Anti-Sec Movement

[3XTORTION]

Well lately the Anti-Sec has spread its wings from hacking "Astalavista" servers to "SSANZ" and lately hacking ImageShack(Link Here).

This movement has a goal to take down every public forum, group, or website that helps in promoting exploits and tools or have show-off sections.

Movement Philosophy :

The purpose of this movement is to encourage a new policy of anti-disclosure
among the computer and network security communities. The goal is not to
ultimately discourage the publication of all security-related news and
developments, but rather, to stop the disclosure of all unknown or
non-public exploits and vulnerabilities. In essence, this would put a stop
to the publication of all private materials that could allow script kiddies
from compromising systems via unknown methods.

The open-source movement has been an invaluable tool in the computer world,
and we are all indebted to it. Open-source is a wonderful concept which
should and will exist forever, as educational, scientific, and end-user
software should be free and available to everybody.

Exploits, on the other hand, do not fall into this broad category. Just like
munitions, which span from cryptographic algorithms to hand guns to
missiles, and may not be spread without the control of export restrictions,
exploits should not be released to a mass public of millions of Internet
users. A digital holocaust occurs each time an exploit appears on Bugtraq,
and kids across the world download it and target unprepared system
administrators. Quite frankly, the integrity of systems world wide will be
ensured to a much greater extent when exploits are kept private, and not
published.

A common misconception is that if groups or individuals keep exploits and
security secrets to themselves, they will become the dominators of the
"illegal scene", as countless insecure systems will be solely at their
mercy. This is far from the truth. Forums for information trade, such as
Bugtraq, Packetstorm, www.hack.co.za, and vuln-dev have done much more to
harm the underground and net than they have done to help them.

What casual browsers of these sites and mailing lists fail to realize is
that some of the more prominent groups do not publish their findings
immediately, but only as a last resort in the case that their code is leaked
or has become obsolete. This is why production dates in header files often
precede release dates by a matter of months or even years.

Another false conclusion by the same manner is that if these groups haven't
released anything in a matter of months, it must be because they haven't
found anything new. The regular reader must be made aware of these things.

We are not trying to discourage exploit development or source auditing. We
are merely trying to stop the results of these efforts from seeing the
light. Please join us if you would like to see a stop to the
commercialization, media, and general abuse of infosec.

Thank you.

What do you think ?

[3XTORTION]

Haha, yea but thats not the purpose/concept of the movement.They say that exploits are imporant scripts in the cyber world just like like guns n missiles in real world, so these scripts shouldnt be public because they are being abused by skiddies who do not have proper coding abilities and all they do is to search for exploits in milw0rm or securityfocus or w/e , paste it, compile it and use it to take down websites !

This is another FAQ about the movement also known as pr0j3ct m4yh3m

1. What the fuck is pr0j3kt m4yh3m i been hearing about?

Pr0j3kt m4yh3m is the movement started by a group of blackhats that decided
they can't bare anymore with the FUD and lies spread by the whitehat
community, with the greed that is definitory for IT security companies, with
the leeching performed by these companies on hackers and so on. Pr0j3kt
m4yh3m is carried on by multiple independant cells who accomplish project's
missions. This movement is not about terrorism but more about retaliation
and cyber guerilla warfare.


2. Why do you hate whitehats? Just because they earn money?

Heh, this one is a redundant question. It keeps repeating all the time. Now,
once and for all, we don't hate the whitehats because they earn money but
for the ways they earn those money. By lying, by spreading rumours, by
leeching on the underground that formed them. Them and IT companies are also
targeted because they lie clueless people regarding hackers. They make
hackers look as some sort of cyber terrorist that all he does is creating
panic amongst all sorts of internet habitants. They also say that hackers
can break into *ANY* machine connected to the internet, this ofcourse
creating panic and enlarging their market segment. They don't care about
security, all they do care about is money. They are evil! They leech their
employees, they leech the underground, they leech their clients. Figure out
for yourself.


