Hacker News new | past | comments | ask | show | jobs | submit login
Lulzsec/gn0sis/AnonOps dox'd (pastebin.com)
221 points by shii on June 26, 2011 | hide | past | web | favorite | 93 comments


  * mentions HBGary a lot
  * focuses on people who have been previously associated with the HBGary hack
  * shows special disdain for kayla and sabu & seems to be personally offended
  * likes to link people to their social networking profiles
  * only non-skiddie name mentioned is Barr's
  * obviously works (worked?) in infosec
  * previously in the military? (ALPHA MIKE FOXTROT = Adios Mother Fuckers)
Gee, I wonder who the author might be...

Yeah it was probably Aaron Barr, he did threaten me and if you look at http://wikileaks.org/IMG/pdf/WikiLeaks_Response_v6.pdf that this si the exact same tactics they use, i wrote articles for crowdleaks.org about some of his illegal activities and he got very angry.

Oh and in case you missed it http://www.thehackernews.com/2011/06/lulzsec-jester-expose-e... they removed my info from it because they know its not true

Wonder if the spelling mistakes are strategically placed then. Or does Mr. Barr really spell that way. He's like a 40+ year old married guy.

According to his quotes in [1], yeah, he really does spell and write that way, even in professional communication. It's kind of sad.

[1] http://arstechnica.com/tech-policy/news/2011/02/how-one-secu...

He's been pretending to be kids for years. He definitely fancies himself able to play the role (and I find him all the creepier because of it).

OT: There another comment here by trotsky here and now it's gone without a [deleted] placeholder, and I have show dead on. Just curious, I guess there is a perm delete admin functionality? Also didn't seem worthy of deletion..

While I wouldn't be surprised if it got deleted, if you elect to delete your own post, there's no placeholder left behind if there's no reply.

I deleted it, it was redundant.

>>...so your invincable.

He is an older man, married, that talks like a 14 yr old boy on the computer with words like "leet" and "pwn" even in company emails. Very sad to make the true hackers look illiterate.

Barr? No way, they have been snitchin on each other and in wars when Ryan took over the anon IRC. Then he D0x'd people, then they him, I am supprised he did not go into hiding months ago.

Created: 22 minutes ago. Posted: 19 minutes ago. Welcome to HN, Mr. Barr. :P

Thank you for having me.

James Patterson

For lack of a better explanation, is it crazy to consider the possibility lulzsec released this themselves? Hack innocents, preferably script kiddies from 4chan, install evidence on their systems, and walk away through the smoke.

They're not that good.

yeah lets put random peoples names in a pastebin and claim they are 3 different groups all rolled into one. I just write articles, and sometimes people get upset by them. its probably Barr because i wrote those crowdleaks articles about him ,he also had his pet lawyer threaten me.

Reading the Laurelai/NA cap about the FBI raid made me wonder if anyone ever tries to reverse-bug the FBI by hiding bugs in HDDs and other equipment prone to seizure...

In the first 10 minutes of forensics class, they start stressing that you never work on original equipment -- always from copies.

So a "bug" in a HDD would just hear all of the fascinating conversation that takes place in an evidence locker.

There are some odd problems with this document:

1) The timeline in the beginning is incorrect. #11 shows Laurelai was part of the HBGary attack. Yet in the #hq logs, Sabu had no idea who Laurelai was (and raged on him/her pretty hard). 2) Kayla is the only member that the A Team does not dox. However, the Laurelai/NA conversation contains a reference to the Xyrix = Kayla idea (which is referenced in many other places). Xyrix' denials are weak.

Yeah FYI sabu and topiary hate me, and im pretty sure Aaron Barr is behind this nonsense, oh and the logs of me are made up, i think ill sue Mr. Barr.

Never spoken to a lawyer I take it. Free legal advice: stop typing. An hour ago. "I think I'll sue" = I've never consulted legal counsel.

If I were you I would be laying low instead of registering on every site discussing you and writing stuff like this. Specifically to HN we don't really care about intra-kiddie drama and if you are genuinely considering legal action you've already screwed your case in a lot of ways.

Has anyone checked out those PGP files? Don't really feel like doing it myself, considering the likely unsavory nature of the author of this document (barr...).

I love how whoever wrote this managed to use GPG/PGP wrong.

Yeah, it seems to have been used as a makeshift uuencode...

Also, I find the 'MingW32' version string to be somewhat interesting.

The documents are apache server and related material to students the dox stated.

I am currently imagining the icy thrill running down their spines if these guys fingered them properly...


They aren't proof, but they might be enough (I am not a lawyer) for a search warrant for email addresses, person's homes, and phone/ISP records of the people named in the "d0x."

Totally agree with you there, it's all going to depend on what's found in the houses. If they find evidence in the houses it's all going down.

A friend of mine a long time ago back in the 90s beat one of these things because they didn't have a warrant. Cops came to his parents place while he was out. Parent's let them in, they found a bunch of telco manuals, seized the computers, everything in the room was inadmissible because he was renting the room from his parents. He was a lucky guy. He also stopped bitching that his parents made him start paying rent.

Why did that make the evidence inadmissible? Was it because it wasn't their room any more, and therefore the FBI didn't have a right to be there?

I feel that's pretty self evident in context. Your landlord doesn't have the right to let the cops in to search your place.

Most importantly, if a random group posting to pastebin can find them, the FBI has got to be able to, too.

To be fair, a random group posting to patebin isn't limited by things like "probable cause" "search warrants" and "lawful behavior".

They admit in the document to "backhacking" the targets, which already puts them at an advantage against law enforcement.

edit: s/probably/probable (it's late)

LEO can and does get warrants to do intrusions for identification purposes


They also have a high standard of evidence, before they can go to trial. Otherwise, they are better just observing, and waiting for more evidence to reveal itself. Once you shoot your mouth off, the suspect stops making mistakes.

The FBI is not good at finding [good] computer hackers. They have to outsource or bring somebody in who actually knows what the hell they're doing. And those people are not necessarily very good at it.

That's a question I would really like to know the answer to. I'm not so sure that's the case.

Law enforcement doesn't need warrants for that. The companies will hand them over willingly.

I don't see how anyone can actually trust this leak though. How can we verify if this information is legitimate?

I wondered that until today when I read through their logs and Tweets and even studied their ASCII. I wondered why within 5 days they were stating they would be releasing troves of government documents to releasing what seemed to be someone’s trash can from their desktop with random stuff from 2009-present. They then went from the LULZ boat to a machine Gun and EFFING the police with Anarchy and reaching out to anyone to join. They were running out of low hanging fruit as the doc stated, this of course is my opinion =).

From 5 days, "were releasing everything" and telling the president to wear a shoe on his head and they would quit.

To, this is 50th day, have some junk, we're out!!

> 20:25 <Laurelai> want me to be an informant on account im everywhere and iwas in the army

No honour amongst thieves eh.

Interestingly, if you search through the reddit account for a user with the exact same name and capitalization, s/he appears in some threads as very vocal, defensive, and at times revealing about Lulzsec, topiary, sabu, and others. Check em out.

yes, im very vocal, and i have nothing to do with these groups, i have just written articles about them and other people, and its she thank you very much.

You keep forgetting to mention your close personal relationship to Kayla. Or how you work for Wikileaks.

Great find, shii. Yeah, why would he be that dense to think that he would not be caught with this information easily visible after simple Google search. It is scary to think how much personal information someone could find out about ourselves if they figured out a handle that we use commonly.

I find it amusing that they call Lulzsec out for being childish, then think it's relevant to post the personal information of some dude's sister (and cry "LESBOZ!!!" because she's married to another girl).

Reddit has rules against posting personal information. Does this website not? I really have little interest in websites that think it's ok to spread people's personal data. Weren't we mad at Sony and Lulzsec for allowing that sort of thing to happen?

Do you mean PasteBin or HN? If you mean HN, this isn't spreading anything, it's linking to it. And if the community had a problem with linking to the contents, it would have been flagged to death already.

I agree the childish aspect of it all is amusing, but it's not unexpected.

I think everyone who upvotes this, or links to it, or spreads it, is a giant hypocrite.

That was a horrible yet interesting read at the same time. The PGP keys deceived me into thinking there was more content then there really was.

What does the author mean by bounce in the document, take over a machine and proxy themselves with it? I'm confused.

Bouncing, interpreted strictly, refers to masking your IP on IRC by going through a different host which is running such software (bnc). It is widely used innocuously.

I suppose it can also encompass alternative ways of hiding your IP by going through separate machines, but I think the author of the document would have said so explicitly considering he's used proper terminology elsewhere ("vpn", "proxy").

Thanks, pero, for the succinct and informative response. Do you have an email? I searched "eychqu" and found a web design firm based in Toronto. I'm assuming you run it?

I don't know if any of the identities are real. The Sabu guy's alleged name has been out for a while now, and after some googling it all goes back to some weird site: backtracesecurity.com

Until we get some arrests I wouldn't be particularly excited over this.

So how do they identify people who have no facebook account or facebook friends? That seemed to be the main focus of identifying people.

What is a busy box?

I'm just guessing, but I think it's probably an installation of http://www.busybox.net/, which includes a standalone sshd. This would make it very easy to allow remote access once you're in a system.


Used in some consumer embedded gear running linux.

or maybe not?

It's used in OpenWrt and probably most (if not all) of the FOSS router firmwares out there.

A compromised box someone proxies attacks from.

more mentions here: http://www.guardian.co.uk/technology/2011/jun/24/lulzsec-irc...

How is this (if we presume it's true) possible without deep infiltration? If that's the case, wouldn't the guy that exposed them be a perpetrator too?

They seem to be pretty good at computers, I don't see why they can't learn how to spell.


you're, not your.

edit: desides? How old is the author, I wonder? It all sounds very 'schoolyard'.

> It all sounds very 'schoolyard'.

Welcome to "hacking."

I think it's funny how someone who's been here for a month is welcoming someone who's been here for 1100+ days to "hacking". I agree though, it does sound quite schoolyard. The spelling and grammar mistakes don't help with the pathos of whoever 'A Team' is. I just posted this since I thought it was interesting how quickly Lulzsec has said bye bye after declaring war and more dumps every week with 'a big one' coming just this upcoming Monday. Saw this floating on /r/netsec so I thought to share it here.

> I think it's funny how someone who's been here for a month is welcoming someone who's been here for 1100+ days to "hacking".

Cause the age of your HN account = "hacker cred", right? How dare he talk back to an elder!

Regardless, xtal's statement about hacker culture is accurate.

>I think it's funny how someone who's been here for a month is welcoming someone who's been here for 1100+ days to "hacking".

Some day you'll discover alt accounts, and on that day you will feel like a god.

Who's to say this is my main account? ;)

My original account on HN is over 1500 days old now. I left that and used another which is about 800 days old for awhile. Now I'm shii and a few other people for a little while longer.


Sticking to one persona, especially one tied to the IRL you becomes annoying and restrictive. Much more freeing to openly speak your mind and be able to say things without every thought and action being traced back to one identity.

I've felt the same way, at times. I know things which are both interesting and counter-intuitive about the game industry.

But the information is inexorably tied with my identity, so I've concluded it's more prudent to have secrets and to allow the vocal uninformed to remain ignorant. In the end, it doesn't matter, and they probably wouldn't believe you anyway.

Aaron Barr is a notoriously bad speller.

What is more ironic?

1. The gross miss spelling in the post 2. That Mr Barr could not catch somewhat beginner hackers

> The gross miss spelling in the post

"Misspelling" is the word you're looking for.

What Interests me is, who capped all the logs. In a room with four ops and 4 non ops, unless it was server admin?

What about snagging someone's log files?

The person's name was [RADACATED] out when talked to or about. The mentioned the person as very quiet but that was good for collecting INTEL, which prolly means they were doing counter INTEL.

Didn't the kid have a spell checker or did he just want to sound l33t?

Usually I'm not a grammar nazi (english isn't my first language so I understand the curse of engrish) but this is just annoying to read.

These guys sound pretty butthurt


The problem with these tards is that they lack the discretion to find interesting problems to tackle. So: they pick on weaklings like Sony.

Real grown-ups find good problems to solve and, well, solve them. A lot of those guys profit from them.

I hope that the lolsec guys eventually realize that there's more to gain from helping the world than from hurting it.

The fact that Sony is a weakling is a problem, and I suspect that LulzSec is doing their level best to solve that problem. If the world comes out minus some internet filters and plus stronger corporate internet security, they've helped.

The fact that Sony is a weakling is a problem

It is a problem, sure.

LulzSec is doing their level best to solve that problem

No, they're just committing random acts of vandalism.

Sure. Random acts of vandalism end up all over the news, affected companies' stock crashes because simple random vandalism is highly effective, companies improve security to avoid becoming a target and losing money. In other words, "doing their level best to solve that problem."

Their last tweet is 5 hours back ... wonder if there will be anymore lulz there ...

Actually sabu is still tweeting and him and others are still active on their different irc channels.

I don't know about the validity of this, but that skull and cross bones was pretty fun.

I did actually ask Lulzsec to hack my site. They never got back.

I read the whole thing, for some lulz search laurelai then incremental search fbi lol

I personally applaud the unmasking of the internet's anonymous. Maybe once they realize they're not truly anonymous, they'll stop with their appalling behavior. What they're doing exemplifies everything that is wrong with our sensationalist, power-hungry and generally corrupted culture.

This kind of mob-trolling behavior is not ok, and prosecuting perpetrators to the full extend of the law ought to set a nice example.

I'm all for free speech, and blowing the whistle. But this is much too far, and honestly, anarchy isn't any better than a police state.

The paste has an anonymous author.

Point well taken. I would've been happier with, say, the FBI being behind the unmasking.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact