| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Jul 2010 04:03:48 -0400
From: IRC FRAUD ALERT <ircfraudalert@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: IRC FRAUD ALERT ADVISORY 01-2010-07
IRC FRAUD ALERT ADVISORY 01-2010-07
ircfraudalert@...il.com
07/07/2010
Record #: 01-2010-07
Subject:
Andrew Alan Escher Auernheimer
aka "weev"
"weevlos"
Joseph Evers
Escher Auernheimer
DOB: 09/01/1985
505 N SHADY AVE.
APT 2
FAYETTEVILLE, AR 72701
Statement:
Andrew Alan Escher Auernheimer, better known as weev and will be
referred to in this release, is a 24 year old online "troll" who is
partially responsible for the disclosure of 144,000 e-mail addresses
he and his so-called "Goatse Security" group grabbed off of the AT&T
website for the iPad activiation process. In a nutshell because the
full story is available and my time shouldn't be wasted in explaining
it in detail but IMEI numbers for iPads are submitted to the AT&T
website and if the number is in use, the site would send back "Is
_____ your email address?". Well, weev and his "team" created a script
to submit fake IMEI numbers to AT&T, grab the email address and
continue to generate fake ones to get a whole list. In the spirit of
"full-disclosure", weev submitted the findings to a blogger who
verified the addresses and deleted them, then wrote an article about
it and drew attention to himself and "Goatse Security"
Some folks have called weev heroic for standing up for privacy, but
deep down inside - it comes down to weev's constant craving for
attention so he can validify his otherwise meaningless existence by
having a bunch of folks talking about what he has done. If you look at
his past, it's the endless pursuit of attention that drives this man
further and further.
Now, with the authorities having arrested weev for drug possession, he
is begging for money to be sent to him via Paypal so he can pay his
"legal fees".
Weev released a statement on security.goatse.fr, which is the
"official" Goatse Security blog, about his treatment. I had a few
people submit comments to his page because I found it odd that not
even one comment was critical of him and shortly, I found out why.
When these users submitted comments to clarify to people that indeed,
he is in this situation due to drug possession and not from the iPad
publicity stunt, these comments were not approved on the site because
the comment section has comment moderation enabled.
The blog is running WordPress 3.1-alpha, which does not have comment
moderation enabled by default, so it's clearly weev's intention to
distort the reality and continue to play the shell game to folks who
cannot and will not think for themselves, especially to his followers
on IRC. Plain and simple, this is exploitation. Weev's cult of
followers, like the GNAA who worship him blindly as their GNAA
President and channer crowd, continue to hoist weev on a pedestal
making him out to be some kind of Robin Hood, when actually, he's a
drug addicted sociopath looking to sucker folks into keeping his
online persona and now, he's looking to these people to donate money.
One great example of a blind follower of weev is:
http://forums.joerogan.net/showthread.php?t=111182
Breaking Down Weev's Post: http://security.goatse.fr/hypocrites-and-pharisees
It has to be broken down like this, since he has enabled moderation
post-install on his Wordpress blog, and he refuses to acknowledge
anything that questions or potentially criticizes him thus putting him
into a bad light, with the exception of one comment which I posted
below.
Here is his statement broken down:
>> I was subsequently raided by the FBI and arrested, though I have been under gag orders and haven’t been able to discuss the details of what happened.
I'll discuss what happened - you were busted for drugs, claim it was
for the iPad stunt and beg for money via Paypal.
Police reportedly seized less than half a gram of cocaine, one
suspected Ecstasy pill, one oxycodone pill and 19 tabs of
suspected LSD from Auernheimer’s upstairs bedroom. Auernheimer
admitted to possessing the drugs and helped police identify them.
Source: http://www.arkansasonline.com/news/2010/jun/17/ipad-hacking-suspect-arrested-drug-charges/
>> The Institute of Electrical and Electronics Engineers posts on a lawfirm which did the exact same thing the author of the iPad slurper script did– incremented a numerical identifier on a public HTTP server to scrape data. They used this technique to take data from the Anthem/Blue Cross insurance company.
You were arrested for drug possession, plain and simple. I'm sure
these lawyers didn't have half a gram of cocaine, a Ecstacy and
oxycodone pill and 19 tabs of LSD. There is a big difference between
you and that lawfirm, but your audience lacks the mental capacity to
understand this.
