Presentation on theme: "Irongeek.com Adrian Crenshaw. Irongeek.com Since I have a name, I’m not Anonymous I run Irongeek.com I have an interest in InfoSec education I."— Presentation transcript:
Irongeek.com Since I have a name, I’m not Anonymous I run Irongeek.com I have an interest in InfoSec education I don’t know everything - I’m just a geek with time on my hands (ir)Regular on the ISDPodcast http://www.isd-podcast.com/ http://www.isd-podcast.com/
Irongeek.com This may not be the talk for you. I’m not the one that came up with the terms in use. Some terms seen in “Chan culture” you may find offensive. Still, they are useful terms to know when you read “Anonymous” items in context.
Irongeek.com Intended to define Anonymous (roughly) Not intended to condemn nor promote, but just to help folks understand "cyber-lynch mobs" and perhaps their security ramifications Mostly I’m just tired of hearing the news get it wrong concerning the nature of the “organization”
Irongeek.com News reporters have written a lot about a "group" referred to as Anonymous recently The thing is, it’s more of a meme than a group People in the news refer to: Official press releases Leaders Though there are what could be considered subgroups The thing is, anyone can be “Anonymous“
Irongeek.com Not really a group, more of a shared label, or meme This causes big league attribution problems There are some sub-groups of a sort Unifying principals (if any): 1. Do it for the lulz.lulz 2. Internet censorship is bad. 3. Don't hurt cats.cats Silly, but I’ll explain more
Irongeek.com ‘A meme is basically an idea that is easily transferable from one mind to another. Think "catch-phrases". Memes are created when a large group of users come to identify with a particular image or slogan. Their continued [mis]use will bring about the destruction of the universe.’ Source: http://www.4chan.org/faq#memehttp://www.4chan.org/faq#meme “Over 9000”, “the game”, LOLCats, etc.Over 9000the game
Irongeek.com Unclaimed posts on image boards are marked as Anonymous Over time the meme developed that Anonymous was a real person/group Anonymous Delivers
Irongeek.com Check out changes over time via archive.org http://replay.web.archive.org/20070607170247/http://www.encyclopediadramatica.com/Anonymous http://replay.web.archive.org/20070607170247/http://www.encyclopediadramatica.com/Anonymous
Irongeek.com No real leader… Resource owners may have more influence however May be able to say “this subgroup” organized via 4chan/Partyvan.info/Insurgen.cc/AnonOps Popular causes may become larger
Irongeek.com 1. Someone on a chan/insurgency wiki/Anonymous meme themed website or IRC channel posts “hey, this is wrong/messed up/has lulz potential. I think we should give them grief!”insurgency wiki/ 2. Those that agree follow suit with sometimes vague details given as to their intentions and tactics. 3. Lulz ensue or they don’t. 4. If Lulz ensue, go back to step two and see if more people join the action. Or... 5. Lose interest because of attention deficit or the target seems thoroughly beaten.
Irongeek.com Dropping someone's docs (doxing or other spellings)doxing This could also be family members In Real Life (IRL) pranks using the information above Unwanted pizza delivery Swatting Swatting Phone harassment Defacing of websites or social network profile pages to embarrass and annoy Denial of service attacks: Sometimes referred to as “bandwidth raep” depending on how they are done. Some see DoS as equivalent to a sit-inbandwidth raep
Irongeek.com Not all raids/ops get off the ground Not your personal army/Lurk moar Lack of interest
Irongeek.com Raid boards /i/ http://711chan.org/i/ http://711chan.org/i/ Also done on /b/, but very ephemeral IRC AnonOps IRC Network News http://anonnews.org/ http://anonnews.org/ Edit pads and paste boards http://piratepad.net/q6IfcBltJB http://piratepad.net/q6IfcBltJB Use Tor/I2P Some blocking issues
Irongeek.com Not necessarily “1337 h@c3r dud3$” Some have skills Some just use DoS tools to feel like they are participating Some just like to yell loud on social media Primers for the noobs http://pastehtml.com/view/1dzvxhl.html http://ge.tt/#62ymxTx/v http://pastehtml.com/view/1dzvxhl.html http://ge.tt/#62ymxTx/v
Irongeek.com Nothing too special… DoS tools (and Mail Bombers) BWRaeper.NET, LOIC, PyRAEP, Longcat Flooder, Slow Loris http://partyvan.info/wiki/Tools http://partyvan.info/wiki/Tools DangerousKitten.jpg Collection of tools in a (zip/rar) jpg Anonymous Care Package Light Beware of trojaned tools if you do research Some Darknet use Tor I2P
Irongeek.com LOIC In Hive Mind Mode = Self selecting botnet Seen as a virtual sit in? Legality? Title 18, U.S.C. Sections 1030(1)(5)(A)(i) and 1029(a)(3) IP is obvious, hope that number mitigate risk Can’t really use proxies for it Free speech issues “I support freedom of expression, no matter whose, so I oppose DDoS attacks regardless of their target,” he said. “They’re the poison gas of cyberspace.” ~ John Perry Barlow
Irongeek.com Trolled the social network/game by showing up as an avatar that looks like Jules from Pulp Fiction
Irongeek.com Go after some pedos (Chris Forcand for example)Chris Forcand
Irongeek.com This was/is a protest agains Scientology for various censorship tactics and the way they treat members of the “Church” Picture from David Shankbone of Wikipedia
Irongeek.com Epilepsy Foundation Raid Defaced the website with flashing items Operation Titstorm Protest over filter laws in Australia Hal Turner raids ACS Law (Related to OpPayback)
Irongeek.com Bollywood companies hired the firm Aiplex Software to DDoS websites involved in what they saw as copyright infringement, and that ignored take-down notices. In retaliation the idea was put forth to DDoS Aiplex, but someone beat them to it. Instead, they attacked groups they saw as being in a similar vein, like the MPAA & RIAA. Eventually the operation moved to targeting firms that stopped doing business with Wikileaks.
Irongeek.com Aaron Barr made some noise about exposing people in Anonymous and Anonymous fired back 1. Find SQL injection flaw in homebrew CMS. 2. Dump passwords hashes and crack them. 3. See if many of the same passwords were used on mail system (they were). 4. Some local privilege escalation. 5. Send some Social Engineering emails to gain further access. 6. Profit?
Irongeek.com Helping establish communications amongst protesters via non government controlled/less snoopable means DoSing government sites
Irongeek.com Way too many other “Ops” to even mention. See: http://anonops.in http://www.anonnews.org http://partyvan.info http://insurgen.cc http://anonops.in http://www.anonnews.org http://partyvan.info http://insurgen.cc Use Tor/I2P Some blocking issues
Irongeek.com I have my stereotypes, but hard to know for sure You can’t poll a troll My general thoughts/observations? Young (based on time and humor) Middle class to well off (have and Internet connection) Black and White thinking Bored Slacktivism?
Irongeek.com Two things you may be able to generalize about Anonymous: They hate to be told what they can and can not say/do/look at (political correctness be damned) They love to troll.troll It takes more and more to offend people these days …but various slurs still do the trick You will see plenty of examples of *tard and*fag type names This is how people refer to themselves and others in the culture Some folks have used this to label them a hate group, but that’s really not the case
Irongeek.com As with any label, there will be disagreement as to who is what Moralfags These are people who think that Anonymous should use its trolling power to accomplish something they see as a social good or to counteract some injustice. These people are also sometimes seen as corresponding to Newfags; changing the meaning of what it means to be a part of Anonymous. Moralfags Newfags These are people who are seen as new to the whole Anonymous/Internet culture scene. Newfags
Irongeek.com Oldfags These are people who are seen, or see themselves, as having been in the culture for awhile. Oldfags Hatefags Hatefag is the banner term for those that think the Moralfags are ruining the point of Anonymous: to boldly troll as no one has trolled before, not causes. These people are also sometimes seen as corresponding to Oldfags and wanting to go back to the older meaning of Anonymous as it relates to being The Internet Hate Machine HatefagsThe Internet Hate Machine Namefags Those who choose to use a name/handle instead of truly being anonymous.
Irongeek.com I’d like to paraphrase something Jason Scott said, but I doubt I’ll do it justice: Terms like hacker and biker, and their “true” definitions, are often claimed by different groups who, in the wild, would beat each other up. Like religious denominations: When one faction says some other is not the real Anonymous, who is to decide but ceiling cat?
Irongeek.com Hey, we did not do it!/Hey, maybe one of us did! Sony Westboro Baptist Church
Irongeek.com 1. Lulz potential Moral issues may guide some, but it’s not as big of a draw for bringing in the masses. 2. Unwarranted Self Importance (USI):USI 3. Censorship 4. Some moral issue Avoid troll's remorse even if they really don’t care about the moral issue.troll's remorse Self-justifications are wonderful things.
Irongeek.com Infighting over USI? Magnanimous Backtrace is dropping dox on AnonOps AnonOps is dropping dox on Backtrace Ryan/Owen and AnonOps.ru/net/in Use as cover? Can you really be a part of Anonymous if you are not anonymous? Lots of handles/names seem to be used now.
Irongeek.com Anonymous is not really a cohesive enough group to make definitive statements about Basically what Anonymous comes down to is this: Cyber-lynch mobs that are organized via the Internet, who share the common meme of “Anonymous“, where a few people say "hey let's do this", and those of like mind go do it… …while the others sit it out and post lolcat pictures on 4chan.lolcat