Re: Mastercard problems
On 12/9/10 8:11 AM, Marshall Eubanks wrote: By the way, I was amused that a Twitter spokesman boasted that The company is not overly concerned about hackers’ attacking Twitter’s site, he said, explaining that it faces security issues all the time and has technology to deal with the situation. I hope he had his fingers crossed when he said that, as Twitter can barely keep the service functioning on a good day, with frequent outages. Justin beiber is as effective a ddos on twitter as anyone needs. Regards Marshall Paul.
Re: Mastercard problems
The USSS has jurisdiction over all DDoS (threats to critical infrastructure). Jeff On Wed, Dec 8, 2010 at 3:30 PM, andrew.wallace andrew.wall...@rocketmail.com wrote: I would say the attack falls under the jurisdiction of the US secret service since this is an attack on the financial system. Today the agency's primary investigative mission is to safeguard the payment and financial systems of the United States. --- secretservice.gov Andrew - Original Message - From:Christopher Morrow morrowc.li...@gmail.com To:Jack Bates jba...@brightok.net Cc:nanog@nanog.org nanog@nanog.org Sent:Wednesday, 8 December 2010, 18:47:49 Subject:Re: Mastercard problems I know that the folks involved on the MC side already have this data, and that the fbi is interested in it. -chris -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
Re: Mastercard problems
So then why is there a cyber command and a cyber group part of homeland security charged with protection of critical infrastructure if critical infrastructure is the responsibility of USSS? Looks like we have too many keystone cops (the AF advertises an operational Cyber Command with nothing really there) who might fall over one another not to mention get in the way of the owners of the infrastructure who probably know it better than the feds. On Dec 11, 2010, at 8:16 PM, Jeffrey Lyon wrote: The USSS has jurisdiction over all DDoS (threats to critical infrastructure). Jeff On Wed, Dec 8, 2010 at 3:30 PM, andrew.wallace andrew.wall...@rocketmail.com wrote: I would say the attack falls under the jurisdiction of the US secret service since this is an attack on the financial system. Today the agency's primary investigative mission is to safeguard the payment and financial systems of the United States. --- secretservice.gov Andrew - Original Message - From:Christopher Morrow morrowc.li...@gmail.com To:Jack Bates jba...@brightok.net Cc:nanog@nanog.org nanog@nanog.org Sent:Wednesday, 8 December 2010, 18:47:49 Subject:Re: Mastercard problems I know that the folks involved on the MC side already have this data, and that the fbi is interested in it. -chris -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
Re: Mastercard problems
http://www.secretservice.gov/ectf_newyork.shtml Each field office has their own page. Jeff On Sat, Dec 11, 2010 at 8:42 PM, TR Shaw ts...@oitc.com wrote: So then why is there a cyber command and a cyber group part of homeland security charged with protection of critical infrastructure if critical infrastructure is the responsibility of USSS? Looks like we have too many keystone cops (the AF advertises an operational Cyber Command with nothing really there) who might fall over one another not to mention get in the way of the owners of the infrastructure who probably know it better than the feds. On Dec 11, 2010, at 8:16 PM, Jeffrey Lyon wrote: The USSS has jurisdiction over all DDoS (threats to critical infrastructure). Jeff On Wed, Dec 8, 2010 at 3:30 PM, andrew.wallace andrew.wall...@rocketmail.com wrote: I would say the attack falls under the jurisdiction of the US secret service since this is an attack on the financial system. Today the agency's primary investigative mission is to safeguard the payment and financial systems of the United States. --- secretservice.gov Andrew - Original Message - From:Christopher Morrow morrowc.li...@gmail.com To:Jack Bates jba...@brightok.net Cc:nanog@nanog.org nanog@nanog.org Sent:Wednesday, 8 December 2010, 18:47:49 Subject:Re: Mastercard problems I know that the folks involved on the MC side already have this data, and that the fbi is interested in it. -chris -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications - AS32421 First and Leading in DDoS Protection Solutions
Re: Mastercard problems
In article 476364.37472...@web59605.mail.ac4.yahoo.com, andrew.wallace andrew.wall...@rocketmail.com writes Dutch authorities have arrested a 16-year old hacker in connection with Mastercard. http://news.cnet.com/8301-31921_3-20025215-281.html It was a quick arrest wasn't it? Dutch authorities have a slight advantage because ISPs have to send them subscriber details every night. So (within the limitations of specific anonymising techniques by users) they 'know where everyone lives'. -- Roland Perry
Re: Mastercard problems
