THE  TRON-DELTA.ORG  ADMINISTRATION  HAS  ISSUED  SPECIAL  NOTICE  Δ-S8X001  (2020)
 
Anonymous, AnonOps and Heihachi
Saturday, 15 January 2011
Things regarding the collective changed in an unexpected way, after people in late 2010 thought they had realized "Anonymous" would be a loosely formed movement, and not be a professional hacker group, cyber criminals or even a terrorist organization.

In a useful and forthright manner reporters and readers on slashdot.org have repeatedly echoed out that they have no idea who is behind so called "Anonymous" [1]. Also for quite some time the world's governments and feds gave credence to the myth that the Internet was under the threat of unruly teenagers, and not professional cyber criminals or even a terrorist organization. All that changed on 18th of December when Anonymous apparently attacked The Spamhaus Project out of the sudden, as a result of a press release by the nonprofit company.

Within the press release Spamhaus basically warned the public not to connect to fake Wikileaks servers, especially wikileaks.info and wikileaks.org, whereat the latter was the former Wikileaks main website. Spamhaus previously became aware that the main Wikileaks website, wikileaks.org, was redirecting web traffic to a 3rd party mirror site, mirror.wikileaks.info. This new website was being hosted in a very dangerous "neighborhood", namely Webalta's 92.241.160.0/19 IP address space, a "blackhat" network which Spamhaus believes catered primarily to, or was under the control of, Russian cybercriminals. Further Spamhaus stated that the Webalta 92.241.160.0/19 netblock has been listed on the Spamhaus Block List (SBL) since October 2008 [2].

Spamhaus regards the Russian Webalta host (also known as Wahome) as being "blackhat" - a known cybercrime host from whose IP space Spamhaus only sees malware/virus hosting, botnet C&Cs, phishing and other cybercriminal activities. These included routing traffic for Russian cybercriminals, who use malware to infect the computers of thousands of Russian citizens. Spamhaus also noted that the DNS for wikileaks.info was controlled by Webalta's even more blackhat webhosting reseller "heihachi.net", as evidenced by the DNS records for the domain [3]. Spamhaus finally found some very clear words: "The site data, disks, connections and visitor traffic, are all under the control of the "Heihachi" cybercrime gang. There are more than 40 criminal-run sites operating on the same IP address, [such] as wikileaks.info, including carder-elite.biz, h4ck3rz.biz, elite-crew.net, and bank phishes [like] paypal-securitycenter.com and postbank-kontodirekt.com."

Thus some things can be assumed here: someone gained control over wikileaks.info and wikileaks.org who was not the one in charge of wikileaks.ch, which was meant to be the new official website. Most likely these people were retaliating by using their botnets to DDoS Spamhaus under the flag of Anonymous, which was then (falsely) imagined to become "AnonOps". Maybe some of the people who call themselves Anonymous may also be participating in the DDoS against Spamhaus (on a regular basis); which however is yet unclear [4]. It further can be assumed that wikileaks.ch always was the real website, also since Spamhaus has never issued a warning about it. Simonet Denis, a member of the Pirate Party of Switzerland, registered wikileaks.ch (four A-Records, one IP is 46.59.1.2) in 2010.

Unfortunately the "real" Wikileaks website did not use trusty SSL certificates. In the meantime someone on Slashdot apologized for the SSL issue, and mentioned that the "official" Wikileaks people have not (yet) identified a signing authority that they feel confident with [5]. The same person also said that it cannot speak for any of the issues specific to Wikileaks, such as document submission or the status of the wikileaks.org website.

It seemed that Anonymous performed the attack on Spamhaus, and must therefore be considered a false flag operation, and that these bad guys should be called "AnonOps" and treated as such. However this is not correct! The intelligence we have indicates, that it is quite unlikely the real attackers were a bunch of young hackers, with no idea what they were doing; and so it is also probable the 2010 Amazon DDoS plan was simply a red herring. Moreover all of us have to understand, that there is a problem with organizations like Anonymous, AnonOps and especially Heihachi, with no inherent structure or visible chain of command – they can hardly be distinguished and thus hardly be antagonized [6]. Here the circle closes, if you may read the headline of this article once again.

The Spamhaus people stated something very clearly on their website: "It now appears far more likely that the DDoS was the work of people running, or hosting at, the Heihachi cybercrime group. Possibly they were angered by the attention this article brought to their dirty section of the internet." We think that should make us aware of what the real danger to the public is, if these criminals just go that far to achieve their aim [7]. Ultimately it leaves us with one question: "Wow can we effectively protect ourselves and fight such threats in the future?"

References:
Last Updated (Wednesday, 15 January 2014)
 
 
Folding@Home
 

DOCUMENT TIME

  2022-01-08 ✴ 20:00 UTC

CYBER THREATCON

  ✛ΔO CYBER THREATCON: No Level

SECURITY MODULE

  ᐅ REQUESTOR / YOU
  ᐊ 1&1 INTR. AG  CDN

POLL / VOTE

Should ✛ΔO engage more in counter-intelligence?
∘ Yes, there is a need for such operations.
∘ No, because it may be very dangerous.

BOOKMARK

Bookmark site Press Cmd or Ctrl + D
Bookmark page Press Cmd or Ctrl + D

STATISTICS

  Visitors: 788.250+ ℮

CAMPAIGNS

  25 Years of Linux

TECHNOLOGY BASE

COAT OF ARMS

  Code of Arms: Frankfurt

OPERATING STATUS

  Facility: open and operating
 
©  2003 - 2024   TRON-DELTA.ORG  (NGO)   –   Nongovernmental  Intelligence  Organization
Portal v5.06.102 R 1 on ✛ΔO LXCMS v1.1