Epic FAIL: Anonymous didn't hack PayPal, managed to frighten Oz hippies

#OpNov5 pyrotechnics disappear in puff of smoke


The smoke has cleared from Anonymous's Bonfire Night hacking spree with a denial from PayPal that it had been hacked. The payments-processing firm appeared to have been highest profile target of the hacking spree, but apparently this was an error caused by the tweeting and retweeting of an erroneous post by a cyber security blogger.

Hacktivists claimed to have uploaded 28,000 email addresses, names, and passwords of a certain firm, named in the blogpost as PayPal, after supposedly hacking into its systems. The claim was reiterated by various Anonymous-affiliated accounts, resonating in the Twitterspace. PayPal took the claims seriously and launched an investigation which concluded that the hack was not actually directed at it but rather at ZPanel, a web hosting software developer.

Hacktivists and the media latched onto a report by cyberwarnews.info that incorrectly named PayPal and not ZPanel as a victim, PayPal explained in a statement below.

It appears that the exploit was not directed at PayPal after all, it was directed at a company called ZPanel. The original story that started this and was re-tweeted by some of the Anonymous Twitter handles has now been updated.

ZPanel has yet to comment on the incident. Meanwhile Symantec and ImageShack, the two other significant targets of Monday's shenanigans, are continuing to investigate hacks on their systems.

A hacking crew called Hack the Planet (HTP) claimed the alleged hack on ImageShack allowed it to extract system files and other information. Meanwhile, HTP also claimed the alleged Symantec breach resulted in a database dump of 3000+ user accounts. Both attacks may have featured the use of zero-day exploits, or so the hackers claim.

There is now some doubt as to whether HTP's hacks were even related to the Anonymous OpNov5 attacks, as had been previously widely reported.

Meanwhile, supposed plans to take down Facebook and free Zynga games later on 5 November, which always seemed unlikely, never transpired. In fairness, elements of Anonymous distanced themselves from those supposed plans well before anything was supposed to take place.

What's left of #OpNov5 (AKA ‪#OpVendetta‬) in cyberspace amounts to site defacements against NBC.com sites and an Argentinian bank (cajapopular.gov.ar) as well as some distributed denial-of-service (DDoS) attacks on Turkish government sites. Oh, and a number of websites in Australia were also defaced, namely: Ascension Australia (a hippie festival in Melbourne), Semcorp (a Australian web development company) and the Quality Lifestyle Alliance, an NGO - not an Australian government outfit as elements of Anonymous falsely claimed.

A Lady Gaga fan site - Gaga Daily - was also hit by a defacement attack by "pyknic", the same script-kiddies who sprayed digital graffiti on Saturday Night Live and other NBC websites.

The re-release of VMWare source code on Sunday by a hacker is another incident that might have nothing to do with #OpNov5 as such, even though leak torrents were promoted through social media using Anonymous and AntiSec hashtags.

Altogether its not much to boast about and only the real world demonstrations by hundred of Anons outside the Houses of Parliament in London went off as planned.

Instead of the promised pyrotechnics, #OpNov5 only delivered damp squibs, false attribution, confusion and few script-kiddies exploding unimpressive but loud bangers. Everybody involved, especially those who hyped up the non-event, should be thoroughly ashamed of themselves. ®

Similar topics


Other stories you might like

  • North Korea's Lazarus cyber-gang caught 'spying' on chemical sector companies
    Crypto-coin theft isn't enough to keep these miscreants busy

    North Korea's Lazarus cybercrime gang is now breaking into chemical sector companies' networks to spy on them, according to Symantec's threat intel team.

    While the Korean crew's recent, and highly profitable, thefts of cryptocurrency have been in the headlines, the group still keeps its spying hand in. Fresh evidence has been found linking a recent espionage campaign against South Korean targets to file hashes, file names, and tools previously used by Lazarus, according to Symantec.

    The security shop says the spy operation is likely a continuation of the state-sponsored snoops' Operation Dream Job, which started back in August 2020. This scheme involved using phony job offers to trick job seekers into clicking on links or opening malicious attachments, which then allowed the criminals to install spyware on the victims' computers.

    Continue reading
  • Russian-linked Shuckworm crew ramps up Ukraine attacks
    Cyber-espionage gang using multiple variants of its custom backdoor to ensure persistence, Symantec warns

    A Russian-linked threat group that has almost exclusively targeted Ukraine since it first appeared on the scene in 2014 is deploying multiple variants of its malware payload on systems within the country.

