The Dark Arts: Meet the LulzSec Hackers

It’s difficult to say if [Aaron Barr], then CEO of software security company HBGary Federal, was in his right mind when he targeted the notorious hacking group known as Anonymous. He was trying to correlate Facebook and IRC activity to reveal the identities of the group’s key figures. In the shadowy world of black-hat hacking, getting your true identity revealed is known as getting doxed, and is something every hacker fears. Going after such a well-known group would be sure to get his struggling company some needed publicity. It would also have the most unfortunate side effect of getting the hacking groups attention as well.

DA_06
Aaron Barr

Perhaps [Aaron Barr] expected Anonymous to come after him…maybe he even welcomed the confrontation. After all, he was an ‘expert’ in software security. He ran his own security company. His CTO [Greg Hoglund] wrote a book about rootkits and maintained the website rootkits.com that boasted over 80 thousand registered users. Surely he could manage a few annoying attacks from a couple of teenage script kiddies playing on their parent’s computer. It would have been impossible for him to know how wrong he was.

It took the handful of hackers less that 24 hours to take complete control over the HBGary Federal website and databases. They also seized [Barr’s] Facebook, Twitter, Yahoo and even his World of Warcraft account. They replaced the HBGary Federal homepage with this declaration – with a link to a torrent file containing some 50,000 emails resting ominously at the bottom. At the same time, they were able to use social engineering techniques to SSH into the rootkit.com site and delete its entire contents.

It became clear that these handful of Anonymous hackers were good. Very good. This article will focus on the core of the HBGary hackers that would go on to form the elite LulzSec group. Future articles in this new and exciting Dark Arts series will focus on some of the various hacking techniques they used. Techniques including SQL injection, cross-site scripting, remote file inclusion and many others. We will keep our focus on how these techniques work and how they can be thwarted with better security practices.

LulzSec – For the Lulz

jake_davisName: Jake Davis

Alias: Topiary

Age at Arrest: 18

Hometown: Shetland Islands, Scotland

Role: Spokesperson

Twitter

[Jake Davis] – aka [Topiary] – might have been the least technically skilled of the group, but he made up for it in his ability with words. He was by far the most articulate of the group and commanded the official LulzSec Twitter feed, where he taunted the group’s victims and appeased their ever-growing fan base. [Topiary] goes back to the days of Anonymous and its origin on the popular image board 4chan. Being articulate and quick-witted, he was exceptionally good at doing prank calls while streaming them live to eager fans. His talent did not go unrecognized and the role of “mouthpiece” for Anonymous was his for the taking. Whenever a home page was defaced and replaced with an official Anonymous message, he was the author. The hacked HBGary homepage linked above was [Topiary’s] work.

Lest we leave you with the impression that [Topiary] was not a hacker, he learned a great deal of technical skills during his involvement with Anonymous and later Lulzsec. When he was arrested at his home on the Shetland Islands, he had 17 virtual machines running on an encrypted drive. His last tweet before his arrest – “You cannot arrest an idea”.

 

Name: Mustafa Al-Bassammustaffa al massam

Alias: Tflow

Age at Arrest: 16

Hometown: London, England

Role: Highly skilled coder

Twitter

[Mustafa Al-Bassam] – aka [Tflow] – was a bit socially awkward, but you would have never known it based on his demeanor in the secluded chat rooms of the Lulzsec hackers. Cool, calm and collected, [Tflow] never got involved with the many arguments that took place. The ability to check his emotions combined with advanced coding skills led his fellow hackers to believe he was much older than he really was. [Pwnsauce], another Lulzsec member whom we will not cover due to lack of information, believed he was at least 30 years old.

It was [Tflow] who first shed light on [Aaron Barr’s] plans to dox the Anonymous “leaders”. It was [Tflow] who wrote an advanced piece of code that allowed the citizens of Tunisia to get past their government’s ISP restrictions during the Arab Spring and post on social media. Let that sink in for a minute…a 16-year-old teenager had empowered an entire nation of people with a PHP script. [The Jester], a hacker who commanded a massive bot-net, once tried to hoodwink [Tflow] and his fellow hackers with a malicious script. [Tflow] took the script, reduced it from a few dozen lines to only two lines without limiting functionality, and sent it back to [The Jester] with the following note: Try this instead.

