Jump to content

Antisec Movement: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
m Reverted edits by Whiteh8 to last revision by Marek69 (HG)
Whiteh8 (talk | contribs)
Undid revision 302164731 by Alansohn (talk)
Tag: references removed
Line 1: Line 1:
[[File:Anti-sec manifesto.png|thumb|250px|The Anti-sec movement's manifesto which had replaced a number of pictures hosted by ImageShack.]]
[[File:Anti-sec manifesto.png|thumb|250px|The Anti-sec movement's manifesto which had replaced a number of pictures hosted by ImageShack.]]
'''The Anti Security Movement''' (also written as "antisec" and "anti-sec") Is a movement against the computer security industry to stop the publication of information relating to but not limited to:<br />
'''The Anti Security Movement''' (also written as "antisec" and "anti-sec") is an ongoing trend in computer [[hacker]] culture. Followers of the movement have dubbed it to be dedicated to the elimination of [[full disclosure]] from the security industry.<ref>{{Cite web| url=http://romeo.copyandpaste.info/txt/movement.txt| title=movement.txt| accessdate=July 3 2009| publisher=unknown}}</ref> The movement was pioneered by efforts to create a project known as pr0j3ct m4yh3m, a chaotic project of many followers participating in attacking networks, websites, and individuals related to full disclosure and the general security community.
Vulnerability Information, Exploits, Exploitation Techniques, Hacking "Tools", and any public outlet of this information. Sites such as http://securityfocus.com http://securiteam.com<br /> http://packetstormsecurity.com http://milw0rm.com. Mailing lists such as "Vuln-Dev", "Full-Disclosure", "Vendor-Sec", "Bugtraq", As well as forums, IRC channels etc.<br />
The original index from anti.security.is explains it best:
<blockquote>
The purpose of this movement is to encourage a new policy of anti-disclosure among the<br />
computer and network security communities. The goal is not to ultimately discourage<br />
the publication of all security-related news and developments, but rather, to stop<br />
the disclosure of all unknown or non-public exploits and vulnerabilities. In essence, <br />
this would put a stop to the publication of all private materials that could allow script kiddies<br />
from compromising systems via unknown methods.<br /><br />

The open-source movement has been an invaluable tool in the computer world, and we are all indebted to it.<br />
Open-source is a wonderful concept which should and will exist forever, as educational, scientific, and end-user<br />
software should be free and available to everybody.<br /><br />

Exploits, on the other hand, do not fall into this broad category. Just like munitions, which span from cryptographic <br />
algorithms to hand guns to missiles, and may not be spread without the control of export restrictions, exploits should<br />
not be released to a mass public of millions of Internet users. A digital holocaust occurs each time an exploit appears<br />
on Bugtraq, and kids across the world download it and target unprepared system administrators. Quite frankly, the integrity <br />
of systems world wide will be ensured to a much greater extent when exploits are kept private, and not published.<br /><br />

A common misconception is that if groups or individuals keep exploits and security secrets to themselves, they will become the<br />
dominators of the "illegal scene", as countless insecure systems will be solely at their mercy. This is far from the truth. <br />
Forums for information trade, such as Bugtraq, Packetstorm, www.hack.co.za, and vuln-dev have done much more to harm the underground<br />
and net than they have done to help them.<br /><br />

What casual browsers of these sites and mailing lists fail to realize is that some of the more prominent groups do not publish their<br />
findings immediately, but only as a last resort in the case that their code is leaked or has become obsolete. This is why production dates<br />
in header files often precede release dates by a matter of months or even years.<br /><br />

Another false conclusion by the same manner is that if these groups haven't released anything in a matter of months, it must be because<br />
they haven't found anything new. The regular reader must be made aware of these things.<br /><br />

We are not trying to discourage exploit development or source auditing. We are merely trying to stop the results of these efforts from seeing<br />
the light. Please join us if you would like to see a stop to the commercialization, media, and general abuse of infosec.<br /><br />

Thank you.<br /><br />
</blockquote>

For more information on the beginning of Anti-Security you can refer to:<br />
http://web.archive.org/web/20010301215117/http://anti.security.is/<br />
http://whitehate.org/backup/antisec.roots/antisec.txt<br />
http://whitehate.org/backup/antisec.roots/ats-policy.txt<br />
http://whitehate.org/backup/antisec.roots/jj.txt<br /><br />


In late 2001 the movement lost general interest and participation, but in late [[2008]] and a majority of [[2009]] the movement sparked interest and was covered by many tech and social media websites such as [[Digg]][http://digg.com/tech_news/ImageShack_Hacked_by_Anti_sec_Movement] and [[reddit]][http://www.reddit.com/r/technology/comments/8q0zt/astalavistacom_hacked_including_details/] due to the attacks against the security community Astalavista<ref>{{Cite web| url=http://kotrotsos.com/2009/astalavista-hacked-and-torn-apart| title=Astalavista Hacked and Torn apart| accessdate=July 7 2009| publisher=Kotrotsos}}</ref>, network security analyst Glafkos Charalambous<ref>{{Cite web| url=http://www.flyninja.net/?p=882| title=So called 'Security Expert' reaps Anti-sec m4yh3m| publisher=Flyninja}}</ref>, and popular image-hosting website [[ImageShack]]<ref>{{Cite web| url=http://www.theregister.co.uk/2009/07/13/imageshack_hack/| title=ImageShack hacked in oddball security protest| publisher=The Register}}</ref><ref>{{Cite web| url=http://blogs.zdnet.com/security/?p=3725| title=ImageShack hacked by anti-full disclosure movement| publisher=ZDNet}}</ref>.


==History==
==History==
The early scene (where it started):<br /><br />

The earliest "Anti-Security" rings started in late 1999 and 2000. Below is a list of groups / sites that started the antisecurity movement.<br />
http://anti.security.is - popular forum back in 2001 discussing security vs antisecurity. The motto used by most "Anti-Security" cells comes from this sites index page.<br /><br />

~el8 - One of the first anti-security hacktivist groups. This group waged war on the security industry with their popular "pr0j3kt m4yh3m". pr0j3kt m4yh3m was announced in ~el8-2.txt.<br />
The idea was to eliminate all public outlets of security news/exploits. Some of ~el8's more notable targets included Theo de Raadt, K2, Mixter, Ryan Russel (blue boar), Chris McNab (so1o), <br />
jobe, rloxley, pm, aempirei, broncbuster, lcamtuf, cvs.openbsd.org.<br />
The group had four electronic magazines that can be found here: http://whitehate.org/backup/oldschool/~el8/<br />
http://www.wired.com/culture/lifestyle/news/2002/08/54400<br /><br />

http://phrack.efnet.ru / pHC - "proud supporters of pr0j3kt m4yh3m" This group as well waged war on the security industry and updated their site with news/missions/hacks for their cause.<br />
popular targets of pHC included: loki (eric hines / alyssa knight), Ryan Russel (blue boar), 0dd mailing list, thebob, Mixter, tsao, and many irc channels as well (#freebsd).<br />
http://whitehate.org/backup/oldschool/phc/ - for a mirror of pHC texts.<br /><br />

GOBBLES - This group of people mocked the security industry by releasing exploits thought to be unexploitable (openssh/shutuptheo) and (apache/apache-scalp.c) among many others.<br />
the group also publicly criticized people such as Theo de Raadt and rave.<br />
http://www.securityfocus.com/news/493<br />
http://whitehate.org/backup/oldschool/GOBBLES/ - for a mirror of GOBBLES POSTS/Exploits/Texts.<br /><br /><br />


The mid scene:<br />
Most of the original people who started the Anti-Security movement have grown tired of it all and left the scene. New groups start to emerge.<br /><br />


boobys - Not as large as some of the other groups doing "Anti Security" activities but did their share.<br />
The anti-sec movement originated in late [[1999]] and early [[2000]] when prominent and highly-recognized hacking groups such as ''~el8''<ref>http://web.textfiles.com/ezines/EL8/el8.3.txt</ref> and ''dikline''<ref>http://romeo.copyandpaste.info/dikline/</ref> began publishing [[zines]] which detailed hatred toward the security industry. The documents implied that the [[full disclosure]] of exploit code for [[software vulnerabilities]] sacrificed the security of unsuspecting network administrators, companies, organizations and individuals for marketing opportunities.
Targets included: rosielloe, rave, rosec, netric, kajun<br />
A mirror of boobys can be found at: http://web.archive.org/web/20040922204311/http://boobys.org/ <br /><br />


h0no - Much like the previous generations ~el8 this group started out by taking action against/humiliating independent security researchers / groups on IRC.<br />
Recently, the movement has sparked a large interest in the general tech community. In June 2009, Astalavista and a former administrator of Astalavista named "nowayout" were attacked and exposed publicly<ref>{{Cite web| url=http://kotrotsos.com/2009/astalavista-hacked-and-torn-apart| title=Astalavista Hacked and Torn apart| accessdate=July 7 2009| publisher=Kotrotsos}}</ref><ref>{{Cite web| url=http://www.flyninja.net/?p=882| title=So called 'Security Expert' reaps Anti-sec m4yh3m| publisher=Flyninja}}</ref>, reaching a large audience. In July later that year, the popular image host [[ImageShack]] had all of its images replaced with a "manifesto" of the movement.
The group release three electronic magazines with hack logs "exposing" and "rm'ing" security related indivduals in the IRC scene and later the main/major security scene. <br />
Some of the groups more notable targets were: dvdman (john hale), tal0n (jeremey brown), morning_wood, core-security, sabre-security, hardened-php/lorian, kf, gotfault.<br />
a complete mirror of the groups texts can be found at: http://whitehate.org/backup/newschool/h0no/<br /><br />


dikline - This group kept a website (http://dikline.org) which had an index of sites/people attacked by the group of submitted to the group.<br />
Other less popular attacks include an attack against an auditing firm named SSANZ in July 2009, an early 2009 leak of the source code of Immunity Security's Canvas and SILICA products on various IRC networks, and the publication of the confidential and highly protected source code of [[eEye Digital Security]]'s flagship vulnerability scanner software [[Retina]].
some of this groups more notable targets were: rave, rosiello, unl0ck, nocturnal, r0t0r, silent, gotfault, skew/tal0n.<br />
a archive of dikline texts can be found at: http://craplandia.org/~n3w7yp3/zfb/dikline/d1k/<br /><br />


zf0 / zero for 0wned - This group came into play at the end of the mid scene. Starting out by publishing hack logs of hacker forums and working their way up to security "professionals" / groups. <br />
Most modern attacks use the following article as a reference for their attacks:
Notable targets include: robert lemos, cult deadcow, whitedust, anonymous, g00ns, illmob, comodo.<br />
a mirror of this groups texts can be found at: http://whitehate.org/backup/newschool/zf0/<br /><br /><br />


