The cat and mouse game of Internet censorship in India is getting too dangerous with each day.

A few weeks back, several Indian ISP’s censored torrent sites such as The Pirate Bay and blocked the very popular video sharing site Vimeo. The list of ISP’s include  Airtel, Reliance, MTNL and Youbroadband – some very big names who have thousands of customers in India. The explanation – Reliance Entertainment has obtained John Doe court orders and ISP’s are directed to block access to torrent and video sharing sites where pirated materials are distributed. (see example)

I am not sure how I am able to surf Vimeo, ThePirateBay, Pastebin and other blocked sites through my internet connection. I use BSNL broadband and have a Tata Photon connection but both these ISP’s haven’t blocked any site because of a so called court order. How awkwardly rebellious!

But then, Newton’s third law must manifest itself.

Anonymous, the infamous hacker group decided to have a go at Indian Government and they managed to take down Indian Government websites (here is the tweet from opindia). Now they are going all guns blazing towards Reliance and they have successfully hacked into the servers of Reliance communication, a sister concern of Reliance Entertainment. This blow from Anonymous is confirmed after some users reported that they were greeted by the following message, while trying to access social sites through the Reliance communications network.

Here are a few more screenshots, courtesy Whitec0de and ZDNet:

The defaced page of Anonymous India has a pretty long “press release” which kind of announces their propaganda against the injustice caused by Indian Government and Indian ISP’s such as Reliance communications. The group has also organized a Facebook event asking users to wear masks on June 9th, 2012, in protest for internet freedom and free speech.

Offense is the best defense. Agreed.

But the way these hacks are projected to the public, the issue may turn into a ridicule – everyone fighting with the other and nobody has any clue what they are fighting for. The issue here is freedom of voice, which can not be achieved by stabbing swords in each others back. The principle is forgotten amongst silly rules, turning the situation into a bureaucratic joke.

We have seen this mob war in past, Indian hackers hacked Pakistani websites which was soon followed by a Pakistani group hacking Indian Government sites. Why did the Indian hackers hacked Pakistani Government sites in the first place? The goal was to protest against Mumbai Bomb blasts, but in practice – their movement turned into a cyber war which was cease-fired through mutual agreement.

Now that Anonymous has declared war on Indian ISP’s, this might hurt end users in the long run. The law has a very long arm, scratching an unhealed wound will only make matters worse.

P.S: There is a rumor that Indian Government may ban HTTPS and SSH. This ran shivers through my veins but I calmed down on realizing that the report is 11 years old and the proposal was never tabled.

Update: Anonymous India has released a video on YouTube urging users to join their cause on June 9th, 2012. This is getting interesting!

UPDATE: A recent tweet by @opindia_revenge reveals that Anonymous has successfully managed to take down the Department of Telecom’s website - dot.gov.in

UPDATE: Looks like both the sites - supremecourtofindia.nic.in and aicc.org.in are back in action again! However, @opindia_revenge has tweeted with the following message:

Anonymous group has successfully taken down the website of Supreme Court of India (supremecourtofindia.nic.in) and the official website of the All India Congress Committee (aicc.org.in). The reason being due to the fact that the Indian Government is taking Internet Censorship quite seriously, and has ordered most of the Indian ISPs to block websites including, Vimeo, ThePirateBay, Pastebin, Dailymotion, and many others.

Since yesterday, many users on Twitter were reporting that popular file sharing and torrent sites were blocked by major ISPs like Airtel, Reliance, MTNL and You Broadband ISP. Upon visiting the blocked sites, the following message is displayed – “Access to this site has been blocked as per Court Orders.”

Within hours, the government websites were taken down by Anonymous, an act of revenge, due to the very fact that the Indian Government had ordered ISPs to block ThePirateBay and other sites.

The first tweet came in from @opindia_revenge indicating that they’re going to “paralyze” the two websites. An hour later, a confirmation tweet followed stating – “We have successfully taken down our main enemy –>> http://dot.gov.in Department of telecom +1 for #opindia”

Although they mentioned that they had managed to take down the Department of Telecom’s websites (dot.gov.in), but at the time of writing this article, the website was fully functional.

The government websites are reportedly down since 17th May 2012, 15:30 IST

Back in June 2011, Anonymous has successfully hacked the National Informatics Centre’s (NIC) websites due to the action taken against Baba Ramdev’s anti-corruption campaign by the Delhi Police. They also managed to hack the Indian Army’s website, which was down for an hour or so.

