RT: Anonymous thrown into China-US cyberwar scandal

February 20, 2013 16:04

AFP Photo / Aris Messinis

AFP Photo / Aris Messinis

Members of the Anonymous movement including alleged ringleader-turned-informant Hector “Sabu” Monsegur may have played a crucial role in helping cybersecurity experts narrow in on the Chinese hackers profiled in a highly touted report released this week.

In a report published Tuesday by Northern Virginia information security company Mandiant, an elusive cybersquadron of hackers hired by China’s People’s Liberation Army are linked to compromising as many as 141 companies across 20 major industries in recent years, including a corporation with access to Canada’s oil pipelines and entities of the United States government.

At around 70 pages, the report offers an introduction into the group, Unit 61398, and explains how computer experts at Mandiant were about to come close to pin-pointing three agents within the “Advanced Persistent Threat” group, or ATP1, that they believe have participated in a covert cyberwar against the US on behalf of the Chinese military.

Buried deep in the report, however, is evidence that Mandiant didn’t do all the work alone: the authors of “Exposing One of China’s Cyber Espionage Units” say that a 2011 hack perpetrated by the loose-knit Anonymous collective has been instrumental in making ground regarding the identity of the Far East hackers.

In the report, Mandiant offers a brief profile of three hackers believed to be involved with ATP1: “uglygorilla,” “DOTA” and “SuperHard.” But while the company admits that their investigation into the unit has been underway for several years already, Mandiant says information released by Anonymous in 2011 has only helped them come closer to catching accused cybercriminals.

In 2011, Anonymous retaliated against so-called security firm HBGary after hacktivists became aware that the company’s CEO, Aaron Barr, had infiltrated the movement and planned to rat out the identities of Anons to federal investigators. In response, Anonymous waged an all-out war on HBGary and its associates, hacking the company’s websites, stealing tens of thousands of emails and compromising the online accounts registered to most of the group’s staff. Among the sites targeted was rootkit.com, a coding website founded by HBGary associate Greg Hoglund. After Anons compromised accounts belonging to Barr, they used new-fangled access to get into Hoglund’s corporate email and from there they socially engineered a colleague of his in order to obtain access to rootkit.com

In her 2012 book We Are Anonymous, author Parmy Olson says Anon hackers “had complete control of rootkit.com” and quickly attempted to ravage the site in conjunction with other attacks waged at HBGary and Mr. Barr.

“First they took the usernames and passwords of anyone who had ever registered on the site, then deleted its entire contents. Now it was just a blank page reading ‘Greg Hoglund = Owned,’” Olsen writes.

Next, Anonymous publically released a file that contained the usernames, passwords and other log-in credentials for every registered account on rootkit.com. Among those, says Mandiant, were log-ins for both “uglygorilla” and “SuperHard,” two identities security experts believe to be registered to Chinese hackers working in Unit 61398.

“[T]he disclosure of all registered ‘rootkit.com’ accounts published by Anonymous included the user “uglygorilla” with the registered email address uglygorilla@163.com. This is the same email used to register for the 2004 PLA forum and the zone hugesoft.org,” claims Mandiant, referring to the Chinese military branch and another hacker-friendly website believed to be founded by the person using the “uglygorilla” name, respectively.

Mandiant says the trove of information didn’t run dry with just that one link, though. Also included in the rootkit.com leaked account information was the IP address uglygorilla used to sign up for the website, which matched a Shanghai-area address all but certainly tied to Unit 61398, as well as information about another alleged Chinese hacker.

“Once again, in tracking [SuperHard] we are fortunate to have access to the accounts disclosed from rootkit.com. The rootkit.com account ‘SuperHard_M’ was originally registered from the IP address 58.247.237.4, within one of the known APT1 egress ranges,” Mandiant reports.

Olson says the hack against HBGary was spearheaded by Hector Xavier Monsegur, or “Sabu,” the alleged ring-leader of the Anon sect LulzSec who was arrested by the FBI several months later and has since become a federal informant for the agency. Monsegur is expected to be sentenced in a New York City courtroom on Friday for a laundry list of criminal activity linked to Anonymous, including hacking HBGary and gaining unauthorized access to Hoglund’s site. Meanwhile, Mandiant says that the infamous hugesoft.org zone website registered to uglygorilla has remained continuously active, at least up until the release of their report this week.

After his 2011 arrest, Monsegur allegedly aided authorities in swooping up other hackers internationally. He is believed to have been provided with a server by the FBI that was allegedly used by activist Jeremy Hammond to upload files confiscated in late 2011 from private intelligence firm Stratfor. Hammond himself will be in court this week for a hearing regarding that case.

Enhanced by Zemanta
This entry was posted in Financial/economic information, Illuminati/Terrorism/Corruption, Political and tagged , , , , , , , . Bookmark the permalink.

4 Responses to RT: Anonymous thrown into China-US cyberwar scandal

  1. chris says:

    *Slightly* off topic, but if anyone is interested in reading about hacking and social engineering, Kevin Mitnick has a autobiography that I couldn’t put down called “Ghost in the Wires.” I didn’t really understand anything about the subjects beforehand, but it was easy to follow and enjoyable.

  2. That or they want a civil war in the US Ti-grr and yes beware people. As one falls another is fighting to take that spot. We have bad all the way down the dark ranks in the US.

  3. Ti-grr says:

    Beware. Corrupt politicans, thieving bankers, lying Fed Reserve, Israel Mossad, Bush klan, or any group may try to crash the internet to cover their crimes… then blame it on whoever they choose. You’ll spend the rest of your life trying to prove your ownership or bank accounts.
    HAVE PAPER STATEMENTS FOR ALL YOUR ACCOUNTS. TRUST NOTHING TO E- FILES.
    Its only commonsense in a world run by criminals.
    Its Corporate Nazism taking over the US and world.
    Grrrrrrrrrrrr!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s