I have taken the liberty of exposing your gaping hole, and hope in doing so that I’ve given your balls a good twist. As you are a group of self-aggrandizing tw*ts, I have also contacted the media to ensure that this incident gets the coverage it deserves.
In cracking this site, I have sent specially crafted requests to the server with my browser ID spoofed to that of an iPad. Please know that while this was not instrumental in this wondrous crack, it _WAS_ poetic in many ways. I also gave Goatsec the same warning that they gave AT&T… none at all, to patch their gaping hole.
User Accounts have been deleted, and passwords changed.
AAAAAAAAAAAAAAAAAAAAAAND THE PREVIOUS ADMIN PASSWORD IS… T2!p*uje7ru*
Props to: The FBI, OseK, MadMax, mre|666, Scratch (Isuki), Sigdie, anyone who knows what Sigdie is, Krashed (because it’ll make Bratty happy to see his name on a deface page, even if he didn’t have sh*t to do with it)
F*ckoff to: LoRez (F*CK YOU), weev, Apple, AT&T, MI-5, Harry Pierce, and %$# *!&$@^@ everywhere.
Knowing one of the people listed in the shout-outs, I told them about the props and they got back with the following statement: "After doing some digging, [I] found out that they did it to their own website to generate publicity. The person responsible told me he didn't think anything would happen from it so he used my old nick. He apologized to me and said he'll not do something like that in the future. "
I'm a 28 year old Open Source politician. I've used Open Source for years and am active in the community working on the community itself. This is a largely thankless job involving long days of convincing people I'm right.
Outside of that I'm a fiscally conservative social libertarian from Indiana in the USA (no I'm not a supporter of Ron Paul). I'm a member of the NRA, and I get range time in as frequently as possible. I own a company which deploys open source software to reduce the cost of phone service to those living in apartment complexes, and am on the board of a second company which develops websites that use Drupal, just like this one.
He believes this? He helped coordinate it.
I was an admin before he was, and the password was given to me by the (Then current) PR guy.
I was not misleading you. This was an individual who literally did not inform us ahead of time that this is what he was doing. Since "trelane" was on our IRC server, we felt it best to engineer the password out of him, which we eventually did. After I did that, I locked him out of the site and changed the password. Everything said below was part of an attempt to regain control of our blog.
Oh, additionally, we kickbanned him from the channel once we got the password.
21:22:30 <@LiteralKa> that's the channel trelane mentioned in his interview lol
21:22:36 < pynchon> thats the crew that jacked your goatse sh*t
21:24:31 mode/#press (+b *!*@maxchats-9nle78.trelane.net) by LiteralKa
21:24:31 <<< kick/#press (trelane`) by LiteralKa(no reason)
21:24:34 < pynchon> ok
21:24:39 mode/#press (+i) by LiteralKa
21:26:51 <@LiteralKa> i locked him out btw
21:28:02 <@LiteralKa> restoring what i can of the site
21:33:43 <@LiteralKa> that *ssh*le perm deleted a bunch of sh*t
21:33:51 <@LiteralKa> now sam has to restore that sh*t >:(
21:34:07 < pynchon> was trollforge compromised?
21:34:31 <@LiteralKa> no
21:34:33 <@LiteralKa> i dont think so
21:34:42 <@LiteralKa> 21:34:31 Irssi: Starting query in Hardchats with Krashed
21:34:42 <@LiteralKa> 21:34:31 <krashed> let me know if you find out who hacked goatse nosecurity
21:34:42 <@LiteralKa> 21:34:32 <krashed> :P
21:34:59 <@LiteralKa> gnaa.eu should be fine
21:35:32 < pynchon> http://security.goatse.fr/gaping-hole-exposed From: Andrew Kirch
<trelane ()="" trelane="" net="">
21:35:32 < pynchon> Date: Wed, 26 Jan 2011 19:41:58 -0500
21:35:32 < pynchon> RLY?
21:35:32 < pynchon> YARLY.
21:35:32 < pynchon> (wasn't me of course)
21:35:47 <@LiteralKa> yeah i lold
21:52:12 <@pynchon> he posted the password
21:52:24 <@pynchon> did you delete his post?
21:53:36 <@LiteralKa> yes
21:53:41 <@LiteralKa> i restored as much as i could
21:53:45 <@LiteralKa> and locked him out
21:53:53 <@sloth> what account did he do it from
21:53:54 <@LiteralKa> the d*ck deleted the other users tho
21:53:56 <@LiteralKa> besides durandal
21:53:57 <@LiteralKa> admin
21:56:07 Irssi: Pasting 23 lines to #press. Press Ctrl-K if you wish to do this or Ctrl-C to cancel.
21:56:07 <@LiteralKa> 20:18:06 Irssi: Starting query in Hardchats with trelane`
21:56:07 <@LiteralKa> 20:18:06
why end the lulz?
21:56:07 <@LiteralKa> 20:18:14
21:56:07 <@LiteralKa> 20:18:19
<literalka> so you did it?
21:56:07 <@LiteralKa> 20:18:28
21:56:07 <@LiteralKa> 20:18:55
<literalka> do you actually think we're twats ;_;
21:56:07 <@LiteralKa> 20:19:03
password is v23UvnOr
21:56:07 <@LiteralKa> 20:19:04
21:56:07 <@LiteralKa> 20:19:09
the whole thing is a massive lulzstunt
21:56:07 <@LiteralKa> 20:21:21
<literalka> how u do it
21:56:07 <@LiteralKa> 20:23:35
that I won't disclose
21:56:07 <@LiteralKa> 20:33:06
I just kind of thought this up and was like "this will be lulz, and sh*t's been quiet"
21:56:07 <@LiteralKa> 20:33:12
21:56:07 <@LiteralKa> 20:37:08
apologies for the deletes, I f*cking suck at wordpress
21:56:07 <@LiteralKa> 20:49:20
21:56:07 <@LiteralKa> 20:50:25
yeah I'm reading it
21:56:07 <@LiteralKa> 20:50:59
Durandal gave me the password
21:56:07 <@LiteralKa> 20:52:02
I bragged in ##politics, told LoRez to fuck off, and have denied it like 10 other places in public
21:56:07 <@LiteralKa> 20:52:09
deny half the time
21:56:07 <@LiteralKa> 20:52:10
21:56:07 <@LiteralKa> 20:52:11
admit half the time
21:56:07 <@LiteralKa> 20:52:18
I did the same thing when they accused me of narc'ing weev
21:56:07 <@LiteralKa> 20:52:20
caused MASSIVE duress
21:56:08 <@pynchon> this is why we use keypairs
21:56:16 <@LiteralKa> also
21:56:17 <@LiteralKa> 21:55:01 <krashed> well?
21:56:17 <@LiteralKa> 21:55:13 <krashed> your a security expert
21:56:17 <@LiteralKa> 21:55:19 <krashed> you are supposed to know this sh*t
21:57:39 <@pynchon> i f*cking knew it
21:57:48 <@pynchon> i can smell a rat like a fart in a car
21:57:50 <@LiteralKa> forgot to paste that
21:57:52 <@LiteralKa> sorry
22:00:29 <@sloth> how did you get back in? with the password trelene gave you?
22:00:48 <@sloth> could they have changed info for the admin user as another user?
22:00:54 <@LiteralKa> 22:00:29 <@sloth> how did you get back in? with the password trelene gave you?
22:00:54 <@LiteralKa> yes
22:00:59 <@LiteralKa> 22:00:48 <@sloth> could they have changed info for the admin user as another user?
22:01:01 <@LiteralKa> i think so
22:01:05 <@LiteralKa> everyone had admin access iirc
22:01:13 <@LiteralKa> and when i got on
22:01:19 <@LiteralKa> every account was deleted
22:01:21 <@LiteralKa> sans admin
22:01:22 <@LiteralKa> and durandal
22:01:30 <@pynchon> the only safe move is to wipe everything
22:01:42 <@sloth> I want the logs from sam
22:02:00 <@sloth> if I'm not around can someone else facilitate that
22:02:02 <@pynchon> yeah, get the logs
22:02:14 <@pynchon> syslog sh*t too
22:02:17 <@pynchon> ne tripwire
22:02:36 <@pynchon> ne mount / ro
22:04:26 <@pynchon> LiteralKa: dont worry about restoring sh*t yet
22:04:40 <@LiteralKa> not worrying
22:04:48 <@LiteralKa> I can't do that anyway
22:04:55 <@LiteralKa> i just did what i could
22:04:58 <@sloth> sam should be awake soon
22:05:01 <@LiteralKa> about a half hour ago
22:05:01 <@LiteralKa> :D
22:05:12 <@LiteralKa> sam said he would fix the gnaa site today too >:(
22:05:32 <@sloth> 4am in .fr
22:05:33 <@LiteralKa> whatever
22:05:57 <@LiteralKa> yo
22:06:06 <@LiteralKa> somoenes been commening on the blog
22:06:10 <@LiteralKa> taking ss
22:06:50 <@sloth> link?
22:06:52 <@LiteralKa> "lolhacked"
22:06:54 <@sloth> I don't see comments
22:06:55 <@LiteralKa> yeah, uploading
22:07:02 <@LiteralKa> they got labeled as spam
22:07:05 <@sloth> oh
22:07:24 <@LiteralKa> http://i.imgur.com/gXnN3.png
22:07:25 <@sloth> it's probably nothing but give me the ips and I'll check if they match anything
22:07:46 <@LiteralKa> well, 3 comments 2 ips etc
22:08:01 <@LiteralKa> and they're using webcitation
22:08:10 <@LiteralKa> so it might be the same guy thats been raging @ me and rucas and dolemite
22:08:18 <@LiteralKa> on every f*ciking news story
22:08:24 <@LiteralKa> with comment forms
22:08:24 <@LiteralKa> about goatse
22:08:25 <@LiteralKa> c
22:08:49 <@sloth> what is webcitation
22:09:04 <@LiteralKa> it archives a website
22:09:06 <@LiteralKa> on request
22:09:08 <@LiteralKa> a url,
22:09:11 <@sloth> oh
22:09:13 <@LiteralKa> so in case it goes down
22:09:14 <@LiteralKa> etc
22:09:20 <@LiteralKa> or chjances
22:09:28 >>> join/#press (email@example.com.IP)
22:09:56 mode/#press (+b *!*trelane@*.ik2.93.66.IP) by sloth
22:09:56 <<< kick/#press (trelane`) by sloth()
Jan 26 20:53:51 * Now talking on #pressJan 26 20:53:51 * Topic for #press is: JacksonBrown confirmed scarfenthusiast:http://www.dailytech.com/Interview+Goatse+Security+on+FBI+Charges+Following+ATT+iPad+Breach/article20693.htm| http://www.gnaa.eu/wiki/newsJan 26 20:53:51 * Topic for #press set by LiteralKa at Sun Jan 2322:10:25 2011Jan 26 20:53:55 <LiteralKa> yes helloJan 26 20:54:02 <trelane`> yes defacedJan 26 20:54:04 <LiteralKa> we 're gonnaa have a group blogfest in hereJan 26 20:54:06 <trelane`> and much lulzJan 26 20:54:17 * LiteralKa has changed the topic to:http://news.cnet.com/8301-27080_3-20029734-245.html?tag=mncol;1nJan 26 20:54:29 <trelane`> this is going to blow up bigger than JesusJan 26 20:54:48 <LiteralKa> yesJan 26 20:54:50 <LiteralKa> or allahJan 26 20:54:56 <trelane`> and Allah blows up pretty bigJan 26 20:54:59 <trelane`> just ask OsamaJan 26 20:55:01 <LiteralKa> (Ã˜Â¥Ã™â€ Ã˜Â´Ã˜Â§Ã˜Â¡ Ã˜Â§Ã™â€žÃ™â€žÃ™â€¡)Jan 26 20:55:28 <LiteralKa> The source claiming credit for the hackdeclined to provide specifics on how it was done beyond saying "the sitewas not secure." Asked to comment on the allegation from Kaiser, he said"no laws were broken."Jan 26 20:55:29 <LiteralKa> lolJan 26 20:55:36 <LiteralKa> it just sounds like a he said she saidJan 26 20:55:58 <Murdox> okJan 26 20:56:03 <Murdox> should we change the site back yetJan 26 20:56:07 <LiteralKa> noJan 26 20:56:12 <LiteralKa> let it sit for the night'Jan 26 20:56:20 <Murdox> okJan 26 20:56:20 <Murdox> wellJan 26 20:56:46 <Murdox> edit the fucking frontpage and putgoatseinsurance links back on it in the sidebarJan 26 20:57:21 <LiteralKa> this needs to be seen by samJan 26 20:57:23 <LiteralKa> and lold @Jan 26 20:58:17 <LiteralKa> I'm gonna play this off like it's real publiclyJan 26 20:58:31 <LiteralKa> because if its found out it isntJan 26 20:58:37 <LiteralKa> nobody takes us seriouslyJan 26 20:58:41 <LiteralKa> in the futureJan 26 21:00:41 <trelane`> rightJan 26 21:01:26 <trelane`> anyone that's legit should know it's fakeJan 26 21:01:31 <trelane`> wordpress md5's it's passwordsJan 26 21:01:39 <trelane`> if the password's posted, then the passwordwas compromisedJan 26 21:02:02 <trelane`> though the login page is set to http, not httpsJan 26 21:02:04 <trelane`> so that's plausibleJan 26 21:03:40 <trelane`> incidentally it looks like WP has virgincontrol management, so most of the shit I accidentally deleted should berestorableJan 26 21:03:46 <trelane`> again, apologies for thatJan 26 21:04:40 <LiteralKa> loolJan 26 21:05:17 * *** LiteralKa invited sloth into the channelJan 26 21:05:19 * sloth (firstname.lastname@example.org) has joined #pressJan 26 21:05:20 <sloth> yoJan 26 21:05:22 <trelane`> Harry Pierce is a character from a TV showabout MI-6Jan 26 21:05:26 <trelane`> err MI-5Jan 26 21:05:27 <LiteralKa> trelane`: fill sloth inJan 26 21:05:31 <trelane`> 90% of that was total bullshitJan 26 21:05:45 <sloth> how did they get inJan 26 21:05:47 <trelane`> sloth, tonight, security.goatse.fr was"hacked", to epic lulzJan 26 21:05:55 <LiteralKa> "they" = trelane`Jan 26 21:05:56 <LiteralKa> :)Jan 26 21:05:58 <trelane`> sloth, they = me, and again, it's durandal'sfaultJan 26 21:06:03 <trelane`> he gave me the password, that bastardJan 26 21:06:03 <LiteralKa> hahaJan 26 21:06:14 <LiteralKa> lol whenJan 26 21:06:18 <trelane`> ages agoJan 26 21:06:20 <sloth> what?Jan 26 21:06:28 <trelane`> he still has an admin acct I thinkJan 26 21:06:38 <sloth> wait, trelane did it?Jan 26 21:06:42 <trelane`> sloth, right now media = blogging a stormJan 26 21:07:04 <trelane`>http://news.cnet.com/8301-27080_3-20029734-245.html?tag=mncol;1nJan 26 21:07:12 <sloth> who has access to update the members page?Jan 26 21:07:14 <sloth> please remove my nameJan 26 21:07:35 <trelane`> you aren't on thatJan 26 21:07:38 <LiteralKa> it's all goneJan 26 21:07:40 <LiteralKa> lolJan 26 21:07:41 <trelane`> changed the team page to TEAM STATUS = FIREDJan 26 21:07:48 <trelane`> left the donate to weev upJan 26 21:07:49 <sloth> ok goodJan 26 21:07:52 <trelane`> so that weev gets donatesJan 26 21:07:55 <LiteralKa> lol trelaneJan 26 21:08:05 <LiteralKa> p sure that is old info anywayJan 26 21:08:06 <sloth> because I don't want my name on it anymoreJan 26 21:08:10 <LiteralKa> the paypal at leastJan 26 21:08:15 * trelane` senses some degree of rage from sloth :/Jan 26 21:09:05 * trelane` has both taken, and denied credit in variousforums to increase confusionJan 26 21:10:01 <LiteralKa> see, I'm just gonna treat it as real whenthe media asksJan 26 21:10:09 <LiteralKa> otherwise we loose cred :\Jan 26 21:11:57 <trelane`> LiteralKa, what about something like this.When JacksonBrown was pointlessly arrested, security updates lapsed.This is unfortunate for both the internet, and our team members whosecivil rights, and essential freedoms are being violated.Jan 26 21:12:14 <trelane`> JB is useful here because no one knows shitabout himJan 26 21:12:15 <LiteralKa> for whatJan 26 21:12:27 <trelane`> LiteralKa, for the reason why the hack occurredJan 26 21:12:33 <trelane`> a patch was missed when JB was arrested.Jan 26 21:12:36 <LiteralKa> lolJan 26 21:12:41 <LiteralKa> uhhJan 26 21:13:09 <LiteralKa> I'll probably spin something like thatJan 26 21:13:21 <trelane`> because it gives us the chance to drum upsympathy for HBJan 26 21:13:23 <trelane`> JBJan 26 21:14:12 <LiteralKa> uhhJan 26 21:14:17 <LiteralKa> kinda transparentJan 26 21:14:29 <LiteralKa> I'm just gonna play it off like it was someoverzealous punkJan 26 21:14:34 <LiteralKa> or at least we think it isJan 26 21:14:35 <LiteralKa> etcJan 26 21:15:20 <sloth> I don't get what the point of this wasJan 26 21:18:49 <trelane`> sloth, lulzJan 26 21:20:59 <trelane`> sloth, you must dedicate all, and do anythingfor the pursuit of lulzJan 26 21:21:41 * Disconnected (An established connection was aborted bythe software in your host machine).**** ENDING LOGGING AT Wed Jan 26 21:21:41 2011