(flickr/mjtmail)

Firms specializing in technology security make it their business to scare potential customers, but that doesn't make an Internet Identity (IID) report predicting cyber doom in 2014, highlighted today by Ray Kurzweil's Accelerating Intelligence, any less spooky.

According to IID, looming cybersecurity threats in 2013--more mobile malware, increasingly aggressive hacktivism, attacks on the cloud--are "well-anticipated and mundane."

Those "mundane" threats are nothing next to the bleak wasteland of death and destruction IID expects in 2014:

[By] 2014 significant new methods of cybercrime will emerge. These new threats include the utilization of Internet connected devices to actually carry out physical crimes, including murders and cybercriminals leveraging mobile device Near Field Communications (NFC) to wreak havoc with banking and e-commerce. IID also expects the industry to combat such threats with new platforms for sharing intelligence across researchers, commercial enterprises and government agencies.

IID elaborated on "Murder By Internet Connected Devices" with scenarios that sound pretty plausible. They predicted that criminals could use pacemakers with remote connections, control systems on Internet-connected vehicles or even connected machines that control IV drips to potentially carry out long-distance, untraceable crimes.

It sounds like hyperbole, but pacemakers (for example) are already hackable, and as Forbes noted in this early December post about the reality of compromised medical equipment, Homeland has already used a hacked pacemaker as a plot device.

IID also warned about the dangers of NFC-enabled smart phones. NFC, or near-field communication, allows information exchange between compatible devices. It's pretty common on phones now but may one day even permit cars to talk to each other. Paul Ferguson, the company's vice president of Threat Intelligence, says NFC could be "a gold mine for cybercriminals and we have already seen evidence that they are working to leverage these apps to siphon money."

Additional threats IID believes may manifest in 2014 include an increase in state-sponsored malware, like Stuxnet, Flame and Duqu, a successful cyberattack on a power grid and an "exploit of a significant military assault system like drones."

Not directly mentioned but already in the wild: hackers already taking advantage of poorly-secured supervisory control and data acquisition (SCADA) systems which have easily cracked web administration pages. At the moment SCADA vulnerabilities might just cause discomfort and disruption, but in 2014's creepy killer web scenario, compromising a large-scale heating and cooling system might just be round one in an all-out infrastructure attack on a regional, even a national scale.

In posting a link to the Kurzweil write-up about IID's dire warnings, Quartz's Christopher Mims sounded the necessary note of caution needed after reading hints of a looming cyber-pocalypse:

Cybercriminals will straight-up kill you, says firm that profits massively by hyping threat. kurzweilai.net/murder-by-inte…

— Christopher Mims (@mims) January 4, 2013

Duly noted. However, if IID is correct, we've only got a year.

Cower and whimper accordingly.

Team GhostShell's Project WhiteFox logo.

Team GhostShell published their "last project" Monday, "Project WhiteFox." The hacking crew again used their signature method of announcing the large-scale hack, hijacking numerous Twitter  profiles to link to their Pastebin page and notify tech blogs and writers who have covered them in the past.

On the page linking to data taken as part of Project WhiteFox, Team GhostShell explained some of their actions over the past year or so. They also revealed that "DeadMellox" was a ploy, writing that he "was a ghost to begin with."

"We used the name afterwards to trackback all mentions of that name all over the place," the hackers wrote, adding, "Well, the whole plan is a bit more complicated than that, part of a bigger story, but let's leave it at that for now."

The organizations hit by Project WhiteFox include The European Space Agency, NASA's Center For Advanced Engineering, the Credit Union National Association (CUNA), a defense contractor for the Pentagon and Aquilent, an intelligence firm that states on its website that it makes "technology work for you."

In a survey of some of the data Team GhostShell posted to various paste-up sites, Betabeat noted login information including emails and passwords as well as the texts of what appear to be internal communications.

Team GhostShell ended the long list of links to hacked data with a rundown of its ops from 2012. These included #ProjectDragonFly, which Team GhostShell termed "a real cyberwar upon China" in the name of freedom of speech and #ProjectWestWind, which famously hacked top-shelf educational institutions around the world to protest "school policies that had spiked tuition fees, outdated reforms and unprepared school faculty."

While Project WhiteFox is supposedly the team's final exploit for this year, Team GhostShell signed off with a hint they'd return, writing, "who knows, maybe we'll see each other again next year."

Hundreds of systems administrators and IT security staff around the world probably hope Team GhostShell is done for good.

