations out to other three-letter agencies,” said Gabriella Coleman, a professor at McGill University and author of a forthcoming book about Anonymous.
During the prison interview, Mr. Hammond said that he did not have success hacking a large number of the Plesk websites that Mr. Monsegur had identified, and that his ability to create a so-called back door to a site depended on which operating system it ran on.

He added that Mr. Monsegur never carried out the hacks himself, but repeatedly asked Mr. Hammond for specific details about the Plesk vulnerability.

“Sabu wasn’t getting his hands dirty,” he said. Federal investigators arrested Mr. Monsegur in mid-2011, and his cooperation with the F.B.I. against members of Anonymous appears to have begun soon after.
In a closed hearing in August 2011, a federal prosecutor told a judge that Mr. Monsegur had been “cooperating with the government proactively” and had “literally worked around the clock with federal agents” to provide information about other hackers, whom he described as “targets of national and international interests.”

“During this time the defendant has been closely monitored by the government,” said the prosecutor, James Pastore, according to a transcript of the hearing. “We have installed software on a computer that tracks his online activity. There is also video surveillance in the defendant’s residence.”
Mr. Monsegur’s sentencing hearing has been repeatedly delayed, leading to speculation that he is still working as a government informant. His current location is unknown.

Exactly what role the F.B.I. played behind the scenes during the 2012 attacks is unclear. Mr. Hammond said he had been in constant contact with Mr. Monsegur through encrypted Internet chats. The two men often communicated using Jabber, a messaging platform popular among hackers. Mr. Monsegur used the alias Leondavidson and Mr. Hammond used Yohoho, according to the court records.
 
During a conversation on Feb. 15, 2012, Mr. Hammond said he hoped all the stolen information would be put “to good use.”
“Trust me,” Mr. Monsegur said, according to the chat logs. “Everything I do serves a purpose.”
Now, sitting in prison, Mr. Hammond wonders if F.B.I. agents might also have been on the other end of the communications.

A version of this article appears in print on April 24, 2014, on page A1 of the New York edition with the headline: F.B.I. Informant Is Tied to Cyberattacks Abroad. Order Reprints|Today's Paper|Subscribe


http://www.nytimes.com/2014/04/24/world/fbi-informant-is-tied-to-cyberattacks-abroad.html?_r=0

Offline ANdReScR

  • Hero Member
  • *****
  • Posts: 1277
  • Gender: Male
Re: F.B.I. Informant Is Tied to Cyberattacks Abroad
« Reply #1 on: April 25, 2014, 04:32:39 AM »
Spanish

FBI usó 'hackers' para atacar portales oficiales de Brasil, Irán y otros países

La Oficina Federal de Investigación estadounidense recurría a los servicios de piratas informáticos del grupo 'LulzSec' para llevar a cabo centenas de ciberataques contra páginas web gubernamentales de países como Irán, Siria, Brasil y Pakistán.

Según varios documentos obtenidos por el diario 'The New York Times', un informante de la Oficina Federal de Investigación (FBI) coordinó en el año 2012 centenares de ciberataques lanzados contra varias páginas web extranjeras, incluidas algunas operadas por gobiernos de varios países, entre ellos Irán, Siria, Brasil y Pakistán. En particular, lograron recolectar desde datos bancarios hasta nombres de usuarios ('logines') y colocar dicha información en algunos servidores controlados por el FBI.

Si bien los documentos no indican que los ataques fueron ordenados directamente por el FBI, sí sugieren que el Gobierno estadounidense pudo haber usado a piratas electrónicos para recolectar datos de inteligencia fuera del país. Su objetivo habría constado de al menos dos mil páginas web, aunque la lista exacta de las páginas y de países atacados aún se mantiene en secreto.

En el año 2012 el FBI logró arrestar a Hector Xavier Monsegur,l líder del grupo de 'hackers' LulzSec, vinculado con el famoso grupo Anonimous, y que ha estado involucrado en ciberataques de alto rango, incluso contra los servicios PayPal y MasterCard. Bajo la amenaza de una larga pena de cárcel, el pirata informático se recicló como informante del FBI y empezó a colaborar con la investigación.