Just a day after Dutch police arrested a 16-year-old boy in connection with Wikileaks-related denial-of-service attacks, websites belonging to the Netherlands computer crime cops and prosecutors have been struck with a similar assault. http://nakedsecurity.sophos.com/2010/12/10/dutch-police-website-attacked-after-arrests-of-suspected-hacker/ Andrew - Original Message - From:Michael Smith msm...@internap.com To:andrew.wall...@rocketmail.com Cc:nanog@nanog.org Sent:Thursday, 9 December 2010, 23:16:22 Subject:Re: Mastercard problems Exactly... Rounding up script kiddies one at a time is a pretty serious deterrent ;). I'm sure the bot-masters are quaking in their boots... :) - Original Message - From: andrew.wallace andrew.wall...@rocketmail.com To: Michael Smith Cc: nanog@nanog.org nanog@nanog.org Sent: Thu Dec 09 18:14:16 2010 Subject: Re: Mastercard problems It was a quick arrest wasn't it? - Original Message - From:Michael Smith msm...@internap.com To:andrew.wallace andrew.wall...@rocketmail.com Cc: Sent:Thursday, 9 December 2010, 21:49:16 Subject:RE: Mastercard problems 1 down, 3896 to go... :) -Original Message- From: andrew.wallace [mailto:andrew.wall...@rocketmail.com] Sent: Thursday, December 09, 2010 4:44 PM To: nanog@nanog.org Subject: Re: Mastercard problems Dutch authorities have arrested a 16-year old hacker in connection with Mastercard. http://news.cnet.com/8301-31921_3-20025215-281.html Andrew
Re: Mastercard problems
On Thu, 2010-12-09 at 18:34 +1100, Ben McGinnes wrote: On 9/12/10 8:04 AM, Christopher Morrow wrote: On Wed, Dec 8, 2010 at 3:06 PM, Philip Dorr tagn...@gmail.com wrote: The problem is that they were also slashdotted. The logs would also have a large number of unrelated. pro-tip: the tool has a pretty easy to spot signature. What is that signature? The tool makes HTTP/1.0 requests, most browsers make HTTP/1.1 requests. William
Re: Mastercard problems
On 08/12/2010 20:42, Jack Bates wrote: Of course, it's debatable if use of LOIC is enough to convict. You'd have to first prove the person installed it themselves, and then you'd have to prove that they knew it would be used for illegal purposes. Earlier this morning there were two people interviewed on the BBC radio 4 Today program (this is considered the BBC's flagship morning news/current affairs show on their serious nationwide talk radio station) about this - one was a security consultant and another was a member of/spokesman for the 'operation payback' group. One wonders why the Met Police didn't have someone waiting to have a quiet chat with the latter when he left the studio. Both of them said that people had been voluntarily downloading and installing botnet clients on their PCs in order to take part in these DDoS attacks. Ignoring, for a moment, the stupidity of such action it is hard to see how you'd be able to argue that this was *not* going to be used for illegal purposes. The other amusing part of the interview was when the security consultant started off very well explaining a DDoS in layman's terms, but then veered off using the terms HTTP, UDP and IP in one sentence causing the presenter to intervene as it was getting a tad too technical there. Paul.
Re: Mastercard problems
On 9/12/10 7:49 PM, William Pitcock wrote: On Thu, 2010-12-09 at 18:34 +1100, Ben McGinnes wrote: On 9/12/10 8:04 AM, Christopher Morrow wrote: On Wed, Dec 8, 2010 at 3:06 PM, Philip Dorr tagn...@gmail.com wrote: The problem is that they were also slashdotted. The logs would also have a large number of unrelated. pro-tip: the tool has a pretty easy to spot signature. What is that signature? The tool makes HTTP/1.0 requests, most browsers make HTTP/1.1 requests. Is there anything else to it, or just the protocol version? Regards, Ben signature.asc Description: OpenPGP digital signature
Re: Mastercard problems
On Thu, Dec 09, 2010, Ben McGinnes wrote: On 9/12/10 7:49 PM, William Pitcock wrote: On Thu, 2010-12-09 at 18:34 +1100, Ben McGinnes wrote: On 9/12/10 8:04 AM, Christopher Morrow wrote: On Wed, Dec 8, 2010 at 3:06 PM, Philip Dorr tagn...@gmail.com wrote: The problem is that they were also slashdotted. The logs would also have a large number of unrelated. pro-tip: the tool has a pretty easy to spot signature. What is that signature? The tool makes HTTP/1.0 requests, most browsers make HTTP/1.1 requests. Is there anything else to it, or just the protocol version? Be careful - plenty of Squid's make HTTP/1.0 version. ProTip: be careful. :-) Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $24/pm+GST entry-level VPSes w/ capped bandwidth charges available in WA -
Re: Mastercard problems
On Thu, Dec 09, 2010, Adrian Chadd wrote: Be careful - plenty of Squid's make HTTP/1.0 version. make HTTP/1.0 requests, not version. Tsk. (And here I am, studying linguistics. Pshaw.) Adrian
Re: Mastercard problems
