You’re Doing It Wrong > 9000: RNCLatino Outreach Site Full of Spam and Epic Fail

Gods Bless America! If this wasn’t the GOP, I’d swear these folks are high. The website RNCLatino.com, designed as outreach to Hispanic voters, used a photo of children found on Shutterstock.com with the following tags:

activity, asia, asian, cheeks, children, cool, cute, enjoy, expression, friend, friendship, funny, future, gang, grass, group, happy, humor, interracial, japanese, joy, jump, kid, link, love, park, people, person, play, poor, relax, sleep, small, smile, social, spring, student, study, summer, sweet, thailand, together, trendy, union, united, young, youth

Yup, Asian, Japanese and Thailand. Also poor.

The picture has since been taken down, and RNC spokeswoman Kirsten Kukowski explained:

An outside vendor developed the site and it has been corrected.

Sadly, the RNC also took down this hilarious blog from the site:

Indiscriminate locks the loss is among the nagging wellbeing dangers we endure from while in the current time…You can deal with this difficulty nicely once you are mindful concerning the roots from the primary problem. Precisely, it might be simpler for you personally to realize the fundamentals how you can avoid locks the loss in women, once you know the principal aspects accountable for this happening. understanding these aspects would make you conscious to adhere through the treatments fundamental for locks fall control.

In its place? A series of ads for pharmaceuticals, including Darifenacin which is used to control overactive bladders. Srsly, hackers couldn’t have done a better job on this moran site.  Internets, they just aren’t safe for the RNC.

 

HT: Think Progress

Anonymous Runs Operation Payback on Tunisia, Net Wars Heat Up

Websites run by the Tunisian government have been successfully targeted by Operation: Tunisia, a cell within Anonymous’ Operation Payback, in a distributed denial of service  action, which dropped this image and message on several government sites before the Anon-fueled DDoS knocked them offline. (Reminder: DDoS is illegal, and people have been arrested for it).

The message from Anonymous is to the point:

The Tunisian government wants to control the present with falsehoods and misinformation in order to impose the future by keeping the truth hidden from its citizens. We will not remain silent while this happens. Anonymous has heard the claim for freedom of the Tunisian people. Anonymous is willing to help the Tunisian people in this fight against oppression. It will be done.

This is a warning to the Tunisian government… It’s on the hands of the Tunisian government to stop this situation. Free the net, and attacks will cease, keep on that attitude and this will just be the beginning.

The sites affected include: pm.gov.tn, rcd.tn, benali.tn, carthage.tn, bvmt.com.tn, sicad.gov.tn, indrustrie.gov.tn, commerce.gov.tndouane.gov.tn and ministeres.tn. You can see screen shots of  some  pages here and here and here.

Anonymous has been assisting Tunisia dissidents with a strong efforts and dedicated actions, much as they did–and continue to do–in Iran responding to that country’s post-2009 election revolts, with codes, the manual mean of DDoS, and with spreading the word about what is happening in the country.

It is reported that many of the Tunisian DDoS-ers are based in that African nation, but with Anon being an Erisian global disorganization, there is help from around world with a bunch of people supplying code that helps Tunisians move past Internet filters and surf anonymously.

The country’s already tense situation escalated on after New Year’s Day when Tunisian President Zine El Abidine Ben Ali’s  government blocked WikiLeaks, a Tunisian WikiLeaks mirror and media sites reporting on Wikileaks; several cables from Embassy Tunis released by Wikileaks going as far back as 2008 were highly critical of the Tunisian government.

Within nine hours of the government shutting down access to Wikileaks, numerous sites linked to the government were decorated with Anonymous/Operation: Tunisia’s message, then knocked offline.

As of this writing many government sites still remain offline. Tunisian pro-government hackers have returned the favor according to more than one report; Tunisian blogger Lina Ben Mhenni, a university assistant, told Al Jazeera:

The government has cracked down on activists by hacking our emails, facebook and blogs. They have deleted a few pages in which I was writing about the public protests.

According to reports on Facebook, there have been dozens of injuries and at least four deaths in the recent spate of protests, though this is difficult to confirm.  Al Jazeera is covering the protests–which include police surrounding high schools and colleges to prevent demonstrations after

[A]bout 250 demonstrators, mostly students, attended a peaceful march on Monday afternoon to express their support for the protests in the region of Sidi Bouzid, a union source told AFP.

The march then turned violent when police tried to contain the protesters by firing tear gas canisters, one of which fell into a mosque.