Bank of Jerusalem site before its database was deleted. (Google cache)

As part of Anonymous's #OpIsrael, it appears the hacktivists have wiped the Bank of Jerusalem from the web. The site currently loads a mostly blank page with the message, "Couldn't connect to the database server." A tweet appearing to tie the site outage to Anonymous's support of the people of the Gaza was posted on @YourAnonNews:

Bank of Jerusalem database has been deleted | bankjerusalem.co.il| #OpIsrael #Anonymous

— Anonymous (@YourAnonNews) November 16, 2012

Anonymous quickly mounted OpIsrael after the Israel Defense Force tweeted a declaration beginning of Operation Pillar of Defense, an offensive targeting Hamas. Israel calls Hamas an "Iranian proxy for terror attacks" against them.

Most of the top-trending pastes on Pastebin are related to OpIsrael, including this message, which says in part:

Anonymous does not support violence by the IDF or by Palestinian Resistance/Hamas. Our concern is the for the children of Israel and Palestinian Territories and the rights of the people in Gaza to maintain open lines of communication with the outside world.

In a new statement released Friday evening, Anonymous defended its actions by repeating that it did not support violence and insisting "Anonymous has not used any anti-Semitic language during our campaign. Nor have we vocalized any support for Palestinian military operations or resistance groups. Our goal was to protect the rights of Palestinian people who are threatened with silence as Israel has made attempts to shut down cell phone and internet service throughout Gaza."

The Bank of Jerusalem is Israel's seventh largest financial institution and is listed among Dun & Bradstreet Israel's 100 Largest Enterprises. In addition to taking the Bank's site offline, Anonymous has also struck Tel-Aviv's city page an Israeli government commerce site and Israel's Ministry of Foreign Affairs, just to name a few.

Many media outlets reported a possible PayPal hack as well, however PayPal issued a denial, stating they had no evidence of a breach.

Additionally, credit for the Symantec hack may go to a hacker or group of hackers called HTP, not the larger de-centralized mass of Anons.

The ImageShack hack appears pretty comprehensive. In a Pastebin post of ImageShack data, the hackers wrote that "ImageShack has been completely owned, from the ground up. We have had root and physical control of every server and router they own. For years." The data dump included pages of code, email addresses and encrypted passwords.

In addition to the hacks, Anonymous is re-enacting the final scene from the movie V for Vendetta, from which the group was inspired to adopt its now-iconic Guy Fawkes mask. The peaceful action is taking place in Trafalgar Square in London. On the Facebook page for the event, Anonymous writes that the event "is the centrepiece of a worldwide Anonymous operation of global strength and solidarity, a warning to all governments worldwide that if they keep trying to censor, cut, imprison, or silence the free world or the free internet they will not be our governments for much longer. Change is coming."

Anonymous includes an important disclaimer at the bottom of the page: "We will NOT blow up Parliament." A long-standing rumor that Anonymous would target Facebook today is also false:

Again... regarding the Facebook attack... it's FAKE! #kthx

— Anonymous Press (@AnonymousPress) November 5, 2012

So Parliament and Facebook are both safe, but our favorite photo websites circa 2005? Not so much.

In your networks, downloading your databases.

Hacking group Team GhostShell, which recently hacked records from major universities around the world, has materialized again to announce a declaration of war against Russia. It calls the operation Project BlackStar and claims it already has "access to more russian files than the FSB (Russia's answer to the CIA)."

Team GhostShell has a novel approach to promoting its ops--it uses mulitple hacked Twitter accounts, posting the same message directed at various tech blogs and writers on each one:

#ProjectBlackStar - GhostShell declares war on Russia pastebin.com/yXN7uc6r @breakthesec @stevehuff @betabeat @arstechnica @wired @johnedunn

— Susie Hargreaves (@SusieHargreaves) November 2, 2012

The user whose account was used to post the preceding blurb later tweeted, "Any GhostShell or Project Blackstar tweets are not mine. Account compromised."

In the Pastebin post linked from the hacked accounts, Team GhostShell's DeadMellox explained why it is targeting Russia:

For far too long Russia has been a state of tyranny and regret. The average citizen is forced to live an isolated life from the rest of the world imposed by it's [sic] politicians and leaders. A way of thinking outdated for well over 100 years now. The still present communism feeling has fused with todays capitalism and bred together a level of corruption and lack of decency of which we've never seen before.

Later in the post, DeadMellox writes that even while the Russian people are having a hard time, "the Russian Government has enough resources to spend on it's [sic] spies." That's why, the hacker writes, "GhostShell is declaring war on Russia's cyberspace, in "Project BlackStar."

Aimed directly at the Russian government, Project BlackStar has begun with what DeadMellox calls "a nice greeting of 2.5 million accounts/records leaked, from governmental, educational, academical, political, law enforcement, telecom, research institutes, medical facilities, large corporations (both national and international branches) in such fields as energy, petroleum, banks, dealerships and many more."

