Thursday, July 16, 2009

Anti-Sec Goes Nuclear

Over the last few days a war appears to have broken out
... at least a war of words... in Internet space... on the Full Disclosure mailing list. Well, OK, it's more like a 3rd grade playground fight... between 2 fat kids.

The initial premise here is (or at least was) that someone claiming to be representing the Anti-Sec movement (that is, those that are against white-hat types... the "good hackers") got very annoyed with the whole concept of full disclosure. They (he/she) wasn't happy with all the bugs that were being disclosed publicly so that people (white hats, and vendors) could make money on it all... (Doesn't this just reek of the "whitehatscum" posts a few months ago?)...

This "Mission Statement" was part of a bigger rant posted to Full-Disclosure as the first shot over the bow...

"We are the Ant-Sec movement, and we are dedicated to eradicating full-disclosure of vulnerabilities and exploits and free discussion on hacking related topics. We are dedicated to stalling the ocean of script-kiddies currently trawling the Internet, and those so called "White Hat Hackers" who benefit financially from full-disclosure; employing scare-tactics in order to con people into buying their firewalls and anti-virus software.

Thus, our new targets are and Both are notable within the hacking underground and the computer security world, and both violate what the Anti-Sec movement is fighting for. Such as it is, both must be terminated...utterly."
Now...there is someone purporting to represent the "Anti-Sec Movement" making some pretty bold statements threatening to take down Milw0rm, HackForums and other white-hat-related full disclosure forums and post sites. Claiming to have at "their disposal" an handful of 0-day exploits including one for SSH and one for Apache (wait... didn't we all just agree that the SSH exploit was bunk?) Ant-Sec is going to take these sites down ... permanently.

Well this would all be even slightly [more] believable if either Milw0rm or were running exploitable Apache (and from the looks of it... it's some Apache variant... maybe... NetCraft can't identify 'em) No matter... maybe Anti-Sec has some awesome tricks up their sleeve?

Well, after some very interesting playgroud-style arguments on Full Disclosure over the past several days with lots of colorful language, mother-bashing, and death threats (on the Internet, really?) someone finally did take down... for a while - but not with any 31337 hack, rather... with a DDoS. How imaginative.

HackForums posted this:
"Recently HF has been under a very large DDOS attack. We have been forced to consider new options for hosting and we have also lost revenue the past few days. Many users have expressed a desire to contribute toward these costs and expenses. Use this paypal donate button and feel free to donate as much as you want. Any donations over $10 will recieve a special donators award. Any donations over $50 will recieve that and the Rich Bitch award as well. I thank you all for the support you have shown. Even if you can't donate your continued membership is valued. Thank you, Omni."
Anti-Sec then posted this very...creative post to the list claiming " Hacked". For the record... there is no such thing as "" you moron. And the accompanying "manifesto", if you can call it that, was this:
Blend in.
Get trusted.
Trust no one.
Own everyone.
Disclose nothing.
Destroy everything.
Take back the scene.
Never sell out, never surrender.
Get in as anonymous, Leave with no trace.

Uhmm... OK. Well let's see... how did "Anti-Sec" do so far against his own RoE (Rule of Engagement)?
  • Blend in- FAIL - hardly, loud-mouth
  • Get trusted - FAIL - by who?... obviously not
  • Own everyone- FAIL - this I'm going to want to see for myself... email me when you own "everyone" (;
  • Destroy everything- FAIL - you've (maybe) successfully executed a DDoS, congratulations you're now as 31337 as my 12y/o nephew
  • ... I'm going to stop there because this is already a train-wreck
Perhaps the finest response to this whole mass of mental vomit is this reply from someone called "Matthew 10:34"...
"Whoever hacked imageshack, I don't know who you are, but I certainly
appreciate your revival of the antisec movement. Imageshack getting
ruined is quite a big target. You guys clearly have the right idea of
how to get the message out.

However, you're missing some essential traits that many of the
original characters of the antisec movement had: a great sense of
humor, a flair for style, and a proper understanding of scorched earth
tactics. By taking the torch for the antisec movement you've got some
pretty big shoes to fill, and I'd like to offer some pointers for you
so that moving forward you may have hope of growing into them.

Jimjones' moral leadership of PHC employed a great use of humor, and
he clearly put his life where his mouth was as he is now in jail for
giving assistance to underground causes purely to satisfy moral
compulsions. I hope you believe in it as much as he believed in it.

You can get a message in front of many pairs of eyes. However, the
majority of the brains connected to them don't even have the IQ
necessary to understand that message. Would would have been a real
lesson to your target audience would have been the permanent
destruction of Imageshack's business model.

Imageshack converts UGC to pageviews to ad revenue. The proper
execution of this ruin would have been such:
* Encrypt a message to a widely-read public mailing list (like this
one) 24 hours before launch with your manifesto, and exactly what was
about to happen to imageshack
* Replace Imageshack images with shock pics and gore
* Release proof in the form of the key to decrypt original message
with plaintext manifesto and announcement

Countless retards' Myspaces covered in pain4.jpg would have
permanently destroyed the perception of Imageshack forever. It would
have left a milestone of a ruined business that people would have
remembered. As it stands, you covered retards' Myspaces with a
hifalutin document that they have no ability to understand and have
already forgotten. Its like you've bought a gigantic amount of
pageviews CPM style and written really bad copy for it.

A few years back, I think 2003 or whatever there was SQL slammer.
Insofar as worldwide impact it was probably the biggest ruin of all
time. There was no internet access or ATMs that worked in my whole
county. That's a pretty significant disruption of services. Nobody
remembers that shit. Any temporary disruption of services or user
experience will be forgotten. To do a truly transcendental ruin, you
have to permanently destroy something, whether it be someone's
business or career. The original antisec movement knew this, and
consistently generated destruction that made a difference in peoples
lives. Men are slower to forget an idea when someone gets nailed up to
a cross over it. (BlueBoar, lookin' right at you)

I hope you grow into those shoes you're trying to wear. They're of the
finest material and craftsmanship."

[For those of you wondering, Matthew 10:34 reads like this: "Think not that I am come to send peace on earth: I came not to send peace, but a sword." ... Fitting, no?]

In case you're left wondering... JimJones and PHC has some history here:

So... maybe this isn't a war amongst hackers for control of the precious information which is 0-day. Maybe this is just about some bored school-kid on summer break, trying to get people all cracked-up and crazy...

So ... in short, I wish my spam filter had caught this... but now I've subjected you to it. Ha.

... then the shoe drops, this afternoon.

Yes, that's right, we're not really Anti-Sec.

We have no 0-day exploits.

We did not hack ImageShack or Blackhat-forums or Astalavista. That was the real Anti-Sec whomever they are.

It was all a big joke.

But our goal was achieved.

We caused a huge stir on We've made them look like utter fools.

Geez, some of them are like "Let's go to the authorities! Mummy and Daddy I wanna go to authorities because my hacking forum has been threatened." What a bunch of wimps. You're on a hacking website. You've gotta expect these things. It's all part of the deal.

We've proved one thing...none of you on should be there...not even Jesse Labrocca. He should spend more time with his family rather then worry about a silly little hacking forum. Or maybe spend more time on your money-making business. Silly person.


Anonymous People
Well, I guess mission accomplished - except that no one bought it. Making crazy claims and threats isn't going to get anyone's serious attention, particularly in the style that it was written and addressed in... plain and simple.

The more serious issue here is around the clash between Black Hats vs. White Hats and the issues of full disclosure and what that does to the overall security of things and the user-state. RSnake (in his podcast with Jim Manico for OWASP) one brought up the idea of Full Disclosure and how it's absolutely necessary (in the right doses) to the continuity of a reasonable level of security- and to keep companies honest.

Well... at least it was entertaining.

1 comment:

Anonymous said...


tht wasnt real antisec, read last email k?