A hacker group known as the A-Team claims to have discovered the identity of all members of the LulzSec Hacker group, releasing identifying information on 10 members of the LulzSec and Anonymous.
What remains to be revealed however, if the leaked identities are indeed correct, is if the A-TEAM is a hacker group as they claim. There remains another, and more likely possibility. The FEDS maybe in fact releasing the data in this manner, after recently arresting an alleged member of the group, based on data that was illegally sucked up and stored in the FBI and NSA vaccuum cleaner monitoring of the internet. Or perhaps, the hackers ISP’s may have be storing the internet conversations of all online users and turned it over to the Feds.
To sidestep any issues of constitutionality or lawsuits, the Feds would indeed turn over any illegally captured data in this manner because it seems highly odd that after 50 days of trying to catch LulzSec and after years of trying to catch Anonymous members the data with past IRC chat logs and attachments ousting the group is suddenly unvieled and released.
The release begins by revealing the background information on the group in relation to the time-line in the graphic below.
Specifically it begins
To understand who/what lulzsec/gn0sis are/is you need to understand where they came from. Everything originates from the *chan (4chan/711chan/etc.) culture. This internet subculture is pretty much the dregs of the internet. It’s a culture built around the anonymity of the internet. If your anonymous no one can find you. No one can hurt you, so your invincable. The problem with this idealogy, is it’s on the internet. The internet by definition is not anonymous. Computers have to have attribution. If you trace something back far enough you can find its origins. So let’s give a brief event timeline on how these groups got together:
- Anonymous rises up from 4chan against CoS.
- Anonymous starts DDoSing stuff.
- Various lower level hacking groups get involved.
- Anonymous stagnates for a while.
- Uprisings in the world Attract Anonymous.
- ProjectPM Looser Barrett Brown becomes mouth piece of Anon.
- Anonymous shifts focus toward “Worldy” Affairs.
- Aaron Barr desides he’s tired of his job and targets Anon.
- gn0sis (Uncommon) comes out of no where and releases the Gawker data.
- gn0sis teams up with anon hackers with all the OP<INSERT SOMETHING HERE> crap.
- gn0sis (nigg, eekdacat, uncommon, kayla, lauralie) and sabu (from OP Anon shit) hack HBGary.
- This is where Topiary comes in. They all form lulzsec to be “hacktivists”.
- Lulzsec (now a mix of gn0sis and opanon people) hack SONY and other stuff.
The problem with Lulzsec/gn0sis’s “Hacktivist” mantra is that they lack the skills to keep it going. As such after SONY they couldn’t get into anything. So they switched their focus to just releasing random crap that didn’t mean anything. Then they started running out of things they could hack. So they put out requests for people to join them. That got them a few hits, and now they’ve switched their gears again to be “ANTI-SEC”. Whether or not this was an attempt at bring other groups out of the shadows (el8, h0no, zf0, etc), you can only speculate. But as of this writing: 6/24/2011 Sabu and Topiary are the only two people updating the twitter and releasing shit. Kayla is MIA. The gn0sis kids are gone in hiding somewhere.
From what we’ve seen these lulzsec/gn0sis kids aren’t really that good at hacking. They troll the internet and search for sqlinjection vulnerabilities as well as Remote File Include/Local File Include bugs. Once found they try to download databases or pull down usernames and passwords. Their releases have nothing to do with their goals or their lulz. It’s purely based on whatever they find with their “google hacking” queries and then release it.
What’s funny to us is that these kids are all “Anti-Sec” yet by releasing their hacks they are forcing these companies to have to hire security professionals which keeps the Security Industry that they are trying to expose and shut down, in business. I guess they will realise that later in life when they get out of skid school.
So we’ve been tracking and infiltrating these kids since the gawker hack. We have the D0x (as they call it) on everyone except Sabu and Kayla. First we’ll go with the kid who did the gawker hack: Uncommon.
The Release ends:
Now we know that some other people have passed some stuff (senate.gov) to lulzsec (you will be owned soon mindwar). We think that with these kid’s exposed as long as other people stop passing lulzsec hacks that it will eventually die off. Kayla and sabu lack the skill to do anything more then go after the low hanging fruit.
Now keep in mind lulzsec will try to claim that gn0sis isn’t part of lulzsec or that no one is lulzsec. They will also try to claim that these d0x are corrent. If you look at these attacks demonstrated here, this is all the stuff that lulzsec hasn’t released yet and probably wont release because as of this writing gn0sis has split from lulzsec.
Which is why lulzsec is request help from outside sources. Because Sabu and Kayla lack the skills to hack anything on their own. Sabu and Kayla are the ones responsible for HBGary (gn0sis found the vulnerability vector though). This is evident in kayla’s dumping part of the shadow file to our spies:
(08:03:13 PM) kayla: root:$1$XvkHbOb.$hEB8k8G/YXcQadaGFCcsS0:15011:0:99999:7:::
(08:03:13 PM) kayla: jussi:$1$N0aKf9ao$.AZNp8UbP2JXDpaes64iG.:13378:0:99999:7:::
(08:03:14 PM) kayla: hoglund:$1$rfGprb5A$7hpSt9DW82ihOZEk3L3px.:15011:0:99999:7:::
(08:03:14 PM) kayla: dateach:$1$LNORLcjK$IB1elonAPmGJLdwCOQoR0/:13225:0:99999:7:::
(08:03:14 PM) kayla: pedram:$1$4oKzMX1n$IL36cXiKvnW4S8HpgmOS91:13208:0:99999:7:::
(08:03:14 PM) kayla: darawk:$1$pDY/ltrQ$sGPmCZqOU509g36CwctkD/:13217:0:99999:7:::If any law enforcment agency would like all the raw logs of everything please feel free to email THE A-TEAM!
ALPHA MIKE FOXTROT,
THE A-TEAM
And in between it identifies the following members of the group
- Uncommon
- EE or EEKDACAT
- Laurelai
- Nigg
- Madclown aka BERRI
- Topiary
- Avunit
- Sabu
- TFlow
- Joepie91
Uncommon – Richard Fontaine.
How to find Uncommon: His USER/IP: Richard Fontaine [email protected] ks354873.kimsufi.com is the server that hosts: http://cfyp.org.uk/ http://cfyp.org.uk/ is admined by: Daniel Rhodes-Mumby (http://cfyp.org.uk/2010/07/technical-issues-21st-july-2010/) Daniel Rhodes-Mumby and Richard Fontaine are friends from school (check their facebooks). We do not know if Daniel Rhodes-Mumby has anything to do with hacking, but he does allow Richard to bounce from his box... Daniel Rhodes-Mumby (https://www.facebook.com/drhodesmumby): Cashier at BrightHouse Studying BA (Hons) Politics at University of Salford Lives in City of Salford In a relationship with Alisha 'Magikarp' Barton Knows English, German, French From Grimsby, North East Lincolnshire, United Kingdom Born on December 4, 1991 Richard Fontaine (Uncommon)(https://www.facebook.com/jarofdoom): Studying Chemistry MChem at University College of Wales, Bangor Lives in Bangor, Gwynedd From Grimsby, North East Lincolnshire, United Kingdom Sister's: Charlotte Fontaine: Bartender at Cleethopes Bowling Alley Studied at Nottingham Trent Lives in Grimsby, North East Lincolnshire, United Kingdom Married to Melissa Scott - LESBOZ!!! From Grimsby, North East Lincolnshire, United Kingdom Natalie Fontaine: Transport Manager at Ski France Went to Caistor Grammar School In a relationship Richard Fontaine is also deaf and wears a hearing aid.
EE or EEKDACAT:
How to find EEKDACAT: EE Uses those Busy Box Bounces that were dropped in the lulzsec/gn0sis private channel logs (which were leaked). bounce: 89-38-2-102.tcnet.com.br (189.38.2.102) Hacked Busy Box IP (from Nigg). We back hacked him all the way back to his Home IP in Sartoga NY. originating ip: 74.67.45.11 cpe-74-67-45-11.nycap.res.rr.com (saratoga ny) Now this kid actually hacks stuff. He goes around and does his little google query hacking thing. Fing's his SQLinjections He then goes and downloads the databases. This is the kid who helped Uncommon with the attack on Gawker. Here is a big log of all the things he's hacked and is hacking. Along with proof that he was using a stolen router (which we back hacked him from)
Laurelai:
Next we have Laurelai. He is another transgendered non-hacker. He is also very ugly. Name: Laurelai Bailey AKA Wesley Bailey Born: 15 January 1982 Location: Davenport, Iowa (Quad Cities Metro Area) [Current] Fayetteville, AR [Previous] Austin, TX [Previous] Job: Tech Team Global Phone: 563-505-6082 Computer: Handles: Laurelai, artixstorm IP: [email protected] ( Frantech VPS ) Phone: Android Tablet: iPad OS: CentOS Profiles: https://www.facebook.com/laurelai.bailey http://disqus.com/facebook-771323265/ http://www.linkedin.com/pub/laurelai-bailey/31/995/5b5 http://www.scribd.com/laurelaib/info http://www.xfire.com/profile/wesleyraziel/ http://steamcommunity.com/id/artixstorm https://github.com/Laurelai http://www.janimes.com/forum/index.php?/user/35904-laurelai/ http://twitter.com/#!/ArtixStorm http://www.stickam.com/artixstorm http://www.myspace.com/artixstorm/ Sites: paralox.org ? oneechan.org Notes: Transgendered woman name she chose means 'temptress' yet she is hideous Location confirmed by phone location/linkedin/facebook and also mentions quad city area on reddit Name confirmed by facebook Pics confirmed by facebook/oneechan.org She Leaked #hq logs before gnosis/hbgary hackers became Lulzsec --- identification --- About: "Laurelai" is a failed chanology troll with a vendetta against Gregg Housh and AnonOps Legal Name: Wesley Bailey Occupation: Systems Administrator Aliases: - Laurelai Storm - Laurelai Bailey - Trinity Bailey - Raziel Twitter: @stuxnetsource Domains: - oneechan.org: setup as "trans support" Irc: - irc.oneechan.org: #oneechan - botnet.biz: #tr0ll Email Addresses: - [email protected] - [email protected] Facebook: http://facebook.com/laurelai.bailey AIM: lulzchan ED: http://encyclopediadramatica.com/Raziel+wesley+bailey+chanology Affiliations: - Gnosis (Hacker group responsible for Gawker hack) - AnonOps Oper: 18:16 [tsukihi] -OperServ([email protected])- Laurelai - Oper + Services Root Administrator DOB: 1-15-82 Residence: Waterloo, Iowa Home Internet: 173.23.30.122 Hometown: Killeen, TX Bio: 10 year army veteran: stations in Killeen and Korea Personal: Laurelai is a pre-operative "transsexual" --- systems --- - vps-node1: Laurelai:x:525:525::/home/Laurelai:/bin/bash --- Gnosis --- - members: kayla,garrett,Laurelai,pw,Uncommon,Eekdacat,Fubar,berry,egeste,insid,nigg,tflow --- connections --- - uncommon (UncommonGN on twitter) is responsible for the google dork that lead to the gawker compromise - kayla according to laurelai is laurelai's protege - jennifer emick and him were involved in the same troll group: http://encyclopediadramatica.com/Jennifer_Emick - sabu: soley responsible for the attack on HBGary no matter what Kayla sells you it was all Sabu; he's 'anti-sec 4 life dood'
NIGG
Now we have NIGG. His real name is TOM. His real Name, Username, PC Name, and Home IP is: Tom Tom@Tom-PC 92.20.236.78 He is a minor hacker in the group. He is the one who got all the stolen routers that everyone is useing.
madclown aka BERRI
Now we have madclown aka BERRI. His real name is Peter. He claims to be Trans Gendered. His real Name, Username, PC Name, and Home IP is: Peter [email protected] He doesn't really do anything except have gender identity issues. originating ip: CPE-124-183-112-15.lns14.ken.bigpond.net.au (124.183.112.15)
Topiary
Now we have Topiary. Probably the lamest one of the bunch. He doesn't actually do anything except give interviews. There are plenty of logs of him all over the internet being a complete idiot. His "d0x" are all over the internet also. He tries to deny it but there are logs of him bitching about being d0x'ed int he #hq logs that Laurelai leaked. Name: Daniel Ackerman Sandberg Location: Sweden Computer: Handles: Atopiary, Gardenslayer, whirlpool Profiles:
Avunit
Dox: Name: Christopher Ellison Location: Colchester, Essex Business: avunit(.com) as Media Manager 00441473705206 Computer: Profiles: http://uk.linkedin.com/pub/christopher-ellison/31/611/684 http://www.facebook.com/profile.php?id=701043505 ? Sites: Notes: Dox confirmed by #hq logs where he says the dox posted are true
Sabu
Dox: Name: Hector Xavier Montsegur Location: New York, New York Race: Puerto Rican ? E-Mail: [email protected] Computer: Handles: 548U, hectic_les, leon IP: 199.68.198.129 (ssh-only.recklesstheory.com) Profiles: http://www.facebook.com/lesmujahideen ? Sites: prvt.org Notes: dox confirmed by archived whois entries for prvt.org (his personal site according to #hq logs which he anonymized DNS after release)
tFlow
Dox: Name: Solomon Saleh Location: London, UK Job: Web Developer at Wikijob.co.uk Computer: Handles: timeflow, bottle_of_rum Profiles: https://www.facebook.com/dormitree http://about.me/solomon2 http://www.linkedin.com/in/solomonsaleh http://blog.kornar.com/ Sites: Notes: dox refinforced by facebook (computer science interests) and about.me (claims to be a hacker, londoner)
Joepie91
Dox: Name: Sven Slootweg Location: Wijnstraat 211 3311BV Dordrecht, Netherlands Phone: (+31) 06 - 26 51 99 55 E-Mail: [email protected] [email protected] [email protected] Computer: IP: @an-2A2E2EE5.adsl.wanadoo.nl Profiles: http://twitter.com/#!/joepie91 Sites: www.yunicc.ws www.chinacheep.com www.anonnews.org www.sven-slootweg.nl Notes: Name reinforced by #hq logs (he claims his personal site) and confirmed by LulzSec Exposed logs (mentions theyre his sites) Name confirmed by twitter Phone confirmed by gmail Location reinforced by Lulzsec Exposed logs Lulzsec affiliate, friend of Ryan
The attack, which hacking group Anonymous pledged to carry …
Earlier the hacker group …
U.S. officials are invoking the specter of an all …
The Associated Press …