    The Shuckworm gang – also known as Armageddon and Gamaredon – is using at least four distinct variants of its Pterodo backdoor that are designed to perform similar tasks but communicate with different command-and-control (C2) servers, according to Symantec's Threat Hunter Team.

    "The most likely reason for using multiple variants is that it may provide a rudimentary way of maintaining persistence on an infected computer," the researchers wrote in a blog post Wednesday. "If one payload or [C2] server is detected and blocked, the attackers can fall back on one of the others and roll out more new variants to compensate."

    Continue reading
  • Kaspersky cracks Yanluowang ransomware, offers free decryptor
    Step one, get some scrambled files back. Steps two through 37...

    Kaspersky has found a vulnerability in the Yanluowang ransomware encryption algorithm and, as a result, released a free decryptor tool to help victims of this software nasty recover their files.

    Yanluowang, named after a Chinese deity and underworld judge, is a type of ransomware that has been used against financial institutions and other firms in America, Brazil, and Turkey as well as a smaller number of organizations in Sweden and China, Kaspersky said yesterday. The Russian security shop said it found a fatal flaw in the ransomware's encryption system and those afflicted can get a free fix to restore their scrambled data.

    Symantec's threat hunters uncovered this Windows ransomware strain in the fall and said unknown fiends have been using it to infect US corporations since at least August 2021.

    Continue reading
  • Mutating Verblecon malware in illicit cryptomining ... so far
    Symantec team warns ransomware and spying could be next

    Internet fiends are using a relatively new piece of a malicious code dubbed Verblecon to install cryptominers on infected computers. 

    The mutating malware attempts to evade detection by antivirus tools and similar defenses, meaning bad news all round if the software was used to deploy more destructive payloads — and that the crooks using Verblecon may not realize the power of the loader's full potential.

    "The activity we have seen carried out using this sophisticated loader indicates that it is being wielded by an individual who may not realize the capabilities of the malware they are using," Symantec's threat hunting team warned today.

    Continue reading
  • How do China's cyber-spies snoop on governments, NGOs? Probably like this
    Cicada's months-long global espionage campaign marks an expansion of team's capabilities

    A China-backed crew is said to be running a global espionage campaign against governments, religious groups, and non-governmental organizations (NGOs) by, in some cases, possibly exploiting a vulnerability in Microsoft Exchange servers.

    +Symantec's Threat Hunter Team said the campaign, which aims to spy on targeted victims and steal information, likely started in mid-2021, with the most recent activity detected in February. It may still be going on, the researchers observed in a report this week.

    The Threat Hunter Team team is attributing the attacks to Cicada, also known as APT10 – a group that has been operating for more than a decade and that intelligence agencies in the US have linked to China's Ministry of State Security. The researchers are pointing at Cicada because a custom loader and custom malware that have been used exclusively by the group were found in victims' networks.

    Continue reading
  • China-linked malware targeted secure networks in 'multiple governments'
    'Daxin' malware creates backdoors and may have been used since 2013

    The United States' Cybersecurity and Infrastructure Security Agency (CISA), working with security vendor Symantec, has found an extremely sophisticated network attack tool that can invisibly create backdoors, has been plausibly linked to Chinese actors, and may have been in use since 2013.

    Symantec's threat hunting team has named the malware "Daxin" and described it as "a stealthy backdoor designed for attacks on hardened networks". The Broadcom-owned security firm says it's found samples of the malware dating back to 2013, and that features present in recent versions were also found in older cuts of the code. Those recent versions of the malware have been associated with "China-linked threat actors".

    CISA's advisory about the malware describes it as "a highly sophisticated rootkit backdoor with complex, stealthy command and control functionality that enabled remote actors to communicate with secured devices not connected directly to the internet". The agency asserts that Daxin "appears to be optimized for use against hardened targets, allowing the actors to deeply burrow into targeted networks and exfiltrate data without raising suspicions".

    Continue reading
  • NortonLifeLock sniffs around Avast, announces 'advanced discussions' for acquisition
    Company now has 28 days to make up its mind

    NortonLifeLock, the somewhat clunky moniker adopted by the former consumer business arm of the Symantec Corporation, has announced "advanced discussions" with rival Avast over a possible merger.

    "A combination of NortonLifeLock and Avast would bring together two companies with aligned visions, highly complementary business profiles and a joint commitment to innovation that helps protect and empower people to live their digital lives safely," a NortonLifeLock spokesperson claimed in a message to investors.

    "We would draw on the best of both companies to ensure that the combination would benefit our customers, reward our employees and maximise long term value for all shareholders."

    Continue reading

Biting the hand that feeds IT © 1998–2022