I'm ashamed to see that we've learned nothing in the past 10 years.
[1] - http://www.youtube.com/watch?v=ow7cvZOzp6w
[2] - http://speakerdeck.com/u/yuvadm/p/28c3-data-mining-the-israe...
EDIT: Israeli media now claims that 400K is an exaggerated number, and the actual number of leaked CC is much smaller.
EDIT2: I'm gonna go ahead and publish a mirror list [3] for the leaked data and for affected accounts by email [4]. I might be affected and I prefer to know if I am ASAP, even if this means the data leaks more, which it will anyway.
And then there's the big question: what do you do now that the data is out there? (and putting biometrics in the database isn't the answer)
From my own experience in this matters, security forces may eventually get the logs, but are then going to cross check them against other information before even asking an ISP about information pertaining the IP addresses they get. If I were worried that someone with powerful connections in security forces would be determined enough to get me into trouble, I would use Tor to open them from a securely wipeable VM and won't save them in my hard disk.
I always click them from my PC... but in any case things get nasty I am currently working for a recognized information security company, and clicking this stuff is sort of part of my job.
https://twitter.com/anonyops/status/153969476277248000
"We have no love for Israeli gov't but targeting 1000s for being Israeli? Sorry, you are not #Anonymous pastebay.com/148920"
Hypocrisy on hypocrisy.
However, by performing actions that are contrary to the Anonymous ideology the Saudi attackers distanced themselves farther from Anonymous than any name could
Wouldn't that seem to suggest that staying completely anonymous while being taken seriously on the Internet is impossible?
Unfortunately (or fortunately?) the file isn't available any more.
I think once that file was online even for a few minutes, the card numbers mentioned in it are not safe anymore. It will be leaked again.
If it's not some kind of provocation (files with false data) then this is a pretty big crisis. I'm going to have to monitor my credit card logs closely in the next few weeks...
Audits are few and far between, lots of places have shoddy security but claim they are Fort Knox.
PCI compliancy is quite meaningless unless the people that implement it take their job seriously. That's very frequently not the case, it is just seen as a small obstacle in the way of doing business.
Related: http://serverfault.com/questions/293217/our-security-auditor...
I can't really see the ideals of Anonymous coexisting with nationalism and religious fundamentalism.
After all the petty bullshit, Saudis like to party too. The problem is their government and society is repressive as hell, and they're so scared to confront it, they have to go into this whole make-believe world where they act as heroes by attacking Israeli servers. It's pretty funny. I'm sure Israelis will recover. The Saudis on the other hand still live in a medieval hellhole where women can't drive a car... and this really doesn't do much to change anything. Their time and energy would be better spent trying to bring civilization to their own wasteland.
[Edit] I should add, the fact that if you did this in your own country, you'd probably have your hands cut off, is a powerful motivation to go after somebody with more liberal values.
Well the hackers have not identified themselves by name so they are ... anonymous. Isn't that the idea behind Anonymous, that anyone who is anonymous can claim to be Anonymous?
Generally agree but with one exception -- in places were the government claims it represents the people and most people agree with that. Then everyone who votes basically shares the guilt of what the government does.
I totally disagree with the Israeli gov's policies and often protest them. Guess what? My personal info was inside those files (deprecated credit card and email though).
Attacking citizens of democracies because they are inseparable from their government and responsible for its actions, is a common argument for terrorism, btw.
Does anyone have good arguments against leaving the files where they are now and not deleting them from pastebin/megaupload/...? Since the beast is already out of it's cage, there is no point in chasing it. It is even better to let the public d/l the file and try to find themselves if their card and other details like emails, passwords were stolen.
(nice username btw, learned the word here..)
EDIT: I got downvoted, without a reply. So, explain how doing this sort of thing is not faction warfare?
The details of israeli credit is leaked by anons from the house of Saud. This is clearly a faction issue. It is not likely government sponsored (though likely condoned) and as a religious rift exists between jews and muslims, the word faction applies perfectly.
Jews, muslims, christians; all factions within religious zealotry.
Tomato Potato
--- Sectarian:
of, relating to, or characteristic of a sect or sectarian
limited in character or scope
---
Faction
a party or group (as within a government) that is often contentious or self-seeking : clique
party spirit especially when marked by dissension
---
You would be a fool to claim that sectarian skirmishes are not also political, given the widespread theocratic nature of governments under both muslim and jewish rule.
In this case - this is an attack, while premised on the appearance of religion, is actually a theocratic/political-religious attack.
I know because I was involved in cleaning up one of the hacks. (I have to stay anonymous, but my main account has more than 7000 karma.)
In the one I dealt with they did not copy stored cards (because they couldn't), but rather added extra code that would email a copy of the details to the hacker as the order was placed.
(So even with PCI compliance credit card numbers can still be stolen.)
I don't imagine online CC security being much better..
Does anyone know more about this group?
That Stratfor dump with 75.000 card details is still on Pastebin. Why this one deleted and the other is still there? (I believe both should be deleted.)
