Adrian Crenshaw About Adrian Since I have a name Im not Anonymous I run Irongeekcom I have an interest in InfoSec education I dont know everything Im just a geek with time on my hands ID: 752871
Download Presentation The PPT/PDF document "Crude, Inconsistent Threat: Understand..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Crude,
Inconsistent Threat: Understanding Anonymous
Adrian CrenshawSlide2
About Adrian
Since
I have
a
name, I’m not
Anonymous
I run Irongeek.com
I have an interest in InfoSec education
I don’t know everything - I’m just a geek with time on my hands
(
ir
)Regular on the
ISDPodcast
http://www.isd-podcast.com
/
Slide3
Dubious Disclaimer:
Easily offended?This may not be the talk for you.I’m not the one that came up with the terms in use.
Some terms seen in “Chan culture” you may find offensive.
Still, they are useful terms to know when you
read
“Anonymous” items
in
context.Slide4
Abstract
Intended to define Anonymous (roughly)Not intended to condemn nor promote, but just to help folks understand "cyber-lynch mobs" and perhaps their security
ramifications
Mostly I’m just tired of hearing the news get it wrong concerning the nature of the “organization
”Slide5
Confusion over what Anonymous is
News reporters have written a lot about a "group" referred to as Anonymous recentlyThe thing is, it’s more of a meme than a groupPeople in the news refer to:Official press releases
Leaders
Though there are what could be considered subgroups
The thing is, anyone can be “Anonymous“Slide6
What and who is Anonymous?Not really a group, more of a shared label, or meme
This causes big league attribution problemsThere are some sub-groups of a sortUnifying principals (if any):
Do
it for the
lulz
.
Internet
censorship is
bad.
Don't
hurt
cats
.
Silly, but I’ll explain moreSlide7
What is a meme?‘A meme is basically an idea that is easily transferable from one mind to another. Think "catch-phrases". Memes are created when a large group of users come to identify with a particular image or slogan. Their continued [
mis]use will bring about the destruction of the universe.’Source
:
http://www.4chan.org/faq#meme
“
Over 9000
”, “
the game
”,
LOLCats
, etc.Slide8
Example
Unclaimed posts on image boards are marked as AnonymousOver time the meme developed that Anonymous was a real person/group
Anonymous
DeliversSlide9
Change over time…
Check out changes over time via archive.orghttp://replay.web.archive.org/20070607170247/http://www.encyclopediadramatica.com/Anonymous
Slide10
Cohesiveness?
No real leader…Resource owners may have more influence howeverMay be able to say “this subgroup” organized via 4chan/Partyvan.info/Insurgen.cc/
AnonOps
Popular causes may become largerSlide11
Raid Order
Someone on a chan/insurgency wiki/Anonymous meme themed website or IRC channel posts “hey, this is wrong/messed up/has
lulz
potential. I think we should give them grief!”
Those that agree follow suit with sometimes vague details given as to their intentions and tactics.
Lulz
ensue or they don’t.
If
Lulz
ensue, go back to step two and see if more people join the action. Or...
Lose interest because of attention deficit or the target seems thoroughly beaten
.Slide12
Next Steps
Dropping someone's docs (doxing or other spellings)
This could also be family members
In
Real Life (
IRL
) pranks using the information
above
U
nwanted
pizza delivery
Swatting
Phone harassment
Defacing of websites or social network profile pages to embarrass and
annoy
Denial of service attacks: Sometimes referred to as “
bandwidth
raep
” depending on how they are done.
Some see
DoS
as equivalent to a sit-inSlide13
Going no where
Not all raids/ops get off the groundNot your personal army/Lurk moar
Lack of interestSlide14
Ways of organizing
Raid boards /i/http://711chan.org/i/
Also done on /b/, but very ephemeral
IRC
AnonOps
IRC Network
News
http://anonnews.org
/
Edit
pads and paste boards
http://
piratepad.net/q6IfcBltJB
Use Tor/I2P
Some blocking issuesSlide15
Skillsets
Not
necessarily “1337 h@c3r dud3$”
Some have skills
Some just use
DoS
tools to feel like they are participating
Some just like to yell loud on social media
Primers for the
noobs
http://
pastehtml.com/view/1dzvxhl.html
http
://ge.tt/#
62ymxTx/v
Slide16
Some tools
Nothing too special…
DoS
tools (and Mail Bombers)
BWRaeper.NET, LOIC,
PyRAEP
,
Longcat
Flooder, Slow
Loris
http
://
partyvan.info/wiki/Tools
DangerousKitten.jpg
Collection of tools in a (zip/
rar
) jpg
Anonymous Care Package Light
Beware of
trojaned
tools if you do research
Some Darknet use
Tor
I2PSlide17
A few more notes on DDoS
LOIC In Hive Mind Mode = Self selecting botnetSeen as a virtual sit in?Legality?
Title
18, U.S.C. Sections 1030(1)(5)(A)(i) and 1029(a)(3)
IP is obvious, hope that number mitigate risk
Can’t really use proxies for it
Free speech issues
“I support freedom of expression, no matter whose, so I oppose
DDoS
attacks regardless of their target,” he said. “They’re the poison gas of cyberspace.” ~ John Perry BarlowSlide18
A few past raids
Do you see a connection?Slide19
Habbo Hotel Raids
Trolled the social network/game by showing up as an avatar that looks like Jules from Pulp FictionSlide20
Internet Vigilantism
Go after some pedos (Chris Forcand for example)Slide21
Project Chanology
This was/is a protest agains Scientology for various censorship tactics and the way they treat members of the “Church”
Picture from David
Shankbone
of WikipediaSlide22
A few others
Epilepsy Foundation RaidDefaced the website with flashing itemsOperation
Titstorm
Protest
over filter laws in
Australia
Hal Turner
raids
ACS
Law (Related to
OpPayback
)Slide23
Wikileaks/Operation Avenge Assange/Operation Payback
Bollywood companies hired the firm Aiplex Software to DDoS
websites involved in what they saw as copyright infringement, and that ignored take-down notices.
In
retaliation the idea was put forth to
DDoS
Aiplex
, but someone beat them to it . Instead, they attacked groups they saw as being in a similar vein, like the
MPAA & RIAA.
Eventually
the operation moved to targeting firms that stopped doing business with
Wikileaks
. Slide24
HBGary Federal Hacks
Aaron Barr made some noise about exposing people in Anonymous and Anonymous fired back
Find SQL injection flaw in homebrew CMS.
Dump passwords hashes and crack them.
See if many of the same passwords were used on mail system (they were).
Some local privilege escalation.
Send some
Social Engineering
emails to gain further access.
Profit?Slide25
OpLibya, OpEgypt, OpTunisia
Helping establish communications amongst protesters via non government controlled/less snoopable means
DoSing
government sitesSlide26
Many more…
Way too many other “Ops” to even mention. See:http://anonops.in
http://
www.anonnews.org
http
://
partyvan.info
http
://
insurgen.cc
Use Tor/I2P
Some blocking issuesSlide27
Demographics?
I have my stereotypes, but hard to know for sure
You can’t poll a
troll
My general thoughts/observations?
Young
(based on time and humor)
Middle class to well off
(have and Internet connection)
Black and White thinking
Bored
Slacktivism
?Slide28
Another word for those who are easily offended
Two things you may be able to generalize about Anonymous:They hate to be told what they can and can not say/do/look at (political correctness be
damned)
They
love to
troll
.
It takes more and more to offend people these days
…but various slurs still do the trick
You will see plenty of examples of *
tard
and*fag type names
This is how people refer to themselves and others in the culture
Some folks have used this to label them a hate group, but that’s really not the caseSlide29
Categories of people who self-identify as Anonymous?
As with any label, there will be disagreement as to who is whatMoralfags
These
are people who think that Anonymous should use its trolling power to accomplish something they see as a social good or to counteract some injustice. These people are also sometimes seen as
corresponding to
Newfags
; changing the meaning of what it means to be a part of Anonymous.
Newfags
These
are people who are seen as new to the whole Anonymous/Internet culture scene
.Slide30
Terms for
c
ategories
of people who self-identify as Anonymous?
Oldfags
These
are people who are seen, or see themselves, as having been in the culture for awhile.
Hatefags
Hatefag
is the banner term for those that think the
Moralfags
are ruining the point of Anonymous: to boldly troll as no one has trolled
before, not causes. These
people are also sometimes seen as corresponding to
Oldfags
and wanting to go back to the older meaning of Anonymous as it relates to being
The Internet Hate Machine
Namefags
Those who choose to use a name/handle instead of truly being anonymous.Slide31
My point in this diversion?I’d like to paraphrase something Jason Scott said, but I doubt I’ll do it justice:
Terms like hacker and biker, and their “true” definitions, are often claimed by different groups who, in the wild, would beat each other up.Like religious denominations: When one faction says some other is not the real Anonymous, who is to decide but
ceiling cat
? Slide32
Attribution
Hey, we did not do it!/Hey, maybe one of us did!SonyWestboro Baptist ChurchSlide33
Are there any common criteria for an attack?
Lulz potentialMoral issues may guide some, but it’s not as big of a draw for bringing in the masses.
Unwarranted
Self Importance (
USI
):
Censorship
Some
moral
issue
Avoid
troll's remorse
even if they really don’t care about the moral issue.
Self-justifications
are wonderful things. Slide34
Other future possibilities
Infighting over USI?Magnanimous Backtrace is dropping dox on AnonOps
AnonOps
is dropping
dox
on
Backtrace
Ryan/Owen and AnonOps.
ru/net
/in
Use as cover?
Can you really be a part of Anonymous if you
are not a
nonymous? Lots of handles/names seem to be used now.Slide35
TL;DR VersionAnonymous is not really a cohesive enough group to make definitive statements
aboutBasically what Anonymous comes down to is this: Cyber-lynch mobs that are organized via the Internet, who share the common meme of “Anonymous“, where a few people say "hey let's do this", and those of like mind go do it……while
the others sit it out and post
lolcat
pictures on 4chan.Slide36
Links and resources
http://www.irongeek.com/i.php?page=security/understanding-anonymoushttp://en.wikipedia.org/wiki/Anonymous_%
28group%29
http://
encyclopediadramatica.ch/Anonymous
http://partyvan.info
http://insurgen.cc
http://
anonnews.org
http://
www.whyweprotest.net
http://
anonops.in
http://
www.4chan.org
Slide37
Thanks
Central Ohio Infosec Summit for having meBy buddies from Derbycon and the ISDPodcast
Slide38
Events
DerbyCon 2011, Louisville KySept 30 - Oct 2
http://derbycon.com/
Louisville
Infosec
http://www.louisvilleinfosec.com/
Other Cons:
http://www.skydogcon.com/
http://www.dojocon.org/
http://www.hack3rcon.org/
http://phreaknic.info
http://notacon.org/
http://www.outerz0ne.org/
Slide39
Questions?
42