Anonymous rapes "security" firm investigating them for WikiLeaks related DDoSing

Page 7 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
MarkXIX

MarkXIX

Platinum Member
Jan 3, 2010
2,642
1
71
Mr. Barr was a moron, pure and simple. His so called "security" company was anything but a bunch of bumbling morons who were overpaid, save for the coder he had on hand. Someone send that guy a coupon for all you can eat tacos!
 
M

Mark R

Diamond Member
Oct 9, 1999
8,513
16
81
SpatiallyAware said:
They way they got that root pw is insane. That admin needs fired on the spot.

Even a small company should never reset a pw based simply on an email.
Click to expand...

I've rang up a hospital before from outside, asked for IT. Spoken to tech support - Hi. I need a login and password for the Electronic Patient Record. I hadn't actually started work there, but was due to start on the 3rd day of a 3 day weekend. Given that there would be no way to do my job without access to the electronic record, and that IT support don't work weekends and holidays, I planned ahead about a week before I started.

- What's your username?
= Err. I don't have one. I need a new account
- What's your name?
- Mark R
- OK. What department do you work in?
- blah. blah
- I don't have a record of any account in your name. That's because I haven't started. I start on holiday Monday.
- Oh. OK then. I'll send a new password to your internal e-mail
- Oh. I don't think it's working, the account hasn't been set up. Can you send it to my hotmail?
- What's the address?
- asdfasdfasdf@hotmail.com

5 minutes later, login and password details arrive in my hotmail account.
 
Gooberlx2

Gooberlx2

Lifer
May 4, 2001
15,381
6
91
Mark R said:
I've rang up a hospital before from outside, asked for IT. Spoken to tech support - Hi. I need a login and password for the Electronic Patient Record. I hadn't actually started work there, but was due to start on the 3rd day of a 3 day weekend. Given that there would be no way to do my job without access to the electronic record, and that IT support don't work weekends and holidays, I planned ahead about a week before I started.

- What's your username?
= Err. I don't have one. I need a new account
- What's your name?
- Mark R
- OK. What department do you work in?
- blah. blah
- I don't have a record of any account in your name. That's because I haven't started. I start on holiday Monday.
- Oh. OK then. I'll send a new password to your internal e-mail
- Oh. I don't think it's working, the account hasn't been set up. Can you send it to my hotmail?
- What's the address?
- asdfasdfasdf@hotmail.com

5 minutes later, login and password details arrive in my hotmail account.
Click to expand...

Insane. That would get a helpdesk person fired at my hospital. User account requests must be made by the departmental admin. No exceptions.
 
B

bfdd

Lifer
Feb 3, 2007
13,312
1
0
Mark R said:
I've rang up a hospital before from outside, asked for IT. Spoken to tech support - Hi. I need a login and password for the Electronic Patient Record. I hadn't actually started work there, but was due to start on the 3rd day of a 3 day weekend. Given that there would be no way to do my job without access to the electronic record, and that IT support don't work weekends and holidays, I planned ahead about a week before I started.

- What's your username?
= Err. I don't have one. I need a new account
- What's your name?
- Mark R
- OK. What department do you work in?
- blah. blah
- I don't have a record of any account in your name. That's because I haven't started. I start on holiday Monday.
- Oh. OK then. I'll send a new password to your internal e-mail
- Oh. I don't think it's working, the account hasn't been set up. Can you send it to my hotmail?
- What's the address?
- asdfasdfasdf@hotmail.com

5 minutes later, login and password details arrive in my hotmail account.
Click to expand...
Social engineering is a powerful tool.
 
A

AlienCraft

Lifer
Nov 23, 2002
10,539
0
0
DanDaManJC said:
it's true, unadulterated, information freedom. sure 90% of what they do is absolutely senseless and juvenile, but we really could be witnessing the start of another phase of democratic revolution here
Click to expand...
:thumbsup:
We'll all be digging for Pringles cans to make the OLD school 801.11* antennas of yore if The Powers That Be decide to put a kill switch in. Granted, we'll only be networking locally unless anyone still has a dial up modem and cable to connect a cell phone. Welcome to Devolution... 14.4 kbs hiding in the fax signals. Wardriving on a Corporate wireless field like we used to do for fun.

Workers of The World, Unite!
 
Last edited:
A

AlienCraft

Lifer
Nov 23, 2002
10,539
0
0
Home Depot used to leave default usernames/PWs on their Wireless Routers. Making the password "orange" wasn't that big of a stretch of the imagination. :D
 
AnitaPeterson

AnitaPeterson

Diamond Member
Apr 24, 2001
6,021
547
126
I would be more than happy to suggest - and document - a good target for Anonymous, for the sake of a good cause, and for social justice.

And I'm 100% serious.
 
Lithium381

Lithium381

Lifer
May 12, 2001
12,452
2
0
Are there any large scale attacks such as this one documented anywhere? I've never seen one happen and would be interested to see the production and how it's orchestrated. I have read short articles about "they laucnhed a ddos attack to bring the servers to their knees" but that's about as in depth as it goes..... i'm interested in a full write up, play by play action.
 
yh125d

yh125d

Diamond Member
Dec 23, 2006
6,886
0
76
Lithium381 said:
Are there any large scale attacks such as this one documented anywhere? I've never seen one happen and would be interested to see the production and how it's orchestrated. I have read short articles about "they laucnhed a ddos attack to bring the servers to their knees" but that's about as in depth as it goes..... i'm interested in a full write up, play by play action.
Click to expand...

someone else summed it up pretty well


child of wonder said:
Anonymous: "I can haz password?"
Sys Admin: "sure lol"
Anonymous: "and i can haz firewall downs?"
Sys Admin: "yup lol"
Click to expand...
 
Gooberlx2

Gooberlx2

Lifer
May 4, 2001
15,381
6
91
Lithium381 said:
Are there any large scale attacks such as this one documented anywhere? I've never seen one happen and would be interested to see the production and how it's orchestrated. I have read short articles about "they laucnhed a ddos attack to bring the servers to their knees" but that's about as in depth as it goes..... i'm interested in a full write up, play by play action.
Click to expand...

I remember reading this a long time ago. I'm sure much of it is out of date now, but it's still interesting.
 
cronos

cronos

Diamond Member
Nov 7, 2001
9,380
26
101
Lithium381 said:
Are there any large scale attacks such as this one documented anywhere? I've never seen one happen and would be interested to see the production and how it's orchestrated. I have read short articles about "they laucnhed a ddos attack to bring the servers to their knees" but that's about as in depth as it goes..... i'm interested in a full write up, play by play action.
Click to expand...

There were some 'white hat' hackers who got attacked and taken down by the 'black hats' sometime last year. They did release a pretty elaborate 'play by play' on the whole process and it was a really good read. I can't remember where I found this though.
 
P

Patterner

Senior member
Dec 20, 2010
227
0
0
Lithium381 said:
Are there any large scale attacks such as this one documented anywhere? I've never seen one happen and would be interested to see the production and how it's orchestrated. I have read short articles about "they laucnhed a ddos attack to bring the servers to their knees" but that's about as in depth as it goes..... i'm interested in a full write up, play by play action.
Click to expand...

Not as large scale, but The Cuckoo's Egg by Cliff Stoll is a good read in this subject area.
 
AnonymouseUser

AnonymouseUser

Diamond Member
May 14, 2003
9,943
107
106
shortylickens said:
I love their new home page. They are so utterly full of shit its funny.
http://www.hbgary.com/
Click to expand...

We know that understanding the attacker and his methods is the only way to defeat him. This is the core strength of HBGary and why our technology and services outperform the competition. To us, it's personal.
Click to expand...

This is what got them fucked the first time. I guess they haven't learned their lesson...
 
Z

Zargon

Lifer
Nov 3, 2009
12,218
2
76
do they not realize the company name sounds like a stupid bb/aim handle?

I better go change my consulting company name to XGZargon :rolleyes:
 
J

jacc1234

Senior member
Sep 3, 2005
392
0
0
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom