Malicious Activity Alert: Anonymous Hack-school Grads Come Online In 30 Days

[Infiltrator]

By Tim Greene, Network World

June 30, 2011 03:44 PM ET

In about a month the first graduates of the new Anonymous hacking school could start having an impact on the frequency of cybercrime.

"You could have a quarter of a million people who could be educated on how to hack, not professionally, but enough to be significant," says Karim Hijazi, CEO of security start-up Unveillance. He bases that projected impact on the number of followers that the hacking group LulzSec acquired on Twitter during its 50-day spree - 285,550. When LulzSec disbanded last week, its members announced formation of the school.

He says that from what he's read about the school, it will teach skills that include setting up Zeus botnets, the keystroke logging malware for stealing banking logins. "Every little script kiddy will know how to create a botnet."

And while individuals may not be skilled enough to create massive botnets, their cumulative effect could be significant, he says.

In addition to attacking Web sites and posting stolen data online, LulzSec served the purpose of recruiting new, younger members for Anonymous, Hijazi says. When LulzSec disbanded, it reaffirmed its endorsement of AntiSec - its hacking movement against corporate and governmental corruption - which is being carried on by Anonymous, a loosely organized hacking group from which LulzSec sprang.

The implication was for LulzSec members committed to AntiSec to join Anonymous. "It was a good campaign on behalf of Anonymous," Hijazi says.

Meanwhile, look out for malicious activity from the freshly graduated Anonymous hacker class. "They could buy up domains for command and control servers and could have a botnet up next week of some value," he says.

Web source:

http://www.networkworld.com/news/2011/063011-anonymous-hack-school-grads.html

Edited July 3, 2011 by Infiltrator

[digip]

I had read the Unveillance blog a few days back where he claimed to be under attack from lulzsec - http://www.unveillance.com/latest-news/unveillance-official-statement/

Most every attack lulzsec has done, they have publicly tweeted or shown on pastebin, yet only a few places talk about the Unveillance gentleman in the news, but I have never seen anything to show lulzsec state this themselves. As it turns out, it seems Karim Hijazi works with the FBI, and uses the same password for a login to something that was taken from Infragard, which was also the same password Karim Hijazi used for his email.

I'd never even heard of Karim Hijazi before lulzsec, so if anything, lulzsec are helping to make a name for people in the Infosec community, when it seems they want the opposite, to bring people like him down. If anything, we may not be getting the full picture, and Unveillance may not be telling the full truth either. We can't necessarily believe what lulzsec says, but not sure we can trust what Unveillance says either, since it seems they are both running a campaign of disinformation.

Meanwhile, LulzSec has another story to tell. They claim Hijazi tried to pay them to attack his competitors using information he supplied.

Furthermore, LulzSec claims, he asked them to track down botnets and command and control servers for mutual benefits. The group says the extortion part was just a test to see if Hijazi would cave in to hackers.

“While it's normal for him to try and cover up this embarrassment by putting all the focus back on us, we can, again, see past this primitive social engineering. Karim compromised his entire company and the personal lives of his colleagues, then attempted to silence us with promises of financial gain and mutual benefits,” LulzSec writes.

http://news.softpedia.com/news/LulzSec-and-Unveillance-Accuse-Each-Other-of-Shameful-Behavior-204336.shtml

I wouldn't be surprised if it turns out Karim Hijazi was some how affiliated with them and had a falling out.

Edited July 3, 2011 by digip

[Infiltrator]

There's something very fishy going on with this whole story. Why would they target a small private company and what can LuizSec get out of it anyway.

[digip]

There's something very fishy going on with this whole story. Why would they target a small private company and what can LuizSec get out of it anyway.

I think they somehow had correspondence with him, more than just them attacking the guy. Either they worked with him on something before, or like they said, he tried to hire them to do something, or even that he tried to trap them, bait them into doing something for him, and they then turned on him exposing his ties to the FBI. One has to imagine, that if lulzsec or even anonymous were to work with any outsiders, they would probably hack these people first before letting them into their circle just to find out who they are, since they can't trust anyone any more than we could trust them. Paranoia must run rampant in their circles, and even though they run around boasting and bragging about their escapades, I'm sure some of the people in their groups don't sleep very well for fear of when they may get arrested and taken down.

One of the things I do think about though, is how they talk about infiltration, and how they have people working in many places as moles, covert reconnaissance, within big companies and organizations. The same might be said for not just fbi informants, but actual fbi who are part of anonymous, but only as a ruse to track and monitor what they are doing. One of the easiest ways to track people, is to join them and let them lead you to everything they are doing, and unless its a direct threat to something the government and fbi see as an issue, they can let them attack any number of places, so they can gather more info on the underground players.

I'll use Bin Laden as an example. Pakistan had the man living in their country for years, yet they claimed to not know where he was. Then we come in and take the guy out, but I think in regard to Pakistan's security, they probably knew where he was the whole time, and for their own advantage to track his movements and orders, kept quiet so they could build their own intelligence on the man. That is of course if they weren't literally helping the man, but only monitoring him for intelligence means. We'll never know one way or the other, and is just my speculation but you can bet the CIA and FBI allow certain groups to run a muck, since it would give them greater insight to other avenues of intelligence gathering by just following their trail vs trying to actually shut them down.

Edited July 3, 2011 by digip

[eovnu87435ds]

Wouldn't it be hilarious if LulzSec was actually a group of legitimate infosec companies who banded together to start a scare campaign posing as script kiddies, to scare more companies to increase their security measures, and therefore increase the profits of the infosec companies? If I was in the position to do such a thing to increase my may rate, I don't think I would think twice(especially if my company is the company doing the security auditing for the government forces responsible for tracking these people down)

[Infiltrator]

Wouldn't it be hilarious if LulzSec was actually a group of legitimate infosec companies who banded together to start a scare campaign posing as script kiddies, to scare more companies to increase their security measures, and therefore increase the profits of the infosec companies? If I was in the position to do such a thing to increase my may rate, I don't think I would think twice(especially if my company is the company doing the security auditing for the government forces responsible for tracking these people down)

They could've been white hats from the start, but since they don't have brains to think about the consequences they decided to become black hats instead. Now they have the authorities looking for their asses.

[digip]

I think there are two sides to every coin, and with regard to hacking, maybe a 3rd(that outer edge is very thin, but its still a side). I think for lulzsec and anonymous, you have people with true skill sets, and then the followers or people who just want to get into the scene, who are the script kiddies. Then there are those who work in security, but are fed up with trying to drive hoem the same old rhetoric over and over, only to see companies fail to heed their warnings, so they go rouge for a bit, have a little fun and let off some steam, then go back to their day job.