LulzSec Sabu was working for FBI to Trace down other LulzSec hackers: Various Reports
EXCLUSIVE: Inside LulzSec, a mastermind turns on his minions
For the last eight months, the self-styled “hacktivists” who make up LulzSec and the international hacker community beyond have been led by a turncoat.
http://www.foxnews.com/scitech/2012/03/06/exclusive-inside-lulzsec-mastermind-turns-on-his-minions/
Arrests Made in LulzSec / Anonymous Cases
Fox News is reporting that after Hector Xavier Monsegur, AKA Sabu AKA @AnonymousSabu, a computer hacker associated with the criminal hacking groups Anonymous and LulzSec, was confronted with charges which would likely lead to two years in prison, he became a cooperating witness for the FBI. That, Fox reports separately, led to a number of arrests of members of the groups.
http://policeledintelligence.com/2012/03/06/arrests-made-in-lulzsec-anonymous-cases/
LulzSec hackers arrested, source says
NEW YORK (CNN) — Authorities on Tuesday conducted a series of wide-ranging arrests of top members of LulzSec, a computer hacker group that has claimed responsibility for a string of high-profile cyber attacks on government agencies and large companies.
http://www.cnn.com/2012/03/06/us/new-york-hacker-arrests/index.html
Anonymous Sabu was working for FBI to Trace down other LulzSec hackers :
The Hacker News ~ http://thehackernews.com/2012/03/anonymous-sabu-was-working-for-fbi-to.html
LulzSec members arrested after leader snitches on them: report
The suspected mastermind of the LulzSec hacker group has reportedly confessed to their alleged crimes and helped authorities arrest and build a case against his fellow cyber criminals.
http://www.itbusiness.ca/it/client/en/home/News.asp?id=66401
Alleged members of hactivist group LulzSec busted
The FBI and law enforcement counterparts abroad have arrested members of the LulzSec hacker group now affiliated with the broader hactivist collective Anonymous, according to news reports that also say LulzSec leader “Sabu” turned in his fellow hackers.
LulzSec boss turns on associates, leading to arrests, report says
The FBI says it’s in the process of “chopping off the head of LulzSec” after arresting top members of the organization today, according to Fox News.
Alleged LulzSec members are under fire around the world today, and they apparently have an alleged former leader to blame for it.
LulzSec Boss Turns on Associates
Obama Administration Calls for “Consumer Privacy Bill of Rights”
The Obama administration unveiled plans to protect the privacy of Internet users today. The Consumer Privacy Bill of Rights outlines principles that the administration expects Internet companies to adopt, even if legislation isn’t passed.
If legislation is passed, the administration expects the FTC to provide strong enforcement of the laws. According to the press release, the policy has been in the works for two years.
Read the full text of the Consumer Privacy Bill of Rights:
The Consumer Privacy Bill of Rights applies to personal data, which means any data, including aggregations of data, that is linkable to a specific individual. Personal data may include data that is linked to a specific computer or other device. The Administration supports Federal legislation that adopts the principles of the Consumer Privacy Bill of Rights. Even without legislation, the Administration will convene multistakeholder processes that use these rights as a template for codes of conduct that are enforceable by the Federal Trade Commission. These elements–the Consumer Privacy Bill of Rights, codes of conduct, and strong enforcement–will increase interoperability between the U.S. consumer data privacy framework and those of our international partners.
1. INDIVIDUAL CONTROL: Consumers have a right to exercise control over what personal data companies collect from them and how they use it. Companies should provide consumers appropriate control over the personal data that consumers share with others and over how companies collect, use, or disclose personal data. Companies should enable these choices by providing consumers with easily used and accessible mechanisms that reflect the scale, scope, and sensitivity of the personal data that they collect, use, or disclose, as well as the sensitivity of the uses they make of personal data. Companies should offer consumers clear and simple choices, presented at times and in ways that enable consumers to make meaningful decisions about personal data collection, use, and disclosure. Companies should offer consumers means to withdraw or limit consent that are as accessible and easily used as the methods for granting consent in the first place.
