Security Brief: Anonymous Operations, Java Zero-Day Exploit

The main events of the week between January 7 and January 13, 2013

In its predictions for 2013, security firm McAfee has revealed that this year we’ll likely witness the decline of Anonymous. However, it appears that the hacktivists are determined to prove them wrong so they’ve launched several operations over this past week.

First, they released a video to troll the Jefferson County Sheriff responsible for the investigation of the abuse case involving Steubenville High School students. Then, they threatened the BBC.

Anonymous Africa released a video, calling for all Africans to rise up and join them in the fight against corrupt rulers.

Anonymous also calls for Germany to join their protest against censorship and surveillance. Protests part of OpBigBrother, OpWCIT and OpTrapwire are scheduled to take place on February 23.

OpGJResisters has the potential to become a major campaign. The US District Court for the Western District of Washington and the Federal Bureau of Prisons are targeted in protest against the trials of “anarchists and others working toward a more just, free, and equal society.”

Hacktivists have issued a statement to warn Canadians about Bill C-45 and the new enhanced driver’s licenses.

Last, but not least, Anonymous vows to continue OpWCIT. Their immediate goal is to destroy the United Nation’s International Telecommunication Union.

Furthermore, the hacktivists have created a petition asking the Obama administration to make DDOS attacks a legal form of protesting.

This week we’ve also learned that a new Java 7 zero-day exploit has been discovered in the wild, spreading ransomware.

Interestingly, experts from Security Explorations, the Polish company that’s responsible for identifying many of the latest Java vulnerabilities, say that this security hole can be exploited only because Oracle didn’t properly patch an issue they reported back in August 2012.

In the meantime, the US Department of Homeland Security has published an advisory, recommending users to disable Java. Of course, for the time being, this is the advice of almost every security expert in the world.

Over the past week, we’ve also had a fair share of DDOS-related news. Izz ad-Din al-Qassam Cyber Fighters released another statement, promising to continue the attacks on US banks for more than 160 days if the Innocence of Muslims movie isn’t removed from YouTube.

They’ve launched attacks against various banks, including SunTrust, HSBC, PNC, Fifth Third Bank, Wells Fargo, and ZionsBank,

This week, US intelligence officials have once again claimed that they’re certain Iran is behind these attacks. Some officials even criticized the White House for not responding to the attacks accordingly.

However, Iranian officials have denied the accusations. They state that the US is leveraging these attacks to further discredit Iran.

In the meantime, security experts have been analyzing the DDOS attacks and they’ve found that servers are being used to make them more powerful.

In other news, Nokia was found to perform man-in-the-middle attacks against the data traffic that passed through the company’s own servers. Security researcher Gaurang Pandya was the one to make the discovery.

Shortly after news broke out, the company came forward denying that they’re collecting any sensitive data. Furthermore, Pandya revealed that the company had started taking some important steps toward addressing the issues.

Also, in case you’ve missed them, here are some other stories you might consider interesting:

Phone hacking ring targeting New York businesses possibly linked to Al Qaeda

Algerian hacker arrested by Thai police believed to be “bx1,” a ZeuS botnet master

Turkey’s Council of Higher Education hacked by RedHack to unmask the corruption 

Rex Mundi hackers blackmail Drake International and threaten to leak 300,000 records

LulzSec Peru hacks Venezuelan Ministry of Defense website

Hot right now  ·  Latest news