It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Anti-sec group hacking image warehouses affecting ATSers' posts and threads

page: 2
15
<< 1    3  4 >>

log in

join
share:

posted on Jul, 10 2009 @ 10:53 PM
link   
I would have to agree with the others that said they hacked imageshack for the simple reason a lot of people use their service.

The issue they are targeting seems to be a double edged sword if the security folks don't disclose the security holes in software then we don't know if they are patching them all. If they do disclose the security holes then people can use them against unpatched systems.

Sounds like they want to hold a monopoly on being the World Wide Web mercenaries, black hats for hire.

Interesting although this could be a conspiracy in it self. What better time for a "militant" group of black hats to pop up and wage war on the software security business with a cyber security bill in congress right now.




posted on Jul, 10 2009 @ 10:54 PM
link   
It wouldn't surprise me if this group is loosely associated with Cult of the Dead Cow. From what I recall, this was at one time the ultimate hackers group.



posted on Jul, 10 2009 @ 10:57 PM
link   
reply to post by schrodingers dog
 


I suppose it's possible that they are involved, but the style feels different to me. More mature.

Doesn't Anon want freedom of information, not suppression?



posted on Jul, 10 2009 @ 11:04 PM
link   

Originally posted by Duzey
reply to post by schrodingers dog
 


Doesn't Anon want freedom of information, not suppression?


Yeah, see that's what thought ...

And then I re-read their 'mission statement'

antisec.wordpress.com...

And it doesn't quite jive with the concept of non-disclosure other than the fact that they use those two words.
In fact, other than that, it sounds very much like Anonymous.

Could 'non-disclosure' refer to them not disclosing their hacks?

[edit on 10 Jul 2009 by schrodingers dog]



posted on Jul, 10 2009 @ 11:09 PM
link   
And here's their statement regarding the imageshack hack:


Anti-sec. We're a movement dedicated to the eradication of
full-disclosure. We wanted to give everyone an image of what we're
all
about.

Full-disclosure is the disclosure of exploits publicly - anywhere.
The
security industry uses full-disclosure to profit and develop
scare-tactics to convince people into buying their firewalls,
anti-virus software, and auditing services.

Meanwhile, script kiddies copy and paste these exploits and compile
them, ready to strike any and all vulnerable servers they can get
a hold
of. If whitehats were truly about security this stuff would not be
published, not even exploits with silly edits to make them slightly
unusable.

As an added bonus, if publication wasn't enough, these exploits are
mirrored and distributed widely across the Internet with a nice
little
advertisement embedded in them for the crew or website which first
exposed the vulnerability to the public.

It's about money. While the world is difficult to change, and
money will
certainly continue to be a very important in the eyes of many, our
battle is that of the removal of full-disclosure for the purpose of
making it harder for the security industry to exploit its
consequences.

It is our goal that, through mayhem and the destruction of all
exploitive and detrimental communities, companies, and individuals,
full-disclosure will be abandoned and the security industry will be
forced to reform.

How do we plan to achieve this? Through the full and unrelenting,
unmerciful elimination of all supporters of full-disclosure
and the security industry in its present form. If you own a
security
blog, an exploit publication website or you distribute any
exploits...

"you are a target and you will be rm'd. Only a matter of time."

This isn't like before. This time everyone and everything is
getting
owned.



Signed: The Anti-sec Movement


and


If you think that we oppose your website, our advise is to pack it
up and shut it down, because we're coming for you.
- anti-sec.


seclists.org...



posted on Jul, 10 2009 @ 11:10 PM
link   
reply to post by schrodingers dog
 


It seems to have something to do with making money exposing exploits because then you are helping the evil corporations make money off the rest of us and that makes you just as bad as them because the right thing to do is take the money back from them.

In support of your theory of Anonymous:


The evidence of a true zero-day vulnerability in OpenSSH is weak, Zdrnja said. So far, analysts haven't seen a working exploit, despite worries that a group called Anti-Sec may have found a zero-day that allowed them to control a Web server. Details on the hack were posted on Full Disclosure, which is an unmoderated forum for security information.