2. TRANSPARENCY: Consumers have a right to easily understandable and accessible information about privacy and security practices. At times and in places that are most useful to enabling consumers to gain a meaningful understanding of privacy risks and the ability to exercise Individual Control, companies should provide clear descriptions of what personal data they collect, why they need the data, how they will use it, when they will delete the data or de-identify it from consumers, and whether and for what purposes they may share personal data with third parties.
3. RESPECT FOR CONTEXT: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data. Companies should limit their use and disclosure of personal data to those purposes that are consistent with both the relationship that they have with consumers and the context in which consumers originally disclosed the data, unless required by law to do otherwise. If companies will use or disclose personal data for other purposes, they should provide heightened Transparency and Individual Control by disclosing these other purposes in a manner that is prominent and easily actionable by consumers at the time of data collection. If, subsequent to collection, companies decide to use or disclose personal data for purposes that are inconsistent with the context in which the data was disclosed, they must provide heightened measures of Transparency and Individual Choice. Finally, the age and familiarity with technology of consumers who engage with a company are important elements of context. Companies should fulfill the obligations under this principle in ways that are appropriate for the age and sophistication of consumers. In particular, the principles in the Consumer Privacy Bill of Rights may require greater protections for personal data obtained from children and teenagers than for adults.
4. SECURITY: Consumers have a right to secure and responsible handling of personal data. Companies should assess the privacy and security risks associated with their personal data practices and maintain reasonable safeguards to control risks such as loss; unauthorized access, use, destruction, or modification; and improper disclosure.
5. ACCESS AND ACCURACY: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate. Companies should use reasonable measures to ensure they maintain accurate personal data. Companies also should provide consumers with reasonable access to personal data that they collect or maintain about them, as well as the appropriate means and opportunity to correct inaccurate data or request its deletion or use limitation. Companies that handle personal data should construe this principle in a manner consistent with freedom of expression and freedom of the press. In determining what measures they may use to maintain accuracy and to provide access, correction, deletion, or suppression capabilities to consumers, companies may also consider the scale, scope, and sensitivity of the personal data that they collect or maintain and the likelihood that its use may expose consumers to financial, physical, or other material harm.
6. FOCUSED COLLECTION: Consumers have a right to reasonable limits on the personal data that companies collect and retain. Companies should collect only as much personal data as they need to accomplish purposes specified under the Respect for Context principle. Companies should securely dispose of or de-identify personal data once they no longer need it, unless they are under a legal obligation to do otherwise.
7. ACCOUNTABILITY: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights. Companies should be accountable to enforcement authorities and consumers for adhering to these principles. Companies also should hold employees responsible for adhering to these principles. To achieve this end, companies should train their employees as appropriate to handle personal data consistently with these principles and regularly evaluate their performance in this regard. Where appropriate, companies should conduct full audits. Companies that disclose personal data to third parties should at a minimum ensure that the recipients are under enforceable contractual obligations to adhere to these principles, unless they are required by law to do otherwise.
A Review of Google’s New Privacy Policy
As of March 1, 2012, Google officially combined privacy policies from more than 60 of its services to a single privacy policy. In doing so, Google is now able to take information from users who are logged-in to its products and services and store them into a database.
For example, activities conducted on Google’s search engine, Map, Docs, Calendar, Google+ and YouTube to name a few of their product can all be collected to create a unique user profile that will aid in a better user experience as well as targeted ads for their customer.
The collection of data is not just on computer-based devices; we are talking about mobile devices, such as smart phones and tablets as well.
The biggest issue I personally have with Google’s new privacy policy pertains with its loosely wording. And why wouldn’t it be loose, how can one policy cover over 60 services and products?
Furthermore, with even more concern to privacy experts, the new policy allows for law enforcement to gain access to user information due to the expansion of the Patriot Act this past January. The National Security Letter provision of the Patriot Act allows federal authorities access your data from information custodian without a court order. Moreover, the Federal Law enforcement can order the ISP or information custodian to not disclose such request to the user.