In article 4d00a373.3010...@prt.org, Paul Thornton p...@prt.org writes Earlier this morning there were two people interviewed on the BBC radio 4 Today program (this is considered the BBC's flagship morning news/current affairs show on their serious nationwide talk radio station) about this - one was a security consultant and another was a member of/spokesman for the 'operation payback' group. One wonders why the Met Police didn't have someone waiting to have a quiet chat with the latter when he left the studio. In this case the chap was in their central studio, but the earlier technical expert wasn't (you can tell by the way he's introduced and other verbal clues). I've done several such live interviews, in the studio and both attended and unattended remote - they all work a bit differently. The police would have to act fast to get round there before he left the building, but if the interview was from a regional studio he'd be long gone. On the other hand, if the BBC got hold of him, they must have some contact details to trace him. ps I was surprised the expert claimed that Visa's service had been taken down by DDOS, despite being Akamaised. -- Roland Perry
Re: Mastercard problems
here is the audio from BBC Radio 4. http://www.bbc.co.uk/news/technology-11935539 On Thu, Dec 9, 2010 at 1:37 AM, Paul Thornton p...@prt.org wrote: On 08/12/2010 20:42, Jack Bates wrote: Of course, it's debatable if use of LOIC is enough to convict. You'd have to first prove the person installed it themselves, and then you'd have to prove that they knew it would be used for illegal purposes. Earlier this morning there were two people interviewed on the BBC radio 4 Today program (this is considered the BBC's flagship morning news/current affairs show on their serious nationwide talk radio station) about this - one was a security consultant and another was a member of/spokesman for the 'operation payback' group. One wonders why the Met Police didn't have someone waiting to have a quiet chat with the latter when he left the studio. Both of them said that people had been voluntarily downloading and installing botnet clients on their PCs in order to take part in these DDoS attacks. Ignoring, for a moment, the stupidity of such action it is hard to see how you'd be able to argue that this was *not* going to be used for illegal purposes. The other amusing part of the interview was when the security consultant started off very well explaining a DDoS in layman's terms, but then veered off using the terms HTTP, UDP and IP in one sentence causing the presenter to intervene as it was getting a tad too technical there. Paul.
Re: Mastercard problems
On Thu, Dec 9, 2010 at 3:49 AM, William Pitcock neno...@systeminplace.net wrote: On Thu, 2010-12-09 at 18:34 +1100, Ben McGinnes wrote: On 9/12/10 8:04 AM, Christopher Morrow wrote: pro-tip: the tool has a pretty easy to spot signature. What is that signature? The tool makes HTTP/1.0 requests, most browsers make HTTP/1.1 requests. and spews nothing but the 'message' over HTTP, never an actual request.
Re: Mastercard problems
On Dec 9, 2010, at 4:37 AM, Paul Thornton wrote: On 08/12/2010 20:42, Jack Bates wrote: Of course, it's debatable if use of LOIC is enough to convict. You'd have to first prove the person installed it themselves, and then you'd have to prove that they knew it would be used for illegal purposes. Earlier this morning there were two people interviewed on the BBC radio 4 Today program (this is considered the BBC's flagship morning news/current affairs show on their serious nationwide talk radio station) about this - one was a security consultant and another was a member of/spokesman for the 'operation payback' group. One wonders why the Met Police didn't have someone waiting to have a quiet chat with the latter when he left the studio. Both of them said that people had been voluntarily downloading and installing botnet clients on their PCs in order to take part in these DDoS attacks. Ignoring, for a moment, the stupidity of such action it is hard to see how you'd be able to argue that this was *not* going to be used for illegal purposes. The other amusing part of the interview was when the security consultant started off very well explaining a DDoS in layman's terms, but then veered off using the terms HTTP, UDP and IP in one sentence causing the presenter to intervene as it was getting a tad too technical there. There is an interesting analysis in today's New York Times http://www.nytimes.com/2010/12/09/technology/09net.html?_r=1 about the attacks on Mastercard, Visa and Ebay, how they were coordinated over Twitter and Facebook, and the free speech issues that that raises for the latter two organizations. My guess is that we will shortly see security folks searching through Facebook and twitter along with IRC for signs of attack coordination. It does seem like these social attacks would lend themselves to obfuscation and steganography (i.e., you don't have to say let's bombard Ebay with packets using X, you can say Let's send Elisa lots of poetry using X, or something more clever), so I don't think it will remain as easy as in this case. By the way, I was amused that a Twitter spokesman boasted that The company is not overly concerned about hackers’ attacking Twitter’s site, he said, explaining that it faces security issues all the time and has technology to deal with the situation. I hope he had his fingers crossed when he said that, as Twitter can barely keep the service functioning on a good day, with frequent outages. Regards Marshall Paul.