In response to this, the Indian Twitter and Facebook account of Anonymous were suspended and all videos from its YouTube account were removed completely.

A UK based ISP Virgin Media has decided to ban access to the Pirate Bay, following a court order. The court order affects five major ISPs in the UK, Virgin Media being the second largest in all of Britain. British Telecom (BT) is still in talks over this matter, in spite of being asked to implement a ban, last year. The ban on The Pirate Bay came after the British Phonographic Industry (BPI), which represents a number of media houses, aggressively pursued a case.

Furious over the ban, The Pirate Bay has given enough tips to circumvent this ban, rendering it useless anyway. On the bright side of things, it has also recorded a traffic boost of 12 million, after the court order. However, when Anonymous came out in support of The Pirate Bay and decided to DDoS Virgin Media, it was not pleased at all. The DDoS was carried out between 5 and 6 PM and Anonymous took down the Virgin Media website for over an hour.

The Pirate Bay has made it clear that it does not support DDoS as a means of protest.

We believe in the open and free Internet, where anyone can express his or her views. Even if we strongly disagree with them and even if they hate us. So don’t fight them using their ugly methods. DDOS and blocks are both forms of censorship. If you want to help; start a tracker, arrange a manifestation, join or start a pirate party, teach your friends the art of bittorrent, set up a proxy, write your political representatives, develop a new p2p protocol, print some pro piracy posters and decorate your town with, support our promo bay artists.

With this ban, Virgin Media has become the first UK based ISP to impose a ban on The Pirate Bay. Legally, Virgin Media is not at fault here because it is just following court orders. However, instead of accepting the ban so happily, Virgin should have questioned the decision and followed BT’s example. ISPs should in no way determine what content to push to its users, and what to filter; this is against net-neutrality and free speech. If they are being forced to censor content like in this case, it is their rightful duty to question such decisions, as BT did.

After a long inactive period, Anonymous has resurfaced with a massive hack in China. Nearly 500 websites have been hacked in this operation and these attacks have been carried out by an Anonymous group based off China. A Chinese Anonymous Twitter account was created to announce this operation involving the takedown of government websites, contractors and several trade groups. This marks the most successful hack by the Anonymous faction, because the Great Firewall of China was believed to be impenetrable until now.

Anonymous China started announcing the hack on a Twitter account, @AnonymousChina. However, the account was taken down later and all its tweet were removed. Nonetheless, Anonymous China has another Twitter account in place (WeWorkForGlobal) to spread its propaganda. Most of the hacked websites are still showing a message from Anonymous. It was reported that some of these websites came back online for a brief period, only to be DDoSed again. The complete list of hacked websites can be found on this page.

The message on all the hacked websites reads,

Hello, everyone! Message to the Chinese government: Over the years, the Chinese communist government to unfair laws and unhealthy process to control the people. Dear Chinese government, you is not never fall, and today the website is black, tomorrow is your evil regime fell. So do not think we will give up, never give up. All you have done to the people today, tomorrow will double back. Not a hint of tolerance. No one can stop us, not your anger, nor your arms. Not deter us, because you can not be intimidated by the thought. Chinese friend’s message: You have been in a do not understand you suffer under the tyranny of the government. We are with you. At this point, here with you. Tomorrow and beyond will be to ensure your freedom. We never give up. Do not give up hope, and revolution created since your heart. The silence of other countries has highlighted the fact that China’s lack of democracy and justice. This is intolerable. We are fully committed to fighting for your freedom.

Just last week, one of China’s defence contractors, China National Import & Export Corp. (CEIEC), was hacked by a hacker who likes to call himself Hardcore Charlie.

This breach of the Great Firewall of China proves the futility of having a government regulated censorship of this form. However, the matter might not end here. China itself has many pro-government hackers and they might retaliate with a counter attack or a dox of the hackers involved in this breach. We have seen Anonymous getting pwned by the ruthless Mexican drug mafia earlier. Let us just hope that this does not end up in bloodshed.

The popular online source code repository, SourceForge, has taken down a project that likes to call itself the Anonymous OS. This Project was uploaded on SourceForge almost a week ago and it has grabbed nearly 5000 downloads in this short span of time. While the official channels of Anonymous are rejecting any link with the distro, a Tumblr page has been created to promote the distro and it is making some bold claims.

The Anonymous OS distro is based off Ubuntu 11.10 and comes with the Mate desktop environment. It ships with known hacker and security tools like the High Orbit Ion Cannon, Tors Hammer, John the Ripper, Wireshark, Slowloris and Vidalia. The total size of the distro is 1.5 GB and it is still available on BitTorrent.

The official Twitter channel of Anonymous @AnonOps has rejected any affiliation of Anonymous with the Anonymous OS Linux build on SourceForge.

The Anon OS is fake it is wrapped in trojans. RT

— AnonOps (@anonops) March 15, 2012

With over 300,000 projects under its belt and millions of registered users, SourceForge has a responsibility towards both the user community and the developer community. This has led SourceForge to take down the   project for now, and pursue some answers from the project admin. As dubious as the name and the nature of the project is, it also ridicules the ideology of Anonymous. The very fact that Anonymous are Anonymous can be used so easily against them, and every time that happens, they have to fulfill the social obligation of rejecting dubious affiliations like these.

After being repeatedly embarrassed and discomforted by Anonymous and its various offshoots, the feds have finally managed to land a telling blow on the notorious band of hackers. Fox News is reporting that Kayla (Ryan Ackroyd), Topiary (Jake Davis), pwnsauce (Darren Martyn), palladium (Donncha O’Cearrbhail), and Anarchaos (Jeremy Hammond) have been arrested in an intercontinental raid. The hackers were picked up from USA (Chicago), UK (London), and Ireland.

The arrests tell only part of the story. The real kicker is in the details. Apparently, the feds managed to track down Sabu, the kingpin of LulzSec and one of the leaders of Anonymous, in June, 2011. The man behind some of the most notorious attacks in the past 18 months turned out to be Hector Xavier Monsegur – an unemployed, 28-year-old father of two. Facing the charge of charge of aggravated identity theft, which carries a two year prison sentence, Sabu agreed to drop all his moral convictions and teamed up with the FBI. Turning him wasn’t easy, and ultimately it was the prospect of staying away from his kids that swayed him. Since then, Sabu has continued to work with the FBI, often from their offices, to help in collection of proof against his co-conspirators.

Although today’s news will send shockwaves through Anonymous, this wasn’t totally unexpected. Sabu had been doxed towards the end of last year itself, and several hackers believed that he was snitching. Here are excerpts from a prophetic interview given by Virus:

6:15:39 PM virus: he disappeared for a week, I don’t recall what day
6:15:52 PM virus: but when he returned he said his grand mother died and that’s why he was MIA
6:16:01 PM virus: after that he started offering me money to own people
…
6:19:19 PM virus: another reason why I believe he was converted after he disappeared and returned is everybody else started getting arrested one by one starting with ryan clearly, who was their ddos bitch
6:19:29 PM virus: yes, I believe he cut a deal to save himself

Back in November, Jester and others uncovered Sabu’s real name, email address, address, pictures and other personal details. Here are some of the stuff about Sabu that was already available on the internet:

Sabu

Sabu’s grandmom with his and his dad’s pictures (source)

Even though, many members of the inner circle had already predicted today’s events, it still is a massive blow to Anonymous. Not only have they lost several of their most visible faces, but they have been betrayed by their de facto leader.

The arrest of Megaupload’s Kim Dotcom has upset Anonymous greatly, and they have been busy ever since the Megaupload takedown incident. In protest, the Anonymous took down the US Department of Justice website, a number of other record label websites and the Federal Bureau of Investigation website. This was their single largest attack ever.

However, a lesser-known fact has surfaced recently. Symantec studied the DDoS tools used by Anonymous, and found that the version of Slowloris they were using was in fact, infected with a Trojan itself!

Robert Hansen who goes by the alias RSnake wrote Slowloris. It is extremely effective for DDOS attacks on low bandwidth.

After Megaupload was shutdown, Anonymous circulated a list of tools to use for hacktivist operations. However, they (seemingly unintentionally) link to a remastered version of the Slowloris tool. On discovery of the exploit, Symantec said,

Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen.

Elaborate efforts have gone into shutting down Zeus but it keeps coming back always. Riding on the rage of the people against the Megaupload shutdown, the Zeus command and control center gobbled up bank account information, email accounts, cookies and a lot more.

