ImageShack hacked by cyber survivalists.

Earlier today, the popular image hosting site ImageShack appears to have been compromised by a group calling itself Anti-Sec. The exploit was also posted to the Full Disclosure mailing list, eliciting some interesting responses. This is the same group that attacked the website of astalavista.com in June of this year.

 

The effect of the attack was to replace many of the hosted images with a single (amusingly titled) image containing the Anti-Sec manifesto. ImageShack was a particularly effective site to target as so many third-party sites use images that are actually hosted on ImageShack.

image-hack

 

It is Anti-Sec’s belief, it seems, that the security industry supports full disclosure (of things like vulnerabilities that lead to zero-day exploits, for example) because it allows the industry in general to “develop scare tactics” aimed at generating profits. No mention then of the security industry designing proactive protection mechanisms to help people and businesses avoid serious financial and personal damage? No mention of full-disclosure allowing security organisations to mitigate against attacks before they are exploited in the wild? No mention of organised crime profiting from undisclosed vulnerabilities?

 

Supporting Anti-Sec’s stated aim of “eliminating the security industry in its present form”  they have declared all security blogs, exploit publications or security websites as fair-game and promise that “everyone and everything is getting pwned“.

 

This event looks like it is closely related to this page containing blog articles published back in 2006. In the article “Stop aiding an industry which just hurts humanity“. this text in particular stood out:

It is time for the last stand. Our mission is to retain the right to freely think, code, and communicate. Stop helping the industry, stop publishing your 0day, start working to make a real difference. Save your arms for the time very soon in which we will need them. Have faith in your self and your God and good works will come. We need not be slaves to a master that despises us!

Non-disclosure is a heroic endeavor. Be a hero.”

 

Evn though I’m usually a sucker for a manifesto, this just made me think of the wacky end of the survivalist spectrum, heading for the hills with their tins of beans and their AK-47s (and now SQLi).

 

 

I realise this blog entry is affording someone the oxygen of publicity they obviously crave, and personally I don’t feel I should dignify their stance with a response, but equally I am keen to open the issue up for wider discussion. What do you think?

8 thoughts on “ImageShack hacked by cyber survivalists.

  1. Pingback: Anti-Sec is not a cause, it’s an excuse | Simply Security

  2. Pingback: ImageShack hacked in oddball security protest

  3. Dave

    Really not the best manifesto out there. If these guys put some logical thought into it, they’d realize 2 things.
    1. according to their manifesto, the publishing of exploits is what they are against, yet they are using exploits to cause the havoc.
    2. Yet they are still against full disclosure, even though they DON’T want the releasing of white papers.

    So they are against the using, obtaining, hiding and sharing of exploits.
    If they are going to make a manifesto, at least make it a consistent goal :)

    Reply
  4. Pingback: Twitted by mirelamustata

  5. Pingback: ImageShack hacked in oddball security protest | Web Site Hosting

  6. Pingback: ImageShack hacked in oddball security protest | Global Hosting Talk

  7. Mark Jihkashen

    I’m inclined to agree with the chaps, When I look at the security industry as it is now, I see alot of A. Sold out Ex-Hackers B. Alot of pandering and FUD being spread to boost sales and C. Very little actual innovation.

    Perhaps its time for a change.

    Reply
  8. Pingback: Imageshack Hacked…. Imageshack Hacked by Anti-Sec Movement (Unknown…. | Total Info

Leave a Reply

Your email address will not be published. Required fields are marked *

*