Guy Fawkes mask worn by Occupy Boston protestor the weekend of the October 11 raid in which Boston Police arrested 141 people and removed tents that had been erected in one of the Fort Point Channel Parks. (Blast Staff photo/John Stephen Dwyer)

A document faxed from One Bullfinch Place to the Twitter offices in San Francisco Friday details a subpoena “Pursuant to an official criminal investigation being conducted by the Suffolk County District Attorney’s and the Boston Police Department” filed by the DA’s office Special Prosecutions Unit. Dated December 14, the subpoena is signed by Benjamin Goldberger, Assistant District Attorney of Suffolk County (the county of Massachusetts that corresponds to the city of Boston).

The subpoena requests “available subscriber information, for the account or accounts associated with the following information, including IP address logs for account creation” but, inexplicably, includes not only account names, but also hashtags and a term which is neither account name nor hashtag. The “accounts” which Goldberger has subpoenaed about are Guido Fawkes, @p0isAn0n, @OccupyBoston, #BostonPD and #d0xcak3. “Guido Fawkes” appears to be a reference to Guy Fawkes, the stylized mask of whom has come to be associated with the hacker group “Anonymous.” That same group might be referenced in the “@p0isAn0n” user name. “#d0xcak3” seems to be a reference to “doxing” i.e. releasing personal information about people over the Internet.

Doxing, per se, is generally legal although the information presented is sometimes obtained via illegal means, such as hacking. In October, along with data from the International Association of Chief of Police website, Anonymous revealed 1000 names and passwords from the Boston Police Patrolmen’s Association. A press release attributed to Anonymous explained, “We have no problem targeting police and releasing their information even if it puts them at risk because we want them to experience just a taste of the brutality and misery they serve us on an everyday basis.”

Despite speculation on Twitter and elsewhere that the subpoena is connected to the well-publicized doxing of the Boston Police in October, the subpoena signed by Goldberger asks for information from December 8, 2011 to December 13, 2011 – a time frame that includes Occupy Boston’s December 10 eviction from Dewey Square. The fact that the subpoena is dated December 14 seems to offer evidence that it is unrelated to a more recent and less-publicized Boston Police doxing that either occurred or was republished on December 15.

Besides the fact that hashtags and the phrase “Guido Fawkes” appear to have been mistaken for account names, confusion has been fueled by the fact that @OccupyBoston is an inactive account with little connection to the activists who recently occupied Dewey Square for ten weeks. @Occupy_Boston is the main Twitter account used by Occupy Boston while other handles (@OccupyBostonDA, @OccupyBostonSigns, @OccupyBostonFSU, @OBFacilitation, etc.) are used by Occupy Boston’s various working groups.

Law enforcement websites and Internet services, including those used by the Boston Police Department came under attack yesterday by members of a hacker group called Anonymous.

In a statement released by the group taking credit for the hack, the group claims “solidarity with occupation movement and anti-police brutality protesters.”

“In solidarity with the Occupation Movement and the International Day of Action Against Police Brutality, [we] aim at the corrupt bootboys of the 1 pecent: the police,” the statement read.

The group claimed that it “hacked, defaced, and destroyed several law enforcement targets, leaking over 600MB of private information including internal documents, membership rosters, addresses, passwords, social security numbers, and other confidential data.” It also claimed to take down at least 40 police-related websites.

The group attacked multiple Boston police websites. Most notable, Anonymous hacked the Boston Police Patrolmen’s Association website and its web-based email portal, posting the names, email addresses, and email passwords of nearly 1,000 Boston police officers on the Internet for all to see.

In the statement, Anonymous said it attacked BPD sites in response to “the unprovoked mass arrests and brutality experienced by those at Occupy Boston.”

“Let this be a warning to BPD and police everywhere: future acts of aggression against our movements will be met with a vengeance so epic and relentless that your children’s children will puke at the sight of swine,” the statement read.

The International Association of Chief of Police website, IACP.org was targeted. The website was down and unreachable early this morning.

Anonymous also took aim at MatrixGroup.net, the website of Matrix Group International, which Internet services for government agencies. The Matrix website would also not load at press time.

In perhaps the most serious security breach, Anonymous hacked Birmingham / Jefferson County, Ala. police websites, releasing the names, addresses, and social security numbers of nearly 1,000 police officers.

InMotion, in an email to users, said Sunday that the homepage defacement attack launched by the southeast Asian hacker TiGER-M@TE was not meant to do permanent or catestrophic damage to the hundreds of thousands of websites that were hit.

“We understand the method the attacker used to accomplished this and the main exploit path was through an internal management server that can control Cpanel on other servers. The management server was used to change passwords on the Cpanel servers then login with those passwords,” said Todd Robinson, president of the hosting company.

The defacement attacked worked by replacing index files in all public_html directories with the attacker’s own branded index.php. InMotion does not believe that any data was stolen or that any passwords were compromised.

“It does not appear that gaining passwords was a goal or was accomplished, just password changes were used. Access to the management server was gained from an exploited customer’s server that was within our network,” Robinson said. “Though our team moved quickly to disable the internal management server and limit the exposure of the servers to this attack when it began, it
was a very serious breach and could have been much worse if the hacker had intended to do more harm.”

This does fit the modus operandi of TiGER-M@TE, who often claims to hack for fun or just to prove that “it can be done.”

Blast Magazine’s network of websites were defaced during the attack on InMotion, as was the offical City of Providence website.

InMotion took responsibility for failing to prevent the damage. Some estimates have the attack hitting more than 500,000 websites, making it historic in its proportions if not in its level of damage.

“Please accept our apologies as we go through this process,” Robinson said. “We are very aware of our failure in this situation and we will provide more details when we have completed the work of recovery.”

For several hours Sunday morning, Blast Magazine and many other websites in the InMotion Hosting network were attacked by a hacker called TiGER-M@TE.

InMotion, where Blast hosts one of its servers, acknowledged the breach.

“At around 4 a.m. EST, our system administration team identified a website defacement attack affecting a large number of customers. We are still investigating, but it appears that files named index.php have been defaced. We are evaluating how this has occurred and our security team will have more information shortly,” InMotion said in a statement. “While we review this issue, cPanel and SSH access has been disabled on various platforms. For additional security, we are rotating passwords on a number of accounts.”

It is unclear how many sites were hit, but it is likely hundreds, if not thousands.

This morning, the Blast homepage was briefly replaced by a black background with the red letters “Hacked” (See photo below) and all of our blogs and articles were unreachable.

This appears to be the same hacker who successfully attacked Google previously. The Hacker News interviewed TiGER-M@TE, who claimed to be hacking since 2007, working alone, and only using private exploits and zero-day attacks.

In an online posting, TiGER-M@TE claimed responsibility for launching the homepage defacement attack.

“While we can respect TiGER-M@TE’s abilities, we are disappointed that our websites were hit,” said Blast Magazine editor-in-chief John M. Guilfoil. “What truly concerns me, however, is that InMotion Hosting appeared woefully unable to prevent or defend against this kind of attack, even though homepage defacements have been going on seemingly forever. We will consult with InMotion on Monday and plan to press the company to be more proactive in its security if InMotion values its customers.”

WikiLeaks, which published a quarter-million sensitive diplomatic cables on Sunday, came under a denial of service attack by a hacker styled “th3j35t3r” (The Jester).

When the attack happened, th3j35t3r tweeted, “TANGO DOWN – for attempting to endanger the lives of our troops, ‘other assets’ & foreign relations.”

According to PCMAG.com, F-Secure’s Chief Research Officer, Mikko Hypponen said, “It was a weird case. Everybody assumed it was some large-scale Distributed Denial of Service attack, but the guy himself says it’s not. It’s a protocol-based attack from a single source.”

WikiLeaks recovered by changing its hosting providers, which were in France when the attack happened. They are currently using two different servers hosted by Amazon.com.

The hacker, th3j35t3r, characterizes himself as ex-military and often uses military terms. He uses a Russian Hotmail account.

The bad guys are going virtual more and more, and American businesses and government networks are getting victimized at a record pace, according to an FBI report.

“The increasing number of such crimes not only impacts the economy but threatens national security,” the FBI said Friday.

The man at the head of the opposition is the FBI’s Shawn Henry, recently appointed head of their Cyber Division. He told reporters Wednesday that the FBI has literally thousands of open cyber crime cases.

“One case in point: We joined our international partners yesterday in announcing a major takedown of a transnational criminal network that was buying and selling stolen financial information through an online forum known as ‘Dark Market‘,” the FBI said Friday.

“The business of the United States is done on the Internet,” said Henry, “And the information that flows electronically 24/7 is increasingly the target of not only identity thieves and scammers, but organized crime groups, terrorists, and overseas governments.”

Yes, even other countries are trying to virtually penetrate the U.S. Henry says about 24 different governments have an “aggressive interest” in obtaining information from or making attacks against American cyber infrastructure.

Henry says that individual hackers and crackers have grouped up into “virtual gangs.”

“In years gone by, if a gang wanted to rob a bank, it needed crooks with various skills — safe cracker, get-away driver, look-out, etc. That’s essentially what we’re seeing in the cyber world today, only these virtual gang members have never met in the physical world,” Henry said.

“There are organized groups that are very successful.”