Slashdot Mirror
Anonymous Claims Possession of Stuxnet Worm
An anonymous reader writes "Last night, a member of hacker group Anonymous announced on Twitter that the group was in possession of the Stuxnet worm. Recently, Anonymous has been in the news for its high profile attacks on software security firm HBGary, after Aaron Barr, the CEO of HBGary's sister firm HBGary Federal, claimed to have acquired the names of senior Anonymous members and threatened to release them to the public. This is where the possibility for Anonymous getting its hands on Stuxnet increases."
Yeah, so? I have a copy of the Code Red and Nimda somewhere in my office. Am I dangerous? No. Because they are known viruses and the holes the exploits used have been patched shut now.
Karma: Excellent. 15 moderator points expire sometime.
it's been available for ages.
It's a great PR move by Anon in that it's garners a stack of press due to the combinations of:
"shadowy hackers"
"stuxnet"
Well played anon.
What is actually more significant is the upcoming http://anonleaks.ru
The potential for them to claim the popular mindshare that wikileaks has had is very real.
None of the other groups have managed (openleaks, crowdleaks, abcleaks, xyzleaks, 123leaks, etc etc etc).
But are you code red reseller? Anonymous is now an official Stuxnet Gold affiliate
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
In other news: Iran claims posession of the Stuxnet virus as well
Anyone can get a copy of the Stuxnet worm, just create an account on the right security forums and download a copy.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Lets look at the situation properly:
Anonymous is a group composed of [Members N], lead by [Leader L] of [belief X], who attempt to attack [Company Y] over [Reason Z].
Now, we know nothing about L or N. We don't know who took part in DDOSing mastercard (or who lead it), we don't know who hacked into the site (or who lead it), nor do we know their link to whoever DDOSed scientology, google bombed scientology, or protested in the streets. We don't know anything.
So assuming that N and L are variable. X changes with L.
So Anonymous isn't really a group. Its not a 'group of people which are now becoming a terrorist group'. Its an ever-changing grouping of different people by a different leader who chooses their target and their method. Do they have a master plan? Not really.
So viewing how anon changes is rather useless, since pretty much everything changes all the time.
This is the equivalent of looking at the human race at a whole and claiming that "The human race attacked Iraq, after attacking Poland in 1942, and Troy at some point in history" and trying to draw a conclusion.
If you are talking about the Anonymous from 4chan, then there isn't any group like that. That implies to much organisation, a hierachy, an organization.
The idea originally was related but NOT the same to "I am Spartacus". And many people don't even understand that statement.
The "I am Spartacus" statement is this: "I hereby declare that I am the person you are seeking and accept all responsibility for my actions." If you state this, you BECOME Spartacus, you are it and LOOSE yourself with it. You can't say, "I smallfurrycreature represent Spartacus", you surrender yourself to the cause and become it. In the movie, the people all nailed up, are ALL Spartacus and by doing so the idea of Spartacus if not the person becomes invincible. No matter how many Spartacusses you nail to a cross, there is always one more just around the corner. It is the undying hero, the person dies but the idea goes on.
This doesn't sit well with our individual culture.
Anonymous takes this even further, if people understood it. You cannot state "I am Anonymous" for this is silly. The moment you tie yourself to this concept, you are no longer anonymous. You can speak with a thousand voices, you can at best be one voice representing a thousand but never a thousand. You cannot be anonymous only be a non-significant part of it.
The real idea behind it all on 4chan was to give a name to the movements/actions that were observed. It is like watching the migration patterns of animals and calling them Bob. Just because it now sounds like a person doesn't mean that a wildebeast migrating represents Bob or is controlled by the motives of Bob.
Does any of this rant matter
Yes. The Muslim brotherhood, are they the protesters in Egypt? Some western "news" stations would have you believe this. BUT this has NOT been an Islamic revolution. It might or might not become one but the protests where NOT guiden or orchastrated by them... some PROTESTERS might have been but not the "protest". It can be hard to grasp the difference. It is the difference between the resentment of the masses and individual grievances. Same as the protests in Tunesia were not about a closed vegetable stand or in Egypt about the beating of a youth or in France about cake or in the USA about tea.
Anonymous is not a group that exists on 4chan in /b/. If anything it is the behavior of individual but unknown people who use the web to do something in a minimally organised way to have a far reaching effect. It is the mob effect on the internet.
That means that there is no point in ousting its leaders. You can get the leaders of one mob and might even be cheered for that by the mob next to it. Anonymous cheers cat killers and hunts them down. It is not a singleton, it is a class. You can spawn things from it but almost by its nature, the moment you do that is ceases to be the idea and it becomes Anonymous XYZ the group.
Anonymous doesn't have its hands on anything and has its hands on everything because we can all be Anonymous and we all aren't.
