LulzSec Snitch Claims To Be TeaMp0isoN Member. Oops.

Mike Major Jr of Halethorpe, MD claims to be a greyhat hacker who "does whatever feels right at the time". Major and his friend m_nerva leaked LulzSec chatroom logs which have helped authorities identify some of LulzSec's key members. Major (aka hann) told his story to Bruce Goldfarb and according to the Patch.com article claimed to be part of Team Poison (TeaMp0ison); a hacker crew who attacked LulzSec for being nothing more than script kiddies. Major's comments in the article didn't ring true to me, particularly after I had read a June 25th article in  The Independent which featured an interview with a disguised member of the TeaMp0isoN hacker crew named TriCk.

TriCk is a practicing Muslim who "don't (sic) fear MI5, the FBI, or the CIA." "I class them as thugs and criminals", said TriCk. "I only fear God." TriCk said that TeaMp0isoN had a total of 3 members who only knew each other online for the past 5 years. Last December, according to TriCk they dumped the web servers of the English Defence League and published its membership list and defaced the website of Indian politician Rahul Gandhi.

A search of the Zone-H.org archives returns 1,418 notifications so this is an active team. One recent defacement was of sven_slootweg.nl with credit taken by TriCk and In^SaNe, and "greetz" to Hex00010, d0ped, ZHC, Steem, MLT, BxR, and BlackHaker. Another defacement by TeaMp0isoN in June 2010 against Poland's Department of Defense website lists 3 TeaMp0isoN members: TriCk aka Saywhat?, Luit, and Hex00010 with "greetz" to ZHC, Spider, TaZii, Code5, f0rsaken, Muneeb, PAKBugs, null, d0ped, and RoCkBomB. In other words, there are three members to this crew and none of them are "hann" or his friend "m_nerva".

LulzSec called out m_nerva and hann back on June 22 as snitches and posted their personal information at Pastebin. m_nerva apparently just had a visit from the FBI. Now that Mike Major Jr has falsely claimed credit for being a part of TeaMp0isoN, he's not only a rat but a poser; two qualities that serious hackers just love.

Add to Cart View detail

Huawei, Ryan Cleary, and Why The UK Is Headed For A Cyber Disaster

While the British government is busy prosecuting a teenager for the DDOS attack against SOCA, they are embracing China's national champion firm Huawei with open arms. Last year, Huawei opened a Cyber Security Evaluation Centre in Oxfordshire where its source code and presumably the source code of other companies could be examined for  backdoors by representatives of Britain's Communications-Electronics Security Group (CESG). This is the same strategy that has worked to Huawei's benefit in India just a few days ago where it has been given the green light to set up a similar lab in Bangalore, much to the chagrin of members of India's cybersecurity community with whom I've spoken privately.

Not only is the British government contracting with Huawei for significant work such as providing mobile phone service for London's subway system for the 2012 Olympics, but they do so in spite of warning by their own intelligence services. While other nations like the U.S. worry about China's plans to launch a pre-emptive strike against the power grid in the event of an impending attack, Britain has sold over 50% of its power grid to a Chinese company, which pretty much makes concern about an attack against CI a moot point. But by God, they're going to prosecute anyone who dares take a government website off-line because they're SERIOUS about cybersecurity in the U.K.

Related Posts:
Huawei's Chairwoman Worked For China's Ministry of Public Security
The Cyprus-Vienna Connection In Huawei Bribery Case
Does Huawei Support China's Monitoring Laws?

Add to Cart View detail

Who's Who in the AntiSec Movement

The following is a summary of known entities in the Anti-Security movement as of 1800 Pacific 25 June 2011. I'll be maintaining it with updates on a regular basis and invite readers to add to this information through the comments section or via email. My contact information and public key is available here. This page will load slowly due to the Silobreaker.com screenshots so please be patient.

You can check for the latest announcements of compromised data by AntiSec hackers in the ZeroPaid feed along the sidebar of his blog.

