AntiSec: The chaos continues despite attacks and arrests

by Steve Ragan - Jun 23 2011, 09:15

Despite rival groups posting alleged personal details, defacing websites, and condemning LulzSec and their AntiSec movement as a whole, the systematic hunt for information to leak continues. Tomorrow, the public has been told to expect the first batch of leaked information obtained during AntiSec.

On Sunday, LulzSec encouraged anyone and everyone to participate in AntiSec, an operation that seeks to “steal and leak any classified government information, including email spools and documentation.”

The post noted that the prime targets are banks and other high-ranking establishments. Since the start of AntiSec, LulzSec has gained dozens of supporters from small unknown groups, individuals, regional LulzSec chapters, and noted groups such as the Iranian Cyber Army. Moreover, the AntiSec movement includes several people representing Anonymous.

While all of this is taking place, LulzSec had faced attacks on several fronts. First, the U.K. police have arrested one of the people who maintain an IRC server they use. Ryan Cleary was charged on Wednesday for building botnets and allowing others to use them for DDoS attacks.

In the charges, Cleary was not officially linked to LulzSec. However, it is understood that law enforcement will collect as much information as they can, via interviews and examining his confiscated computer equipment. [More information on his arrest is here.]

As Cleary was arrested, the FBI raided a datacenter in Reston, Va., in their search for information related to LulzSec. The company targeted in the raid, as well as specifics on the information being sought, were not available. The FBI has made no comments, citing an ongoing investigation.

Since they became public, LulzSec has dealt with a constant barrage of attacks, mostly in the form of “Dox” (documents). Dox are the public release of a person’s entire identity and anything else related to them discovered online. This week however, the battle of Dox and IRC logs has heated up.

On the LulzSec Exposed blog, links to chat logs and personal information are an almost daily occurrence. The data posted targets all of the alleged LulzSec members, known by their IRC handles, in addition to taunting messages and rebuttals to public statements made by them.

While the Dox were being tossed around on both sides this week (LulzSec recently released Dox themselves), another person involved in the “guess-the-LulzSec-members game” had his website defaced by a group known as TeaMp0iSoN. [Twitter]

Sven Slootweg, known to some as Joepie91 on IRC, is likely the easiest person in the world to Dox. A simple search for his IRC name eventually leads to his homepage, complete with a name, address, and phone number. It was this site, thanks to a vulnerability in WordPress, which was defaced recently.

The defacement message (seen here) said that, “No matter how many bots you gather, no matter how [many] people you lie to, no matter how [many] pre-made tools you use, you will _NEVER_ represent the real hacking scene…”

In response to the defacement, Slootweg said that given the method used, he does not view it as an elite hack.

“This website was compromised through exploiting a plugin in an outdated WordPress setup, uploading a shell, and replacing the index page. I am not a member of LulzSec (a statement I have made several times before in various places), no one "hacked the server" (this has been verified by the hosting company, as this website is on shared hosting) and this was definitely not an "elite hack". I am not available for further comments to press.”

Given the amount of groups and people targeting LulzSec, some questions beg to be asked.

Why is the amount of Dox and other information being released starting to grow lately? Is it because some are genuinely enraged by their actions, or is this a disinformation campaign? What percentage of the leaked information is false? On the other hand, how much of it is real? Will it help law enforcement in their efforts?

The problem is that there are no real answers to those questions, as it would depend on what side of the aisle you are standing on.

Logs are only helpful to the courts, when a certified forensics expert obtains them directly from the person in question’s system. Also, public information can be faked. It’s been previously established (re: Aaron Barr’s report) that false trails do exist within Anonymous. It’s only fair to assume, given that some members allegedly belong to both factions in some capacity, that LulzSec uses them too.

So we may never know the truth. At the same time, given the number of groups and people searching for, and publishing this information, some of the data has to be legit. It’s just that separating the wheat from the chaff is an almost impossible task.

Tomorrow, LulzSec has promised the first, of what is planned to be several, AntiSec-based releases. No one knows what the data leaked will contain, as it could be anything from usernames and passwords, to entire databases or email spools. It may be all of the above.

There’s bound to be some nervous people watching and waiting for the other shoe to drop.

Around the Web