Sin embargo, no era el propio Monsegur el que 'hackeaba' a gobiernos extranjeros, sino que establecía contactos con piratas electrónicos de diferentes países para proveerles información sobre posibles objetivos. En 2012 convenció a otros participantes de 'Anonimous' de que aprovecharan la vulnerabilidad de algunas páginas web oficiales de diferentes países como Irán, Nigeria, Siria, Pakistán, Turquía, Polonia, Irak y Brasil para recabar algunos datos. En particular, convenció a algunos piratas electrónicos sirios opuestos al régimen del presidente Bashar al Assad de que recolectaran datos de algunas páginas web oficiales de este país, incluso bancarias y ministeriales.

Hasta hora Hector Xavier Monsegur está siendo objeto de investigación. Se cree que aún sigue colaborando con FBI, y su localización actual aún se mantiene en secreto.


http://actualidad.rt.com/actualidad/view/126286-fbi-usaba-piratas-electronicos-atacar-paises

Offline Elaine Davis

  • Administrator
  • *****
  • Posts: 1467
  • Gender: Female
  • To thine own self, be true.
F.B.I. Informant Is Tied to Cyberattacks Abroad
« Reply #2 on: April 29, 2014, 03:34:27 AM »
http://www.nytimes.com/2014/04/24/world/fbi-informant-is-tied-to-cyberattacks-abroad.html?hp&_r=0

F.B.I. Informant Is Tied to Cyberattacks Abroad

By MARK MAZZETTIAPRIL 23, 2014

WASHINGTON — An informant working for the F.B.I. coordinated a 2012 campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Iran, Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks.

Exploiting a vulnerability in a popular web hosting software, the informant directed at least one hacker to extract vast amounts of data — from bank records to login information — from the government servers of a number of countries and upload it to a server monitored by the F.B.I., according to court statements.

The details of the 2012 episode have, until now, been kept largely a secret in closed sessions of a federal court in New York and heavily redacted documents. While the documents do not indicate whether the F.B.I. directly ordered the attacks, they suggest that the government may have used hackers to gather intelligence overseas even as investigators were trying to dismantle hacking groups like Anonymous and send computer activists away for lengthy prison terms.

The attacks were coordinated by Hector Xavier Monsegur, who used the Internet alias Sabu and became a prominent hacker within Anonymous for a string of attacks on high-profile targets, including PayPal and MasterCard. By early 2012, Mr. Monsegur of New York had been arrested by the F.B.I. and had already spent months working to help the bureau identify other members of Anonymous, according to previously disclosed court papers.

One of them was Jeremy Hammond, then 27, who, like Mr. Monsegur, had joined a splinter hacking group from Anonymous called Antisec. The two men had worked together in December 2011 to sabotage the computer servers of Stratfor Global Intelligence, a private intelligence firm based in Austin, Tex.

Shortly after the Stratfor incident, Mr. Monsegur, 30, began supplying Mr. Hammond with lists of foreign websites that might be vulnerable to sabotage, according to Mr. Hammond, in an interview, and chat logs between the two men. The New York Times petitioned the court last year to have those documents unredacted, and they were submitted to the court last week with some of the redactions removed.



“After Stratfor, it was pretty much out of control in terms of targets we had access to,” Mr. Hammond said during an interview this month at a federal prison in Kentucky, where he is serving a 10-year sentence after pleading guilty to the Stratfor operation and other computer attacks inside the United States. He has not been charged with any crimes in connection with the hacks against foreign countries.

Mr. Hammond would not disclose the specific foreign government websites that he said Mr. Monsegur had asked him to attack, one of the terms of a protective order imposed by the judge. The names of the targeted countries are also redacted from court documents.

But according to an uncensored version of a court statement by Mr. Hammond, leaked online the day of his sentencing in November, the target list was extensive and included more than 2,000 Internet domains. The document said Mr. Monsegur had directed Mr. Hammond to hack government websites in Iran, Nigeria, Pakistan, Turkey and Brazil and other government sites, like those of the Polish Embassy in Britain and the Ministry of Electricity in Iraq.

An F.B.I. spokeswoman declined to comment, as did lawyers for Mr. Monsegur and Mr. Hammond.


The hacking campaign appears to offer further evidence that the American government has exploited major flaws in Internet security — so-called zero-day vulnerabilities like the recent Heartbleed bug — for intelligence purposes. Recently, the Obama administration decided it would be more forthcoming in revealing the flaws to industry, rather than stockpiling them until the day they are useful for surveillance or cyberattacks. But it carved a broad exception for national security and law enforcement operations.

