Lulzsec wtf?

They may sound like kids or young cubs to anyone outside the 'hacking' scene. I say 'hacking' but they are crackers. I think Kevin will know how a hacker despise a cracker. That was back then. But anyway like I said they may sound like a bunch of kids but make no mistake. Some of them got jobs as programmers, IT professionals etc etc so there's a lot experience mixed with youth in that group. A good example of it was HbGary. They didn't use out of the extra ordinary measures to get what they wanted they used the basic and simple methods of hacking. It was done in a organized and patient manner which indicates experience and a professional manner. That sort of thing you won't get from a bunch of kids. People under estimated them.

 

The HB Gary attack was spectacularly unsophisticated. Same for the SONY ones. In the past few days, they've hooked up with a few outsiders who have actual abilitities, particularly with shellcode attacks, wordpress and apache in particular. They've now moved on, leaving behind wannabe's who are far less likely to let the public know what they're up to, and that was the ultimate undoing of the lulzers. I'm guessing they pulled the plug because they know they're about to get vanned.

For those responsible for sites, now is a good time to study up and patch systems since the rest of the revolution apparently won't be televised.

 

I am tired of the chatter on forums like this. Please see our press release below.

"A member of AV Unit staff has been contacted by national and international Press regarding their investigations into a cyber hacking community.

The calls were seeking to verify whether the member of staff was part of an online group known as Lulzsec which claims hacking attempts on the CIA, Sony and more recently the UK's Serious Organised Crime Agency.

The calls were prompted by an anonymous announcement on social media sites naming the alleged members of Lulzsec. One of the identities released was that of a Chris Ellison -aka (Avunit).

AV Unit has, for over 10 years, employed a Mr Chris Ellison who currently occupies the position of Media Production Manager.

The Managing Director of AV Unit, states: “I know Mr Ellison very well and spoke to him at length about the accusation. He knows nothing of the group known as Lulzsec and has never been involved in any activities for which they claim responsibility. Why an identity which bears similarity with his own has been released in this way is a complete mystery. I can categorically state that it is not him and therefore must conclude that it is a case of mistaken identity. We have contacted Suffolk Constabulary explaining the situation we find ourselves in and offered to help in any investigation that may follow.”

Chris Ellison, said: “I have no idea how my identity has been linked with the Lulzsec group. Indeed until I was contacted by the Wall Street Journal last Thursday, I had no knowledge of their existence or their activities. I find the fact that my name is being discussed openly on Twitter in this context, to be completely unacceptable. There is no evidence to support this claim and any investigation would establish without doubt that the accusation is wrong. I resent the intrusion into my private life and the ease with which my identity can be stolen and linked to illegal activity in this way.”

 

Interesting! They also named a party who is a reporter with a newspaper in Maine (US) as allegedly being involved as well. The information was officially released by "backtracesecurity" and one of the original tweets was here:

_JBake_ RT @mach2600: So far @backtracesec lists the members of lulzsec as: Topiary (already arrested and known to Law Enforcement), Corey Barnhill -aka (Kayla)

Here's the spreadsheet that assisted in my own investigation and elimination of suspects:

http://www.scribd.com/doc/57141269/namshub

Throughout though, numerous adversaries of lulzsec condensed down the names of suspects to include Mr. Ellison throughout - and given the disinformation campaigns and rages back and forth, it would be no surprise that he's innocent. Important point to note though is that since he showed up on the various lists so frequently, he's definitely got enemies in that lot. Hopefully, the above will help him "backtrace" it to the real source.

EDIT: Adding confirmation of original source that I quoted in my articles which confirms original tweet by backtracesecurity.com:

http://www.infosecwreck.com/lulzsec-group-members-named

 

Hi there,

I don't think I have enemies within the hacking community... believe me, if you met me you would realise I have very little to do with computers.

The source of the disinformation appears to be someone called Avunitanon.

If you search twitter feeds for that name, he goads other users and laughs at them when they believe that they have discovered his true identity. He also wants the domain name avunit.com. Unfortunately, I only work for this company so even if I wanted to give it to him I couldnt!!

I am just unlucky that people have picked up on Avunitanon.... gone to avunit..... and seem to have picked me at random.

I am hoping it will all die down on messageboards like this. I have nothing to fear, because as I say if the law enforcement people contacted me, they would soon realise the mistaken identity.

I am more annoyed because my personal facebook account is included within the misinformation.

Thanks.

