Tag Archives: FBI

Google’s Fight Against FBI’s NSL Takes an Interesting Turn

As a company, Google has always worked towards protecting the privacy rights of its users from the prying eyes of various government branches. However, at times, it is cornered pretty badly by the judiciary and this is one such case. Google has been ordered by a district court judge in California to comply with FBI’s warrantless data requests, or as they call it- a National Security Letter (NSL). The provision of this request forbids Google from disclosing the fact that such a request was made in the first place. This translates to plain and simple bullying, and the way things move in this case will lay the foundation for future secret requests by the FBI.

FBI

Declan McCullagh at CNET points out the evil in NSLs, saying,

They allow FBI officials to send secret requests to Web and telecommunications companies requesting “name, address, length of service,” and other account information about users as long as it’s relevant to a national security investigation.

Not just that, the FBI does not require a court approval for making the request, and neither is the company holding the data allowed to disclose that such a request was made. This puts the company in a perfect catch-22 situation.

However, it will be wrong to accuse the judge Susan Illston (if that name sounds familiar to you, Illston is also the presiding judge in the Sony vs. George Hotz case) of passing a biased verdict in this case. Her argument in this case was that Google went after the premises of issuing an NSL; instead of preparing a defense against the 19 NSL that were the real problem.

Illston has invited Google to try the case again. She also ruled earlier this year that NSLs are unconstitutional, and this proves that she has been quite fair in her verdict. However, the disheartening news is that Illston is stepping down form the case this July, and will not be the one passing the final verdict.

Internet Shuts Down for those Infected with DNSChanger on July 9

The final deadline for those affected by the DNSChanger to reset their DNS servers is getting nearer. But reports suggest that there are still more than 500000 computers that use the rogue servers. And, as the date reaches July 9th, all of the computers that still use the rogue settings will be cut off from the internet, as the FBI shuts down the temporary servers that were allowing them to connect to the internet until now.

For those unaware, DNSChanger malware was used to alter the DNS settings of the infected system to certain rogue servers that redirected the infected users to rogue websites.  The FBI had raided those responsible and had obtained control of their rogue servers in an operation called Operation Ghost Click that we had reported earlier.

Even though the malware has been removed, many still use the same DNS settings. Up until now, the FBI had been using temporary DNS servers to let the infected users remain connected to the internet, by replacing the rogue servers with the temporary ones. The deadline to shut down these temporary servers had been extended once, in order to give ISPs more time to help their customers to remove the rogue settings. But apparently, a large number of computers are still using the same settings as mentioned before.

There are various ways to check if your computer is infected with DNSChanger. All major anti-virus vendors will detect it and will warn you. Also, sites such as dns-changer.eu and www.dns-ok.us have been setup to help anyone infected with the removal process.

FBI Arrests 24 Cyber Criminals in an International Cyber Crime Takedown

FBI has released details of an international operation directed at curbing card crimes. The operation, which is said to be the largest aimed at curbing card crimes, lead to the arrest of 24 individuals in 13 countries among which, 11 are from US.

Carding crimes include stealing of personal information such as credit card details, social security numbers, bank account details etc. and using them or selling them in order to make money.

The operation was a result of a two year undercover operation lead by the FBI. Of the 13 arrested outside US, 6 are from United Kingdom, 2 from Bosnia and 1 each from Bulgaria, Norway and Germany, Italy and Japan.

Preet Bharara, Manhattan Attorney explained the crime in a press release,

“The allegations unsealed today chronicle a breath-taking spectrum of cyber schemes and scams. As described in the charging documents, individuals sold credit cards by the thousands and took the private information of untold numbers of people. As alleged, the defendants casually offered every stripe of malware and virus to fellow fraudsters, even including software-enabling cyber voyeurs to hijack an unsuspecting consumer’s personal computer camera. To expose and prosecute individuals like the alleged cyber criminals charged today will continue to require exactly the kind of coordinated response and international cooperation that made today’s arrests possible.”

Janice K. Fedaryck, FBI Assistant Director in Charge also commented on the operation as follows,

“From New York to Norway and Japan to Australia, Operation Card Shop targeted sophisticated, highly organized cyber criminals involved in buying and selling stolen identities, exploited credit cards, counterfeit documents, and sophisticated hacking tools. Spanning four continents, the two-year undercover FBI investigation is the latest example of our commitment to rooting out rampant criminal behavior on the Internet.”

FBI also conducted more than 30 searches and interviews as a part of the operation. The case is currently handled by the Complex Fraud’s Unit.

Court Extends the Date to Cut off Computers affected by DNSChanger from Internet

A federal Judge has extended the date to cut off computers affected with the DNSChanger malware from the internet.