Enraged, the protesters then reportedly set fire to tyres and attacked the local offices of the ruling party, the source said.

Because of tech issues centering around  DNS servers hosting governmental as well as business and media sites (DNS=domain name service, a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the internet), some non-governmental sites have been unavoidably affected.

As pointed out in the Wikileaks cables, corruption in Tunisia is rampant, so Operation: Tunisia has also targeted Tunisian President Ben Ali’s wife, Leila Ben Ali and her extended family the Trabels are knocking off websites linked to the  family’s businesses.

In an egregious and morally reprehensible move, the government has cracked down on access to religious leaders and local police and officials are harassing Muslim men with beards. According to the Tech Herald which has done excellent reporting on the Tunisian situation:

One [internet relay chat/IRC] user explained how local mosques are only available during certain times of the day now.

“In the mosques we have not the right to learn our religion, we do the prayer, and they close the mosques,” a Tunisian explained to us on IRC.

“We have five prayer sessions a day. We go to the mosque, do it, and then they close the mosque until the next prayer. In the past there is Imam (religion man) who [teaches] people the Quran, now we have nothing.”

This is the second African nation which has been the focus of an Anonymous DDoS action; in late December Anon instigated a DDoS-ing of  a complete takedown of the ZANU-PF website, the Zimbabwean government portal, and the Zimbabwean Finance Ministry website, as well as posting their message on Finance Ministry website, stripping all other news content and offering a message that said simply:

We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.

Oh Hai, Sarah Palin! Lots of People are Anonymous: Thoughts from Cyberia

Many websites have a function whereby commenters can post anonymously. Recently on one, someone posted as Anonymous, posting with regards to me

She swallows

like that’s a bad thing.  At any rate, that person is Anonymous. On some sites, anonymity is encouraged; others prefer you have some sort of screen name, even if it’s Sokpppt7137.

Then there are consciously anonymous actions undertaken under the “leaderless resistance” of Anonymous, like the person who snuck into the public restroom of a hotel ballroom, carefully unrolled the toilet paper and stuck small pieces of paper with

xenu.net

and other entheta URLs on every few sheets, then carefully rolled the t.p. back up again before a large anti-xenu event began.

Pics or it didn't happen

Or the people who are protesting the actions of PayPal, MasterCard, and Visa and others against WikiLeaks and Julian Assange.

But what about when journalists mention which program/s a bunch of people are using to do a DDoS (distributed denial of service) on the above?  Or the program/s a bunch of people are using to pull a DDoS on Wikileaks, Anonops.net etc? Or entertainment industry sites?

[For the record--and this will prolly make some people all butthurt--I support intellectual property/copyright law; I also firmly believe that all  material in the public domain should be freely shared and distributed; I also support Fair Use.  Oh and from now on I am using DDoS and its lonely sibling DoS as verbs ( DoS: Denial of service, which is like a DDoS, but from just a solo basement or couch)].

It make me wonder who isn’t A/a/nonymous, especially when a tech aide to a politician–whose PAC website was allegedly crashed in protest of said politician’s very aggressive statements against Julian Assange–tells the entire world via ABC.com what program to use to continue the peaceful, but to some un-lulzy types, really scary and/or annoying attacks:

A SarahPAC.com technical aide said that the “DOS attackers, a group loosely known as Anon_Ops,  used a tool called LOIC (Lower Orbit Ion Cannon) to flood sarahpac.com.  The attackers wanted us to know that they were affiliated with wikileaks.org through an obscure message in our server log file.“

The tech emailed this screenshot to show what he’s talking about.

Um, wow. Thanks for the hi-tek how-to.

There are few things here that need to be looked at, aside from Rick Astley winning MTV Europe’s Best Act Ever with 100 million votes, which should have been a clue that the internets are srs bsns. The Delphic pythoness murmers:

Chester Wisniewski of Sophos wrote on September 19, 2010 when a number of entertainment industry sites were under DDoS over prosecution of PirateBay:

The people who are being lured into participating may not recognize that DDoSing is criminal under the Computer Fraud and Abuse Act. The fact that a few thousand people can bring major websites to their knees is a bit scary. There are rumors that some 4chan* members may be using botnets in the attack as well which introduces even more legal concerns.

No matter how you view it this is not a good situation. That a small number of people can hijack parts of the Internet is demonstrative of what could be done if a larger group, or someone with a lot of zombied PCs were to want to wreak havoc on more critical locations. It has been some time since large scale DDoS attacks have been in the news and hopefully it will be awhile before we see this again.