 

My sincere sympathies on all this. I would certainly make the effort to lodge a complaint with your local authorities since I would imagine there's some legal issue with misappropriation of your identity which could be added to the charges against this malcontent once found. But I want you to know that there's certainly no malice intended on my part. I'm not even interested in the personalities involved here. Only the hows and whys of their machinations and how we can prevent things like this from happening again so readily on a technical basis.

You certainly have cause though to register a complaint formally here.

 

This is slightly disingenuous, Kevin. You might have mentioned that it was so simple to discover their identities via Google because you simply copy-pasted m,y own list of suspects. My company has been investigating and uncovering these jerks since mid-February. Any insight you have would be fantastic, but credit where credit is due would also be nice.

 

At the time I posted that, all I had was a tweet which I quoted and subsequently came across a spreadsheet from a place called "backtracesecurity" on scribd where I didn't have a membership to be able to download it. So I googled for backtracesecurity and came up empty handed. Are you with them?

Just so you know where I got that ...

 

Ah, I misunderstood your post, then. Yes, I am with them.

 

Hi Asherah, in an IRC log on Pastebin, I came across your name.
(Indulging my curiosity); Was Nikolai's birdie, on the identity of Sabu, whistling the right tune?

 

No worries then ... I dun goofed.

Most people are interested in the personalities, as I'm sure law enforcement is perhaps. My interest was finding out how they did it and trying to advise others how to make it stop. This whole episode seems straight out of Monty Python which makes it even sadder.

 

Well, the sad thing was, we saw lulzsec coming. Anons were getting bored of DDOS and loving their "hacktivist" description. When folks like Sabu and Kayla and others from the spam/scam scene got involved, it was really worrisome. We hoped they'd get bored, but the HBGary attack got them a lot of attention and attracted even more of the type.

We saw them discussing using databases (which are usually sold to spammers or used to acquire even more data) to scrape for .mil and .gov logins as early as February. They could have wreaked much more havoc if they hadn't also gotten giddy over their new "fame." In a sense I think the attention was good for all concerned because it brought attention to the problem and kept them from continuing for two long. Imagine if they'd spent a few months working in secret?

Ironically it looks like (sources are somewhat dubious, as always) some of the early attacks were done under the gn0sis banner, but got out of hand and lulzsec was conceived as a way to both brag and give Sabu a push, because he's been trying to find a political direction for a while now. I know the Arizona address they had was pulled at random from the porn dump, but they post-politicized it.

It's not the skid party that worries me now, though- it's the politicization. Just this week I've seen a dozen new lists of police officers, politicians, seen bomb and kidnap threats. It's scary, and a long way from what "anonymous" was in 2008/9. They're teaching classes in the irc now as well.

 

I think Sabu has a pretty well-established identity, but there's always some uncertainty. I remembered some of his weird political ideas from deface lists I saw a decade ago, but other than knowing what circles he was in scene-wise, he seemed pretty quiet in recent times. Back in the day he used to write some weird essays that were part political, and also about his superior intelligence and getting back at the "man" keeping him down.

He has tried to tell me he "stole" the identity of the "real" Sabu a few times, but if someone actually did buy up a lot of old Sabu sites and chum up to Sabu's old friends, I'd be seriously worried- like, not sleeping at night worried- about why someone would do such a thing.

 

My first assignment as a cub reporter in radio back in the late 60's/early 70's was to follow the "Weather Underground" and the Panthers and try to explain to our listeners what they were about and how big a threat they posed. I guess the wild goose chases of the day are one of the reasons why I defer on today's "personalities." Those kids at least knew how to write good press releases. As much as the media whipped up fear of a bunch of kids off on their own gratification and "revolution," having had to endure interviews with them and their rhetoric got tiresome fast. I'm sure the professional spooks already know who everybody is and is merely giving them enough rope to tie up some others as well before reeling in the net.

In the greater scheme of things though, for all the hoohah over the Panthers and the bombers of "Prairie fire" as WU later became known, they were still a bunch of uncoordinated kids who were more interested in seeing their thing lit up in lights and giggling among themselves how they had become larger than life thanks to a media that fed on that.

So my own focus once again is the mechanics. I don't worry so much about the kids, I worry that what they're doing pales by comparison to what well funded, state-supported actors can do and it's not like organized attacks on systems are going to be tweeted every ten minutes. I will give "real sabu" and his friends this though ... they're certainly showing admins how they got into their systems and my own encouragement to all of this is that those responsible for facilities had BETTER be watching their little epistles. And for that, my own hat is off to YOU for helping in that regard.

The Brasilian element has been quite busy lately and faithfully documenting their various "tangos" ... but I'm still trying to figure out why ... Tunisia?