listen up guys I guess that because Anonymous is hitting the news with the Wikileaks thing that a lot of you are ending up here. Just for what it’s worth, half the links in this don’t work any more. Anonymous has moved on from Tieve.tk. I have no idea where they are now.
Our legal team and the FBI have been on the case and we have found a few, shall we say “adventurous” young people, who feel they are above the law.
We will soon be printing their names and pictures.
The great thing about this… I’ve been idling in Anonymous’s IRC channel for a week or so now just out of curiosity to see how they work and what their skill level really is (the answer is very varied but there are certainly some people involved who I wouldn’t want port scanning me); I’m not part of Anonymous, I haven’t participated in any of the attacks but it’s fascinating to see what they do [I did a bunch of security and hacking classes at uni but I've never 'applied' my knowledge for obvious reasons. With Anonymous I sort of get to see them doing it for reals, which is intriguing]. Firstly, as far as I can tell there’s a few people in there with botnets which make up a significant amount of the firepower (so a lot of people whose computers are attacking are completely unaware of it). Secondly, I was reading the channel when they suggested Gene Simmons the first time around and there was a split within Anonymous between whether or not they should hit “individual artists”. Personally I thought they were all missing the point; Simmons isn’t an artist, he’s an advertiser (or he has some psychological disorder) and he thrives on attention, which is exactly what you shouldn’t give him, but I am purely an observer and didn’t want to influence anything. Anyway I went to bed while they were squabbling/discussing but it seems some (but not all) went ahead and attacked him, according to Slyck the site was up and down as a result, but it was fine by the time I checked the next day.
So the attack was a bit whimiscal, and the ‘official’ voice of the project, Tieve.tk (essentially the project homepage) [edit: Tieve is currently down, probably DDoSed.], posted that they wanted to distance themselves from the attacks on Simmons. Unfortunately for our hero, however, the attack caused a hull breach in his rather colossal ego and he felt it necessary to come along and go “we’re gonna backtrace you and call the cyber police and put your photo online!”. I read the announcement on his own page, roughly five minutes before Anonymous’s IRC channel did apparently, because a few minutes later the site was completely and utterly dead. It’s fair to say Anonymous didn’t take the threat seriously. He’s now made himself a real target and Tieve is happily advocating attacking him. Stay tuned, Gene Simmons is set to shortly become the first man with a negative IQ.
As for his actual statement, it seems a bit suspect. It suggests he’s actually identified people, which is impluausible. First the FBI needs to look at the web logs and decide for themselves who the attackers are*, then they need to subpoena (or whatever the term is) the ISPs who will respond with the billpayer’s name and address, then they will need to go to the house with a warrant and sieze some equipment before they can identify which member of the household, if anoyne, is responsible. This is unlikely to happen in two or three working days, and if it’s not up to that stage I somehow doubt he’ll have received any real feedback. And threatening to post people’s photos online is the kind of thing you say when you want to rattle someone; it seems like a super original way to unmask their identity, humiliate them in front of their friends, etc etc, and it should strike fear into the hearts of anyone. Unfortunately it never works because it turns out that the first thing every 14 year old says when they’re being trolled for the first time is something along the lines of “I’m gonna get the police on you and make a website and put your names on it and stuff!”, sometimes it involves an uncle who works for the police, sometimes it involves ‘contacts’ who can ‘hack’. I guess if you’re a 60 year old famous for wearing make-up and pretending to play a bass guitar, it involves a ‘legal team’ and ‘the FBI’. It seems sensible to them but what they don’t realise is everyone else has seen it ten times before and it’s a pretty clear indicator that you don’t know how to deal with being trolled. Gene, you done goofed.
[edit: his record label site is now on a different server and is back up, we'll see how long that lasts
edit2: we'll be generous and round it up to 5 minutes]
Update 3PM BST:
me@mybox:~$ nslookup www.genesimmons.com Server: 188.8.131.52 Address: 184.108.40.206#53 Non-authoritative answer: Name: www.genesimmons.com Address: 220.127.116.11 me@mybox:~$ whois 18.104.22.168 % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '22.214.171.124 - 126.96.36.199' inetnum: 188.8.131.52 - 184.108.40.206 netname: THEPIEATEBAY-NET descr: The Pirate Bay country: DE admin-c: RL4048-RIPE tech-c: RL4048-RIPE status: ASSIGNED PI remarks: --------------------------------------------------------------- remarks: ABUSE related questions mail to firstname.lastname@example.org remarks: Abuse related questions to any other address will be ignored. remarks: --------------------------------------------------------------- mnt-by: MNT-RESERVELLA mnt-routes: MNT-STN source: RIPE # Filtered person: Reservella LTD address: P.O. Box 73852 phone: +35738743131 nic-hdl: RL4048-RIPE mnt-by: MNT-RESERVELLA source: RIPE # Filtered % Information related to '220.127.116.11/24AS50066' route: 18.104.22.168/24 descr: The Pirate Bay origin: AS50066 mnt-by: MNT-STN source: RIPE # Filtered % Information related to '22.214.171.124/24AS51040' route: 126.96.36.199/24 descr: The Pirate Bay origin: AS51040 mnt-by: MNT-STN source: RIPE # Filtered
Genesimmons.com now pointed to The Pirate Bay!
Either Anonymous has managed to DNS poison something (but no one’s taking credit for it on IRC) or Simmons’ admin has tried to redirect all the traffic to the Pirate Bay so that Anonymous DDoSes TPB instead. This would probably be illegal.
*Bear in mind the difference between a DoSer and a legitimate user is only the amount of traffic/load they’re generating, and I don’t know about you, but the first thing I do when I hear a site’s being DDoSed is to go and visit it to see how it’s holding up, which is not at all illegal because you’re not visiting with the intent (or, really, ability) of overloading the server. Also, I’ve seen a few uptime graphs of attacked sites, which means there’s at least one person sending them packets every so often to check whether they’re responding, which again is fine because the amount of load they generate is trivial, but it does mean that there are more log entries to analyse. So you expect a traffic influx from publicity alone, which makes it harder to discern legitimate traffic from malicious traffic because the logs are ‘noisier’. And that’s assuming the server is still able to write logs.