Malicious Scripts: Apology for Our Former Collegue

Greetings fellow CC users,

It has come to our attention that this account was misused by our former colleague, then spokesperson.

How so? The forum post demanding the removal of malicious scripts, as well as warning of a potential Distributed Denial of Service attack via Torshammer was not of true consensus between the twelve of us in CC Anons. Instead, it was the improper actions by an member of our CC collective.

Thereof, we apologize for the actions put forth by our user and the obvious discord that occurred as a result. We've reorganized ourselves, and now plan on being normal non-malicious coders on CC.

That being said, the first forum post is now rendered obsolete, as well as any comments posted by him during the period of time he remained in control.

This account will remain active, and we hope on releasing an OS within the next few months (Do not worry, nothing malicious)

Any questions? I, as the new spokesperson, will gladly fix the facsimile bridge that has collapsed between us and you.

To the diverse and (Not Lowly) CC community,

~ signed, MumbaiHHS

We all make mistakes, and ours was trusting people.

We Are Anonymous
We Are Legion
We (Do) forgive
We (occasionally) forget

Ah, so it WAS a joke. Well, kinda :P/>

Moved to Forum Discussion.

Restioson, on 13 April 2016 - 05:06 PM said:

Ah, so it WAS a joke. Well, kinda :P/>

Hell, not a joke for us at that point apon finding this, but eh, oh well.

Did you just admit to DDOSing the forums?

The forums have been having problem in the last few days. Was it because of DDoSing, Dan?

Doesn't CloudFlare protect from DDoSing?

Yes, it was multiple DDOS attacks. This has been confirmed by CreeperHost.
There are multiple different types of DDOS attacks, and CloudFlare doesn't/can't protect against all of them, especially on the free package which I use.

edit: and the method mentioned in OP's post exactly fits the profile of what we've been experiencing

I did not DDOS the forums. I am have contacted some of my friends who've been working me, and no, we did not. TorsHammer does in-fact bypass CloudFlare with enough time. You can check the IP logs. The user who DDoSed your forumns most likely does not the command to hide his IP.

I am willling to help with any cooperation towards you. Yes, I admit I am a hacker, dan200, but I am not devious enough to go back on my word.

Most likely the user set up a VPS server via Google Cloud, then downloaded the gist of Torshammer.zip. Then he or she typed "python torshammer.py -t computercraft.info -r 256 ". If they did hide the IP, then it would have a -T at the end of the 256. Anyhow, I am willing to help with anything concerning your help. And I doubt it was my friend. He doesn't have the manpower, nor the credit card numbers, to keep creating dummy accounts on Google Cloud VPS, Amazon VPS, or any other paid.

Heres the wierd thing : I happend to be browsing through the DDOS attack maps on Onion sites, and it showed a massive influx of visistors from New Zealand. Is your server located somewhere in the middle of the US?

dan200, on 29 April 2016 - 02:10 AM said:

Did you just admit to DDOSing the forums?

I have not DDoSed the forumns. The user could have used SSLStrip to strip of Secure HTTPS, then DDoSed.

Any other info you need for help, contact me via PM. I await your reply.

Anonymous, on 29 April 2016 - 01:21 PM said:

I did not DDOS the forums. I am have contacted some of my friends who've been working me, and no, we did not. TorsHammer does in-fact bypass CloudFlare with enough time. You can check the IP logs. The user who DDoSed your forumns most likely does not the command to hide his IP.

I am willling to help with any cooperation towards you. Yes, I admit I am a hacker, dan200, but I am not devious enough to go back on my word.

Most likely the user set up a VPS server via Google Cloud, then downloaded the gist of Torshammer.zip. Then he or she typed "python torshammer.py -t computercraft.info -r 256 ". If they did hide the IP, then it would have a -T at the end of the 256. Anyhow, I am willing to help with anything concerning your help. And I doubt it was my friend. He doesn't have the manpower, nor the credit card numbers, to keep creating dummy accounts on Google Cloud VPS, Amazon VPS, or any other paid.

Heres the wierd thing : I happend to be browsing through the DDOS attack maps on Onion sites, and it showed a massive influx of visistors from New Zealand. Is your server located somewhere in the middle of the US?

dan200, on 29 April 2016 - 02:10 AM said:

Did you just admit to DDOSing the forums?

I have not DDoSed the forumns. The user could have used SSLStrip to strip of Secure HTTPS, then DDoSed.

Any other info you need for help, contact me via PM. I await your reply.

You know that hiding your IP isn't as easy as entering a command and hacking around without having to worry at all, right?
Heck… the FBI even developed software to track down users of Tor now.

The more time passes the more obvious it becomes that you are just a script kiddy.

Anonymous, on 29 April 2016 - 01:21 PM said:

The user could have used SSLStrip to strip of Secure HTTPS, then DDoSed.

What are you talking about, the forums doesn't even use TLS/SSL, additionally https does not prevent ddos attacks, it authenticates and encrypts the data between clients and server.
SSLStrip allows you to man-in-the-middle those https connections, we're talking about ddos here, not mitm.
You guys don't even know what you're doing.

I currently don't know if I should cry or laugh.

Every help appreciated.

Anonymous, on 29 April 2016 - 01:21 PM said:

I did not DDOS the forums. I am have contacted some of my friends who've been working me, and no, we did not. TorsHammer does in-fact bypass CloudFlare with enough time. You can check the IP logs. The user who DDoSed your forumns most likely does not the command to hide his IP.

I don't think you quite understand the concept of DDoS. Perhaps a DoS attack could be feasible by a single IP (unlikely), but DDoS stands for Distributed Denial of Service. It's basically a hell of a lot of computers (usually random consumers' that have been compromised and added to some sort of botnet) slamming the target server with as many requests as possible, to overload the server. It's very difficult to track down the source of a DDoS attack through technical methods. Of course, social methods (such as, I don't know, a random account on the target site threatening such an attack shortly before it occurs?) are far simpler to find.

Anonymous, on 29 April 2016 - 01:21 PM said:

I am willling to help with any cooperation towards you. Yes, I admit I am a hacker, dan200, but I am not devious enough to go back on my word.

I seriously doubt that Dan (and the rest of the very capable administrative/moderation staff) would need your help, since you appear to have little knowledge in the area. Even if they would benefit from the expertise you claim to possess, they would be incredibly foolish to allow their prime suspect to help them discover the attacker.

Anonymous, on 29 April 2016 - 01:21 PM said:

Most likely the user set up a VPS server via Google Cloud, then downloaded the gist of Torshammer.zip. Then he or she typed "python torshammer.py -t computercraft.info -r 256 ". If they did hide the IP, then it would have a -T at the end of the 256. Anyhow, I am willing to help with anything concerning your help. And I doubt it was my friend. He doesn't have the manpower, nor the credit card numbers, to keep creating dummy accounts on Google Cloud VPS, Amazon VPS, or any other paid.

I'm glad you googled Torshammer and its arguments, but if you really think that the exact (supposed) syntax of the command used to attack the server is relevant…

If you know what you're doing, you know the exact command run is irrelevant, and if you don't (as evidenced by your post) then the odds are that you are giving Dan the exact command you ran to initiate the attack.

Anonymous, on 29 April 2016 - 01:21 PM said:

Heres the wierd thing : I happend to be browsing through the DDOS attack maps on Onion sites, and it showed a massive influx of visistors from New Zealand. Is your server located somewhere in the middle of the US?

What… I'm going to address the only thing that makes sense here: why would A) Dan's server be in the U.S., when he lives in GB, or B ) he tell you where it is at all, regardless of whether you've already found out?

Anonymous, on 29 April 2016 - 01:21 PM said:

dan200, on 29 April 2016 - 02:10 AM said:

Did you just admit to DDOSing the forums?

I have not DDoSed the forumns. The user could have used SSLStrip to strip of Secure HTTPS, then DDoSed.

Any other info you need for help, contact me via PM. I await your reply.

I'm flip-flopping between believing that you are too incompetent to come close to attacking the forum server, or the possibility that you are barely effective enough at googling to figure the process out and execute it. Either way, you're making a fool of yourself.

Edit: Damn B)/> emoticon, always forget about it

Seriously, if it is you, just stop it. You're not winning anything from it. Even if you managed to temporarily take down the forums for a certain while, and let's say, hypothetically, Dan would stop the no malicious script policy, what would you win? You'd be able to trick new users to download the script, until another more experienced user comments 10 minutes later and warns the rest not to download the script, nor anything else by you ever again.

There are legal consequences to DDoSing, and some of them may/may not involve the FBI. hint hint

If you really have to share your clever-af malicious code with someone you can just use pastebin. Or, if you want something which is a little bit more CC-centered Backspace (shameless self-plug). And if you really have to you can fork Backspace and host a server for it yourself.

If you actually understand some basic level stuff forking it shouldn't be a problem for you. [sarcasm] And spreading the link shouldn't be hard either, judging by your SE skills.[/sarcasm]

H4X0RZ, on 29 April 2016 - 11:00 PM said:

And spreading the link shouldn't be hard either, judging by your SE skills.

I'd say he's pretty inept when it comes to social engineering, considering the fact we all knew this kid was a script kiddie and a troll from day one.
(Assuming SE stands for Social Engineering, sorry if I assumed wrong)

Jiloacom, on 29 April 2016 - 11:53 PM said:

H4X0RZ, on 29 April 2016 - 11:00 PM said:

And spreading the link shouldn't be hard either, judging by your SE skills.

I'd say he's pretty inept when it comes to social engineering, considering the fact we all knew this kid was a script kiddie and a troll from day one.
(Assuming SE stands for Social Engineering, sorry if I assumed wrong)

Yes, I meant social engineering.

I completely forgot that this is "just" a forum. I marked the sarcasm in my post. Thanks for (unconsciously) pointing that out ^^

Are you serious anon?
Did you really take your personal twitter account and renamed it anonymous?
http://lmgtfy.com/?q=MumbaiHHS
It's like you're not even trying being actually anonymous.

I've suspended this guy from the forums for a bit. As dubious as his credentials are, he's going around calling himself a "hacker" and boasting about violating computer security, all wrapped in a douchey persona. As admin, i've decided the forums will be a more pleasant place without him for a while.