My Twitter Timeline is full news about the discovery of the malware called Flame, which was found mainly in Iran and some other middle east countries. This is also another malware targeting particular countries and used for espionage which has some unique features that separates it from other malware like Stuxnet, and Duqu and some features that resembles them.
It is a backdoor virus, a trojan virus and also a worm combined, it spreads mainly via USB devices and through networks.
It has a complete malware, it can record audio from the mic of the computer, take screenshots and also log key presses and send them to the command and control center. Although there have been malware with such features this is the first malware to have all these features.
Flame malware is large which is 20mb, where most of the malware that are found these days are mostly smaller in size.
The malware is highly complex, it has multiple compression and encryption methods to be used for the data sending to the command and control servers.
According to researchers it has some features common to Stuxnet, which targeted nuclear power plants of Iran, Flame is also used for industrial espionage and use the same vulnerability in Windows to infect. This is another example for cyber attacks targeting governments and high-profile targets of countries.
It’s not hard for one to imagine that an average person or a group, because :
An average coder or a group can’t create malware with such complexity. It requires a group of highly talented group of people specialized in designing such malware which only very few countries in the world possess.
An average person or a group has no need of such a malware to spy on Iran and other Middle Eastern countries other than another country who are keen to keep an eye on Middle East, and only few countries have talent to build such a malware, like US, Israel or China who are famous for its hacking capabilities.
It is the most complex piece of malicious software discovered to date, said Kaspersky Lab security senior researcher Roel Schouwenberg, whose company discovered the virus. The results of the Lab’s work were made available on Monday.
According to Kaspersky the Flame malware has gone undetected for five years which is a pretty long time and if someone or a country can build such a tool five years ago. One can imagine how complex these industrial malware have evolved now, and the tech skills of the builders of Flame could have achived by now.
This also makes a question that how many unknown cyber operations are currently out there happening around the world done by countries, and cyber capabilities of other countries. Because, malware like Duqu, Stuxnet are not malware that are not made and being used by ordinary hackers. According to my friend @ipv10 who is a web researcher herself looking at the distribution and capabilities required to build such a malware the origin of the malware should be non other than USA.
If you are skeptic about cyber warfare, it has already begun. And when other countries are moving fast in the direction of arming themselves with cyber weapons inducing India, all we are doing is hunting perverts on Facebook, time for us to move on improving out cyber capabilities.
It’s not a new thing that Chines mobile firms like ZTE and Huawei are famous for helping the Chinese government to gather intelligence from around world, helped China to engage in intellectual property theft from leading companies, and the data that were being gathered by ZTE and Huwawei devices helped in Chinese hackers in breaking into important places. It’s a known thing now that ZTE and Huwawei devices are now banned in companies in US and other foreign countries. So what’s the state in Sri Lanka?
Both ZTE and Huawei have signed contracts worth tens of millions of US dollars with governments in Central Asia, not known for their democratic credentials.
The telecoms products (like USB dongles) and possibly even services (including underlying network technologies and infrastructure) aid espionage.
Major telecom providers in Sri Lanka have multi-million dollar contracts with ZTE and Huawei.
In fact, the overwhelming majority of mobile broadband internet access devices sold in Sri Lanka by Mobitel, Dialog Axiata, Etisalat and Airtel are made by either ZTE or Huawei. Even I am using a Huwawei device which I bought from a Mobitel outlet.
In June 2011, it was reported that “Sri Lanka Telecom (SLT) has awarded a long-awaited LKR3 billion (USD 27 million) fibre-optic network rollout contract to China’s ZTE Corp as part of the national ‘i-Sri Lanka’ project”.
Mobitel signed an agreement (May 2011) with the country’s Board of Investment for equipment import duty exemption on its LTE network deployment in partnership with another Chinese vendor, ZTE.
Huawei maintains a 33% sector share of existing infrastructure maintenance.
Chinese firms continue to make inroads into the Sri Lankan market, including into areas such as telecommunications infrastructure. The Sri Lankan telecommunications market has expanded rapidly, and telephone companies plan to expand into the newly freed conflict areas of the North and East. Huawei Telecommunications, a Chinese owned corporation, has worked diligently to corner the telecommunications infrastructure market in Sri Lanka.
