Anonymous meets its own insider threat

When I was at RSA in February, people trembled with unease whenever the subject of Anonymous came up. One of the big stories that week was the vandalism of HBGary's exhibit booth and that vendor's hasty exit from the conference.

The fear was that members of Anonymous could be anywhere, even inside one of the world's biggest annual security gatherings.

The unease is still there, but a few of you might take comfort in knowing that Anonymous has its own threats to deal with.

Postings by administrators of the group's AnonOps Network suggest they are dealing with an insider attack.

The message reads:

Dear Users of the AnonOps Network,

We regret to inform you today that our network has been compromised by a former IRC-operator and fellow helper named "Ryan". He decided that he didn't like the leaderless command structure that AnonOps Network Admins use. So he organised a coup d'etat, with his "friends" at skidsr.us . Using the networks service bot "Zalgo" he scavenged the IP's and passwords of all the network servers (including the hub) and then systematically aimed denial of service attacks at them (which is why the network has been unstable for the past week). Unfortunately he has control of the domain names AnonOps.ru (and possibly AnonOps.net, we don't know at this stage) so we are unable to continue using them. We however still have control over AnonOps.in, and will continue to publish news there.

We would STRONGLY ADVISE all users to STAY AWAY from AnonOps.net and AnonOps.ru, and they should be considered COMPROMISED. Using or connecting to any service on those addresses may put your computer, and by extension your person, at risk.

We will continue to update you on this story, as well as on how we proceed with the future of Anonops.

We are profoundly sorry for this drama, and we can't give you a an estimate on when service will resume normally.

Alas, the IRC-network will probably remain down until we can sort this out.

We will try to keep you up to date you via our official channel (anonops.in).

Signed,

The "Old" AnonOps netstaff.

"shitstorm", "Nerdo","owen","blergh", and "Power2All"

P.S: Further notices on AnonOps.net/ru will probably be posted to dispell this one, and any unavailablity of AnonOps.in will only prove this message is true. THIS IS NOT A JOKE, THIS ISN'T A LIE, THIS IS THE TRUTH AND WE ARE SORRY FOR THAT.

P.P.S: The person behind this attack is also involved in the "new" Encyclopedia Dramatica (encyclopediadramatica.ch) . If you have previously signed up as a user with a legitimate email-address/password, you should take caution and consider that your account and password *might* be compromised.Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

This probably doesn't change the overall threat from Anonymous in the long run, but it goes to show that the corporate world isn't alone in its struggle with malicious insiders.

--Bill Brenner

Insider: How a good CSO confronts inevitable bad news
Join the discussion
Be the first to comment on this article. Our Commenting Policies