Who Hacked Mahamevnawa? Who Are The Algerian DZ Hackers? All Explained

If you don’t know already, the popular Buddhist website Mahamevnawa (Mahamevnawa.lk) was hacked and defaced by a group of Algerian Hackers calling themselves H4ck Dz Team. You can read the gossip9 article about the hack here (unfortunately I couldn’t find an English version of the news)

Because, this is an attack against an innocent but popular website in Sri Lanka we decided to look in to it to see who these people are. If you don’t know who these people are just Google the term “H4ck Dz Team”and you will see the hacks and the defacements they’ve done in the past.

So I’m going to tell you what I found,

I went through the comments of the Gossip9 article, on the comments someone has found and posted a link to “H4ck Dz Team” hackers’ Facebook page : https://www.facebook.com/H4ck.Dz.Team

Then looking at the search results of the “H4ck Dz Team” and going through the defacements you can see that he used to call himself “nO lov3” as well as “H4ck Dz Team”. And in some of the defacements there is an email address for contacting “H4ck Dz Team” : nolove49@gmail.com.

If you look at Facebook the email address nolove49@gmail.com is used to register a Facebook profile : https://www.facebook.com/soufain.dz.

But obviously this can’t be a real profile. So I looked on and found some few things which I won’t say what right now, but then I came to a dead end.

So I showed what I found to my good friend which I call him “V”, and he somehow found and gave me the website of H4ck Dz Team” : http://dz-team.biz.

DZ-Team.biz is a hacking forum that is being run by H4ck Dz Team“, looking at the whois info of dz-tam.biz won’t give that much info. But if you reverse ip the dz-team.biz you can see that only 7 websites are hosted on the ip that has dz-team.biz : http://www.ewhois.com/dz-team.biz/

They are,

dz-team.biz
al-daa.com
dz-mafia.net
atddz.com
rahahbb.com
mahdiadz.com
2algeria.org

dz-team.biz and dz-mafia.net belongs to the H4ck Dz Team Hackers. But because so little amount of websites are hosted at this IP and all of these websites being Algerian there is a stong possibility that all these websites are hosted under the same account.

Now, because the hackers that we are looking for are Algerian I first checked the 2algeria.org website. The website uses Adsense and Google Analytics. The same Google Analytics ID and Adsence ID is being used on 3 websites. Which means the 3 websites use the same Google account for Google Analytics and Google Adsence.

There can be more websites using the same Google Analytics and Google Adsence ID.

The Google Analytics ID is : UA-3582164
The Google Adsence ID is : pub-7586127814300842

The 3 websites using the same Analytics and Adsence IDs are :

2algeria.com
2algeria.org
DZWORLD.INFO

The same person who owns the DZWORLD.INFO also owns DZWORLD.NET and DZWORLD.ORG. So many DZs repeating over and over again and belonging to the same person, is this a coincidence?

Because DZWORLD.INFO and 2Algeria.org uses same Google account for Analytics, they should belong to the same person although their whois information are different.

So if you look at the 2Algeria.org who is info it looks like this,

So khadir ben youcef owns DZWORLD.ORG, DZWORLD.NET and DZWORLD.INFO. If you look at the websites that are hosted at the ip of dz-team.biz all the websites other than dz-team.biz and dz-mafia.net are registered under the same name khadir ben youcef or has some connection to that name.

Looking at the email you will find so many domains registered under the name and the email : khadir ben youcef ,khadir_khadda@hotmail.com.

I found nearly 20 domains registered under the same name and email, there can be more.

The email : khadir_khadda@hotmail.com is used to register the https://www.facebook.com/benyoucef.khadir

Googling khadir ben youcef you will find this Facebook profile : https://www.facebook.com/khadda

The email khadir_khadda@hotmail.com, which is used to register all the domains appear in his contact information of that Facebook profile (https://www.facebook.com/khadda) , and khadir ben youcef also lives in Algeria the same country where DZ Hackers are from.

Looking at the LinkedIn profile of khadir ben youcef you can see that his occupation is Information Technology and Services so he has the technical knowledge to do such hacking.

So looking at all these things we can come to a conclusion that khadir ben youcef is Hack DZ team member of n0 l0ve hacker, and according to @ipv10, this https://www.facebook.com/khadda is also a fake profile and the real people behind it are the so called “brothers” of the https://www.facebook.com/khadda Facebook profile, which is also a possibility because there are no photos of that person in real life.

So the final conclusion

So the final conclusion is that H4ck Dz Team consist of,

Ben Youcef Khadir aka khadir ben youcef

Facebook : https://www.facebook.com/khadda
Twitter : @dzworld
Gmail : khadirbenyoucef@gmail.com
Skype : khadir_khadda
Live mail : khadir_khadda@hotmail.com

Yakoub Khadir

 

 

 

 

 

 

 

 

Facebook : https://www.facebook.com/yakoub.khadir
Google Plus : https://plus.google.com/104249732338023001842/about

On his Facebook profile and Google + profile he lists 2algeria.org as his website. Which is registered under the name of khadir ben youcef.

Khadir Kamel

 

 

 

 

 

 

Facebook : https://www.facebook.com/CaPiTaiNeDz
Twitter : twitter.com/CaPiTaiNeDz

In his Facebook profile cover picture says his website is dziso.com,  that website too is registered under the name of Ben Youcef Khadir aka khadir ben youcef.

 

 

 

 

 

 

 

 

And also in his Facebook profile it says that his email is khadirdz@gmail.com however the Facebook profile that is registered under that email is a female profile called “Jojo Imily” (https://www.facebook.com/profile.php?id=100002768720690)

I think nearly 100 domain names (both active and inactive) are shared between these 3 and registered under different email address. A typical thing for hackers who use stolen credit card information to register domains on the internet.

Some of the emails that they’ve used to register domain names include,

elchoroukhost.net@gmail.com
cyberbellia@gmail.com
algerie@hotmail.com.tr

Advertisements

Why People Need To Stay Away From Cyber-Vigilantes.

Yesterday I came across this post “We don’t need cyber-vigilante justice“, which is must read for people who want to become hackers or cyber-vigilantes and why people shouldn’t be like that. Being a cyber vigilante to show that you are a l33t hacker is one not good idea, but joining and making partnerships with equally not a food idea.

One way or another, all these cyber vigilantes are criminals, just like our ordinary day-to-day criminals but these people live online. However the unfortunate thing is these vigilantes gather followers, and these followers try to make their own way towards e-fame either by hacking of helping these vigilantes of their work. I guess it’s not like a gang but like a cult.

Anonymous has their own set of followers, LulzSec had their own followers, Jester has his own set of loyal fans. May be these vigilantes like this e-fame, anyway most of these followers are ordinary hackers or, just another scrip kiddies. When they follow these vigilantes and try to show they are also l33t, the end result is them making more havoc by hacking  websites, disrupting services and posting personal information on the internet and in the end getting caught.

If you look at Anonymous, they grew up to a point where Anonymous became a cancer to the internet, some of these Anonymous were elite hackers hacking big websites. Anonymous became famous and later Anonymous gathered followers that were no more than script kiddies that started hacking, defacing every small website that comes in their way.

Finally what happened is that most of the top members of the Anonymous got arrested and, most of the followers inevitably got arrested or either got their personal information exposed or posted on the internet. Even we had our own AnonymousLK and we had the utmost pleasure of exposing them.

It’s not just Anonymous and LulzSec, even people who are supporting the so-called “patriotic” hacker Jester has also suffered when their personal information published on the internet, and recently the websites that Jester supports like the Wounded Warrior Project was also brought down, and personal information of LeRes was published online by the UGNazi hackers who are against Jester.

The best thing is not to take sides, not to support people like Anonymous, and people like Jester who is “hacktivist for good”. There is no such thing as hacktivist for good. It’s illegal and there is no difference between Anonymous type hackers. Helping cyber vigilantes is same as helping everyday crooks, you never know when you’ll get in to trouble thanks to them.

So people need to think twice about becoming online vigilantes or taking their sides. Not only the people who are being targeted by the vigilantes are affected, but also people who take sides are also affected in the cat fights between hacktivists. Stay safe.

“The law of celestial mechanics dictate that when two objects collide there is always damage of a collateral nature”

AnonymousLK, Case Closed?

If you were reading the series of posts about AnonymousLK, we said that AnonymousLK is comprised of 4 hackers.

However we never posted any info about TX and Zer0 Thunder, therefore I think it’s good to add a short note about why we never posted information about these two.

After making the posts about HackerzMafia and ZonTa, @ipv10 went on to the IRC channel of AnonymousLK few weeks ago (irc.evilzone.org #srilankanz), where she talked with TX who once threatened us commenting on this blog.

By that time we’ve found almost all the information about TX and Zer0 Thunder and it was about whether we should post them or not. @ipv10 told TX what we’ve found about him and he admitted that it is him and he kindly asked not to post about him.

Because he was kind enough to admit his identity and told about his story and given us references to confirm his identity we decided not to post about him.

Same can be said about Zer0 Thunder, although he wasn’t ready to accept his identity. Finding Zer0 Thunder was the best part, it was hard to find loose ends. until we found out that we can get an email from hackimpact.com the website that Sameera (HackerzMafia) and Shalika (ZonTa) and Zer0 Thunder created, the email has the name of Zer0 Thunder in it.

Any one can get this email address by registering at hackimpact.com which is now hidden from the website and from Google by robot.txt.

UPDATE :

I just found this status from AnonymousLK today. The image shows them say that they have set up their IRC channel at irc.evilzone.org at #srilankanz.

If you look at the date you can see that the Tweet was made in August 22, 2011. And if you look at the date that AnonymousLK joined Twitter it’s August 19, 2011. So this further proves us right that the IRC channel was indeed used by AnonymousLK from the beginning.

We expected you, nothing happened.

The End?

Sri Lankan ISPs Block Access To Piratebay and Pastebin.

Looks like Sri Lankan Internet Service Providers are blocking access to popular torrent tacking website The Pirate Bay (thepiratebay) and popular code sharing website pastebin.com.

The Sri Lanka Telecon has blocked access to Pastebin and The Pirate Bay for two days/ The Indian ISP AirTel has blocked access to torrent websites like The Pirate Bay and Torrents.eu for few weeks now.

It’s not sure why Sri Lanka Telecom is blocking access to patebin, however looks like not all Sri Lanka Telecom subscribers are affected, according to some pastbin is still accessible and takes a very long time for the page to come up. Pastebin is a website designed for code sharing, however now it’s widely being used by the Anonymous hackers  as a place to post their hacked data. So is Sri Lanka Telecom blocking access to pastebin because Anonymous hackers posting hacked information? There is no any other reason than that to block pastebin.

Looks like The Pirate Bay is also being blocked by Sri Lanka Telecom, the real reason for this is still unknown, there has been no press release or anything like that. Sri Lankan Telecom might be blocking Piratebay because of piracy issues, and people must not forget that Piratebay is also a place where Anonymous hackers release their hacked information.

@CrazyNalin @RukshanR @tpb TPB is banned from Airtel too. torrents . eu and some more too. Many people are having difficulties in accessing
— Madhu (@ipv10) May 20, 2012

However for non Sri Lankan Telecom subscribers pastebin and The Pirate Bay (for non AriTel subscribers) is still freely accessible.

Did Sri Lankan Telecom block patebin because of Anonymous hackers? I’ll update this post as I find more information.

However, if you know the ways it’s pretty much easy to bypass these blocks by using proxies, VPN, or my favorite TOR. Meanwhile in Pakistan Twitter has been blocked by the Pakistani Telecommunication Authority, looks like today is a sad day for freedom on the internet.

Who Is This Anonymous ZonTa? ZonTa Unmasked.

Never stop your enemy while he is making a mistake

I had a different post dedicated for ZonTa which I was thinking publishing first, however I decided to rewrite the post because as the time went on more and more evidence came up about it. When I first published my post Rooting the Anonymous, ZonTa came to my blog commentingabout the post, actually he was the first to comment on the post.

ZonTa accepts Sameera is among AnonymousLK

This comment makes some interesting points, let me give it to you one by one.

  • ZonTa admits Sameera De Alwis tweets from AnonymousLK.
  • ZonTa says Sameera tweeted about the IRC channel that has no connection to them, although the chat records and screen shots clearly shows that the people in the IRC channel #srilankanz talk about AnonymousLK activities.
  • If you look at the comment made by ZonTa even a child can understand that this comment is made by the real ZonTa defending the IRC channel and to show that he has no connection with Sameera, did I anywhere in the post about Sameera have mentioned about the IRC channel? NO, so why is ZonTa panicking so much about the IRC channel?
  • And why no reply from ZonTa after us proving that people #srilankanz channel at irc.evilzone.orgadmitting that they are AnonymousLK?
  • If this is not the real ZonTa how can he say the #srilankanz channel was created 2-3 years ago?
Anyone can access the IRC channel and talk with ZonTa via : irc.lc/irc.evilzone.org/srilankanz (if ZonTa is there)

So ZonTa has no connection with AnonymousLK? I’ll let you decide after this post. But before that let me give you a small story that dates back before AnonymousLK. After the filed browser xAurora, hackerzmafia got together with ZonTa who was arrested same year, and ZeroThunder to from hackimpact.com which was another epic fail as xAurora. Remember this for now, I’ll come to this point tater.

I have to say that it’s not just their Tweet that had the irc link to the #Srilankan channel, even in the Facebook profile picture from their begging they had the irc link to the #srilankanz channel. So if ZonTa say his irc channel #srilankanz has no connection with AnonymousLK why is AnonymousLK show a link to the irc for nearly one year?

Click to see the large photo

AnonymousLK tweet their IRC

So if we go to the AnonymousLK irc channel #srilankanz at irc.evilzone.org, a simple irc command is all you need to see who created the IRC channel, /msg chanserv info #srilankanz. Which gives a result like this,

ZonTa created the #srilankanz channel

This clearly shows that the IRC channel #srilankanz was created by a person named ZonTa back in 2010, which exactly mach the dates of the comment. Coincidence? You decide 😉

As you saw in the post with the chat records, we’ve been to their AnonymousLK IRC channel, and when you see the “whois” information of ZonTa (“/whois zonta” if he is online), the whois information for ZonTa is,

Whois information for ZonTa

As you can see there is a domain name associated with ZonTa, zt-security.com. zt-security.com was hacking forum that was run by ZonTa until 2011, every domain name has a registration information that the person owning the domain name has to give before buying a domain name, you can hide this information if you want, which unfortunately ZonTa didn’t or forgot to hide.

Whois information for zt-security.com : http://whois.gwebtools.com/zt-security.com

So we have a name and an address belonging to ZonTa, which the name is Shalika Ranatunga, and an address leading to Mirigama area. If you are familiar with the hacking incidents in Sri Lanka, the most famous hacking incident was the hacking of the Western Provincial Council Website which was back in 2009, which was done by a hacker naming ZonTa, he didn’t hide his IP and got arrested.

News article about ZonTa’s arrest : http://sundaytimes.lk/cms/article2.php?id=3784,

There is a small typing mistake in the article where the name should be Shalika Gayeshan, not Shantha Gayesha.

A student who is alleged to have hacked into the Western Provincial Council website was produced in courts today and given bail of Rs. one million by Colombo Chief Magistrate, Nishantha Hapuarachchi.

Shantha Gayesha Ranatunga from a leading school in Mirigama is alleged to have distorted facts between the Chief Minister and the Governor of the Western Province and in the process disturbed the functions of the site, the court was informed.

So is this coincident, both the WPC hacking ZonTa and IRC channel creator of ZonTa both having the same name and address, coincidence? 😉 you decide.

More articles showing ZonTa did the hack on WPC website :

Hacker Busted in Sri Lanka ( Real Story ) – ElaKiri

Community Lokuma Boruwa … ( Sri Lankan Hacker ) – ElaKiri Community

So now that we have a name on ZonTa, Shalika Gayeshan Ranatunga, googling the name will give all the information for everyone to see who’s ZonTa. I’m not going to post his social networking profiles, because I don’t think it’s not a good thing for him, he was convicted before and getting caught for hacking for second time means there is no way out for him except jail.

And I won’t put where he’s working, because I don’t like to see him lose his job, I’m not the bad guy like they’re so hard trying to be, ZonTa aka Shalika Ranatunga is responsible the of network security in a leading Sri Lankan mobile company.