The late scene and semi-current scene:<br /><br />
The purpose of this movement is to encourage a new policy of anti-disclosure
among the computer and network security communities. The goal is not to
ultimately discourage the publication of all security-related news and
developments, but rather, to stop the disclosure of all unknown or
non-public exploits and vulnerabilities. In essence, this would put a stop
to the publication of all private materials that could allow script kiddies
from compromising systems via unknown methods.
The open-source movement has been an invaluable tool in the computer world,
and we are all indebted to it. Open-source is a wonderful concept which
should and will exist forever, as educational, scientific, and end-user
software should be free and available to everybody.
Exploits, on the other hand, do not fall into this broad category. Just like
munitions, which span from cryptographic algorithms to hand guns to
missiles, and may not be spread without the control of export restrictions,
exploits should not be released to a mass public of millions of Internet
users. A digital holocaust occurs each time an exploit appears on Bugtraq,
and kids across the world download it and target unprepared system
administrators. Quite frankly, the integrity of systems world wide will be
ensured to a much greater extent when exploits are kept private, and not
published.
A common misconception is that if groups or individuals keep exploits and
security secrets to themselves, they will become the dominators of the
"illegal scene", as countless insecure systems will be solely at their
mercy. This is far from the truth. Forums for information trade, such as
Bugtraq, Packetstorm, www.hack.co.za, and vuln-dev have done much more to
harm the underground and net than they have done to help them.
What casual browsers of these sites and mailing lists fail to realize is
that some of the more prominent groups do not publish their findings
immediately, but only as a last resort in the case that their code is leaked
or has become obsolete. This is why production dates in header files often
precede release dates by a matter of months or even years.
Another false conclusion by the same manner is that if these groups haven't
released anything in a matter of months, it must be because they haven't
found anything new. The regular reader must be made aware of these things.
We are not trying to discourage exploit development or source auditing. We
are merely trying to stop the results of these efforts from seeing the
light. Please join us if you would like to see a stop to the
commercialization, media, and general abuse of infosec.
Thank you.


08/08/2008 - Mails are sent to the Full-Disclosure mailing list from a person/group known as "giest". The group sends tar.gz files containing popular security researcher Petko D. Petkov's personal<br />
==ImageShack==
emails from his gmail account, it is over a GB of data. The group also posted hack logs of "Tom Ferris" also known as "badpack3t" who runs the site "http://security-protocols.com". The group then<br />
attacks researcher Alan Shimel who runs the site/company stillsecure.com by replacing the site with porn and sending emails containing gay porn to the members of the little league baseball team he coached.<br />
also attacked was mwcollect.org in which the group released a tar.gz containing lists of honeypot networks. <br />
http://www.theregister.co.uk/2008/08/13/security_researchers_targeted/<br />
A copy of the text file can be found here: http://archives.neohapsis.com/archives/fulldisclosure/2008-08/att-0139/geist01-aa<br /><br />


06/28/2009 Kevin Mitnicks website is targetted by anonymous hackers displaying gay porn with text "all a board the mantrain".<br />
On July 10, 2009 at 7:34pm EST, ImageShack services were attacked which resulted in requests for images being redirected to an anti-sec manifesto, the goal being to increase publicity of the attack. The manifesto was read by millions of users which viewed the images, and as a result of the larger image being transferred through the ImageShack servers the network was very slow and unresponsive in some cases. The manifesto stated in small text at the end that "No images were harmed in the making of this... image" implying that the attackers chose not to delete any of the images but rather temporarily replace them.
http://www.theregister.co.uk/2009/06/29/mitnick_website_targeted/<br /><br />


Mid 2009 (June/July) A group calling them "AntiSec Group" starts off where previous groups have seemed to leave off by attacking groups such as Astalavista, Nowayout/Glafkos, SSANZ and imageshack.<br />
The ImageShack attack has been criticized by many members of the underground community as being "childish". Anti-sec followers have responded saying that it is for publicity, so that a greater audience can be aware of their intentions and prepare for further attacks.
The group claims to have hacked into the security firm eeye and immunitysec and leaked source code to the retina vulnerability scanner along with CANVAS. No proof has been confirmed of these allegations though.<br />
The attack on imageshack.us replaces images on the server with a image of the original anti.security.is motto. <br />
Most of this groups texts can be found at: http://romeo.copyandpaste.info/<br /><br />


==References==
==References==

Revision as of 03:55, 15 July 2009

The Anti-sec movement's manifesto which had replaced a number of pictures hosted by ImageShack.