Re: Mastercard problems
On Thu, Dec 09, 2010 at 11:11:49AM -0500, Marshall Eubanks wrote: There is an interesting analysis in today's New York Times http://www.nytimes.com/2010/12/09/technology/09net.html?_r=1 about the attacks on Mastercard, Visa and Ebay, how they were coordinated over Twitter and Facebook, and the free speech issues that that raises for the latter two organizations. paypal has relaxed its restrictions on Wikileaks funds: https://www.thepaypalblog.com/2010/12/updated-statement-about-wikileaks-from-paypal-general-counsel-john-muller/ amazon is selling a Kindle version of the Wikileaks released cables: http://www.amazon.co.uk/WikiLeaks-documents-expose-foreign-conspiracies/dp/B004EEOLIU/ this is all becoming quite surreal. -- Jim Mercerj...@reptiles.org+1 416 410-5633 You are more likely to be arrested as a terrorist than you are to be blown up by one. -- Dianora
Re: Mastercard problems
so now they are making a profit from Wikileaks. true Capitalism. - ** * * *http://www.dailypaul.com/* * * *http://www.thenewamerican.com/* * * * * * http://www.thenewamerican.com/ * On Thu, Dec 9, 2010 at 8:29 AM, Jim Mercer j...@reptiles.org wrote: On Thu, Dec 09, 2010 at 11:11:49AM -0500, Marshall Eubanks wrote: There is an interesting analysis in today's New York Times http://www.nytimes.com/2010/12/09/technology/09net.html?_r=1 about the attacks on Mastercard, Visa and Ebay, how they were coordinated over Twitter and Facebook, and the free speech issues that that raises for the latter two organizations. paypal has relaxed its restrictions on Wikileaks funds: https://www.thepaypalblog.com/2010/12/updated-statement-about-wikileaks-from-paypal-general-counsel-john-muller/ amazon is selling a Kindle version of the Wikileaks released cables: http://www.amazon.co.uk/WikiLeaks-documents-expose-foreign-conspiracies/dp/B004EEOLIU/ this is all becoming quite surreal. -- Jim Mercerj...@reptiles.org+1 416 410-5633 You are more likely to be arrested as a terrorist than you are to be blown up by one. -- Dianora
Re: Mastercard problems
In article 20101209162936.ga9...@reptiles.org, Jim Mercer j...@reptiles.org writes amazon is selling a Kindle version of the Wikileaks released cables: http://www.amazon.co.uk/WikiLeaks-documents-expose-foreign-conspiracies/dp/B004EEOLIU/ this is all becoming quite surreal. Please note: This book contains commentary and analysis regarding recent WikiLeaks disclosures, not the original material disclosed via the WikiLeaks website. -- Roland Perry
Re: Mastercard problems
On 12/09/2010 11:29 EST, Jim Mercer wrote: amazon is selling a Kindle version of the Wikileaks released cables: http://www.amazon.co.uk/WikiLeaks-documents-expose-foreign-conspiracies/dp/B004EEOLIU/ This book contains commentary and analysis regarding recent WikiLeaks disclosures, not the original material disclosed via the WikiLeaks website.
Re: Mastercard problems
On Dec 9, 2010, at 11:29 AM, Jim Mercer wrote: On Thu, Dec 09, 2010 at 11:11:49AM -0500, Marshall Eubanks wrote: There is an interesting analysis in today's New York Times http://www.nytimes.com/2010/12/09/technology/09net.html?_r=1 about the attacks on Mastercard, Visa and Ebay, how they were coordinated over Twitter and Facebook, and the free speech issues that that raises for the latter two organizations. paypal has relaxed its restrictions on Wikileaks funds: https://www.thepaypalblog.com/2010/12/updated-statement-about-wikileaks-from-paypal-general-counsel-john-muller/ amazon is selling a Kindle version of the Wikileaks released cables: http://www.amazon.co.uk/WikiLeaks-documents-expose-foreign-conspiracies/dp/B004EEOLIU/ Not really : Please note: This book contains commentary and analysis regarding recent WikiLeaks disclosures, not the original material disclosed via the WikiLeaks website. Marshall this is all becoming quite surreal. -- Jim Mercerj...@reptiles.org+1 416 410-5633 You are more likely to be arrested as a terrorist than you are to be blown up by one. -- Dianora
Re: Mastercard problems
On Dec 9, 2010, at 12:25 PM, Marshall Eubanks wrote: On Dec 9, 2010, at 11:29 AM, Jim Mercer wrote: On Thu, Dec 09, 2010 at 11:11:49AM -0500, Marshall Eubanks wrote: There is an interesting analysis in today's New York Times http://www.nytimes.com/2010/12/09/technology/09net.html?_r=1 about the attacks on Mastercard, Visa and Ebay, how they were coordinated over Twitter and Facebook, and the free speech issues that that raises for the latter two organizations. paypal has relaxed its restrictions on Wikileaks funds: https://www.thepaypalblog.com/2010/12/updated-statement-about-wikileaks-from-paypal-general-counsel-john-muller/ amazon is selling a Kindle version of the Wikileaks released cables: http://www.amazon.co.uk/WikiLeaks-documents-expose-foreign-conspiracies/dp/B004EEOLIU/ Not really : Please note: This book contains commentary and analysis regarding recent WikiLeaks disclosures, not the original material disclosed via the WikiLeaks website. Oh, and there is a blog claiming that the attacks will now expand to include Amazon. http://www.bryanhealey.com/html/home/?entry=111 (This is in retaliation for booting Wikileaks off of EC2, not apparently the Kindle editorial choices.) Regards Marshall Marshall this is all becoming quite surreal. -- Jim Mercerj...@reptiles.org+1 416 410-5633 You are more likely to be arrested as a terrorist than you are to be blown up by one. -- Dianora
Re: Mastercard problems
On Thu, Dec 09, 2010 at 05:18:39PM +, Roland Perry wrote: In article 20101209162936.ga9...@reptiles.org, Jim Mercer j...@reptiles.org writes amazon is selling a Kindle version of the Wikileaks released cables: http://www.amazon.co.uk/WikiLeaks-documents-expose-foreign-conspiracies/dp/B004EEOLIU/ this is all becoming quite surreal. Please note: This book contains commentary and analysis regarding recent WikiLeaks disclosures, not the original material disclosed via the WikiLeaks website. i don't have a cache, but i'm pretty sure those comments were added after i posted. fortunately, google's cache has a better memory: http://webcache.googleusercontent.com/search?q=cache:GGCo9vYxnHUJ:www.amazon.co.uk/WikiLeaks-documents-expose-foreign-conspiracies/dp/B004EEOLIU+WikiLeaks+documents+expose+US+foreign+policy+conspiracies.+All+cables+with+tags+from+1-+5000+www.amazon.co.ukcd=1hl=enct=clnkgl=ca -- Jim Mercerj...@reptiles.org+1 416 410-5633 You are more likely to be arrested as a terrorist than you are to be blown up by one. -- Dianora
Re: Mastercard problems
The tool makes HTTP/1.0 requests, most browsers make HTTP/1.1 requests. Realistically, if the folks from Anonymous wanted to really cause trouble, they'd be doing (legitimate looking) SSL requests against the actual payment gateways. The force-multiplier there is the computational effort it takes to negotiate a DH key exchange. For bonus points, call the voice auth service simultaneously and just sit on hold. Cheers, Michael Holstein Cleveland State University
Re: Mastercard problems
Uh, no. Source code from LOIC: byte[] buf; if (random == true) { buf = System.Text.Encoding.ASCII.GetBytes(String.Format(GET {0}{1} HTTP/1.1{2}Host: {3}{2}{2}{2}, Subsite, new Functions().RandomString(), Environment.NewLine, Host)); } else { buf = System.Text.Encoding.ASCII.GetBytes(String.Format(GET {0} HTTP/1.1{1}Host: {2}{1}{1}{1}, Subsite, Environment.NewLine, Host)); } On Thu, Dec 9, 2010 at 12:49 AM, William Pitcock neno...@systeminplace.net wrote: On Thu, 2010-12-09 at 18:34 +1100, Ben McGinnes wrote: On 9/12/10 8:04 AM, Christopher Morrow wrote: On Wed, Dec 8, 2010 at 3:06 PM, Philip Dorr tagn...@gmail.com wrote: The problem is that they were also slashdotted. The logs would also have a large number of unrelated. pro-tip: the tool has a pretty easy to spot signature. What is that signature? The tool makes HTTP/1.0 requests, most browsers make HTTP/1.1 requests. William
Re: Mastercard problems
In article 20101209180619.ga12...@reptiles.org, Jim Mercer j...@reptiles.org writes Please note: This book contains commentary and analysis regarding recent WikiLeaks disclosures, not the original material disclosed via the WikiLeaks website. i don't have a cache, but i'm pretty sure those comments were added after i posted. I'm not trying to criticise the chronology; however if this book doesn't have the text of the cables, then it's worth people knowing that. -- Roland Perry
Re: Mastercard problems
On Thu, Dec 09, 2010 at 01:08:12PM -0500, Michael Holstein said: The tool makes HTTP/1.0 requests, most browsers make HTTP/1.1 requests. Realistically, if the folks from Anonymous wanted to really cause trouble, they'd be doing (legitimate looking) SSL requests against the actual payment gateways. The force-multiplier there is the computational effort it takes to negotiate a DH key exchange. For bonus points, call the voice auth service simultaneously and just sit on hold. Did you just aid abet? Guess we're all about full disclosure here..? Except when its not easy to fix, like DDOS's arent. /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
Re: Mastercard problems
On Thu, Dec 9, 2010 at 1:23 PM, Roland Perry li...@internetpolicyagency.com wrote: In article 20101209180619.ga12...@reptiles.org, Jim Mercer j...@reptiles.org writes Please note: This book contains commentary and analysis regarding recent WikiLeaks disclosures, not the original material disclosed via the WikiLeaks website. i don't have a cache, but i'm pretty sure those comments were added after i posted. I'm not trying to criticise the chronology; however if this book doesn't have the text of the cables, then it's worth people knowing that. -- Roland Perry I'm not as sure about that. Julian's writings imply that the specific data isn't as important as disrupting conspiracies ability to communicate privately. I want to see it all... the philosophy / objective, as well as the specific information... personally, I'm avoiding too many big conclusions and trying to take it all in...
Re: Mastercard problems
On 9 Dec 2010, at 18:06, Jim Mercer wrote: i don't have a cache, but i'm pretty sure those comments were added after i posted. The new words are: -=--=- Looking for something? We're sorry. The Web address you entered is not a functioning page on our site inline: orange-arrow._V192240581_.gif Go to Amazon.com's Home Page -=-=- f
Re: Mastercard problems
It was a quick arrest wasn't it? - Original Message - From:Michael Smith msm...@internap.com To:andrew.wallace andrew.wall...@rocketmail.com Cc: Sent:Thursday, 9 December 2010, 21:49:16 Subject:RE: Mastercard problems 1 down, 3896 to go... :) -Original Message- From: andrew.wallace [mailto:andrew.wall...@rocketmail.com] Sent: Thursday, December 09, 2010 4:44 PM To: nanog@nanog.org Subject: Re: Mastercard problems Dutch authorities have arrested a 16-year old hacker in connection with Mastercard. http://news.cnet.com/8301-31921_3-20025215-281.html Andrew
Re: Mastercard problems
Exactly... Rounding up script kiddies one at a time is a pretty serious deterrent ;). I'm sure the bot-masters are quaking in their boots... :) - Original Message - From: andrew.wallace andrew.wall...@rocketmail.com To: Michael Smith Cc: nanog@nanog.org nanog@nanog.org Sent: Thu Dec 09 18:14:16 2010 Subject: Re: Mastercard problems It was a quick arrest wasn't it? - Original Message - From:Michael Smith msm...@internap.com To:andrew.wallace andrew.wall...@rocketmail.com Cc: Sent:Thursday, 9 December 2010, 21:49:16 Subject:RE: Mastercard problems 1 down, 3896 to go... :) -Original Message- From: andrew.wallace [mailto:andrew.wall...@rocketmail.com] Sent: Thursday, December 09, 2010 4:44 PM To: nanog@nanog.org Subject: Re: Mastercard problems Dutch authorities have arrested a 16-year old hacker in connection with Mastercard. http://news.cnet.com/8301-31921_3-20025215-281.html Andrew
Re: Mastercard problems
On 12/8/2010 12:00 PM, andrew.wallace wrote: It appears the site is under a sustained attack, CNET reports. http://news.cnet.com/8301-13578_3-20024966-38.html Andrew It's only their main website it has not affected their ability to process payments as of yet.
Re: Mastercard problems
On Wed, 08 Dec 2010 12:14:15 -0500 William Warren hescomins...@emmanuelcomputerconsulting.com wrote: On 12/8/2010 12:00 PM, andrew.wallace wrote: It appears the site is under a sustained attack, CNET reports. http://news.cnet.com/8301-13578_3-20024966-38.html Andrew It's only their main website it has not affected their ability to process payments as of yet. Yes it has: http://blog.securetrading.com/2010/12/mastercard-maestro-3-d-secure/ -- John
Re: Mastercard problems
google = Operation: Payback On Wed, Dec 8, 2010 at 9:00 AM, andrew.wallace andrew.wall...@rocketmail.com wrote: It appears the site is under a sustained attack, CNET reports. http://news.cnet.com/8301-13578_3-20024966-38.html Andrew
Re: Mastercard problems
On 12/8/2010 11:18 AM, Joseph Prasad wrote: google = Operation: Payback Sadly, our ineffective government probably won't bring these perpetrators to justice. I have no real opinion concerning wikileaks, but DOS attacks cannot be justified. Jack
Re: Mastercard problems
On Wed, Dec 8, 2010 at 11:24 AM, Jack Bates jba...@brightok.net wrote: On 12/8/2010 11:18 AM, Joseph Prasad wrote: google = Operation: Payback Sadly, our ineffective government probably won't bring these perpetrators to justice. I have no real opinion concerning wikileaks, but DOS attacks cannot be justified. Jack Are you prepared for informaton terrorism laws? -- William McCall, CCIE #25044
Re: Mastercard problems
On 12/8/2010 11:28 AM, William McCall wrote: Are you prepared for informaton terrorism laws? DOS attacks are already illegal. I question the ability to track responsible parties down and have appropriate proof to actually prosecute. Let's be honest. Even in the 20th century, more people had been caught by bragging in public than by backtracking. Jack
Re: Mastercard problems
On Wed, Dec 8, 2010 at 12:34 PM, Jack Bates jba...@brightok.net wrote: On 12/8/2010 11:28 AM, William McCall wrote: Are you prepared for informaton terrorism laws? DOS attacks are already illegal. I question the ability to track responsible parties down and have appropriate proof to actually prosecute. Let's be honest. Even in the 20th century, more people had been caught by bragging in public than by backtracking. so... the loic tool uses the host's local address, the attacks are all HTTP based, or tcp/80 with malformed HTTP... someone with server logs could certainly get a list of the ips involved and hand that over to the FBI for proper action. I know that the folks involved on the MC side already have this data, and that the fbi is interested in it. -chris
Re: Mastercard problems
