Tag: loic

Using Cloud Computing for Hacking

This is not about hacking the cloud. Instead this is about using the cloud to hack

 

Some articles last year wrote on how hackers used Amazon Ec2 for hacking/ddos attacks.

http://www.pcworld.com/businesscenter/article/216434/cloud_computing_used_to_hack_wireless_passwords.html

Roth claims that a typical wireless password can be guessed by EC2 and his software in about six minutes. He proved this by hacking networks in the area where he lives. The type of EC2 computers used in the attack costs 28 cents per minute, so $1.68 is all it could take to lay open a wireless network.

and

http://www.bloomberg.com/news/2011-05-15/sony-attack-shows-amazon-s-cloud-service-lures-hackers-at-pennies-an-hour.html

Cloud services are also attractive for hackers because the use of multiple servers can facilitate tasks such as cracking passwords, said Ray Valdes, an analyst at Gartner Inc. Amazon could improve measures to weed out bogus accounts, he said.

 

and this article by Anti-Sec pointed out how one can obtain a debit card anonymously

https://www.facebook.com/notes/lulzsec/want-to-be-a-ghost-on-the-internet/230293097062823

VPN Account without paper trail

  • Purchase prepaid visa card with cash
  • Purchase Bitcoins with Money Order
  • Donate Bitcoins to different account

 

Masking your IP address to log on is done by TOR

https://www.torproject.org/download/download.html.en

and the actual flooding is done by tools like LOIC or HOIC

http://sourceforge.net/projects/loic/

and

http://www.4shared.com/rar/UmCu0ds1/hoic.html

 

So what safeguards can be expected from the next wave of Teenage Mutant Ninjas..?

 

Some Ways Anonymous Could Disrupt the Internet if SOPA is passed

This is a piece of science fiction. I wrote while reading Isaac Assimov’s advice to writers in GOLD, while on a beach in Anjuna.

1) Identify senators, lobbyists, senior executives of companies advocating for SOPA. Go for selective targeting of these people than massive Denial of Service Attacks.

This could also include election fund raising websites in the United States.

2) Create hacking tools with simple interfaces to probe commonly known software errors, to enable wider audience including the Occupy Movement students to participate in hacking. thus making hacking more democratic. What are the top 25 errors as per  http://cwe.mitre.org/cwss/

http://www.decisionstats.com/top-25-most-dangerous-software-errors/ ?

 

Easy interface tools to check vulnerabilities would be the next generation to flooding tools like HOIC, LOIC – Massive DDOS atttacks make good press coverage but not so good technically

3) Disrupt digital payment mechanisms for selected targets (in step1) using tools developed in Step 2, and introduce random noise errors in payment transfers.

4) Help create a better secure internet by embedding Tor within Chromium with all tools for anonymity embedded for easy usage – a more secure peer to peer browser (like a mashup of Opera , tor and chromium).

or maybe embed bit torrents within a browser.

5) Disrupt media companies and cloud computing based companies like iTunes, Spotify or Google Music, just like virus, ant i viruses disrupted the desktop model of computing. After that offer solutions to the problems like companies of anti virus software did for decades.

6) Hacking websites is fine fun, but hacking internet databases and massively parallel data scrapers can help disrupt some of the status quo.

This applies to databases that offer data for sale, like credit bureaus etc. Making this kind of data public will eliminate data middlemen.

7) Use cross border, cross country regulatory arbitrage for better risk control of hacker attacks.

8) recruiting among universities using easy to use hacking tools to expand the pool of dedicated hacker armies.

9) using operations like those targeting child pornography to increase political acceptability of the hacker sub culture. Refrain from overtly negative and unimaginative bad Press Relations

10) If you cant convince  them to pass SOPA, confuse them 😉 Use bots for random clicks on ads to confuse internet commerce.

 

Occupy the Internet

BORN IN THE USA

Continue reading “Occupy the Internet”

Tools for Hackers:Beginners

How to disguise your IP Address from your most wonderful glorious leaders-

From

 

https://www.torproject.org/projects/torbrowser.html.en

Tor Browser Bundle

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser, and is self-contained. The Tor IM Browser Bundleadditionally allows instant messaging and chat over Tor. If you would prefer to use your existing web browser, install Tor permanently, or if you don’t use Windows, see the other ways to download Tor.

Freedom House has produced a video on how to find and use the Tor Browser Bundle. If you don’t see a video below, view it at Youtube . Know of a better video or one translated into your language? Let us know!

 

 

 

and if you now want to see or check your own website for a Denial of Service attack , download this

http://sourceforge.net/projects/loic/

This is the software for which 32 Turkish teenagers got arrested for bringing down their govt websites. Do NOT USE it for ILLEGAL purposes,

because 1) it is hosted on a western website that due to Patriot Act would tracking downloads as well as most likely be inserting some logging code into your computer (especially if you are still on Windows)

2) Turkey being a NATO member got rather immediate notice of this – which makes it very likely that this tool is compromised in the Western Hemisphere. You can probably use this in Eastern Hemisphere country excluding Israel, Turkey, China, India ,Korea or Japan because these countries do have sophisticated hackers working for the government as well.

3) This is just a beginners tool to understand how flooding a website with requests work.

http://sourceforge.net/projects/loic/files/

Basically download, unzip the file

Enter URL and click Lock on to know IP address.

use HTTP Method. Make say 1000 threads.

Then press the IMMA CHARGING MY LAZER big button.

Note the Failed Tab tells you how good or bad this method is.

Note – it wont work on my blogs hosted on wordpress.com- but then those blogs had a root level breach some time back. It did work on both my blogspot and my tumblr blogs, and it completely shattered my son’s self hosted wordpress blog (see below)

 

 

%d bloggers like this: