WikiLeaks imitators to endanger your email?

Translate Request has too much data
Parameter name: request
Error in deserializing body of reply message for operation 'Translate'. The maximum string content length quota (8192) has been exceeded while reading XML data. This quota may be increased by changing the MaxStringContentLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader. Line 1, position 9220.

Imagine having every e-mail you've written published by hackers for the entire world to see. You don't have to stretch your imagination very far -- it's already happening to some folks.

Meet the new face of computer hacking. Inspired by the success of WikiLeaks, stealing and disclosing data is the new form of Internet revenge -- and chaos. There's concern that a new generation of WikiLeaks imitators will come along and use widespread dissemination of embarrassing information as its weapon of choice.

Hackers who call themselves Anonymous -- the group that has gained notoriety for attacking Visa and MasterCard in defense of WikiLeaks -- broke into computers operated by a government contractor named HBGary Federal in early February.  Once inside, Anonymous members wreaked all kinds of electronic havoc, including the theft of thousands of employee e-mails. These were then published in searchable form on a Web site similar to WikLeaks, leading to a host of embarrassing disclosures for HBGary employees.  The incident drew so much attention that it was featured in a recent segment on “The Colbert Report.”

At the world’s largest computer security conference in San Francisco last month -- RSA USA -- the attack dominated conversations outside meeting rooms.

But lost in the noise and the embarrassment was this chilling truth: It could happen to you. In the old hacker world, it was enough to deface a company's Web site and put up a sarcastic, embarrassing message.  The HBGary e-mail history incident -- stealing data, publishing it online, and creating an easy-to-use search engine that encourages its spread -- takes the game to a whole new level.

“Leaking has gone mainstream,” said Mikko Hypponen, chief research officer at Finland-based F-Secure.com. “It's likely this phenomenon isn't going to go away, and we will be seeing leak sites for years to come.”

In the aftermath of the WikiLeaks controversy over the release of secret U.S. diplomatic cables last fall, security research firm McAfee predicted that so-called hacktivism would take an aggressive new turn this year. Traditional electronic activists were generally content to perform online versions of sit-ins, temporarily disabling Web sites of targeted entities with denial-of-service attacks. The spreading of previously non-public information through a sophisticated network of Web sites beyond the reach of law enforcement is a far more effective -- and potentially damaging -- form of online protest.

In fact, security experts openly fretted at the security conference that WikiLeaks imitators will soon become commonplace.  And unlike WikiLeaks, not all imitators will consider their work to be goal-oriented hacktivism. In other words, they may not go to any trouble to redact information prior to publication in an attempt to avoid collateral damage to innocent bystanders. Some may simply be motivated by creation of pure anarchy.

"The question is, will the advent of WikiLeaks trigger a mass distribution of information from the hidden depths of public and private entities?" said Jeff Bardin, founder of security research firm Treadstone LLC.

Most who examined the HBGary incident came away with the view that CEO Aaron Barr willingly put a target on his own back by threatening to publicly expose members of Anonymous.  And since the release of the e-mails, several important discoveries have been made, suggesting the firm was part of a conspiracy to discredit WikiLeaks in advance of upcoming data leaks that could embarrass prominent U.S. companies.

On the other hand, many of the e-mails contained innocuous information, such as personal life details, information that could lead to identity theft, or potentially humiliating online purchases.  It’s important to note that both senders and recipients of the e-mails were made public, meanings hundreds -- if not thousands -- of outsiders were also dragged into the HBGary disclosure. Nearly everyone interviewed at the RSA conference in February had searched the database to see if their name and e-mail was in it.

"This goes way beyond exposing wrongdoing, though there was wrongdoing exposed by the e-mail," said Kevin Poulsen, author of the new book “Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground.” Poulsen is also senior editor at Wired.com

Stealing someone's e-mail and publishing it online, regardless of the impact on innocent bystanders, is hardly new. It happened when a criminal stole Sarah Palin's e-mails during the last presidential campaign, and it's happened to plenty of so-called "white hat" security researchers in the past.  The Anonymous incident is different, however, because the group made it so easy for others to search the e-mails for embarrassing details.

"It's the sophistication with which they put it out there that's different," Poulsen said. "That was clearly WikiLeaks-inspired."

Gregg Housh calls himself an Internet activist who has been associated with Anonymous in the past. He describes himself as an avid observer of Anonymous, and he has at times served as the group’s public face. He said Anonymous had no concerns about such collateral damage when it published the data, and probably won't think much about that going forward.

"That's just the way it’s going to have to be now," he said. "It didn't have to go this way, but many people in your field (journalism) failed us. ... It was only natural that something would show up and replace it. I don’t see anyone at all, even slightly, caring about what happened. For the most part the Anons who did it feel like messengers.  It's Aaron's (Barr) fault it happened and all blame should be put squarely on his shoulders."

Housh agreed to act as a go-between for msnbc.com to get thoughts from Anonymous members, and said a spokesman from the group offered this response: "In all honesty, we didn't care what was in these e-mails, let alone what damage they might have caused. We were focused on getting revenge on Aaron Barr, everything else was just a bonus --  we don't regret what was uncovered and we'd do it again a thousand times over."

Barr resigned from HBGary on Monday, according to Forbes.com. Anonymous, meanwhile, knocked the website for Americans for Prosperity offline. That conservative organization has been very active in the Wisconsin standoff over collective bargaining rights, spending more than $400,000 in TV ads in support of Republican Gov. Scott Walker's plan to take away union bargaining rights.

In a press release attributed to the group, Anonymous said it was taking on the billionaire Koch brothers, who fund Americans for Prosperity.

"Their actions to undermine the legitimate political process in Wisconsin are the final straw. Starting today we fight back," the press release said.

Anonymous acts much like a traditional hacktivist group, having planned several old-fashioned denial-of-service attacks in support of WikiLeaks and other causes.  But theft and distribution of data as a method for revenge will likely bleed into pure anarchy, experts worry.

"The evidence is thin at this point but I think we will see a lot of that in the future," Poulsen said. "Intruders motivated by ideology and revenge, hacking for the purpose of shaming."

Such groups will be particularly troublesome because, unlike WikiLeaks, they will have little to lose. WikiLeaks had donors to please, Poulsen said, and leader Julian Assange showed signs that he was motivated by a quest for credibility.  As a result, the Web site improved efforts over time to remove information that might cause collateral damage from its releases, at one point experimenting with eliminating all proper nouns from some document dumps.

"We will not see that from copycat groups,” Poulsen said. “They don't care about respectability. They have no interest in fundraising."

One reason Poulsen thinks a rash of copycats might be coming: It's often easier to hack into mail servers than other computer targets.  Until recently, hackers seemed primarily interested in stealing financial information for personal gain. That means computer firms have spent most of their energy protecting computers which host that valuable data. But it also means that many have taken their eye off the ball when it comes to other servers, which were thought to be unattractive targets.

Until now.

Internet users have always been told that anything they write in an e-mail could end up in court, or in front of a boss's prying eyes. Now more than ever, that warning should be heeded: Don't type anything on a keyboard that you wouldn't want the entire world to see. Even if you feel like your company’s servers could never be hacked, can you trust every company you ever e-mail?

And here's another piece of advice from Poulsen.

"Don't piss off Anonymous," he said. 

Bardin is not quite as pessimistic as some of his peers. He thinks the current trend of leaked and hacked information being splattered all over the Internet will not continue unabated.  A combination of improved security techniques, and the establishment of alternate channels for airing government and corporate gripes, will ultimately slow down WikiLeaks imitators, he thinks.

"We are seeing the spikes of those releases until controls are put in place and it becomes a method of ethical disclosure as opposed to a state of information disorder," he said. 

RED TAPE WRESTLING TIPS
Hypponen said that even though he believes the likelihood that the average Internet user will get caught up in an Anonymous-style disclosure is small, there are some common-sense steps users can take to protect themselves.

“It might be worth considering deleting all e-mails that would be older than, say, six months. You could archive older e-mails to an offline storage that could not be reached by an online attacker. This would at least limit the amount of damage that could be done,” he said. “And of course, create a smart password and authentication policy and follow it through.”

Tweet

Soldier imitators target women on Facebook

LOUISVILLE, KY. — Scamsters are targeting women on Facebook in what is becoming a catch all-too-common: steal photos of soldiers to set profiles, profess their love and devotion in messages sappy — and then ask their victims to cut a check.
Army Sergeant James Hursey, 26, unloaded and sent home from the war in Iraq to a back injury, the nurse has found a page with your photo on Facebook — on a profile that was not his. It was fake, established by someone claiming to be an active-duty soldier looking for love.

Military officials say they have seen hundreds of similar cases in the last several years. Some of the imitators are used also photos of deceased soldiers abroad.

"It's identity theft, really, if you think about it," said Hursey, Corbin, KY., a married father of a 2-year-old.

Updated 67 minutes ago 2/27/2010 4: 40: 47 PM + 00: 00 Libya rebel gear to struggle in the city near the capital of North Korea threatens attack on South Korea, u.s. citizen reminds us of ' humiliating ' stopping post-9/11 that gov. Walker defends ' budget repair bill ' Florida looks to crack down on pill mills
The impersonator using photos of Hursey portrait himself as a soldier named "(sic) Mark Johnson Sergent." The fake follow the same steps each time: send a friend request, immediately expressed undying love and affection and ask for money.

Fake cover was blown, though: Janice Robinson, 53, of Orlando, Florida, knew something wasn't right, when man has professed his love for her and signed every message with "Johnson cares". She had begun to speak with him was one of the most people named Mark Johnson who knew thought.

"I said," How can you say you love me? You don't even know me. You are crazy, ' "he told the Associated Press in a telephone interview. "... You could say that the guy in the photo he was young. I have 53 years. You can look at my picture and say that I am not 20. "

Her story was first reported by WYMT-TV in hazard, KY. and WKMG-TV in Orlando.

Other security news from MSNBC Tech & science as crooks fake an ATM and steal from your money there is no shortage clever tools for ATM thief. But Skimmers not exactly an aisle at Wal-Mart takes Gizmodo. a look at the black market Internet where scammers get their scary tools — or get cheated themselves. Man pleads guilty to running vast spam network Charles Manson had phone under the mattress NYT: Google China hacked, leaked say cables
Christopher Grey, spokesman for criminal investigation command of the army at Fort Belvoir, VA., said that imitators of the Internet often make ridiculous assertions. Some say that need money for special laptops and cell phones. Others say that they need money to buy specialty papers to come home on leave or a registration form for military officials don't let them talk to the family.

"Well, there is no such thing," gray said. The documents are phony, often poorly doctored versions of actual military documents.

The person using photographs of Hursey sent Robinson what he called a form to register to be able to talk to the soldier on the phone. He told her it would cost $ 350 in order to be able to communicate by telephone.

The module, a sore doctored copies of a form of joint army used to correct the information in the official record of a soldier, included a gap to be filled in the social security number of the intended victim.

Robinson said that she knew of people did not have to register to speak to soldiers and refused to complete the form. Refused her requests to wire money or send credit card numbers and bank account.

Instead, he contacted a local television reporter and Hursey, whose name was visible in profile photo.

"I just wanted to see exactly how much this would go and I wanted to protect people ... who are not as savvy of scams as they are and not pick up on this stuff," said Robinson.

Grey said that there are no known instances of staff of the army losing money on these scams. But the victims. In one case, a person has lost about $ 25,000, he said. Because many scams originate in foreign countries, military officials can do little except offer advice about the scams and the direct victims of agencies like the Federal Trade Commission.

Fraudsters use e-mail addresses untraceable, route accounts through international fora and pays per hour Internet cyber-cafes that make it difficult to trace, said gray.

The army encourages anyone who suspects that are used in a scam to route a report with their local police and report cases of agencies like the Federal Trade Commission.

Only one State, California, has made the representation online crime, said Tim Senft, founder of Facecrooks.com, a website that focuses on scams via social media. The law makes someone online is a misdemeanor, punishable by up to $ 1,000 fine and one year in prison.

Hursey, which was based at Fort Richardson, Alaska, said he has no clue who invented the schema or because he was targeted.

The fake profile several photos of Hursey: after basic training, in Iraq and decked out in his military uniform dress. There was also a photo of your dog. Apparently some of the photos that were taken from the Facebook page of his mother, said Hursey.

"I think it's pathetic that someone is going to be a soldier in an attempt to get money from women," he said.

Copyright 2010 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.