Saturday, January 26, 2013

Anonymous hacks US Sentencing Commission, distributes files

Anonymous hacks US Sentencing Commission, distributes files

Hacktivist group Anonymous took control of the U.S. Sentencing Commission website Friday, January 25 in a new campaign called "Operation Last Resort."

The first attack on the website was early Friday morning. The second - successful - attack came around 9pm PST that evening. 

Anonymous-200x192

By 3am PST ussc.gov was down (it has since been dropped from the DNS), yet as of this writing the IP address (66.153.19.162) still returns the defaced site's contents.

It appears that via the U.S. government website, Anonymous had distributed encrypted government files and left a statement on the website that de-encryption keys would be publicly released (thus releasing the as-yet unkonwn information held on the stolen files) if the U.S. government did not comply with Anonymous' ultimatum demands for legal reform.

Anonymous explained that they used this webiste for symbolic reasons.

The U.S. Sentencing Commission sets guidelines for sentencing in United States Federal courts, and on the defaced ussc.gov website Anonymous cited the recent suicide of hacktivist Aaron Swartz as a "line that has been crossed."

The statement suggested retaliation for Swartz's tragic suicide, which many - including the family - believe was a result of overzealous prosecution by the Department of Justice and what the family deemed a "bullying" use of outdated computer crime laws.

Anonymous has not specified exactly what files they have obtained. The various files were named after Supreme Court judges.

According to the statement:

Warhead – U S – D O J – L E A – 2013 . A E E 256 is primed and armed. It has been quietly distributed to numerous mirrors over the last few days and is available for download from this website now. We encourage all Anonymous to syndicate this file as widely as possible.

This appears to be Anonymous sending a threatening message to whoever knows what might be on the encrypted files.

Anonymous has encouraged anyone and everyone to distribute the files, so it is unknown who has the files or how many have been distributed. The files are useless without the encryption keys.

The contents are various and we won’t ruin the speculation by revealing them. Suffice it to say, everyone has secrets, and some things are not meant to be public.

At a regular interval commencing today, we will choose one media outlet and supply them with heavily redacted partial contents of the file. Any media outlets wishing to be eligible for this program must include within their reporting a means of secure communications.

Currently two of the mirrors are slow, and one has gone offline completely.

It is possible, as suggested by the file names, that Anonymous may have taken files pertaining to each of the judges (all of whom were named on filenames at the bottom of the defaced page, such as "Scalia.warhead1") and put them in a file (named "Warhead-US-DOJ-LEA-2013.aes256") and then appended a command to the file that would nuke the file. 

This suggests that Anonymous may have obtained files and nuked the compromised server.

Anonymous Tweeted that the group left a backdoor and made it editable in a way that encourages other hackers to come and shell the server.

In the defacement text, Anonymous also said it placed "multiple warheads" on "compromised systems" on various unnamed websites, and encouraged members to download the encrypted files from ussc.gov that are "primed, armed and quietly distributed to numerous mirrors."

Anonymous called the launch of it new campaign a "warhead."

Anonymous posted the following video to the site stating that this attack is the beginning of what it calls "Operation Last Resort."

A few websites have republished the defacement text; full transcript below.

Citizens of the world,

Anonymous has observed for some time now the trajectory of justice in the United States with growing concern. We have marked the departure of this system from the noble ideals in which it was born and enshrined. We have seen the erosion of due process, the dilution of constitutional rights, the usurpation of the rightful authority of courts by the “discretion” of prosecutors. We have seen how the law is wielded less and less to uphold justice, and more and more to exercise control, authority and power in the interests of oppression or personal gain.

We have been watching, and waiting.

Two weeks ago today, a line was crossed. Two weeks ago today, Aaron Swartz was killed. Killed because he faced an impossible choice. Killed because he was forced into playing a game he could not win — a twisted and distorted perversion of justice — a game where the only winning move was not to play.

Anonymous immediately convened an emergency council to discuss our response to this tragedy. After much heavy-hearted discussion, the decision was upheld to engage the United States Department of Justice and its associated executive branches in a game of a similar nature, a game in which the only winning move is not to play.

Last year the Federal Bureau of Investigation revelled in porcine glee at its successful infiltration of certain elements of Anonymous. This infiltration was achieved through the use of the *same tactics which lead to Aaron Swartz’ death. It would not have been possible were it not for the power of federal prosecutors to thoroughly destroy the lives of any hacktivists they apprehend through the very real threat of highly disproportionate sentencing.

As a result of the FBI’s infiltration and entrapment tactics, several more of our brethren now face similar disproportionate persecution, the balance of their lives hanging on the severely skewed scales of a broken justice system.

