Secret-Spilling Sources at Risk Following Cryptome Breach

Ruxpin-Vanity-Page-660x244

Secret-spilling site Cryptome was hacked over the weekend, possibly exposing the identities of whistleblowers and other confidential sources, according to a hacker who contacted Wired.com and claimed responsibility for the breach.

The hacker said two intruders from the group Kryogeniks breached the long-running site, where they gained access to a repository of secret files and correspondence. Among them, the hacker claimed, were the records of self-proclaimed WikiLeaks insiders who have been the source of several unconfirmed tips supposedly detailing internal WikiLeaks matters.

(more…)

Read More

Adrian Lamo and FBI Cyber Squad computer scientist Russell Handorf

10/18/12 Update: 2006 posting at forum – where Russell Handorf still contributes using his “grey hat hacker” handle “satanklawz” – suggests he has been working for FBI three years earlier than his resume claims; Adrian Lamo admits being “friends” with Handorf but still won’t answer any real questions; Chet Uber offers to have Lamo “interview” me – Neal Rauhauser, who claims he has nothing to do with Project Vigilant, suggests I should accept offer – which I will, after they start giving serious answers to my serious questions first; Project Vigilant submitted bid for Voice Stress Analyzer request by BoP to detect if inmates are lying.

Highlights: At college, Russell Handorf used to illegally “sniff” networks for free web access; Decade ago, hosted Adrian Lamo website where he used to be known as “satanklawz”; Defended Lamo online in web forum postings; In 2003, wrote that fugitive Lamo’s enemies might DoS the NY Times, attack investigators; Provided details on web on how to access potential Comcast customers’ private info; Wrote “Fear Not: Hacks, Attacks and Cracks” column; After Philadelphia InfraGard Board of Directors gig, former “grey hat hacker” joined FBI in September of 2009.

[Editor’s Note: Before publishing this article I emailed both Russell Handorf and Adrian Lamo to ask them questions about their past and possibly present relationship, but neither one got back to me. I’ll gladly correct any errors or add comments if they change their minds. My last two articles provide more background on Adrian Lamo, Neal Rauhauser, Project Vigilant and the Bradley Manning case: Bradley Manning Facebook friend was a security and risk management expert and More members from secretive, oddball Project Vigilant group revealed. Article by Ron Brynaert]

The following screenshot was the front page for a website owned by a “Grey Hat hacker” who the FBI hired to be a computer scientist for its Philadelphia Cyber Squad in 2009:

shtcmarchive

(more…)

Read More

‘Kryogeniks’ hacker sentenced for Comcast hacking

No PII involved in this one, but since many may remember the case, I thought I’d post the follow-up.

James Robert Black, Jr., a.k.a. “Defiant,” was sentenced yesterday in U.S. District Court in Tacoma to four months in prison, four months of electronic home monitoring, 150 hours of community service, three years of supervised release and $128,557 in restitution for conspiring to damage a protected computer. The 21 year-old was originally indicted in the Eastern District of Pennsylvania for his role in a hacker attack aimed at disrupting service at Comcast corporation’s www.comcast.net web site on May 28 and 29, 2008. Black and government prosecutors agreed to resolve the case in Washington.

Black was charged in the conspiracy along with Christopher Allen Lewis, a.k.a. EBK, 19, of Newark, Delaware, and Michael Paul Nebel, a.k.a. “Slacker,” 27, of Kalamazoo, Michigan. The three were associated with the hacker group Kryogeniks. On May 28, 2008, the three men redirected all traffic destined for the www.comcast.net website to web sites that they had established. As a result, Comcast customers trying to read their e-mail or listen to their voice mail were sent to a website on which the only thing that they could find was a message that read

KRYOGENIKS Defiant and EBK RoXed COMCAST sHouTz to VIRUS Warlock elul21 coll1er seven.

Approximately five million people per day connected to the Comcast website in May of 2008. These acts resulted in a loss to Comcast conservatively estimated at $128,557.

