Who Is This Anonymous ZonTa? ZonTa Unmasked.

Never stop your enemy while he is making a mistake

I had a different post dedicated for ZonTa which I was thinking publishing first, however I decided to rewrite the post because as the time went on more and more evidence came up about it. When I first published my post Rooting the Anonymous, ZonTa came to my blog commentingabout the post, actually he was the first to comment on the post.

ZonTa accepts Sameera is among AnonymousLK

This comment makes some interesting points, let me give it to you one by one.

  • ZonTa admits Sameera De Alwis tweets from AnonymousLK.
  • ZonTa says Sameera tweeted about the IRC channel that has no connection to them, although the chat records and screen shots clearly shows that the people in the IRC channel #srilankanz talk about AnonymousLK activities.
  • If you look at the comment made by ZonTa even a child can understand that this comment is made by the real ZonTa defending the IRC channel and to show that he has no connection with Sameera, did I anywhere in the post about Sameera have mentioned about the IRC channel? NO, so why is ZonTa panicking so much about the IRC channel?
  • And why no reply from ZonTa after us proving that people #srilankanz channel at irc.evilzone.orgadmitting that they are AnonymousLK?
  • If this is not the real ZonTa how can he say the #srilankanz channel was created 2-3 years ago?
Anyone can access the IRC channel and talk with ZonTa via : irc.lc/irc.evilzone.org/srilankanz (if ZonTa is there)

So ZonTa has no connection with AnonymousLK? I’ll let you decide after this post. But before that let me give you a small story that dates back before AnonymousLK. After the filed browser xAurora, hackerzmafia got together with ZonTa who was arrested same year, and ZeroThunder to from hackimpact.com which was another epic fail as xAurora. Remember this for now, I’ll come to this point tater.

I have to say that it’s not just their Tweet that had the irc link to the #Srilankan channel, even in the Facebook profile picture from their begging they had the irc link to the #srilankanz channel. So if ZonTa say his irc channel #srilankanz has no connection with AnonymousLK why is AnonymousLK show a link to the irc for nearly one year?

Click to see the large photo

AnonymousLK tweet their IRC

So if we go to the AnonymousLK irc channel #srilankanz at irc.evilzone.org, a simple irc command is all you need to see who created the IRC channel, /msg chanserv info #srilankanz. Which gives a result like this,

ZonTa created the #srilankanz channel

This clearly shows that the IRC channel #srilankanz was created by a person named ZonTa back in 2010, which exactly mach the dates of the comment. Coincidence? You decide 😉

As you saw in the post with the chat records, we’ve been to their AnonymousLK IRC channel, and when you see the “whois” information of ZonTa (“/whois zonta” if he is online), the whois information for ZonTa is,

Whois information for ZonTa

As you can see there is a domain name associated with ZonTa, zt-security.com. zt-security.com was hacking forum that was run by ZonTa until 2011, every domain name has a registration information that the person owning the domain name has to give before buying a domain name, you can hide this information if you want, which unfortunately ZonTa didn’t or forgot to hide.

Whois information for zt-security.com : http://whois.gwebtools.com/zt-security.com

So we have a name and an address belonging to ZonTa, which the name is Shalika Ranatunga, and an address leading to Mirigama area. If you are familiar with the hacking incidents in Sri Lanka, the most famous hacking incident was the hacking of the Western Provincial Council Website which was back in 2009, which was done by a hacker naming ZonTa, he didn’t hide his IP and got arrested.

News article about ZonTa’s arrest : http://sundaytimes.lk/cms/article2.php?id=3784,

There is a small typing mistake in the article where the name should be Shalika Gayeshan, not Shantha Gayesha.

A student who is alleged to have hacked into the Western Provincial Council website was produced in courts today and given bail of Rs. one million by Colombo Chief Magistrate, Nishantha Hapuarachchi.

Shantha Gayesha Ranatunga from a leading school in Mirigama is alleged to have distorted facts between the Chief Minister and the Governor of the Western Province and in the process disturbed the functions of the site, the court was informed.

So is this coincident, both the WPC hacking ZonTa and IRC channel creator of ZonTa both having the same name and address, coincidence? 😉 you decide.

More articles showing ZonTa did the hack on WPC website :

Hacker Busted in Sri Lanka ( Real Story ) – ElaKiri

Community Lokuma Boruwa … ( Sri Lankan Hacker ) – ElaKiri Community

So now that we have a name on ZonTa, Shalika Gayeshan Ranatunga, googling the name will give all the information for everyone to see who’s ZonTa. I’m not going to post his social networking profiles, because I don’t think it’s not a good thing for him, he was convicted before and getting caught for hacking for second time means there is no way out for him except jail.

And I won’t put where he’s working, because I don’t like to see him lose his job, I’m not the bad guy like they’re so hard trying to be, ZonTa aka Shalika Ranatunga is responsible the of network security in a leading Sri Lankan mobile company.

However I’m going to give one profile of Shalika Ranatunga, his linked in profile. This nails the coffin on the mysterious ZonTa and shows the connection with ZonTa and Sameera.

ZonTa’s (Shalika Ranatunga’s LinkedIn Profile) : http://lk.linkedin.com/pub/shalika-ranathunga/23/25/72a

Go to the LinkedIn profile and see what’s the “Business Website” of Shalika, guess what it’s hackimpact.com, which is owned by the Sameera De Alwis as we’ve shown the person who create AnonymousLK, ZonTa, Zer0Tunder and Sameera started hackimpact.com, can’t believe it? Check out the video below.

ZonTa also has a Fiverr profile which he uses the username BugFree, where he shows off his black hat capabilities to make money, he used to tweet all these things on Twitter, after we published the first post about Sameera, ZonTa was quick to delete all the tweets, but he didn’t delete his “Fiverr gigs”.

Fiverr.com/bugfree

In an epic fail today, AnonymousLK tweeted this, admitting that ZonTa is their IRC friend, actually he’s not just a friend but the guy who created your IRC channel.

Anonymous admits ZonTa is their friend

That put a wrap to this mystery about who is ZonTa and completes the whole picture about AnonymousLK, anymore things I need to prove?

It’s epic that someone has commented on the Elakiri article about your arrest,

If you’re a good hacker everybody knows about you, if you are a great hacker nobody knows about you.

What now AnonymousLK, more denial? more running from truth? more screwed up theories with no facts? Still say ZonTa is not your friend?

Don’t say ZonTa and everyone are in my team, I don’t work with black hats. Hope this post refresh your memory ZonTa. Tango Down.

When are you going to hack my email Shalika? 😉 

Personal note :

Me and ipv10 were talking about ZonTa last night, most Sri Lankan hackers think that ZonTa is the best hacker in the country, which he is not. He thinks he is a good hacker which he is not, obviously he’s no more than a n00bs. Our guess was that he never expected someone from Sri Lanka will out smart them. Me and ipv10 has been in the infosec field more than you ZonTa, G2kev just stated his infosec work but is younger than you can’t even imagine.

And I’m not a hacker, I’m just a guy who does infosec work as a hobby. I’m Razor or anyone you say I am. So no more hiding ZonTa, no more false tweets. Admit it, we gotcha 😉

I think Shalika has some addiction for hacking, or else who else continue this work even after being arrested?

UPDATES : 

Update 1 :

Due to misunderstanding of some people i need explain that @g2kev is not G2 Gayan and has no connection with G2Labs of G2 Gayan. It just happens to be @g2kev‘s twitter username begins with G2, everything in this op was done by me, ipv10 and g2kev with no support from external sources. I hope this clears things out if people have any doubts. More posts to come, all in good times.

Update 2 : 

We found the deleted tweets of ZonTa asking to check website security on Fiverr, all these tweets were deleted after we posted the first post about Sameera.

Full set of tweets here : http://topsy.com/s?type=tweet&q=from%3Ashalika 

UPDATE 3 :

After a series of posts about AnonymousLK hackers their Twitter account has become private.

I

6 thoughts on “Who Is This Anonymous ZonTa? ZonTa Unmasked.

    • Lahiru, it’s a shame for the whole country, if you google AnonymousLK and read some of the articles like the article from CNET, you can see the disgrace they’ve brought to the country.

      what’s worse is that he’s continuing to do these bad work while working for a leading mobile service provider.

  1. Pingback: AnonymousLK, Case Closed? | Outcast Life

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s