[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <f3ee8bc80606300853x90696c8q9d9263b8da0dbe1a@mail.gmail.com>
Date: Fri Jun 30 17:41:06 2006
From: amitsecurity at gmail.com (AMIT SECURITY)
Subject: Advisory from AMIT concern BANTOWNE
HELLO, MY NAME AMIT. I SECURITY RESEARCH FROM ALL OVER WORLD AND
CURRENTLY THIS MY FIRST ADVISORY TO ANYONE RESARCHING. I POST TO
MAILING LIST IN INTEREST OF EXPULSION OF KNOWLEDGE.
RECENTLY I HEAR OF FREENODE ATTACK AND SOME OPERATORS OWNED FROM
SNIFFING OR SOMETHING LIKE THAT. THIS VERY BAD BUT IT HAPPEN IN MY
COUNTRY ALL TIME. I SAY TO MYSELF, AMIT, YOU MUST HELP CATCH CRIMINAL
WHO DO THIS TO NON-PROFIT ORGANISATION SO I SET OUT TO LEARN ALL THAT
I CAN ABOUT THAT CRIMINAL. I FIND OUT TWO GROUP ARE MAY BE TO BLAME,
GNNA AND BANTOWNE. GNNA STAND FOR "GAY NATIONAL NARCOTICS ALLEGIANCE"
MY FRIEND FROM WORK SAY, BUT HE NOT KNOW WHAT BANTOWNE STAND FOR. I
FIND NO INFO ON "GAY NATIONAL NARCOTICS ALLIANCE", AND MY INTUITION
TELL ME BANTOWNE TO BLAME. SO THROUGH DEVIOUS MEANS I INFILTRATE
BANTOWNE IRC CHANNEL WITH IS LOCATED AT IRC.BANTOWN.ORG (NOTE: IT
MINUS THE "E") AND THE CHANNEL IS HIDDEN BUT STILL I FIND IT. IT
CALLED #BANTOWN (MINUS THE "E" TOO).
THIS IRC CHANNEL IS FULL OF THE BADDEST SCRIPT KIDDIE I HAVE SEEN IN A
LONG WHILE, AND I WORK ON SECURITY FOR OVER 20 YEAR, EVEN BEFORE
MODERN PC ARE COMMONPLACE AS USER. EVEN SOME PEOPLE IN CHANNEL KNOW
PERL OR OTHER USEFUL LANGUAGE. I VERY IMPRESSED. SOME FRIENDLY PEOPLE
IN CHANNEL, LOT OF THEM SAY "LOL" MOST TIME THEY SPEAK. SOME NOT SO
FRIENDLY, SAY BAD WORD BUT THAT OK, THEY CRIMINAL SO WHO CARE. I
PRESENT FRIENDLY APPEARANCE, THEY TALK FRIENDLY TO ME. THIS NIGHT OF
FREENODE HACK NEWS AND THEY PISSED OFF AT "LILO", WHO SEEM TO BE SEMI
TRUCK DRIVER AND LIVE IN BACK OF TRUCK IN TRUCK TRAILER, CAUSE THEY
SAY HE LOTS OF BAD THINGS. SOME OF THEM BE VERY SKILLED PROFESSIONAL
AT HACK. ONE GO BY "INCOG" AND HE MASTER OF CROSSED-SITE-SCRIPTING
VULNERABILITY. HE SURF SITES LOOKING FOR VULNERABILITY ALL DAY LONG. I
EXCERPT FROM CHANNEL:
<incog> that reminds me... ill go find xss in fark.com
<incog> k, i just found xss in imdb... but my memory is so bad that i
dont know if this is new or i just rediscovered it
<incog> just found xss in youtube
<incog> i have xss on flickr
<incog> xss on technocrati
<incog> weev, i have xss on all turdpress blogs ever
<lncog> i just found dailykos xss for rolloffle
<whatcog> I have SA xss
<whatcog> on secure.somethingawful.com
THAT OVER FEW DAYS OF TALK. INCOG SEEM TO BE MOST BRUTAL SCRIPT-KIDDIE
KNOWN TO MAN, BUT WE CHECK OUT ANOTHER PERSON HE CALLED "WEEV". HE
BEEN AROUND THE BLOCK A LONG TIME AND HE HAVE MANY IDEA HOW TO CAUSE
DAMAGE TO FREENODE AND A MAN NAME "LILO". AGAIN I EXCERPT FROM
CHANNEL:
<weev> okay guys
<weev> i need you to find some mexican woman in houston
<weev> and just relentlessly troll her
<weev> call her up at all hours of the night
<weev> screaming ROB LEVIN, ROB LEVIN
<weev> and then we're going to say she's the nanny for his kids
"WEEVE" ALSO ENCOURAGE "INGOC" TO HACKING ACTIVITIES, PROBABLY FOR HIS
OWN USAGE LATER ON. I EXCERPT:
<weev> incog: can you get flickr?
<incog> ill try
<cstone> oh god flickr would be hilarious
<incog> flickr uses yahoo id's
<weev> not necessarily
<weev> there are internal flickr ids too
<weev> and it doesnt use the yahoo cookie
<weev> basically you auth with your yahoo id
<weev> and then it gives you a flickr cookie
<weev> and from there its all flickr
LIKE SAID, "WEEV" KNOW A LOT AND PROBABLY RINGLEADER, OR AS THEY SAID
IN AMERICA, "MASTER OF PUPPETS". AND I DO THINK MANY PEOPLE ON THE
CHANNEL PUPPETS. SOME VERY SCRIPT-KIDDIE LIKE. WELL, IT OBVIOUS ALL
ARE SCRIPT KIDDIE, BUT SOME ARE VERY. VERY. MOST ALSO IRC KIDDIE. I
EXCERPT:
<tem> they unbelievers must be purged
<tem> they unbelievers must be purged
<tem> they unbelievers must be purged
<tem> they unbelievers must be purged
<tem> they unbelievers must be purged
<tem> they unbelievers must be purged
<bizzy> WHY IS SALAD SO GOOD?!!?!
<bizzy> WHY IS SALAD SO GOOD?!!?!
<bizzy> WHY IS SALAD SO GOOD?!!?!
AS YOU CAN SEE, SOME VERY DUMB AND NOT UNDERSTAND IRC CLIENT PROPERLY.
THERE MANY MORE EXAMPLE OF ABOVE EXCERPT, BUT I LIMIT TO THAT CAUSE IS
ANNOYING. BUT WORSE IS YET TO COME, B/C "WEEAVE" POST PERSONAL
INFOMATION OF "ROBERT LIVIN", OTHERWISE KNOWN AS "LELO" ON FREENODE
NETWORK, THE TRUCK DRIVER, FOR PLANE VIEW OF ALL TO ABUSE. BANTOWN
ALSO RESPONSIBLE FOR POST OF INFORMATION TO CRAIGLIST AND OTHER
PLACES. I EXCERPT BUT MUST CENSOR SO THIS INFO IS NOT USED FOR CRIME:
<weev> philsanchez: lilo's federal employer identification number is xx-xxxxxxx
<weev> his federal identification number is xx-xxxxxxx
<weev> the address officially listed for pdpc is 10100 main street #31
houson tx 77025
<weev> phone number for pdpc officially listed is 713-589-5863
<weev> his ssn is xxx xx xxxx
<weev> his dob is xx-xx-1955
<weev> 11-digit texas state taxpayer number xxxxxxxxxxx
<weev> ROBERT LEVIN
<weev> 9212 BURDINE ST. #1005
<weev> HOUSTON, TX 77096
<weev> the last address is his apartment
<weev> no, he doesnt live in a trailer
MANY ON #BANTOON SPEAK HIGHLY OF "RUIN", WHICH IS SKRIPT-KIDDIE FOR
CAUSE HAVOK ON IRC OR NETWORK OR SOME MAIL PROGRAMS. SOME ALSO EAT
SALAD OR DISPLAY ANNOYING QUIRK WHERE THEY NOT MAKE SENSE FOR EXTENDED
PERIOD OF TIME AND ACT LIKE IDIOT. MANY ALSO RACIST PRICKS, OR THINK
IS CLEVER TO MAKE ANNOYING RACIST COMMENTS. THEY HAVE WAY TO DISPLAY
ASCII ART ON MAIL PROGRAM REALLY PHENOMENAL. I SAY CUTTING-EDGE CAUSE
NO ONE EVER DO THIS BEFORE. IS MASSIVE ATTACK OF HAVOK. ANYONE
FAMILIAR WITH FULL-DISCLOSURE KNOW WHAT I MEAN. MOSTLY THEY POST
SWASTIKA OR OTHER RACIST IMAGE. I DO NOT KNOW WHO THE ASCII ARTIST,
BUT SOMEONE WITH MAJOR ASCII SKILL WORK FOR THEM AND DO ART GOOD IN
SPARE TIME.
BANTOWN PEOPLE ARE ALSO LIKE TO CAUSE TROUBLE ON DIGG DOT COM AND THUS
POST MESSAGES THERE. SO MANY TIMES PEOPLE ON #BANTON LIKE TO ASK FOR
DIGG HELP BECAUSE ARTICLE NEED TO BE UPPED. I EXCERPT:
<theta> DIGG CENSORS!
<lucas> 15 diggs so far
<sloth> http://digg.com/linux_unix/Freenode_Hacking_Fallout_Has_lilo_lied_to_us
<sloth> digg digg digg
<theta> drop a url, it gets like 75 diggs, nicely spaced out, at
random intervals
<theta> from a pool of 200-400 available diggbots
<theta> for manipulating digg :)
<tehdely> ok i am finally regging for digg
<theta> man, I need a fake email that I can use to signup with digg
<tehdely> commented lol
http://digg.com/linux_unix/Freenode_Hacking_Fallout_Has_lilo_lied_to_us#c2088070
<tehdely> n e more diggs
<chroot> 21 diggs now
<spo> like the phoenix the diggs will climb
<theta> http://digg.com/linux_unix/Freenode_Hacking_Fallout_Has_lilo_lied_to_us#c2088199
<-- my comment
<weev> several hundred diggs
<theta> the story needs more diggs
<revmischa> i digged it
<kash> someone make a php/perl/tcl script that uses tor to digg :|
BANTOWN NOT CONTENT WHEN PEOPLE JOIN CHANNEL AND NEED TO BE KICKED.
THEY GO FULL MEASURE AND USE "KILL". SOMETIME PEOPLE GET KILL BECAUSE
THEY SUPPOSED HOMOSEXUAL, THIS FURTHER INTOLERANCE OF BANTOWN. THIS
TOTAL CRIMINAL ACTIVITY AND FURTHER EVIDENCE FOR SCRIPT-KIDDY
ACTIVITY.
BANTOEN HAVE LEET SCRIPT REPOSITORY AND 0-DAY-CODE THAT THEY SHARE
WITH NO ONE. THROUGH MANY ENTANGLES I GAIN ACCESS TO REPOSITORY. IT
TURN OUT USER "REGULATE" HAVE OPEN FTP SERVER ON NEARBY SYSTEM THAT
PROVIDE ME ALL ACCESS I NEED. I LIKE USING HACKER TRICK AGAINST
CRIMINALS. SO ATTACHED TO THIS MESSAGE I BEAR YOU "FDJPEGART" WHICH IS
WHAT BANTOWNE USE TO DO MOST OF THEIR MAILING LIST RUINING. THIS LEET
SCRIPT YOU WILL NOT FIND ANYWHERE ELSE. SO THAT NO ONE ELSE WILL USE
IT FOR EVIL I HAVE CHANGED MINI SMALL PARTS SO THAT IT CANNOT RUIN.
THIS SUM UP MY ADVISORY. MY HEART EXTENDED TO "LIVO" AND THE
OPEN-SOURCE COMMUNITY WHO BEEN HURT BECAUSE OF THE SCRIPT KIDDY
ACTIVITIES OF BANTOWN. MORE ABOUT BANTOWN0 YOU CAN FIND HERE:
PEOPLE WHO KNOW WHAT THEY ARE DOING AND LOOK OUT FOR THEM!:
WEEVE
INGOC
REGULATE
JMEX
DAN
MDL
CURVE
PEOPLE WHO DO NOT KNOW NOTHING AND ARE MOST "SHEEP" AS YOU SAY IN
AMERICA:
HEP
T12
RUBBERDIC
REV MISCH
FEEM
BIZY
THERE ARE ALSO OTHER POSERS IN THE BANTOWN BUT I DO NOT HAVE TIME TO
NAME THEM ALL, AND THEY DON'T NOT MERIT IT TOO. THEY ARE SCRIPT
KIDDIES AND I AM DONE HERE BUT I THOUGHT THAT I SHOULD WARN.
THIS HAS BEEN AN ADVISORY FROM AMIT. FROM ALL OVER THE WORLD.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fdjpegart.tar.gz
Type: application/x-gzip
Size: 11277 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060630/75707911/fdjpegart.tar.bin
Powered by blists - more mailing lists