Every year these request continue to increase in part to Google’s growing user-base and product offering. In Google’s latest transparency report of information provided to various government entities per request, the US had the highest count.
|
Country |
User Data Request |
Percentage of user data request complied |
Users/Account Specified |
| United States |
5,950 |
93% |
11.057 |
| India |
1,739 |
70% |
2,439 |
| France |
1,312 |
47% |
1,552 |
| United Kingdom |
1,279 |
63% |
1,444 |
|
Germany |
1,065 |
66% |
1,759 |
If you do not what your information being tracked, we suggest logging off of Google’s services before doing searches and etc. This is a harder task if you are using an android-based device.
The Federal System’s Need for a Security Assessment Process: Part 1
Federal agencies, due to Federal Information Security Management Act (FISMA) requirements, are obligated to assess the effectiveness of their systems, as well as the security controls that are in place as part of the certification and accreditation (C&A) process before operations can be approved.
Due to the growing threat to federal systems, security assessments are the key to supporting system owners with a detailed understanding of the strengths and weaknesses of their organization’s information system that supports critical applications and missions.
Furthermore, regular security assessments have become an imperative part of the federal government’s computer and network security posture. In this age, many agencies consist of heterogeneous computing environments, distributed computing and Internet facing systems. Best practices in information security acknowledges merely taking a defensive approach to securing an agency’s information system does not suffice and at times is considered inadequate.
By performing regular security assessments, the agency can bridge that vulnerability gap and allow for a proactive stance towards protecting their information-computing environment.
A security assessment can encompass an array of functions or responsibilities such as “Physical Security” to determine if the agency’s computing servers are stored in a secure location and to establish who has access to the communication facilities. A security assessment can also assess the agency’s “Internet Security” posture to determine how vulnerable the organization’s network is from the Internet. An assessment consisting of an Internet security evaluation aids in the understanding of what risks the organization inherits because of unneeded services allowed to and from the outside world. Lastly, an assessment consisting of “Network Security” can determine what access do employees have to critical files and data. A network security assessment will help an organization determine if an adequate solution for virus and spam protection exist and validate internal password and system configuration policies.
Read the rest at the FOSE Blog Site.
EC-Council to Host Advanced Technical Security Summits in Alexandria and San Jose
Albuquerque, NM (PRWEB) January 13, 2012 The Center of Advanced Security Training (CAST) – the advanced training division of EC-Council – announces the next installment of its successful advanced training series ‘EC-Council Summit’ (formerly known as CAST Summit) March 19-22 in Alexandria, Virginia and March 26-29 in San Jose, California. This series of summits feature five highly technical workshops in ethical hacking, penetration testing, mobile hacking/forensics, application security and network defense.
The highly technical training series first debuted in August 2011 in Washington, D.C. and is now being expanded to new cities this year following the strong reception it received among IT security professionals.
EC-Council Summit is a unique training opportunity that gives attendees the chance to undergo an intense three-day ‘deep dive’ in five critical IT security fields with top industry experts. Unlike other training events where students are rushed through short presentations, the EC-Council Summit provides a unique opportunity to be immersed in key subject areas, with comprehensive training modules and a heavy focus on hands-on technical training and hacking labs, taught by the very best in their fields.
“EC-Council Summit is expanding its offerings this year following the resounding success we had at the inaugural event last summer,” said Leonard Chin, Director of CAST and EC-Council Conferences & Events. “With an exponential increase of cyber threats facing businesses and government agencies, from the lone hacker armed with easily accessible hacking tools, hacktivists with malicious intents, to Advanced Persistent Threats (APTs), offensive security training has never been more important than it is today. 2011 was called the ‘year of the hack’, but 2012 could worsen due to the proliferation of attacks and increasing popularity of the hacktivism movement. IT security professionals must adapt themselves to this changing threat environment in order to safeguard the information assets of their companies and organizations.”