Zombie PCs! Transformers! Terminators! And Batman?!

On September 19, two and half months before Wikileaks spooged a weensy, glistening drop of their load into the Intert00bs, the Recording Industry Association of America was knocked off line for 21 hours. The Motion Picture Association of America, and BPI  (British Phonographic Industry, the organization supporting the British recorded music industry; thank goodness vinyl is making a comeback, or they might feel kinda silly about that quaint vintage monicker. Or not because they’re British.) were all DDoSed (and possibly DoSed). On November 4, the United States Copyright Office was the target of denial service attacks. Remember, remember on the 5th of November.

The September 19th denials seems to  have been prompted when at least one group within the entertainment industry hired their own personal army of one, epic fail guy Aiplex Software, to do a DoS  whose general manager Girish Kumar yakked to the media in a report published on September 8:

What we do is we see all those links on the net. We find the hosting [computer] server and send them a copyright infringement notice because they’re not meant to have those links. If they don’t remove [the link] we send them a second notice and ask them [again] to remove it…Generally speaking 95 per cent of … providers do remove the content. It’s only the torrent sites – 20 to 25 per cent of the torrent sites – that do not have respect for any of the copyright notices. How can we put the site down? The only means that we can put the site down is [by launching a] denial-of-service [attack]. Basically we have to flood [the site] with millions and millions of requests and put the site down.

And sometimes, well–Kumar admits there’s collateral damage:

At times, we have to go an extra mile and attack the site and destroy the data to stop the movie from circulating further.

Destroy the data? Wow, that’s kinda mean. Is Aiplex so targeted that they only destroy Ferris Bueller’s Day Off? Showgirls is safe?

So, basically, Kumar got all boasty, and the internets got toasty.  Pride goes before a website crash.

By the 5th of November it was  even more widely available knowledge that a program called Lower Orbit Ion Cannon was involved in the website crash.

Sarah Palin’s tech aide reported the crash as a DoS, which is technically, not so-technically and exponetially a different thing (Um like, I–who frequently forgets the skills necessary to change my FB profile picture–can  understand the difference, so it can’t be all that hard to grasp!). Possibly Sarah Palin’s unnamed, unknown and thus anonymous tech aide who mentioned  LOIC was correct and only one bot was doing the deed. Think about it. One lone  hackitivist maybe being a little disinformational?

Or maybe the aide (for ABC.com revealed the tech aide’s gender) was confused. But I can’t imagine anyone working for SarahPAC as a tech aide being unclear on the difference between the two. That’s what computer school is for.

But this brings up a rather interesting aside. There are bout 29,100 results on Google for “low orbit ion cannon” including the sublime

The news is hilarious right now I’ve never heard a news reader say “low orbit ion cannon” in serious news report before

to listings of torrent sites and other Pottersville-like places online where those so inclined ought be using proxy condoms  and/or be careful. Because for the last few weeks LOIC has been on some radars. And some versions might have cyber-cooties.

Wikileaks and Anonops.net were also hit by DoS. The Jester (th3j35t3r) is claiming the scalps, which he took using something he invented called XerXeS which is actually kind of silly name because even though the Spartans went anhero into battle and were slain, XerXeS lost the war. (Video of  The Jester using XerXeS ion Infosec Island currently inaccessible, but Google it. My tin foil is starting to itch)

The Jester has been promoting his DoS services for nine months, first as an anti-jihadist take down artist and now as a crusader against Wikileaks. In February, 2010 he told Infosec Island:

Regarding helping the good guys defend against such an attack[by XerXeS], I can guarantee that no bad guy has this in his arsenal yet, and no bad guy will ever get it from me. I have not been approached directly by any sec/mil/spook types, but if that happens I would be glad to help out. Preferably, they would approach me with a signed immunity from prosecution document. I am not going to just throw myself to the wolves.

During the first phase of Wikileaks getting DoS’ed last week, this interesting story popped up featuring The Jester, an alleged police raid, fake accounts and a whole lot of supah spai cloaking daggers ( ic whut u did ther?). He also talked about Wikileaks’ insurance file.  That made my head hurt.

The Daily Telegraph reports that Anonymous posted a blog setting out its aims as campaiging for free speech

Hello World. We are Anonymous. What you do or do not know about us is irrelevant. We have decided to write to you, the media, and all citizens of the free world at large to inform you of the message, our intentions, potential targets, and our ongoing peaceful campaign for freedom.