After the matter became public, the link to Slowloris has been removed and it has definitely alerted the victims of this situation. Over the last few days, we will see many fresh OS installs and bank and email account credential changes. Will the Anonymous take revenge? Will we get to see a Zeus vs. Anonymous now?

How do you fight an amorphous “organization” famed for its aping of a quote from V for Vendetta that goes “Behind this mask is an idea… and ideas are bulletproof!”? If the Boston Police Department’s reaction is to become to mainstay, this is the perfect and the most encouraging way to fight a bunch of mischief makers with no real disruptive skills: with sarcastic humor and employing down-to-earth police officers as “actors”.

Last week the Boston Police Department’s community news website was ‘hacked’ by Anonymous on the pretext of [insert random “fight the power/police/government/media” propaganda piece/reason here] and the site was taken down. The hackers replaced the website with a message that conformed to the aforementioned inserted pretext with the rap song “Sound o’ Da Police” performed by American rapper KRS-One.

Now, after a week of poking around, the Boston Police have managed to put the site back online, with a homemade video to boot where police officers, with their straightest faces, explain how they could not sleep because one of the most important sites in the entire web had been taken down. With a mockumentary-style shot of an Asian IT officer assuring everyone that the site should be working properly for a while.

The video shows the maturity of the police force starkly against the juvenile nature of these hackers. I, for one, welcome these humorous police officers.

The online hacker collective Anonymous declared a major hit yesterday, when the @YourAnonNews Twitter account announced the takedown of the CIA website. The successful takedown was announced with a “CIA tango down” message in a typical Anonymous style. The website was restored shortly afterwards, and there was no operation associated with the takedown. In short, this takedown was uncalled for and had no motive.

Last month, Anonymous took down the websites of the FBI and the Justice Department using the DDoS technique. It was their largest DDoS ever, and saw over 5000 participants. However, this takedown of CIA was motiveless, and has not been tagged with any ongoing operation so far. Apart from the CIA, the Alabama government website was also taken down, to protest against its harsh immigration laws.

However, the confusing news is that although YourAnonNews reported the takedown, they came back to give another message saying, “We’d remind media that if we report a hack or ddos attack, it doesn’t necessarily mean we did it…FYI”.

Last year around June, the Anonymous splinter group LulzSec took down CIA website and claimed responsibility for it. It was their claim to fame in the notorious hacktivism world.

Anonymous is being taken seriously by law enforcement agencies across the world, and they are attempting to join hands against Anonymous. A few days ago, FBI set up a conference call with the Scotland Yard to discuss this matter. However, Anonymous leaked both the email setting up the call, and a voice transcript of the entire seventeen-minute call.

This should serve as a point of reflection for the FBI. Anonymous is a merry band of hackers. However, if Anonymous can drop in on your conversations, how safe are they from other governments? This raises serious security concerns.

Earlier this month, Symantec released patches for its PCAnywhere program, saying the patches would protect its users from hackers who have gotten control of PCAnywhere source codes. These were critical patches for Windows versions of PCAnywhere. With these patches, Symantec also admitted that some of its source code was stolen back in 2006, and it was being contacted by the Lords of Dharmaraja (a hacker group) over these stolen codes.

Symantec PCAnywhere 12.5 is the world’s leading remote access software solution. It lets you manage computers efficiently, resolve helpdesk issues quickly, and connect to remote devices simply and securely.

While the patches released by Symantec fixed known vulnerabilities, there could still be some unknown vulnerabilities, which were unpatched.

Symantec claims that the Anonymous interacted with the FBI in its negotiations, but it is unclear whom they really contacted. Some speculate it is Symantec, and they are using the FBI story as a cover up. On the other hand, the hackers have released 1.27 GB of data this Monday, and claim that there is more.

An interesting part of the conversation between Symantec and hackers reads,

We cannot pay you $50,000 at once for the reasons we discussed previously.  We can pay you $2,500 per month for the first three months.  In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated).   Once that’s done, we will pay the rest of the $50,000 to your account and you can take it all out at once.  That should solve your problem. Obviously you still have our code so if we don’t follow through you still have the upper hand.

When Symantec tried to play the hacker Yama Tough, who claims to have the code, he got impatient and released the code online on 6 February. After analyzing the leaked code, Symantec has declared that it is a five-year-old code and its patches are enough to keep users safe. However, these source code leaks are unacceptable from a company that deals in security.

The list of email conversations can be found on this paste from PasteBin.