The goal of EC-Council Summit is to prepare security professionals, such as penetration testers and network security administrators, to use advanced hacking techniques in order to better identify and prevent threats before they impact a company or organization. Participants will walk way with a firm grasp of offensive security strategies and techniques, industry best practices, how to develop a secure baseline, how to harden enterprise architectures from the most advanced attacks, and how to reduce the capabilities of APTs.
Five three-day workshops, followed by a highly technical one-day seminar on key security topics, will be hosted in each city as follows:
-
Certified Ethical Hacker (CEH) v7: For the first time, students can achieve CEH v7 certification in a record three days by completing this advanced training course. This course runs for 10 hours per day and the exam is conducted on-site at the end. CEH, a DoD accepted program, is the industry standard in ethical hacker training and forms the basis of all advanced offensive security teachings.
- Advanced Penetration Testing: Presented by Joe McCray, this training course deals with penetrating high security environments like government agencies and financial institutions. Students will gain the know-how to attack patched and hardened servers running on the latest Windows and Linux operating systems, avoiding detection from Intrusion Detection and Prevention Systems (IDS/IPS), and best practices for circumventing common security implementations like GPOs, Locked Down desktops, IDS/IPS/WAF, etc.
- Advanced Mobile Hacking & Forensics: Presented by Wayne Burke, this course focuses on the in-depth aspects of performing forensic analysis on mobile operating systems such as Apple iOS, Google Android, Microsoft Windows Phone 7, and RIM Blackberry. Students will learn how to recover and preserve digital evidence in real-world scenarios where civil or criminal litigation is at stake, and conduct effective audits on mobile devices to prevent misuse.
- Advanced Application Security: Presented by Tim Pierson, this training course deals with the latest risks in the programming environment, current prevention tools and new attack methodologies. Students will learn programming techniques to thwart Man-in-the-Middle attacks and also how to write defensive code to prevent other attacks, how to harden applications on various runtimes like .Net, Java, and Adobe Air, advanced fuzzing technology and SQL-database rootkits.
- Advanced Network Defense: Presented by Kevin Cardwell, this course focuses on offensive security techniques to protect the enterprise against today’s most advanced threats, system deployments in highly secure states, identifying hard-to-detect malware and staging advanced attacks.
For more information about the EC-Council Summit series, please visit http://www.eccouncil.org/summit.
ABOUT CAST:
The Center of Advanced Security Training (CAST) was developed by EC-Council (http://www.eccouncil.org), in conjunction with cybersecurity experts, to address the need for highly technical and advanced security training for information security professionals. Instructed by EC-Council’s select group of master trainers, CAST offers hands-on, lab intensive courses that cover the security industry’s top domains, including advanced penetration testing training, digital mobile forensics training, advanced application security training, advanced network defense training, crimeware attribution, web application security training, and more. CAST is hosted at various international events, including EC-Council’s flagship Hacker Halted and TakeDownCon conference series.
ABOUT EC-COUNCIL:
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cyber security and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). EC-Council has trained over 90,000 security professionals and certified more than 40,000 members.
EC-Council’s certification programs are offered by over 450 training centers across 87 countries. These certifications are recognized worldwide and have received endorsements from vaårious government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted information security conferences. The global organization is headquartered in Albuquerque, New Mexico. More information about EC-Council is available at http://www.eccouncil.org
###
Leonard Chin
EC-Council
+1.505.341.3228
Email Information
EC-Council Summit San Antonio 2012, June 11 14
The all-new EC-Council Summit series is created to make advanced security training opportunities available for information security professionals across the globe. Attendees get to choose from a selection of highly technical and advanced training workshops offered by EC-Council Center of Advanced Security Training (CAST), covering current and important security topics such as penetration testing, cryptography, network defense, application security, mobile hacking and forensics, crimeware attribution, etc. The event concludes with a one-day security training seminar that specially designed to comprise a few mini-lectures, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how its like in some other events or conferences. For schedule of the EC-Council Summit, please visit: http://www.eccouncil.org/summit
