Presentation is loading. Please wait.

Presentation is loading. Please wait.

Irongeek.com Adrian Crenshaw. Irongeek.com  Since I have a name, I’m not Anonymous  I run Irongeek.com  I have an interest in InfoSec education  I.

Similar presentations


Presentation on theme: "Irongeek.com Adrian Crenshaw. Irongeek.com  Since I have a name, I’m not Anonymous  I run Irongeek.com  I have an interest in InfoSec education  I."— Presentation transcript:

1 Irongeek.com Adrian Crenshaw

2 Irongeek.com  Since I have a name, I’m not Anonymous  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m just a geek with time on my hands  (ir)Regular on the ISDPodcast

3 Irongeek.com  This may not be the talk for you.  I’m not the one that came up with the terms in use.  Some terms seen in “Chan culture” you may find offensive.  Still, they are useful terms to know when you read “Anonymous” items in context.

4 Irongeek.com  Intended to define Anonymous (roughly)  Not intended to condemn nor promote, but just to help folks understand "cyber-lynch mobs" and perhaps their security ramifications  Mostly I’m just tired of hearing the news get it wrong concerning the nature of the “organization”

5 Irongeek.com  News reporters have written a lot about a "group" referred to as Anonymous recently  The thing is, it’s more of a meme than a group  People in the news refer to:  Official press releases  Leaders  Though there are what could be considered subgroups  The thing is, anyone can be “Anonymous“

6 Irongeek.com  Not really a group, more of a shared label, or meme  This causes big league attribution problems  There are some sub-groups of a sort  Unifying principals (if any): 1. Do it for the lulz.lulz 2. Internet censorship is bad. 3. Don't hurt cats.cats  Silly, but I’ll explain more

7 Irongeek.com  ‘A meme is basically an idea that is easily transferable from one mind to another. Think "catch-phrases". Memes are created when a large group of users come to identify with a particular image or slogan. Their continued [mis]use will bring about the destruction of the universe.’ Source:  “Over 9000”, “the game”, LOLCats, etc.Over 9000the game

8 Irongeek.com  Unclaimed posts on image boards are marked as Anonymous  Over time the meme developed that Anonymous was a real person/group Anonymous Delivers

9 Irongeek.com  Check out changes over time via archive.org

10 Irongeek.com  No real leader…  Resource owners may have more influence however  May be able to say “this subgroup” organized via 4chan/Partyvan.info/Insurgen.cc/AnonOps  Popular causes may become larger

11 Irongeek.com 1. Someone on a chan/insurgency wiki/Anonymous meme themed website or IRC channel posts “hey, this is wrong/messed up/has lulz potential. I think we should give them grief!”insurgency wiki/ 2. Those that agree follow suit with sometimes vague details given as to their intentions and tactics. 3. Lulz ensue or they don’t. 4. If Lulz ensue, go back to step two and see if more people join the action. Or Lose interest because of attention deficit or the target seems thoroughly beaten.

12 Irongeek.com  Dropping someone's docs (doxing or other spellings)doxing  This could also be family members  In Real Life (IRL) pranks using the information above  Unwanted pizza delivery  Swatting Swatting  Phone harassment  Defacing of websites or social network profile pages to embarrass and annoy  Denial of service attacks: Sometimes referred to as “bandwidth raep” depending on how they are done. Some see DoS as equivalent to a sit-inbandwidth raep

13 Irongeek.com  Not all raids/ops get off the ground  Not your personal army/Lurk moar  Lack of interest

14 Irongeek.com  Raid boards /i/  Also done on /b/, but very ephemeral  IRC AnonOps IRC Network  News  Edit pads and paste boards  Use Tor/I2P  Some blocking issues

15 Irongeek.com  Not necessarily “1337 dud3$”  Some have skills  Some just use DoS tools to feel like they are participating  Some just like to yell loud on social media  Primers for the noobs

16 Irongeek.com  Nothing too special…  DoS tools (and Mail Bombers) BWRaeper.NET, LOIC, PyRAEP, Longcat Flooder, Slow Loris  DangerousKitten.jpg Collection of tools in a (zip/rar) jpg  Anonymous Care Package Light  Beware of trojaned tools if you do research  Some Darknet use Tor I2P

17 Irongeek.com  LOIC In Hive Mind Mode = Self selecting botnet  Seen as a virtual sit in?  Legality?  Title 18, U.S.C. Sections 1030(1)(5)(A)(i) and 1029(a)(3)  IP is obvious, hope that number mitigate risk  Can’t really use proxies for it  Free speech issues  “I support freedom of expression, no matter whose, so I oppose DDoS attacks regardless of their target,” he said. “They’re the poison gas of cyberspace.” ~ John Perry Barlow

18 Irongeek.com Do you see a connection?

19 Irongeek.com  Trolled the social network/game by showing up as an avatar that looks like Jules from Pulp Fiction

20 Irongeek.com  Go after some pedos (Chris Forcand for example)Chris Forcand

21 Irongeek.com  This was/is a protest agains Scientology for various censorship tactics and the way they treat members of the “Church” Picture from David Shankbone of Wikipedia

