Antisec Movement: Difference between revisions
No edit summary |
No edit summary |
||
Line 70: | Line 70: | ||
The mid scene:<br /> |
The mid scene:<br /> |
||
Most of the original people who started the Anti-Security movement have grown tired of it all and left the scene. New groups start to emerge.<br /><br /> |
Most of the original people who started the Anti-Security movement have grown tired of it all and left the scene. New groups start to emerge.<br /><br /> |
||
boobys - Not as large as some of the other groups doing "Anti Security" activities but did their share.<br /> |
|||
Targets included: rosielloe, rave, rosec, netric, kajun<br /> |
|||
A mirror of boobys can be found at: http://web.archive.org/web/20040922204311/http://boobys.org/ <br /><br /> |
|||
h0no - Much like the previous generations ~el8 this group started out by taking action against/humiliating independent security researchers / groups on IRC.<br /> |
h0no - Much like the previous generations ~el8 this group started out by taking action against/humiliating independent security researchers / groups on IRC.<br /> |
Revision as of 03:51, 15 July 2009
The Anti Security Movement (also written as "antisec" and "anti-sec") Is a movement against the computer security industry to stop the publication of information relating to but not limited to:
Vulnerability Information, Exploits, Exploitation Techniques, Hacking "Tools", and any public outlet of this information. Sites such as http://securityfocus.com http://securiteam.com
http://packetstormsecurity.com http://milw0rm.com. Mailing lists such as "Vuln-Dev", "Full-Disclosure", "Vendor-Sec", "Bugtraq", As well as forums, IRC channels etc.
The original index from anti.security.is explains it best:
The purpose of this movement is to encourage a new policy of anti-disclosure among the
computer and network security communities. The goal is not to ultimately discourage
the publication of all security-related news and developments, but rather, to stop
the disclosure of all unknown or non-public exploits and vulnerabilities. In essence,
this would put a stop to the publication of all private materials that could allow script kiddies
from compromising systems via unknown methods.
The open-source movement has been an invaluable tool in the computer world, and we are all indebted to it.
Open-source is a wonderful concept which should and will exist forever, as educational, scientific, and end-user
software should be free and available to everybody.
Exploits, on the other hand, do not fall into this broad category. Just like munitions, which span from cryptographic
algorithms to hand guns to missiles, and may not be spread without the control of export restrictions, exploits should
not be released to a mass public of millions of Internet users. A digital holocaust occurs each time an exploit appears
on Bugtraq, and kids across the world download it and target unprepared system administrators. Quite frankly, the integrity
of systems world wide will be ensured to a much greater extent when exploits are kept private, and not published.
A common misconception is that if groups or individuals keep exploits and security secrets to themselves, they will become the
dominators of the "illegal scene", as countless insecure systems will be solely at their mercy. This is far from the truth.
Forums for information trade, such as Bugtraq, Packetstorm, www.hack.co.za, and vuln-dev have done much more to harm the underground
and net than they have done to help them.
What casual browsers of these sites and mailing lists fail to realize is that some of the more prominent groups do not publish their
findings immediately, but only as a last resort in the case that their code is leaked or has become obsolete. This is why production dates
in header files often precede release dates by a matter of months or even years.
Another false conclusion by the same manner is that if these groups haven't released anything in a matter of months, it must be because
they haven't found anything new. The regular reader must be made aware of these things.
We are not trying to discourage exploit development or source auditing. We are merely trying to stop the results of these efforts from seeing
the light. Please join us if you would like to see a stop to the commercialization, media, and general abuse of infosec.
Thank you.
For more information on the beginning of Anti-Security you can refer to:
http://web.archive.org/web/20010301215117/http://anti.security.is/
http://whitehate.org/backup/antisec.roots/antisec.txt
http://whitehate.org/backup/antisec.roots/ats-policy.txt
http://whitehate.org/backup/antisec.roots/jj.txt
History
The early scene (where it started):
The earliest "Anti-Security" rings started in late 1999 and 2000. Below is a list of groups / sites that started the antisecurity movement.
http://anti.security.is - popular forum back in 2001 discussing security vs antisecurity. The motto used by most "Anti-Security" cells comes from this sites index page.
~el8 - One of the first anti-security hacktivist groups. This group waged war on the security industry with their popular "pr0j3kt m4yh3m". pr0j3kt m4yh3m was announced in ~el8-2.txt.