In asking that Black serve prison time, Assistant United States Attorney Kathryn Warma wrote to the court saying, “Mr. Black and his Kryogenicks crew created risks to all of these millions of e-mail customers for the simple sake of boosting their own childish egos. The callous disregard of the dangers posed to others, as well as the arrogance and recklessness displayed by these, and other hackers in committing such crimes should be considered by the Court as a factor that weighs in favor of a significant prison sentence.”

At the time the Comcast site was hacked, Black was residing in Tennessee. He has since relocated to Tumwater, Washington.

Source: U.S. Attorney’s Office, Western District of Washington

Kryogeniks Hacker Who Took Comcast Offline Pleads Guilty to Crime

Christopher Allen Lewis, the hacker from a telephone hacking group called Kryogeniks, has pleaded guilty for taking Comcast’s web site offline in May of 2008.

Lewis is facing a charge that could land him in prison for five years and a $250,000 fine after his guilty plea to one count of conspiracy to intentionally damage a protected computer system. The case is being tried in Philadelphia where Lewis used certain social engineering tactics to obtain critical information on Comcast’s Fearnet.com site over the phone from a Comcast employee at his home in Clifton Heights, Pennsylvania.

Two other individuals, James Robert Black and Michael Paul Nebel, have been charged as co-conspirators in the hacking incident who were also part of the Kryogeniks hacking group. According to a Philadelphia news report, Black is expected to plead guilty and Nebel will enter a not-guilty plea.

Kryogeniks is known as a “phone phreaking” hacker group who do notify their victims though a phone call after the damage has already been done.

The main culprit, Lewis, was able to gain access to Comcast.net’s DNS (Domain Name System) account giving him control of the domain. Lewis later contacted a Comcast employee just to “inform” them on what he had done which was taking down the Comcast.net site and redirecting it to a page announcing that the Kryogeniks group hacked Comcast.

The message found on the hacked web page for Comcast.net read “KRYOGENIKS Defiant and EBB RoXed COMCAST sHouTz to VIRUS Warlock elul21 coll1er seven”, as shown in figure 1 below, for about 90 minutes until the site was reestablished.

kryogeniks-comcast-site-taken-down

comcast_dns

 

Flashback to 1995

Flashback to 1995: AOL Proggies
By Marco on April 19, 2004

Inspired by a discussion on the Something Awful Forums, I remembered the time I spent using AOL in middle school. There were these programs (“proggies”) that would hook into the AOL software and allow you to do special things, like easily type using color-faded text or extended ASCII characters. I had one of these called FateX Ultra.

My favorite function was that you could host these little chat room games, like the “FateX Ultra Scrambler Bot”. You’d give the program a word and it would automatically “chat” for you and set up this game where it displays the word scrambled, and whoever typed in the unscrambled version first would get a point, and every so often it would print out a scoreboard of how everyone was doing. And there were chat rooms devoted entirely to these games. It was a pretty big deal at the time for a 7th grader.

Then there were the warez bots. These things were really fantastic, and getting warez through them was surprisingly easy for the time. You’d go into a private chat room (the AOL police wouldn’t actively monitor them) named whatever was cool at the time, with some digit after it, usually 1 through 10, since there was a maximum capacity. For example, you’d hear from some of your l33t friends that the new rooms were called “zeraw” (warez backwards, since “warez” names were banned), so you’d try like “zeraw4” or “zeraw6” until you found one that wasn’t full.

Then you’d find out who was hosting by looking to see who people were directing requests towards. Let’s call them “server”. So you’d type something like this:

/server SEND LIST

Then magically, within minutes, you’d have an email containing a numbered list with everything that the server person had. Let’s say you wanted “#129: [MP3] Counting Crows – Mr. Jones.mp3”:

/server SEND 129

And once you reached the front of the line (anywhere from minutes to hours), you’d have that message in your mailbox. And you’d spend some absurd amount of time downloading it over your 28.8 modem (I was cool, I had a 33.6).

You could even search the list:

/server FIND Counting Crows

That’s some incredible functionality for 1995. Add a global search and you have Napster.

Editing Sign On List

catsn

Here you will learn how to modify the screen names on your sign on list.

There are a few reasons why you might do this:

  • Add frequently used guest accounts/phish to your sign on list!
  • Modify the parental controls on guest accounts/phish.
  • Switch to other screen names on guest accounts/phish.

