The Stuxnet virus, an advanced worm that has been spreading around the Internet since 2010, has been revealed as a combined effort by the U.S. and Israel to cripple Iran's nuclear program. The virus was created as part of an operation called Olympic Games, started under the Bush Administration and continued under President Obama, according to David E. Sanger's new book Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power.

Initially meant to target Iran's Natanz nuclear plant, the virus broke loose in 2010 due to a programming error. In an emergency Situation Room meeting, Obama approved continued cyberattacks on the Natanz plant, and more advanced versions of Stuxnet eventually took out 1,000 of Iran's 5,000 uranium-processing centrifuges.

According to Sanger, Olympic Games "appears to be the first time the United States has repeatedly used cyberweapons to cripple another country's infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives."

The future of the virus is uncertain, but the administration has considered using it in North Korea, China and Syria.

Sanger's book is due out next Tuesday.

[nyt.]

Hacker collective Anonymous is back with a 1.7 GB dump of data that they claim "used to belong to the United States Bureau of Justice Statistics, until now."

The file was uploaded to the Pirate Bay earlier today. Although its contents haven't yet been verified, an Anonymous press release claims it includes "lots of shiny things such as internal emails, and the entire database dump."

BJS hasn't issued a statement acknowledging the hack yet, but Anonymous claims that, "We Lulzed as they took the website down after being owned, clearly showing they were scared of what inevitably happened."

[gawker.]

A security breach at credit card payment processing company Global Payments, Inc., which processes payments for Visa and MasterCard, may have compromised more than 10,000,000 card numbers.

Global Payments has confirmed that the breach was discovered in early March.

Visa and MasterCard have been warning banks about the breach, providing lists of specific cards that may have been compromised, and banks are currently combing transaction data to look for common points of purchase for the compromised cards.

Security reporter Brian Krebs, who broke the story, says that the many of the cards were used in parking garages in and around New York City. Two law enforcement sources also told Krebs that the breach may be connected to Dominican street gangs based in NYC.

Both major credit card companies have issued statements saying that their core networks haven't been compromised.

Meanwhile, Global Payments stock has been suspended for trading after dropping 9% on the Nasdaq on news of the breach.

[mashable]

Hacker group LulzSec recently announced it was reassembling for more hacks after former leader Sabu was revealed as an FBI informant and several members of the group were arrested.

The new LulzSec launched its first attack yesterday, hacking dating website Military Singles and making off with email addresses and passwords for 170,937 accounts.

When the administrator of the site -- which is run by a company called ESingles -- questioned whether it had actually been hacked, LulzSec posted the account info to pastebin and placed the above image on the Military Singles homepage.

On LulzSec's new Twitter account, the group denied it was associated with any of the planned hacks mentioned on a supposedly LulzSec-affiliated YouTube account, writing, "There is no schedule of the hacks we will do everything spontaneously ..."

[slashgear]

Members of hacker collective Anonymous took down two websites related to Pope Benedict XVI's planned trip to Mexico, claiming that the papal visit is a politically-motivated move to boost support for the conservative National Action Party in elections.

Anonymous said in a video that the Pope's visit is timed to coincide with the official start of the presidential campaign season in Mexico, and the money it cost could have been better spent to help the country's poor.

The websites taken down in the attack listed the Pope's schedule of activities in Mexico. A spokesman for the Mexican Episcopal Conference said the attack "does damage to the logistics" of the papal visit.

The official website of Guanajuato, the conservate-leaning Mexican state where the pope's visit is scheduled to start, was also down on Thursday, but that outage hasn't been confirmed as the work of Anonymous.

[wapo]

A Linux-based operating system with built-in hacking tools is being billed as the work of Anonymous, but representatives of the hacker group say that Anonymous-OS is not their work, and could even contain malware.

The custom Linux distro, based on Ubuntu 11, comes with dozens of preinstalled hacking and security apps, as well as notorious DDoS tools like slowloris and HOIC (High Orbit Ion Cannon).

According to the @AnonOps Twitter account, though, the OS -- which has now been downloaded over 20,000 times -- is "fake" and "wrapped in Trojans."

Its creator has denied those accusions, arguing that "in our world, in Linux and opensource world, there is not virus."

That's not exactly true, though. In fact, Anonymous' own slowloris DDoS tool was recently hit by the Zeus trojan.

For now, it looks like aspiring hackers would better off not downloading Anonymous-OS, and getting the security apps they need from a trusted source instead.

[geek]

Hacker group Anonymous has taken down several Vatican websites, including the Catholic Church's main site at vatican.va. The group says the attacks were not against Catholics around the world, but against the "corrupt" Church.

"Anonymous decided today to besiege your site in response to the doctrine, to the liturgies, to the absurd and anachronistic concepts that your for-profit organisation spreads around the world," the hackers said in a statement posted to Pastebin.

Anonymous also accused the Church of executing its detractors throughout history, harboring Nazi war criminals, allowing child molestation, and interfering in the daily lives of Italians.

The hacker group tried and failed to attack the Vatican website last year, according to a new report called "The Anatomy of an Anonymous Attack," published just days ago by computer security company Imperva.

Today's attack comes one day after key members of Anonymous and LulzSec were indicted for conspiracy to commit computer hacking, and just hours after Anonymous hacked several websites belonging to Spanish computer security firm Panda Security.

[afp]