Web DefacementRoot.Dark.Team & Anonymous Web Defacement The Graffiti Parallels             Joey Hernandez CEH CISSP CISM
Background• Graffiti• Roll Call   – Structure• Web Defacement   – Roll Call   – Attribution                    Joey Hernan...
GraffitiGang Graffiti is typically used for one of thefollowing purposes:• Roll call: a list of gang members names     (us...
Roll Call SignificanceWhen Graffiti is left on a wall there are keyindications about the vandal presented:•   1 or 2 of th...
Attribution• The Matrix Of The Message & Roll Call Provides:   – The vandals significant ties       • Who includes the ind...
Web Defacements   The Parallels   Joey Hernandez CEH CISSP CISM
Web Defacement• hxxp://www.barriovivo.com•   @xllLinuxeroDeatllx•   @Mantr@x•   @AZ4TH0TH•   @Br4nd•   @Pr4X!•   @ThopJuli...
• hxxp://www.universinet.it•   @xllLinuxeroDeatllx•   @Mantr@x•   @AZ4TH0TH•   @Br4nd•   @Pr4X!•   @ThopJuliet(Cloud)•   @...
• hxxp://corpoces.edu.co/•   @xllLinuxeroDeatllx•   @Mantr@x•   @AZ4TH0TH•   @Br4nd•   @Pr4X!•   @ThopJuliet(Cloud)•   @Sh...
Roll Call Significance• In these cases @_Nitch, @NodSprut,  @H4K3R_RDT were the actual individuals tied  to the malicious ...
Attribution• The detrimental aspect to  “Anonymous”• Unfocused splinter  activity with unskilled  participants   – Joomla ...
Additional Attribution• The Pastebin.com hosted code  hxxp://pastebin.com/pEHf0E0u is so  replicated, the initial script c...
Conclusion• The parallels between modern web  defacement and graffiti are tight. The Baby  Hackers are going to be one of ...
Upcoming SlideShare
Loading in …5
×

Web Defacement Web Defacement The Graffiti Parallels - Root.Dark.Team & Anonymous

2,183 views

Published on

The parallels between modern web defacement and graffiti are tight. The Baby Hackers are going to be one of two things
The Demise of The Anonymous Hacktivity
Those involved with Root.Dark.Team will be discovered by organizations such as the Zetas, who they’ve threatened or the Governments who they’ve been a thorn in the side to.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,183
On SlideShare
0
From Embeds
0
Number of Embeds
44
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Web Defacement Web Defacement The Graffiti Parallels - Root.Dark.Team & Anonymous

  1. 1. Web DefacementRoot.Dark.Team & Anonymous Web Defacement The Graffiti Parallels Joey Hernandez CEH CISSP CISM
  2. 2. Background• Graffiti• Roll Call – Structure• Web Defacement – Roll Call – Attribution Joey Hernandez CEH CISSP CISM
  3. 3. GraffitiGang Graffiti is typically used for one of thefollowing purposes:• Roll call: a list of gang members names (usually nicknames)• Identification of alliances: lets other gangs know that two or more gangs have formed an alliance• Declare war: show which gangs are fighting• Tribute: to pay tribute to a dead member(s) or to warn that someone’s marked for death• Detectives follow the gang graffiti closely Key to the information gleaned from to get insight on what’s going on in the analysis of Gang Graffiti are the external gang world. They also photograph it for indicators which provide attribution. later reference and comparison 1 This information aides predictive analysis Joey Hernandez CEH CISSP CISM
  4. 4. Roll Call SignificanceWhen Graffiti is left on a wall there are keyindications about the vandal presented:• 1 or 2 of the first profiles “nicknames” tagged as part of the roll call are involved with the defacement. 1. This is typically the first 2 names of the roll call – the new blood• The additional names are “key” organizational players – The Individuals Who Call The Shots 1. This is the equivalent to name dropping 2. An effort to impress the “leadership”• There is often a claim to a bigger Small time organizations try to organization gain clout by tying themselves – A Top Tiered syndication – Smaller gangs attempt to affiliate with to more powerful organizations Latin Kings, Crips, Bloods Joey Hernandez CEH CISSP CISM
  5. 5. Attribution• The Matrix Of The Message & Roll Call Provides: – The vandals significant ties • Who includes the individual on their defacement? – The vandals methodology in location selection • Hidden Locations – Back Streets • Distant Locations – Other Cities, Neighborhoods • Significant Locations – City Hall, Police Stations, Government Facilities – The vandals message • Defacement Only • Suggestive Message – What’s left behind? Joey Hernandez CEH CISSP CISM
  6. 6. Web Defacements The Parallels Joey Hernandez CEH CISSP CISM
  7. 7. Web Defacement• hxxp://www.barriovivo.com• @xllLinuxeroDeatllx• @Mantr@x• @AZ4TH0TH• @Br4nd• @Pr4X!• @ThopJuliet(Cloud)• @Shell|Black• @Maximus Well• @_Nitch Joey Hernandez CEH CISSP CISM
  8. 8. • hxxp://www.universinet.it• @xllLinuxeroDeatllx• @Mantr@x• @AZ4TH0TH• @Br4nd• @Pr4X!• @ThopJuliet(Cloud)• @Shell|Black• @Maximus Well• @NodSprut Notice the common members throughout and with Joey Hernandez CEH CISSP CISM of defacement an additional each new instance
  9. 9. • hxxp://corpoces.edu.co/• @xllLinuxeroDeatllx• @Mantr@x• @AZ4TH0TH• @Br4nd• @Pr4X!• @ThopJuliet(Cloud)• @Shell|Black• @Maximus Well• @_Nitch• @H4K3R_RDT Joey Hernandez CEH CISSP CISM
  10. 10. Roll Call Significance• In these cases @_Nitch, @NodSprut, @H4K3R_RDT were the actual individuals tied to the malicious activity.• As with graffiti there is an effort to “name drop” the true hackers• @xllLinuxeroDeatllx - @//Mantr@x// - @<--AZ4TH0TH--> - @Br4nd// - @Pr4X!-z - @> - @Shell|Black - @>>Maximus Well<< - @_Nitch• Additionally, there are efforts to tie the organization to “Anonymous” Joey Hernandez CEH CISSP CISM
  11. 11. Attribution• The detrimental aspect to “Anonymous”• Unfocused splinter activity with unskilled participants – Joomla or Wordpress Exploits “ The equivalent to tagging in a low lit back alley” – Source Code revealed where others could download the script • “The equivalent to Source Code from one of the “Revealing Stash Houses” recent hacks revealed the actual user name Joey Hernandez CEH CISSP CISM
  12. 12. Additional Attribution• The Pastebin.com hosted code hxxp://pastebin.com/pEHf0E0u is so replicated, the initial script contains additional userid hidden (not so much) • Which ties to a flicker account • Which ties to a Lastfm account • Which ties to a twitter account • Which ties to ANONYMOUS followers Joey Hernandez CEH CISSP CISM
  13. 13. Conclusion• The parallels between modern web defacement and graffiti are tight. The Baby Hackers are going to be one of two things – The Demise of The Anonymous Hacktivity – Those involved with Root.Dark.Team will be discovered by organizations such as the Zetas, who they’ve threatened or the Governments who they’ve been a thorn in the side to. Joey Hernandez CEH CISSP CISM

×