from xfiles (follow link for the full communique with text graphics):
WE ARE ANONYMOUS. WE DO NOT FORGIVE. WE DO NOT FORGET. WE ARE LEGION. EXPECT US!
FUCK SOPA, FUCK NDAA, FUCK FBI, FUCK DHS, FUCK DARPA, FUCK NCCIC & FUCK THE PIGS
OFFICIAL EMERGENCY COMMUNIQUE STRAIGHT FROM THE ANONYMOUS HACKER UNDERGROUND
Welcome comrades around the world and thanks for joining us for our end of the year crime spree. 2011 is over and what a chaotic year it’s been: brutal tyrants and inept dictators were overthrown while multinational corporations and lazy security contractors were systematically targeted for embarrassment and elimination. Was it the year of protests, occupations, revolutions? The year of the hacktivist? Looking back, we’re not quite sure what the hell it was, but we certainly had lots of laughs contributing to the mayhem by owning pretty much anything and everything we wanted to.
Did you enjoy looting and plundering the pocketbooks of the rich and powerful during Lulzxmas? Did you enjoy using and abusing the personal emails and passwords of feds and corporate executives? How about all those “Law Enforcement Sensitive” documents stolen from NY police chief emails? And that epic cslea.com defacement on New Years Eve? Yes, many lulz were had during this past week, and rest easy fellow pirates, that was only a taste of the chaos to come.
We’re ringing in the new year with another exciting #antisec zine release, and this is a big one. Lots of servers were rooted and rm’d. More than a few clueless sysadmins had their .bash_history and mail spools spilled. A lot of cops got doxed — shit, with all the live passwords being dropped here one could easily own police departments in nearly every U.S. state.
To match this truly epic hacking spree, we also had to go on an epic shopping spree. In an act of loving egalitarian criminality, we used company credit cards to make donations to dozens of charities and revolutionary organizations, including the Bradley Manning Support Organization, the EFF, the ACLU, CARE, American Red Cross, Amnesty International, Greenpeace, some commies, some prisoners, various occupations, and many more unnamed homies. It took weeks of hard work, but it paid off: to the tune of over $500,000 dollars liberated in total. Some examples we publicized were eventually returned: other payments made more discretely were confirmed to have been received and changed to hard cash. Of course, we had to engage in some pranks as well. What’s life without a little laughter at the expense of the 1%? We sent Pop-Tarts to the sysadmins with the hopes they would appreciate the humor. We also transferred to ourselves some form of anonymous currency that can’t be traced or returned. Maybe we even sold or traded some of these cc dumps and password lists with other black hat comrades for botnets and 0days. Fuck em’ if they can’t take a joke!
While we attacked the institutions of capitalism, it would only make sense to attack those who enforce it, the inherently oppressive protectors of property and purveyors of social control; the pigs, the fuzz… the police. Do you remember a month ago when the mayors of over eighteen major cities in the U.S. collaborated with the swine to launch a coordinated attack on Occupation sites? The indiscriminate, and unprovoked, arrest and brutalization of thousands of protesters? We the 99% face an endless cycle of evictions and layoffs, while the powerful elite laugh all the way to the bank, comforted by their lucrative federal contracts and billion dollar bailouts. All our lives we have been robbed blind, and now it’s time to start pointing our guns in the right direction.
In retaliation for this unprovoked, premeditated police-state brutality, we executed our own raid against New York and California police targets. And no, we will not be using pepper spray or tasers: we’ll leave that for the boys in blue. Did you think we forgot? Did you think we would let you kick us out of our parks, teargas us, send veterans to the hospital, and conspire with other police forces to repress our uprising? We do not forgive, we do not forget: our vengeance will swallow you whole, and we will shit you out in to a place more hellish than the prisons you fill.
On New Years Eve, our while revolutionary comrades brought the noise to the front of jails across the world in support of the incarcerated, we were opening fire on the websites and emails of the 1%, publishing stolen information from police departments in both California and New York. From coast to coast we lulzed as we hit the top police chiefs: skimming their private email and Facebook accounts, blissfully abusing their internal law enforcement portals, and making off quick with their private documents which we then published on tor hidden services and BitTorrent. Finally, we defaced their websites and rm’d their servers, live on IRC and Twitter for the whole world to see.
While we attacked police targets, we also decided to go after their supply chain. We bring you the full story of how we gutted the military and law enforcement equipment supply store, SpecialForces.com. Truth be told, we had been keeping quiet about this particular target for a time while we lived large off its pillaged goods. However, just prior to this release, a former member leaked the cleartext password lists, and some media picked up on it. Now that the jig is up, the full story of this owning can be told. To top this target off, we threw in some credit cards and home address info to thousands of their mostly military and police customer base. Hope they don’t mind. Just kidding.
We’re calling upon all allied battle ships, all armies of darkness, to rise up and use and abuse all the personal information of these tyrannical agents and supporters of the 1%. You wanted lulz? With the sheer amount of passwords, credit cards, and mail spools we plastered all over the internet, you can guarantee that the richest and most powerful people will continue to get owned hard well into 2012.