3. Why are you guys against full disclosure?

Disclosure is, never the less, a bad thing. Figure it out: how many
classified informations from other domains are made public?! NONE, zero,
nada, nothing! But still, they promote the full disclosure in computer
security. Have you ever asked yourself why? It's not that they care for the
regular company that can't afford to hire a decent administrator... They
want publicity, they want media attention, all this resulting in material
benefits: if an IT security company makes public a proof-of-concept code or
an advisory, it performs two things. It gets fame for that (and ofcourse, a
larger market segment) and thousands of kiddies all over the world eventually
work out an exploit from the advisory. So, people would fear getting hacked
so, they would become customers of that IT security company. Remember this:
knowledge given is power lost. Why giving powerful weapons to the kids all
over?


4. Real blackhats stay in underground. Why did u come out front?

As we stated in 1., we just can't stand anymore seeing what the whitehat
community is doing. They almost killed the scene, breaking it in half.
Whitehats all over the world are brainwashing thousands and thousands of
people, making them share their mindset. As a result, people think that
blackhat equals script kiddie and hacker equals IT security researcher. This
is so wrong! Hackers hack! Most of whitehat knowledge originates from the
underground. Most of the stuff they publish is heard by them from the few
underground connections left. And yet, they try to kill this underground and
they call it "script kiddies". ~el8/PHC/other groups will carry on this war
forever, until something changes! More and more groups adhere to pr0j3kt
m4yh3m.


5. Is Pr0j3kt M4yh3m visible to us?

Hell yeah! Even if nobody knows the other cells, even if nobody knows what
others do, look around you: you see supposedly secured servers gettin
hacked, you see security professionals hacked proving that they are giving a
false sense of security. *EVERYTHING* aimed at harming security industry in
one way or the other is an action of pr0j3kt m4yh3m. Pr0j3kt's cells are
spread all over the world, one could even be in your neighbourhood so watch
out!

[Gogeta70]

Script kiddies have been a problem for a long time. All this group is is a bunch of script kiddies whining about a bunch of script kiddies.

[3XTORTION]

Why did you delete your post, change your mind and then post again !?

Did some google search or smthg ?

And i dont think script kiddies have the proper skills to hack into astalavista, imageshack and others

[Gogeta70]

No, i deleted my post after reading your post more slowly - before you had replied. Then i re-posted saying what i thought.

Anyway, my definition of skiddy is a little different than the usual. Not only do skiddies just use hacking programs without understanding their functionality, but they also try to gain popularity through hacking, and purposely do black-hat hacking, either for personal gain or for some 'greater cause'.

To me, these guys are just script kiddies.

[3XTORTION]

Yea talk about getting famous in 15 min lol. But yet again these guys have point(well i know a couple of them) and they're not aiming for fame or popularity but to save important infos from morons known as script kiddies.

Just go to progenic topsites and click on the top 20 sites ull find that the domain is only related to hacking but the forums or the site only copy-paste exploits from milw0rm and talk about phishing and how to ddos or uses sub7 so the hacking industry sucks badly now and that made these guys motivated to screw every website promoting exploits without even knowing the basics of perl or any other coding language

[3XTORTION]

Well what if someones write a code but didnt release it to the public and kept it private with his group,clan or friends who have the proper hacking and coding skills ?

[Gogeta70]

If they only deface websites which promote exploits, why deface imageshack?

[bad_brain]

2. Why do you hate whitehats? Just because they earn money?

Heh, this one is a redundant question. It keeps repeating all the time. Now,
once and for all, we don't hate the whitehats because they earn money but
for the ways they earn those money. By lying, by spreading rumours, by
leeching on the underground that formed them. Them and IT companies are also
targeted because they lie clueless people regarding hackers. They make
hackers look as some sort of cyber terrorist that all he does is creating
panic amongst all sorts of internet habitants. They also say that hackers
can break into *ANY* machine connected to the internet, this ofcourse
creating panic and enlarging their market segment. They don't care about
security, all they do care about is money. They are evil! They leech their
employees, they leech the underground, they leech their clients. Figure out
for yourself.

should make it into the "book of lame excuses for being a skiddie"....what kind of logic is it to say "people say hackers are lame skiddies that do nothing but breaking stuff, we will show that they are wrong by breaking stuff"...

[DNR]

By lying, by spreading rumours, by
leeching on the underground that formed them. Them and IT companies are also
targeted because they lie clueless people regarding hackers. They make
hackers look as some sort of cyber terrorist that all he does is creating
panic amongst all sorts of internet habitants.

yea their logic is twisted to try to justify what they do - blackhat activities for kicks. Their logic will not hold up.

Not going near this group.

DNR

[CommonStray]

Well, if you ask me some of their arguments are logical.

We all know that mainstream media has always portrayed the hacker as a menace and a criminal.

We all know this definition is wrong.

Is it not common knowledge that anti-virus companies have created virii and malware which is exclusive to their software removal?

How about the 'scanners' which tell you that you have spyware or malware but to remove it you have to buy the "Pro" versions

Norton and mcafee....you used to be able to buy your product and get updates free and you could keep using the products, now you have to buy a subscription.

By the way, when was the last time you seen these companies publish source code for the virii and malware they protect you from, do these things not fall within full disclosure?

How does full disclosure teach people by publishing code which can be ran pretty easily from a console, we all know that most exploits have zero commented code, you tell me what the point is? "plug n play" hacking...

Full disclosure is useful for companies to patch their software....absolutely!! Business relies on the fix from a vendor rather than the need for a specialist resulting in decreased value for experts in the field/industry.

Regardless of any infosec, specialization, counter measures and all that jazz...a 0day is still a 0day and a 0day pwns, nobody is exempt from them.

The only seriously valuable full disclosure is from cryptography

If I take a letter lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that's not security. That's obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combination's so that you and the world's best safecrackers can study the locking mechanism-and you still can't open the safe and read the letter-that's security

-Bruce Schneier, Applied Cryptography 2nd Edition

The point of the Imageshack hack was not to deface the site, they only replaced images with their own, resulting in a mass declaration of their intentions and purpose, they could have easily -rm 'd the servers, what better way to let their presence be known to not only the security industry but practically the world.

If you look at their recent activities in 2009 - they don't just deface the sites (which given the type of defacement, it is actually just an output log), they destroy everything they can.

This movement has been around for quite sometime. Which indemnifies them against the usual declarations they are skiddies or 15yr old kids wanting fame. Ever notice none of their attacks are signed by anyone in particular?

The programmer from the TJX hacks "Stephen Watt" was apart of the movement at one point in time.

The movement is saying full disclosure publicly is bad, it has no regard for sharing within closed circles with an element of trust and certain values for the protection of that information.

I know this sounds like I'm a huge supporter, which I am to an extent, its just that I understand the movements intentions and point of view. It can be argued all day that what they're saying is wrong, and its not right, but believe me, most of them don't care what anyone else thinks.

[bad_brain]

well, I have to agree that full disclosures suck, it was much better "in the good old days" when errors were places in released exploits so that only skilled people were able to make them really work....nowadays the exploits can be used by anyone that is able to type "perl script.pl 192.0.0.1".

that should be the way to go, back to the roots......but hiding such exploits completely from the public would also be wrong, because it would turn open source into something Microsoftish.

[DNR]

If they are trying to improve the image of the hacker as its it is, so defacing websites and attacking is going to help?

They are just using it as a cover - or they are very misguided. If they wanted to attack spam servers, sites that host toolz or warez - then I can understand - but to attack victims that don't know any better just looks like they are saying "Oh those bitches deserved to get raped they way they dressed"

DNR

[Stavros]

P.S. have they gone nuts ??

I think it's safe to say they've tasted blood and have become power hungry. I can't see closed source exploits benefiting the computer security industry.

[3XTORTION]

They are just using it as a cover - or they are very misguided. If they wanted to attack spam servers, sites that host toolz or warez - then I can understand - but to attack victims that don't know any better just looks like they are saying "Oh those bitches deserved to get raped they way they dressed"

DNR

Their not attacking sites with no relation to hacking and exploits,other than imageshack wich was to send a message about the movement.Hackforums.net and milw0rm are next,in fact str0ke is already shutting down and with the new 0 day apache exploit they can root almost everything.But you guys are missing the main point,and it is that the hacking scene sucks badly now,just look around you and you'll find so-called hackers coding little trojans in vb6,use phishing to hack others and promote warez in their forums,and thats not even close to be hacking.Thats why these guys shouldnt have these impotant infos/scripts because they aren't interpreting them but they only paste/compile/done.
As said in the manifesto, in real life guns and missiles are not free and in cyber world these important infos should be handed to people that deserve to have it = people with the proper coding and hacking skills.