>> Has the law firm had drugs “found” (and found is in quotes for a good reason, as the drugs “found” near me were “found” in the execution of a warrant for computers only, with a landmark free speech case involving a very angry 150 billion dollar corporation in the balance) within its offices? No!
Officials during the execution of a search warrant can find illegal
items, such as in your instance with drugs, and call to talk to a
judge about getting a warrant for that. It happens all the time. Your
audience won't know this because their legal grasp is about on par as
the average People's Court or Judge Judy viewer. The same could have
went for charges coming if you had an stolen firearm because when the
police secure the scene, serial numbers are taken off of firearms, ran
through databases and assured to be your own firearms - not ones that
were reported stolen. You could have cars on your property and the
police have the ability to search each car on the property, check
their VIN numbers and see if they are stolen. If they were, I have no
doubt in my mind that car theft charges would have came up.
Again, claiming of being a victim when actually, you are a drug addict
with mental issues.
>> My actions and those of Goatse were not criminal; they were done using industry standard practices as a public service.
More like a giant publicity stunt spotlight on you to feed your online
ego like the following stunts:
- Toorcon2111, Cybercrime:
http://video.google.com/videoplay?docid=-5643217366887354926&ei=iOzHSvzBOpbWrQKvlu2KDg&q=andrew+wbeelsoi
*Note: Weev was under the heavy influence of drugs.. and was busted
for drugs recently... Hmmmm...
- http://www.jewishreview.org/local/Police-question-two-men-about-threats-to-Jewish-community
*Note: Weev was raged about being named. Source:
http://www.webcitation.org/5jnP71qsD
- NYTimes "Mawebulence" Expose:
http://www.nytimes.com/2008/08/03/magazine/03trolls-t.html?_r=1&hp&oref=slogin
*Note: NYTimes article is typical of Andrew's ranting- making claims
with no proof to back it up.
>> Scraping data from a public web server is an extremely common practice amongst lawyers, security researchers and journalists, not to mention web developers.
Correct, but most folks don't do it and claim responsibility for it by
contacting a website so you can get that attention you so dearly crave
or they submit it anonymously to a third-party, such as a journalist,
so the information can be disclosed. You only cared about getting
"Goatse Security" in the media because you just wanted to hear
"goatse" in the media. You laughed when someone said it was mentioned
on NPR and your many followers, with numbers shortly dwindling after
you weed out the intelligent from the sheep, are furiously archiving
each media mention of "Goatse Security" and the iPad stunt.
Again you are feeding your craving for attention, feeding your ego and
showing that it's all about publicity.
>> The warrant was executed without probable cause, as there is no way a reasonable and educated person could believe a crime was committed.
It's for the court to decide, but you could have sold those e-mail
addresses for a spammer just as easily as you are begging for Paypal
donations on IRC. You could have an iPad/Safari 0day vulnerability and
was looking to sell a list of email addresses associated with an iPad
to the largest bidder. Only you can tell us what your intentions are
and each day, you always change something about the story, thus it
being nothing more than an attention shell game.
>> Beyond that, my role in this was solely that of a journalist. I never took credit for the collecting of the data itself.
Then why are you doing this in the name of "Goatse Security" and your
online persona, "weev"? Journalists have an unwritten code of ethics
where they report on the story, not cause the problem and report on it
to bring attention to themselves.
>> My case is absolutely important to bloggers and journalists. My case involves speech, and speech alone. If I’m threatened today, you are threatened tomorrow. The ability for bloggers and journalists to blow the whistle on corporate and government misdeeds is on the line here.
Way to go with the doom-and-gloom scenario. Kids, stay off of drugs or
end up like weev - confused, addicted to substances, riddled with
mental health issues and hated by his own family.
>> If you are a security professional, this case is obviously important to you. Full disclosure is important to the security community, and is the only way independent researchers can build a name and business for themselves. It is also the only way which the public can be informed and educated about risks to their safety.
Full-Disclosure is generally done for attention. See all the so-called
security researchers who pop up and have little or no understanding of
what they are doing. See also: MustLive or anyone on full-disclosure
mailing list.
>> If you are a fan of the lulz, my case is important to you. I am the master of the art of the spectacle, and if you would like to see more spectacles you want me to stay on the streets. Support me and I promise you dividends in lulz for all eternity.