DNSChanger is a malware that replaces the default DNS servers of the infected computers with rogue DNS servers which send the victim to websites that steals your information. It is believed that around four million computers were infected by this malware including half of all Fortune 500 companies and Government agencies.

As we had previously reported, the crackdown on DNSChanger malware was part of an FBI Operation called Operation Ghost Click which resulted in the arrest of six Estonian men who were thought to be behind the creation of malware.

FBI has been trying to help the affected users by replacing the rogue servers with temporary servers to keep them connected to the internet. And, so far, they have replaced around 100 Command and Control Centers in the US, since then, according to Computer World.

[…] the FBI seized more than 100 command-and-control (C&C) servers hosted at U.S. data centers. To replace those servers, a federal judge approved a plan where substitute DNS servers were deployed by the Internet Systems Consortium (ISC), the non-profit group that maintains the popular BIND DNS open-source software.

Without the server substitutions, DNS Changer-infected systems would have been immediately severed from the Internet.

Previously, the Southern District of New York Court had order the US Government to take down the temporary servers, that had replaced the rogue servers by March 8. Now, that deadline has been extended to July 9 to give the law enforcement officials some more time to the respective ISPs to help clean their customer’s PCs.

The work done by the law enforcement agencies and the ISPs have indeed reduced the number of affected users, according to a report by a security firm, IID. But still there are thousands of users who are still affected by the malware and will be cut off from the internet in four months, if proper action is not taken.

To check whether you system is infected by DNSChanger, you can use this free tool provided by Quick Heal.

Legitimate Megaupload Users Set to Sue the FBI

Amongst the litter of pirated songs, videos and software that filled the servers of the deceased file sharing behemoth Megaupload were also some legitimate files, original content and other innocuous material – the material that is now forever lost to the internet, and the users who created and consumed this content are taking the murderer to justice. Indeed, when the Federal Bureau of Investigation raided Megaupload founder Kim Dotcom’s house and took the website offline, they also unwittingly (?) took down several users’ legitimate files that were needed by them for work in the office or as backup. Now these users wish to sue the FBI in a court of law and this will happen quite soon.

megaupload

These users are also morally supported by the Swedish copyright and patent law reform advocate Piratpartiet (Pirate Party):-

The widespread damage caused by the sudden closure of Megaupload is unjustified and completely disproportionate to the aim intended. For this reason Pirates of Catalonia, in collaboration with Pirate Parties International and other Pirate Parties, have begun investigating these potential breaches of law and will facilitate submission of complaints against the US authorities in as many countries as possible, to ensure a positive and just result.

The Pirate Party of Catalonia, Spain has said that they will be leading the charges against the FBI:-

Regardless of ideology, or opinions on the legality or morality of those running Megaupload, actions such as the closure of this service cause huge damage to lawful users of the sites and are unacceptable and disproportionate violations of their rights.

The Electronic Frontier Foundation and Carpathia Hosting have opened Megaretrieval.com to assist users in filing legal complaints to get their data back.

Exciting times and I wonder what the FBI would say to all this.

FBI Disables 3000 GPS Devices after Supreme Court Ruling

Last month, the United States Supreme Court had ordered FBI to turn off all GPS devices that were placed without a warrant.

fbi

In accordance with that ruling, FBI has disabled around 3000 GPS devices across United States, reports Wall Street Journal. Quoting Andrew Weissmann, General Counsel of FBI, WSJ states that the order has set a ‘sea change’ inside the Justice Department.

The agency is also considering the implications of the concurring justices – whose arguments were largely based on the idea that a person has a reasonable expectation of privacy in the totality of their movements, even if those movements are in public.

“From a law enforcement perspective, even though it’s not technically holding, we have to anticipate how it’s going to go down the road,” Mr. Weissmann said.

But the issue is not just turning off these devices. FBI is also facing problems in retrieving the GPS devices back after they disabled it. FBI has requested the court to allow them to temporarily turn on the device in order to retrieve it, states Weissmann.

The court order banning the use of warrantless GPS tracking was issued in the case United States vs. Antoine Jones, a case in which, federal agents attached a GPS tracking device to the suspect’s Jeep without a warrant.

All nine Justices of the Supreme Court came to the unanimous conclusion that the Government had violated the fourth amendment.

“The Government’s attachment of the GPS device to the vehicle, and its use of that device to monitor the vehicle’s movements, constitutes a search under the Fourth Amendment. The government physically occupied private property for the purpose of obtaining information”, the order said.

You can read the entire ruling here (pdf).

FBI’s Operation Ghost Click Busts Operators of DNSChanger Malware

FBI has released details of its Operation Ghost Click which led to the arrest of six operators of an internet fraud ring that had created and distributed a malware called DNSChanger. All of the arrested men were of Estonian descent and worked primarily from Estonia and Russia.