Huawei maintains a 33% sector share of existing infrastructure maintenance. Alcatel-Lucent and Ericcson are the two other major competitors, and each has a 33% sector share of existing infrastructure maintenance. Another Chinese company ZTE has a tiny 2% marker share. Huawei Sri Lanka is expanding aggressively into the new infrastructure market in the North and East, where they own more then 75% market share. Alcatel-Lucent and Ericcson are not major players in the new infrastructure market, and they seem disinterested in increasing their market share.
Yes, it’s acceptable that because we don’t make our own devices like USA, we don’t have any other option other than go for the cheap Chinese products, however it’s a scary that from the device we use to access the internet and the technology in the country is provided by Chinese companies that are famous for spying and aiding Chinese government hacking attacks.
Some experts say ZTE and Huwawei is worse than Stuxnet and according to some there are direct connections between Chinese companies like ZTE and Huawei with Chinese hacking attacks on US companies like US defense contractors and US military officials.
When it’s not only the devices but the whole internet structure in the country has been built by Huawei and ZTE there’s almost no escape, they might be spying on us even this very moment. Although I don’t agree with what Groundviews say most of the time, I have to appreciate them for giving these stats that most people don’t know. If you are worried about a Chinese invasion, they are already here.
Looks like Sri Lankan Internet Service Providers are blocking access to popular torrent tacking website The Pirate Bay (thepiratebay) and popular code sharing website pastebin.com.
The Sri Lanka Telecon has blocked access to Pastebin and The Pirate Bay for two days/ The Indian ISP AirTel has blocked access to torrent websites like The Pirate Bay and Torrents.eu for few weeks now.
It’s not sure why Sri Lanka Telecom is blocking access to patebin, however looks like not all Sri Lanka Telecom subscribers are affected, according to some pastbin is still accessible and takes a very long time for the page to come up. Pastebin is a website designed for code sharing, however now it’s widely being used by the Anonymous hackers as a place to post their hacked data. So is Sri Lanka Telecom blocking access to pastebin because Anonymous hackers posting hacked information? There is no any other reason than that to block pastebin.
Looks like The Pirate Bay is also being blocked by Sri Lanka Telecom, the real reason for this is still unknown, there has been no press release or anything like that. Sri Lankan Telecom might be blocking Piratebay because of piracy issues, and people must not forget that Piratebay is also a place where Anonymous hackers release their hacked information.
@ipv10 @RukshanR well yeh its working bt taking too much time to load n i cant access @tpb
@CrazyNalin @RukshanR @tpb TPB is banned from Airtel too. torrents . eu and some more too. Many people are having difficulties in accessing
— Madhu (@ipv10) May 20, 2012
However for non Sri Lankan Telecom subscribers pastebin and The Pirate Bay (for non AriTel subscribers) is still freely accessible.
Did Sri Lankan Telecom block patebin because of Anonymous hackers? I’ll update this post as I find more information.
However, if you know the ways it’s pretty much easy to bypass these blocks by using proxies, VPN, or my favorite TOR. Meanwhile in Pakistan Twitter has been blocked by the Pakistani Telecommunication Authority, looks like today is a sad day for freedom on the internet.
After all the drama and series of posts about AnonymousLK, I decided to write a post that I was thinking to write for a long time, a post about “The Jester” (th3j35t3r).
Basically Jester is a “patriotic” hacker that launches denial of service attacks on Jihad terrorist websites. If you are someone wondering who’s jester, the wikileaks page about Jester and this blog post about jester gives all the information you need to know about jester’s history from the beginning.
Before writing the post I have to say, I’m not a supporter of jester, nor I’m against him, I’m just an observer on the internet and looking online drama eating pop corn. However I am against Anonymous.
The thing I’m happy about jester is going after the Jihadi websites and taking them down with his DoS tool XerXes, according to Sam Bowne XerXes is most likely a modified SlowLoris tool. Well I’m not going to talk about Jester’s history and what’s he doing, I thought of writing this post after seeing what’s happening with Jester recently.
Jester’s famous quote is,
There is an unequal amount of good and bad in most things, the thing is to figure out the ratio and act accordingly.
I think same can be said about Jester, there is an unequal amount of good and bad in him. Jester has a good side and a bad side, the bad side of him is making people leave Jester and made me write this post.
Some of his former IRC channel ops and some of former Jester fans have now formed a separate movement called ReaperSec that’s heavily criticizing Jester. You can read their blog at http://reapersec.wordpress.com
First of all Jester lies more than he should, and takes credit for what he has not done, as reapersec points out on their blog post :
Modified LOIC to expose users IP – Never happened, unknowing users where exposed by default.
Infected DHN.zip distributed to Anonymous – Never happend, AnonymousDown found the file, th3j35t3r asked Tyrkoil to write his blog post claiming that he (th3j35t3r) had modified the file.
Anonops Anope Services dump – Didn’t directly take credit, but did refuse to give credit to individual who performed the hack. Originally performed by HackThePlanet if I recall.
Tripoli Post hack – Used a known vulnerability as XSS (Cross-site scripting) to inject a photo that looked similar to an actual article. (Target Site | Image Source | XSS Effect) This will only work if you use the link he provided. No, he didn’t actually hack into the Tripoli Post web servers.
This also includes the TeamPoison arrests. Yes, Jester went on a exchange of words with Trick of Team Poison, but it was actually LeRes that did the important part in identifying the members of Team Poison, however it was jester that really took credit for what LeRes has done.
The QR code hack of Jester :
Yes, when I first read the post about the QR code hack I was like OMG (yes I have to admit that I didn’t went through the code until people started questioning about it), and soon after that many people started to question about the QR code hack, even the people within the jester’s IRC channel still are in doubt about the hack for many reasons,
How did jester use an exploit in webkit to hack in to Android and iOS devices that was patched back in 2010?
You need two shell codes for Android and iOS devices, Jester’s code lacked platform detection, and how he used a single shell to hack both iOS and Android devices is still a big problem.
The data that jester said he got after the QR code hack which he said he’s going to publish was never published.
Some of the people that said who scanned the QR code has actually never scanned the QR code.
Although the Wikipedia page about Jester say that he released an encrypted version of the data from the QR code hack I talked with someone from the jester’s IRC and I couldn’t find anyone who has actually seen the data (from the people I talked at his IRC and people elsewhere on the internet), and although Jester said that he sent the data to the FBI, according to people at his own IRC it’s another big lie.
You can read a more technical explanation about why the whole QR code hack is a fake from these two explanations by ReaperSec:
If you don’t know Saladin is the new mysterious tool by jester that is capable of vanishing websites in to thin air, actually as far as most people believe a tool like that cannot exist. I even talked about this with Sam Bowne, the problem is taking a website down is possible like a mass defacement, however even if you take the website down the administrators of the site should be about to use the domain name of the website because there is no problem with the domain names. This is a question that nobody is capable of answering.
The only best explanation came from ReaperSec itself where they showed that all the domain names have been expired and the owners haven’t renewed it, and jester just made the story up about a mysterious tool called Saladin to take credit.
These are so many questions that are yet to be answered by the Jester, however looking at the recent happenings rather than answering the questions look like Jester is more interested in playing a Duck and run game when the going gets hot.
For example when the jester posted about the QR code hack in March, people started questioning him, rather than answering he started a fight with TeamPoison and then everybody took notice about TeamPoison and what they did, and after TeamPoison went down, everybody forgot the QR code hack and Jester didn’t answer the questions made.
Even when people started talking about Saladin, same thing happened, Jester said he was going to post a full disclosure about Saladin, but then mysteriously went dark on the day where he said he’s going to publish the post. Then came some drama from the @cubespherical twitter account saying he knows jester’s identity, people came up with different opinions of jester going dark. Jester came up few days later, bashed @cubespherical. Never answered the questions any question, the post about Saladin full disclosure never saw the light of day.
Most of my friends now believe that @cubespherical and Jester are the same, and Jester put on this online drama to cover up about Saladin.
Why is Jester strong?
I think jester is influential because of his loyal fan base, some of them are following him blindly, and although some are followers of him, they still have doubts about Jester and his capabilities and don’t believe what he’s saying about Saladin.
It’s because of these followers that help Jester in fight what’s coming at him, if it wasn’t for LeRes Jester wouldn’t have released information about TeamPoison members. Jester didn’t even properly dox Sabu.
Final conclusion?
In my opinion I think Jester is just another “grey hat hacker” who is overly hyped on his DoS attacks on websites, if you have the knowledge you can DoS, DoS attacks happen everyday on the web, so what’s the fuzz about Jester’s DoS? Yes, DoS attacks on Jihad websites is a good thing, apart from that what is he good at?
I think now most people are starting to realize that Jester is another DoSer that’s getting too much attention, and Jester likes getting attention, I think he enjoys getting attention. I think that’s why he’s taking credit for things he didn’t do. And put online dramas, so people will know about him. After all what has he done apart from doing DoS attacks? He’s like a thug surrounded by trolls that support him, without his fans he’s just no body.
I might be wrong in this opinion, but still I hope Jester will at least give his disclosure of Saladin, so we can see he’s telling the truth.
Action speaks louder than words but not nearly as often. – Mark Twain
Never stop your enemy while he is making a mistake
I had a different post dedicated for ZonTa which I was thinking publishing first, however I decided to rewrite the post because as the time went on more and more evidence came up about it. When I first published my post Rooting the Anonymous, ZonTa came to my blog commentingabout the post, actually he was the first to comment on the post.
ZonTa accepts Sameera is among AnonymousLK
This comment makes some interesting points, let me give it to you one by one.
ZonTa admits Sameera De Alwis tweets from AnonymousLK.
ZonTa says Sameera tweeted about the IRC channel that has no connection to them, although the chat records and screen shots clearly shows that the people in the IRC channel #srilankanz talk about AnonymousLK activities.
If you look at the comment made by ZonTa even a child can understand that this comment is made by the real ZonTa defending the IRC channel and to show that he has no connection with Sameera, did I anywhere in the post about Sameera have mentioned about the IRC channel? NO, so why is ZonTa panicking so much about the IRC channel?
And why no reply from ZonTa after us proving that people #srilankanz channel at irc.evilzone.orgadmitting that they are AnonymousLK?
If this is not the real ZonTa how can he say the #srilankanz channel was created 2-3 years ago?
So ZonTa has no connection with AnonymousLK? I’ll let you decide after this post. But before that let me give you a small story that dates back before AnonymousLK. After the filed browser xAurora, hackerzmafia got together with ZonTa who was arrested same year, and ZeroThunder to from hackimpact.com which was another epic fail as xAurora. Remember this for now, I’ll come to this point tater.
I have to say that it’s not just their Tweet that had the irc link to the #Srilankan channel, even in the Facebook profile picture from their begging they had the irc link to the #srilankanz channel. So if ZonTa say his irc channel #srilankanz has no connection with AnonymousLK why is AnonymousLK show a link to the irc for nearly one year?
Click to see the large photo
AnonymousLK tweet their IRC
So if we go to the AnonymousLK irc channel #srilankanz at irc.evilzone.org, a simple irc command is all you need to see who created the IRC channel, /msg chanserv info #srilankanz. Which gives a result like this,
ZonTa created the #srilankanz channel
This clearly shows that the IRC channel #srilankanz was created by a person named ZonTa back in 2010, which exactly mach the dates of the comment. Coincidence? You decide 😉
As you saw in the post with the chat records, we’ve been to their AnonymousLK IRC channel, and when you see the “whois” information of ZonTa (“/whois zonta” if he is online), the whois information for ZonTa is,
Whois information for ZonTa
As you can see there is a domain name associated with ZonTa, zt-security.com. zt-security.com was hacking forum that was run by ZonTa until 2011, every domain name has a registration information that the person owning the domain name has to give before buying a domain name, you can hide this information if you want, which unfortunately ZonTa didn’t or forgot to hide.
So we have a name and an address belonging to ZonTa, which the name is Shalika Ranatunga, and an address leading to Mirigama area. If you are familiar with the hacking incidents in Sri Lanka, the most famous hacking incident was the hacking of the Western Provincial Council Website which was back in 2009, which was done by a hacker naming ZonTa, he didn’t hide his IP and got arrested.
There is a small typing mistake in the article where the name should be Shalika Gayeshan, not Shantha Gayesha.
A student who is alleged to have hacked into the Western Provincial Council website was produced in courts today and given bail of Rs. one million by Colombo Chief Magistrate, Nishantha Hapuarachchi.
Shantha Gayesha Ranatunga from a leading school in Mirigama is alleged to have distorted facts between the Chief Minister and the Governor of the Western Province and in the process disturbed the functions of the site, the court was informed.
So is this coincident, both the WPC hacking ZonTa and IRC channel creator of ZonTa both having the same name and address, coincidence? 😉 you decide.
More articles showing ZonTa did the hack on WPC website :
So now that we have a name on ZonTa, Shalika Gayeshan Ranatunga, googling the name will give all the information for everyone to see who’s ZonTa. I’m not going to post his social networking profiles, because I don’t think it’s not a good thing for him, he was convicted before and getting caught for hacking for second time means there is no way out for him except jail.
And I won’t put where he’s working, because I don’t like to see him lose his job, I’m not the bad guy like they’re so hard trying to be, ZonTa aka Shalika Ranatunga is responsible the of network security in a leading Sri Lankan mobile company.
However I’m going to give one profile of Shalika Ranatunga, his linked in profile. This nails the coffin on the mysterious ZonTa and shows the connection with ZonTa and Sameera.
Go to the LinkedIn profile and see what’s the “Business Website” of Shalika, guess what it’s hackimpact.com, which is owned by the Sameera De Alwis as we’ve shown the person who create AnonymousLK, ZonTa, Zer0Tunder and Sameera started hackimpact.com, can’t believe it? Check out the video below.
ZonTa also has a Fiverr profile which he uses the username BugFree, where he shows off his black hat capabilities to make money, he used to tweet all these things on Twitter, after we published the first post about Sameera, ZonTa was quick to delete all the tweets, but he didn’t delete his “Fiverr gigs”.
Fiverr.com/bugfree
In an epic fail today, AnonymousLK tweeted this, admitting that ZonTa is their IRC friend, actually he’s not just a friend but the guy who created your IRC channel.
Anonymous admits ZonTa is their friend
That put a wrap to this mystery about who is ZonTa and completes the whole picture about AnonymousLK, anymore things I need to prove?
It’s epic that someone has commented on the Elakiri article about your arrest,
If you’re a good hacker everybody knows about you, if you are a great hacker nobody knows about you.
What now AnonymousLK, more denial? more running from truth? more screwed up theories with no facts? Still say ZonTa is not your friend?
Don’t say ZonTa and everyone are in my team, I don’t work with black hats. Hope this post refresh your memory ZonTa. Tango Down.
When are you going to hack my email Shalika? 😉
Personal note :
Me and ipv10 were talking about ZonTa last night, most Sri Lankan hackers think that ZonTa is the best hacker in the country, which he is not. He thinks he is a good hacker which he is not, obviously he’s no more than a n00bs. Our guess was that he never expected someone from Sri Lanka will out smart them. Me and ipv10 has been in the infosec field more than you ZonTa, G2kev just stated his infosec work but is younger than you can’t even imagine.
And I’m not a hacker, I’m just a guy who does infosec work as a hobby. I’m Razor or anyone you say I am. So no more hiding ZonTa, no more false tweets. Admit it, we gotcha 😉
I think Shalika has some addiction for hacking, or else who else continue this work even after being arrested?
UPDATES :
Update 1 :
Due to misunderstanding of some people i need explain that @g2kev is not G2 Gayan and has no connection with G2Labs of G2 Gayan. It just happens to be @g2kev‘s twitter username begins with G2, everything in this op was done by me, ipv10 and g2kev with no support from external sources. I hope this clears things out if people have any doubts. More posts to come, all in good times.
Update 2 :
We found the deleted tweets of ZonTa asking to check website security on Fiverr, all these tweets were deleted after we posted the first post about Sameera.
Today was an exciting day for all of us, in today’s ‘heated’ argument with AnonymousLK, I learnt a valuable lesson. “When you are in deep shit, you keep your mouth shut, you know what happen if not”
I also suggest you reading our previous two posts if you don’t are new to this story. Click on the images to see more clearly.
This is a lesson AnonymousLK doesn’t seem to learn, the more they tweet the more they prove us we’re right and self doxing them. TX yesterday said that he is going to open the gates of hell upon me, which I did on him today. After all that drama I decided to add this special post before the next post about AnonymousLK members.
The first reply of AnonymousLK for our yesterday’s post was, all the information we published is false, but they never gave any evidence to prove we’re wrong, when all the evidence are there to prove that we’re right.In the post we proved that AnonymouosLK was started by Sameera De Alwis.
For that AnonymousLK replied with this,
AnonymousLK said they used Dr Sameera De Alwis’s identity. Which is false because you need to enter a verifying code to connect a mobile phone number to an email account.
Then AnonymousLK replied with this,
AnonymousLK say they used Sameera De Alwis’s information, then say they are trying to save him, Whoa, what?
Then they went on to say this,
Whoa what? You kidding me, how come AnonymousLK know that hackerzmafia@gmail.com email account was created on 2001? this is a thing only Sameera knows, Self doxing buddy? Facepalm 😉 Oh, BTW Gmail never existed back in 2001, Facepalm again 😉
Then this,
CID called Zonta, really? How come AnonymousLK know that CID calling Zonta, Zonta at your place AnonymousLK? And this goes to prove is a member of AnonymousLK. Self doxing. 😉
Then this, which amuses me the most,
OK, if I published false info then prove me wrong, and if I published false info and TX goes to police then TX has to prove that he is TX, which will be very much amusing to see, seriously TX and AnonymousLK how are you going to prove you are TX? TX going to self dox himself in-front of the police? I’m looking forward to that.
Then this,
OK then again AnonymousLK saying they have contact with Zonta, which proves us right again, that Zonta is a member of AnonymousLK. Self doxing again. Facepalm 😉
Then this,
OH really, I use two-way authentication so you can never enter my emails, Facepalm. And I hope zonta don’t wanna go to prison again for hacking 😉 the food they serve at prison is pretty bad 😉
This just made me lol hard it made me cry,
Same goes here, if Zero, TX goes to police they have to prove themselves that they are Zero and TX, how are you going to prove that you are TX and Zero? and it’ll be very amusing to watch, because it’ll be self doxing.
And BTW for all the hacking Zer0 Thunder has done, it’ll be him not me that’ll end up in jail. Anymore self doxing guys?
When you are in deep shit keep your mouth shut.. You know what will happen if not. 😀 Tango Down.
Update :
I just remembered a comment that ZonTa has posted on my previous post, which we can also come to some interesting conclusions. See the text underlined in text? Click to see it more clearly.
ZonTa accepts Sameera is among AnonymousLK
ZonTa admits Sameera is among AnonymousLK
How can ZonTa know that Sameera tweeted the link to their IRC without me talking a word about the tweet?
And how come the chat logs show that #srilankanz channel is the channel of AnonymousLK? Which is the opposite of what he is saying.
And as in the above screenshots why can’t AnonymousLK contact ZonTa and ask why Zonta said Sameera is behind AnonymousLK?
I guess this is what happens when n00bs try to hack, and no coordination between the group. When I type my left and knows what my right hand is typing, looks like it’s not the same with you.
ummmma ummmmaa…:P hell’s gate is open now.. thr is no going back rukshan.. k.. and last thing we r nt anonSL fuckers..
I don’t know how they are going to open the gates of hell, I see AnonymousLK member Zonta is scared and covering his online tracks 😉 and deleting his Tweets. So because TX threatened me I decided to add an additional post before the next post about AnonymousLK members. Just to give an idea of what’s to come. Like always credits must go to @ipv10 and @g2kev.
So we found the IRC channel of AnonymousLK, we went there using a fake identity as “pilgrim”, however we never thought it’ll be this is to get information, because TX spilled the beans on the very second day. Yes TX, we’re pilgrim, bang your head on the wall. Here’s the most important chat record between TX and pilgrim (us).
