LulzSec
Группа хакеров LulzSec опять отличилась. На сей раз жертвами стали компании Infragard и Unveillance. Компании эти занимаются, скажем так, деликатными поручениями ФБР в области кибервойны. Лолхакеры сначала вломились в Infragard, украли базы и пароли. а потом начали пробовать пароли на других сайрах. Президент Unveillance Карим Хиджази злостно не соблюдал правила техники безопасности и попался. У него выкачали всю почту, отняли севера и даже поигрались с корпоративным ботнетом
Выяснилась масса интересных фактов: что ФБР сейчас ведет массовый взлом ливийских сервизов. Что ботнет Марипоза, который якобы снесли два года назад, до сих пор жив и здоров. но работает уже на интересы Америки. [UPDATE: Прочитал подробнее - вроде бы просто перехватили командные сервера и убили с них ботов] Что фирме удалось перехватить часть ботнета QakBot, специализирующегося на краже данных из корпоративных сетей. идеальный инструмента для шпионажа, если вдуматься (даже внедрять не надо, все давно проинсталлировано) Да масса всего.
Под конец лолхакеры вышли с Каримом на связь и поговорили по душам на IRC
moondog = Карим
* moondog (~moondog@CA655518.4E086B07.EE1DCA7E.IP) has joined
Hello?
hello.
hi
HEllo.
karim?
>moondog< CTCP VERSION
MOONDOG
WAKE UP LAD
Can't talk now but wanted to connect. Need to discuss. Yes it's Karim.
You guys on perpetually?
yes
before you leave
what did you want to talk to us about?
Ok
moondog ?
LimeChat for iPhone... client of kings...
* moondog_ (~moondog@85485E68.8405F5D7.EE1DCA7E.IP) has joined
Short version: need assurance you guys aren't hired by my competitors.
* moondog has quit (Ping timeout)
If we had a bank account I'd show you that we got no payments from your competitors.
If we were hired by your competitors, we'd be taking their money and taking your company down
* moondog (~moondog@DB285C25.1DC404E1.EE1DCA7E.IP) has joined
If you guys have the philosophy that you have lead me to believe then I rather shut my company down rather than let them have my data.
Just out of curiousity, which philosophy might that be kind sir
* moondog_ has quit (Ping timeout)
his iPhone seems to be really bad at connecting
It would seem you have some level of concern that this data could be used to destroy (Libya as an example) which is far more my competitors agenda. How do I know you are not taking their money?
We might destroy companies but we stick to our words. Which we can't say of most people in your branch.
it would be best not to further question the people that are giving you a chance
we talked yesterday about not fucking up the situation
we're not working with anyone you know or will ever know, that's our word and that's it
To what end is having the botnet data going to help. My understanding will help me better get an idea of how to cooperate.
we like botnets, we like data
we like crushing things; we like inside info
* Espeon shrugs
Can you help me figure out which botnets to go after? It is darts for me today. Maybe you can give me focus.
what's your status with Mariposa?
Trying to get custody of the domains. Davis still has the vast majority. Davis is now Endgames.
yes heard about Chris joining from that conference; seems a lapse in technical skill
hamster_nipple will have our exact botnet goals
Yep.
See
Understood.
Matt is really the talent behind Davis. That is why I have him. He is good.
we just want to have a better understanding of the situation, hopefully you can find a way to get connected here frequently
I will.
each of us does have a copy of a very indepth compilation of your company data, there is no copy on the cloud and everything is behind encryption
nothing can be accidentally leaked
at this point we're not using any of it to gain leverage in other places
Ok. Thank you.
Does Oakbot mean anything to you guys? We think it might be an alias to Qakbot.
you're right
Fuck. That was a wild guess!!
mainly we don't want anything specifically
see, if given the chance to eliminate or expose your competitors
we will go off on our own tangent, leverage, to acquire what we need
this is the inside info part
hi
Give us all the info you can get and we will do with it what we can. Which is usually a lot.
Hello.
Can I take a guess at who you are?
Karim
we've been expecting you to be secretly guessing since day 1
do share
808chan.
ROFL
heh, you think we're *chan insurgency?
are you serious bro
how dare you
that's funny shit
call us a fucking chan
we're beyond chans bro
:)
Then tell me.