Betabeat reviewed some files with assistance from Google translations and our rusty college Russian, and Team GhostShell appears to be true to its word. Example: a large database dump from the Russian Academy of Sciences Institute of Scientific Development. It's hard to say whether this or other files contain vital information--we'll leave that to the Russians.

(Facebook/Anonymous UK-Ireland)

Members of Anonymous in the United Kingdom are planning a public action for November 5, 2012 that may spread to other capital cities around the world. The protest has been dubbed Operation Vendetta, or #OpVendetta, after V for Vendetta, the film that inspired much of Anonymous's ethos as well as the hacktivist collective's adoption of Guy Fawkes masks.

#OpVendetta appears to have been in the planning stages for some time and as InfoSecurity reports, it has the potential to make governments everywhere a little nervous:

Now the various Anonymous groups around the world are supporting each other "for what will be the strongest display of anonymous in the UK so far." While focused on the UK, it is intended to be a worldwide protest, both on the ground and in cyberspace. “On the 5 November 2012 the Anonymous Collective will engage in the largest orchestrated attack on the Governments of the World. The centerpiece will be the re-enactment of the Film V for Vendetta scene at the Houses of Parliament with ground and online protests across the globe," a spokesman from AnonATeam in the UK told Infosecurity.

Anonymous's talent for self-promotion can make it hard to gauge real-world support for their actions, but the Operation Vendetta Facebook page states 3,777 people plan to show on Nov. 5th. Over 1,400 more have indicated they may attend.

The U.K. #OpVendetta page links to a Facebook page for a November 5 event in America: "March on D.C." The U.S. page creators call the March a "Citizens Action" and say they "need to organize a citizens arrest of all parties involved in the various criminal acts that have put our country as well as our world in jeopardy." There could be as many as 2,000 people in attendance.

Naturally, since this is Anonymous we're talking about, the hacktivists told InfoSecurity that "quite a few online protests will be conducted" against government websites on November 5th as well.

We kind of expected that.

(Scene from V for Vendetta--the scene Anonymous U.K. plans to portray on Nov 5.)

screengrab

Team GhostShell returned late Monday with Project WestWind: a leak of 120,000 records from 100 major universities around the world.

Team GhostShell is the hacking group behind Project Hellfire, which launched in August this year. Project Hellfire lifted 1 million accounts from 100 websites around the world, compromising data from the CIA and from Wall Street.

The hacked data leaked in Project WestWind does indeed appear to come from a who's who of major learning institutions. They include Harvard, Cambridge, Princeton, Tokyo University, Cornell and New York University.

In their Pastebin announcement, Team GhostShell said Project WestWind was a serious effort to jump-start a dialogue on the state of higher education today. Apparently this hack wasn't pranksterism for the lulz, but hacktivism for the greater good:

We wanted to bring to your attention different examples from Europe, how the laws change so often that even the teachers have a hard time adjusting to them, let alone, the students, to the US, where tuition fees have spiked up so much that by the time you finish any sort of degree, you will be in more debt than you can handle and with no certainty that you will get a job, to Asia, where strict & limited teachings still persist and never seem to catch up with the times and most of the time fail to prep you up for a world where foreign affairs are crucial in this day and age.

The hackers ask that others use the information as a conversation starter, team member DeadMellox writing:

You don't have to talk about it with us, what's important is that you bring up the subject 'today's education' in day-to-day conversations with your family, friends, people close to you and try to understand the system better, together. How it works, how a certain type of diploma can or cannot help you in your road to the career you want to pursue.

Though Team GhostShell's data dump contains user screen names and mostly hashed passwords (Betabeat examined one file in which some of the passwords were apparently cracked), they claim they've kept the leaked records to a minimum.

Team GhostShell issued a warning to the targeted institutions regarding the states of their networks: "When we got there, we found out that a lot of them have malware injected. No surprise there since some have credit card information stored."

Betabeat has reached out to a web network administrator at one of the hacked universities for comment and will update this post if we receive a response.

No, seriously, you should expect this.

Anonymous has pretty much had all it can take of The New York Times’s bullshit and it's not going to take it anymore. That's the upshot of this "Anonymous Declaration of #OpNYT” posted on Pastebin sometime late yesterday. #OpNYT certainly sounds ominous, but as Gawker's Adrian Chen noted in a tweet, "Anonymous' press releases get somehow get longer-winded every time."