But media doesn't grasp that since they need to put a face to the name. But ultimately this means that Anonymous will just get more legenday. Strike one group down and another will take its place. Just as killing a few hundreds protestors, and arresting/torturing far more, did NOTHING to stop the protest in Egypt. Or killing all the buffalo stopped Bob.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
"Anonymous" is not simply a group that uses anonymity.
Anonymous is an un-group. It is the collection, at any single moment in time, of people attempting to achieve a common goal loosely organized via anonymous internet communications. The anonymous people working on a common goal, can change from day to day or moment to moment. The goal(s) being worked on can change from day to day and moment to moment. A call for action is thrown out in various anonymous Internet places, and some people who frequent those places decide the goal sounds worthwhile to them for various reasons, different for each person. Others decide the goal is not worthwhile and ignores it or calls out the original poster for having selfish reasons for the call to action ("We're not your personal army").
To say there are "members" and a "hierarchy" or even an actual group called "Anonymous" in any normal sense of the word reveals a lack of understanding of the phenomena.
- For the complete works of Shakespeare: cat
Wait, so they have a copy of something that was designed to replicate itself and is known to have spread to literally hundreds of thousands of unsecured machines? And they have a binary copy of it? I'm going to write the rest of this post from my bomb shelter.
The media talk about Anonymous like it's some shadowy terrorist super-villain collective, but that's really missing the point. Anonymous is, at its core, the world's most prolific troll. Look at the sites they attacked in the whole WikiLeaks affair. Visa.com and MasterCard.com? It's obvious to anyone with a clue that these are symbolic targets. If they'd had the desire (and arguably the capability) to inflict real damage, they'd have gone after the payment processing infrastructure instead. But their goal isn't to break stuff. It's to do something relatively inconsequential, and see how many media organizations they can get to shit their pants over it.
This is (roughly) the same group whose crowning achievement was getting Oprah to say "over 9000 penises" on national TV. Even if they have the capability to inflict real damage—and some members clearly do—they seem to be more interested in getting attention and playing the media for complete fools. Which is way more entertaining than indiscriminately wreaking havoc on the world.
And that's the bottom line. Everything they do is for entertainment value. Because they're not terrorists; they're trolls.
Caveat Utilitor
The San Bruno explosion and reports of Stuxnet affecting operations in Iran occurred around the same time.
And the same time Mubarak resigned, I drove past Washington DC with no traffic delays.
I am Slashdot. Are you Slashdot as well?
https://github.com/Laurelai/decompile-dump
It's probably easier to introduce Anonymous as a culture. Saying "Anonymous DDoS'd a website and the FBI is now trying to identify them" is like saying "Punks spray-painted a wall and now the FBi is trying to identify all punks" (you can replace 'Punks' by 'Rappers', 'Goths', 'Bikers' and whatever else).
Once you think of Anonymous that way, you can then try to understand what they really are. Comparing them to an organization or an open, drop-in/drop-out group is much less accurate.
There's lots of 'Anonymous' people who did not take part in any DDoS attacks. Lots of those involved in Project Chanology did not take part in Operation: Payback and many involved in Chanology probably did. Some people call themselves 'Anonymous' because they share the same views or ideals, the same mindset...
Culture is definitely the best way to define Anonymous. Some (many?) adherents of this culture just happen to take part in those DDoS attacks because it fits in with the ideology of their culture. Just like eco-terrorists all happen to have strong environmental beliefs, and yet that doesn't mean that ecologists are all closely tied to eco-terrorism activities.
Who the fuck cares if they have copies of the code?
So do many other private analysts.
And HBGary is a joke of a company.
To say there are "members" and a "hierarchy" or even an actual group called "Anonymous" in any normal sense of the word reveals a lack of understanding of the phenomena.
To say that there are NOT members and a hierarchy or an actual group called Anonymous reveals a lack of understanding of human social dynamics. There most certainly IS a group called Anonymous, composed of members (some more active than others), and organized in a hierarchy.
Someone who just posts random ideas to IRC and is never listened to by anyone is not a high ranking member of the hierarchy. Another guy whose many good ideas are listened to and followed is de facto a high ranking member of Anonymous. Some other guy who often works for the cause, and has carried out many successful attacks, also has status within the group. Just because nobody is able to view the whole system from the top down transparently and SEE who is who and who has status, and judge this based on concrete terms like facts and numbers, since the whole thing is based on anonymity, doesn't mean that said status/ranking does not exist. It is an inherent property of ANY humans working together socially in groups of two or more.
> reveals a lack of understanding of human social dynamics
Are you sure Anonymous is all humans? I have it on good authority that Dogbert is a high ranking official in Anonymous.
There may be some lizard-people in there as well.