Mr. Hammond, in the interview, said he and Mr. Monsegur had become aware of a vulnerability in a web-hosting software called Plesk that allowed backdoor access to thousands of websites. Another hacker alerted Mr. Hammond to the flaw, which allowed Mr. Hammond to gain access to computer servers without needing a user name or password.

Over several weeks in early 2012, according to the chat logs, Mr. Monsegur gave Mr. Hammond new foreign sites to penetrate. During a Jan. 23 conversation, Mr. Monsegur told Mr. Hammond he was in search of “new juicy targets,” the chat logs show. Once the websites were penetrated, according to Mr. Hammond, emails and databases were extracted and uploaded to a computer server controlled by Mr. Monsegur.

The sentencing statement also said that Mr. Monsegur directed other hackers to give him extensive amounts of data from Syrian government websites, including banks and ministries of the government of President Bashar al-Assad. “The F.B.I. took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems,” the statement said.

The court documents also refer to Mr. Monsegur’s giving targets to a Brazilian hacker. The hacker, who uses the alias Havittaja, has posted online some of his chats with Mr. Monsegur in which he was asked to attack Brazilian government websites.

One expert said that the court documents in the Hammond case were striking because they offered the most evidence to date that the F.B.I. might have been using hackers to feed information to other American intelligence agencies. “It’s not only hypocritical but troubling if indeed the F.B.I. is loaning its sting operations out to other three-letter agencies,” said Gabriella Coleman, a professor at McGill University and author of a forthcoming book about Anonymous.

During the prison interview, Mr. Hammond said that he did not have success hacking a large number of the Plesk websites that Mr. Monsegur had identified, and that his ability to create a so-called back door to a site depended on which operating system it ran on.

He added that Mr. Monsegur never carried out the hacks himself, but repeatedly asked Mr. Hammond for specific details about the Plesk vulnerability.

“Sabu wasn’t getting his hands dirty,” he said. Federal investigators arrested Mr. Monsegur in mid-2011, and his cooperation with the F.B.I. against members of Anonymous appears to have begun soon after.

In a closed hearing in August 2011, a federal prosecutor told a judge that Mr. Monsegur had been “cooperating with the government proactively” and had “literally worked around the clock with federal agents” to provide information about other hackers, whom he described as “targets of national and international interests.”

“During this time the defendant has been closely monitored by the government,” said the prosecutor, James Pastore, according to a transcript of the hearing. “We have installed software on a computer that tracks his online activity. There is also video surveillance in the defendant’s residence.”

Mr. Monsegur’s sentencing hearing has been repeatedly delayed, leading to speculation that he is still working as a government informant. His current location is unknown.

Exactly what role the F.B.I. played behind the scenes during the 2012 attacks is unclear. Mr. Hammond said he had been in constant contact with Mr. Monsegur through encrypted Internet chats. The two men often communicated using Jabber, a messaging platform popular among hackers. Mr. Monsegur used the alias Leondavidson and Mr. Hammond used Yohoho, according to the court records.

During a conversation on Feb. 15, 2012, Mr. Hammond said he hoped all the stolen information would be put “to good use.”

“Trust me,” Mr. Monsegur said, according to the chat logs. “Everything I do serves a purpose.”

Now, sitting in prison, Mr. Hammond wonders if F.B.I. agents might also have been on the other end of the communications.


http://bits.blogs.nytimes.com/2012/03/12/inside-the-stratfor-attack/?action=click&contentCollection=World&module=RelatedCoverage&region=Marginalia&pgtype=article#

Inside the Stratfor Attack
By NICOLE PERLROTH March 12, 2012, 6:44 pm

1:58 p.m. | Updated Adding clarification from the F.B.I. regarding how much of Stratfor’s data it was able to salvage.
Last December, a group of hackers quietly orchestrated an attack on Stratfor Global Intelligence Service, a company based in Austin, Tex., that analyzes geopolitical risk and publishes a newsletter for various clients, among them the Departments of Homeland Security and Defense. The hackers breached the company’s network and, once inside, confided in their fellow hacker, Hector Xavier Monsegur, and, as it turns out, the Federal Bureau of Investigation.


Six months earlier, in June, the F.B.I. had arrested Mr. Monsegur and turned him into an informant. With his help, four hackers in Britain and Ireland were charged last Tuesday with computer crimes; a fifth man was arrested Monday in Chicago. Using the information he passed along, F.B.I. officials said it was able to thwart attacks on roughly 300 private companies and government agencies.

But with Stratfor, they were not so lucky.

Conspiracy theorists across the Internet surmise that federal agents sat back and let the Stratfor attack occur to collect evidence, or perhaps net a juicier target — say, Julian Assange, the founder of WikiLeaks, which later released the five million internal e-mails that hackers obtained in the Stratfor hack.

“That’s patently false,” said one F.B.I. official, who would speak only on anonymity because the investigation was continuing. “We would not have let this attack happen for the purpose of collecting more evidence.”

F.B.I. officials said they learned of the Stratfor breach on Dec. 6, after hackers had already infiltrated the company’s network and were knee-deep in Stratfor’s confidential files. On that date, F.B.I. officials said, Jeremy Hammond, suspected as the attack’s ringleader, informed Mr. Monsegur he had found a way into Stratfor’s network and was already working to decrypt its data.
The F.B.I. said that it immediately notified Stratfor, but said that at that point it was too late. Over the next several weeks, hackers rummaged through Stratfor’s financial information, e-mail correspondence and subscribers’ personal and financial information, occasionally deleting its most valuable data — all in full view of  F.B.I. agents.

In addition to monitoring hackers’ chat logs, the F.B.I. managed, with Mr. Monsegur’s help, to persuade Mr. Hammond and Stratfor’s other attackers to use one of the agency’s own computers to store data stolen from Stratfor. The hackers complied and transferred “multiple gigabytes of confidential data,” including 60,000 credit card numbers, records for 860,000 Stratfor clients, employees’ e-mails and financial data, to the F.B.I.’s computers, according to the complaint against Mr. Hammond.

In an interview, F.B.I. officials clarified that they were able to salvage the Stratfor data that hackers transferred to its servers. Officials said this included some, but not all, of Stratfor’s data. As for why the F.B.I. was not able to stop hackers from siphoning five million Stratfor e-mails to Wikileaks later on, the F.B.I. said hackers had also stored data on their own servers.

The F.B.I. said it told Stratfor to delay notifying customers while it completed its investigation — a demand that later made Stratfor the target of a class-action lawsuit from subscribers who complained the company did not inform them of the breach until it was too late. Stratfor had little choice but to go public with the breach on Dec. 24, when hackers defaced its Web site and began posting receipts online for donations they had made with customers’ stolen credit card information.

Over the following days, hackers released credit card details for thousands of Stratfor clients, made at least $700,000 in fraudulent purchases using their credit cards, and exploited their e-mail addresses for malware attacks. Stratfor was forced to stop charging for subscriptions to its newsletter — its principal source of revenue. All told, Stratfor estimates the breach cost it $2 million in damages and lost revenue, according to the complaint.
And that’s just the financial cost. Two weeks ago, the company suffered further embarrassment when, three months after the breach, hackers funneled its internal e-mails to WikiLeaks, for widespread publication.
Conspiracy theorists wonder why, with ample evidence, the F.B.I. waited three months to arrest Mr. Hammond after the Stratfor breach. Some suggest that the F.B.I. purposely waited to net a bigger fish: Mr. Assange.
But F.B.I. officials said it simply took that long to collect the evidence to support their case. Cybercrime investigators and former federal prosecutors say that this makes sense, and that the time frame between Stratfor’s attack and subsequent arrests is not unusual.

“It’s not surprising it would take them that long to make arrests,” said Mark Seiden, a cybercrime investigator. “They have to collect evidence, and the paperwork takes between three and six months. If you don’t know exactly how hackers attacked a site, it’s difficult to bring them to justice. There’s no point in picking an unripe fruit.”

That news might disappoint the conspiracy theorists, but not nearly as much as it does Stratfor and its subscribers, whose personal and financial information was compromised as a result of the attack.
“It’s extremely frustrating,” said David White, a subscriber. Mr. White said he and his company were debating whether to renew their subscription. “At this point, it’s up in the air.”
GOD FORBID THE LIGHTS GO OUT and a zillion brains have to be retrained to function in manual reality.

Does anyone else get the idea that the tweets on the WL account are starting to sound a little like someone is bathing in a bird bath, eating bird food & possibly smoking bird * in his own sphere??