 

  1. Download and install UltraEdit32 hex editor that you will use to modify the AOL file that contains your screen names.
  2. Unload AOL if it is open. (You may need to print this page to continue if this will be closed with AOL.)
  3. Open UltraEdit by clicking Start | Programs | UltraEdit | UltraEdit-32 Text Editor.
  4. Click File | Open. Navigate to the America Online 5.0/idb directory and open main.idx. Note that this will work for any version of AOL so just modify the file path accordingly. An example of the path you might use is C:/America Online 5.0/idb/main.idx
  5. After it has opened click Search | Find. In the box where it says “Find What” type one of your current screen names. Check the box that says “Find ASCII” then click “Find”. UltraEdit will now go through the file and search for that screen name. Once it finds something make sure that the rest of the screen names on your computer are next to or near that name. If your other screen names are not near what it found then hitSearch | Find Next. Now it will find the next occurence of your screen name. Repeat this until you find the group of screen names in your sign on list. Now that you have found the group of screen names you can edit any of them. Just type over whatever screen name you want to replace on your sign on list with the new name. Note that AOL4.0 can only have 10 letter screen names and 5 total screen names. AOL5.0 can have 16 letter screen names and up to 7 screen names. Only type over the screen names there and do not type past what is already there.

hexaolsn       Click File | Save.

Reload AOL

If something goes wrong when loading AOL navigate to the America Online/idb folder in Explorer and delete main.idx. Then rename main.idx.bak to main.idx.

Note: To restore all your original screen names all you need to do is go to keyword: Names and it will restore all the screen names on the account that your on. But beware, if your on a guest account and you goto keyword: Names all the other names in your sign on list will be changed to the screen names on that persons account.

AOL IP Addresses

IP stands for Internet Protocol address. Internet Sites and people who connect online have an IP address. An Internet Protocol address indentifies your online connection. There are two types of IP addresses: dynamic and static. Static IP addresses are alyways the same. People who do not sign on through the phone line and are alyways connected have a static IP. If you connect via a phone line then you have a dynamic IP address. Dynamic IP addresses change each time you sign online. People who sign on through AOL get an IP address when they sign online. This IP address is dynamic — it will change everytime you sign online. IP addresses always take on the form xxx.xxx.xxx.xxx where xxx is a number between 0 and 255.

A DNS address is your IP address changed to words. For example, “205.188.160.121” is the IP address for www.aol.com and “www.aol.com” is the DNS address. In this tutorial you will learn manually how to convert an AOL dynamic IP address into it’s corresponding DNS address.

First we will obtain your IP Address.
To do this, click Start, Run, and type “winipcfg.exe”. This will bring up something that looks like this:

winipcfg

Obviously, your IP address is where it say “IP Address”.

To convert it to your DNS address you first will need to learn how to convert into hexidecimal.

Your IP address will be in the form, xxx.xxx.xxx.xxx as said before. Here we will use aaa.bbb.ccc.ddd in order to distinguish between the different sections of an IP address.

Combine Hex(aaa), Hex(bbb), Hex(ccc), and Hex(ddd). Your dns is the combination of these section hexed followed by “.ipt.aol.com”.

For example, mine would be Hex(152) and Hex(207) and Hex(74) and Hex(87) followed by “.ipt.aol.com”. Which is 98, CF, 4A, 57 My DNS address “98CF4A57.ipt.aol.com”

 

AOL Roll Dice

diceshoot

 

Many people know the chat command:

//roll

But not many people know how to specify the number of dice and number of sides:

//roll-dice##-sides###

The amount of dice can be any whole number from one through fifteen.
The amount of sides can be any whole number from one through 999.

AOL will randomly pick a number fitting each of these paramaters and display them to the other chat members.
For example, I sent the line //roll-dice15-sides999 to the chat and it displayed this:

OnlineHost: Xx Alpha I rolled 15 999-sided dice: 865 428 352 744 577 485 171 738 315 278 599 533 172 983 731

Also note that this can be acheived by going to Keyword: Dice. Click here to see a picture of Keyword: Dice.

