Archive for January 5th, 2011
Anonymous Fallacies: To LOIC or Not To LOIC, That is the Question
BY ANONYMOUS ON THE 9TH OF DEC 2010 08:01:14 PM
Educate: Operation Payback
1) http://twitter.com/op_payback
2) http://anonnet.org/
3) http://www.youtube.com/watch?v=kZNDV4hGUGw
4) http://www.mediaite.com/online/anonymous-posts-video-message-describing-their-mission-in-defense-of-wikileaks/Jester(Robin Jackson) Information
1) http://svc.mt.gov/gsd/onestop/upload/UEFRFI.doc (Government Document)
2) http://helenair.com/news/article_8e648ac0-fddd-11df-9d90-001cc4c03286.html (press article with a photo of him)
3) http://twitter.com/th3j35t3r (Jesters twitter)
4) http://dc406.com/ (Registered by robin jackson and has the jester poker on the left)Participate: LOIC || IRC [See Caught: Warning and Escape for further information]
1) http://pastehtml.com/view/1c8i33u.html [download LOIC/discuss IRC]
2) NO TARGET [target LOIC]Participate: Wikileaks Insurance
1) http://utorrent.com [download Bittorrent]
2) http://torrentfreak.com/how-to-encrypt-bittorrent-traffic/ [encrypt traffic]
3) http://peerblock.com [block dangerous IPs]
4) http://thepiratebay.org/torrent/5723136/WikiLeaks_insurance [download the file]Participate: Expose the Fiction
1) http://img23.imageshack.us/img23/4958/1291867745327.jpg
2) http://img143.imageshack.us/img143/4684/1291862911917.jpgParticipate: Expose the Truth
1) http://www.wikihow.com/Google-Bomb [Keyword: Operation Payback]
2) http://www.time.com/time/specials/packages/article/0,28804,2028734_2028733_2028727,00.html [vote @ 98, revote with InPrivate Browsing]
3) http://i54.tinypic.com/30jij2q.png [Facebook Avatar]Participate: Other Tools
1) http://www.techpavan.com/2009/08/17/what-black-fax-black-fax-attack-why-how-to-do-black-fax/ [Target: Unknown]
2) http://atdhe.net/watch-bbc-news.php [Enjoy the lulz]Clean Up: Protect Yourself
1) http://www.piriform.com/ccleaner/download [download CCleaner]
2) Tools > Driver Wiper > Select Drive > Wipe Free Space > Gutman (35) > Wipe
3) http://www.truecrypt.org/ [download TrueCrypt]
4) Select Drive > Encrypt
5) http://www.aboutcookies.org/Default.aspx?page=2 [delete browsing cookies]
6) http://lifehacker.com/5530828/start-any-browser-in-private-browsing-mode [launch as InPrivate Browsing]
7) http://techpp.com/2009/07/09/top-5-free-vpn-clients/ [download VPN service]
8) Set wireless network to unsecured or WAP to claim you were hacked if v&Caught: Warning and Escape
1) DO NOT PROXY. It will affect the proxy, not the target. That’s why you use VPN.
2) DO NOT attack on a school, work, or company owned network; your traffic is heavily monitored. You will get caught.
3) DO NOT attack by yourself or in small numbers, you will get caught. While in larger numbers, it’s minimal if non-existant, and if server goes down it’s impossible to recover corrupt data on who attacked.
4) DO NOT “bot net” it is illegal. DDoS with LOIC is legal, however.
5) CHANGE your MAC IP after destroying the internets, or risk having your e-mail MAC IP traced back.
6) If you are v& (vanned) declare you had no participation in this event. Note you are using a dynamic IP address and that many different people use it, because it’s dynamic. If they prove that it was yours, then tell them you are a victim of a “botnet virus” that you had no control or knowledge of. Additionally if you set your wireless to unsecured or WAP prior to LOIC you can claim someone hacked your wireless. Case closed.
I found this on pastebin today and after reading through it, I have to re-consider some of the idea that there is a core group of competent hacker types running the show at Anonymous. What really caught my eye is the section in red above, the admonition about “if you get caught” This is the most egregious set of instructions that I have ever seen and will only serve to land those of the “hive mind” in courts across the globe with a fair chance at getting truly buggered.
Let me take it point by point here:
1) DO NOT PROXY. It will affect the proxy, not the target. That’s why you use VPN.
VPN? VPN? WTF? What VPN are you talking about there skippy? If you use a VPN, then you are concentrating the traffic to a single IP exit node as well as making it just as easy to track. Which brings me back to “what VPN?” You have a service somewhere? Usually you only see VPN’s used in companies or personal use for secure access to systems behind firewalls.
Now, on the other side of this, umm yeah, proxy-ing the traffic for the LOIC makes sense and should have been used. As far as I have seen, the LOIC is just a glorified F5 key script. If you proxy then you will just be polling a site via proxy (hopefully without logging) to port 80 http. So, there may be more traffic on nodes of whatever proxy you use, but, the traffic should get there if the proxy is robust enough.
2) DO NOT attack on a school, work, or company owned network; your traffic is heavily monitored. You will get caught.
Ehhhhh depends on the company or school doesn’t it? I mean many colleges are still lacking in controls over their Internet traffic. However, I would say that they would be right.. Unless the traffic were VPN’d to a proxy outside. Then you would have something.
3) DO NOT attack by yourself or in small numbers, you will get caught. While in larger numbers, it’s minimal if non-existant, and if server goes down it’s impossible to recover corrupt data on who attacked.
Say what? No matter the volume of users, if the systems at the recieving end are configured properly and able to log the traffic, then ALL of your IP’s will be logged! As I suspect you will all soon find out after the Feds have audited those seized servers and logs from those who got DDoS’d
4) DO NOT “bot net” it is illegal. DDoS with LOIC is legal, however.
BAAAHAHAHAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHHA! Ok kids, Law 101 here. If you PARTICIPATE in a DDoS no matter if you use LOIC or a Botnet, you ARE in fact COMPLICIT in an act that is against the law. You don’t get any extra points for carrying out said attack for motives nor method of attack. This is especially true when you use a tool that does NOT obfuscate your IP addresses as you perform it. Whoever collaboratively wrote these do’s and don’t is culpable in your crimes too… As well as for the crime of stupidity.
5) CHANGE your MAC IP after destroying the internets, or risk having your e-mail MAC IP traced back.
WTF? Your MAC IP? Would you perhaps be meaning your MAC address as well as your IP address? Ya know, the IP address that you are not masking at all when you use LOIC to “destroy the internets” ?? OMFG, Here’s the “internets” manual RTFM please! This is even below skiddie level.
6) If you are v& (vanned) declare you had no participation in this event. Note you are using a dynamic IP address and that many different people use it, because it’s dynamic. If they prove that it was yours, then tell them you are a victim of a “botnet virus” that you had no control or knowledge of. Additionally if you set your wireless to unsecured or WAP prior to LOIC you can claim someone hacked your wireless. Case closed.
Once again, you have no real grasp of how the Internet works do you? Let me break it down for you…
A) Dynamic IP addresses do change, but, tend to remain the same for users a long time. Depending on the lease time set by the ISP you could have it for days. So trying to say that you are on a dynamic IP is pointless.
B) Any dynamic IP is going to be logged as to what account holds the IP address during that session in the logs!
C) Yeah, claiming there was a botnet malware package installed on your PC will do no good, unless you actually do that yourself before you do all of this.. and even THEN forensically it is easy to tell that you installed it and LOIC. Any way you slice it, unless you physically smash your machine or fully encrypt it with something like TrueCrypt AND shut it off before the feds knock your door down… You are fucked.
D) The un-secured wifi argument can work, but, I will go back to the forensics argument again.. We can see you. You lose.
In the end, this whole thing has been run like a train wreck. Anonymous has failed to think this all through and certainly has no idea about the legalities here to be telling anyone of these kids out there using LOIC that they are going to be ok. It may be all about the lulz, but soon it’s going to be all about CYA and lots of lawyers fees kids.
CoB
The Curious Case of Kellep Charles: A Ligatt Propaganda Story
On January 1st another “press release” came out over the Internet claiming that Kellep Charles, by all accounts a certified and serious individual in the information security world, had been appointed to the board of directors at Ligatt Security. On the Ligatt site as seen above in cached form (the page is now a 404 error) it names Kellep as a new member of the board. Now, this is nothing new with regard to people being touted as being added to the board. However, in this case, Kellep himself as others before, did not know that he was on the board as you can see by his surprise in a tweet below:
It seems that Kellep may have indeed offered to work with Ligatt to “clean up his image” but no sooner had he done this, then the Ligatt PR machine went into action and posted on the site and newswire that they had a new board member. What is most insidious here is that Kellep, as I said above is a multiply certified and seemingly above board member of the security community who’s reputation could be sullied by working with Evans and Ligatt because of their misdeeds in the past. What’s more, it is VERY telling that Kellep states that he was willing to “advise” Ligatt to help “clean up their image”
*blink blink*
Ok, Kellep.. Over here, camera 3… Yeah, umm I appreciate your wanting to help Greggy, but, now do you see the real trouble with Greg and his little company? I suspect you do now, but here it is again… He is a charlatan and a con man as well as a bully. He will use anyone and anything to get him to be the center of attention as well as become a wealthy player.
You have been duped and he has tried to play upon your good name to better his ignominious one in the community at large.
Sorry man.
So, now the clean up goes on. Ligatt has seemingly redacted the press release from the Internet (can’t seem to locate a prnewswire release, his usual propaganda tool) but what Ligatt fails to learn is the same thing that every teenage girl on the Internet learns post getting blitzed and naked for the camera; “There is no redacting everything from the Internet” It’s out there buddy and there is no pulling this one back. This however brings up a key point in the Ligatt play book, and it is exceedingly relevant to today’s “wikileaked” world. You see, Ligatt is trying to pull his own version of 1984 by not only using classical propaganda routines, but also those of redaction and modern spin. The funniest thing though is that Gregory and Ligatt are so spectacularly BAD at it! With every “release” on PR news wire and elsewhere, Greg thinks that he can re-spin his Ligatt Security presence into what he perceives it to be in his own delusional world view;
That of a global juggernaut of computer security and that he is a player, a mover and shaker.
Oh Greggy… Polishing a turd will only get you a shiny turd.
As for Kellep, I am sorry that you got dragged into this whole mess. You do not deserve to be lambasted because of your kindness, but, here is the warning that might nudge you to keep your wits about you in this business. There’s a lot of snake oil salesmen out there and this guy is a prime example. So in future, if you decide that you want to give any counsel to Gregory, then I should think that that counsel be to come clean and really work toward being an “expert” instead of just playing one on TV.
If I see you at Shmoocon I will buy you a beer… Cuz dude, I think you’re gonna need one after this debacle is over.
*note* Stay tuned folks.. There’s a new board member John W. Jones (Martian Manhunter!) has been added to the esteemed list! I wonder if he knows? More to come….
EDIT! Hat tip to iAlbert who located a copy of the Press Release! See Greggy, you can’t redact the Intertubes!
CoB
Krypt3ia 
