From: Ori Livneh <firstname.lastname@example.org>
To: Robert Christ <email@example.com>
Cc: Tom Gillis <firstname.lastname@example.org>, email@example.com, Devin Balkind <firstname.lastname@example.org>, Jake <email@example.com>, firstname.lastname@example.org, Occupy Indy <email@example.com>, Ted Schulman <firstname.lastname@example.org>, Ron Suarez <email@example.com>
Date: Thursday, October 13, 2011 10:40:08 PM
Subject: Re: [Ows_solutions] Fwd: [NYCGA Internet] Fw: Occupy Philly hacked in conjunction with Occupy Boston, Seattle, Atlanta police raids?
1) rootkits on donated machines could've been put there by law enforcement. Just this week, the German government admitted to using trojans to spy on its citizens
. If at all possible, one or more of the infected machines should be turned off
and set aside for forensic analysis. If this is not possible, try to at least make an image of the hard drive using something like TestDisk
. This could be used as evidence.
2) A simple way to protect against malware is to disable (better yet: remove) the hard drive and boot the machine using a linux live CD. I particularly like Puppy Linux
. It is vitally important to require each user to reboot the machine before use. Make sure someone trustworthy burns the CDs, and verify the checksums before installation.
On Thu, Oct 13, 2011 at 9:09 PM, Robert Christ <firstname.lastname@example.org>
Hey all, I'm finance at OWS. One of the cities I'm in regular contact with is Occupy Philli. They claim their internet outreach was hacked simultaneously with the Occupy Boston Police Raid. Apparently they were nervous enough about it to pass the information to me, their contact in NYC. I promised I'd pass their IT guy's info (that's steady Dan) to our Internet team.
so yeah, one of the members of our Internet team should call this Dan guy and see what all the fuss is about.
Thanks guys, you're doing a fantastic job!