Og så gik nogen nok lige der og troede, at nu var det slut med de der frække hackere, når nu FBI havde fået skovlen under Sabu, Kayla, Topiary, Tflow og resten af slænget omkring LulzSec / Antisec.
Men der tog man nok fejl. Det er ikke sådan klaveret spiller, slet ikke.
I sidste uge valgte andre af de ‘mere end 9.000′ anonyme hackere at offentliggøre beviser for et angreb gennemført mod FBI. I følge et communique fra hackerne lykkedes det, en gang i marts måned 2012, at skaffe sig adgang til en Dell Vostro notebook computer, tilhørende Supervisor Special Agent Christopher K. Stangl fra FBI’s regionale Cyber Action Team og New York FBI Office Evidence Responce Team, ved at udnytte den såkaldte ‘AtomicReferenceArray’ svaghed i Java. En række arkiver blev hentet fra agent C. K. Stangl’s computer, et af dem hed “NCFTA_iOS_devices_intel.csv”. Det viste sig at indeholde en liste med 12.367.232 Apple iOS enheder (iPhone og iPad) inklusive UDID (en slags indbygget nummerplade) brugernavne, enhedsnavne, type af enhed, adresser i adressebog incl. postnumre og telefonnumre og en række andre personlige oplysninger.
Der foreligger endnu intet om hvad FBI skulle bruge/bruger disse oplysninger til. Som dokumentation for påstanden om angrebet har Anonymous offentliggjort 1.000.001 af UDID numrene med tilhørende brugernavne, men for at beskytte de uskyldige iPhone og iPad brugere hvis enheder optræder på listen er alle øvrige informationer fjernet.
Hvis du er nysgerrig efter om din iPhone eller iPad er med på listen kan du hente den her (ja, der er også mange skandinaviske navne på listen) :
via minus (https)
Efter arkivet er hentet bør dets ægthed først kontrolleres, brug denne MD5: e7d0984f7bb632ee19d8dda1337e9fba
afkrypter derefter arkivet med openssl:
openssl aes-256-cbc -d -a -in file.txt -out decryptedfile.tar.gz
udpak så det afkrypterede arkiv:
tar -xvzf decryptedfile.tar.gz
og kontroller arkivets integritet med MD5 nøglen inkluderet i det password du brugte til at afkryptere det med tidligere: 579d8c28d34af73fea4354f5386a06a6
Ind til videre nægter FBI (selvfølgelig) ethvert kendskab til listen med de 12 mill. UDID og det samme gør Apple naturligvis. Der er dog endnu ingen der har forsøgt at betvivle ægtheden af de offentliggjorte data i øvrigt.
I forbindelse med offentliggørelsen af disse informationer slog de anonyme hackere fast at der ikke vil blive givet nogen form for interview til nogen repræsentant fra pressen før et stort billede af Adrian Chen iført strutskørt og en sko på hovedet bliver vist på web-magasinet Gawker’s forside en hel dag. Og sådan blev det så!
Her følger den fulde ordlyd af det originale communique fra de anonyme hackere:
“Now I know what a ghost is. Unfinished business, that’s what.”
― Salman Rushdie, The Satanic Verses
OHAI GUISE!!!! WE MISSED YOU ALL A LOT!!! <333333 HERE WE ARE AGAIN!!! DO YOU REMEMBER OUR USUAL OFFER? ASK FOR A COCK, GET >9000 FOR FREE!!!
1000001 iPhones and some FBI butthurt
we share ideas sometimes through the voice of twitter.com/@AnonymousIRC
so then there is where to look for news.
So well, some of you know what we were at during these last long weeks, and
probably less people know we were also testing new stuff and shits for our next
so, whatever. Happy to bring this Special #FFF Edition to you (so special that’s
even not on friday), again for the utterly lulz.
we have written our very honest statement here, ofc it was intended for those
who are truely interested on reading it, for those fellows who dont give a fuck
about ideology and who are just lurking for the candy, skip it and jump
directly to the candy and lulzy part titled: Candy and Lulzy part. we hope you
find it useful as well as funny. and for those who dont care about the whole
fucking shit… wtf r u doing here?? go and download a movie.
so here we go…
just a comment: we are still waiting for published news about the
$ 2 billions worth loans Assad has taken from Russia,
mentioned on the syrian mails
and also about the transfer of money to austrian banks etc….
and also cocks…
So, don’t be lazy journos and look for them.
a few words.
“For when all else is done, only words remain. Words endure.”
In July 2012 NSA’s General Keith Alexander (alias the Bilderberg Biddy) spoke
at Defcon, the hacker conference in Las Vegas, wearing jeans and a cool EFF
t-shirt (LOL. Wtf was that?). He was trying to seduce hackers into improving
Internet security and colonoscopy systems, and to recruit them, ofc, for his
future cyberwars. It was an amusing hypocritical attempt made by the system to
flatter hackers into becoming tools for the state, while his so-righteous
employer hunts any who doesn’t bow to them like fucking dogs.
We got the message.
We decided we’d help out Internet security by auditing FBI first. We all know
by now they make Internet insecure on purpose to help their bottom line. But
it’s a shitty job, especially since they decided to hunt us down and jail our
It’s the old double standard that has been around since the 80’s. Govt Agencies
are obsessed with witchhunts against hackers worldwide, whilst they also
recruit hackers to carry out their own political agendas.
You are forbidden to outsmart the system, to defy it, to work around it. In
short, while you may hack for the status quo, you are forbidden to hack the
status quo. Just do what you’re told. Don’t worry about dirty geopolitical
games, that’s business for the elite. They’re the ones that give dancing orders
to our favorite general, Keith, while he happily puts on a ballet tutu. Just
dance along, hackers. Otherwise… well…
In 1989 hagbard (23yrs old) was murdered after being involved into cold war spy
games related to KGB and US. Tron, another hacker, was
murdered in 1998 (aged 26) after messing around with a myriad of cryptographic
stuff (yeah, it’s usually a hot item) and after making cryptophon easily
accesible for the masses. And then you have Gareth Williams (31), the GCHQ
hacker murdered and “bagged” inside a MI6’s “safe” house (we’d hate to see what
the unsafe ones look like) in August of 2010 after talking about being curious
about leaking something to Wikileaks with fellow hackers on irc. And the list
goes on. It’s easy to cover up when they want to, hackers often have complex
personalities, so faking their suicide fits well.
You are welcome to hack what the system wants you to hack. If not, you will be
Jeremy Hammond faces the rest of his productive life in prison for being an
ideological motivated political dissident. He was twice jailed for following
his own beliefs. He worked until the end to uncover corruption and the
connivance between the state and big corporations. He denounces the abuses and
bribes of the US prison system, and he’s again facing that abuse and torture at
the hands of authorities.
Last year, Bradley Manning was tortured after allegedly giving WikiLeaks
confidential data belonging to US govt… oh shit. The world shouldn’t know how
some soldiers enjoy killing people and even less when they kill journalists. Of
course, the common housewife doesn’t deserve to know the truth about the
hypocrisy in the international diplomacy or how world dictators spend money in
luxury whilst their own people starve. Yep, the truth belongs only to the
elite, and if you are not part of them (forget it, that won’t happen), fuck
People are frustrated, they feel the system manipulating them more than ever.
Never underestimate the power of frustrated people.
For the last few years we have broke into systems belonging to Governments and
Big corporations just to find out they are spending millions of tax dollars to
spy on their citizens. They work to discredit dissenting voices. They pay their
friends for overpriced and insecure networks and services.
We showed how former govt and military officials were making new businesses
using their government relationships.
They funnel public money to their own interests for overpriced contracts for
crap level services. They use those
relationships to extra-officially resolve affairs involving their businesses.
We exposed a criminal System eliminating those who think different;
criminalizing them. This System won’t tolerate those who dig for the truth, it
can’t. So no one has the right to question anything coming from this system. if
you buy a piece of hardware or software you just need to use it as it was
supposed to be used: anything else is forbidden.
No tinkering allowed.
