jump to navigation

Anonymous Hackers Track Saboteur, Find and Punish the Wrong Guy January 30, 2008

Posted by cyberpatrol in Anonymous, cybercrime, scientology.
add a comment

Wired, 29 January 2008

Anti-Scientology agitators have repeatedly harassed and threatened violence against a 59-year-old PG&E worker and his wife, who were mistakenly flagged as pro-Scientology hackers.

John Lawson, who lives in Stockton, California with his wife Julia, began receiving threatening phone calls around 2 a.m. Saturday morning. He didn’t know why until THREAT LEVEL explained that a hacking group calling itself the g00ns (goons spelled with zeros, not goons with the letter o) posted his home address, phone number and cell numbers, as well as Julia’s Social Security number, online. The obscene and threatening calls have continued through Tuesday, according to Lawson.

SEE UPDATE AT BOTTOM FOR G00N’s RESPONSE

The calls are just one small offshoot of an ongoing, larger attack on the Church of Scientology by a ragtag group of internet troublemakers who call themselves Anonymous. The group says it is targeting Scientology in part for its use of litigation to suppress unflattering documents on the internet.

Over the weekend, the g00ns thought they had caught a hacker who had busted into a server being used to help coordinate the online attacks and real world protests against Scientology. But Lawson says the callers have the wrong guy.

“I don’t even really know how to use a computer,” Lawson said.

His phone just keeps ringing, Lawson said, and when he answers, callers spout vulgarities and threats and then hang up. On Monday, he got a call that seemed to originate from the Virgin Islands. The caller threatened to kill him.

“They have got the wife really scared because they have my address,” Lawson said. “I think I am going to buy me a gun today just in case.”

The Stockton police came out on Sunday to take a report, and Lawson has put fraud protection alerts on his and his wife’s credit reports.

Lawson wants his personal information off the internet but doesn’t know who to talk to to get it down.

The address of the site with their personal information was shared in online chat rooms where members of a group called Anonymous congregate to plan attacks on the Church of Scientology. The site’s URL was also submitted to Digg, where it made it to the front page.

Planning for those attacks was disrupted in the last four days by a counter-hack group calling itself the Regime. That group hacked and severely disrupted 711chan.org, one of the central planning facilities for the Anonymous attack.

According to an e-mail from the hacker to THREAT LEVEL, the Regime’s “main objective was to obtain logs and various data including user names and passwords” and “to take down our targets in the best way possible to bring as much embarrassment/shame as we could to the offending organization.”

The hacker said his group turned over the purloined data to the Church of Scientology.

Soon after, the g00ns claimed to have found out where the Regime was hacking from, and managed to obtain personal information about the Lawsons. John Lawson believes that information came from Comcast, his ISP.

A Digg commenter suggested that the g00ns tracked down an IP address used in the attack on 711chan and traced it to Lawson. If that’s the case, the group overlooked the possibility that Lawson’s computer or router had been compromised and was used by the real attacker as a proxy that would hide the attacker’s real location.

For his part, Lawson doesn’t care about the how or why, he just wants the calls to stop.

“I called three news places in Stockton just to get something out there to let them know they have the wrong guy,” Lawson said.

This isn’t the first time that the anti-Scientologists have hit the wrong target.

Last week, participants downloaded hacking software that accidentally targeted a school in the Netherlands, rather than a Scientology site. That misfire lasted only a few minutes, but its lesson seems not to have been learned by online vigilantes who think their righteous ends justify illegal means.

UPDATE: 10:50 PST Members of g00n tell THREAT LEVEL that they immediately took down the Lawsons’ contact info after seeing this story, but emphasize that they had nothing to do with the harassing phone calls and that they have not been involved at all in the Anonymous attacks on Scientology.

They say their motivation for posting the info was to send a warning to the Regime hacker in order to help their friend at 711chan.org, whose website was repeatedly hacked by the Regime.

They also said that the IP address associated with the Lawsons’ had been used in attacks on 711chan for four days, and then later was used to access and probe the site where the Lawsons’ info was posted. They say they called the Lawsons before posting the info to verify it, and swear that the person they spoke with sounded much younger than a 59 year-old man.

They further contend that 711chan’s server logs showed that the IP address was associated with a computer running the Debian flavor of Linux, which casts doubt on the theory that the attacker remotely taken over the Lawson’s computer. If that were the case the OS would have been a flavor of Windows. Another possibility is that the Lawsons have a compromised wireless router.

The g00ns say its clear something isn’t right in Stockton and vow to figure out who the Regime is, but blame him for leaving a trail that led to the Lawsons, rather than using some sort of proxy or anonymizing tool such as TOR.

They forwarded THREAT LEVEL a transcript of a chat between 711chan’s operator and the Regime hacker, which showed the Regime hacker trying to blackmail the 711chan operator into turning over information about the g00ns, by implying that not doing so would make him turn over more information to the Church of Scientology. THREAT LEVEL has no way of verifying that transcript.

Advertisements

Anonymous Hackers Shoot For Scientologists, Hit Dutch School Kids January 26, 2008

Posted by cyberpatrol in Anonymous, cybercrime.
add a comment

Wired, 25 January 2008

Dutch schoolchildren may be the first collateral damage of an online war being waged against the Church of Scientology by a motley crew of internet troublemakers who call themselves Anonymous.

Coordination broke down Friday among the loose affiliate of online troublemakers known as Anonymous as they tried to continue their ongoing attacks against Scientology.

The group has spent the last few days trying to keep down the scientology.org website via a distributed denial of service attack, posting sensitive Scientology documents around the web, and up-voting anti-Scientology stories on Digg. The attack, dubbed Project Chanology, has a wiki that attempts to tell Anonymous ‘members’ what to do, though the advice is ever-changing and often contradictory.

But the Church of Scientology hired Prolexic, a company that specializes in protecting websites from DDOS attacks. Prolexic’s protection works by publicly substituting a Prolexic server for the attacked server, filtering out the bad traffic and passing the good traffic to the site’s real server.

One of the moderators on 711chan.org thought he had learned from a friend what the real server’s address was on Friday.

The user, who was using the handle Splongcat, uploaded DDOS software configured with the supposedly secret address and urged others in an internet chat room to download and run the software. The software was intended to flood the specified IP address with rogue traffic in order to bring the server down.

But within minutes, users began complaining the software was crashing and others analyzed the traffic and found that the IP address didn’t belong to the Church of Scientology, reporting that that the software was actually targeting a school in the Netherlands.

Immediately the IRC chat room hosted on 711chan.org (currently down) was filled with calls to stop using the program, and the 900 people in the chat room returned to their disorderly conversation about whether they should be flooding Digg with anti-Scientology links or making harassing phone calls to local Scientology branches.

The Etty Hillesum Lyceum’s site seemed to quickly recover, and Splongcat apologized to fellow script-kiddies for simply taking his friend at his word and not checking the IP address before unleashing the software.

Anonymous launched the attack on Scientology on January 16 to protest its use of copyright law to take down material critical of the church’s bizarre practices and to attempt to force media outlets to run stories about the Church of Scientology. Their stated goal is to destroy the Church of Scientology.

The Church of Scientology has not replied to THREAT LEVEL’s request for comment.