Follow by Email

Tuesday, March 6, 2012

Hackers, Part 2

Today, the FBI took down LulzSec, the splinter group of hackers responsible for so many incursions. Months ago, I speculated that they were known down to the person but I was premature. It turns out that their leader, "sabu" was known, though. That's when the FBI secretly arrested him and turned him into the most interesting mole in hacker history. While, in Hackers Part 1, I speculated that they were disbanded, it turns out that they had turned their efforts onto a new theme, AntiSec. It is good someone got them, because they supposedly had thousands of infected servers at their beck and call (topiary claimed this).

LulzSec, populated with personalities like sabu (Hector Xavier Monsegur of New York), kayla (Ryan Ackroyd of London), topiary (Jake Davis of London, actually arrested last year), pwnsauce (Darren Martyn of Ireland), palladium (Donncha O'Cearrbhail of Ireland), and anarchaos (Jeremy Hammond of Chicago), were responsible for a number of attacks that penetrated systems (mostly using password hacks), stole data and simply posted it (mostly on pastebin.com). Data sometimes included identity information and credit card information. But they really liked to ply DDoS attacks, which are made possible (and apparently popular) using off-the-shelf software like LOIC. The complicated process in finding anarchaos is detailed in this link.

Then things heated up, and in June 2011, other groups started outing LulzSec members. The link points to a pastebin post by the A-Team, a public rival hacking group. Their speculation about topiary was wrong, it appears, but they got sabu right. I wonder how other specified members uncommon, laurelai, eekdakat, nigg, madclown, avunit, tflow, and joepie91 are faring. They are listed in this link, some with names and addresses. Maybe they are on the way. But again, if they got topiary wrong and sabu right, then their record isn't exactly perfect.

In either case, Alpha Mike Foxtrot!

So it's clear that, when this happened, the FBI moved in and turned him. That can't be good for the other members.

This is on the heels of two interesting developments in hackerdom. The first is Anonymous and their prying into the international anti-hacking taskforce's conference calls. The second is the spoofing of Anonymous for the insertion of malware into their actual computers.

The FBI kind of got a black eye when Anonymous posted details of a conference call (the Anon-Lulz International Coordination Call) that occurred between the anti-hacking taskforces in both the US and the UK. The FBI recently admitted that this occurred. So that tells us that the posted transcript of the call was actually correct. It was during this call that the Anonymous member tehwongz was outed. Well, he's a 15-year-old kid, so no names were mentioned. He claimed to have hacked Valve's Steam network. The conference call was hacked by palladium (also known as anonsacco) and this is detailed in this link.

The other notable incident seemed to pass by without notice, although it did receive netplay. Here, a purported Anonymous tool for hacking, posted on pastebin.com, was actually malware in itself. This means that all the Anonymous sympathizers that downloaded and used this code, were infected with malware that would send their dox (identities and other useful information) to someone. This was detected by Symantec very recently.

I speculate that someone wants to know who they are. And get this interesting tidbit of information: the malware was spoof-posted on pastebin right after the MegaUpload raid.

It might be a perfect thing for a government to do to get these guys. First the MegaUpload raid occurs, enraging the hacktivists, then a malware post occurs, then the Anonymous hacktivists decide to use the tool to stage a DDoS attack. And voila! Plenty of names and IP addresses are streaming in.

We will see in the coming weeks and months what comes of this, I think.

No comments:

Post a Comment