Federal Bureau of Lulz | TechSNAP 48

Federal Bureau of Lulz | TechSNAP 48

We cover the amazing story of how the FBI infiltrated and exposed LulzSec.

And in a retro war story, Microsoft miss more than just a leap day and we answer some of your feedback questions.

All that and on, on this week’s TechSNAP!

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Super special savings for TechSNAP viewers only. Get a .co domain for only $7.99 (regular $29.99, previously $17.99). Use the GoDaddy Promo Code cofeb8 before the end of March to secure your own .co domain name for the same price as a .com.

Private Registration use code: march8

Pick your code and save:
cofeb8: .co domain for $7.99
techsnap7: $7.99 .com
techsnap10: 10% off
techsnap20: 20% off 1, 2, 3 year hosting plans
techsnap40: $10 off $40
techsnap25: 25% off new Virtual DataCenter plans



Direct Download Links:

HD Video | Large Video | Mobile Video | MP3 Audio | OGG Audio | YouTube

Subscribe via RSS and iTunes:

Support the Show:

Show Notes:

LulzSec leader arrested more than 6 months ago, has been working for the FBI

  • Hector Xavier Monsegur (Sabu) was arrested by the FBI on June 7th, 2011
  • Sabu plead guilty to the following charges
  • Conspiracy to Engage in Computer Hacking—Anonymous
  • Conspiracy to Engage in Computer Hacking—Internet Feds
  • Conspiracy to Engage in Computer Hacking—LulzSec
  • Computer Hacking—Hack of HBGary
  • Computer Hacking—Hack of Fox
  • Computer hacking—Hack of Sony Pictures
  • Computer Hacking—Hack of PBS
  • Computer Hacking—Hack of Infraguard-Atlanta
  • Computer Hacking in Furtherance of Fraud
  • Conspiracy to Commit Access Device Fraud
  • Conspiracy to Commit Bank Fraud
  • Aggravated Identity Theft
  • Sabu’s complicity with authorities has been suspected for some time, leaking to him being doxed (having his personal information released) here
  • Sabu gave a number of interviews to reporters while under the control of the FBI, and was directed to feed them misinformation
  • The FBI alerted more than 300 companies and agencies to potential vulnerabilities that were discovered
  • Sabu was directed by the FBI to have attacks against the CIAs website ceased
  • The FBI provided Sabu with a server, on which other members of LulzSec were encouraged to dump stolen information, including copies of the StratFor data (emails, credit card numbers, etc)
  • Slashdot Coverage

Attackers breach Sony Records, steal unreleased Michael Jackson recordings

  • More than 50,000 files were copied by the attackers
  • Included in that were a large number of unreleased tracks that Sony paid the Michael Jackson estate 250 million dollars for in 2010
  • Other major names included in the breach: Jimi Hendrix, Paul Simon, the Foo Fighters and Avril Lavigne
  • The attack occurred shortly after the PSN breach in April of 2011, but was only announced recently
  • Two of the alleged attackers appeared in British court last week, after having been arrested in May of 2011

Security design flaw in libVTE writes your terminal buffer to disk

  • Terminals based on libVTE, which include gnome-terminal and xcfe4-terminal, may store your scrollback buffer to a plain file in /tmp, where it might be readable by others
  • libVTE v0.21.6 and later (since September 17th, 2009) are vulnerable
  • When libVTE starts, it created a file in /tmp (named vte.), and then immediately unlinks the file, this removes the file from the filesystem, however the file handle is still open, allowing libVTE to write your scrollback buffer to the file, and read it back if needed
  • The issue with this design is that the user is unaware that the data displayed in their terminal is being written to disk
  • Anyone with root or physical access to the machine could then possibly read the contents of your terminal sessions, even once they are closed
  • When you SSH in to a secure machine to do something, you would not expect a record of everything you are doing to be stored on your location machine
  • Your disk may contain your terminal buffers in its slack space, so be careful who else has access to your machine, and be sure to properly erase the disks before recycling them


Q: Sean (aka Jungle-Boogie) asks… Can you give me some tips to make SSH servers more secure?

Helpful Links:
SSH/OpenSSH/Configuring – Community Ubuntu Documentation
SSH Server: A more secure configuration – Ubuntu Forums

Q: Paolo asks… Are there any more security risks for connecting to the Internet using a static IP?

War Story:

It was October 1996. Microsoft Windows 95 was the relatively new kid on the block (at least over here in Ireland) and I had just accepted a job working at a PC retailer. After realising that my Chemistry degree was not going to get me a job that I’d actually want to have I trained up in electronic engineering and was building and testing emergency lighting systems when the chance to turn my computer hobby into a job presented itself. The company wanted me to build PCs, sell PCs and handle repairs when possible. It sounded like a good entry level position to get me into the industry.

The company wanted to ramp their sales up for the Christmas period and the demand was certainly there so I proposed an expansion of the operation. The retail unit had a small workshop in the back which was fine for one tech to work in, but that was about the limit. There was a Pharmacy near by that apparently had a warehouse out back that was unused. A couple of weeks later, after the holidays, we moved the system building operation into that warehouse. We took on 7 more people and I put together a crash course in PC building for them. My basic idea was to make a production line. One guy pulled the cases out of their packaging and prepped them for the next guy who setup the motherboards before passing it to the next guy who hooked up the drives and cables. I had two lines doing that and myself and one more guy in a side office doing quality control.

Once a PC got through quality control i.e. it booted up and POSTed properly, it was time to install the operating system. The guy who owned the company decided that every machine should be preloaded with a vanilla Windows 95 installation. I found that the fastest way to accomplish that with my limited knowledge at the time was to have a Windows 95 bootdisk that loaded up, formatted the hard disk and made it bootable, loaded up a parallel port Iomega Zipdrive config and then copied over the Windows 95 folder structure that I had taken from a pre-configured machine with an identical hardware spec. Ah, if only I had known then what I know now about drive cloning and sysprep etc. Anyway, the process worked for us and we were able to produce a built PC every 12 minutes with a further 15 mins for imaging. One computer ready for sale every 30 mins was pretty good for a rookie with a bunch of luddite minions…er…I mean assistants.

We kept up that pace for a couple of months with slight tweaks and improvements applied over that period. When I “cloned” that original PC operating system, I had been told that the product key was a “system builder key” that was good for 10,000 uses. Being a dumb ass, naive geek who just wanted to make more and more computers work, I never questioned that point. I even had the key written in huge letters on a banner above the door to the side office in the warehouse. In fact, it is still burned into my memory today: 13895-oem–001x05x–4xx37 (masked, it’s old but I don’t wanna get sued by MS).

The fun began when it turned out that over the course of our highly successful and prolific sales of computers, we had apparently sold one to an actual Microsoft employee. This guy was apparently going from store to store around the country and purchasing computers to see if they came with proper licences. One frosty day in April, some Microsoft suits and some police officers showed up at the retail office and announced that they were “raiding” the operation under suspicion of software piracy. The warehouse was a 5 minute walk from the office and when the raiders were walking around, the officer rang us in the warehouse to tell us what was happening. It was time to think fast or flee. I figured my brain moved faster than my body so I stood still and put my grey matter to work in the short amount of time that I had.

There were about 14 PCs on a wooden pallet at the door ready for sale. It dawned on me that those computers were all back in the original box that the cases arrived with. We moved the pallet to the start of the production line right beside the empty, unopened PC cases. I grabbed my lunch, hopped up onto the PCs and acted like I was on a break. A minute or so later, the raid party with Police accompaniment arrived and presented their warrant to search the warehouse. I told them to have at it and stayed on my “seat” to observe. One of the suits grabbed a few computers from inside the QC room and asked one of my helpers to hook it up to a monitor so it could be checked. The computer powered on, POSTed perfectly and then displayed a black screen proclaiming a lack of an operating system. The suit looked positively perplexed by this. He went through every PC in the stack outside the QC room over the course of an hour or so and every one did the exact same thing.

He consulted with his companion and they decided to question me about the computers. I explained that we would build them, test them thoroughly in the QC room and then send them up to the retail office to be sold. I told him how sometimes the hard disks were refurbs and might contain old data but we didn’t really have the time to format them all as the owner was such a damned slave driver. There was a little more questioning but for the most part, the guy looked genuinely disheartened. Afterwards, I thought about it and I think he had a “Geraldo Rivera with the Capone safe” scenario. He had probably bragged about busting this huge pirate operation and had fallen flat on his face.

He apologised for the inconvenience, thanked me for my cooperation and shook my hand. I jumped down off my pile of computers to see him, his companion and their police escort off the premises. The ordeal was over and we’d had a lucky escape. Every time that guy walked into the QC room he just had to look up and see the product key banner above the door and we would have been sunk. If he had looked at what I was sitting on and gotten even slightly curious then I was completely screwed. Suffice it to say, none of that happened and I got away with my deception.

I immediately started looking for my next job in the industry away from that particular style of PC business but I learned a valuable lesson that day – “hiding in plain sight really is the best approach sometimes”.

Round Up:

Question? Comments? Contact us here!