When pressed for more details, a person claiming to be part of Anti-Sec wrote an e-mail to IDG News Service saying "I'm not allowed to actually discuss the exploit (or whether or not it exists)," which was signed "Anonymous."

Zdrnja said the same group compromised another server recently, but it appeared to be a brute-force attack against OpenSSH. A brute-force attack is where a hacker tries many combinations of authentication credentials in order to get access to a server. If an administrator is using is using simple log-ins and passwords, it makes a server more vulnerable to a brute-force attack, Zdrnja said.


www.pcworld.com...



posted on Jul, 10 2009 @ 11:12 PM
link   
The point is that "security experts" are actually usually the ones who find the problems in the OS.

They release the security hole out into the public and offer a solution to it through their software, and advertise themselves in the process for free.

Then, "script kiddies" or people who could never find these flaws at all, find out about the flaws and then apply them, and a new virus pops up.

So they are saying that security companies in many cases cause the problem in order to profit from the solution. Which I suppose is a somewhat legitimate claim.

However, something is pretty fishy about it all. The goal itself is obviously unobtainable. Rather than trying to expose these companies for the damage they cause, which could be somewhat obtainable goal, they for some odd reason pick that which is not possible.

And the "suppression of information" is also very fishy. As that is negative wording designed to turn people away from them, as this thread demonstrates. As they hit imageshack for "advertising", they would have been better off with a positive message saying they are trying to expose and give information away about these things.

As such, I hardly think it is about what they say at all. Either that, they aren't very bright on the big picture. If anyone has ever seen the movie waking life, they are like the all action, no thought guy who climbed the light pole.



posted on Jul, 10 2009 @ 11:12 PM
link   
I think this kinda summarizes them


It is time for the last stand. Our mission is to retain the right to freely think, code, and communicate. Stop helping the industry, stop publishing your 0day, start working to make a real difference. Save your arms for the time very soon in which we will need them. Have faith in your self and your God and good works will come. We need not be slaves to a master that despises us! Non-disclosure is a heroic endeavor. Be a hero.




though they have a toll free number shall we call and ask for our photos back?

Questions? Comments? Call us at 888-LOL-WHAT. Chat us up at irc.rizon.net #bantown.


[edit on 10-7-2009 by zazzafrazz]



posted on Jul, 10 2009 @ 11:22 PM
link   
Here's a pretty good summation of the situation:


Currently if someone finds out about a security exploit, it's common practice to inform the developer about it. Afterwards, you publish it to the public so that the public knows that the software is not safe, and as a way to force the developer to keep their software secure, especially since there's a good likelihood that private hacker groups already know about the exploit and are using it already.

The "Anti-sec movement" believes that exploits should not be published publicly, and should only be told to the developers of the software. The Anti-sec movement believes that publishing exploits publicly encourages their use and exacerbates the problems they cause.

imo it comes down to whether you think it's better to have a more aware public and more accountable developers, or whether it's better to suppress information about exploits in the hopes that hackers don't find out about them.


answers.yahoo.com...



posted on Jul, 10 2009 @ 11:24 PM
link   

Originally posted by Duzey


Zdrnja said the same group compromised another server recently, but it appeared to be a brute-force attack against OpenSSH. A brute-force attack is where a hacker tries many combinations of authentication credentials in order to get access to a server. If an administrator is using is using simple log-ins and passwords, it makes a server more vulnerable to a brute-force attack, Zdrnja said.


www.pcworld.com...


This is funny, because that is cracking, and that is "script kiddie" stuff. Back before I got a real job and AOL was the "internet" I use to write programs that did that. They prey on the weakest links.

I would have atleast 30 different AOL accounts for free at anyone one time.

All you do is create a database of common passwords. For all those with the password "hornyman", you might want to think of changing it(you'd be surprised how often that is someone's password).

Then with AOL, the program would just go around chat rooms, save people's name, and then you just keep trying to login to the accounts with each password. You go watch TV, come back an hour or so later with free internet access. Or in the case of SSH/servers, you would just keep a database of possible usernames, like "root" and "admin".

But that is "script kiddies" stuff. If that is how they got into imageshack, I am downright shocked. Someone at imageshack is going to be losing their job.



posted on Jul, 10 2009 @ 11:39 PM
link   
And Anti-sec shortens to... gasp... ATS!!




posted on Jul, 10 2009 @ 11:49 PM
link   
reply to post by schrodingers dog
 


So dog, are we sayng that they did or didnt hack into imageshack? Did they use someone elses hack??? confused...



posted on Jul, 11 2009 @ 12:00 AM
link   
reply to post by zazzafrazz
 


Oh that is for sure, they did hack imageshack.

And from what I can tell, they're going to keep attacking any site they see as complicit to 'full disclosure' ...

I'm getting the feeling that this may be the beginning of something rather big.

These guys seem to be well organized and they know what they are doing. And they also wouldn't take on a site the size of imageshack if they weren't prepared for some blowback. What they are championing goes against an industry that collects billions of dollars on security software. They wouldn't take that on without covering all their bases. Remember, so many of the peeps working for Symantec, McAffee, etc, are ex hackers themselves.

This has all the makings of an epic battle.



posted on Jul, 11 2009 @ 12:08 AM
link   
reply to post by schrodingers dog
 


Wow, and we discovered as always first on ATS...
The press corps should write a peice on it to release a news cache...nudges shrodog into the press room...



posted on Jul, 11 2009 @ 12:11 AM
link   
reply to post by zazzafrazz
 


Yah, what was that number again?


I'm sure the anti-sec guys will pick up and identify themselves.

But I'll try.



posted on Jul, 11 2009 @ 12:37 AM
link   
reply to post by schrodingers dog
 


epic battle? It's not a battle at all, they are just attacking innocent parties currently. If they were attacking one of the anti-virus companies, then ok maybe then a battle. But in that department, they still haven't done anything.

Now if they start actually taking down the people who are the ones profiting, rather than looking for innocent parties to attack, then we might see a "battle". Until then, they are just another group of hackers picking on the weakest links as always.

All I can say is there is a reason my server/net guy is Russian.



posted on Jul, 11 2009 @ 12:43 AM
link   
reply to post by badmedia
 


Well that is why I said it has 'the makings' of an epic battle and not 'it is' an epic battle.


That is if they follow through on their stated mission and targets.

The security industry might let one or two of these attacks go, but anything more than that, and should anti-sec's cause gain any momentum, then it will surely be a considerable scrap.

Loads of money at stake.



posted on Jul, 11 2009 @ 12:52 AM
link   
reply to post by schrodingers dog
 


Well I still question the motives behind this group. It's not adding up to me. They are playing into the hands of those security companies and doing exactly what they claim to be against, and putting an even more demand/desire on the industry.

Who do you think image shack is looking to talk to about getting things fixed?

Maybe it's from being in the military, but I never buy anyone's "official story". They may want people to think that's why they are doing it, but I'm not buying it.



posted on Jul, 11 2009 @ 03:11 AM
link   
reply to post by badmedia
 


Their actions certainly will move companies into more stringent security, perhaps they have a product they want to release, and this is their way of getting demand for it.. WHo knows perhaps their hidden agenda is money also



posted on Jul, 11 2009 @ 04:19 AM
link   
reply to post by schrodingers dog
 


Hey man let's go directly to the "sauce!" I'm sure someone at one of the chans may be able to shed light on this, hell this stinks like one of their raids, but i'm probably wrong there.

Hm, imageshack uses lighttpd 1.5.0 which is a Linux based OS, *chuckles* to easy, that OS is open sourced. Let's see them try to hack some software that is more "exclusive".

If they can convince Madonna to stop adopting african babies, then i'd be impressed.



new topics

top topics



 
15
<< 1    3  4 >>

log in

join