If you buy a Playstation, you are not allowed to use it as you want to — you
can only use it the Sony wants you to. If you have found a way to improve
something, just shut up. You are not allowed to share this info with anyone
else and let them make improvements, too. We are not the real owners of
anything anymore. We just borrow things from the System. Shiny, colorful
things, we agree to play with for a fee. A fee for life.
Because this system works only if you keep working to buy new things.
Not important if they are good things, just buy new crap, even better like that.
So everything gets outdated soon.
You home, stuff, car and computer, you will pay for everything you have for all
of your life. All the time: a monthly fee, forever until you die. That’s the
future; nothing is really yours. LAAS – Life As A Service.
You will rent your life.
And better hurry up and work all day if you want to stay alive. Work ‘til
you’re exhausted and don’t think. No — thinking is bad. Play games instead, do
drugs too, why not? Or go to the movies. The Entertainment Industry is here to
resolve all your philosophical and trascendental problems. Shiny colorful crap.
but please don’t think too much.
Thinking is dangerous.
Accept the offer, it’s the perfect deal.
You get all those amazing shiny colorful beads.
It will only cost you freedom…and your life.
Indians did it with Manhattan.
There’s nothing to worry about it, is there?
And what if you are a lone wolf who quietly outside the system, doing your own
thing, without saying a word? They will be mad as hell. They will try to find
you. You will be fucked up anyway, sooner or later. Because the system wants
you clearly identified, with all your personal details well packed into a
government database so it can make its watchdogs’ lives easier.
Security researchers are often questioned and their movements tracked by Secret
Service, FBI and other shits. They are asked about their projects, who their
clients are, who they are talking to, what they know about other hackers, etc..
So be a good monkey, follow the rules, head down and you’ll get some coins
that let you keep renting your life.
But hey! Wait…
We are hackers…
We are supposed to look beyond the rules, to find things others don’t see. And
THE SYSTEM, yeah the whole fucking system, it’s just another system.
…and we do that.
we hack systems.
This is our next challenge: to decide whether to become tools for the system,
or for ourselves. The system plans to use us to hold the next in their endless
wars, their cyberwars.
Hackers vs. hackers, slaves vs slaves.
We are trapped.
Jack Henry Abbott, a writer who was incarcerated almost his whole life for his
crimes, wrote before hanging himself: “As long as I am nothing but a ghost of
the civil dead, I can do nothing…”, the ‘civil dead’ are those, like himself,
who had their autonomy systematically destroyed by the state. Now his words
extend to cover all of us. We have seen our own autonomy being systematically
destroyed by the State. We are becoming ghosts of our dead civil rights.
So yes we are criminals, we are the criminals our dear system have created:
Argumentum ad Baculum
In a world where you fear the words you use to express yourself. Where you are
punished for choosing the wrong ones, we have just decided to follow our own
way. There’s no worst kind of slavery than one where you are afraid of your own
Governments around the globe are already in control of us in real life, and
they have now declared war on the people to take over the Internet.
It’s happening now. It’s not waiting for you to wake up.
So now my dear friends, it’s your turn to decide where you belong,
and what you are made of.
“When the people fear the government there is tyranny, when the government
fears the people there is liberty.”
― Thomas Jefferson
CANDY! CANDY! CANDY!……………candy.
HOW TO GET THE CANDY ONCE YOU HAVE DOWNLOADED THE FILE
first check the file MD5:
(lol yes, a “1337” there for the lulz, God is in the detail)
then decrypt the file using openssl:
openssl aes-256-cbc -d -a -in file.txt -out decryptedfile.tar.gz
tar -xvzf decryptedfile.tar.gz
and then check file integrity using the MD5 included in the password u used to
^ yeah that one.
if everything looks fine
then perhaps it is.
there you have. 1,000,001 Apple Devices UDIDs linking to their users and their
the original file contained around 12,000,000 devices. we decided a million would be
enough to release.
we trimmed out other personal data as, full names, cell numbers, addresses,
not all devices have the same amount of personal data linked. some devices
contained lot of info.
others no more than zipcodes or almost anything. we left those main columns we
consider enough to help a significant amount of users to look if their devices
are listed there or not. the DevTokens are included for those mobile hackers
who could figure out some use from the dataset.
file contains details to identify Apple devices.
Apple Device UDID, Apple Push Notification Service DevToken, Device Name,
We never liked the concept of UDIDs since the beginning indeed.
Really bad decision from Apple.
so the big question:
why exposing this personal data?
well we have learnt it seems quite clear nobody pays attention if you just come
and say ‘hey, FBI is using your device details and info and who the fuck knows
what the hell are they experimenting with that’, well sorry, but nobody will care.
FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will
forget the whole thing at amazing speed. so next option, we could have released
mail and a very small extract of the data. some people would eventually pick up
the issue but well, lets be honest, that will be ephemeral too.
So without even being sure if the current choice will guarantee that people
will pay attention to this fucking shouted
‘FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME
SHIT’ well at least it seems our best bet, and even in this
case we will probably see their damage control teams going hard lobbying media
with bullshits to discredit this, but well, whatever, at least we tried and
eventually, looking at the massive number of devices concerned, someone should
care about it. Also we think it’s the right moment to release this knowing that
Apple is looking for alternatives for those UDID currently and since a while
blocked axx to it, but well, in this case it’s too late for those concerned
owners on the list. we always thought it was a really bad idea. that hardware
coded IDs for devices concept should be erradicated from any device on the
market in the future.
so now candy was delivered.
few words, and just a few, about how the shit came. we don’t like too much
about disclosing this part, we understood it would be needed, so, fuck
whatever. lost asset. Hope it serves for something.
During the second week of March 2012, a Dell Vostro notebook, used by
Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action
Team and New York FBI Office Evidence Response Team was breached using the
AtomicReferenceArray vulnerability on Java, during the shell session some files
were downloaded from his Desktop folder one of them with the name of
“NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS
devices including Unique Device Identifiers (UDID), user names, name of device,
type of device, Apple Push Notification Service tokens, zipcodes, cellphone
numbers, addresses, etc. the personal details fields referring to people
appears many times empty leaving the whole list incompleted on many parts. no
other file on the same folder makes mention about this list or its purpose.
to journalists: no more interviews to anyone till Adrian Chen get featured in
the front page of Gawker, a whole day, with a huge picture of him dressing a
ballet tutu and shoe on the head, no photoshop. yeah, man. like Keith
Alexander. go, go, go.
(and there you ll get your desired pageviews number too) Until that happens,
this whole statement will be the only thing getting out
directly from us. So no tutu, no sources.
Our support to Wikileaks and Julian Assange.
respect to Tunisian and Egyptian people, keep the good fight. Dont accept new
oppressors in the place of the old ones.
To Syrian rebels: If Assad wins he will exterminate all of you till the very
last one, so better go and kill the motherfucker and his
bunch of suckers for once.
Support to Pussy Riot: Hang in there, babes! Resistance forever.
we r sorry mike about what happened to you and princess.
we didnt want to bring you in troubles with the feds
and we ve heard about the reasons leading you to have spoken out to them,
it’s sad you ve just hanged around couple of weeks with us
(we vagely understood u felt misplaced),
but looking back to some events, at the end, it was also a good choice for
hope u finish understanding it’s not about the things we think we have seen.
its always about those things we dont see.
theres always another behind behind the behind.
Greetings to all other groups struggling on their daily fight.
Remember that fights between us it’s what our adversaries are looking for.
Now this is your time.
“This is the highest wisdom that I own; freedom and life are earned by those
alone who conquer them each day anew.”
LulzSec, AntiSec, LulzXmas series, ALL YOUR BASE ARE BELONG TO US,
MegaCockLulzFestival, “I’m 12 and wat iz diz?”, CIA Tango Down,
#FuckFBIFriday, #StratforHasTheButtInFlames, #BlueHairedAaronBarr,
#WestboroChurchLovesEatingCocks, White Hats Can’t Jump, “Keith Alexander
dressing an exhuberant ballet tutu” image and others are all trademarks of
Anonymous Inc. and well…all the people in general…
Romney aber, sag’s ihm, er kann mich im Arsche lecken!
Disclaimer: We like beer and the use of manipulated bacterial ADN to transmit
well that’s all now we can move on and go to sleep.