Your "lulz" often tread the line of black and white, so you claim to
be the victim but are willing to cause more drama and issues in the
future? Way to go on screaming about being a victim but willing to be
the aggressor in the future.
>> The federal government has a long history in violating my civil liberties.
Attached: tin-foil-hat-instructions.pdf
>> So I made some obviously parodic videos consisting of support of the equally absurd policy of genocide of the Jews. Which, besides being an obvious joke, were constitutionally protected speech under Brandenburg v. Ohio.
If you made statements about a hypothetical situation with no
immediate calling for lawlessness, it's covered under Bradenburg v.
Ohio, but I do not recall you being investigated for your videos or
your inflammatory podcasts. You were just vilified in the media after
being on trial on websites and blogs. No true crime here.
You just have a sick way of attracting law enforcement attention to
yourself and calling yourself the victim in the same breath.
>> The reality that these videos were an obvious joke should only be enhanced by the fact that there is a Forbes article comparing me to Shakespeare’s puck and a Fox News article calling my rhetoric “offensive and witty detail”.
I heard that bad publicity is better than no publicity at all and this
is what you crave, right?
>> Break into their house and steal hundreds of thousands of dollars of their assets on secret warrants while they are away on vacation, never delivering them a list of stolen property or any means to verify that it happened.
Really now? Or could it be your drug addict friends that you get your
drugs from in Fayetteville, Arkansas?
>> Go to their business partners, friends and family and tell them outright lies (they said I “ran klan meetings in the desert” and “manufactured grenades”, no joke). Due to crown immunity, you can never sue the FBI for libel, no matter what they say!
As bad as it sounds, law enforcement has no legal obligation to tell
the truth to you or folks they interview. They could have sat down,
pulled out pictures of women and accused you of rape, then told you
that they have DNA evidence to justify you raping women. It's to see
how you react and I'm no supporter of it, but I'd figure anyone would
know this. They want to put pressure on you to make you crack, so be
honest with law enforcement and they will take the pressure off of
you.
John 8:32 Then you will know the truth, and the truth will set you free.
>> Go to the customers of their newly formed business, which they have invested all liquid capital in and tell them they are funding terrorism. They will no longer have customers.
I thought you were in Fayetteville, Arkansas to sell your company to
Wal-Mart so you can have access to customer data? You said it yourself
on IRC on 06/21/2010.
21:21 <&popeye> i really had no idea anyone would even get in trouble
over this ipad thing
21:21 <+GaSSy> do they serve kosher food in prison
21:21 <+LiteralKa> you would get raped so fast
21:21 <&popeye> it seemd pretty much a non-crime
21:21 <+LiteralKa> if you had an easy bake oven
21:22 <+pynchon> you get 3 for 1 days if you work as a trustee
21:22 <+pynchon> get a job in the kitchen
21:22 <+LiteralKa> popeye: it is/was
21:22 <+pynchon> thats what i did
21:22 <+Rucas> steal max food
21:22 <+LiteralKa> AT&T is desperate
21:22 <+pynchon> i had mad hookups
21:22 <+homo> weev: what time of day were you raided and did ur
neighbors find out
21:22 <+LiteralKa> to cover their asses
21:22 <@DolemitE> AT&T is evil
21:22 <+LiteralKa> homo: its national news
21:22 <~weev> homo: midday
21:22 <~weev> and yes
21:22 <+LiteralKa> they fucking found out
21:22 <~weev> landlord is kicking us out maybe
21:22 <%el_vez> lol
21:22 <~weev> well
21:22 <+LiteralKa> oh
21:22 <~weev> trying to get us to make "concessions"
21:22 <~weev> in a lease which is already exploitative
21:22 <&popeye> the concept of landlords is jewish
21:23 <+pynchon> what are you doing in bumfuck arkasnas anywyas
21:23 <%el_vez> lol
21:23 <&popeye> lol
21:23 <&popeye> thats a good question
21:23 <+GaSSy> do they approve of race mixing in arkansas
21:23 <~weev> was in the process of convincing walmart
21:23 <+LiteralKa> lol
21:23 <%el_vez> bumfucking of course
21:23 <~weev> to give me their whole category management database
21:23 <~weev> but
21:23 <~weev> thats sorta blown now
21:23 <+LiteralKa> KIK'
21:23 <+LiteralKa> LOL
21:23 <+pynchon> lol
>> Hand the target items which appear to be contraband in attempts to either frame the target for crimes or put psychological pressures on him.