- For the complete works of Shakespeare: cat
I think everyone is missing the biggest point of whether or not Anonymous has access to the Stuxnet source code and that is, with the source code the actual creator could possibly be identified. Imagine if HBGary in some way knows what organization created Stuxnet or perhaps they had a hand in helping create it? The repercussions could be quite severe especially if it was as many claimed created by Israel with US backing. The idea in the article of the ways Anonymous could possible modify Stuxnet are simply stupid.
The other thing that everyone seems to be missing is the fact that HBGary also had in their possession a botnet that they were wanting to sell. Who would a company specializing in federal security be trying to sell a botnet to? This totally seems to be their modus operandi. "Hey government! Why create your own botnet that could be traced back to you? We can sell you one for a cheap million dollars!" Sort of the same thing they did with the Wikileaks stuff if you ask me.
And the last thing is how if the release of this information does confirm that some federal/government group did in fact have a hand in Stuxnet or was interested in buying a botnet, how totally idiotic they are in utililizing such an inept company like HBGary to help them. It really says something about security companies that specialize in government security contracts.
1. Download Metasploit/OllyDbg
2. Get Top Secret clearance
3. ???
4. Profit!!!
Your mom always said, a PB&J is better than nothing, and God is nothing, is a PB&J better than God?
False. You do not speak for the "rest of the world".
FanFictionRecs.net
There is no such thing as an "Anonymous Hacking Group". There are no senior members, or official members of any kind. You are only a member of anonymous while actively participating. The media has blown this way out of proportion. Most people don't actually understand what Anonymous is(or rather, what it isnt).
Yes, "Anonymous Hacking Group" is a bit stupid. And there may be no "senior members" or "officials", but in any group, no matter how egalitarian, there are natural leaders. I'm guessing a small number of people in Anonymous have a larger effect than the rest; they post the ideas, organize the attacks, provide the links. I've found this true in every group. Hell, being that Anonymous is pretty much a changing ad hoc group, some percentage will participate more than others, and by this they can be said to have more influence, as well.
There is no such thing as a group of equals, hierarchy and power structures self-arise naturally. Anyone who has ever been in a randomly selected group with no enforced power-structure can attest to this.
Also, just because you don't have an identifiable name, doesn't mean you aren't able to lead. There is more to indentify you than a mere name, your speech structure, writing style, style of direction, etc... also provide some amount of pseudo-identity. Look at the "Hosts file" troll who posts here every time a web browser is discussed (with his bold cites, and such), I don't know who he is, he could be you, but I sure as hell recognize his posts on sight.
A patriot must always be ready to defend his country against his government. -edward abbey
Yes and no. He claimed that he wasn't going to release names, and Ars Technica seems to confirm that from publicly released information related to this incident.
However, this tidbit would probably explain why Anonymous retaliated:
Considering that Barr mentioned elsewhere (in the leaked e-mails Ars reported) that he was doing this for publicity and to bring in money--and probably also to bolster his company's name since that wing of HBGary was going to be sold for ~$2 million--I'm not sure you could trust him as far as he could be kicked. Even his programmer expressed concerns with what Barr was doing (both to Barr as well as company executives). So no, Barr never publicly stated he would release names--maybe he did in the leaked e-mails--but the guy was an arrogant tool. I don't condone what Anonymous did, mainly because it hurt many other people in the process, but I can't imagine a more deserving target of public embarrassment than Mr. Barr.
Barr's typing was also atrocious. In a way, I think they should have gone after him for that alone, but I think that's just my inner grammar Nazi talking.
He who has no
Since you say it's not a group, but a shifting number of people who do what they individually decide, then you can't rail against "all this fucking public anonymous moralfaggotry" and "huge fucking difference between real anon--the way this "group" all started out". You can't have it both ways. The people who identify themselves as Anonymous are, in fact, Anonymous, whether you approve of the changing nature of their behavior or not.
It's like calling someone who treats others in a particularly cruel and sadistic manner "inhuman". Well of course, they're not, they're exactly human. Inhumane perhaps, but not inhuman.
Don't keep correcting people by telling them they're mis-identifying a group or hierarchy in Anonymous, while complaining about the motherfuckers who just don't act how YOU would like them to.
Me, I take them at their word, er, self-identification, and I'm comfortable applying a broad brush to them. They're all Anonymous. And they're all douchebags.
Don't take it personally, but I'm not going to read your pithy response to my post.
Here's a synopsis.
Olson quotes a source from Anonymous who briefly rattles off the contents of a slew of emails uncovered during the HBGary takedown. “Three different malware archives, two bots, an offer to sell a botnet, a genuine stuxnet copy, and various malware lists,” are supposedly among the contents.
thank God the internet isn't a human right.