The problem is that they were also slashdotted. The logs would also have a large number of unrelated. On Dec 8, 2010 12:49 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Wed, Dec 8, 2010 at 12:34 PM, Jack Bates jba...@brightok.net wrote: On 12/8/2010 11:28 AM, William McCall wrote: Are you prepared for informaton terrorism laws? DOS attacks are already illegal. I question the ability to track responsible parties down and have appropriate proof to actually prosecute. Let's be honest. Even in the 20th century, more people had been caught by bragging in public than by backtracking. so... the loic tool uses the host's local address, the attacks are all HTTP based, or tcp/80 with malformed HTTP... someone with server logs could certainly get a list of the ips involved and hand that over to the FBI for proper action. I know that the folks involved on the MC side already have this data, and that the fbi is interested in it. -chris
Re: Mastercard problems
I would say the attack falls under the jurisdiction of the US secret service since this is an attack on the financial system. Today the agency's primary investigative mission is to safeguard the payment and financial systems of the United States. --- secretservice.gov Andrew - Original Message - From:Christopher Morrow morrowc.li...@gmail.com To:Jack Bates jba...@brightok.net Cc:nanog@nanog.org nanog@nanog.org Sent:Wednesday, 8 December 2010, 18:47:49 Subject:Re: Mastercard problems I know that the folks involved on the MC side already have this data, and that the fbi is interested in it. -chris
Re: Mastercard problems
On 2010-12-08 14:06 -0600, Philip Dorr wrote: The problem is that they were also slashdotted. The logs would also have a large number of unrelated. so... the loic tool uses the host's local address, the attacks are all HTTP based, or tcp/80 with malformed HTTP... That should be easy to grep by...? -- - Olof Johansson - www: http://www.stdlib.se/ - {mail,xmpp}: o...@ethup.se - irc: zibri on Freenode/OFTC/... -- signature.asc Description: Digital signature
Re: Mastercard problems
On 12/8/2010 2:37 PM, Olof Johansson wrote: On 2010-12-08 14:06 -0600, Philip Dorr wrote: The problem is that they were also slashdotted. The logs would also have a large number of unrelated. so... the loic tool uses the host's local address, the attacks are all HTTP based, or tcp/80 with malformed HTTP... That should be easy to grep by...? Of course, it's debatable if use of LOIC is enough to convict. You'd have to first prove the person installed it themselves, and then you'd have to prove that they knew it would be used for illegal purposes. The hive controller, and the actual operator(s) are who they want, and that's a little more work. This has been an issue in the past, even when we knew exactly where botnet controllers were, concerning the legality of taking control to shut it down. Jack
Re: Mastercard problems
On Wed, Dec 8, 2010 at 3:06 PM, Philip Dorr tagn...@gmail.com wrote: The problem is that they were also slashdotted. The logs would also have a large number of unrelated. pro-tip: the tool has a pretty easy to spot signature. -chris
Re: Mastercard problems
On Dec 8, 2010, at 12:30 PM, andrew.wallace wrote: I would say the attack falls under the jurisdiction of the US secret service since this is an attack on the financial system. Today the agency's primary investigative mission is to safeguard the payment and financial systems of the United States. --- secretservice.gov Yikes.. you consider a private company's business to be the financial and payment system of the United States? -j
Re: Mastercard problems
On 12/8/2010 1:30 PM, James Downs wrote: On Dec 8, 2010, at 12:30 PM, andrew.wallace wrote: I would say the attack falls under the jurisdiction of the US secret service since this is an attack on the financial system. Today the agency's primary investigative mission is to safeguard the payment and financial systems of the United States. --- secretservice.gov Yikes.. you consider a private company's business to be the financial and payment system of the United States? -j Look at ADP and their finance payment system statistics. VERY large. Understandable for some financial systems to be possibly considered a financial and payment system of the US. Cheers, John Menerick NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc. and is for the sole use of the intended recipient for the stated purpose. Any improper use or distribution is prohibited. If you are not the intended recipient, please notify the sender; do not review, copy or distribute; and promptly delete or destroy all transmitted information. Please note that all communications and information transmitted through this email system may be monitored by NetSuite or its agents and that all incoming email is automatically scanned by a third party spam and filtering service.
