__ .__ _____ ____ _/ |_ |__| ______ ____ ____ \__ \ / \\ __\| | / ___/_/ __ \_/ ___\ / __ \_| | \| | | | \___ \ \ ___/\ \___ (____ /|___| /|__| |__|/____ > \___ >\___ > \/ \/ # exit \/ \/ \/*no more* -----[ Intro: No, romeo.copyandpaste.info did not get hacked, I am just doing what should be done about this mess... A few companies were getting hacked by anti-sec just now, but I decided you don't deserve to know who gets owned, I will keep the access to myself and you will _never_ know you got hacked. Let me try and make a few things clear. -----[ The Beginning: 93K Jun 4 astalavista.txt This is where it all started, 'anti-sec' the 'group' name was born there, people made up the rest of stories and believed them. 159K Jun 10 nowayout.txt He is a moron, 'nuff said. 27K Jul 3 ssanz-pwned.txt Swear by your own security, this is where it gets you. 3.4K Jul 10 imageshack-pwned.txt Sent the message to everyone, everyone understood it differently. --[ Astalavista - The hacking and security community. They didn't have hackers, security or a community, I did the Internet a favor by taking them down. --[ Glafkos / nowayout - The CEH / Security Expert / [Insert-IT-Cert-Here]. He couldn't stop an attack on his own server, got rm'd and shutdown while he is actually logged on the server... How pathetic. --[ SSANZ - Server Systems Administration NZ, Security, Hardening and Backup solutions. They couldn't secure their servers and had no backups... 'nuff said? --[ ImageShack. Even though it clearly said: "No images were harmed in the making of this... image." Most of you idiots reacted with: "omg what does imageshack have to do with security, those guys are brutal and against their own beliefs". -----[ You are a moron: So a 'group' by the name of 'anti-sec' who are *against full-disclosure* publishes a hack-log with a few exploits used in it... The whole idea is that you, the script kiddie (along with the rest of the Internet) NEVER knew how anti-sec actually got in, get it now? felosi decides it is actually an OpenSSH 0day, WebHosting Talk forums makes a huge hype about it, SANS believes it, HostGator DISABLES OpenSSH on all servers and claims they have a fix for it, TheRegister writes about it... ...and the rest of the Internet and the 'security industry', just like sheep, follows everyone else and claims surface of 'patches' for the 0day, some said they will release it on DefCon, others started there own fake exploit (Some people actually fell for that)... You people are a pack of morons, honestly. I let you talk about it, laughed as some of you started writing patches, then I had my share of lulz when hosts decided to shut down OpenSSH because of a rumor that was started by felosi because a client of his (nowayout / Glafkos the security expert, remember him?); thought it was an OpenSSH 0day. lol. This is just another proof of how stupid the people you go to for 'security' online, how easy it is to create havoc online amongst you, I didn't even have to start the rumor, your own people did and you believed it. -----[ anti-security: Now off to another, more important point; anti-security... *This is my idea of anti-security, you are free to have your own, but the ideas I saw online are stupid, really* Some of you thought anti-security is against -security-, while it is really against the security -industry-, I don't want you to be insecure to hack you, where is the challenge in that? Others thought anti-security is about 0 disclosure of any kind, it is truly against full disclosure, where an actual exploit code is posted instead of an advisory to the public... I understand that disclosure is a must-have, I am not against it, I am against the people who post and help in spreading exploit code, Can you please tell me what good (if any) comes out of posting exploit code? I am pretty sure it does more harm than good, way more. Some suggested anti-sec should give people an alternative of what should be done, well here it is, sirs.. Instead of posting an exploit code for the vulnerability you found, post an advisory, explain the vulnerability you found to the people, gain fame and credit from it, attach a PoC if necessary... but do NOT post an exploit! Now of course that will not stop 'hackers' from hacking, but it will decrease the number of random attacks, a lot, and everyone will benefit from it, you will gain your fame and credit for it, you can post that on your sorry ass CV. -----[ Comments and Response: #bhf <+Aelphaeis> antisec hacked BHF ? #bhf <+Aelphaeis> won't the antisec guys do it again ? #bhf <+Aelphaeis> antisec, makes no fucking sense #bhf <+Aelphaeis> BHF is clearly pro antisec You are as stupid as you sound. #bhf <%Glyph> 1. romeo.copyandpaste.info is a rr account. #bhf <%Glyph> 2. romeo.copyandpaste.info's ns entries point to afraid.org ORLY? #bhf < HTH> I wonder who anti-sec is lulz #bhf < HTH> Ive long since decided its not dark #bhf < HTH> or r0meo #bhf < HTH> so now im puzzled I lol'd. #bhf < fr0natz> HTH, I see that point. #bhf < fr0natz> Romeo, lul'd a bit there. So did he. >>T Biehn < tbiehn@gmail.com> >>1) Register 'Anti-Sec *' with Free Mail Provider >>2) Claims to Full Disclosure >>3) ???? >>4) PROFIT. True that. >>ifwm >>So, Anti-sec is Microsoft? No. >>DrGirlfriend >>what a group of assholes (anti-sec, not imagshack). Seriously, in what way was imageshack involved in their beef with the security profession? What a moron. >>siggplus >>So hackers are against full disclosure? What a shocker. I know right? >>oobey >>Woah, guys! I just discovered the most amazing thing - if you don't talk about bad things, >>it's like they DON'T EXIST AT ALL!! As far as I'm concerned, I'm no longer living in a world with an economic crisis, >>global warming, OR wars in the Middle East! >> >>Thanks, anti-sec! As DarkPontifex would say, Cool story bro. It is more like, if you do not practice, publish or mirror exploits, script kiddies wont exist at all and the world will be a better place! No problem, btw. >>SyrioForel >>They're not trying to protect anybody from exploits, they're trying to protect their own exploits from being advertised. Get it? Oh okay, thanks for clearing that up for me... You are wrong, it is truly about not publishing exploits, you will not get our exploits because no one knows how we get in, when we got in, etc. >>freshtimes >>I don't think they're attacking you as much as using imageshack's prevalence across the internet >>as a way to embed images as a vehicle for their message. Finally someone gets it. >>Clumpy >>A self-righteous stupid hacker group at that. Full disclosure is the only thing that causes companies to patch. >>History shows us, over and over again, that companies won't spend the money to patch security holes without full disclosure forcing them to it. If you are so concerned about the patch, why don't you release a patch yourself instead of releasing an exploit code to 'force them to patch'. >>alchemeron >>A short-sighted approach. Part of the reason for a culture of published exploits is that, >>if you don't publish or threaten to publish, companies will do absolutely nothing. If everyone works by that, a lot more 'security' companies will be exposed, hacked and rm'd, because if you don't publish that they cannot secure their own work, make backups or actually provide the service they offer, they will never fix it, right? What about posting a nice advisory, saying you found vulnerability X in product Y, maybe a PoC. if company doesn't fix, you did your job, no need to publish an exploit code and make thousands of websites / companies suffer while script kiddies ./xploit. >>anti-antisec@hushmail.com >>LMH, can you and your "Security Justice" friends please get laid >>and leave the rest of us alone? This Anti-Sec rebranding is more >>boredom. >> >>Oh- we know where you work, and who some of you really are. I >>wonder how they'd feel about this stupidity? You don't know anything about any of us and you will never. Your servers were rooted back in 2007 and we never lost access until 2009 (maybe not), how do you feel about this stupidity? >>Ant-Sec Movement < anti.sec.movement@gmail.com> >>Dear Reader, >> >>In light of recent events, we have decided to clarify exactly what the Anti-Sec Movement is, and who we really are. >>Firstly, Anti-Sec is NOT an individual clan or group; as the name implies, we are a movement >>< snipped> You have nothing to do with the movement, you saw a wave of people and posts talking about anti-sec and wanted to get some attention on your sorry ass. Your targets are still up, all you ever did was a pathetic DDoS attack. You fail. >>http://www.theregister.co.uk/2009/07/13/imageshack_hack/ >>Ironically, exploit code associated with Anti-Sec's latest attack was posted on a full disclosure mailing list. Nothing was ever posted, k? ...and many, many other stupid comments. -----[ Outro: Well I guess this is it, publicly owning people goes nowhere, people are too stupid, some love to make up their own stories and others will do anything to ride a publicity wave... rarely ever anyone actually gets the point. Before I leave you, I cannot stress enough that you are not as secure as you think you are, Full-Disclosure brings more evil than good, it is the root of most DDoS attacks, random web defacement, spam, havoc, etc. Publish an advisory if you must, do -not- publish an exploit, do -not- mirror exploits. str0ke should realize by now that most of the botnets out there, the spam, the Turkish web defacement... is his fault. If you think otherwise, do post about it, be sure that I will be reading it, but I doubt you can find more good coming out of full-disclosure than evil. And of course we must not forget, it is not just about Full-Disclosure, but also the people who claim they can protect you, claim they are a security company, swear by their own security, etc. Actually cannot provide you with that service, they cannot protect you, they cannot protect themselves, they don't know the basics of security, they read a tutorial on installing CSF/LFD, mod_security, iptable OpenSSH and call it -secure-. Take felosi for example, he runs secureservtech: >>Extensive security to protect your sites and data from hackers. >>Including mod_security, suhosin, cgi suexec,, php suexec, brute force protection on all protocols and more.. 72.20.1.206 - backup.secureservtech.com - The main backup server for SST, it has access to every other server SST owns. root:T6yHjuIkol0 *OpenSSH is whitelisted for specific IP's only, he included mod_security, suhosin patch, grsecurity, csf/lfd... How classic. Did he protect his customers from hackers like he says? is *secure*servtech really *secure*? does felosi know he got owned? No. - Did you get scared of getting caught? -- no, I just didn't like how this turned out to be, taking a different approach from now on. - Are you going to stop shutting down people who publish exploits, exposing people who swear by their own security, etc? -- no, but this time you will never know who got owned, no logs will be published, I will keep my access for greater benefit. If you want the old page for any reason, you can download mirror here: http://romeo.copyandpaste.info/mirror.tgz So Long, and Thanks for All the Fish. - romeo.