The idea was to eliminate all public outlets of security news/exploits. Some of ~el8's more notable targets included Theo de Raadt, K2, Mixter, Ryan Russel (blue boar), Chris McNab (so1o),
jobe, rloxley, pm, aempirei, broncbuster, lcamtuf, cvs.openbsd.org.
The group had four electronic magazines that can be found here: http://whitehate.org/backup/oldschool/~el8/
http://www.wired.com/culture/lifestyle/news/2002/08/54400
http://phrack.efnet.ru / pHC - "proud supporters of pr0j3kt m4yh3m" This group as well waged war on the security industry and updated their site with news/missions/hacks for their cause.
popular targets of pHC included: loki (eric hines / alyssa knight), Ryan Russel (blue boar), 0dd mailing list, thebob, Mixter, tsao, and many irc channels as well (#freebsd).
http://whitehate.org/backup/oldschool/phc/ - for a mirror of pHC texts.
GOBBLES - This group of people mocked the security industry by releasing exploits thought to be unexploitable (openssh/shutuptheo) and (apache/apache-scalp.c) among many others.
the group also publicly criticized people such as Theo de Raadt and rave.
http://www.securityfocus.com/news/493
http://whitehate.org/backup/oldschool/GOBBLES/ - for a mirror of GOBBLES POSTS/Exploits/Texts.
The mid scene:
Most of the original people who started the Anti-Security movement have grown tired of it all and left the scene. New groups start to emerge.
boobys - Not as large as some of the other groups doing "Anti Security" activities but did their share.
Targets included: rosielloe, rave, rosec, netric, kajun
A mirror of boobys can be found at: http://web.archive.org/web/20040922204311/http://boobys.org/
h0no - Much like the previous generations ~el8 this group started out by taking action against/humiliating independent security researchers / groups on IRC.
The group release three electronic magazines with hack logs "exposing" and "rm'ing" security related indivduals in the IRC scene and later the main/major security scene.
Some of the groups more notable targets were: dvdman (john hale), tal0n (jeremey brown), morning_wood, core-security, sabre-security, hardened-php/lorian, kf, gotfault.
a complete mirror of the groups texts can be found at: http://whitehate.org/backup/newschool/h0no/
dikline - This group kept a website (http://dikline.org) which had an index of sites/people attacked by the group of submitted to the group.
some of this groups more notable targets were: rave, rosiello, unl0ck, nocturnal, r0t0r, silent, gotfault, skew/tal0n.
a archive of dikline texts can be found at: http://craplandia.org/~n3w7yp3/zfb/dikline/d1k/
zf0 / zero for 0wned - This group came into play at the end of the mid scene. Starting out by publishing hack logs of hacker forums and working their way up to security "professionals" / groups.
Notable targets include: robert lemos, cult deadcow, whitedust, anonymous, g00ns, illmob, comodo.
a mirror of this groups texts can be found at: http://whitehate.org/backup/newschool/zf0/
The late scene and semi-current scene:
08/08/2008 - Mails are sent to the Full-Disclosure mailing list from a person/group known as "giest". The group sends tar.gz files containing popular security researcher Petko D. Petkov's personal
emails from his gmail account, it is over a GB of data. The group also posted hack logs of "Tom Ferris" also known as "badpack3t" who runs the site "http://security-protocols.com". The group then
attacks researcher Alan Shimel who runs the site/company stillsecure.com by replacing the site with porn and sending emails containing gay porn to the members of the little league baseball team he coached.
also attacked was mwcollect.org in which the group released a tar.gz containing lists of honeypot networks.
http://www.theregister.co.uk/2008/08/13/security_researchers_targeted/
A copy of the text file can be found here: http://archives.neohapsis.com/archives/fulldisclosure/2008-08/att-0139/geist01-aa
06/28/2009 Kevin Mitnicks website is targetted by anonymous hackers displaying gay porn with text "all a board the mantrain".
http://www.theregister.co.uk/2009/06/29/mitnick_website_targeted/
Mid 2009 (June/July) A group calling them "AntiSec Group" starts off where previous groups have seemed to leave off by attacking groups such as Astalavista, Nowayout/Glafkos, SSANZ and imageshack.
The group claims to have hacked into the security firm eeye and immunitysec and leaked source code to the retina vulnerability scanner along with CANVAS. No proof has been confirmed of these allegations though.
The attack on imageshack.us replaces images on the server with a image of the original anti.security.is motto.
Most of this groups texts can be found at: http://romeo.copyandpaste.info/