DNSChanger changed the DNS settings of the host computer, so that when a user of the affected system tried to open a webpage, he/she would be re-routed to a website or advertisement as decided by the hackers. The victims were also directed to websites with other potential malware. They had infected about 4 million computers in 100 different countries. United States alone had almost 500,000 DNSChanger infected PCs ranging from those owned by individuals to enterprises to even those used by NASA. The hackers are believed to have gotten at least 14 million dollars from the fraud.

As Janice Fedarcyk, Assistant Director in Charge of FBI’s New York office, read out in a statement,

The harm inflicted by the defendants was not merely a matter of reaping illegitimate income. The defendants also inflicted the following:

They victimized legitimate website operators and advertisers who missed out on income through click hijacking and ad replacement fraud.

Unwitting customers of the defendants’ sham publisher networks were paying for Internet traffic from computer users who had not intended to view or click their ads.

Users involuntarily routed to Internet ads may well have harboured discontent with those businesses, even though the businesses were blameless.

And then there is the harm to the users of the hijacked computers. The DNSChanger malware was a virus more akin to an antibiotic-resistant bacterium. It had a built-in defence that blocked anti-virus software updates. And it left infected computers vulnerable to other malware.

The rogue DNS servers have been replaced by genuine ones so that the affected users do not have to face disruption of internet services. But do note that this process does not remove the actual virus from the affected system. FBI has released a PDF document with details on how to check whether your system is infected. They have also released a range of rogue IP addresses that was used by the gang.

clip_image001

The details on how to find your IP address and help on cleaning up your system is also detailed in the PDF document mentioned above.

Anonymous & LulzSec Tell FBI To Go Fish

Over the past couple of days the FBI has been making arrests in and around New York City with regards to the PayPal breach carried out by Anonymous back in December 2010. Over 14 people were arrested on Tuesday and several more searches are underway.

Back in December 2010, Anonymous had attacked PayPal because they had stopped or closed down accounts of . The shutdown was done because of the leak of classified U.S. documents by Wikileaks. After the PayPal breach, Anonymous continued destructing several other websites including those of MasterCard and Visa.

Also Read: Editorial: LulzSec, AntiSec and Why the Internet is a Sadder Place Now

The FBI had been on trail of suspects since a long time, but they final managed to make some arrests after almost 8 months. However, the arrests have hardly shaken Anonymous and the recently notorious LulzSec, who have grown in popularity over the past few months and had also recently attacked Rupert Murdoch’s newspapers because of the phone hacking scandal.

In a open letter to the FBI, Anonymous and LulzSec have basically asked the FBI to F*** Off. The response came after the deputy assistant FBI director Steven Chabinsky gave the following statement to NPR;

"We want to send a message that chaos on the Internet is unacceptable,  [even if] hackers can be believed to have social causes, it’s entirely  unacceptable to break into websites and commit unlawful acts."

The hacktivists replied to this message by arguing that Governments are lying to their citizens and trying to keep them into control and curtailing their freedom. Along with that, Corporations and lobbyists are conspiring with the Governments while collecting billions in funds for federal contracts.

They have also clearly stated that the "governments and corporations are their enemy" and they will continue to fight them. Additionally, Anonymous and LulzSec seem to have no fear in this world anymore and are claiming to be unstoppable;

We are not scared any more. Your threats to arrest us are meaningless to us as you cannot arrest an idea. Any attempt to do so will make your citizens more angry until they will roar in one gigantic choir. It is our mission to help these people and there is nothing – absolutely nothing – you can possibly to do make us stop.

This is definitely a direct attack on the FBI and their security and will ensure a cat-and-mouse game between the government and the hacktivists. It is definitely not the end and the authorities will have to fight a painful battle on the internet against people they might never be able to catch.

Also Read: LulzSec Takes Down CIA.gov Website, Forwards Prank Calls to FBI

The drama is yet to unfold. The next few months or years will show how this will pan out and who will win the battle. In the meantime, you can read the entire Anonymous & Lulz Security Statement below:

Hello thar FBI and international law authorities,

We recently stumbled across the following article with amazement and a certain amount of amusement:

http://www.npr.org/2011/07/20/138555799/fbi-arrests-alleged-anonymous-hackers

The statements made by deputy assistant FBI director Steve Chabinsky in this article clearly seem to be directed at Anonymous and Lulz Security, and we are happy to provide you with a response.

You state:

  "We want to send a message that chaos on the Internet is unacceptable,   [even if] hackers can be believed to have social causes, it’s entirely   unacceptable to break into websites and commit unlawful acts."

Now let us be clear here, Mr. Chabinsky, while we understand that you and your colleagues may find breaking into websites unacceptable, let us tell you what WE find unacceptable:

* Governments lying to their citizens and inducing fear and terror to keep them in control by dismantling their freedom piece by piece.

