Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Antisec

  1. #1
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    8

    Default Antisec

    What do you guys think about Antisec?

  2. #2
    Just burned his ISO
    Join Date
    Jun 2009
    Posts
    5

    Default

    there so called "followers" are a bunch of immature LOLers
    need i say more

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    OK thats the first I had heard of these clowns, but I did some research. It seems like they want to end the practice of full disclosure because:
    • It gives access to exploits to script kiddies who then use them to cause mischief
    • Full disclosure is apparently part of a plot by "big security" to create fear and make money off people by selling them firewalls


    And they seek to bring about this change by destroying and defacing the websites of supporters of full disclosure (like imageshack - huh???) until they realise the error of their ways. So essentially they are acting like script kiddies and trying to achieve their goals via frightening people. Apparently irony is an unfamiliar concept to them.

    In addition the idea that "big security" is behind the full disclosure practice is kind of ridiculous. The companies who make the firewalls, IDSes, auditing software etc are not the same people who are releasing exploit code. This is just "conspiracy thoery" level idiocy.

    There has been a lot of serious debate about full disclosure for years now, so this isnt really a new or fresh issue, and their "manifesto" (if it actually merits that term), ignores some of the potential benefits of full disclosure, such as giving enterprise defenders the ability to protect themselves by seeing what they are up against. It also gives pen testers the ability to demonstrate that security holes exist so that action will be taken to fix them. As anyone who has spent any time in an IT Security position knows, security problems don't get fixed until they are made blindingly obvious and the potential impact is shown, telling people problems exist just isn't enough. And not to mention, the full disclosure process also puts pressure on vendors to release fixes for problems with their product. Some vendors were, shall we say "lax" about this before full disclosure became common.

    Basically full disclosure is all about giving the good guys more information, because the bad guys (the genuine ones, Im not talking about script kiddies) already know this stuff.

    Anti-Sec trying to change peoples minds by hacking them just amounts to bullying really, and its not going to be an effective strategy. No one is going to treat a bunch of guys acting like childish criminals seriously.

    If anything the Anti-Sec approach will only further the goals of "big security" to sell more stuff. After all, another group of idiots out there randomly defacing and damaging systems only increases the need for security devices. Anti-sec have already ignored their own undertaking to focus on proponents of full disclosure by attacking imageshack, who have nothing to do with full disclosure, or even the security industry. Why should we assume future efforts by the group wont be equally misdirected towards uninvolved parties?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Nice post lupin, feel pretty much the same way about it.
    I don't believe that there action are anything better than a bunch of terrorists.
    More than likely they will be around for a little bit and then no one will here from them again. That or a police agency, will taken them down.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by archangel.amael View Post
    Nice post lupin, feel pretty much the same way about it.
    I don't believe that there action are anything better than a bunch of terrorists.
    More than likely they will be around for a little bit and then no one will here from them again. That or a police agency, will taken them down.
    I was tempted to make the terrorist comparison too, but I thought it was too early in the thread to do that. (As in Godwins law but with terrorists instead of Nazis)

    Anyway, after reading a bit more about Anti-Sec Ive realised I was misreading their intentions when I wrote that post above. I was under the impression that the group members had the desire to make the Internet safer by keeping exploits away from script kiddies. That's naive and ignorant, but at least the intention would have been good.

    Its not the case though. It seems their actual goals are to keep the vulnerability information to themselves so they can hack as much stuff as they want but no one else can. "All your sploits are belong to us!"

    Elitist pomposity.

    And the rants against the security industry seem to be just another variety of the usual "anti-business" attitude thats been popular with teenagers and University students for decades now. "Fight the power", and "Stick it to the man" and so forth. Maybe their point of view on this will change once they grow up and have to get a real job so they can put a roof over their heads and feed themselves.

    Heres their website if you're interested in seeing what they have to say:
    hxxp://romeo.copyandpaste.info/

    I didn't think I could get any less impressed with this group, but reading that's gone and done it.

    The legal system has gotten quite good at making examples of destructive hackers, lets hope it gets more practice at it with some of these guys.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #6
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by lupin View Post
    Its not the case though. It seems their actual goals are to keep the vulnerability information to themselves so they can hack as much stuff as they want but no one else can. "All your sploits are belong to us!"
    The way I've been reading their posts and such, they are claiming to want to defend us from a potential police state - if the vulnerability isn't known, noone will know to patch it.

    I think Earth will remain very much in the control of the free despite all that they try to do - look at China for an example.

    I also think these guys are wrong, though I can understand somewhat their premise, technical information should be free to provide others the chance to build upon the faults and lessons of those before - the insistence that not everyone should be able to access this information results in insecure browsers, insecure code, and insecure operating systems. To some extent someone will always screw up (even OpenBSD have their issues), and keeping those sorts of holes quiet will result in some serious issues.

    If, for example, the OpenBSD SSH sploit recently was kept quiet, at least 3/4's of the banks that I have worked with (or contacted people who work for them) would be vulnerable to a wide-open attack - effectively granting anyone the chance to completely destroy the world economy.

    I for one will continue to publish what I find.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  7. #7
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by lupin View Post
    I was tempted to make the terrorist comparison too, but I thought it was too early in the thread to do that. (As in Godwins law but with terrorists instead of Nazis)
    All I see are kids with nothing better to do.
    Granted there maybe actual talent within their group, but as has been stated their way of doing business will not stop anything nor will it make the security industry "go-away" or otherwise diminish the efforts of them.

    Anyway, after reading a bit more about Anti-Sec Ive realised I was misreading their intentions when I wrote that post above.
    Its not the case though. It seems their actual goals are to keep the vulnerability information to themselves so they can hack as much stuff as they want but no one else can. "All your sploits are belong to us!"
    Which is why I stated before that it is more like a terrorist group.
    Use disinformation and withhold the truth from people. Maybe terrorist is the wrong word but as far as my encounters with (terrorism) goes, it is my impression.

    Heres their website if you're interested in seeing what they have to say:
    hxxp://romeo.copyandpaste.info/
    As far as that goes I seen it a few days ago. I don't see anything other than Children.
    ~ **** full-disclosure **** the security industry Keep 0days private Hack everyone you can and then hack some more
    Blend in. Get trusted. Trust no one. Own everyone. Disclose nothing. Destroy everything. Take back the scene. Never sell out, never surrender.
    Get in as anonymous, Leave with no trace.
    From their website's main page which at the moment seems to be down. At least on my end. Maybe the "security industry" is pushing a DOS on them? Just a conspiracy.


    The legal system has gotten quite good at making examples of destructive hackers, lets hope it gets more practice at it with some of these guys.
    And in some parts of the world ignorance has caused laws to be made that further hamper the efforts of valid researchers. Just look at the law that was passed in Germany. It really has made it harder for the researchers their to help contribute. Many have either left or went further underground or simply switched to other hobbies, etc. But the law has not really made the "internet" there any safer or "better".

    Looks like they were busy today putting up their philosophy/history on wikipedia.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  8. #8
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by Gitsnik View Post
    The way I've been reading their posts and such, they are claiming to want to defend us from a potential police state
    I never got that impression, but the more I read the more contradictions I find in their writings, so I wouldn't be surprised if there is something out there by them that suggests that. Some stuff seems to support free exchange of information, some stuff seems to suggest that information be kept secret. Some stuff seems to suggest that the Internet should be made safe by stopping script kiddies, other stuff seems to suggest that the members themselves go wild and hack as much stuff as possible. Its hard to know what they really do stand for - they need to hire a PR spokesman or something

    My current opinion is that all the lofty philosophical ideals they spout are just rationalisations to justify malicious hacking as striving towards some greater goal. In reality they probably are just doing it for the thrill and the ego boost.

    Agree with everything else you are saying about the benefits of disclosure.

    Quote Originally Posted by archangel.amael View Post
    All I see are kids with nothing better to do.
    Granted there maybe actual talent within their group, but as has been stated their way of doing business will not stop anything nor will it make the security industry "go-away" or otherwise diminish the efforts of them.
    Yes. They will probably grow out of it once they get a job and enter the real world, and maybe they can make a proper contribution to society then, because there is some talent there, its just being misapplied.

    Quote Originally Posted by archangel.amael View Post
    Which is why I stated before that it is more like a terrorist group.
    Use disinformation and withhold the truth from people. Maybe terrorist is the wrong word but as far as my encounters with (terrorism) goes, it is my impression.
    There are certainly some parallels with terrorism. The use of fear to change opinion is similar, and just like terrorism this strategy will probably not be effective in accomplishing their ultimate goal. Theres also some pretty big disparities there too. In terms of level of effect, terrorism is much more frighening than computer hacking (when was the last time someone was kept up at night by threat of computer hacking?), and terrorism results in the loss of real lives. I think you realise this however, and I dont think you are trying to make light of real terrorism with the comparison.

    Quote Originally Posted by archangel.amael View Post
    As far as that goes I seen it a few days ago. I don't see anything other than Children.
    Thats my impression too, my guess would be University age or younger. And if they are not children in terms of age, they are at least children in terms of maturity.

    Quote Originally Posted by archangel.amael View Post
    From their website's main page which at the moment seems to be down. At least on my end. Maybe the "security industry" is pushing a DOS on them? Just a conspiracy.
    Not that I condone it, but that would be poetic justice if their website had been taken down by a DOS, wouldnt it?

    Quote Originally Posted by archangel.amael View Post
    And in some parts of the world ignorance has caused laws to be made that further hamper the efforts of valid researchers. Just look at the law that was passed in Germany. It really has made it harder for the researchers their to help contribute. Many have either left or went further underground or simply switched to other hobbies, etc. But the law has not really made the "internet" there any safer or "better".
    I agree that the law doesn't always get it right - Germany is a great example, witness the exodus of security projects and professionals since that law. And yes, the Internet isnt really any safer as a result of legislation. But making examples out of hackers does at least send a message to teenagers that this type of thing isnt acceptable.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  9. #9
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Same here about their site, seems to be down.

    Well they might sometime piss the wrong people off. Even though I wouldn't call them skiddies, there is always someone who has more knowledge than one self.

    I for myself don't think that it is a good idea to try and take down all the websites they announced that they wanted to take down. Maybe they will try it with RE/Offsec too some day.
    Tiocfaidh ár lá

  10. #10
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by KMDave View Post
    Maybe they will try it with RE/Offsec too some day.
    They might take this thread as provocation and come at the RE forums with a can full of pwn. Surely Ive said enough rude things about them here to cause that, haven't I?

    They have already threatened Milw0rm with wipage. str0kes reply was classic.

    Well played str0ke, antisec will look like real d**ks if they come after you now that you've asked so nicely to be spared.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •