Anti-Sec = Anti –Security. It’s essentially a renegade group seeking to hijack computers in order to spread their virulent message. If you use the image-sharing host ImageShack, you may have seen the image at right if you tried to log on last night. Apparently, ImageShack was hacked by the guys calling themselves the Anti-Sec Movement. These same hackers were also able to send emails to ImageShack users using the contacts that ImageShack itself uses to communicate with its users.
In order to understand the Anti-Sec Movement, and their actions, it’s imperative to understand their philosophy.
Do some hackers hijack our computers in order to sell us security software? The Anti-Sec folks would answer affirmatively. It’s akin to those commercials where a young girl or young mother is at home at night, and some bushy-haired stranger, or otherwise menacing-looking dude is breaking a window to get in, then – cut to the home security ad. Well, what if those same home security systems, using a sort of capitalistic subterfuge, really sent bushy-haired strangers out at night to break our home windows, thereby scaring us into buying their security product?
Sounds ludicrous, I know, but the idea that the security industry is, in fact, doing that is not new, and the cyberspace is abuzz with the debate of "full disclosure": is it right? Is it wrong? Is it merely a form of capatilistic chicanery gone amok? (More on that in a minute.) The idea here – or the allegation -- is essentially the same. Or at least that’s some of the Anti-Sec hyperbole flying around in cyberspace.
Here’s the deal: Anti-Sec guys are apparently wholly against the idea of “full disclosure.” What’s that, you ask? According to the rogue group, it’s the security industry practice of making publicly available all security vulnerabilities in order to, as in the example above, enrich itself by selling yet more security software, firewalls, ad nauseum. But, so the gripe by Anti-Sec goes, by making public this security vulnerability information, “genuine” hackers can use it to further their malicious ways, thereby causing all us grief and to, well, buy more security and anti-virus software. It’d be like the United States government publishing top secret security vulnerabilities at nuclear power plants, thereby practically forcing us to buy their nuclear-proof spacesuits. That’s a far-fetched analogy, but you get the gist.
So the Anti-Sec Movement proposes – indeed, they promise -- to hack any and all such alleged perpetrators with its perceived impunity, ostensibly in order to stop the perps from “full disclosure.”
Following is a part of the Anti-Sec message (link withheld):
Check list / Goals:
Take down every public forum, group, or website that helps in promoting exploits and tools or have show-off sections.
Publish exploits rigged with /bin/rm to whitehats, let them rm their own boxes for you.
Spread the anti-security movement.-----[ Rules of Engagement:
Don't get too cocky.
Don't underestimate anyone.
Also:
F**k full-disclosure
~ F**k the security industry
~ Keep 0days private
~ Hack everyone you can and then hack some moreBlend in.
Get trusted.
Trust no one.
Own everyone.
Disclose nothing.
Destroy everything.
Take back the scene.
Never sell out, never surrender.
Get in as anonymous, Leave with no trace.
So is it coming to town? If you use the image-sharing ImageShack, yes, or at least it did last night. Or how about Twitter? (Breached in January 2009, though not by Anti-Sec.) Or MySpace? The Anti-Sec Movement hasn’t breached all these social media forums, but I wouldn’t be surprised if they tried. According to their virulent weltanschauung, it appears the ends justify the means.
CyberLaw is a very interesting area in that it does not have the benefit of hindsight as common law generally does. It’s essentially unchartered territory, and legislators will have to propose new legislation to deal with “new” crimes. After all, if it’s not on the books, it’s not a crime, so to speak. Common terms we now bandy about, like cyber terrorist, hacker (which, by the way, wasn't an originally negative term), etc, were unheard of in the not-too-distant past. And who knows what new crimes the hackers will dream up next.
During my investigation, it appears the Anti-Sec Movement posted a plethora of YouTube videos – all of them posted within the last 8 or 9 hours, some with instructions on how to hack ImageShack. Now the videos appear with a message stating something like “You Tube removed this video due to copyright issues … “
By the way, at the end of the manifesto posted by the Anti-Sec Movement on ImageShack, it reads “No images were harmed in the making of this … image,” suggesting that users’ actual images are safe … somewhere. For the time being.