Please do not scroll this in a chat room. Scrolling not only annoys the other people in the room but also makes you look like an idiot. Thankfully, if you do see someone scrolling this you can just ignore the person sending it and the OnlineHost will discontinue displaying it for you.

 

AOL TOS Violations

TOS E-mail 1

Since this letter has been sent to each of the sub-screen names on your account, you may already have read it. If so, please disregard this copy.

America Online has a Terms of Service agreement which provides community guidelines for online conduct. This letter is to inform you that we received a report regarding a violation of those guidelines.

In keeping with our commitment to protect the privacy of our members, details of TOS violations are sent only to the master screen name(s) on members’ accounts. Details of TOS violations will not be sent to sub-screen names under any circumstances.

To obtain details of the violation, please sign on with your primary screen name (the first screen name you created for your account) or any other screen name which you’ve designated to be a Master Screen Name. (For more information on multiple Master Screen Names, see the Custom Control feature available at keyword: PARENTAL CONTROLS.)

If you did not receive details of the violation at your Master Screen Name(s), be sure you are not blocking your mail to that screen name. If your Master Screen Name(s) are blocking mail, please unblock mail at keyword Mail Controls. Then, send mail from the Master Screen Name to “TOSGeneral” requesting details of the violation.

Our Terms of Service agreement, which was presented during the sign-up process, allows America Online to be informative, entertaining and, above all, fun for all of our Members. You can review that agreement by using keyword TOS. This area also has information and tools you can use to help protect your account.

Please note, this screen name cannot accept replies. Therefore, if you have any comments or questions please send mail to TOSGeneral. Thanks for taking the time to read this letter.

Regards,
JeannieM
Community Action Team
America Online, Inc.

TOS E-mail 2

Thank you for reporting this information to us. Please be assured that I have looked into this report carefully and taken appropriate action. Because we respect the privacy of every member of America Online, we cannot disclose specific information regarding any action we have taken against another account.

Along with your help, and the help of many other members like yourself, the Community Action Team works to keep America Online informative, entertaining and, above all, fun for all our members. For helpful information from the Community Action Team, please use keyword TOS.

Please note, this screen name cannot accept replies. Therefore, if you have any comments or questions please go to Keyword: TOS Questions.

Regards,
SteveH
Community Action Team
America Online, Inc.

America Online Steps Up Spam Fight By Launching Litigation Offensive Against Spammers

Company Sues Spammers in Series of Lawsuits Spurred by Member-Reported Junk Email
AOL Alleges Defendants Named in Lawsuits Are Responsible for Sending AOL Members One Billion Spam Emails, Resulting in Over 8 Million Member Spam Complaints

Dulles, VA – April 15, 2003 – America Online, Inc. (NYSE: AOL), as part of its ongoing, comprehensive battle against spammers, today announced a sweeping series of lawsuits against individuals and companies that it alleges have repeatedly sent members high volumes of unwanted junk emails using a variety of evasive means to circumvent AOL’s spam filters.

AOL is filing five separate lawsuits against over a dozen companies and individuals, who the Company alleges are together responsible for sending an estimated one billion spam emails to AOL members and generating over 8 million individual spam complaints from members. The latest lawsuits filed by AOL are the first to leverage the complaints received by AOL from its members who are using the popular “Report Spam” button in AOL 8.0.

The defendants named in these lawsuits are alleged to have sent a variety of offensive and unwanted spam emails including: pornography; male organ growth/enlargement products; mortgage and home refinancing offers; college degrees; steroids; cable TV descrambler products; and software products. The kinds of spammers and the type of spamming named in these lawsuits are exactly representative of what AOL members face on a daily basis.

The methods alleged to have been used by the named defendants in these cases to send spam to AOL members include many of the egregious and fraudulent methods used today by spammers, such as: falsification of email addresses; purposefully and systematically evading spam filters set up by AOL and its members; and pursuing other means of spamming members that are prohibited by AOL’s published “Unsolicited Bulk Email Policy” (see www.aol.com).

Because AOL’s proprietary email network is located in Virginia, these lawsuits were filed in the U.S. District Court for the Eastern District of Virginia in Alexandria.

(more…)

Read More