D: /i/ all the wa.. i mean wait what
moondog
if we tell you who we are
you will shit yourself and shut the fuck up
but yes we are very well known
I like Karim
he's very comical
I'm offended he'd call us some fucking chan
I feel like leaking his shit
at least it was 808, they're not the worst
LOL
Lots of imposters out there. Extortion doesn't fit ur profile.
Not the worst, everything is said by that.
our profile hits all ends of every spectrum
moondog, what do you mean it doesn't fit our profile
anyway, chitchat aside, what's enxt
what profile are you referring to
because I feel like you're trying to social engineer us
and we're sitting on all your emails
so you're either the best social engineer on the planet
or you're highly dense
Why be hostile? Just curious.
we're not a chan
don't refer to us as a chan
we are security researchers
No worries. You're not a chan.
heh
you're testing my patience
Don't think you have to tell us we're not a chan. We're quite fine at knowing that ourselves.
well judging from the acute details of moondog's observations, let's just assume he's saved and reviewed what we've said to him and assigned a trusted individual to monitor for correlations in cyberspace
anyway
sounds like typical whitehat search-and-fail
absolutely
anyway, 808chan, time to check it out
maybe they've said something that looks like something we said?
google 808chan and the word nipples
maybe he googled it and got a result
and correlated both
I love whitehats.
anyway karim
we werent paid by your competitors
:x maybe he used Maltego and reverse grammar/word engines to find our Bebo nude pictures
we straight up owned you and your company on our own
because it is what we do
we target whitehat security firms
now
lets move forward
do you agree with this?
fun and games fun and games, but I'm bored, let's talk business
Sure. Why is it called Oakbot?
we don't give a fuck why its called oakbot
when do we get access to the linode account again
why am I called Espeon, I prefer Digimon?
I want to hop on those vms and monitor your bots
It was coded using a mobo that was made using an oaken hammer. Names do not have to mean anything or be interesting in any way.
and its not even oakbot
its qakbot
Agreed.
you're playing with us karim?
I've seen some Oakbot and some Qakbot, probably someone dicking around
Just seeing what is worth chasing. You spoke of partnership. Testing the waters.
stop fucking around
thats it
you don't need to test the waters
WITH SOMEONE WHO HAS OBVIOUSLY OWNED YOU
keep that in mind mate
So, we were talking business.
Now lets not talk about why it's called business and not bread.
knobbles talk to him. I'm not in the mood for games
see wtf he wants
So mate, we need all info we can get for the.. speciality... for your competition, agreed?
knobbles, do you have the clip of his conference we hijacked?
is it edited and ready to release?
send him a link to the fun let him listen in on his internal communication with partners
no link
maybe that'll wake him up
not ready
<-- that's me dude
hai
How did I offend?
"Testing the waters"
you don't need to test the waters
I got that one too espeon.
when we're here wasting our time trying to help your ass out
we told you we are willing to work with you on a relationship
I'll get an edited version that cuts out the 3 minutes those morons decided it would be a great idea to disconnect and reconnect
ROFL
HEY GUYS THE OPERATOR SAID JUST TO LEAVE AND COME BACK
OK
*everyone leaves conference*
Fair enough. That was Deloitte not me.
I did lol tho.
yeah
I laughed my balls off
ok moondog
so are we going to build a relationship with each other
You know they never called me since.
or are you going to keep playing games?
and sit on google googling our nicks hoping to correlate a link
* Espeon stretches from boredom
maybe we should just fuck Endgames and say it was Karim's fault
Trying to move toward that and away from the threats. Doesnt help anyone.
LOL
Sorry but I am in fact bothered by the bullshit. We are not a chitchat club
if we root endgames.us and link to karim
that'll be lol
Can we get down to business
ok karim no more threats. and no more games from you. thanks.
speed rooting Karim's affiliates? sounds like a fun time
Done.
threats over though, okay
all jelly and ice cream and bots and 0day from now on
Sure.
so how do we help each other starting from today. karim?
Help me choose to what to go after hamster_nipple.
regarding what? botnet wise?
