PayPal CISO hits out at antisec, as Anonymous publishes employee credentials of agricultural company


The chief information security officer of PayPal has called for an end to the antisec campaign of hacktivism and for the identities of hackers involved in the operation to be revealed.

Speaking to SC Magazine Australia, Michael Barrett called on the industry to identify those behind antisec, saying that they ‘delude themselves that they are anonymous on the internet, they are not'.

He said: “They can be found and for the continued safety of the internet, we must identify them and have legitimate law enforcement processes appropriately punish them.”

Last year, PayPal's blog website was taken offline following a distributed denial-of-service (DDoS) attack launched by activists angry that the company had frozen a donations account to WikiLeaks.

Hacking group Lulzsec also claimed in June that it had released login information for 62,000 web accounts, which included PayPal credentials. PayPal denied this, saying that captured usernames and passwords were not necessarily associated with PayPal but may be valid if people had used the same login credentials for multiple sites.

Yesterday, Trend Micro director of security research Rik Ferguson criticised the antisec movement, saying that it had gone against exposing oppressive governments and contractors to impacting members of the public. Barrett agreed with this view, claiming that the antisec mission statement was a false philosophy.

He said: “While many of them claim to be defending the internet they love, in practice it would seem that they are only hastening its demise. A cynical interpretation would suggest that what most of them desire is actually their ‘15 minutes of fame'.

“No one would suggest encouraging improved physical security in the real world by decriminalising breaking and entering and classifying it as a sport; why should the online world be any different?”

Anonymous responded with a message to Barrett, saying: “You sir, are much more deluded than we could have ever imagined.” It also said: “We think we have figured it out: PayPal's CISO Michael Barrett is asking for a free security audit. Nice try.”

Also this week, Anonymous published 2,550 names, addresses, phone numbers and email addresses reportedly linked to St. Louis-based agricultural company Monsanto.

Calling it ‘Project Tarmeggedon', Anonymous said that it was joining the struggle against ‘Big Oil' in the heartland of the US.

It said: “We stand in solidarity with any citizen willing to protest corporate abuse. Anonymous will not stand by idly and let these environmental atrocities continue. This is not the clean energy of the future that we are being promised.

“We will, over the course of the next few days, use the powers we posses to spread news about this scenario and the corporations involved. The continued development of the tar sands is a major step backward in the effort to curb global warming.

“Anonymous will not suffer this without a fight, and Operation Green Rights will always support the rights of the people to live in an unpolluted world, and aim to help safeguard it for the future. One way or another.”

A statement from Monsanto acknowledged the leak. It said: "Today, a number of public and private institutions are facing cyber threats and actions around the world. Such threats are not new and something that Monsanto is constantly working to protect against.

“Last month, Monsanto experienced a disruption to our websites which appeared to be organised by a cyber group. In addition, this group also recently published publicly available information on approximately 2,500 individuals involved in the broader global agriculture industry. 

“Contrary to initial media reports, only ten per cent of this publicly available information related to Monsanto's current and former employees. The list also included contact details for media outlets, as well as other agricultural companies. Information on these attacks has been turned over to the appropriate authorities. We remain vigilant in protecting our information systems.”


Sign up to our newsletters