Canadian Chat → Anonymous takes credit for hacking Montreal police website

»www.cbc.ca/news/canada/m ··· ?cmp=rss

quote:

---

The Quebec branch of the online hacker collective Anonymous is taking credit for infiltrating the websites of the Montreal police and the union representing its officers.

Around 10:30 p.m. ET on Friday, the Montreal police website went offline, followed minutes later by that of the Montreal police brotherhood. As of 10 a.m. on Saturday, the former was still not working.

...snip...

However, Anonymous said it will continue to target Montreal police, even after the website is back online.

We can control most of the City of Montreal's networks. So unless you want to return to carrier pigeons & foot runners we suggest you STOP.

---

Is it just me or is there some kind of titanic struggle going on in the world these days just to control the internet.

The government won't be happy until everyone has to login with a licensed user ID while the hackers won't be happy until the government steps back and allows for a completely unmonitored internet.

Meanwhile the public struggles to enjoy a free internet while dealing with the trust issues of putting all of their personal info online.

You really have to wonder what Gates and Gore and the rest of the pioneers of the net had in mind when they created today's networks and whether or not they are pleased with what it's become.

Well personally...the internet should remain an open source of information I think.
It's up to people to safe guard themselves.
Stay off social media...only give your personal info to sites you trust.
I suppose any site can be hacked, but limit your exposure to things that can be changed easily...usernames/passwords.
And I think Bill Gates invented an OS...not the internet. Not sure who Gore is...less you mean Al Gore lol.

Al is the guy that invented the Internet and global warming. It was a good payday. BTW he was broke before.

Microsoft has definitely had a hand in making the internet what it is today and Al Gore I threw in for comic relief.

Technically if you wanted to trace it back to its origins you'd have to include everyone from Alexander Bell to Grace Hopper and everyone since.

My point is that the internet has become a monstrous hydra headed beast that means all things to all people.

What I'm curious about is which groups had which expectations and did they expect the constant battlefield which it has become between gov't and hackers.

Enquiring minds wanna know

A lot of people criticize Gore for his 'I took the initiative in creating the Internet' line but he was very instrumental in forming legislation that helped the Internet evolve into what it is today. He does deserve some credit for its existence as we know it.

And Murray Leinster for his 1946 story "A Logic Named Joe".

And possibly some credit for "Love Story".
»www.nytimes.com/1997/12/ ··· ory.html

Don't forget the boost the internet got from guys looking up Pam Anderson pics in the early days.

As someone who's used the Internet on a daily basis since 1988... and seen every change that came along, experienced the endless September, dealt with the downfall of what Usenet was meant for, PSINet and Netcom's arrivals, lived through irc, gopher, archie, the advent of www from Cern, the AOL and Compuserve influx, etc... there's been so much change in so many ways that have made the vast collection of networked devices not even a shadow of its history.

Bringing commercial entities on-line was the first big change -- up until the early 90's it was only us true nerds and geeks that really enjoyed what the Internet was - finding hidden anon ftp's to upload and download from, Usenet, and the occasional IP BBS systems, etc.. it was just community then - nothing commercial about it - and in many ways it really was like the "wild wild west" - if you could find a way to get your packets on the network, unless you did something ridiculously egregious to cause your upstream provider to pull your link, you could do whatever the he** you wanted.. but at the same time it was almost impossible to be anonymous because there were only educational, research, and government institutions online and IP addresses tended to be static and assigned to specific offices, individuals, PC's, mainframes, etc - DHCP wasn't really a thing and no one hid behind NAT's or firewalls - so everyone knew who you were and where you came from. Once commercial entities came online (and "public" ISP's like Netcom, UUNet, PSInet, etc) the whole game changed... now it wasn't only about community and communication, it was about information and transactions.

