Anonymous, AnonOps und Heihachi
Samstag, 15. Januar 2011
Eine Übersetzung für diesen Text ist nicht verfügbar.  Bitte wählen Sie die englische Version.
Things regarding the collective changed in an unexpected way, after people in late 2010 thought they had realized "Anonymous" would be a loosely formed movement, and not be a professional hacker group, cyber criminals or even a terrorist organization.

In a useful and forthright manner reporters and readers on have repeatedly echoed out that they have no idea who is behind so called "Anonymous" [1]. Also for quite some time the world's governments and feds gave credence to the myth that the Internet was under the threat of unruly teenagers, and not professional cyber criminals or even a terrorist organization. All that changed on 18th of December when Anonymous apparently attacked The Spamhaus Project out of the sudden, as a result of a press release by the nonprofit company.

Within the press release Spamhaus basically warned the public not to connect to fake Wikileaks servers, especially and, whereat the latter was the former Wikileaks main website. Spamhaus previously became aware that the main Wikileaks website,, was redirecting web traffic to a 3rd party mirror site, This new website was being hosted in a very dangerous "neighborhood", namely Webalta's IP address space, a "blackhat" network which Spamhaus believes catered primarily to, or was under the control of, Russian cybercriminals. Further Spamhaus stated that the Webalta netblock has been listed on the Spamhaus Block List (SBL) since October 2008 [2].

Spamhaus regards the Russian Webalta host (also known as Wahome) as being "blackhat" - a known cybercrime host from whose IP space Spamhaus only sees malware/virus hosting, botnet C&Cs, phishing and other cybercriminal activities. These included routing traffic for Russian cybercriminals, who use malware to infect the computers of thousands of Russian citizens. Spamhaus also noted that the DNS for was controlled by Webalta's even more blackhat webhosting reseller "", as evidenced by the DNS records for the domain [3]. Spamhaus finally found some very clear words: "The site data, disks, connections and visitor traffic, are all under the control of the "Heihachi" cybercrime gang. There are more than 40 criminal-run sites operating on the same IP address, [such] as, including,,, and bank phishes [like] and"

Thus some things can be assumed here: someone gained control over and who was not the one in charge of, which was meant to be the new official website. Most likely these people were retaliating by using their botnets to DDoS Spamhaus under the flag of Anonymous, which was then (falsely) imagined to become "AnonOps". Maybe some of the people who call themselves Anonymous may also be participating in the DDoS against Spamhaus (on a regular basis); which however is yet unclear [4]. It further can be assumed that always was the real website, also since Spamhaus has never issued a warning about it. Simonet Denis, a member of the Pirate Party of Switzerland, registered (four A-Records, one IP is in 2010.

Unfortunately the "real" Wikileaks website did not use trusty SSL certificates. In the meantime someone on Slashdot apologized for the SSL issue, and mentioned that the "official" Wikileaks people have not (yet) identified a signing authority that they feel confident with [5]. The same person also said that it cannot speak for any of the issues specific to Wikileaks, such as document submission or the status of the website.

It seemed that Anonymous performed the attack on Spamhaus, and must therefore be considered a false flag operation, and that these bad guys should be called "AnonOps" and treated as such. However this is not correct! The intelligence we have indicates, that it is quite unlikely the real attackers were a bunch of young hackers, with no idea what they were doing; and so it is also probable the 2010 Amazon DDoS plan was simply a red herring. Moreover all of us have to understand, that there is a problem with organizations like Anonymous, AnonOps and especially Heihachi, with no inherent structure or visible chain of command – they can hardly be distinguished and thus hardly be antagonized [6]. Here the circle closes, if you may read the headline of this article once again.

The Spamhaus people stated something very clearly on their website: "It now appears far more likely that the DDoS was the work of people running, or hosting at, the Heihachi cybercrime group. Possibly they were angered by the attention this article brought to their dirty section of the internet." We think that should make us aware of what the real danger to the public is, if these criminals just go that far to achieve their aim [7]. Ultimately it leaves us with one question: "Wow can we effectively protect ourselves and fight such threats in the future?"

Zuletzt aktualisiert (Mittwoch, 15. Januar 2014)


  2022-01-08 ✴ 20:00 UTC




  ᐊ 1&1 INTR. AG  CDN


Sollte ✛ΔO »counter- intelligence« anwenden?
∘ Ja, es gibt Bedarf für solche Operationen.
∘ Nein, denn dies zu tun ist zu risikoreich.


Bookmark site Via Cmd oder Strg + D
Bookmark page Via Cmd oder Strg + D


  Besucher: 788.250+ ℮


  25 Jahre Linux



  Code of Arms: Frankfurt


  Anlage: Offen und in Betrieb
©  2003 - 2024   TRON-DELTA.ORG  (NGO)   –   Nongovernmental  Intelligence  Organization
Portal v5.06.102 R 1 mit ✛ΔO LXCMS v1.1