Re: Mastercard problems
Yes it has: http://blog.securetrading.com/2010/12/mastercard-maestro-3-d-secure/ I've been processing cards all day for my wife's biz without any problems. -J
Re: Mastercard problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Dec 8, 2010 at 2:05 PM, Jorge Amodio jmamo...@gmail.com wrote: Yes it has: http://blog.securetrading.com/2010/12/mastercard-maestro-3-d-secure/ I've been processing cards all day for my wife's biz without any problems. At least some processing ops are experiencing problems: http://heartbeat.skype.com/2010/12/problems_with_mastercard_payme.html - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFNAAINq1pz9mNUZTMRAhbzAJ9nWU6H/X32QYEn2vVlPHKiCe2rkACgvQca sGW2ESTRue1IqJa3YkO6iEg= =xdM6 -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Re: Mastercard problems
On Wed, Dec 08, 2010 at 04:05:32PM -0600, Jorge Amodio said: Yes it has: http://blog.securetrading.com/2010/12/mastercard-maestro-3-d-secure/ I've been processing cards all day for my wife's biz without any problems. there are other payment processors out there for mastercard and visa, im sure in canada I dont bother clearing the charges I put through with a single master server in the US, they're probably also distributed for various reasons (fibre cuts speed of transaction, etc). When I hit the bigger grocery stores, the approval is almost instantaneous. Not sure what they're using for backhaul to where, but it aint DSL or a phone line. Taking out that kinda distributed architecture would require attacking the protocol with a self propagating attack (~Stuxnet), not the individual sites that do the processing. Im sure Mastercard has some skills on how to run an internal 'cloud'. /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
Re: Mastercard problems
MasterCard works closely with the U.S. Secret Service, the FBI, the Postal Inspection Service, Interpol, Europol and counterpart organizations throughout the world to facilitate investigation and prosecution. http://www.mastercard.com/us/merchant/security/collaborating_experts.html Andrew - Original Message - From:James Downs e...@egon.cc To:andrew.wallace andrew.wall...@rocketmail.com Cc:Christopher Morrow morrowc.li...@gmail.com; nanog@nanog.org nanog@nanog.org Sent:Wednesday, 8 December 2010, 21:30:20 Subject:Re: Mastercard problems On Dec 8, 2010, at 12:30 PM, andrew.wallace wrote: I would say the attack falls under the jurisdiction of the US secret service since this is an attack on the financial system. Today the agency's primary investigative mission is to safeguard the payment and financial systems of the United States. --- secretservice.gov Yikes.. you consider a private company's business to be the financial and payment system of the United States? -j
Re: Mastercard problems
Le mercredi 08 décembre 2010 à 14:23 -0800, andrew.wallace a écrit : MasterCard works closely with the U.S. Secret Service, the FBI, the Postal Inspection Service, Interpol, Europol and counterpart organizations throughout the world to facilitate investigation and prosecution. http://www.mastercard.com/us/merchant/security/collaborating_experts.html Sure, and fortunately,... but that's about fraud prevention... mh Andrew - Original Message - From:James Downs e...@egon.cc To:andrew.wallace andrew.wall...@rocketmail.com Cc:Christopher Morrow morrowc.li...@gmail.com; nanog@nanog.org nanog@nanog.org Sent:Wednesday, 8 December 2010, 21:30:20 Subject:Re: Mastercard problems On Dec 8, 2010, at 12:30 PM, andrew.wallace wrote: I would say the attack falls under the jurisdiction of the US secret service since this is an attack on the financial system. Today the agency's primary investigative mission is to safeguard the payment and financial systems of the United States. --- secretservice.gov Yikes.. you consider a private company's business to be the financial and payment system of the United States? -j
Re: Mastercard problems
O - Original Message - From:James Downs e...@egon.cc To:andrew.wallace andrew.wall...@rocketmail.com Cc:Christopher Morrow morrowc.li...@gmail.com; nanog@nanog.org nanog@nanog.org Sent:Wednesday, 8 December 2010, 21:30:20 Subject:Re: Mastercard problems [snip] Yikes.. you consider a private company's business to be the financial and payment system of the United States? Yes, I do. Especially when government agencies accept payments through MasterCard, et al. matthew black comments reflect my opinions and may not represent those of my employer.
MasterCard problems
It's a national security issue that the federal and state governments cannot temporarily accept payment from visa/mc? Really? Is this because cash or checks are not viable solutions? This is the result of privatization of government. Pay close to attention to what privatization means. It's a loss of critical accountability. Demand government not rely on a private payment provider. It's a gross neglect of national security for payment processing to be beholden to visa/mc. They have no responsibility to the citizens of the US. I don't think is actually the case, as mc/visa take fee's of all transactions they process. Most vendors prefer cash or a check, I would assume the feds do as well. Of course if you have no actual cash anymore, and can only finance your debts on credit, well. yet more evidence the lack of regulation of credit card companies is a national security risk. -Kiriki -Original Message- From: Matthew Black [mailto:bl...@csulb.edu] Sent: Wednesday, December 08, 2010 3:20 PM To: nanog@nanog.org Subject: Re: Mastercard problems O - Original Message - From:James Downs e...@egon.cc To:andrew.wallace andrew.wall...@rocketmail.com Cc:Christopher Morrow morrowc.li...@gmail.com; nanog@nanog.org nanog@nanog.org Sent:Wednesday, 8 December 2010, 21:30:20 Subject:Re: Mastercard problems [snip] Yikes.. you consider a private company's business to be the financial and payment system of the United States? Yes, I do. Especially when government agencies accept payments through MasterCard, et al. matthew black comments reflect my opinions and may not represent those of my employer.
Re: Mastercard problems
On 9/12/10 8:04 AM, Christopher Morrow wrote: On Wed, Dec 8, 2010 at 3:06 PM, Philip Dorr tagn...@gmail.com wrote: The problem is that they were also slashdotted. The logs would also have a large number of unrelated. pro-tip: the tool has a pretty easy to spot signature. What is that signature? Regards, Ben signature.asc Description: OpenPGP digital signature