Then came better computers in the mid-late 90s where audio files and video files started to outpace static images (gifs, jpgs, etc) - and that was the end of waht was the good part of Usenet - binaries swamped the damn thing and no one carried full feeds for free. IP addresses started to become scarce and people started ending up behind NAT's, sometimes entire organizations, meaning employees or students or others within those organizations became more anonymous and started to hide behind that veil. Dial-up and DSL were more popular and all started using DHCP pools for IP addresses giving people more anonymity -- you could figure out geographically where someone likely was, but not who they were anymore. Script kiddies and wanna-be hackerites started trying to break websites, spam became a thing, and with the advent of the "always on" internet connections in homes with people who didn't maintain their computers properly in the early 2000's bot-nets became big business and now hackers were in it just as much for the money as the prestige.... then came TOR and other things like transparent anonymous proxies - to really anonymize internet usage more than had ever been seen... at the same time the first wave of the "dot com" revolution had come and gone and "net 2.0" - all the brick and mortars that decided to do b2b and b2c transactions online, and the successful original round dot coms (ebay, amazon, etc.) - made the internet all about big business etc... Add in social networking - starting with things like MySpace and moving along into FB, Twitter, Snapchat, etc..

Then came Netflix and Hulu and Pandora and Spotify and all the other over-the-top media services in the 2010's... along with "smartphones" and the "internet of things".. (mind you, I had an internet enabled vending machine on my floor in University in 1989 that I could telnet into, enter one of my pre-paid one time codes, check what was in stock, and have the thing dispense me a drink after a 60 second delay - giving me time to get to the vending machine before it dropped - 26 years ago....).

It can't ever go back to what it was... there's too much money and commerce dependent on it now... it can't be the lawless free-for-all it once was no matter how much some of us would like it to be - billions of $ are trading hands out there now - not just anonymous FTP's of zip files of gif 89a's of cindy crawford and brooke shields. Yeah that dates me pretty good right there :P

So no matter what "anonymous" or other hacker elite types think, when commerce and $ and big business depend on the wires - they'll be regulated, managed, and controlled to make sure that $ doesn't go the wrong way.

That was a beautifully stated summation of what the internet's been all about for the past 27 years and while I tend to agree that government's momentum is to lock it all down and make it safe for commerce, the simple fact remains that all of the popular operating systems and web applications use billions of lines of exploitable and buggy code which inspires no end of the hacking of government websites from the relative security of the bamboo and iron curtain involving not only thrill seekers and organized crime but also cyber warfare entities who all have their own agendas and wish lists for stolen government and corporate and consumer information.

Indeed, if it was as simple as passing a few laws to make the net safe they would have been enacted years ago, but the technical specifications of internet clients and routers simply make them impossible to secure, regardless of how badly the big banks and credit card companies would want it to be.

All that governments can accomplish is locking down the IP addresses of of their own nationals within their own borders, but as far as "wild wild west' goes, I seriously think today the internet is far wilder and more dangerous than it's ever been.

Back in 1988 the worst your computer could do to you was annoy you for a cookie.

Today it can crash a plane, derail a train, knock out the power grid, or bankrupt a government think tank or contractor.

Sure we can argue that we've known about the vulnerabilities of these services for over a decade, but in reality very little has been done to secure them.

Don't forget, Sony Corp was brought to its knees over a stupidly unflattering movie about Kim Jong Un.

That was an example of military grade hacking over something as stupid as a Seth Rogen movie.

Who's plundering the rest of the hen house while idiot politicians posture and sputter creating laws that do little else than to compromise their own citizens' freedoms while building the commercial future of the net on a house of cards?

The problem is mainly basic network security and human stupidity. You can fix the first mostly, the second requires training. They tried the whole 'login id required' thing in S.Korea, didn't work out for shit. They tried it in China too, didn't work for shit.

If it happens you can expect an explosion of services, mesh networks and whatever else to kill it. But there's been a huge push among various groups against anonymity, it's the who that's against anonymity and where it gets interesting.

