Saturday, June 25, 2011

Who's Who in the AntiSec Movement

The following is a summary of known entities in the Anti-Security movement as of 1800 Pacific 25 June 2011. I'll be maintaining it with updates on a regular basis and invite readers to add to this information through the comments section or via email. My contact information and public key is available here. This page will load slowly due to the Silobreaker.com screenshots so please be patient.

You can check for the latest announcements of compromised data by AntiSec hackers in the ZeroPaid feed along the sidebar of his blog.

Latest update:  1418Z 01JUL2011




Anonymous
Description: A loose collective ("hive") of activist hackers or "hacktivists" that self-identify as a political movement for change [4]
Website: http://anonops.blogspot.com/
Twitter: @anonops
Leadership: the organization claims to have no specific leader however it utilizes spokespersons and IRC moderators that assume the role by default.
Associates:
Barrett Brown - former spokesman who left Anonymous to form Project PM [6]
Anony_ops (@anon_central) - current spokesman
Ryan Cleary (aka "Ryan"): left Anon to form LulzSec [6]; responsible for exposing data from Anonymous IRC channel [7]; publicly identified later as Ryan Cleary by other Anonymous members in retaliation, then arrested by Scotland Yard for attacking the SOCA website [8]
Owen: identified as one of Anon's leaders by Ryan
Kayla: former Anon member, split to form LulzSec with OpSony [5]
Sabu: identified as one of Anon's leaders by by Th3J35t3r [3]; left Anonymous to form LulzSec
Topiary: Left Anonymous to form LulzSec
Affiliates:
AnonItaly: Twitter @anonitaly
AnonAustria: Twitter @anonaustria
RedHack Team (Turkey): Twitter @r3dh4ck
PirateBoat "Your Anon News": Twitter: @BrazilAnonymous
IRC: irc.anonops.li
LocalLeaks: Blog, Repository
HackerLeaks: Blog, Repository

AnonymousIRC
Description: LulzSec merged back with Anonymous on 25 June 2011. Since then, AnonymousIRC (@AnonymousIRC) has become the voice of the AntiSec movement.
Affiliates
Facebook: Operation Payback



LulzSec
Description: LulzSec was formed by at least 4 ex-Anonymous members who preferred a more aggressive posture than membership in Anonymous offered them. They created a splinter group called LulzSec after the success and media attention garnered by their HB Gary Federal and HB Gary attacks. LulzSec head Sabu announced that LulzSec has ended "its cruise" today 25 June 2011 via Pastebin.
Website: http://lulzsecurity.com/
IRC: http://irc.lc/anonops/antisec/LulzLizard[@@@]
Twitter: @LulzSec
Members:
Sabu: Identified as LulzSec leader by Th3J35t3r [3]; Twitter: The Real Sabu (@AnonymouSabu)
Ryan: See above
Kayla: See above
Topiary: See above (Twitter: @atopiary)
m_nerva: a former member of LulzSec, m_nerva leaked LulzSec's chat logs and in retaliation, LulzSec released m_nerva's identity.

Affiliates
LulzSec Scotland (Twitter: @LulzSecScotland)
LulzSec Brazil (Twitter: @LulzSecBrazil, @LulzSec_br)
LulzSec Italy (Twitter: @LulzSecItaly)
The Lulz Raft - Canada (Twitter: @LulzRaft)



The Jester (aka th3j35t3r)
Description: Jester (th3j35t3r) is a self-defined grey-hat "hacktivist for good" who has been hacking LulzSec IRC channel servers and posting the information to PasteBin. Additional background is available at his Wikipedia entry. He maintains a blog and is believed to be part of Team Web Ninjas".
Twitter: @th3j35t3r



TeaMp0isoN
Description: Team Poison is a Muslim hacker crew with 3 members. They have taken credit for releasing former Prime Minister Tony Blair's personal contact list online as well as publishing the membership list of the English Defense League in December 2010. [1] . They have been attacking LulzSec as script kiddies and not true hackers.
Twitter: @TeaMp0isoN_
Members:
TriCk (aka SayWhat?): TriCk is a teen college student living at home in the U.K who claims to have started hacking when he was 11 years old. [1]
iN^SaNe
Luit [13]
Hex00010 [13]


NOTE: hann claims that m_nerva was also a member of TeaMp0isoN however this earlier article which contains an interview with a different TeaMp0isoN hacker (TriCk) intimates that they were part of LulzSec [1]



Warv0x (AKA Kaihoe)
Description: A hacker who, like Team Pois0n, opposes LulzSec as script kiddies and is seeking to demonstrate his superiority by attacking former LulzSec targets like PBS in a more advanced way.[9] Unlike Team Pois0n, he doesn't claim any religious or political affiliations. Warv0x (Kaihoe) appears to be a new alias with no history before 2011.


Operation Anti-Security
Description: Operation Anti-Security was jointly launched by Anonymous and LulzSec on 19 June 2011 with the directive to attack government agencies and leak classified documents [11].
Twitter hash: #antisec
Independent Affiliates
ub3rleet5 (Twitter: @ub3rl33ts)
Phsy (members include @stramble)
List of attacked organizations as of 25 Jun 2011:
Columbian Black Eagles Special Police Unit
Arizona Dept of Public Safety
U.K Serious Organized Crime Agency
Brazil.gov.br
Presidencia.gov.br
Tunisia.gov.tn (27 Jun 2011)
agcom.it (28 Jun 2011)

AntiSecPro Security Team
Description: After LulzSec announced the end of its operations on 25 June 2011 and its merge with Anonops, Anonops announced the formation of AntiSecPro Security Team via their IRC channel. According to their 26 Jun 2011 release, the team is not currently active but is in a slow growth phase and includes a school for new hackers. The leaders have stressed the need for secrecy in the new group, making it a top priority:
"It is very important that any member of this team to not offer or expose any type of information that may identify themselves. It is also strictly prohibited to ask for any information about an individual which at minimum includes, name, location, picture and gender rather it be to the individual personally or via another source. It is your responsibility to protect this information, also to report to one of the founders so measures can be addressed."
Server: irc.anonops.li
Channel: #antisecpro
School for new hackers: http://lolhackers.com/school/
Attacks:
28 June 2011

1. Zimbabwean government dumps
2. Mosman Municipal Council (mosman.nsw.gov.au) dump
3. Universal Music Group Partners dump 1 & 2 containing umusic.com's user:passwords
4. Viacom dump containing internal mapping of Viacom and its servers
5. Assorted Brazillian Government dumps and passwords







References:
[1] "Inside the secret world of the geeks with the power to unleash anarchy", The Independent 25 June 2011: http://www.independent.co.uk/news/uk/crime/inside-the-secret-world-of-the-geeks-with-the-power-to-unleash-anarchy-2302562.html
[2] "UK Serious Organised Crime agency website down after LulzSec Ddos attack": The Hacker News 20 June 2011: http://www.thehackernews.com/2011/06/uk-serious-organised-crime-agency.html
[3] "Th3J35t3r (The Jester) claim to expose identities of LulzSec Leader "Sabu"": The Hacker News 24 June 2011: http://www.thehackernews.com/2011/06/th3j35t3r-jester-claim-to-expose.html
[4] "Interview with Anonymous( Anony_ops OR Anon_Central)": Hacker News 18 June 2011: http://www.thehackernews.com/2011/06/interview-with-anonymous-anonyops-or.html
[5] "Hackers claim rogue Anonymous faction behind PSN attack" Electronista.com; 5 Jun 2011:
http://www.electronista.com/articles/11/05/06/splinter.from.anonymous.said.at.fault.for.psn.hack/#ixzz1QJDqKaZh
[6] "Anonymous "Spokesman" Quits, Forms Splinter Group": HITB.com; 17 May 2011: https://news.hitb.org/node/41304
[7] "The hackers hacked: main Anonymous IRC servers invaded". ArsTechnica.com: 17 May 2011 http://arstechnica.com/tech-policy/news/2011/05/the-hackers-hacked-main-anonymous-irc-servers-seized.ars
[8] "Teenager Ryan Cleary charged with attacking website of UK law enforcement agency" The Telegraph 22 June 2011: http://www.telegraph.co.uk/technology/8592487/Teenager-Ryan-Cleary-charged-with-attacking-website-of-UK-law-enforcement-agency.html
[9] "PBS and WriterSpace hacked again by WarV0x". The Hacker News 24 June 2011: http://www.thehackernews.com/2011/06/pbs-public-broadcasting-service.html
[10] "Inside LulzSec: Chatroom logs shine a light on the secretive hackers", The Guardian, 24 June 2011: http://www.guardian.co.uk/technology/2011/jun/24/inside-lulzsec-chatroom-logs-hackers?intcmp=239
[11] "Operation Anti-Security" Pastebin.com 19 Jun 2011: http://pastebin.com/9KyA0E5v
[12] TeaMp0isoN June 2010 defacement lists members: http://zone-h.org/mirror/id/11005813

2 comments:

  1. AntiSec was not launched by lulzsec && Anonymous. AntiSec has been around for a long, long, long time. (I think 1999?)

    ReplyDelete
  2. I'm glad someone is working to provide this basic reference information about the various groups, individuals, etc. and how they relate to one another. It has been difficult to follow the story and keep all the players straight. I've been surprised that no one else seems to be doing this work.

    Though it would be good to create some network graphs of relationships, I'm not sure about the value added from the SiloBreaker graphs. SiloBreaker is a great tool that aids in initial discovery of relationships. But the use of the graphs in this case does not really add to our understanding of the particular relationships that your lay out in the text of the post. I'm wondering if there's another tool that might work better for that? Perhaps a VUE graph (vue.tufts.edu) powered by a spreadsheet? Just a thought.

    - Sean

    ReplyDelete