Latest update:  1418Z 01JUL2011

www.silobreaker.com

Anonymous
Description: A loose collective ("hive") of activist hackers or "hacktivists" that self-identify as a political movement for change [4]
Website: http://anonops.blogspot.com/
Twitter: @anonops
Leadership: the organization claims to have no specific leader however it utilizes spokespersons and IRC moderators that assume the role by default.
Associates:
Barrett Brown - former spokesman who left Anonymous to form Project PM [6]
Anony_ops (@anon_central) - current spokesman
Ryan Cleary (aka "Ryan"): left Anon to form LulzSec [6]; responsible for exposing data from Anonymous IRC channel [7]; publicly identified later as Ryan Cleary by other Anonymous members in retaliation, then arrested by Scotland Yard for attacking the SOCA website [8]
Owen: identified as one of Anon's leaders by Ryan
Kayla: former Anon member, split to form LulzSec with OpSony [5]
Sabu: identified as one of Anon's leaders by by Th3J35t3r [3]; left Anonymous to form LulzSec
Topiary: Left Anonymous to form LulzSec
Affiliates:
AnonItaly: Twitter @anonitaly
AnonAustria: Twitter @anonaustria
RedHack Team (Turkey): Twitter @r3dh4ck
PirateBoat "Your Anon News": Twitter: @BrazilAnonymous
IRC: irc.anonops.li
LocalLeaks: Blog, Repository
HackerLeaks: Blog, Repository

AnonymousIRC
Description: LulzSec merged back with Anonymous on 25 June 2011. Since then, AnonymousIRC (@AnonymousIRC) has become the voice of the AntiSec movement.
Affiliates
Facebook: Operation Payback

www.silobreaker.com

LulzSec
Description: LulzSec was formed by at least 4 ex-Anonymous members who preferred a more aggressive posture than membership in Anonymous offered them. They created a splinter group called LulzSec after the success and media attention garnered by their HB Gary Federal and HB Gary attacks. LulzSec head Sabu announced that LulzSec has ended "its cruise" today 25 June 2011 via Pastebin.
Website: http://lulzsecurity.com/
IRC: http://irc.lc/anonops/antisec/LulzLizard[@@@]
Twitter: @LulzSec
Members:
Sabu: Identified as LulzSec leader by Th3J35t3r [3]; Twitter: The Real Sabu (@AnonymouSabu)
Ryan: See above
Kayla: See above
Topiary: See above (Twitter: @atopiary)
m_nerva: a former member of LulzSec, m_nerva leaked LulzSec's chat logs and in retaliation, LulzSec released m_nerva's identity.

Affiliates
LulzSec Scotland (Twitter: @LulzSecScotland)
LulzSec Brazil (Twitter: @LulzSecBrazil, @LulzSec_br)
LulzSec Italy (Twitter: @LulzSecItaly)
The Lulz Raft - Canada (Twitter: @LulzRaft)

www.silobreaker.com

The Jester (aka th3j35t3r)
Description: Jester (th3j35t3r) is a self-defined grey-hat "hacktivist for good" who has been hacking LulzSec IRC channel servers and posting the information to PasteBin. Additional background is available at his Wikipedia entry. He maintains a blog and is believed to be part of Team Web Ninjas".
Twitter: @th3j35t3r

www.silobreaker.com

TeaMp0isoN
Description: Team Poison is a Muslim hacker crew with 3 members. They have taken credit for releasing former Prime Minister Tony Blair's personal contact list online as well as publishing the membership list of the English Defense League in December 2010. [1] . They have been attacking LulzSec as script kiddies and not true hackers.
Twitter: @TeaMp0isoN_
Members:
TriCk (aka SayWhat?): TriCk is a teen college student living at home in the U.K who claims to have started hacking when he was 11 years old. [1]
iN^SaNe
Luit [13]
Hex00010 [13]


NOTE: hann claims that m_nerva was also a member of TeaMp0isoN however this earlier article which contains an interview with a different TeaMp0isoN hacker (TriCk) intimates that they were part of LulzSec [1]

www.silobreaker.com

Warv0x (AKA Kaihoe)
Description: A hacker who, like Team Pois0n, opposes LulzSec as script kiddies and is seeking to demonstrate his superiority by attacking former LulzSec targets like PBS in a more advanced way.[9] Unlike Team Pois0n, he doesn't claim any religious or political affiliations. Warv0x (Kaihoe) appears to be a new alias with no history before 2011.


Operation Anti-Security
Description: Operation Anti-Security was jointly launched by Anonymous and LulzSec on 19 June 2011 with the directive to attack government agencies and leak classified documents [11].
Twitter hash: #antisec
Independent Affiliates
ub3rleet5 (Twitter: @ub3rl33ts)
Phsy (members include @stramble)
List of attacked organizations as of 25 Jun 2011:
Columbian Black Eagles Special Police Unit
Arizona Dept of Public Safety
U.K Serious Organized Crime Agency
Brazil.gov.br
Presidencia.gov.br
Tunisia.gov.tn (27 Jun 2011)
agcom.it (28 Jun 2011)

AntiSecPro Security Team
Description: After LulzSec announced the end of its operations on 25 June 2011 and its merge with Anonops, Anonops announced the formation of AntiSecPro Security Team via their IRC channel. According to their 26 Jun 2011 release, the team is not currently active but is in a slow growth phase and includes a school for new hackers. The leaders have stressed the need for secrecy in the new group, making it a top priority:

"It is very important that any member of this team to not offer or expose any type of information that may identify themselves. It is also strictly prohibited to ask for any information about an individual which at minimum includes, name, location, picture and gender rather it be to the individual personally or via another source. It is your responsibility to protect this information, also to report to one of the founders so measures can be addressed."

Server: irc.anonops.li
Channel: #antisecpro
School for new hackers: http://lolhackers.com/school/
Attacks:
28 June 2011

1. Zimbabwean government dumps
2. Mosman Municipal Council (mosman.nsw.gov.au) dump
3. Universal Music Group Partners dump 1 & 2 containing umusic.com's user:passwords
4. Viacom dump containing internal mapping of Viacom and its servers
5. Assorted Brazillian Government dumps and passwords







References:
[1] "Inside the secret world of the geeks with the power to unleash anarchy", The Independent 25 June 2011: http://www.independent.co.uk/news/uk/crime/inside-the-secret-world-of-the-geeks-with-the-power-to-unleash-anarchy-2302562.html
[2] "UK Serious Organised Crime agency website down after LulzSec Ddos attack": The Hacker News 20 June 2011: http://www.thehackernews.com/2011/06/uk-serious-organised-crime-agency.html
[3] "Th3J35t3r (The Jester) claim to expose identities of LulzSec Leader "Sabu"": The Hacker News 24 June 2011: http://www.thehackernews.com/2011/06/th3j35t3r-jester-claim-to-expose.html
[4] "Interview with Anonymous( Anony_ops OR Anon_Central)": Hacker News 18 June 2011: http://www.thehackernews.com/2011/06/interview-with-anonymous-anonyops-or.html
[5] "Hackers claim rogue Anonymous faction behind PSN attack" Electronista.com; 5 Jun 2011:
http://www.electronista.com/articles/11/05/06/splinter.from.anonymous.said.at.fault.for.psn.hack/#ixzz1QJDqKaZh
[6] "Anonymous "Spokesman" Quits, Forms Splinter Group": HITB.com; 17 May 2011: https://news.hitb.org/node/41304
[7] "The hackers hacked: main Anonymous IRC servers invaded". ArsTechnica.com: 17 May 2011 http://arstechnica.com/tech-policy/news/2011/05/the-hackers-hacked-main-anonymous-irc-servers-seized.ars
[8] "Teenager Ryan Cleary charged with attacking website of UK law enforcement agency" The Telegraph 22 June 2011: http://www.telegraph.co.uk/technology/8592487/Teenager-Ryan-Cleary-charged-with-attacking-website-of-UK-law-enforcement-agency.html
[9] "PBS and WriterSpace hacked again by WarV0x". The Hacker News 24 June 2011: http://www.thehackernews.com/2011/06/pbs-public-broadcasting-service.html
[10] "Inside LulzSec: Chatroom logs shine a light on the secretive hackers", The Guardian, 24 June 2011: http://www.guardian.co.uk/technology/2011/jun/24/inside-lulzsec-chatroom-logs-hackers?intcmp=239
[11] "Operation Anti-Security" Pastebin.com 19 Jun 2011: http://pastebin.com/9KyA0E5v
[12] TeaMp0isoN June 2010 defacement lists members: http://zone-h.org/mirror/id/11005813

Add to Cart View detail

The Rapid Rise and Fall of LulzSec

This is more of a prediction than a statement of fact but I feel pretty confident in saying that LulzSec won't be around for much longer. Anonymous may still avoid LulzSec's fate depending on whether they decide to abandon the AntiSec movement and stay focused on battling repressive regimes like they did with Tunisia, but they only have a small window of time to make that decision.

The reason why I'm making this prediction is because of today's New York Times article on the take-down of DigitalOne.com by the FBI. That's bad enough but it's not why LulzSec is screwed. They're screwed because the U.S. Intelligence Community has learned how to collaborate. It's taken them years but the historical animosity between CIA, FBI, and NSA has just recently diminished to the point where they are now able to work together better than ever before. And lucky LulzSec, they're all focused on you right now.

Now you might not be too worried about the FBI considering the state of their InfraGuard sites in Atlanta and Connecticut, and you might even be naive enough to believe that crashing the CIA's public website means you have nothing to fear from them either. Frankly speaking, if that's true - you couldn't be more wrong. Unlike the FBI and your local police, CIA isn't constrained by the same rules. It has resources that other agencies salivate after, including its own Army, Navy, and Air Force. It's people love what they do so much that even after they retire they stay in the game. And while Anonymous likes to say that they never forget, the Agency has a well-deserved reputation of getting even with anyone who fucks with them. You, apparently, have made that very unfortunate list. If you guys make it to Labor Day without either getting arrested, disappearing, or self-destructing, I'll be very surprised. Either way, you'll be featured in the new edition of my book for sure.

UPDATE: (25 Jun 2011) LulzSec announces it has ended operations via a post at Pastebin:

1. Friends around the globe,
3. We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.
5. For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others - vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It's what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.
7. While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn't that interesting to know? The mediocre painter turned supervillain liked cats more than we did.
9. Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we've gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don't stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.
11. So with those last thoughts, it's time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.
13. Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.
15. Let it flow...
17. Lulz Security - our crew of six wishes you a happy 2011, and a shout-out to all of our battlefleet members and supporters across the globe

Add to Cart View detail

AnonOps, LulzSec, & The Modalities Of nth Dimensional Conflict

Credit: Perceivin da multi dimensions

This post contains the beginning of my work to develop a new model with accompanying strategies for defending against anarchist clusters like LulzSec and Anonymous as well as more traditional opponents in cyberspace. I've named it the Principles of nth Dimensional Conflict. Since this is a work in progress and because I intend to flesh the principles and modalities out in more detail in the 2nd edition of Inside Cyber Warfare, I hope that interested parties will feel free to leave a comment with their thoughts and suggestions.

The genesis of this idea began with my first book in which I used the science fiction metaphor of a parallel universe to describe cyberspace: "a mysterious, invisible realm existing in parallel to the physical world, yet able to influence it in countless ways" (p.xiii). It's also why I've opposed the classification of cyberspace as a fifth warfighting domain. The Department of Defense as well as national and international law enforcement agencies have been relying upon traditional models to combat offensive cyber operations of all types with only marginal success. The information security community whose mission is to build software that protects private and government networks has failed miserably in executing that mission. In fact, some of their core principles such as publicizing vulnerability research may be causing more harm than good. The latest innovation is the rise of anarchist clusters like Anonymous and LulzSec who seemingly breach government and corporate websites at will. It has become clear to me that false assumptions about the battlespace have produced ineffective, possibly harmful defensive strategies and that we have to start fresh.

I've laid out some baseline principles that underlie recommended modalities or modes of action. In addition to my own interest in Complexity theory and Quantum physics, my thinking in this area has been greatly influenced by a research paper published by JASON in November, 2010: "Science of Cyber Security".

The Principles:

• Cyberspace is an artificially constructed environment that is only loosely tied to the physical universe and is not constrained by three dimensional space, therefore there are few apriori constraints on either the attackers or the defenders.
• It is not possible to definitively measure a level of security as it applies to the general operation of information systems (JASON).

The Modalities:

• Uncertainty and randomness favor the adversary, therefore defenders must implement components of randomness and uncertainty as part of a network defense strategy
• Since it isn't possible to anticipate every type of attack, the defender must become a competitor to the adversary and continually attack his own system "in the hopes of finding heretofore undiscovered attacks" before the adversary does.
• Transparency such as commercial anti-virus systems and InfoSec research favors the adversary. Secrecy favors the defender.
• For the adversary, trust is more important than identity. Since the Internet favors anonymity by design, defenders may achieve more success by breaching an adversary's trust loop than identifying who the adversary is.

I intend for this project to evolve into something more tangible in relatively short order but I don't expect it to be well-received. There's a lot of money invested (and being made) in the current flawed model and there's no scientific method that can be applied to the field of cybersecurity to help persuade skeptics. Absent scientific evidence, the best reason for corporate executives, military planners, and government policy makers to force themselves to explore and consider alternate paradigms like this one is the rapidly growing popularity of anarchistic hacker crews like LulzSec who will continue to thrive in the antiquated security environment that we've created up until this point. It's time to not only change the game, but the dimensional universe that the game is played in. Yes, we can do that in cyberspace.

Add to Cart View detail