And Jules Verne for his previously unpublished "Paris In The Twentieth Century." »en.wikipedia.org/wiki/Pa ··· _Century

quote:

---

Is it just me or is there some kind of titanic struggle going on in the world these days just to control the internet.

---

Staged Operations to get more control over the internet.....

Have someone hack thier systems and they then have a LEGIT REASON to lock down the internet!!!! (All part of the plan to stop the free flow of information SO THEY HAVE FULL CONTROL)

Yep, that's pretty much it.

When considering the amount of web sites online, I'd say the majority of the internet is insecure but not until a site becomes a target do we discover which sites require a medium level of talent to exploit.

More or less it's ineptitude on the hosting side or the IT side, where someone using some hosting subsystem didn't apply the requisite patches or the security equipment in between isn't optimally configured by someone who knows what they're doing. Of course there's also decision makers which are offered dirt cheap prices for hosting, security, design, etc., and who's going to pick a higher cost option for something seemingly intangible like security?

Indeed, that was a good example of the mistakes that publishers sometimes make in refusing to publish something.

20 Brilliant Authors Whose Work Was Initially Rejected
»www.buzzfeed.com/stmarti ··· 1y0DdQMg

Teri Hatcher in that Superman cape was pretty popular too...

That's exactly what it is. It's a Cyber False Flag orchestrated to appear like Anonymous. Remember that the name Anonymous means that anyone both Government and Corporate can take on this name in operations and then blame it on others. It's Hegalian Dialectic (Problem/Reaction/Solution).

Yup exactly bud!!!!! (Its good you are awake)

But in that case wouldn't the real Anonymous call out the fake Anonymous?

This is probably linked to 2014 Nov 22-24 incidents where Ottawa police, city, and supreme court sites were hacked.

Hacker vows to 'completely rape' Ottawa police website:
»www.torontosun.com/2014/ ··· ys-chief
Hacker threatens ‘bombshell’ after Ottawa city websites attacked:
»www.theglobeandmail.com/ ··· 1722579/

It is probably a bunch of Canadian youngsters, who may NOT be affiliated with the real Anonymous group.

One of them lives directly across from my son's middle school, and may NOT have made prank calls which resulted in a lock-down and swat team called to that school in May 2014. He may NOT have done that to many other schools/offices/residences in USA and Canada.

I was probably talking to him or a close friend, at the local bus top between 7:30-7:50PM on Thursday, November 20, 2014. The boy seemed very polite and smart. He said he also went to same Middle School, and now goes to John McRae high school. He told me that school is excellent and has a business program. He inquired about my business and my son.

I was expecting him to get on the OC Transpo 170 bus, but he did not. He said he was waiting for a friend. He wished me good luck. I told my son about him, and looked up John McRae website.

Then ... I heard about the Ottawa website hacks. My son and I immediately thought of him, and figured out his name and address. But my son says he is probably innocent. Who am I to disagree? He knows how to hack my PC and phone.

Anonymous seems to suffer from ADHD they move from "scause" to "scause" without actually bringing about any measurable degree of change.

Anonymous are after the double fisting pepper spraying Montreal Cop. That's why they're doing this.
»montrealgazette.com/news ··· s-square

That's an amazing photo.

The cop is just sauntering down the street doing area spraying as if he were watering a garden.

And wouldn't some blow back in his face ?!

I call baloney on that argument. The reality is that even the most basic Windows or Linux or Mac install has over ten billion lines of code in it.

It is physically, chronologically and mentally IMPOSSIBLE for any single human being out there to know every potential weakness and implement an effective defense against it.

And you're talking about training armies of sysadmins who can secure any sensitive network against every zero day exploit?

That kind of thinking went out in the 90's.

Today it's not idiots clicking on email links who are infecting networks. It's military and professional programmers dissecting the code of browsers and operating systems, implementing an attack strategy and not spreading around the method on the hacker boards simply because they intend to profit alone from the hack.

