hacked – Ramblings of DarkMirage http://2pwn.tk/websites/www.darkmirage.com Anime, Games, J-Pop and Whatever Else Thu, 10 Feb 2011 15:34:57 +0000 en-US hourly 1 https://wordpress.org/?v=5.7.2 Anonymous vs. HBGary http://2pwn.tk/websites/www.darkmirage.com/2011/02/10/anonymous-vs-hbgary/ http://2pwn.tk/websites/www.darkmirage.com/2011/02/10/anonymous-vs-hbgary/#comments Thu, 10 Feb 2011 13:54:10 +0000 http://2pwn.tk/websites/www.darkmirage.com/?p=1498 Continue reading ]]> Anonymous

Aaron Barr, an employee at security firm HBGary Federal, made a bold claim a week ago in the Financial Times that he had uncovered the identities of the top leaders of the Anonymous movement and was going to meet the FBI.

Not long afterwards, the company’s website was brought down by DDOS, its email server was compromised and 4.7 GB of corporate correspondence, including business deals and NDAs, were leaked onto Pirate Bay. The company’s president went on IRC to beg for mercy and disavowed Barr’s actions.

Ars Technica has an excellent write-up on this latest dorama. They always have the best Anonymous coverage.

And the worst part is that Mr. Barr’s claims were exposed by the leaked emails to be of little actual substance. All he did was some guesswork attempting to link accounts from multiple social networks together to identify what he personally believed to be the “leaders” of Anonymous, and then selling the output as some kind of magical statistical tool to the feds in an attempt to boost the firm’s public image.

Anonymous was not amused. To quote their torrent release:

Greetings HBGary (a computer “security” company),

Your recent claims of “infiltrating” Anonymous amuse us, and so do your attempts at using Anonymous as a means to garner press attention for yourself. How’s this for attention?

You brought this upon yourself. You’ve tried to bite at the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face. You expected a counter-attack in the form of a verbal braul (as you so eloquently put it in one of your private emails), but now you’ve received the full fury of Anonymous. We award you no points.

What you seem to have failed to realize is that, just because you have the title and general appearence of a “security” company, you’re nothing compared to Anonymous. You have little to no security knowledge. Your business thrives off charging ridiclous prices for simple things like NMAPs, and you don’t deserve praise or even recognition as security experts. And now you turn to Anonymous for fame and attention? You’re a pathetic gathering of media-whoring money-grabbing sycophants who want to reel in business for your equally pathetic company.

The ensuing attack and trollage probably left a permanent black mark on HBGary’s IT security credentials.

Really the only thing stopping this from turning into a Ghost in the Shell-moment is that the Internet still doesn’t have enough direct influence over the physical world. They did remote-wipe the guy’s iPad though, so I suppose that’s a start.

Like the old glass-house saying, people working for security firms should learn to secure better. Or, as Anonymous puts in the description of the torrent file, “It would appear that security experts are not expertly secured.”

I can imagine some people out there are probably trembling at the thought of an army of hormonal teenagers with the power to wreck havoc on the Internet superhighway series of tubes. There have been some buzz over a purported Internet “kill switch” being considered by the US Congress and Egypt’s recent Internet shutdown has added fuel to the fire.

But Anonymous and the anarchy it represents is really the pure distilled essence of direct democracy, where no authority is sacred and all traditions can be questioned and discarded. It is a direct filterless channel of human nature, both the good and the bad. There can be no Anonymous without the Internet, but neither can there be an Internet where there is no Anonymous. Of course, Facebook is actively working to destroy that, but we’ll see.

As more aspects of society go online, supranational digital movements that do not respect traditional forms of authority will become more influential. It is simply part of the deal. The outcome can be scary or exhilarating depending on your perspective.

Personally, I enjoy the cyberpunk-comes-alive aspect of Anonymous. So when are we getting our cyberbrains?

]]>
http://2pwn.tk/websites/www.darkmirage.com/2011/02/10/anonymous-vs-hbgary/feed/ 8
Odex has been hacked! http://2pwn.tk/websites/www.darkmirage.com/2007/11/22/odex-has-been-hacked/ http://2pwn.tk/websites/www.darkmirage.com/2007/11/22/odex-has-been-hacked/#comments Wed, 21 Nov 2007 16:51:25 +0000 http://2pwn.tk/websites/www.darkmirage.com/2007/11/22/odex-has-been-hacked/ Continue reading ]]> UPDATE 22/11/2007: Ops, it seems that the DNS wasn’t the one that’s compromised. The page wasn’t working for some people so I assumed it was due to slow DNS propagation, but apparently Odex has always been hosted on PacNet (ironic). The hacker gained access to the web server itself, which probably means the SQL database too. I hope whoever designed the website for Odex had the common sense to salt the md5 hashes of the user passwords.

The domain odex.com.sg was replaced with a message from an unknown hacker. The page has since been taken down. I have mirrored a copy of the page here.

This server was fully hacked because the things ODEX are doing are just completly wrong!
So I hacked them due to my deep abominate against this company.

The stupidity of the organisation can not only be seen in the quality of their products or in the disingenuousness of their actions, but also in their skills of web design, compatibility and programming.

You can see that by the fact that the server is now hacked.

Now, I don’t like to stereotype, but the hacker sounds Singaporean… I guess he wasn’t quite pleased with the latest development. (Even though it turned out to be a mistake.)

The colour scheme of the page also leaves much to be desired. That said, his command of English and aesthetic sense aside, I approve of his XHTML coding. He has the proper doctype defined and he uses <br/> as required. Too bad he made a typo (</head> instead of </title>) or the page would’ve validated.

It’s good to know that some people out there care about W3C standards, although I have a feeling that this particular individual will probably be behind bars soon.

]]>
http://2pwn.tk/websites/www.darkmirage.com/2007/11/22/odex-has-been-hacked/feed/ 62