For more info: If you log on to ImageShack, and see the dreaded image accompanying this article, you are advised that you should re-upload said images and replace hacked links.
Please see www.whatthetrend.com here.
And Marshable.com, the “social media guide” here.
Comments
Whew...for a minute there, I thought this article was about my honeymoon night!
Thanks for withholding the link...I would have clicked on it to see what would have happened.
Thanks for elaborating on this story. I wasn't sure what Anti-Sec was about.
Just for the record, genuine hackers aren't bad guys. The horse may be beat well beyond dead but crackers are bad guys. Now the phrase is black hat for bad guys, gray hat for questionable, and white hat hackers for good guys.
I run Linux which by it's nature is stronger. 3rd party software and userland configuration is often riddled with weaknesses but it's still more reliable. Times I've had to deal with breakins in the last 12 years: 4, times I've had to deal with a Linux/*nix virus: 0, money I've spent on anti-virus and firewall/security software: $0.
The anti-virus companies thrive off of you because you let them.
I'm all for full disclosure. Learn how to protect your own computer like you learned how to close your own windows and doors, lock them, close the curtains etc. If you're a software developer, don't get fussy at black hat hackers for weaknesses and bugs in your code. You're just as much at fault as they are. Don't be lazy, write robust software.
I'm predicting many of the fellows perpetrating this chicanery possess insignificant genitalia.
Count me as one of those who got owned by this. :(
I believe this article is unintentionally biased. It's a pretty good run down though.
The analogy of home security is not so cut and dry. More like this: You buy a house. It has "good" locks. Even bars across the windows. Random John notices that the front door lock has a deficiency. Everyone else in the neighborhood has the same locks. John then shares a procedure of how to bypass the lock without a key.
Suddenly every house is vulnerable, but - the lock manufacturer must fix it fast, or lose some serious credibility. If they had built it right in the first place, this problem would not exist.
It really is a separate issue from the what some scrupulous firewall vendors are doing.
"crackers are bad guys"
Once again someone has mixed up terms; a cracker is a person who cracks software, usually by means of reverse engineering.
and i'm not even going to go into the terms of black hat, grey hat or white hat. if you want to know what they really are just read the text from the link below, there is not enought room here for me to go into the truth about these meanings.
read more at romeo.copyandpaste.info
Article was very interesting and very informative on and what they (Anti-Sec) are up to.
Anti-Sec are so limp wristed that I suspect they are actually Anti-Sex. Maybe if they got some they would grow up
Dearest readers:
I asked my 17-year-old son Trevor Hartsfield about this because, well, he's a computer geek (Yes, I am soooo glad LOL!!). He had this to say regarding Anti-Sec:
"They're a movement/organization that doesn't like the computer security industry's habit of full-disclosure, which is where they [the 'puter industry] release info about damaging exploits publicly, meaning anyone, including people with malicious intent, can see (and use) them.
A really big reason it's done is as a scare tactic, if you don't have their software YOU COULD BE TARGETED! etc
To push their point they use said exploits to hack websites."
I do consider -- and will write about -- varying viewpoints, so feel free to leave your view in as diplomatic a way as possible, or request a review of a particular one at samihartsfield@gmail.com.
Best,
Sami
Excellent warnings and isn't it amazing how teens seem to know so much about this? what I found scary this week (including this now) was the DOS cyber attacks, possibly by North Korea the potential there is huge if they can go beyond programming for Denial of service and get further into the US financial and security systems.
Not a group, A movement, I'm not sure how many times it needs to be said. Antisec encompasses numerous groups.
If Anti-Sec post You-tube videos detailing how to hack imageshack then they have done what they claim they are opposed to by posting details of an exploit. Looks like they have lost the plot and are just hypocritical fame seekers themselves.
Got something to say?
Examiner.com is looking for writers, photographers, and videographers to join the fastest growing group of local insiders. If you are interested in growing your online rep apply to be an Examiner today!