You were at Toorcon, higher than a kite, on LSD and cocaine. They
found LSD and cocaine in your house during the search. Hmmmmm.....?
>> All this because I dared put forward some politics, religion and humor that the establishment doesn’t like. I suppose I received better than Anwar al-Awlaki, a US citizen practicing his faith who received execution orders without trial signed by our Pharoah in return for merely speaking his mind.
He's inciting violence and mentored an American soldier into
committing a violent attack at Fort Hood. Did you forget this, weev,
or is it always about you?
>> After getting all that stuff they have us chasing after, I realized it was all a load of garbage and wasn’t a sufficient bribe to sit in my castle in the sky and watch the freedoms our forefathers fought and died for be flushed down the toilet.
Again, all about you and I don't think the forefathers fought for
scraping data off of AT&T's website or fought for drugs. Give up the
victim complex, it's getting old. Take responsibility for your
actions!
>> I consider the absolute disdain our illegitimate leaders have for the Constitution the most important problem to be solved in our time.
And we get a political speech during this very lengthy, very erratic blog post?
>> They have libeled me with lies in the public forum, stolen my assets, attempted to frame me for crimes, brought false charges against me, terrorized my friends and family (including threatening my mother with rape), and intentionally destroyed my business.
The FBI threatened to rape your mother? Wow.. and destroyed your
business? You were out to steal information from Wal-Mart while in
Fayetteville. Oh I forgot! You are the victim!
>> I’ve also been subject to “journalists” with a complete lack of integrity telling blatant lies about me.
Journalists are about as desperate for attention as you, so why are
your surprised when they made the story more about them than you?
There is no honor among theives and criminals.
>> After having my money stolen and business ruined by the FBI because I dared speak my mind in a lawful manner, I am no longer in decent financial shape.
09:50 <weev> i gotta get some money
09:50 <weev> my cashflow sucks
09:51 <weev> whores
09:51 <weev> lavish cars
09:51 <weev> gigantic places to live
15:05 <weev> does anybody know these russians
15:06 <weev> that they are buying up hacked macs for 43 cents an install
15:26 <weev> i have access to like
15:26 <weev> 8k rooted macs
15:26 <weev> right now
15:26 <weev> and i would like to make a quick $3500
Why don't you live it up some more in an upstairs apartment above some
lawyer's office in Fayetteville, Arkansas and cash in on those 8000
rooted Macs to make $3500, which is what you are begging for on IRC.
$3500 to fight a drug charge? Get a public defender! You NEVER mention
what legal trouble you are in and what you need this cash for. It's
for a DRUG CHARGE and NOT for the iPad publicity stunt! Go to rehab,
junkie, it's probably the best thing for you.
>> I have had all my computers seized on a warrant which could not possibly have had probable cause, and thus am lacking the very materials I would need to take this pro se
You purchased a netbook from Wal-Mart for $300 according to you on IRC
and the radio interview you did when you got out of jail. The Internet
should not send you money due to your irresponsibility.
>> This tyrannical bureaucratic torture should not happen to US citizens. I do not want America to crumble, and I want to continue my work defending the United States Constitution and protecting the American people from cyberthreats.
What about your claim of providing blackhats with 0-day
vulnerabilities and distributing unique ones that you can find out who
leaked what? Again, more wild claims, like how you hacked Amazon to
drop all the LGBT material with no proof, but you provide proof of the
FBI documents and provided a script of the AT&T scraping. Weev, can
you ever tell the truth and when can we tell when you are not lying?
Oh wait, when you aren't talking is a good indicator of you not lying.
>> To defend myself, I need money. I’ve never needed nor asked for help before, but I am really in trouble this time. If you could spare some cash to donate, please paypal some cash to: snailcricket@...il.com
Ah, the other shoe hit the floor. You need money, but hey - lavish
cars and gigantic places to live, plus funding your drug addiction..
The 100% all pro-weev, approved-after-moderation comments are hilarious.
>> Vinnie
>> July 6, 2010 at 6:31 pm
>> Contact the ACLU immediately. They will most likely offer to take your case pro bono.
ACLU defends pedophiles and terrorists, since most of the police
brutality cases are now handled by the NAACP. Doubt the ACLU would
even consider the case.