* * *
FELLOW HACKERS, CRACKERS, PIRATES, OCCUPIERS, ANARCHISTS, BLACK HATS, AND LULZ LIZARDS – GET SECURE, HOP ABOARD THE GOOD SHIP ANONYMOUS, AND LET US SAIL THE SEVEN PROXIES TO GREAT GLORY. THE ENEMY BOATS ARE NO MATCH, AND THE BOOTY IS RIPE AND PLENTIFUL. THE INTERNET IS OURS, COMRADES – A LAS BARRICADAS!
TABLE OF DISCONTENTS
1 INTRO ……………… LINE 133
2 STRATFOR.COM ……….. LINE 243
3 CSLEA.COM ………… LINE 14578
4 NYCHIEFS.ORG ……… LINE 15839
5 PRIV8 GOVMENT DOXXX .. LINE 15899
6 SPECIALFORCES.COM …. LINE 16063
7 OUTRO ……………. LINE 22156
THE ANTISEC EMBASSY: http://ibhg35kgdvnb7jvw.onion
CHECK US OUT ON TPB: thepiratebay.org/user/AntiSecurity
GREETZ TO ALL ALLIED HACKER CREWS, KEEP PULLING THAT TRIGGER! Ac1dB1tch3z, ~EL8, DIKLINE, H0NO, GoD, ZF0, RevoluSec, PHC, HACKBLOC, C4BIN CR3W, WIKILEAKS AND ALL OTHERS KNOWN AND UNKNOWN, THANKS FOR THE SUPPORT … WE HAD SOME GOOD TIMES OWNING SHIT, AND MANY MORE LULZ ARE TO BE HAD ALL THROUGH 2012! LET IT FLOW…
SOLIDARITY WITH ALL THOSE IMPRISONED BY BY THE FASCIST PRISON INDUSTRIAL COMPLEX WE WILL CONTINUE 2 OWN IN UR GREAT HONOR FREE BRADLEY MANNING, TOPIARY, COMMANDER X. THE ANONYMOUS OPPAYBACK DEFENDANTS AND SPECIAL GREETZ TO BIG PIMPIN: THE UNIX TERRORIST FRESH OUT THE JOINT !!!
/******************************************************************************/ BREAK BREAD MOTHAFUCKA!!!
[*] STRATFOR.COM
1. Over 75,000 credit cards with name, address, company, and cvv information.
2. Over 860,000 names and addresses to all Stratfor’s past and present “private client list”
3. 25,000 tickets for their it.stratfor.com support system
4. Mail Spools (were handed over to professionals: coming soon!)
[*] NYCHIEFS.ORG
1. Mail spools for 10 NY Police Chiefs
2. Over 300 usernames and md5-hashed passwords for all NY Chiefs
3. Several “Law Enforcement Sensitive” and “For Official Use Only” documents
[*] CSLEA.COM
1. Mail spools for 3 CSLEA employees including the webmaster Ken Fair
2. Credit card information for over a hundred agents and supporters
3. 2500 cleartext, user-supplied passwords of all CSLEA members
4. Various stolen database files for internal forums and other portals
[*] SPECIALFORCES.COM
1. Usernames, passwords, emails, addresses, & phone numbers for 14k customers.
2. Credit card information for 8,000 customers.
/*******************************************************************************
ANTISEC DISMANTLES STRATFOR, A MULTI-MILLION DOLLAR INTELLIGENCE CORPORATION
*******************************************************************************/
Soundtrack to the Rev Track #1 – Dead Prez – Hell Yeah
“I know a way we can get paid, you can get down but you can’t be afraid
let’s go to the DMV and get a ID, the name says you but the face is me
now it’s yo’ turn take my paperwork, like 1,2,3 let’s make it work
fill out the credit card application, it’s gonna be bout three weeks of waitin
for American Express, Discover card, Platinum Visa Mastercard,
when we was boostin’ shit we was targets, now we walk right up & say charge it
to the game we rockin’ brand names, well known at department store chains
even got the boys in the crew a few thangs, Po Po never know who true blame
store after store ya’ know we kept rollin’ wait 2 weeks report the card stolen
repeat the cycle like a laundrymat, like a glitch in the system hard to catch
comin’ out the mall, with the shopping bags, we take ’em right back & get the
cash yeah, get a friend and do it again, damn right that’s how we pay the rent
In this release, we will detail the lulzy and agonizing death of Stratfor.com, a premiere “global intelligence” company out of Austin, Texas. Long story short, they got owned hard. Really hard. The sheer amount of destruction we wreaked on Statfor’s servers is the digital equivalent of a nuclear bomb: leveling their systems in such a way that they will never be able to recover. We rooted box after box on their intranet: dumping their mysql databases, stealing their private ssh keys, and copying hundreds of employee mail spools. For weeks we used and abused their customer credit card information (which was all stored in cleartext in their mysql databases), eventually dumping all 75,000 credit cards and 860,000 md5-hashed passwords of their “private client list”. And if dumping everything on their employees and clients wasn’t enough to guarantee their bankruptcy, we laid waste to their webserver, their mail server, their development server, their clearspace and srm intranet portal and backup archives in such a way that ensures they won’t be coming back online anytime soon.
“But why Stratfor?!” came the cries from many butthurt customers, right wingers, confused pacifists, and many others who have never even heard of Stratfor until we blasted their asses off the internet. Now those who are already familiar with Antisec know we have always had a burning hatred for the security and intelligence industries (especially private companies with lucrative federal contracts). After all, these white hat “professionals” work for the corrupt governments and multi-national corporations to develop and protect technology that allow the oligarchical elite to better monitor and repress the general public while plotting for global financial and military dominance. They protect their assets and systems, while providing “accurate” and “non-ideological” intelligence and risk forecasts which the rich depend on to maintain global market stability. Bet they didn’t see this coming. Should have expected us. We found out that just like the cracks in the armor of global capitalism, their professional looking website was vulnerable as hell. Despite all their expensive degrees, meaningless certificates, and padded resumes of the elite, they remain woefully clueless in all matters related to security.
Besides the internal email correspondence between Stratfor and their “private clients” (which are sure to be quite revealing and embarrassing), what we were really after was the names, addresses, passwords, and credit cards to their customers. Who really pays $39.95 a month for daily right-wing political spam and access to a shitty drupal site? The DHS, FBI, Army, Navy, Bank of America, Raytheon, BAE, Lockheed Martin, Merrill Lynch, BP, Chevron, Monsanto, KBR, Booz Allen Hamilton, Microsoft, International Monetary Fund, and the World Bank are just a few on this list made up of the mightiest corporations and government institutions that exist. We shook the rotten tree of Stratfor and some ugly ass ducklings tumbled out: notorious war criminals Henry Kissinger, Paul Wolfowitz, ex-Vice President Dan Quayle, former CIA director Jim Woolsey, and many, many more. Australian billionaires Malcolm Turnbull and David Smorgon? They’re on it. So is Nick Selby from “Police Led Intelligence” who advises pigs on how to secure their systems. Fuck, even notorious white hat right-wing snitch Thomas Ryan from “Provide Security” is up in this shit. And we’re really asked why we hit Stratfor!? About the only person we felt bad about doxing was Harry Shearer. Besides the massive headaches these rich scumbags will have to go through to try to recover all their ill-gotten cash, the password information in these databases will ensure many future ownings of the 1%. So we decided to dump it all – not only because we wanted to share the lulz with everybody, but because we wanted to bring absolute mayhem upon the exploitative capitalist system in which Stratfor and it’s clients perpetuate. Suckaa!!!
The question is, will Stratfor ever recover? If they manage to clean up the remains of their charred servers, analyze the source of the breach and attempt to put up new websites with the hopes we won’t be back for more, will they ever survive as a corporation? Who will trust them ever again? How are their customers going to feel when they realize how hard they’ve been owned? Will anyone ever take their analysis and risk predictions seriously again? We’re excited to hear all the embarrassment and controversy that will ensue in the fallout of this epic death of a corporation, but we’ll let the researchers and journalists handle all that.
We don’t normally give out security advice, but here’s some for free: next time, consider running a free service.
/*******************************************************************************
CALIFORNIA LAW ENFORCEMENT ASSOCIATION – DEFACED AND DESTROYED BY ANTISEC
*******************************************************************************/
Soundtrack to the Rev Track #2: The Coup – Five Million Ways to Kill a CEO
I’m from the land where the Panthers grew
You know the city and the avenue
If you the boss we be smabbin through
And we’ll be grabbin’ you
To say “What’s up with the revenue?”
Most everybody already knows that we don’t like police very much. Shit, just about everybody hates them, everybody except for the rich and powerful who depend on their protection. But which state got the most blood on their hands? Well we already owned pigs in Texas and Arizona, and many many others; guess its time to ride on the California police.
From the murder of Oscar Grant, the repression of the occupation movement, the assassination of George Jackson in San Quinten prison, the prosecution of our anonymous comrades in San Jose, and the dehumanizing conditions in California jails and prisons today, California police have a notorious history of brutality and therefore have been on our hitlist for a good minute now.
So we went ahead and owned the California State Law Enforcement Association (CSLEA.COM), defacing and destroying their website. We dumped a few of their mail spools and forum databases, and we did get a few laughs out of reading years of their private email correspondence (such as CSLEA’s Legislative and Police Liason Coby Pizzotti’s convos with his girlfriend who calls him “doodle”). But what we were really after was their membership rosters, which included the cleartext password to 2500 of their members, guaranteeing the ownage of many more California pigs to come.
“But wait! Cops are people too! Part of the 99%!” orly? When these soulless traitors voluntarily chose to cross the picket line and side with the bosses and bureaucrats, they burned all bridges with working class. As the bootboys for capitalism they do not protect us, instead choosing to serve the interests and assets of the rich ruling class, the 1%. Many Occupiers are learning what many of us already know about the role of police in society when they violently attacked protesters occupying public parks. Now it’s time to turn the table and start firing shots off in the right direction. Problem, officer?
Interestingly, CSLEA members have discussed some of our previous hacks against police targets, raising concern for the security of their own systems. However Ken deliberately made some rather amusing lies as to their security. He repeatedly denied having been hacked up until web hosts at stli.com showed him some of the backdoors and other evidence of having dumped their databases. We were reading their entire email exchange including when they realized that credit card and password information was stored in cleartext. This is about the time Ken changed his email password, but not before receiving a copy of the ‘shopper’ table which contained all the CCs. Too late, Ken.
In all fairness, they did make an effort to secure their systems after discovery of the breach. They changed a few admin passwords and deleted a few backdoors. Shut mail down for a few days. They also finally decided to set a root mysql password, but we got the new one: “vanguard”. We noticed that you got rid of the credit card table, and most of the users in your database. Still haven’t figured out how to safely hash passwords though: we really loved your change from ‘redd555’ to ‘blu444’. Clever.
But we still had shell on their servers, and were stealthily checking out the many other websites on the server, while also helping ourselves to thousands of police usernames and passwords (it’s how Special Agent Fred Baclagan at the California DOJ Cybercrimes Unit got humiliated last month). For two months, we passed around their private password list amongst our black hat comrades like it was a fat blunt of the dank shit, and now it’s time to dump that shit for the world to use and abuse. Did you see that there were hundreds of @doj.ca.gov passwords? Happy new years!!
/*******************************************************************************
ON TO THE NEXT TARGET…. NEW YORK POLICE CHIEFS, OWNED AND EXPOSED !!!
*******************************************************************************/
Soundtrack to the Rev Track #3: Cop Killer by Ice-T
I got my black shirt on.
I got my black gloves on.
I got my ski mask on.
This shit’s been too long.
I got my twelve gauge sawed off.
I got my headlights turned off.
I’m ’bout to bust some shots off.
I’m ’bout to dust some cops off.
I’m a cop killer, better you than me.
Cop killer, fuck police brutality!
Cop killer, I know your family’s grieving, (fuck ’em!)
Cop killer, but tonight we get even, ha ha.
For our next owning we bring you multiple law enforcement targets in the state of New York, who has been on our crosshairs for some time due to their brutal repression of Occupy Wall Street. We also want to bring attention to the 1971 riots at Attica where in response to the murder of George Jackson, convicts took over the priso, demanding humane living conditions. It is in this same spirit of cross-country solidarity that we attacked police targets in NY.
We’re dropping the md5-hashed passwords and residential addresses for over 300 Police Chiefs in the state of New York. We are also sharing several private mail spools of a few NY police chiefs. While most of the contents of these emails involve boring day to day office work and blonde joke chain emails, there were also treasure troves of embarrassing personal information as well as several “For Official Use Only” and “Law Enforcement Sensitive” documents discussing police methods to combat protesters.
Subject: Mid Hudson Chiefs Fwd: Demonstrators
Date: Mon, 5 Dec 2011 09:07:33 -0500 (EST)
From: AJFurco@aol.com
To: Chief@newpaltzny.org, SMinard@cityofpoughkeepsie.com, RKnapp@cityofpoughkeepsie.com, Bnichols@eastfishkillpoliceny.org, Cathy_Newhard@nps.gov, Dsgt10@aol.com, ChiefAckert@lloydpolice.com, DGiudice@frontiernet.net, TOFCHIEF@aol.com, bcronin@eastfishkillpoliceny.org, Ddoughty@eastfishkillpoliceny.org, Fmilazzo@dep.nyc.gov, Chiefpetrone@shawangunkpd.com, gscofield@vofishkill.com, GoshenPD@frontiernet.net, Jmckinney@fishkillpd.org, npd2@cityofnewburghpolice.org, Navycod@aol.com, polcapt@bestweb.net, Pmodica@leo.gov, Plecomte@townofpoughkeepsie-ny.gov, peter.convery@putnamcountyny.gov, Rnichols@tti.travel, r_cullen@culinary.edu, rwmartin@gw.dec.state.ny.us, rvancurasngvpd@optonline.net, speror@mac.com, Tmauro6552@aol.com, fbina225@gmail.com, robert.mir@leo.gov, mfaricellia@town.new-windsor.ny.us, rhovey@town.new-windsor.ny.us, mfarbent@town.new-windsor.ny.us, dsolomon@villageofmonticello.com, ddowd@beaconpd.com, lmusmeci@beaconpd.com, malberti@eastfishkillpoliceny.org, sgtsmith@shawangunkpd.com, sgtmarlatt@shawangunkpd.com, carlbass@aol.com, chief@cornwallny.gov, ltmelch@frontiernet.net, robopeg@optonline.net, joelhb@aol.com, ddoellinger@thetownofchester.org, wwordenpjpd@yahoo.com, Ltoz@newpaltzny.org, ffal@co.ulster.ny.us, waldenchief@hvcrr.com, rebailey@optonline.net, atramaglini@villageofcroton.net, chiefoshea@optonline.net, kimperati@co.dutchess.ny.us, glennon@co.dutchess.ny.us, mbiasotti@town.new-windsor.ny.us, david.pritchard@ang.af.mil, chiefman1@aol.com, fpd362@fallsburgny.com, jberlingieri@fishkillpd.org, sbierce@fishkillpd.org, tpape@cityofpoughkeepsie.com, lbarbaria@police.saugerties.ny.us, hpdculver@frontiernet.net, pfusco@dep.nyc.gov, bhandy@dep.nyc.gov, tlindert@fishkillpd.org, kkeefe@eastfishkillpoliceny.org, jtruitt@redhookpolice.com, BSSP74@gmail.com, cup4us94@aol.com, apaul001@hvc.rr.com, pwelsh@tuxedopd.com, nycop48@aol.com, r.angelillo@motorolasolutions.com, chiefcbroe@hydeparkny.us, bnegron@courts.state.ny.us, efreer@cityofpoughkeepsie.com, chief@mounthopepolice.com, a.ovchinnikoff@clarkstown.org, r.mahon@clarkstown.org, jcorcoran@villageofmontgomery.org, hpdcruz@frontiernet.net, m.sullivan@clarkstown.org, WGarcia@CenHud.com, davidg@goosetown.com, AJFurco@aol.com, Chasbok@aol.com, driccisppd@gmail.com, DJZAPPONE@aol.com, chiefpaolilli@cityofnewburghpolice.org, kooldoolen@msn.com, HBrilliant@aol.com, FirstCav7@aol.com, Intrastate1@aol.com, pmbmjb624@msn.com, CBA154@aol.com, WWohr@aol.com, NEWYORKPDBLUE@AOL.COM, gunterhenrich@yahoo.com, divecop@aol.com, MVMCH@aol.com, wcarlosjr@aol.com, ChiefABC@aol.com, DCMC102@aol.com, ramaurin@hotmail.com, mbyrne1@hvc.rr.com, petecpd@aol.com, ajmdj3@optonline.net
At the request of Chief Mauro, I am forwarding this e-mail to every member.
From: tmauro6552@aol.com
To: AJFurco@aol.com
Sent: 12/4/2011 6:07:04 P.M. Eastern Standard Time
Subj: Fwd: Demonstrators
Please forward to membership list ..Chief Mauro
Attachments:
LA_JRIC_Methods_to_Defeat_Law_Enforcement_Crowd_Control_Techniques.pdf
Activist_-_Basic_Recon_Skills_1010.pdf
Activist_-_Handbook_for_Operations_1010.pdf
Protester_Tactics_1107.pdf
Activist_-_Handbook_for_Operations_1010.pdf
Do-It-Yourself_Guide_to_OCCUPY_Protest_1111.pdf
CIVIL_DISTURBANCE_AND_CRIMINAL_TACTICS_OF_PROTEST2.pdf
There was also much persinal information about probationers and parolees, but we would never betray our comrades under the gun of the repressive “justice” system. Instead, we leaked a handful of internal police documents on Bradley Manning’s birthday:
* (U//FOUO) Law Enforcement at Risk for Harassment and Identity Theft through
‘Doxing’ FBI BULLETIN Cyber Intelligence Section
* (U//FOUO) Awareness, Detection, and Mitigation of Cyber Threats and Attacks
* (U//FOUO) Environmental Extremism: Potential for Increased Criminal Activity
* (FOUO/LES): LA Intelligence Bulletin: Social Networking in State Prisons
* (LES) DEA Intel Brief Gmail Secuity Features
* (U//FOUO) Suspected Members of Anonymous and LulzSec Targeting Law Enforcement
Personnel and Case Information in Retaliation for Arrests
/*******************************************************************************
H0H0H0!!! ANTISEC BRINGING YOU MOAR PRIV8 POLICE DOCUMENTS ABOUT ANONYMOUS
*******************************************************************************/
******************************************************************
**** DEPARTMENT OF DEFENSE INTEREST COMPUTER SYSTEM (DODICS) ****
******************************************************************
* DDD * USE OF THIS OR ANY OTHER DEPARTMENT OF DEFENSE * DDD *
* D D * INTEREST COMPUTER SYSTEM (DODICS) CONSTITUTES * D D *
* D D * YOUR CONSENT TO MONITORING BY DOD AUTHORIZED * D D *
* DDD * PERSONNEL FOR COMPUTER SECURITY AND SYSTEM * DDD *
* * MANAGEMENT PURPOSES. * *
* OO * * OO *
* O O * THIS DODICS AND ALL RELATED EQUIPMENT ARE TO * O O *
* O O * BE USED FOR THE COMMUNICATIONS, TRANSMISSION, * O O *
* OO * PROCESSING, MANIPULATION, AND STORAGE OF * OO *
* * OFFICIAL U.S. GOVERNMENT OR OTHER AUTHORIZED * *
* DDD * INFORMATION ONLY. * DDD *
* D D * * D D *
* D D * UNAUTHORIZED USE OF THIS COMPUTER MAY SUBJECT * D D *
* DDD * YOU TO CRIMINAL PROSECUTION AND PENALTIE. * DDD *
******************************************************************
**** DEPARTMENT OF DEFENSE INTEREST COMPUTER SYSTEM (DODICS) *****
******************************************************************
OVER THE YEARS WE HAVE EXPOZED MANY A PRIVATE GOVERNMENT DOCUMENTS STOLED FROM TEH MAIL SPOOLZ AND INTRANETS OF THE PIGS … BUT NOW WE HAVE DISCOVERD THAT THEY ARE ONTO US AND IZ ONLY A MATTER OF TIME BEFORE WE ARE ALL BIZZUSTD!!!