However I’m going to give one profile of Shalika Ranatunga, his linked in profile. This nails the coffin on the mysterious ZonTa and shows the connection with ZonTa and Sameera.

ZonTa’s (Shalika Ranatunga’s LinkedIn Profile) : http://lk.linkedin.com/pub/shalika-ranathunga/23/25/72a

Go to the LinkedIn profile and see what’s the “Business Website” of Shalika, guess what it’s hackimpact.com, which is owned by the Sameera De Alwis as we’ve shown the person who create AnonymousLK, ZonTa, Zer0Tunder and Sameera started hackimpact.com, can’t believe it? Check out the video below.

ZonTa also has a Fiverr profile which he uses the username BugFree, where he shows off his black hat capabilities to make money, he used to tweet all these things on Twitter, after we published the first post about Sameera, ZonTa was quick to delete all the tweets, but he didn’t delete his “Fiverr gigs”.

Fiverr.com/bugfree

In an epic fail today, AnonymousLK tweeted this, admitting that ZonTa is their IRC friend, actually he’s not just a friend but the guy who created your IRC channel.

Anonymous admits ZonTa is their friend

That put a wrap to this mystery about who is ZonTa and completes the whole picture about AnonymousLK, anymore things I need to prove?

It’s epic that someone has commented on the Elakiri article about your arrest,

If you’re a good hacker everybody knows about you, if you are a great hacker nobody knows about you.

What now AnonymousLK, more denial? more running from truth? more screwed up theories with no facts? Still say ZonTa is not your friend?

Don’t say ZonTa and everyone are in my team, I don’t work with black hats. Hope this post refresh your memory ZonTa. Tango Down.

When are you going to hack my email Shalika? 😉 

Personal note :

Me and ipv10 were talking about ZonTa last night, most Sri Lankan hackers think that ZonTa is the best hacker in the country, which he is not. He thinks he is a good hacker which he is not, obviously he’s no more than a n00bs. Our guess was that he never expected someone from Sri Lanka will out smart them. Me and ipv10 has been in the infosec field more than you ZonTa, G2kev just stated his infosec work but is younger than you can’t even imagine.

And I’m not a hacker, I’m just a guy who does infosec work as a hobby. I’m Razor or anyone you say I am. So no more hiding ZonTa, no more false tweets. Admit it, we gotcha 😉

I think Shalika has some addiction for hacking, or else who else continue this work even after being arrested?

UPDATES : 

Update 1 :

Due to misunderstanding of some people i need explain that @g2kev is not G2 Gayan and has no connection with G2Labs of G2 Gayan. It just happens to be @g2kev‘s twitter username begins with G2, everything in this op was done by me, ipv10 and g2kev with no support from external sources. I hope this clears things out if people have any doubts. More posts to come, all in good times.

Update 2 : 

We found the deleted tweets of ZonTa asking to check website security on Fiverr, all these tweets were deleted after we posted the first post about Sameera.

Full set of tweets here : http://topsy.com/s?type=tweet&q=from%3Ashalika 

UPDATE 3 :

After a series of posts about AnonymousLK hackers their Twitter account has become private.

I

When You Are In Deep Shit, You Keep Your Mouth Shut.

Today was an exciting day for all of us, in today’s ‘heated’ argument with AnonymousLK, I learnt a valuable lesson. “When you are in deep shit, you keep your mouth shut, you know what happen if not”

I also suggest you reading our previous two posts if you don’t are new to this story. Click on the images to see more clearly.

  1. Rooting Anonymous Part 1
  2. TX Says They Are Not AnonymousLK, TX You Mad Bro?

This is a lesson AnonymousLK doesn’t seem to learn, the more they tweet the more they prove us we’re right and self doxing them. TX yesterday said that he is going to open the gates of hell upon me, which I did on him today. After all that drama I decided to add this special post before the next post about AnonymousLK members.

The first reply of AnonymousLK for our yesterday’s post was, all the information we published is false, but they never gave any evidence to prove we’re wrong, when all the evidence are there to prove that we’re right. In the post we proved that AnonymouosLK was started by Sameera De Alwis.

