AT&T iPad hackers further clarify their stance

vbimport

#1

AT&T iPad hackers further clarify their stance.

[newsimage]http://static.rankone.nl/images_posts/2011/01/MYWlqu.jpg[/newsimage]After the news broke this week about two self-described hackers being arrested for allegedly breaking into AT&T’s 3G network and stealing the email addresses from over 100,000 iPad users, another member of the hacking group has taken to the internet in defense of his two friends.


Read the full article here: [http://www.myce.com/news/att-ipad-hackers-further-clarify-their-stance-38999/](http://www.myce.com/news/att-ipad-hackers-further-clarify-their-stance-38999/)


Please note that the reactions from the complete site will be synched below.

#2

Oh where to start, I guess the first would be to authors like the one of this article who assist in spreading a troll campaign by a number of self confessed druggies. Goatse security was started as a joke by “GNAA” or Gay Nigger Association of America to spread the name of a shock site while acting as a front for some some work they wanted to be more public about. The relationship is obvious, and you should be ashamed for spreading the propaganda of those who use hate, violence, and racial divide as tools for their amusement.

Linking back to GNAA, a site currently hosting libel based on the Arizona shooting, on the Goatse site:
Goatse.fr --> GNAA.eu http://www.webcitation.org/5vt6y0JGF
http://www.gnaa.eu/wiki/pr/2011-01-09-gnaa-kunwon http://www.webcitation.org/5vrtbdjNU

Hosted on the same infrastructure that is used for hosting malware and content used in spam campaigns: http://www.robtex.com/dns/goatse.fr.html http://www.webcitation.org/5vt7Sjyj1
http://www.robtex.com/dns/gnaa.eu.html http://www.webcitation.org/5vt7vJyo8

Same user roster for both groups, including those involved in planning and executing the libel, malware hosting, spam campaigns aimed at directing traffic to the malware:
Goatse Security roll-call here: http://seclists.org/fulldisclosure/2010/Jul/153 http://www.webcitation.org/5vt82Eclb
Many users involved with GNAA named here in their own coding work, including Rucas: http://www.gnaa.eu/browser/trollforge http://www.webcitation.org/5vt8PmbAA


#3

Onto the five points of clarification provided by Rucas aka Nick Price, a Texas resident:
http://www.wired.com/images_blogs/threatlevel/2011/01/Spitler-Daniel-et-al.-Complaint.pdf is referenced a few times.

  1. Thanks for admitting the email details were breached. You knew this was wrong, probably why in the logs provided by one of the snitches amongst your peers, you detailed why Spliter aka JacksonBrown should make his network insecure as to create a plausible lie to use to federal agents. From the complaint pdf:
    After the Gawker Article was published, defendant Spitler was afflicted by “post-troll paranoia” and solicited advice from other Goatse Security members. “Rucas” offered the following: “what i’d do RIGHT NOW is open your router reset default passwords turn off wep etc that gives you some sort of plausible deniability that it was actually YOU using your internet if you can see other wireless networks in your area use their SSID that way idiots on xp will automatically connect to yours sometime and you can show that there are people who are NOT YOU on your network [.]”

  2. In systems with sloppy authentication implementations, is it acceptable to use credentials used to access user info? Again you knew this was wrong, again thanks to the log snippet of you included in the complaint, provided by one of the snitches amongst your peers:
    “Rucas: sure you did you did the exact same thing as changing a username in a url to gain access to a protected site”

  3. According to, again the logs of GNAA members boasting amongst each other, ATT was not informed, and no post was made to full disclosure:
    Later that day, defendants Spitler and Auernheimer and other Goatse Security members discussed who in the press had disclosed the data breach to AT&T, since, contrary to the Gawker Article, neither defendant nor anyone from Goatse Security had. Indeed, defendant Auernheimer admitted as much to "Nstyr:"
    Nstyr: you DID call tech support right?
    Auernheimer: totally but not really
    Nstyr: 101
    Auernheimer: i dont fuckin care i hope they sue me

  4. Why did the group make an effort to download all those emails? A proof of concept, an email to full disclosure after contacting ATT was all that was needed. But immediately attempts were made to collect as much info as possible before the hole was closed. This is supported by, again, their own words:
    Spitler: I hit fucking oil
    Auernheimer: looooool nice
    Spitler: If I can get a couple thousand out of this set where can we drop this for max lols?
    Auernheimer: dunno i would collect as much data as possible the minute its dropped, it’ll be fixed BUT valleywag i have all the gawker media people on my facecrook friends after goin to a gawker party

  5. Point five is the typical “baww i’m the victim” stance a troll takes once the heat comes on. Nick mentions the info was not otherwise used, this is because weev being the attention whore that he is, directed the whole release to be used as a form of publicity. That was weev’s idea, but what about what Rucas, aka Nick Price wanted to do? In his own wording from the complaint pdf:
    As defendants Spitler and Auernheimer were conversing, another Goatse Security member, “Rucas,” offered his advice on how best to use the ICC-IDle-mail address pairings, stating: “dont go to the press sell the list to competitors … i just had an idea send out at&t phishing e-mails to all these idiots with an ipad trojan[.]”

How very noble of this group to defend themselves like this after exposing so many of their damning actions to the public for “lulz.”


#4

Now a little more on one named Rucas, aka Nick Price of Texas:

He likes to spam, so much so he helped write up ASIAN or Automated Synchronous IRC Assault Network, some code made to flood Internet Relay Chat networks with spam, some of it malicious content hosted on GNAA’s infrastructure.
http://wepump.in/proxy/arab-3.0 http://www.webcitation.org/5vtBMtXmg
Here you can see what Rucas aka Nick Price’s mind is usually dwelling on:
http://www.gnaa.eu/browser/trollforge/rucas/ http://www.webcitation.org/5vtC6qYLY

Of course what would code be without a use for it? Here is Nick taking part in some spamming, also JacksonBrown aka Spitler was there:
<&Rucas> about to demolish irc.financialchat.com #activetrader
<&Rucas> if ne1 wants 2 watch
<+JacksonBrown> Rucas: ne freenode
<&Rucas> did it already
<&Rucas> all klined

Props to the network of snitches GNAA has, seems like every white power organization is just riddled with them:
<&Rucas> BOTS PRIMED
<&Rucas> AND POINTED AT FREENODE
<&Rucas> THIS WILL BE TERRIBLY RUINOUS

Here you can see how GNAA focus’s on those who oppose their spamming, using their identities for libel later, guest appearance by Daniel Martin aka _mre|666:
<Rucas> i was banned for literally NOTHING
<_mre|666> rucas: they’ve been banning me for noting for awhile
<Rucas> will have dox on kunwon1 shortly
<Rucas> aka DAVID J MOORE
http://www.gnaa.eu/wiki/pr/2011-01-09-gnaa-kunwon http://www.webcitation.org/5vrtbdjNU

I must give credit to the author of the article these comments are posted on. Without such a lack of investigative spirit, and extreme willingness to pass on any propaganda someone hands to you. I would not feel compelled to fill in the ‘gaping’ holes. :slight_smile:


#5

Hi bobbobbobber. Thanks for “filling in the holes”. I’m sure our readers will appreciate seeing another side of the story.


#6

Hello, GNAA President Murdox here. The user known as “bobbobbobber” seems to have been posting the same story on every goatsec article in which the user “rucas” is mentioned, but that’s neither here nor there.

We take particular offense to the line “The relationship is obvious, and you should be ashamed for spreading the propaganda of those who use hate, violence, and racial divide as tools for their amusement”. The GNAA raise awareness of racial and sexual inequality (something that, sadly, remains a reality in america to this very day) through the use of (sometimes shocking) rhetoric and terms. Yes, we have black and homosexual members. Female members too.

I personally have never seen any of my users chat those IRC logs, and grepping through my IRC folder it seems like they weren’t said at all. It is, in fact, hideously easy to forge IRC logs due to the non-standard nature of IRC formatting.

Rucas frequently writes flood-testing tools. They are invaluable for keeping our IRC network free of spam bots.

I think that’s about it, since goatsec’s stellar security work can speak for itself. Thank you.