
Vigilante Hacks Government-Linked Cyberespionage Group - Jerry2
https://motherboard.vice.com/en_us/article/qvn4kq/vigilante-hacks-government-zoopark-cyberespionage
======
flyGuyOnTheSly
>Decide to 1337 hack the website, I shall just upload a file with my custom
0day html script [0]

...custom 0day html script...?

Who is this guy? Batman?

Can anybody explain how an html 0day might be able to pwn a php file uploader?

That sounds terrifying... but at least I can be somewhat reassured that nobody
is going to waste that on my wordpress installation...

[0]
[https://web.archive.org/web/20180508063705/http://5.61.27.15...](https://web.archive.org/web/20180508063705/http://5.61.27.157/)

~~~
tomtoise
I suspect light sarcasm on the part of the perpetrator.

~~~
bfuller
or maybe they wanted to see how much bullshit they could feed vice and still
get printed

~~~
turbografx16
Probably this. I'm extremely left leaning but even I know vice is absolute
dogshit. I used to work in the tar sands with my brother's, and once a year we
have a tradition of watching the Vice tar sands "documentary" to laugh at how
wildly inaccurate and ill-informed it is.

~~~
thousandautumns
> I’m extremely left leaning but even I know vice is absolute dogshit.

Is Vice supposedly left leaning? Isn’t one of their founders an alt-right
Proudboy?

~~~
Dangeranger
Yes, but he is no longer with Vice due to “differences of opinion” with the
direction of the company.

------
corndoge
Or the individual could have made all of that up, nothing here that validates
the story at all, could just be a smart kid trolling vice.

I mean really no citations except for what the individual provided them and
some half-baked analysis that words from the kaspersky report were in what
they received.

~~~
mtgx
> “Hacking back should be legalized so Kaspersky could of done this
> themselves,” the hacker wrote in their message on the ZooPark server.

That line right there sounds like very much the propaganda the U.S. government
has been pushing lately to convince people to support "hacking back." I've
only heard government members promote this.

I guess this could be an operation where they try to make "hacking back" into
something "heroes" (vigilantes) do.

~~~
yorwba
If it's only government agencies that support hacking back, they sure are
playing the long game.

E.g. the hack of the Gamma Group [1] was also purportedly carried out by a
vigilante, who later published guides [2], [3] that also use the "hacking
back" language. What are the odds?!

[1] [https://arstechnica.com/tech-policy/2014/08/leaked-docs-
show...](https://arstechnica.com/tech-policy/2014/08/leaked-docs-show-spyware-
used-to-snoop-on-us-computers/)

[2] [http://pastebin.com/raw/cRYvK4jb](http://pastebin.com/raw/cRYvK4jb)

[3] [http://shadow.systems/phineas-fishers-hackback-
ii/](http://shadow.systems/phineas-fishers-hackback-ii/)

[4] HN discussion of [3]:
[https://news.ycombinator.com/item?id=11512845](https://news.ycombinator.com/item?id=11512845)

~~~
chatmasta
I had this same thought when I read “hacking back” in the article. I just
dismissed it as conspiratorial thinking, but now I see another article with
the same phrase and premise... hmmmmm. It is something I would do if I were
trying to get legislation passed.

But it could be easily explained by the fact the government uses the phrase
constantly in the media. It’s not necessarily unexpected that two hackers
would use them use the phrase when discussing the merits of, well, “hacking
back.”

------
SlowRobotAhead
My preferred cyber forensic team, forces iPhone usage company wide. I had
thought that was strange initially but definitely agree now.

Been around the world and outside the US it’s almost all Android, pretty scary
that malware is apparently becoming more prevalent.

~~~
mayniac
It's not just exploits tbh. Apple have really, really good tools for locking
down and monitoring iPhones. The device enrolment thing they have is
fantastic, and very streamlined. Meanwhile I have no idea what's going on with
Android Enterprise/Samsung Knox/Whatever It's Called, and I don't think any
sysadmins I know have a clue either.

Even without malware, Android needs to fix its permissions. What's the point
in enforcing security policies on phones when a legitimate app, when given
permission to, can read text messages on an employee's phone and send all the
data to China? Businesses care about not having communications with customers
leaked and Android is absolutely the wrong platform for that.

~~~
basicplus2
I agree.. It is crazy i HAVE to go through a complex procedure to root my
phone, and install a different operating system, just so i can deny apps
access to parts of my phone they should never have access to and because there
is no easy way to tell if apps are accessing parts they shouldn't be.

------
pietroglyph
> “Hacking back should be legalized so Kaspersky could of done this
> themselves,” the hacker wrote

This sentiment seems to becoming more and more popular; I wonder if we'll see
more vigilantes (which the person in the article purports to be) as a result.

~~~
rectang
When leaders do not submit to the rule of law, neither will the citizenry.

~~~
phaus
The citizenry largely does submit to the rule of law regardless of what the
government does. The consequences are too severe to do otherwise.

Especially when it comes to the CFAA in the US.

~~~
Rjevski
> The consequences are too severe to do otherwise.

Some basic precautions and common sense is all you need to avoid the CFAA.

~~~
johnchristopher
Considering the Canadian Fire Alarm Association doesn't keep a strong presence
in the US, it's indeed relatively easy to go under the radar.

------
zoopark
The hacker has recieved bitcoin payment and signed a message with said address
in this post. [https://pastebin.com/sBw8ESZb](https://pastebin.com/sBw8ESZb)

------
zoopark
The hacker has released the data:
[http://www.lamept.com/](http://www.lamept.com/)