The important parts are highlighted in orange, and my comments are highlighted in green, I’ve removed some racist comments by TX from my post, you can see the original transcript over here : http://nopaste.me/raw/16019151884fabeaedbf178.txt
17:38 pilgrim : i searched about zonta too, he got arrested for hacking isn’t he 17:39 TX : yap 17:40 pilgrim : lol don’t you guys work with the anons? 17:40 TX : mayb 😀 17:41 pilgrim : i have some anon friends 17:41 pilgrim : very good hackers 17:41 TX : who 17:41 TX : names 17:41 TX : ? 17:41 pilgrim : but don’t post their hacks now they got arrested 17:41 pilgrim : after what sabu did 17:42 TX : lulzec n anon r two teams 17:42 pilgrim : yes but sabu was like the leader of anons 17:42 pilgrim : he was in every chan 17:43 pilgrim : chan op of every chan he was like the father 17:43 pilgrim : that’s the meaning of his name 17:43 TX : lol 17:43 pilgrim : anonymousabu 17:43 pilgrim : sabu means father 17:43 pilgrim : in arab
|Some racist talk by TX removed|
17:43 pilgrim : so it’s like father of anonymous = anonymousabu
|Some racist talk by TX removed|
17:46 TX :http://www.slcricket.com/mother-lanka-21/sri-lanka-seeks-hackers-down-pro-tiger-website-10470/ 17:48 pilgrim : that news is 5 years old 17:48 pilgrim : why can’t you hack them? 17:48 pilgrim : you are good hackers 17:49 TX : yap… 17:49 TX : we did 17:49 pilgrim : how? 17:50 TX : zonta got arrested when he doing his A/L(18yers old)it was 2008 17:50 pilgrim : 2009 isn’t it 17:51 pilgrim : the news was 2009 17:51 TX : brb..sry…yap 2009 17:51 TX : my bad 17:51 pilgrim : y? 17:52 TX : we did massive attacks since 2011 to eealm web sites 17:52 pilgrim : and? 17:52 pilgrim : any luck? 17:53 TX : zonta n zer0 did so many things… 17:53 pilgrim : sri lanka isn’t famous for hacker is it 17:53 TX : and me 17:53 TX : yap… 17:53 pilgrim : are there any other sri lankan hackers like you? 17:54 TX :http://news.cnet.com/8301-1009_3-20099841-83/anonymous-claims-dns-attacks-against-symantec-apple-microsoft/ 17:55 pilgrim : wow cool stuff bro, who is that? 17:56 pilgrim : fb omg 17:56 TX : now u got who we are? (TX admits they are AnoynmousLK after giving the news link) 17:56 TX : actually this attack was failed 17:56 pilgrim : you mean you did that? 17:57 TX : not me..us 17:57 pilgrim : where is the hacked data? 17:57 TX : wait 17:57 TX : pastebin 17:57 pilgrim : can you give me the link? 17:57 pilgrim : of the data 17:58 TX :http://pastebin.com/u/AnonymousSriLanka 17:58 pilgrim : what did you mean it was a fail? 17:59 TX : hmmm,it should be secret 18:00 pilgrim : oh is it, you got doxed or police caught you again? 18:00 TX : anon has no admins… 18:00 TX : gov seeking us 18:00 TX : 😀 18:00 pilgrim : you are still attacking isn’t it 18:01 pilgrim : i see last dump is on march 16th 18:01 TX : nope..im out these days 18:02 pilgrim : why is that? 18:02 pilgrim :https://twitter.com/#!/search/Anonymouslk you? 18:03 TX : im seepy dude 18:04 TX : itz 11.59pm 18:05 pilgrim : oh it’s ok chap 18:05 TX : yap(TX accepting the Twitter account belongs to them) 18:05 pilgrim : awesome man 18:05 pilgrim : i’ll tell my anon friends too
This is a screen shot of TX talking with pilgrim (us) about, their failed attack on Channel 4 on April 30th, this chat took place before their attack, during mid April. There also TX accepts their DNS spoofing attack on Facebook and many other websites, as the CNET article.
TX accepts they are AnoynmousLK | Click to see more clearly
You still say you guys are not AnoymousLK TX? You mad bro? Stop threatening me, lol 😀 . The more you threaten me, the tighter the noose gets around you guys. Tango Down.
If you know about Anonymous hackers, the cyber anarchists, Sri Lanka is no exception with our own Anonymous Sri Lanka (@anonymouslk) hackers, they are famous for their DNS spoofing attacks on Facebook, Apple, Microsoft, Symantec and many more websites.
Credits :
This is not my own work but a team work that includes @ipv10, and @g2kev which I think are the best in the country in infosec work
The beginning of the investigation.
Today this begins a series of posts where I publish the results of a month long investigation in to finding AnonymousLK, we’re going to publish about the members of the AnonymousLK one by one.
Click to see the enlarged images, so they’ll be more clear.
There is nothing illegal regarding the information we’re publishing, all the data, pictures and everything are publicly accessible on the internet which can be found by a simple googling.
AnonymousLK is a team of 4 people :
HackerzMafia, the leader and the person most of the time behind Twitter which we’re going to root now.
Zonta
ZeroThunder
TX
On their Facebook profile picture they show an email address to contact them, the email address is anonymoussrilanka@gmail.com. Which is also the email address of their Facebook account.
The link between the emails.
The first thing we did was to reset the password of the email account, not to hack the account, but to get an idea of the associated contact info that is used to send the password reset code/link. When resetting anonymoussrilanka@gmail.com account you get something like this,
Password reset form for anonymoussrilanka@gmail.com
You can see the anonymoussrilanka@gmail.com account is linked with an email with 12 digits that begins with h and ends in an a. and a mobile phone number ending with 84.
Most people have written time and time again that Anonymouslk is a guy called Dr Sameera De Alwis, a failed wanna be tech guy who got screwed really bad. So we did a small googling about Dr Sameera De Alwis and we found an old post he made on a forum talking about his failed xaurora browser. Link to the post : http://www.skyscrapercity.com/showthread.php?p=21993769
There Sameera De Alwis is giving his contact information, note the email address : hackerzmafia@gmail.com. A 12 digit email address, that begins with a h and ends with a.
So we decided to check the associated contact information for the hackerzmafia@gmail.com email account, and it comes up like this,
reset password form for hackerzmafia@gmail.com
There you can also see that the email account is associated with a number ending with 84 same as the anonymoussrilanka@gmail.com email account. And in the picture showing Sameera De Alwis’s contact information there is another gmail account belonging to him, dr.sameera.de.alwis@gmail.com, so we decided to reset the password for that email account and this comes up,
Password reset form for dr.sameera.de.alwis@gmail.com
And the email account dr.sameera.de.alwis@gmail.com email account is also connected to a mobile number ending in 84. We can see that anonymoussrilanka@gmail.com, hackerzmafia@gmail.com, dr.sameera.de.alwis@gmail.com all these emails are connected to a mobile number ending in 84. So we can assume that all three email accounts are connected to the same mobile number. Which means the email anonymoussrilanka@gmail.com is created by non other than Sameera De Alwis himself also known as HackerzMafia.
Sameera De Alwis also owns a website called hackimpact.com,
We’ve censored the name because it belongs to a lawyer, probably Sameera’s lawyer, however if you see the contact number of the website owned by Sameera De Alwis (hackimpact.com) the number is : 077-2516084, well well well what have we here, a number ending with 84 that is on Sameera De Alwis’s website hackimpact.com, so we can assume that all the anonymoussrilanka@gmail.com, dr.sameera.de.alwis@gmail.com and hackerzmafia@gmail.com are linked with the number, 077-2516084.
The Typing style of AnonymousLK and Sameera De Alwis.
Both Anonymouslk and Sameera has a common typing style that you can see from time to time. For example,
See the underlines phrase..
See the phrase underlined red, “Freedom for all man kind on earth”, now where have we seen that before?
Sameera has used the very same phrase, “Freedom for all man kind on earth” on his online forum post, and “May peace prevail…” is another phrase that is being commonly used by Sameera, or should I say Anonymouslk 😉
Sameera De Alwis was a wanna be tech guy, who reversed engineered a popular browser and released it as his own, collecting money asking for further development of the browser, however people took notice of this and Sameera had to stop his browsing adventure, lost his job as the head of IT security at Maharaja INC and lost his job as a Lecturer of SLIIT.
So the final conclusion is that Sameera De Alwis started the AnonymousLK accounts and he also recruited the other hackers named Zonta, ZeroThunder and TX.
This is the reason for the change of language when tweeting, Sameera is the one tweeting with bad words while Zonta is the one who tweets normally.
Hiding your ip is not enough AnonymousLK, In prison the inmates will root you 😉 Tango Down.
n i cant access @
Outcast Life 