 

ryan_ackroid

Name: Ryan Ackroyd

Alias: Kayla

Age at Arrest: 24

Hometown: South Yorkshire, England

Role: Server Penetration

Twitter

[Ryan Ackroyd] was big into computer video games as a teen. He liked hacking them and hung out online with other like-minded people. A girl by the name of [Kayla] joined their circle of friends and [Ryan] enjoyed her company. A rival video game hacking group tried to hack [Ryan’s] group, and targeted the weakest link – 16-year-old [Kayla]. They destroyed her social networks and even got into her parent’s bank account. [Ryan] and his friends were furious. They all went after their rival, using the alias [Kayla] in her honor. Their retribution was so devastating that “Kayla” earned a reputation across this particular corner of the internet as someone not to cross. Over the years, the group fell apart, but [Ryan] remained and kept the alias of a 16 year old girl named [Kayla] who shouldn’t be messed with.

It was [Kayla] who socially engineered her way into rootkit.com. It was [Kayla] who discovered the SQL injection insecurity on the HBGary Federal website. She later wrote a program that scanned URLs many times per second looking for zero days. She’s a self-taught reverse engineer and was arguably the most skilled hacker on the Lulzsec team. She even had a trip wire in her apartment that wiped all hard drives when the police entered, and was branded by the courts as “highly forensically aware”. That’s legalese for “This guy knows his stuff”. She has some wise words in this reddit thread.

 

hector_monsegurName: Hector Monsegur

Alias: Sabu

Age at Arrest: 28

Hometown: New York City

Role: Leader & Skilled Hacker

Twitter

[Hector Monsegur] – aka [Sabu] – was the oldest and most mature of the Lulzsec hackers. He was the recognized leader of the group. He drove daily operations and squashed arguments. He was also a very skilled hacker himself, coming from a background of hacking government websites in his native Puerto Rico. [Sabu] was a hactivist, and believed in hacking for a social cause, while many of his team were still beholden to their 4chan/b/ days of hacking “for the lulz”. [Sabu] was not only a hacker of computers, he was a hacker of people, and highly skilled in the art of social engineering. Using his skills, he was able to steer LulzSec in the direction he wanted it to go.

[Sabu] was the first of the LulzSec hackers to get doxxed. When he was confronted by the FBI with a 100+ year prison sentence, he could not bear the idea of his kids growing up without him and turned informant. He has only recently returned to twitter, much to the annoyance of Anonymous.

Now What?

You have met the core of the LulzSec hackers. There are two more that we did not talk about due to lack of information: [Pwnsauce] and [AVUnit]. As of today, no one knows the true identity of [AVUnit]. It’s possible there are even more that we don’t know about. However, it is generally recognized that the hackers covered here were the core members.

Now that we know a little bit about the people behind some of the most remarkable hacks of modern times, we will go into detail about how they were able to carry these hacks out. If you’re looking for a “How to Hack a Website 101” tutorial, this series of articles will disappoint you. But if you want to know how these former hackers were able to do what they did, you will find this series quite enjoyable. We’re not just going to talk about the various techniques used, we’re going to understand how they work on a fundamental level. So stay tuned and keep your virtual machines on standby.

 

Sources

We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency, by Parmy Olsen. ISBN-978-0316213523

Running Calculus on an Arduino

It was Stardate 2267. A mysterious life form known as Redjac possessed the computer system of the USS Enterprise. Being well versed in both computer operations and mathematics, [Spock] instructed the computer to compute pi to the last digit. “…the value of pi is a transcendental figure without resolution” he would say. The task of computing pi presents to the computer an infinite process. The computer would have to work on the task forever, eventually forcing the Redjac out.

Calculus relies on infinite processes. And the Arduino is a (single thread) computer. So the idea of zeno_03running a calculus function on an Arduino presents a seemingly impossible scenario. In this article, we’re going to explore the idea of using derivative like techniques with a microcontroller. Let us be reminded that the derivative provides an instantaneous rate of change. Getting an instantaneous rate of change when the function is known is easy. However, when you’re working with a microcontroller and varying analog data without a known function, it’s not so easy. Our goal will be to get an average rate of change of the data. And since a microcontroller is many orders of magnitude faster than the rate of change of the incoming data, we can calculate the average rate of change over very small time intervals. Our work will be based on the fact that the average rate of change and instantaneous rate of change are the same over short time intervals.

Continue reading “Running Calculus on an Arduino”

Wink Hub Connects to SmartThings

As home automation grows more and more popular by the day, the free market is taking notice and working to supply the demand. The Wink Hub is a part of this current trend. It’s a device that allows many of your wireless devices to talk to one another. Things like lights, thermostats, door locks, garage doors…and many other devices can all connect to the hub. Typically, you use a program on your phone or tablet to control these devices. But because this is a closed source gadget, it can’t connect to everything, until now. A hacker was not only able to root the device, but he also gained the ability to connect to devices it was never designed to connect to.

[Michael] was able to get root and take control of some of the devices used with one of Wink’s main competitors – SmartThings. The process is not for the faint of heart and requires at least a yellow belt in Linux-Fu. [Michael] points out that you should use a Wink Hub that you don’t care about as the possibility of bricking it is there if something goes wrong.

We’ve seen a few instances of rooting the Wink and are happy to see these hacks maturing. It’s a shame the thing is locked down since the multiple radios make the hardware capable of being a great cross-platform hub. For legacy and better user experience, cross-platform operation is paramount. The industry isn’t moving in that direction… Phillips recently removed support for devices outside the Hue family. But the community wants this functionality and their push back led to a hasty reversal of Phillips’ changes. Hackers like [Michael] are showing what your home could be like if connected devices were free to interact with one another.

How to Find a Lost Drone with the Integral

If I asked you to find the area of a square, you would have no problem doing so. It would be the same if I asked you to find the volume of a cone or rectangle or any other regular shape. You might have to turn to Google to get the proper formula, but it would be a trivial process nonetheless. But what if I asked you to find the volume of some random vase sitting on a kitchen counter? How does one go about finding the volume of irregular shapes?

One way would be to fill the vase with much smaller objects of a known volume. Then you could add up the smaller volumes to get an estimate of the total volume of the vase. For instance, imagine we fill the vase with marbles. A marble is a sphere, and we can calculate the volume of each marble with the formula zeno014/3πr3. We count all of our marbles and multiply the total by the volume of a single marble and arrive at our answer. It is not perfect, however. There is a lot of empty space that exists between the marbles as they fill the vase. We are forced to conclude that our estimated volume will be lower that the actual volume.

It would be about this time when our good friend Isaac Newton would ask the question “What if you made the marbles smaller?” Reducing the size of each marble would reduce the empty space that exists between them as they pile up in the vase, giving us a more accurate total volume. But how small? Is there a limit to how small we can make them? “Do not trouble yourself with the limit.” says [Newton]. “You will find that as you make the marbles smaller and smaller, you will begin to converge on a single number – and that number will be the exact volume of your vase.”

Reducing the size of the marble to get a more exact volume demonstrates the idea of the integral – one of the two fundamental principles of The Calculus. The other principle is known as the derivative, which we explained in our previous article by taking a very careful and tedious examination of an arrow in flight. In this article, we shall take the same approach toward the integral. By the end, you will have a fundamental understanding of what the integral is, and more importantly, how it works. Our vase example gives you a good mental image of what the integral is all about, but it is hardly a fundamental understanding of it. Just how do you make those marbles smaller? To answer this question, let us look again at one of Zeno’s moving arrows.

Continue reading “How to Find a Lost Drone with the Integral”

Beer Kegs Make Excellent Resin Dispensers

[Josh Updyke] woke up one morning and found himself in a sticky situation. The demand for his modular robotic track system was outgrowing his ability to produce. One of the bottlenecks was weighing out resin. It’s a slow, monotonous process that must be done with accuracy. The free market did not have any affordable solutions to the problem. So like any hacker worth his weight in 2N2222 transistors, he made his own by re-purposing some used beer kegs.

The resin comes in two parts – the resin itself and a hardener. Each must be weighted out on a scale before mixing to ensure proper proportions. It was a trial-by-error learning process before [Josh] was able to settle on a final solution. First he tried some garden sprayers, which worked OK at first. But the resin was taking too long to exit the sprayers, and he had to pressurize them by manually pumping them with air. He ended up with a much better method that used some Cornelius Kegs.

Be sure to check out his io page for more details.

Calculus is not Hard – The Derivative

The Calculus is made up of a few basic principles that anyone can understand. If looked at in the right way, it’s easy to apply these principles to the world around you and to see how the real world works in their terms. Of the two main ideas of The Calculus — the derivative and the integral — today we’ll focus on the derivative.

You can enjoy this article by itself, but it is also worth looking back at the previous installment in this series. We went over the history of The Calculus and saw how it arose from two paradoxes put forth by a 4th century philosopher named Zeno of Elea. These paradoxes lead to the derivative/integral ideas that revolutionized mankind’s understanding of motion.

Continue reading “Calculus is not Hard – The Derivative”

Calculus is Not as Hard as you Think

“Everything should be made as simple as possible, but not simpler.”

                                                                                                Albert Einstein

Our journey begins with a fictitious character whom we shall call [John Doe]. He represents the average professional worker who can be found in cities and towns across the world. Most everyday, [John] wakes up to his alarm clock and drives his car to work. He takes an elevator to his office and logs on to his computer. And he does these things without the slightest clue of how any of them work. While he may be interested in learning about the inner workings of the machines and devices he uses on a daily basis, [John] does not have the time and energy to invest in doing so. To him cars, elevators, computers and alarm clocks are completely different and complicated machines with hardly any similarities. It is simply not possible to understand how each of them work without years of study.

The regular readers of Hackaday might see things a bit differently than our [John Doe]. They would know that the electric motor that moves the elevator is very similar to the alternator in his car. They would know that the PLC that controls the electric motor that moves the elevator is very similar to the computer he logs in to. They would know that on a fundamental level, the PLC, alarm clock and computer are all based on relatively simple transistor theory. What is a vast complicated mess to [John Doe] and the average person is nothing but the use of simple mechanical and electrical principles to the hacker. The complication resides in how those principles are applied. Abstracting the fundamental principles from complicated ideas allows us to simplify and understand them in a way that pays homage to Einstein’s off-the-cuff advice, quoted above.

Zeno of Elea 430 - 490BC
Zeno of Elea 490 – 430BC

Many of you look at The Calculus the same way [John Doe] looks at machines. You see the same vast, complicated mess that would require a great deal of time and effort to understand. But what if I told you that calculus shares a commonality in much the same way many different machines do. That there are a few basic principles that anyone can understand, and once you do, it will unlock a new way of looking at the world and how it works.

The average calculus course book is a thousand pages long. The [John Does] of the world will see a thousand difficult things to learn. The hacker, however, will see two basic principles and 998 examples of those principles. In this series of articles, I’m going to show you what these two principles – the derivative and the integral – are.  Based on work done by Professor [Michael Starbird] of The University of Texas at Austin for The Teaching Company, we’ll use everyday examples that anyone can understand. The Calculus reveals a particular beauty of our world — a beauty that arises when you’re able to view it dynamically as opposed to statically. It is my hope to give you this view.

Before we get started, it pays to understand a little of the history of how The Calculus came about, and how its roots lie in the very careful analysis of change and motion.

Zeno’s Paradox

Zeno of Elea was a philosopher in the fourth century BC. He posed several subtle but profound paradoxes, two of which would eventually give rise to The Calculus. It would take over 2,000 years for man’s ingenuity to solve the paradoxes. As you can imagine, it wasn’t easy. The difficulties largely revolved around the idea of infinity. How do you deal with infinity from a mathematical perspective? Sir Isaac Newton and Gottfried Leibniz would go on to independently invent The Calculus in the mid 17th century, finally putting the paradoxes to rest. Let us take a close look at them and see what the fuss was all about.

The Arrow

zeno_03Consider the arrow flying through the air. We can say with reasonable and competent assurance that the arrow is in motion. Now consider the arrow at any given instant in time. The arrow is no longer in motion. It is at rest. But we know the arrow is in motion, how can it be at rest! This is the paradox. It might seem silly, but it’s a very challenging concept to deal with it from a mathematical point of view.

We’ll find out later that what we’re really dealing with is the concept of an instantaneous rate of change, which we will elaborate on with the idea of one of the two principles of calculus – the derivative. It will allow us to calculate the velocity of the arrow at an instant in time – a monumental feat that took over two millennia for mankind to reach.

The Dichotomy

zeno_02Let us consider the same arrow again. This time let’s say the arrow is coming at us. Zeno says we don’t have to move, because it can never hit us. Imagine that as the arrow is in flight, it has to cover half the distance between the bow and the target. Once it reaches the half way point, it has to do this again – move half the distance between it and the target. Imagine that we keep doing this. The arrow is constantly moving halfway between its origin and target. By doing this, the arrow can never hit us! In real life, the arrow does eventually hit the target, leaving us with the paradox.

As with the first paradox, we’ll see how to resolve this issue with one of the two principles of calculus – the integral. The integral allows us to deal with the concept of infinity as a mathematical function. It is an extremely powerful tool to scientists and engineers.

The Two Principles of Calculus

The two main ideas of The Calculus will be demonstrated by using them to solve Zeno’s paradoxes.

  • The Derivative – The derivative is a technique that will allow us to calculate the velocity of the arrow in “The Arrow” paradox. We will do this by looking at positions of the arrow through incrementally smaller amounts of time, such that the precise velocity will be known when the time between measurements is infinitely small.
  • The Integral – The integral is a technique that will allow us to calculate the position of the arrow in the Dichotomy paradox.  We will do this by looking at velocities of the arrow through incrementally smaller amounts of time, such that the precise position will be known when the time between measurements is infinitely small.

It’s not difficult to notice some similarity between the derivative and integral. Both values are calculated by examining the arrow with increasingly finer time intervals. We will learn later that the integral and derivative are in fact two sides of the same ceramic capacitor.

Why Should I Learn Calculus?

We are all familiar with Ohm’s Law, which relates current, voltage and resistance in a simple equation. However, let us consider “Ohm’s Law” for a capacitor. A current flow through a capacitor is dependent on the voltage across it and time. Time is the critical variable here, and must be taken into account in any dynamic event. Calculus lets us understand and measure how things change over time. In the case of a capacitor, the current through it is equal to the capacitance multiplied by volts per second, or: i = C(dv/dt) where:

  • i  = current (instantaneous)
  • C = Capacitance in Farads
  • dv = change in voltage
  • dt = change in time

zeno_04In this circuit, there is no current flow through the capacitor. The volt meter will read the battery voltage and the ammeter will read zero amps. So long as the potentiometer is not moved, the voltage on the meter will be steady. Our equation would say that i = C(0/dt) = 0 amps. But what happens when we adjust the potentiometer? Our equation says there will be a resulting current flow in the capacitor. This current flow will be dependent on the rate the voltage changes, which is tied to how fast we move the potentiometer.

zeno_05

These graphs show the casual relationships between the voltage across the capacitor, the current through the capacitor and the speed we turn the potentiometer. It starts with the potentiometer turning slowly. An increase in speed results in a faster changing voltage which in turn results in a dramatic increase in current. At all points, the current through the capacitor is proportional to the rate of change of the voltage across it.

Calculus, or more specifically the derivative,  gives us the ability to quantify this rate of change, so that we can know the exact value of current running through the capacitor at any given instant in time. The same way we can know the instantaneous velocity of Zeno’s arrow. It is an incredibly powerful tool to have in your hacking arsenal.

In the next article, we will go into deep detail of how we calculate the derivative using a modern but still simple representation of Zeno’s “The Arrow” paradox and some basic algebra. A following article will do the same for the integral using the Dichotomy paradox. Then we will tie things up by showing how the two are related, something known as The Fundamental Theorem of Calculus.