// THEY R HIP 2 OUR MASTER PLAN…
• (U) “Project Mayhem,” (PM) was announced by Anonymous in August 2011, and according to their public website projectmayhem2012[dot]org, is set to culminate on 21 December 2012. The PM website ahs several links to YT videos, which appear to have been randomly selected and have no direct tie to PM or past / current / future Anonymous malicious activity. Furthermore, there is no dialogue or hints as to specific tactics, techniques and procedures (TTP) that Anonymous plans on employing on or prior to 21 December 2012. There are also several seemingly related internet wiki-style portals and web forums, operating under the PM name, devoted to random malicious acts – some involving physical disruption and some involving targeting information systems – but no direct discussion of attack scenarios.
• (U) The name “Project Mayhem” is derived from the popular 1999 film Fight Club. The project refers to a secret operation carried out by the Fight Club to topple the corporate American system. In the movie, the Club carries out numerous malicious acts such as defacement of buildings with graffiti, sabotage, and arson. In the finale, the main character is ultimately responsible for destroying buildings belonging to major financial institutions with explosives.
• (U//FOUO) DHS/NCCIC’S PM ASSESSMENT: While Anonymous’ PM will not likely be as spectacular as the activities it was named after in the movie Fight Club, little is known about their plans for this event. We anticipate several more YT videos and public statements via Twitter leading up to the culmination date of 21 December 2012. Based on previous incidents involvin Anonymous, we can expect DDOS, web defacement, SQL injection, and potentially in-person protests targeting worldwide government institutions and private corporations. Though the characters in the movie Fight Club who carried out their version of PM utilized deadly force and terrorist tactics, Anonymous is not likely to use violent force in their operations.
// THEY ANALYZED OUR METHODOLOGY…
• (U) Anonymous utilizes a crude target nomination procedure, outlined below, that is coordinated on one of several communication mediums – IRC, websites (#chan, etc), insurgency wiki, or anonymous themed website:
1. An individual on the communications medium posts an appeal to Anonymous
leadership requesting members to target a victim;
2. Those individuals who agree, follow suit with vague details given as to
intentions and/or tactics.
3. “Lulz ensue,” or they don’t;
4. If “lulz ensue,”, go back to step 2 and see if more people join the action,
or;
5. Lose interest.
// THEY HAVE OUR 0DAY…
• (U) According to Anonymous, they are working on a new attack tool called #RefRef that is able to use a server’s resources and/or processing power to conduct a DOS against itself. It is unclear at this time what the true capabilities of #RefRef are; Anonymous has stated publicly that the tool will be ready for wider use by the group in September 2011. There have been several publicly disclosed tools claiming to be versions of #RefRef however there has been nothing to validate these claims.
// AND HAVE INFILTRAT0RED OUR ORGANIZATION!!!
• (U//FOUO) Following law enforcement action against Anonymous and LulzSec, individuals claiming to be members of the groups contacted FBI field offices in an attempt to provide information and become informants. While some individuals may have had honest intentions when contacting the FBI, others may have engaged in social engineering to solicit information about law enforcement personnel or active investigations of Anonymous and LulzSec. In addition, individuals may have also contacted the FBI to provide misinformation about the identities of Anonymous and LulzSec members and their activities as a means of interfering with law enforcement investigations.
• (U//FOUO) In June 2011, suspected members of LulzSec discussed a scheme to provide misinformation to the FBI in a private Internet Relay Chat (IRC) channel. Members discussed having an FBI informant with access to the IRC channel contact his handling agent to provide misinformation in exchange for payment. Once this occurred, the group then planned to publicize the incident and to give the impression that the FBI was funding LulzSec activities.
• (U//FOUO) In October 2011, an FBI source with unknown reliability reported that an individual contacted FBI field offices via e-mail claiming to have information regarding Anonymous. Source reporting suggests that this individual had previously discussed in chat logs attempts to social engineer an FBI agent to download malware.
// BUT THEY R SCARD…
• (U//FOUO) The FBI judges that the retaliatory reactions of Anonymous and LulzSec, combined with law enforcement activity aimed at dismantling the group, points toward the continued targeting and intimidation of law enforcement personnel. The FBI judges that law enforcement personnel may be subjected to increased contact by individuals regarding information about Anonymous and LulzSec members and activities, as additional law enforcement action against suspected members of Anonymous and splinter groups are conducted. This contact could lead to the increase of social engineering tactics against officers to obtain sensitive information that could be used to compromise active cases. In addition, suspected members of Anonymous and LulzSec may continue to provide misinformation in an effort to thwart law enforcement investigations, which may impact future prosecution of these subjects.
// AND ARE SCRAMBLING 2 PROTECT THEMSELVES
• (U//FOUO) The FBI judges that the following precautions are likely to enhance law enforcement ability to preserve information and ensure officer safety during interviews and search warrants:
• (U//FOUO) Being Aware of Social Engineering Tactics. Subjects may gather personal and employment information about law enforcement officers by manipulating them into divulging sensitive information. This information would enhance “doxing” by enabling subjects to gather further identifiers.
• (U//FOUO) Limiting Access to Video Equipment. Access to mobile phones, video recording devices, digital cameras, and Web cams would allow subjects to photograph law enforcement personnel. These pictures and videos may then be uploaded to the Internet and included in “doxes” of law enforcement.
• (U//FOUO) Limiting Access to Mobile Devices. Subjects may attempt to contact other Anonymous members to alert members of law enforcement presence, through making phone calls, sending text messages, and accessing social networking sites using mobile devices. Members have been known to access Internet Relay Chat (IRC) channels through mobile phones, therefore subjects may be able to communicate with other members without appearing to be on the Internet.
• (U//FOUO) Being Aware of Encryption Methods. Further efforts that may impede intelligence collection include encryption techniques such as full disk encryption. In these instances, information may be lost if suspects are notified before the search warrant is executed and the computer is turned off prior to law enforcement arrival.
• (U//FOUO) Obtaining Proper Consent for Minors. Some of the subjects of Anonymous are minors, which may hinder intelligence collection. Differences in state authorities designating the age at which someone is considered a minor may make it difficult to interview these subjects. Proper approval and parental consent may be required prior to contacting a minor and collecting information.
// BUT IN THE END THEY KNOW THEY ARE FUXX0R3D!
• (U//FOUO) According to congressional testimony from February of this year, government and private sector groups are concerned by the lack of overall authority and strategic direction in regards to cyberattack defense. There is no clear agreement between Congress, the White House, Pentagon, Central Intelligence Agency, Department of Homeland Security, and other stakeholders regarding where responsibilities lie with regard to various networks, and which department should respond to cyberattack scenarios.
• (U) Outlook
• (U//FOUO) Cyber threats will likely continue to increase and evolve in 2011 and beyond. User vigilance is the first line of defense in protecting information and assets. Appendices A, B and C contain detailed lists of threats and possible mitigation techniques; some areas may contain overlap. Follow your agency’s protocol for handling cyber threats and attacks, and report all major incidents to the JRIC via e-mail at leads@jric.org, or by phone at (562) 345-1100.
/*******************************************************************************
SPECIALFORCES.COM MILITARY AND POLICE SUPPLY STORE: OWNED AND EXPOSED
*******************************************************************************/
Welcome to the next owning in this issue. In our ongoing efforts to destroy the military and prison industrial complex at the point of production, we targeted the online police equipment supply store SpecialForces.com. Their 15,000 customers are mostly composed of military and police officers, and they’re all going to be very mad when they hear how all their personal information has been plastered all over the internet. But that’s just what happens when you support corporations that traffic in weaponry used by the soulless swine of the state to beat up protesters!!
We weren’t planning on releasing this anytime soon, but since priv8 password lists were leaked early and news articles and rumors are starting to circulate, it’s time to set the story of this owning straight. We were briefly working with another hacker Abhaxas, who some might know as movl from back in the day. One of the targets we worked on together was this SpecialForces.com online store. We rooted it and grabbed all their databases and private email spools. However, unlike many groupies and script kiddies who are quick to rush and dump half-owned targets to pastebin, we made a decision to hold off on publishing anything too soon until the passwords and credit cards were properly used and abused to their fullest potential. Then Abhaxas pulls some sketchy shit. Between his suspicious social engineering plot where he emailed dozens of FBI across the country offering up info about our group, and then he disappeared after being doxed by his ex-girlfriend x25_princess in the aftermath of a public harsh twitter breakup, there’s not much more to do except cut it off and stay quiet. But then he popped back up months later and ran his mouth on twitter about how he was responsible for the all our hax because of this one dump from “his” hack. Oh really? You found an open /cart/install directory and brought us a few DB dumps where the passwords and credit cards were encrypted with blowfish and you didn’t have the key or access anymore. And at this point because of the very verbose and obvious entry point, the sysadmin was aware of the hack and locked the box down. Or so he thought. Who broke back into the box? Who rooted and backdoored it? Who stole the encryption keys and wrote to parse and dump all the passwords and ccs into cleartext? Who dumped 6GBs of private mail spools? Who hilariously taunted the sysadmin while killing his root bash processes while he was online?
Now that the password list has been dumped, the cat’s out of the bag on this target. The programmer Dave Thomas was already quoted in the news has having notified his customers. So we may as well dump the rest: the cleartext credit card, password, and home addresses for several thousand mostly military and police customers. How did they take the news, Dave? It is unfortunate that we were so busy owning other targets that we never had enough time to exploit these lists to its fullest (within fifteen minutes of checking random emails someone was able to access a web-based prison phone management system, even going so far as disabling the recording features). No matter: the release of the home addresses and credit card information of all these will guarantee these agents and supporters of the 1% will sleep with one eye open well into 2012.
Plus we didn’t want to let a good hacklog go to waste. BUST THAT SHIT OUT !!!
/*******************************************************************************
OUTRO: FOR THE LOVE OF TEH LULZ, WAREZ, AND REVOLUTIONZ
*******************************************************************************/
Thanks for joining us for our epic end of the year hacking spree. We hope you had as much fun reading this text file as our enemies have had crying about it. Too bad, NY Police Chiefs. So sad, CSLEA. And Stratfor, umad? Get used to failing hard because this is 2012 now, and you had better believe all hell is busting loose.
These conclusions usually end with more political rants, leetspeak, bragging and scene drama, but these days we are just too busy owning shit. We believe our history of high profile ownings speak for themselves. However in the aftermath of some of these hax there have been a number of rumors and accusations floating around questioning our motives or doubting our legitimacy. Who are these voodoo haxors owning all these targets? Was this not the work of Anonymous?? Why is Barrett Brown such an attention whore?? Is Antisec an inside job!? A false flag operation?!? Do they really shag top models??!!
Of course the mainstream media, right-wingers, conspiracy theorists and other nattering nabobs of negativism are always picking up on any perceived or invented ‘disputes’ or ‘splits’ within Anonymous in a vain display of yellow journalism in order to discredit and divide us. It is hard to believe that anyone can take seriously any random ’emergency anonymous statements’ on pastebin that condemn other operations, since there is no central leadership, no party platform, no top down hierarchy, no lotus domino nor sap, no one in any position of authority to decide what is or isn’t ‘official’. Whether this is the work of butthurt Stratfor customers, spineless pacifists, pro-sec player haters or advanced counter-intelligence operations remains to be seen.
Yes this week of mayhem was our work, the work of Anonymous: sporting team colors, we hacked all them servers and dropped all them databases. We spend most of our time underground, frequently changing names and bouncing between boxes, only surfacing to wreak havok against the servers of our white hat corporate enemies and gloat about our antics through dozens of Twitter accounts and IRC servers. Though we have chosen to work as Anonymous, the fact is we have been around owning shit for many many years before Anonymous hit the scene. We have watched our fellow Anons mature over the years as they became more politically conscious, started attacking more relevant targets, and was learning some coding and intrusion skills. Finally, after watching the hilarious reaction of some of Anonymous’s targets as they raged, we decided to throw our black hat into the fight and get down with teh lulz. We are anonymous, we are rocking hard, and everyone is welcome to join the popular front and be proud to be part of it.
The underground has raised some concerns regarding what many see as younger script kiddies without talent or discipline. We are similarly frustrated with the amount of half-owned targets prematurely ejaculated on pastebin, and the rampant use of public exploit code without understanding the vulnerabilities behind it. Let’s clarify these issues with the hopes someday these kiddies will finetune their skills and become dang up someday and become hackers on their right after having learnt from their own fails hard way, we point to keep in mind we never let the enemy know how and when we’re gonna strike: we do not announce our targets ahead of time. We quietly break in, own everything in sight, own some more, and only then release teh dumps– after we make sure everything’s fully exploited and malware well placed. But you will never see us reveal our initial intrusion techniques, publish exploit code, or notify vendors: We do not just support the non-disclosure movement, we actively attack the corporate security industry: a long trail of rm’d boxes, password dumps and mail spools from state contracted security and intelligence corporations will testify to this.
We kicked off this operation more than six months ago with every intention on bringing the black hat ruckus, the armed insurrectionary fury to Anonymous. In that time, we have demonstrated how HBGary, ManTech, IRC Federal, Vanguard Defense Industries, and Booz Allen Hamilton contract with the federal government to develop technology to monitor and suppress anyone deemed “dissident.” When our comrades were brutalized and arrested, we delivered swift retaliation against police targets in Arizona, Texas, and several other southern states. We have proven our capabilities and intentions, repeatedly demonstrating that even the most invincible of corporations and government institutions will crumble.
So here we are, looking into this new year, looking for new adventures, looking for new troubles. Join us in this hacker class war, this battle for freedom. This is our time to rise, this is our call to fight. We will wage guerrilla war on the internets and in the streets, and you better expect us, because none of us are as cruel as all of us.
Thanks for this article. I’d personally also like to express that it can end up being hard while you are in school and simply starting out to establish a long credit ranking. There are many pupils who are just simply trying to survive and have an extended or beneficial credit history is often a difficult factor to have.