Slashdot Mirror
Anonymous Claims Possession of Stuxnet Worm
An anonymous reader writes "Last night, a member of hacker group Anonymous announced on Twitter that the group was in possession of the Stuxnet worm. Recently, Anonymous has been in the news for its high profile attacks on software security firm HBGary, after Aaron Barr, the CEO of HBGary's sister firm HBGary Federal, claimed to have acquired the names of senior Anonymous members and threatened to release them to the public. This is where the possibility for Anonymous getting its hands on Stuxnet increases."
Yeah, so? I have a copy of the Code Red and Nimda somewhere in my office. Am I dangerous? No. Because they are known viruses and the holes the exploits used have been patched shut now.
Karma: Excellent. 15 moderator points expire sometime.
In other news: Iran claims posession of the Stuxnet virus as well
Anyone can get a copy of the Stuxnet worm, just create an account on the right security forums and download a copy.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Lets look at the situation properly:
Anonymous is a group composed of [Members N], lead by [Leader L] of [belief X], who attempt to attack [Company Y] over [Reason Z].
Now, we know nothing about L or N. We don't know who took part in DDOSing mastercard (or who lead it), we don't know who hacked into the site (or who lead it), nor do we know their link to whoever DDOSed scientology, google bombed scientology, or protested in the streets. We don't know anything.
So assuming that N and L are variable. X changes with L.
So Anonymous isn't really a group. Its not a 'group of people which are now becoming a terrorist group'. Its an ever-changing grouping of different people by a different leader who chooses their target and their method. Do they have a master plan? Not really.
So viewing how anon changes is rather useless, since pretty much everything changes all the time.
This is the equivalent of looking at the human race at a whole and claiming that "The human race attacked Iraq, after attacking Poland in 1942, and Troy at some point in history" and trying to draw a conclusion.
If you are talking about the Anonymous from 4chan, then there isn't any group like that. That implies to much organisation, a hierachy, an organization.
The idea originally was related but NOT the same to "I am Spartacus". And many people don't even understand that statement.
The "I am Spartacus" statement is this: "I hereby declare that I am the person you are seeking and accept all responsibility for my actions." If you state this, you BECOME Spartacus, you are it and LOOSE yourself with it. You can't say, "I smallfurrycreature represent Spartacus", you surrender yourself to the cause and become it. In the movie, the people all nailed up, are ALL Spartacus and by doing so the idea of Spartacus if not the person becomes invincible. No matter how many Spartacusses you nail to a cross, there is always one more just around the corner. It is the undying hero, the person dies but the idea goes on.
This doesn't sit well with our individual culture.
Anonymous takes this even further, if people understood it. You cannot state "I am Anonymous" for this is silly. The moment you tie yourself to this concept, you are no longer anonymous. You can speak with a thousand voices, you can at best be one voice representing a thousand but never a thousand. You cannot be anonymous only be a non-significant part of it.
The real idea behind it all on 4chan was to give a name to the movements/actions that were observed. It is like watching the migration patterns of animals and calling them Bob. Just because it now sounds like a person doesn't mean that a wildebeast migrating represents Bob or is controlled by the motives of Bob.
Does any of this rant matter
Yes. The Muslim brotherhood, are they the protesters in Egypt? Some western "news" stations would have you believe this. BUT this has NOT been an Islamic revolution. It might or might not become one but the protests where NOT guiden or orchastrated by them... some PROTESTERS might have been but not the "protest". It can be hard to grasp the difference. It is the difference between the resentment of the masses and individual grievances. Same as the protests in Tunesia were not about a closed vegetable stand or in Egypt about the beating of a youth or in France about cake or in the USA about tea.
Anonymous is not a group that exists on 4chan in /b/. If anything it is the behavior of individual but unknown people who use the web to do something in a minimally organised way to have a far reaching effect. It is the mob effect on the internet.
That means that there is no point in ousting its leaders. You can get the leaders of one mob and might even be cheered for that by the mob next to it. Anonymous cheers cat killers and hunts them down. It is not a singleton, it is a class. You can spawn things from it but almost by its nature, the moment you do that is ceases to be the idea and it becomes Anonymous XYZ the group.
Anonymous doesn't have its hands on anything and has its hands on everything because we can all be Anonymous and we all aren't.
But media doesn't grasp that since they need to put a face to the name. But ultimately this means that Anonymous will just get more legenday. Strike one group down and another will take its place. Just as killing a few hundreds protestors, and arresting/torturing far more, did NOTHING to stop the protest in Egypt. Or killing all the buffalo stopped Bob.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
"Anonymous" is not simply a group that uses anonymity.
Anonymous is an un-group. It is the collection, at any single moment in time, of people attempting to achieve a common goal loosely organized via anonymous internet communications. The anonymous people working on a common goal, can change from day to day or moment to moment. The goal(s) being worked on can change from day to day and moment to moment. A call for action is thrown out in various anonymous Internet places, and some people who frequent those places decide the goal sounds worthwhile to them for various reasons, different for each person. Others decide the goal is not worthwhile and ignores it or calls out the original poster for having selfish reasons for the call to action ("We're not your personal army").
To say there are "members" and a "hierarchy" or even an actual group called "Anonymous" in any normal sense of the word reveals a lack of understanding of the phenomena.
- For the complete works of Shakespeare: cat
Wait, so they have a copy of something that was designed to replicate itself and is known to have spread to literally hundreds of thousands of unsecured machines? And they have a binary copy of it? I'm going to write the rest of this post from my bomb shelter.
The media talk about Anonymous like it's some shadowy terrorist super-villain collective, but that's really missing the point. Anonymous is, at its core, the world's most prolific troll. Look at the sites they attacked in the whole WikiLeaks affair. Visa.com and MasterCard.com? It's obvious to anyone with a clue that these are symbolic targets. If they'd had the desire (and arguably the capability) to inflict real damage, they'd have gone after the payment processing infrastructure instead. But their goal isn't to break stuff. It's to do something relatively inconsequential, and see how many media organizations they can get to shit their pants over it.
This is (roughly) the same group whose crowning achievement was getting Oprah to say "over 9000 penises" on national TV. Even if they have the capability to inflict real damage—and some members clearly do—they seem to be more interested in getting attention and playing the media for complete fools. Which is way more entertaining than indiscriminately wreaking havoc on the world.
And that's the bottom line. Everything they do is for entertainment value. Because they're not terrorists; they're trolls.
The San Bruno explosion and reports of Stuxnet affecting operations in Iran occurred around the same time.
And the same time Mubarak resigned, I drove past Washington DC with no traffic delays.
I am Slashdot. Are you Slashdot as well?
"shadowy hackers"
With each passing year of hacking I've become so increasingly shadowy that by now I'm not just *shadowy*, I'm positively *shady*. On summer days people position themselves so that I'm between them and the sun.
I prefer to think of myself as "attractive". When my daughter entered the science fair, I used my attractiveness to help her win. Her rival was explaining the Cavendish experiment, but I sabotaged his demonstration by standing next to the apparatus.
Some people say I'm self centered. They say I've lost touch with the outside world. But look at it from my point of view: I've been hacking so many years that my arms are now shorter than my Schwartzchild radius. I'm not fat, though. They say if you're not fat if you can see your feet. Thank $deity for gravitational lensing.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
It's probably easier to introduce Anonymous as a culture. Saying "Anonymous DDoS'd a website and the FBI is now trying to identify them" is like saying "Punks spray-painted a wall and now the FBi is trying to identify all punks" (you can replace 'Punks' by 'Rappers', 'Goths', 'Bikers' and whatever else).
Once you think of Anonymous that way, you can then try to understand what they really are. Comparing them to an organization or an open, drop-in/drop-out group is much less accurate.
There's lots of 'Anonymous' people who did not take part in any DDoS attacks. Lots of those involved in Project Chanology did not take part in Operation: Payback and many involved in Chanology probably did. Some people call themselves 'Anonymous' because they share the same views or ideals, the same mindset...
Culture is definitely the best way to define Anonymous. Some (many?) adherents of this culture just happen to take part in those DDoS attacks because it fits in with the ideology of their culture. Just like eco-terrorists all happen to have strong environmental beliefs, and yet that doesn't mean that ecologists are all closely tied to eco-terrorism activities.
To say there are "members" and a "hierarchy" or even an actual group called "Anonymous" in any normal sense of the word reveals a lack of understanding of the phenomena.
To say that there are NOT members and a hierarchy or an actual group called Anonymous reveals a lack of understanding of human social dynamics. There most certainly IS a group called Anonymous, composed of members (some more active than others), and organized in a hierarchy.
Someone who just posts random ideas to IRC and is never listened to by anyone is not a high ranking member of the hierarchy. Another guy whose many good ideas are listened to and followed is de facto a high ranking member of Anonymous. Some other guy who often works for the cause, and has carried out many successful attacks, also has status within the group. Just because nobody is able to view the whole system from the top down transparently and SEE who is who and who has status, and judge this based on concrete terms like facts and numbers, since the whole thing is based on anonymity, doesn't mean that said status/ranking does not exist. It is an inherent property of ANY humans working together socially in groups of two or more.
I think everyone is missing the biggest point of whether or not Anonymous has access to the Stuxnet source code and that is, with the source code the actual creator could possibly be identified. Imagine if HBGary in some way knows what organization created Stuxnet or perhaps they had a hand in helping create it? The repercussions could be quite severe especially if it was as many claimed created by Israel with US backing. The idea in the article of the ways Anonymous could possible modify Stuxnet are simply stupid.
The other thing that everyone seems to be missing is the fact that HBGary also had in their possession a botnet that they were wanting to sell. Who would a company specializing in federal security be trying to sell a botnet to? This totally seems to be their modus operandi. "Hey government! Why create your own botnet that could be traced back to you? We can sell you one for a cheap million dollars!" Sort of the same thing they did with the Wikileaks stuff if you ask me.
And the last thing is how if the release of this information does confirm that some federal/government group did in fact have a hand in Stuxnet or was interested in buying a botnet, how totally idiotic they are in utililizing such an inept company like HBGary to help them. It really says something about security companies that specialize in government security contracts.
1. Download Metasploit/OllyDbg
2. Get Top Secret clearance
3. ???
4. Profit!!!
Your mom always said, a PB&J is better than nothing, and God is nothing, is a PB&J better than God?