This long-windedness makes it tough to parse what the eternally seething hacktivist collective is trying to say. In this instance Wikileaks, Stratfor and HBGary are all name-checked before the declaration segues into, inevitably, the Orwellian global surveillance system currently loathed by privacy activists everywhere, TrapWire. The Times’s minimal coverage of TrapWire (a system apparently controlled by the Cubic Corporation, which is referenced below) appears to have pushed Anonymous's "epic invective" button:

The facts on Trapwire have since been confirmed by a series of other outlets ranging from The Daily Caller to Pravda to The New American to NBC.com to Cryptome, and by six Australian outlets that were promptly forced to delete the assertion via Cubic's powerful lawyers - but these facts have yet to be acknowledged by the NYT nor by those other outlets that still think highly of the Grey Lady despite her being a filthy, poorly-composed whore - Thomas Friedman's syphilitic dominatrix.

Anonymous also cries "Death to this horrid paper" before essentially saying we shouldn't get out the popcorn in preparation for an epic hack.  Anons are asked to spread "these and other failures of the New York Times by attaching the info to those deeds to come, and by encouraging all Anons to assist in this brief engagement" in conjunction with other ops, including #OpTrapWire.

After this call to arms, Anonymous mentions an interesting nugget of information--someone may have recently changed The New York Times’s website administrator's password. Anonymous, however, does not approve, writing that such a prank is "amusing" but not part of the "generally-accepted Anonymous tradition of non-aggression via hacking or DOS towards publications not run (officially) by the state. Gawker has been only exception, lol Kayla."

The #OpNYT announcement closes with, "Don't wait. Retaliate. We do not forget."

We did not expect that.

After the Jan. 20 raid on Megaupload, a law enforcement sting that drew the immediate anger of Anonymous hackers, an unnamed attacker took a distributed denial-of-service (DDoS) attack tool called Slowloris, popular with Anonymous supporters, and rigged it to include the Zeus Trojan, a devious piece of malware used to siphon victims' online banking credentials.

The trojan-infected Slowloris was included in a list of Anonymous-approved DDoS tools released in anticipation of Operation Megaupload, which targeted the Department of Justice, F.B.I. and Recording Industry Association of America (R.I.A.A.), to name a few.

According to Symantec, anyone who acquired the compromised DDoS tool may have also compromised their banking account.

Symantec put a fine point on just how perilous the situation might be for some Anons:

Not only will supporters be breaking the law by participating in DoS attacks on Anonymous hacktivism targets, but may also be at risk of having their online banking and email credentials stolen.

Symantec waxed apocalyptic about the combination of malware and hacktivism, calling it a "dangerous development."

Anonymous may take all this with a grain of salt, however, considering they were negotiating with Symantec as recently as early February over a 2006 hack of the source code to Symantec's pcAnywhere.

So it goes.

Even more bothersome than your complete lack of competence in maintaining your own fucking websites and serving the citizens you are supposed to be protecting, is the US federal government’s support of ACTA. You really want to empower copyright holders to demand that users who violate IP rights (with no legal process) have their Internet connections terminated? You really want to allow a country with an oppressive Internet censorship regime to demand under the treaty that an ISP in another country remove site content? Well, we have a critical warning for you, and we suggest you read the next few paragraphs very, very closely.

If ACTA is signed by all participating negotiating countries, you can rest assured that Antisec will bring a fucking mega-uber-awesome war that rain torrential hellfire down on all enemies of free speech, privacy and internet freedom. We will systematically knock all evil corporations and governments off of our internet.

That was the tame portion of the message. The author--or authors--continued, issuing threats loaded with hints of just how bad it could get for those with information stored on the servers they claim to have already compromised:

We are s(h)itting on hundreds of rooted servers getting ready to drop all your mysql dumps, child pr0n and mail spools (to be honest, fucking too much for us to read on our own, so we swap with all criminal underground allies for sex and 0days). Oh wait, what’s that? Your passwords? Addresses? Your precious bank accounts? Even your online dating details?! (yep, We know you're cheating on your…well, we won’t get into that here. Yet.)

A.C.T.A stands for Anti-Counterfeiting Trade Agreement. It is an intellectual property protection treaty being negotiated by 13 countries, including the United States. The Electronic Frontier Foundation (E.F.F.) explains A.C.T.A. is cause for concern due to "significant potential concerns for consumers' privacy" as well as "the free flow of information on the Internet." The Consumer.gov (etc.) hackers put a fine point on the problem with A.C.T.A., stating it is "more dangerous and detrimental to our rights than SOPA. ACTA will further spread the contagion of stricter copyright enforcement worldwide, at the expense of our essential liberties and basic freedoms of speech, expression and privacy."

The E.F.F. states one additional concern regarding A.C.T.A. is it will require Internet Service Providers to "identify and remove allegedly infringing material from the Internet." It may be a coincidence that innocuous form-building site Jotform was taken offline Friday, apparently after Jotform host GoDaddy complied with a puzzling Secret Service request to suspend the domain--the sort of action Anonymous and other A.C.T.A. opponents fear could become commonplace if the treaty is fully ratified.

[Consumer.gov, etc.]