I am sure I will piss off others in this business. Yes. Botnets. I want your protection from others coming to get at the firm and me. Can you do that?
are you implying that this protection is destroying said "others"
or warding them off with fiery sticks?
we cannot make magical internets barriers
we can ruin something.
because you can knife a bear or point sticks at it until it goes away
Ill give you examples
you are working towards a contract
a competitor comes out the left field and takes your shine
or is going after the same contract
tell us who they are
tell us any details involved in the situation
researcher names, emails, numbers if you know any
if there are servers involved or accounts let us know any logins you may have or anything that will help our research
we'll own them
What about other botnet masters?
we can go after them too
we just need to know where they're running their c&Cs or sinkholes
They are more likely to attack me.
Ok
you just got to give us enough info to work with
Understood.
More info + more detailed info = better/faster
we're a well talented well rounded group and the best thing is we work great together. so far our success rates have been decent
what are we getting in return?
Any group that of limits in the botnet world that I should leave alone?
Information that we get.
Insider to us that we don't try to sell.
want money for kills; we destroy then you pay
moondog, we hold no affiliations with any other groups
so by all means takeover the botnet of whoever the fuck
Ok
I can't ask you to get someone and stay a "legit" firm. Agreed?
what do you mean
are you saying you're scared of turning greyhat?
lol
35 years old? time to mix it up
theres no so things as whitehats you guys are as corrupt as we are
the only difference is we admit it
Can't operate in the world I am in that way.
whitehats are just blackhats that have board meetings with lengthy rhetoric
and you get paid for it
Lol. Agreed.
moondog, I understand where you are coming from
More to the point; if you're scared of feds on yoru doorstep: dont be.
but the same way you have a relationship with matt who takes over botnets for you
consider us a relationship who own shit
I never said I don't agree with most of what you believe about the industry.
immoral, sure, if this gets out it'll be the story of a company hiring a hit squad to hack competitors
that's why it won't get out
moondog, do you have access to lexusnexus or similar information portals?
Yes. I consider this a unique core competency. No I don't but may get it soon if I get some money.
I suggest you work to getting access it
as we want to share it with you
to*
do you have access to anything interesting that we don't already know about? any governement portal/info searches
anything that we can use
inside FBI alerts
want them
if applicable :)
lol @ espeon I see what you did there
They are all over me as of late. Think Paul freaked when it wasn't him logging in.
they aren't all over you like that trust me
That CSFI is odd.
They took my data and ran.
really?
should we target them/ ;)
?
Well it was a bit odd. And I don't know their intent. I it was what you referred to, I regret giving them data.
I = If
what data did you give them specifically?
Seriously. That is not my game.
it was regarding the libyan project correct?
espeon/knobbles: I suspect they are doing something very funky regarding libya
id like to get my hands on that tbh
moondog: what data did you give them? botnet stats regarding libyan bots that are infected?
or?
Compromised hosts in Libya.
figured as much
they're probably looking for libyan hosts that are infected that are probably high profile
for use in penetrating libyan space
Yep.
karim
why would you do something like that ... knowing their intentions?
did you feel you had to in order to continue doing business?
honest question
I didn't know the intent and was in marketing mode. I am truly starving guys.
I understand man
thats why we're trying to help you
but wow thats pretty fucked up @ csfi
Be home shortly. Want to continue though.
ok lets continue this convo
we have a lot to learn from each other
Ok. Peace Hamster. Not yanking your chain man. Seriously. Bye for now.
;) bye bye business man
ok we'll be here. hurry back :)
cya soon man Утекшие данные можно скачать с торрента: http://thepiratebay.org/torrent/6446763/Fuck_FBI_FridayA_a__A__%28FFF%29 Если снесут, скажите - я куда-нибудь перезалью
UPDATE: Второй пресс релиз от LulzSec - стебутся над беднягой Каримом
Перехваченый телефонный звонок
Проект Ливийский Кибер-рассвет
UPDATE2: Если верить Кариму, то лулзсеки поначалу требовали отката деньгами и информацией по ботнетам. Сами они утверждают, что это была проверка на честность. Детский сад, елы-палы.
PS В дампе обнаружилась интересная рассылка: Cyber Defense Weekly, где обсуждается американская политика в области киберпанка.
Небольшой список компаний, работающих в области киберразведки
DreamWidth = {originalUrl: http://malaya-zemlya.dreamwidth.org/14335.html; commentCount:
; function addComment(); }