22 Irongeek.com  Epilepsy Foundation Raid Defaced the website with flashing items  Operation Titstorm Protest over filter laws in Australia  Hal Turner raids  ACS Law (Related to OpPayback)

23 Irongeek.com  Bollywood companies hired the firm Aiplex Software to DDoS websites involved in what they saw as copyright infringement, and that ignored take-down notices.  In retaliation the idea was put forth to DDoS Aiplex, but someone beat them to it. Instead, they attacked groups they saw as being in a similar vein, like the MPAA & RIAA.  Eventually the operation moved to targeting firms that stopped doing business with Wikileaks.

24 Irongeek.com  Aaron Barr made some noise about exposing people in Anonymous and Anonymous fired back 1. Find SQL injection flaw in homebrew CMS. 2. Dump passwords hashes and crack them. 3. See if many of the same passwords were used on mail system (they were). 4. Some local privilege escalation. 5. Send some Social Engineering s to gain further access. 6. Profit?

25 Irongeek.com  Helping establish communications amongst protesters via non government controlled/less snoopable means  DoSing government sites

26 Irongeek.com  Way too many other “Ops” to even mention.  See:  Use Tor/I2P  Some blocking issues

27 Irongeek.com  I have my stereotypes, but hard to know for sure  You can’t poll a troll  My general thoughts/observations?  Young (based on time and humor)  Middle class to well off (have and Internet connection)  Black and White thinking  Bored  Slacktivism?

28 Irongeek.com  Two things you may be able to generalize about Anonymous:  They hate to be told what they can and can not say/do/look at (political correctness be damned)  They love to troll.troll  It takes more and more to offend people these days  …but various slurs still do the trick  You will see plenty of examples of *tard and*fag type names  This is how people refer to themselves and others in the culture  Some folks have used this to label them a hate group, but that’s really not the case

29 Irongeek.com  As with any label, there will be disagreement as to who is what  Moralfags These are people who think that Anonymous should use its trolling power to accomplish something they see as a social good or to counteract some injustice. These people are also sometimes seen as corresponding to Newfags; changing the meaning of what it means to be a part of Anonymous. Moralfags  Newfags These are people who are seen as new to the whole Anonymous/Internet culture scene. Newfags

30 Irongeek.com  Oldfags These are people who are seen, or see themselves, as having been in the culture for awhile. Oldfags  Hatefags Hatefag is the banner term for those that think the Moralfags are ruining the point of Anonymous: to boldly troll as no one has trolled before, not causes. These people are also sometimes seen as corresponding to Oldfags and wanting to go back to the older meaning of Anonymous as it relates to being The Internet Hate Machine HatefagsThe Internet Hate Machine  Namefags Those who choose to use a name/handle instead of truly being anonymous.

31 Irongeek.com  I’d like to paraphrase something Jason Scott said, but I doubt I’ll do it justice:  Terms like hacker and biker, and their “true” definitions, are often claimed by different groups who, in the wild, would beat each other up.  Like religious denominations: When one faction says some other is not the real Anonymous, who is to decide but ceiling cat?

32 Irongeek.com  Hey, we did not do it!/Hey, maybe one of us did!  Sony  Westboro Baptist Church

33 Irongeek.com 1. Lulz potential  Moral issues may guide some, but it’s not as big of a draw for bringing in the masses. 2. Unwarranted Self Importance (USI):USI 3. Censorship 4. Some moral issue  Avoid troll's remorse even if they really don’t care about the moral issue.troll's remorse  Self-justifications are wonderful things.

34 Irongeek.com  Infighting over USI?  Magnanimous  Backtrace is dropping dox on AnonOps  AnonOps is dropping dox on Backtrace  Ryan/Owen and AnonOps.ru/net/in  Use as cover?  Can you really be a part of Anonymous if you are not anonymous?  Lots of handles/names seem to be used now.

35 Irongeek.com  Anonymous is not really a cohesive enough group to make definitive statements about  Basically what Anonymous comes down to is this: Cyber-lynch mobs that are organized via the Internet, who share the common meme of “Anonymous“, where a few people say "hey let's do this", and those of like mind go do it…  …while the others sit it out and post lolcat pictures on 4chan.lolcat

36 Irongeek.com  ng-anonymous ng-anonymous        

37 Irongeek.com  Central Ohio Infosec Summit for having me  By buddies from Derbycon and the ISDPodcast

38 Irongeek.com  DerbyCon 2011, Louisville Ky Sept 30 - Oct 2  Louisville Infosec  Other Cons:

39 Irongeek.com 42


Download ppt "Irongeek.com Adrian Crenshaw. Irongeek.com  Since I have a name, I’m not Anonymous  I run Irongeek.com  I have an interest in InfoSec education  I."

Similar presentations


Ads by Google