* Corporations aiding and conspiring with said governments while taking advantage at the same time by collecting billions of funds for federal contracts we all know they can’t fulfil.

* Lobby conglomerates who only follow their agenda to push the profits higher, while at the same time being deeply involved in governments around the world with the only goal to infiltrate and corrupt them enough so the status quo will never change.

These governments and corporations are our enemy. And we will continue to fight them, with all methods we have at our disposal, and that certainly includes breaking into their websites and exposing their lies.

We are not scared any more. Your threats to arrest us are meaningless to  us as you cannot arrest an idea. Any attempt to do so will make your citizens more angry until they will roar in one gigantic choir. It is our mission to help these people and there is nothing – absolutely nothing – you can possibly to do make us stop.

  "The Internet has become so important to so many people that we have to ensure that the World Wide Web does not become the Wild Wild West."

Let me ask you, good sir, when was the Internet not the Wild Wild West? Do you really believe you were in control of it at any point? You were not.

That does not mean that everyone behaves like an outlaw. You see, most people do not behave like bandits if they have no reason to. We become bandits on the Internet because you have forced our hand. The Anonymous bitchslap rings
through your ears like hacktivism movements of the 90s. We’re back – and we’re not going anywhere. Expect us.

LulzSec Takes Down CIA.gov Website, Forwards Prank Calls to FBI

In a brutal and continuous attack, a hacker group going by the name of LulzSec have been causing havoc in the web world. Earlier this month, LulzSec had taken down high profile sites such as Sony Developer Network and Sony Pictures.

Lulzsec CIA Down

Since then they have hacked several other high profile websites including gaming servers and more. Quite recently, @LulzSec have become quite active on and have been posting details about their exploits and asking users for suggestions for future hack targets.

LulzSec FBI Calls

In a day today, they have managed to bombard the FBI with calls and taken down the CIA website CIA.gov. The group who are behind this are anonymous (not be be confused with the group "Anonymous"), but their exploits are definitely creating quite a flutter within security circles.

This is definitely not the last time we are going to hear about @LulzSec, it is going be a long road ahead…

More updates coming..

FBI Alleged To Have Paid OpenBSD Developers For Backdoors

The nature of open-source software makes it possible for several developers to contribute to it. There are people who contribute during their free time and there are those who do it professionally – the majority belongs to the former section. The fact that anyone can see the source code means that any malicious code can be spotted by anyone – many eyes are always better than one. This has always been considered as one of the best features of open-source software.

However, a new development is threatening this very belief. According to Gregory Perry, the former CTO of NETSEC, the FBI has implemented numerous backdoors in OpenBSD’s IPsec stack. This was allegedly done by paying developers working on it. This was revealed to Theo de Raadt, founder and leader of the Open BSD, by Perry in an email.

I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI. Jason Wright and several other developers were responsible for those backdoors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC.

According to Perry the backdoors were implemented around a decade ago. Because of a non disclosure agreement with the FBI, he could not speak out before.

Right now the codes are being audited and we will only know if Gregory Perry’s allegations are true only after it has been finished.

If his allegations are proved to be true, the consequences will be far reaching.  For years, we have been using open-source software with the belief that the software we are using is secure. We have always believed, as I have mentioned before, that with all the eyeballs looking at the codes someone will spot any attempt at inserting any malicious code. It will call into question the code-base of every major open-source software out there, including Linux, no doubt. However, more damaging than that could be the loss of confidence in Linus’ Law. Linus’ Law is basically one of the main guiding points open-source software uses to stays secure.

Paradoxically, this also highlights one of the strongest points of open-source software. If you believe that an open-source software has been compromised, everything is available to you – you can investigate it yourself. With closed-sourced  software, say Windows, there is simply no way you can do that.

Did the FBI Fail to Decrypt a Hard Drive Encrypted with TrueCrypt?

The Operation Satyagraha at Rio de Janeiro has hard-drives as evidence but the problem is these five hard drives are all encrypted using TrueCrypt. This is giving the FBI a hard time as it struggles to decrypt the files on these drives.

The Operation Satyagraha took place in 2008 and the investigation has been continuing ever since. Apparently, the Brazil was investigating the drives initially but they were handed over to the FBI only when they could not handle it anymore. However, the FBI has returned the drives saying it failed to decrypt the drives.

The hard drives are using an AES and TrueCrypt. The FBI has been trying a dictionary attack on the files and has failed so far. The failure to decrypt these hard drives has brought immense shame to the FBI and has exposed its weakness at dealing with the technological advancements of modern times. Funnily enough, there exists no law in Brazil to force the banker give up his passwords.

A few months ago, there was news of the FBI director missing the fact that Google earth is not real time and does not show live data. See this hilarious news  here. This proves how the security agencies in various countries are lagging behind in technology.

(Source)