The Anti Security Movement (also written as "antisec" and "anti-sec") Is a movement against the computer security industry to stop the publication of information relating to but not limited to:
Vulnerability Information, Exploits, Exploitation Techniques, Hacking "Tools", and any public outlet of this information. Sites such as http://securityfocus.com http://securiteam.com
http://packetstormsecurity.com http://milw0rm.com. Mailing lists such as "Vuln-Dev", "Full-Disclosure", "Vendor-Sec", "Bugtraq", As well as forums, IRC channels etc.
The original index from anti.security.is explains it best:

The purpose of this movement is to encourage a new policy of anti-disclosure among the
computer and network security communities. The goal is not to ultimately discourage
the publication of all security-related news and developments, but rather, to stop
the disclosure of all unknown or non-public exploits and vulnerabilities. In essence,
this would put a stop to the publication of all private materials that could allow script kiddies
from compromising systems via unknown methods.

The open-source movement has been an invaluable tool in the computer world, and we are all indebted to it.
Open-source is a wonderful concept which should and will exist forever, as educational, scientific, and end-user
software should be free and available to everybody.

Exploits, on the other hand, do not fall into this broad category. Just like munitions, which span from cryptographic
algorithms to hand guns to missiles, and may not be spread without the control of export restrictions, exploits should
not be released to a mass public of millions of Internet users. A digital holocaust occurs each time an exploit appears
on Bugtraq, and kids across the world download it and target unprepared system administrators. Quite frankly, the integrity
of systems world wide will be ensured to a much greater extent when exploits are kept private, and not published.

A common misconception is that if groups or individuals keep exploits and security secrets to themselves, they will become the
dominators of the "illegal scene", as countless insecure systems will be solely at their mercy. This is far from the truth.
Forums for information trade, such as Bugtraq, Packetstorm, www.hack.co.za, and vuln-dev have done much more to harm the underground
and net than they have done to help them.

What casual browsers of these sites and mailing lists fail to realize is that some of the more prominent groups do not publish their
findings immediately, but only as a last resort in the case that their code is leaked or has become obsolete. This is why production dates
in header files often precede release dates by a matter of months or even years.

Another false conclusion by the same manner is that if these groups haven't released anything in a matter of months, it must be because
they haven't found anything new. The regular reader must be made aware of these things.

We are not trying to discourage exploit development or source auditing. We are merely trying to stop the results of these efforts from seeing
the light. Please join us if you would like to see a stop to the commercialization, media, and general abuse of infosec.

Thank you.

For more information on the beginning of Anti-Security you can refer to:
http://web.archive.org/web/20010301215117/http://anti.security.is/
http://whitehate.org/backup/antisec.roots/antisec.txt
http://whitehate.org/backup/antisec.roots/ats-policy.txt
http://whitehate.org/backup/antisec.roots/jj.txt


History

The early scene (where it started):

The earliest "Anti-Security" rings started in late 1999 and 2000. Below is a list of groups / sites that started the antisecurity movement.
http://anti.security.is - popular forum back in 2001 discussing security vs antisecurity. The motto used by most "Anti-Security" cells comes from this sites index page.

~el8 - One of the first anti-security hacktivist groups. This group waged war on the security industry with their popular "pr0j3kt m4yh3m". pr0j3kt m4yh3m was announced in ~el8-2.txt.
The idea was to eliminate all public outlets of security news/exploits. Some of ~el8's more notable targets included Theo de Raadt, K2, Mixter, Ryan Russel (blue boar), Chris McNab (so1o),
jobe, rloxley, pm, aempirei, broncbuster, lcamtuf, cvs.openbsd.org.
The group had four electronic magazines that can be found here: http://whitehate.org/backup/oldschool/~el8/
http://www.wired.com/culture/lifestyle/news/2002/08/54400

http://phrack.efnet.ru / pHC - "proud supporters of pr0j3kt m4yh3m" This group as well waged war on the security industry and updated their site with news/missions/hacks for their cause.
popular targets of pHC included: loki (eric hines / alyssa knight), Ryan Russel (blue boar), 0dd mailing list, thebob, Mixter, tsao, and many irc channels as well (#freebsd).
http://whitehate.org/backup/oldschool/phc/ - for a mirror of pHC texts.