Only idiots announce their zero day hacks on the hacking sites.

Malware Scanner Companies also dissect code and occasionally stumble upon something new in the wild and build in protection.

But if you think companies like Sony or Lockheed Martin or General Dynamics are cheap or lazy with their IT departments I want some of whatever you're smoking.

The reality is that modern software architecture is 100% impossible for any single person or team of humans to secure 100%.

My spin on it is that at the moment probably 99.999% of ALL corporate and government networks are hacked to at least some degree and the only ones we hear about are the ones stupid enough to get caught or announce themselves.

You're welcome to believe whatever you want, but we're talking about deployments not the user end. You can insulate against attacks by using a double-layered system with a active honey pot. You can further insulate yourself by using a double-layered system and locking down permissible IP's on the intranet. If you need to further insulate yourself you air gap, and then you have to worry about physical security breaches.

The vast, and I mean vast majority of breaches exist because they're front-facing to the internet and deem IT security solutions to be "too expensive." You can bet that Sony learned this and now has an air gaped or double-layered system. Companies like Lockheed and GD also use air gaped solutions for anything rated classified or higher. Even Valve Software learned why you use air gaping, and that's how their internal network is now setup.

What you're talking about, and the problems relating to it are either laziness, the "it can't happen here" mentality, or they fail to see it as a worthwhile expenditure until there's a massive intrusion.

I agree that "air gap" isolation of the internal network is the ONLY way to keep your data secure.

For most of us that's simply not an option in the consumer world.

As for Sony and General Dynamics, they BOTH learned that lesson the HARD WAY in recent years, as well as HRDC and CRA among others.

It was not because they were cheap nor stupid. It was because their IT "Professionals " sold them a bill of goods convincing them it couldn't happen to them.

How many other ticking time bombs are out there among our federal and corporate institutions simply waiting for some sort of official "go" signal from their foreign overlords?

So far as I can see, the big banks are among the only institutions out there who have taken things seriously enough to avoid any public embarrassments, though that may simply be the result of an effective PR dept. minimizing publicity and eating the losses in "damage control."

Then again the big banks have all had sense enough to avoid M$ and Linux and Mac on their internal accounting systems, still relying on mainframes designed and built in the 70's and 80's.

I'm certain they already maintain that air gap and use extensive auditing procedures to minimize any risks at their ends.

I still wouldn't trust any of my personal bank account info on the internet though. I still do my banking via telephone and fax. At least I'm not a target hanging out exposed to a quarter billion hackers.

I'd expect that from someone who's never worked in a field related to information technology.No, I'm talking about the regular practices of competent sysadmins who regularly patch their equipment as needed and review RSS feeds with the latest posted exploits. It doesn't take a computer science degree to review the reports of how many web sites on the internet that are woefully insecure. Heck, even people that aren't savvy with technology have read news articles with quotes from information security folks quoted as saying, "we warned them of these issues."Quite frankly you don't have the insight to relay the reality. The reality is that I wasn't referring to 100% security, I was referring insecurity. If you want insight, refer to the statistics concerning sites utilizing PHP, then refer to the patch versions of PHP, then correlate how many sites are publicly not patched up to date. That's just one platform.

Much of my job involves auditing physical and information security and I can tell you right now that there are plenty of well travelled web sites that are insecure due to the chincing out of decision makers and there are simple exploits that aren't patched, exploits just waiting for someone with a minimal amount of skill to take advantage of.

So that's your answer on security? Defend against the script kiddies and ignore the unknown military and professional criminal hackers?

Like I said, you'll never find these vulnerabilities in your RSS feeds simply because these people are not stupid enough to make them public.

To them it's not a game and they take their stealth seriously.

Only in hollywood style movies, not IRL.

Yup, $$$ speaks more than words ever will.

Heh - your post micics my timeline fairly closely too!

Funny that you use "live tbrough" and IRC in the same breath, many of us still live on IRC along with having our own routed /24's!