We have felt within our hearts a burning rage in reaction to these events, but we have not allowed ourselves to be drawn into a foolish and premature response. We have bidden our time, operating in the shadows, adapting our tactics and honing our abilities. We have allowed the FBI and its masters in government — both the puppet and the shadow government that controls it — to believe they had struck a crippling blow to our infrastructure, that they had demoralized us, paralyzed us with paranoia and fear. We have held our tongue and waited.

With Aaron’s death we can wait no longer. The time has come to show the United States Department of Justice and its affiliates the true meaning of infiltration. The time has come to give this system a taste of its own medicine. The time has come for them to feel the helplessness and fear that comes with being forced into a game where the odds are stacked against them.

This website was chosen due to the symbolic nature of its purpose — the federal sentencing guidelines which enable prosecutors to cheat citizens of their constitutionally-guaranteed right to a fair trial, by a jury of their peers — the federal sentencing guidelines which are in clear violation of the 8th amendment protection against cruel and unusual punishments. This website was also chosen due to the nature of its visitors. It is far from the only government asset we control, and we have exercised such control for quite some time…

There has been a lot of fuss recently in the technological media regarding such operations as Red October, the widespread use of vulnerable browsers and the availability of zero-day exploits for these browsers and their plugins. None of this comes of course as any surprise to us, but it is perhaps good that those within the information security industry are making the extent of these threats more widely understood.

Still there is nothing quite as educational as a well-conducted demonstration…

Through this websites and various others that will remain unnamed, we have been conducting our own infiltration. We did not restrict ourselves like the FBI to one high-profile compromise. We are far more ambitious, and far more capable. Over the last two weeks we have wound down this operation, removed all traces of leakware from the compromised systems, and taken down the injection apparatus used to detect and exploit vulnerable machines.

We have enough fissile material for multiple warheads. Today we are launching the first of these. Operation Last Resort has begun…

Warhead – U S – D O J – L E A – 2013 . A E E 256 is primed and armed. It has been quietly distributed to numerous mirrors over the last few days and is available for download from this website now. We encourage all Anonymous to syndicate this file as widely as possible.

The contents are various and we won’t ruin the speculation by revealing them. Suffice it to say, everyone has secrets, and some things are not meant to be public. At a regular interval commencing today, we will choose one media outlet and supply them with heavily redacted partial contents of the file. Any media outlets wishing to be eligible for this program must include within their reporting a means of secure communications.

We have not taken this action lightly, nor without consideration of the possible consequences. Should we be forced to reveal the trigger-key to this warhead, we understand that there will be collateral damage. We appreciate that many who work within the justice system believe in those principles that it has lost, corrupted, or abandoned, that they do not bear the full responsibility for the damages caused by their occupation.

It is our hope that this warhead need never be detonated.

However, in order for there to be a peaceful resolution to this crisis, certain things need to happen. There must be reform of outdated and poorly-envisioned legislation, written to be so broadly applied as to make a felony crime out of violation of terms of service, creating in effect vast swathes of crimes, and allowing for selective punishment. There must be reform of mandatory minimum sentencing. There must be a return to proportionality of punishment with respect to actual harm caused, and consideration of motive and mens rea. The inalienable right to a presumption of innocence and the recourse to trial and possibility of exoneration must be returned to its sacred status, and not gambled away by pre-trial bargaining in the face of overwhelming sentences, unaffordable justice and disfavourable odds. Laws must be upheld unselectively, and not used as a weapon of government to make examples of those it deems threatening to its power.

For good reason the statue of lady justice is blindfolded. No more should her innocence be besmirked, her scales tipped, nor her swordhand guided. Furthermore there must be a solemn commitment to freedom of the internet, this last great common space of humanity, and to the common ownership of information to further the common good.

We make this statement do not expect to be negotiated with; we do not desire to be negotiated with. We understand that due to the actions we take we exclude ourselves from the system within which solutions are found. There are others who serve that purpose, people far more respectable than us, people whose voices emerge from the light, and not the shadows. These voices are already making clear the reforms that have been necessary for some time, and are outright required now.

It is these people that the justice system, the government, and law enforcement must engage with. Their voices are already ringing strong with a chorus of determined resolution. We demand only that this chorus is not ignored. We demand the government does not make the mistake of hoping that time will dampen its ringing, that they can ride out this wave of determination, that business as usual can continue after a sufficient period of lip-service and back-patting.

Not this time. This time there will be change, or there will be chaos…

-Anonymous

No comments:

Post a Comment