GOBBLES - This group of people mocked the security industry by releasing exploits thought to be unexploitable (openssh/shutuptheo) and (apache/apache-scalp.c) among many others.
the group also publicly criticized people such as Theo de Raadt and rave.
http://www.securityfocus.com/news/493
http://whitehate.org/backup/oldschool/GOBBLES/ - for a mirror of GOBBLES POSTS/Exploits/Texts.



The mid scene:
Most of the original people who started the Anti-Security movement have grown tired of it all and left the scene. New groups start to emerge.

boobys - Not as large as some of the other groups doing "Anti Security" activities but did their share.
Targets included: rosielloe, rave, rosec, netric, kajun
A mirror of boobys can be found at: http://web.archive.org/web/20040922204311/http://boobys.org/

h0no - Much like the previous generations ~el8 this group started out by taking action against/humiliating independent security researchers / groups on IRC.
The group release three electronic magazines with hack logs "exposing" and "rm'ing" security related indivduals in the IRC scene and later the main/major security scene.
Some of the groups more notable targets were: dvdman (john hale), tal0n (jeremey brown), morning_wood, core-security, sabre-security, hardened-php/lorian, kf, gotfault.
a complete mirror of the groups texts can be found at: http://whitehate.org/backup/newschool/h0no/

dikline - This group kept a website (http://dikline.org) which had an index of sites/people attacked by the group of submitted to the group.
some of this groups more notable targets were: rave, rosiello, unl0ck, nocturnal, r0t0r, silent, gotfault, skew/tal0n.
a archive of dikline texts can be found at: http://craplandia.org/~n3w7yp3/zfb/dikline/d1k/

zf0 / zero for 0wned - This group came into play at the end of the mid scene. Starting out by publishing hack logs of hacker forums and working their way up to security "professionals" / groups.
Notable targets include: robert lemos, cult deadcow, whitedust, anonymous, g00ns, illmob, comodo.
a mirror of this groups texts can be found at: http://whitehate.org/backup/newschool/zf0/


The late scene and semi-current scene:

08/08/2008 - Mails are sent to the Full-Disclosure mailing list from a person/group known as "giest". The group sends tar.gz files containing popular security researcher Petko D. Petkov's personal
emails from his gmail account, it is over a GB of data. The group also posted hack logs of "Tom Ferris" also known as "badpack3t" who runs the site "http://security-protocols.com". The group then
attacks researcher Alan Shimel who runs the site/company stillsecure.com by replacing the site with porn and sending emails containing gay porn to the members of the little league baseball team he coached.
also attacked was mwcollect.org in which the group released a tar.gz containing lists of honeypot networks.
http://www.theregister.co.uk/2008/08/13/security_researchers_targeted/
A copy of the text file can be found here: http://archives.neohapsis.com/archives/fulldisclosure/2008-08/att-0139/geist01-aa

06/28/2009 Kevin Mitnicks website is targetted by anonymous hackers displaying gay porn with text "all a board the mantrain".
http://www.theregister.co.uk/2009/06/29/mitnick_website_targeted/

Mid 2009 (June/July) A group calling them "AntiSec Group" starts off where previous groups have seemed to leave off by attacking groups such as Astalavista, Nowayout/Glafkos, SSANZ and imageshack.
The group claims to have hacked into the security firm eeye and immunitysec and leaked source code to the retina vulnerability scanner along with CANVAS. No proof has been confirmed of these allegations though.
The attack on imageshack.us replaces images on the server with a image of the original anti.security.is motto.
Most of this groups texts can be found at: http://romeo.copyandpaste.info/

References