I wonder if we are seeing the beginnings of a new revolutionary movement that transcends borders, yet has the ability to cause drastic change within borders. This has the potential to get very interesting for people like me who think the government has overstepped its bounds in the electronic age.
It could be. This is the consequences of ignoring 20 years of warnings by security experts. #antisec is actually the best thing that could happen to the US govt. They are malevolent just enough to get media coverage but not enough to make serious damages. They will force reorganization and maybe the firing of some incompetent people.
Seems like a real stretch to me. HBGary like _targeted_intrusions_ with corresponding broad private information disclosures might have a bit of claim to that theory.
But as far as I can tell you just saw a couple of script kiddies run automated scans against whoever & whatever, happen to see a flaw at BAH, get in a dump a SQL database and then brag about how awesome they are. Big fucking deal?
Disclosing password hashes isn't going to bring down shit. It's like the hacker equivalent of the special olympics.
I'm not sure why so many people jump to calling members of these groups "script kiddies" -- perhaps because it's in the vogue and makes one feel more important than others? It's been shown that a few of the 0days these guys are using are from their own findings. A handful of members of different groups (of Antisec fame and some not) seem to take great interest in cryptography, reverse engineering, etc. As immature as their ways may be, as misguided as their goals may seem to you, they're not certainly not script kiddies and they're certainly pretty clever if they've managed to not get caught yet.
Lol, wait what? Which 0-days has it been shown they're using, let alone ones they developed themselves? I think the phrase here is citation needed. If you're using private zero days to break into systems you're almost assuredly not telling anyone about them - and the flip side is probably true as well.
Nope definitely not, there is a wide gulf between the two. It's just if they were using their own zero days then it'd be pretty obvious that I was wrong.
With the password hashes being unsalted MD5 and estimates of password reuse averaging from 12% this is valuable information that could be used to gain access to more sensitive systems. Sure it may be as simple as running an automated scan, but if a script kiddie could do that and get this information it's likely this information may well have been compromised before now, we just haven't heard of it.
but if a script kiddie could do that and get this information it's likely this information may well have been compromised before now, we just haven't heard of it.
Hi. This happens all the time. There is evidence of far more significant data breeches nearly every day in the press - Byzantine Hades, RSA, Aurora, Night dragon, the list goes on and on. Probably the best argument for why this specific sql database with web app passwords hasn't been compromised in the past is that it's of very questionable value.
The people holding up convenience stores aren't revolutionaries. And that's true even if you try to spin a yarn where removing the funds from a tax paying business might lead to an eventual budget shortfall.
Anonymous may become catalyst, if nothing else.