The message is simple: freedom of speech. Anonymous is peacefully campaigning for freedom of speech everywhere in all forms. Freedom of speech for: the internet, for journalism and journalists, and citizens of the world at large. Regardless of what you think or have to say; Anonymous is campaigning for you.

And just now on CNN, Bearded Tech Guy told Kyra Philips that DDoS, downloading a programming is

volunteering if you will, to be part of the attack…pranksterism, protest for the modern era

Merry merry! Tis the season!

*[4Chan is a website/forum, founded by Christopher Moot Poole, who just scored a gianormous gig as a venture advisor with Leher Ventures, a rilly big deal in Cyberia. 4Chan as no "members." 4Chan is a very big, like a virtual city, but with words and pictures, some NSFW, and you can find all sorts of things to do or fap to. Do what thou wilt. Or you can move along, nothing here to see. But lots that cannot be unseen.]

Late Night: Senate to Drop Ban Hammer on teh Internets?

The Internets. Both of them. This meme may become a reality…

We will support a free and open Internet.

That’s what Barack Obama told the United Nations. But then why is there a bill before the Senate Judiciary Committee that would allow the Attorney General to block certain Internet domain names from ISPs?

The bill S. 3804, the Combating Online Infringement and Counterfeits Act (COICA), introduced by Sen. Patrick Leahy (D-VT) and Sen. Orrin Hatch (R-UT) would create two blacklists of Internet sites “dedicated to infringing activity,” which is defined very broadly as any site where counterfeit goods or copyrighted material are “central to the activity of the Internet site.”

Heck, that could be eBay–I’ve seen some pretty bogus Marc Jacobs Stam bags on there, as well as faux Max Studio, BCBG  and Betsey Johnston dresses. And certainly YouTube could be considered such a site, though they do pull any video  which is flagged with a DMCA (Digital Millennium Copyright Act) infringement notice. Flickr.com and other photo storage sites allow people to upload their photoshopped images, as of course does the monster shoop site ICanHazcheeseburger.com

Anyway, one of the blacklists can be added to by the courts, the second by the Attorney General.  According to Demand Progress:

Internet service providers (everyone from Comcast to PayPal to Google AdSense) would be required to block any domains on the first list. They would also receive immunity (and presumably the government’s gratitude) for blocking domains on the second list.

Copyright is a tricky thing. The Associated Press says:

Associated Press text material shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. Neither these AP materials nor any portion thereof may be stored in a computer except for personal and non-commercial use.

And that means if a tree falls in the forest and only the AP is there to cover it, does that actually mean you can’t mention the tree hitting the earth without violating the AP’s copyright, even if you blogged under Fair Use that

a mighty big piece of living lumber  was felled by unknown means, according to the AP

rather than

a tree fell in the forest

because that is “rewritten”?

So technically if you did blog about it, under COICA your site could be blacklisted by servers and basically disappear because you “violated” copyright by reporting news to which you didn’t have direct access. Unless you paid the AP. So news becomes proprietary information. And that means control of information and possibly no freedom of the press since unlimited access would be truncated.

Nowadays, copyright infringement is handled with lawyer letters, threats of lawsuits and actual court trials, where there is a burden of proof. Should this pass, the lights would go off on sites deemed violators. Demand Progress says:

This bill would bypass that whole system by forcing Internet service providers to block access to sites that are otherwise up. People in other countries could still get to them, but Internet users in the US would be blocked.

Blocked from entire domain names. Sort of like how the governments of Iran, China, Saudi Arabia and elsewhere block undesirable sites. Granted, because of copyright and licensing laws, when I was in Ireland, I couldn’t watch clips from The View on ABC.com; when in Turkey, I was unable to listen to Coast to Coast on KFI640.com, so I wonder how many blocked sites would actually still be visible. And plus there are ways around that. Demand Progress claims that

if this law passes Internet traffic will be reconfigured to route around it. Companies will move their US servers and domain names overseas, Internet users will route their traffic through other countries (just like Chinese citizens have to do now!), and software will have to be reconfigured to no longer trust answers from American servers.

Demand Progress is concerned that this bill is the start of a slippery slope  and that with a little prodding from Teh Gubbermints  all sorts of sites could end up being banned, not only news, blogs, politics, and entertainment, but  porn and gambling, which is really what fueled the series of interconnected tubes.


Close