E-mail Comment Del.icio.us Digg Reddit Technorati Furl

Anti-Sec Movement Threaten Sites

Jul 15, 2009 Security News

The group calling themselves the “Anti-Sec Movement” are threatening to take out Hackforums.net and Milw0rm.  Again, we have mention of the phantom SSH 0day exploit.  Your guess is as good as mine about the legitimacy of these threats, however the convenient DDoS on Hackforums.net, and the fact that the email address differs from other “anti-sec” posts, makes me wonder if this in not all just another hoax.

This was posted to the Full Disclosure Mailing List today:

Message: 11
Date: Wed, 15 Jul 2009 19:29:25 +1000
From: Ant-Sec Movement
Subject: [Full-disclosure] Ant-Sec – We are going to terminate
Hackforums.net and Milw0rm.com – New Apache 0-day exploit uncovered
To: full-disclosure@lists.grok.org.uk Content-Type: text/plain; charset=”iso-8859-1″

Dear members of Hackforums.net, Jesse Labrocca (AKA Omniscient),
Milw0rm.com, str0ke, and Reader,
We are the Ant-Sec movement, and we are dedicated
to eradicating full-disclosure of vulnerabilities and exploits and free
discussion on hacking related topics. We are dedicated to stalling the ocean
of script-kiddies currently trawling the Internet, and those so called
“White Hat Hackers” who benefit financially from full-disclosure; employing
scare-tactics in order to con people into buying their firewalls and
anti-virus software.

Thus, our new targets are Hackforums.net and Milw0rm.com. Both are notable
within the hacking underground and the computer security world, and both
violate what the Anti-Sec movement is fighting for. Such as it is, both must
be terminated…utterly.

Let us first discuss Hackforums.net. It is run by a man named Jesse
Labrocca, also known as “Omniscient” within the hacker underground. Although
he, himself, claims to not know a thing about penetrating computer systems.
Hackforums.net is perhaps one of the largest communities of hackers and
script-kiddies alike currently at large in cyber space. The beginner
section, alone, is flooded every single day with messages by script-kiddies.
The “Hacking Tutorials” section is a diamond mine of full-disclosure
information. And that is not the entirety of it. As a result, this community
MUST be terminated.

Recently, the Anti-Sec movement became aware that some unknown entity has
been launching successfully crippling denial of service attacks against
Hackforums.net. Whoever you are, we of the Anti-Sec movement extend our
warmest gratitude to you and we ask that, if you’re reading this email,
please do not cease your attack against Hackforums.net. By bringing it down,
you are helping to recover the health of the Internet. Hackforums.net is a
hive of knowledge that should only be known by a select few. It MUST be
terminated. In addition, we also encourage any and all who can to launch
denial of service attacks against Hackforums.net in order to support us in
furthering our goals.

We would like to stress that we will not be participating in DDOSing
Hackforums.net. The reasons for this bring us to our next topic of
discussion.

In addition to our OpenSSH 0-day exploit, the Anti-Sec movement have also
unearthed an Apache 0-day vulnerability and we have subsequently developed
exploit code in order to take advantage of this vulnerability. It affects
ALL versions. We will be using this as well as our OpenSSH exploit to hack
into Hackforums.net and rm its contents, thus terminating it.

As soon as, if ever, the recent crippling DDOS attacks against
Hackforums.net cease, we will strike. And in that moment, Hackforums.net
will be history. Your only hope, Hackforums, is for the heavy DDOS attacks
to never stop.

Once we have dealt with Hackforums.net, we will terminate Milw0rm. Better
you had quit and left it at that, Str0ke, for now milw0rm.com will be
completely and utterly wiped. It is the second highest target after
Hackforums.net.

This is our message to all. You have seen what the Anti-Sec movement can do.
We will do it again, and again, and again, until our goals are achieved.

This we promise.

Sincerely,

Anti-Sec

Original post.

UPDATE: It seems that perhaps that this may be nothing but a troll on the Full Disclosure list who went by the name of n3td3v causing problems: http://seclists.org/fulldisclosure/2009/Jul/0219.html

UPDATE 2: I have apparently upset someone who is using a server based in Italy and trying directory traversal attacks on this blog:
62.149.163.198     Soci     Emilia-Romagna     Italy

host198-163-149-62.serverdedicati.aruba.it

This entry was posted on Wednesday, July 15th, 2009 at 11:51 and is filed under Security News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

7 Responses to “Anti-Sec Movement Threaten Sites”

  1. epixoip Says:

    July 17th, 2009 at 19:49

    The individual(s) posting as Ant-Sec Movement [anti.sec.movement@gmail.com] is not the real anti-sec group. romeo [romeo.copyandpaste.info] had a statement about this on his website for the last couple days that went something to the effect of “Q: Are we behind the recent posts on Full-Disclosure”? A: No.”

    This appears to be accurate since the writing style is completely different, and their ranting is completely contrary to the anti-sec movement itself.

    Thank you.


  2. scott Says:

    July 17th, 2009 at 20:28

    Thanks epixoip. That was what I was beginning to feel myself.


  3. M Says:

    July 18th, 2009 at 08:23

    You realize of course that netdev, in all of his glory, has no capability to access a server in italy; even if it is an open proxy. He also has no ability to attempt any kind of attack on your blog save for spamming the F5 key. This is by his own admission of and proven by repeated evidence of his locality and lack of technical knowledge. It then begs the question, who is in italy? Why do they care about a netdev hoax? Unless it isn’t a netdev hoax.. and possibly once again netdev has attempted to claim credit for something he had nothing to do with. Think about this.. Don’t trust the tide of disinformation.


  4. DaveK Says:

    July 20th, 2009 at 15:02

    You are not being attacked by 62.149.163.198, it’s just a bot running a standard scan. Google the IP, it’s been showing up in website access logs for a while.


  5. scott Says:

    July 20th, 2009 at 15:28

    Thanks DaveK. Good to know my countermeasures are working at least.


  6. Stefanthechunk94 Says:

    September 2nd, 2009 at 22:56

    This anti sec movement think themselves as the best , but they are messing with the wrong people, they dont realise that the black hat and white hat world will fight back.


  7. $qL_DoCt0r Says:

    September 8th, 2009 at 00:17

    milw0rm should be anti-sec’s major target, hackforums is just a simple community
    its milw0rm thats doing the worst
    what about metasploit they are the ones helping these “white hats” make the exploits, 0day 4EVER!!!
    USE THIS MORE!


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>