>> Anon Legion
>> July 6, 2010 at 8:17 pm
>> We are here to serve GREAT JUSTICE!! You will be saved, as Anonymous agrees. We are taking action to save you.
>> We are Legion, We do not forgive, we do not forget!!
>> -Yours faithful, Anonymous-
>> You will be saved, hang in there
Watch out, the /b/ browsing, living in his basement, in his mid-20s
kid is gonna break you out of jail!! or Paypal you $20, either way,
your crowd is looking out for you!
>> Normandy
>> July 6, 2010 at 11:50 pm
>> Yeah, the Holocaust is pretty goddamn funny, until it happens to you personally. You deserve all of this and more, and may your troubles never end. You >> go around scaring people with your anti-Semitic antics, and you think that it will never come back to you?
Why did you approve this comment? Oh wait...
>> weev
>> July 7, 2010 at 1:00 am
>> Your statement is an outright lie by implication. I have never done anything anti-Semitic.
>> Perfect example of the anti-speech attitude of the Zionist machine– dare to say anything against the “chosen people” and these people think rule of law >> and civil rights go out the window. It’s funny how people encouraging the -very real- genocide against the Palestinians never have federal funds >> >> >> dedicated to destroying their lives, yet people who make -jokes- about Jews do. Our government is occupied by Zionists, and if unnecessary wars and >> >> murders are to stop in the world they must be removed.
So you could address it with your psycho babble.
In closing, we totally understand Andrew Alan Escher Auernheimer's
motives: attention, attention and more attention. He will gleefully
entertain you, lie to you, make wild promises and beg for your hard
earned money to help bail him out of a situation caused by his pursuit
of attention. We as a community should ignore Andrew and shun him. His
mother has stated in previous emails, such as ones disclosed here
http://seclists.org/fulldisclosure/2010/Jun/442, that Andrew has
mental problems and a drug problem. We know both of these to be true
because of his arrest for drug possession and the mental problems are
evident in how Andrew puts himself out on the Internet in his videos,
podcasts, ramblings and IRC.
Now, with Andrew being President of the GNAA - trolling has stopped
completely in the organization, many members have ran for the exit
door, and it has turned into the group that's all about weev. If you
criticize weev, you're banned and he will put in such a vague akick
from #gnaa that others are caught in it. If you have "members" of
GNAA, in your private network from a guy that weev is not friends
with, he will tell you to part that network or he will ban you from
the GNAA chatroom, then come back later to see if those users have
decided to quit the network.
He is about as bad as any delusional African dictator trying to
control the flow of information critical of him as much as possible.
It's sad. I was seriously hoping that he could sit in jail so he could
detox from his substance abuse and get some mental help that he needs
so he can resume a normal, healthy relationship with his family. I'm
sure his whole family is embarassed of him, including his mother who
adopted 2 African-American siblings for Andrew and you get this
racist, anti-Semetic stuff he is spewing online that other sick
individuals find amusing. It must be very hurtful to his family and a
constant source of embarrassment.
Mission Statement:
The IRC FRAUD ALERT (IFA) Team is a group of volunteers dedicated to
identifying, monitoring and exposing IRC frauds, who attempt to engage
in fraudulent activity online. It could be financial fraud or a steady
stream of constant lies that need addressing online after all means of
trying to expose this fraud have failed, such as a liar moderating
comments on their blog and deleting comments that expose their lie.
The IFA Team will publish their findings on blogs, mailing lists,
popular websites, forums, and on IRC networks to expose a particular
person trying to scam the IRC community as a whole for whatever
selfish reasons, like the childish craving of attention.
As an IRC community, we should shun these people, distance ourselves
from them as much as possible or possibly ban them from IRC networks,
repost the IFA Team findings, so everyone is safe. We do not have a
police authority in the community but I think "public service
announcements" like these should be the closest thing to authority we
should have on IRC networks. Take our findings seriously, discuss them
with others and spread the message. We cannot help the community as a
whole if nobody decides to repost our findings, submit them to
websites/blogs/forums, and lets our research die under the constant
amount of information on the Internet.
IFA Team:
Our team strictly consists of volunteers that use their spare time to
help make the Internet, especially IRC, a better and enjoyable place
by exposing the scammers and hypocrites of IRC.
Travis Durden, President of IFA.
Diego Garcia, Vice President of IFA - Head of Research
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists