JUki: NBC NEWS INVESTIGATIONSin v estigations. nbcnews. com
The Snowden files: British intelligence agency describes attack on Anonymous GCHQ, the British signals intelligence agency, prepared the following slides for a top-secret conference in 2012, revealing that it had mounted an online attack on the hacktivist collective known as Anonymous in September 2011. The slides were leaked by former NSA contractor Edward Snowden and obtained exclusively by NBC News. NBC News is publishing the documents with minimal redactions to protect individuals. All annotations appear in the original documents prepared by GCHQ. ¿fe NBC NEWS INVESTIGATIONS inv estigations. nbcne ws. com
Hacktivism: Online Covert Action • Hacktivist groups • Online Humint • Effects Operations
TOP SECRETffCOM INTWREL TO USA, AUS. CAN. GBR. NZL ¿fe NBC NEWS INVESTIGATIONS inv estigations. nbcne ws. com
Hacktivist groups • They are diverse and often have multiple, varied aims • Anonymous • LulzSec • A-Team • Syrian Cyber Army • Targets include: Corporations, banks, governments, copyright associations, political parties • Techniques: DDoS, data theft - SQLi, social engineering • Aims:
TOP SECRETffCOM INTWREL TO USA, AUS. CAN. GBR. NZL ¿fe NBC NEWS INVESTIGATIONS investigations .nbcn e ws. com
Online HUMINT-CHIS • 2 Examples from Anonymous SRC Channels: • Gzero • POke
TOP SECRETffCOM INTWREL TO USA, AUS. CAN. GBR. NZL ¿fe NBC NEWS INVESTIGATIONS inv estigations. nbcne ws. com
• Asking for traffic • Engaged with target • Discovered Botnet with malware analysis & SIGINT • Outcome: Charges, arrest, conviction
TOP SECRETffCOM INTWREL TO USA, AUS. CAN. GBR. NZL Jit NBC NEWS INVESTIGATIONS inv estigations. nbcnews. com
#0perationPavback [11:26] Anyone here have access to a website xith atleast 10,&3B+ unique traffic per day [11:27]
Private Messages [11:28]
[11:32] Pretty uuci it's a crypted ifraie which will attempt to attack all PC's heading to that website. [11:32] If they have vuln software they're added to a net that is used for OP Paybacks DDoS artillary ei[ll:32j
TOP SECRETOCOMINTORELTO USA. AUS. CAN. GBR. NZL ¿fe NBC NEWS INVESTIGATIONSin v estigations. nbcne ws. com
GZero
15:16
15:18 <6Zero> http://alpha.bgx.su/hits.txt - Need to aiake this bigger ;} 15:19
TOP SECRETffCOM INTWREL TO USA, AUS. CAN. GBR. NZL ¿fe NBC NEWS INVESTIGATIONS inv estigations. nbcne ws. com
Online Humint - Gzero • JTRIG & SIGINT reporting lead to identification, arrest • Sentenced for 2 years - April 2012 Hacker jailed for stealing 8 million identities eh *estt rule Sumjttarj;: A Bn&rf fcciir- 6« bur. M&mord to zt iccodbJtc-«rafreg- jog.aoo Pci^Pcl ccKcr.rs. 2.-0* ic.l tcrimmberK cs a «0« $.rio~jrj r.cxxs. ¿sus of birth, mdpestcodn ofVIL nestfmm
3>|«r-cM EdAjr-i *ear»n U v©ek, Marttem Er; ar.d .v=3 *rd two rJ tw raorths behind bars torhi s hading sp-e*. The sccCcnot rcUU hm t«n trwttf if h« rude more uvc erf it« huflf A*»xri cf strten Sat*. Tbs Sresh takeruse d Che Zr» ^rd Spwf .e Ticriara Co-RejC ccr*derGia2 data tiers U.K. sictxra beta*«* Jaasrr L.2dj(J.a«iJ TOP SECRETffCOM INTWREL TO USA, AUS. CAN. GBR. NZL JUki: NBC NEWS INVESTIGATIONS inv estigations. nbcnews. com pOke • Discussing a database table labelled 'FBI', in Anon Ops IRC • Engaged with target - exploiting US Government website, US company website SOperationPayback [19:43] <8p0ke> Topiary: I has list of eraail:phonenunnber:nane of 700 FBI tards [19:43] <8p0ke> :P [19:41] TOP SECRETWCOtAINTORELTO USA, AUS. CAN, GBR. KIZL ¿fe NBC NEWS INVESTIGATIONS inv estigations. nbcnews. com pOke Private Messages [20:34] so what was the site?! [20:04] if its special ;) [20:34] [20:33] ¡i^^HI :(. did you get past the site 3b tho? [20:39] Mastercard:touse.gov [20:13] TOP SECRETWCOM INTiVREL TO USA, AUS. CAN. GBR. NZL JUki: NBC NEWS INVESTIGATIONSin v estigations. nbcnews. com POke - Identification mmm^mi i ..WWiiTi • • .-¿J Who lowes II* hachtmsbs? Private Messages 121:87] BH^^^H oh btw have you seen this [21:68] ...Enabled SIGINT POke: Name: I Facebook, email accounts TOP SECRET//COMINTOREL TO USA. AUS, CAN. GBR. NZL ¿fe NBC NEWS INVESTIGATIONS inv estigations. nbcne ws. com Effects ori Hacktivisim • Op WEALTH- Summer 2011 • Intel support to Law Enforcement - identification of top targets • Denial of Service on Key Communications outlets • Information Operations TOP SECRETffCOM INTWREL TO USA, AUS. CAN. GBR. NZL JUki: NBC NEWS INVESTIGATIONSin v estigations. nbcnews. com DDoS ROLLING THUNDER • RT initial trial info [15:40] anon_anom 720pH^hCeferutwn inoiice the typoi co YoaT ube anon _anonz on twitter nickname meoivrtude anon_anonz ic anonops li backup anonops- isirjmws arsisec TOP SECRETffCOMIMTWRELTO USA. AUS, CAN. GBR. NZL ¿fe NBC NEWS INVESTIGATIONS inv estigations.nbcnews . com 10 Outcome • CHtS with| • 80% of those messaged where not in the IRC channels 1 month later TOP SECRETWCOM INTiVREL TO USA, AUS. CAN. GBR. NZL investigations. nbcnews. com Conclusion • Team working -SIGINT, JTRIG, CDO, !NOC- was key to success • Online Covert Action techniques can aid cyber threat awareness • Effects can influence the target space TOP SECRETffCOM INT//REL TO USA. AUS. CAN. GBR. NZL