For that AnonymousLK replied with this, 

AnonymousLK said they used Dr Sameera De Alwis’s identity. Which is false because you need to enter a verifying code to connect a mobile phone number to an email account.

Then AnonymousLK replied with this, 

AnonymousLK say they used Sameera De Alwis’s information, then say they are trying to save him, Whoa, what?

Then they went on to say this,

Whoa what? You kidding me, how come AnonymousLK know that hackerzmafia@gmail.com email account was created on 2001? this is a thing only Sameera knows,  Self doxing buddy? Facepalm 😉 Oh, BTW Gmail never existed back in 2001, Facepalm again 😉

Then this,

CID called Zonta, really? How come AnonymousLK know that CID calling Zonta, Zonta at your place AnonymousLK? And this goes to prove is a member of AnonymousLK. Self doxing. 😉

Then this, which amuses me the most,

OK, if I published false info then prove me wrong, and if I published false info and TX  goes to police then TX has to prove that he is TX, which will be very much amusing to see, seriously TX and AnonymousLK how are you going to prove you are TX? TX going to self dox himself in-front of the police? I’m looking forward to that.

Then this, 

OK then again AnonymousLK saying they have contact with Zonta, which proves us right again, that Zonta is a member of AnonymousLK. Self doxing again.  Facepalm 😉

Then this,

OH really, I use two-way authentication so you can never enter my emails, Facepalm. And I hope zonta don’t wanna go to prison again for hacking 😉 the food they serve at prison is pretty bad 😉

This just made me lol hard it made me cry,

Same goes here, if Zero, TX goes to police they have to prove themselves that they are Zero and TX, how are you going to prove that you are TX and Zero? and it’ll be very amusing to watch, because it’ll be self doxing.

And BTW for all the hacking Zer0 Thunder has done, it’ll be him not me that’ll end up in jail. Anymore self doxing guys?

When you are in deep shit keep your mouth shut.. You know what will happen if not. 😀 Tango Down.

Update : 

I just remembered a comment that ZonTa has posted on my previous post, which we can also come to some interesting conclusions. See the text underlined in text? Click to see it more clearly.

ZonTa accepts Sameera is among AnonymousLK

  • ZonTa admits Sameera is among AnonymousLK
  • How can ZonTa know that Sameera tweeted the link to their IRC without me talking a word about the tweet?
  • And how come the chat logs show that #srilankanz channel is the channel of AnonymousLK? Which is the opposite of what he is saying.
  • And as in the above screenshots why can’t AnonymousLK contact ZonTa and ask why Zonta said Sameera is behind AnonymousLK?

I guess this is what happens when n00bs try to hack, and no coordination between the group. When I type my left and knows what my right hand is typing, looks like it’s not the same with you.

Rooting The Anonymous : Part 1

If you know about Anonymous hackers, the cyber anarchists, Sri Lanka is no exception with our own Anonymous Sri Lanka (@anonymouslk) hackers, they are famous for their DNS spoofing attacks on Facebook, Apple, Microsoft,  Symantec and many more websites.

Credits :

This is not my own work but a team work that includes @ipv10, and @g2kev which I think are the best in the country in infosec work

The beginning of the investigation.

Today this begins a series of posts where I publish the results of a month long investigation in to finding AnonymousLK, we’re going to publish about the members of the AnonymousLK one by one.

Click to see the enlarged images, so they’ll be more clear.

There is nothing illegal regarding the information we’re publishing, all the data, pictures and everything are publicly accessible on the internet which can be found by a simple googling.

AnonymousLK is a team of 4 people :

  • HackerzMafia, the leader and the person most of the time behind Twitter which we’re going to root now.
  • Zonta
  • ZeroThunder
  • TX

On their Facebook  profile picture they show an email address to contact them, the email address is anonymoussrilanka@gmail.com. Which is also the email address of their Facebook account.

The link between the emails.

The first thing we did was to reset the password of the email account, not to hack the account, but to get an idea of the associated contact info that is used to send the password reset code/link. When resetting anonymoussrilanka@gmail.com account you get something like this,

Password reset form for anonymoussrilanka@gmail.com

You can see the anonymoussrilanka@gmail.com account is linked with an email with 12 digits that begins with h and ends in an a. and a mobile phone number ending with 84.

Most people have written time and time again that Anonymouslk is a guy called Dr Sameera De Alwis, a failed wanna be tech guy who got screwed really bad. So we did a small googling about Dr Sameera De Alwis and we found an old post he made on a forum talking about his failed xaurora browser. Link  to the post : http://www.skyscrapercity.com/showthread.php?p=21993769

There Sameera De Alwis is giving his contact information, note the email address : hackerzmafia@gmail.com. A 12 digit email address, that begins with a and ends with a. 

So we decided to check the associated contact information for the hackerzmafia@gmail.com email account, and it comes up like this,

reset password form for hackerzmafia@gmail.com

There you can also see that the email account is associated with a number ending with 84 same as the anonymoussrilanka@gmail.com email account. And in the picture showing Sameera De Alwis’s contact information there is another gmail account belonging to him, dr.sameera.de.alwis@gmail.com, so we decided to reset the password for that email account and this comes up,

Password reset form for dr.sameera.de.alwis@gmail.com

And the email account dr.sameera.de.alwis@gmail.com email account is also connected to a mobile number ending in 84. We can see that anonymoussrilanka@gmail.com, hackerzmafia@gmail.com, dr.sameera.de.alwis@gmail.com all these emails are connected to a mobile number ending in 84. So we can assume that all three email accounts are connected to the same mobile number. Which means the email anonymoussrilanka@gmail.com is created by non other than Sameera De Alwis himself also known as HackerzMafia.

Sameera De Alwis also owns a website called hackimpact.com,

If you go to the contact page of hackimpact.com you’ll get something like this.

http://hackimpact.com/contact-us | Click to see clearly

We’ve censored the name because it belongs to a lawyer, probably Sameera’s lawyer, however if you see the contact number of the website owned by Sameera De Alwis (hackimpact.com) the number is : 077-2516084, well well well what have we here, a number ending with 84 that is on Sameera De Alwis’s website hackimpact.com, so we can assume that all the anonymoussrilanka@gmail.com, dr.sameera.de.alwis@gmail.com and hackerzmafia@gmail.com are linked with the number, 077-2516084.

The Typing style of AnonymousLK and Sameera De Alwis.

Both Anonymouslk and Sameera has a common typing style that you can see from time to time. For example,

See the underlines phrase..

See the phrase underlined red, “Freedom for all man kind on earth”, now where have we seen that before?

Sameera has used the very same phrase, “Freedom for all man kind on earth” on his online forum post, and  “May peace prevail…” is another phrase that is being commonly used by Sameera, or should I say Anonymouslk 😉

This was taken from an old blog post made by Sameera De Alwis,

Sameera has used the exact phrase again.

Who is Sameera De Alwis?

The guy who created AnonymousLK, Sameera De Alwis

Sameera De Alwis was a wanna be tech guy, who reversed engineered a popular browser and released it as his own, collecting money asking for further development of the browser, however people took notice of this and Sameera had to stop his browsing adventure, lost his job as the head of IT security at Maharaja INC and lost his job as a Lecturer of SLIIT.

This article gives all the infomation about the life of Saeera De Alwis : http://sameeradealwis.wordpress.com/2009/06/16/dr-sameera-de-alwis-can-be-trusted/

Sameera’s Hi5 profile where he posted photos of his dead mother and her ashes : http://www.hi5.com/hackerzmafia 

A letter written by Dr Sameera De Alwis after the truth about xAurora browser was exposed : english.kalingasblog.com/2008/10/xaurora-the-fake-web-browser

xAurora getting caught of being a fake browser : http://forum.maxthon.com/viewthread.php?tid=74416&extra=&page=1

XAurora Browser Blog : xaurora.wordpress.com

Final conclusion

So the final conclusion is that Sameera De Alwis started the AnonymousLK accounts and he also recruited the other hackers named Zonta, ZeroThunder and TX.

This is the reason for the change of language when tweeting, Sameera is the one tweeting with bad words while Zonta is the one who tweets normally.

Hiding your ip is not enough  AnonymousLK, In prison the inmates will root you 😉 Tango Down.

External links :

Sameera De Alwis’s dotnet forum profile – HackerzMafia : dotnetforum.lk/forums/p/10216/35030.aspx