RE: Seeking comment about ... well, you can probably guess

Barrett –

Here’s the story:

http://www.securitynewsdaily.com/1613-jester-qr-code-twitter-anonymous.html

Again, thanks for your help.

--Paul

From: Barrett Brown [mailto:barriticus@gmail.com]
Sent: Monday, March 12, 2012 2:47 PM
To: Paul Wagenseil
Subject: Re: Seeking comment about ... well, you can probably guess

Ah, okay.

1. I'm not qualified to assess these sorts of claims, but I'm inclined to believe he's done what he says he's done. This is someone who has spent a great deal of time engaging in "opposition research" on Anonymous and associated individuals, and he has a wide network of very talented contacts, so one would imagine that he'd eventually pull off something effective.

2. It's certainly justified within the context of this particular engagement, one in which things get hacked, people get monitored, documents get stolen, and apartments get raided. Yes, I'm certainly a legitimate target for such things.

3. No, I had no idea it was something one could scan, much less with their phone. The FBI took my phone last week anyway, so it wouldn't have mattered if I had.

4. That would depend on who exactly was compromised.

5. Actually, I'm not convinced he's upset U.S. law enforcement at all. For instance, the FBI now has a laptop of mine which contains screen shots of a Twitter post made by an ex-military fellow and security contractor named Alan Everett (@cryptkper) in which the fellow presents a picture of what he believes to be my residence and specifies that he's doing so in order that the Zeta drug cartel will have an easier time finding me ( http://twicsy.com/i/6dHfX ). I don't think law enforcement is going to jump on that, either. You're allowed to break all sorts of laws if you do so in the interests of national security. Like me, that particular Congressman is no friend of the national security state. As such, we're legitimate targets. Remember that this is a country in which the Justice Department set the Team Themis/Wikileaks affair in motion. If it weren't such a country, Anonymous wouldn't be necessary.

On Mon, Mar 12, 2012 at 10:55 AM, Paul Wagenseil <pwagenseil@techmedianetwork.com> wrote:

It’s a little nuts. If it’s true, it’s pretty impressive, from an objective point of view:

https://th3j35t3r.wordpress.com/2012/03/09/curiosity-pwned-the-cat/

Basically he used, or says he used, a QR code to point Android/iOS browsers to a rigged webpage...

… which in turn connected to a remote server…

… which then ran a script that checked for Twitter clients running on the Android/iOS phones…

… which then extracted the Twitter account associated with the client …

… the script then checked the handle against a hit list of Twitter accounts – yours was among them ….

… if a Twitter account was on the hit list, then a second script was triggered, elevating privileges on the phone and extracting as much of the address/contacts list, SMS archive, email archive, call logs as it could and sending the data back to the mothership.

Here’s a technical look at what he says he did:
http://isc.sans.edu/diary.html?storyid=12760

From: Barrett Brown [mailto:barriticus@gmail.com]
Sent: Monday, March 12, 2012 1:48 PM

To: Paul Wagenseil
Subject: Re: Seeking comment about ... well, you can probably guess

Can you give me a link to something on this QR code thing? I haven't had a chance to follow it; I'm aware that he apparently broke into the congressman's phone but I'm not familiar with the rest of this yet.

On Mon, Mar 12, 2012 at 10:31 AM, Paul Wagenseil <pwagenseil@techmedianetwork.com> wrote:

OK, thanks.

I’m gonna make it an email thread, if that’s okay, since my brain hasn’t fully recovered from the daylight-saving time shift.

First of all, what do you think of Jester’s claim to have hacked into targeted individuals’ smartphones? Real or fake? From what I can glean from my conversations with Android/iOS experts, it sounds plausible.

Second of all, is such targeting justified? Is it justified in your case, since you’ve never tried to hide who you are?

Third – you were on his hit list. Did you click on his Twitter-icon QR code?

He’s put the data dump up on MediaFire, but encrypted it using his public key, which is beyond my ability to do anything with:

http://www.mediafire.com/?25e53h3qxey4r6q

Fourth – if he’s got personal information on the individuals running various Anon-related Twitter feeds, how much of a danger is that to the continuation of the overall Anonymous movement?

Last – Taking down jihadi websites is one thing, but targeting U.S. citizens and hacking their smartphones is another. Until now, The Jester’s not done much that would upset U.S. law enforcement. Now he has. Should he be worried?

Thanks,

Paul

From: Barrett Brown [mailto:barriticus@gmail.com]
Sent: Monday, March 12, 2012 1:13 PM
To: Paul Wagenseil
Subject: Re: Seeking comment about ... well, you can probably guess

Sure thing.

On Sun, Mar 11, 2012 at 7:18 PM, Paul Wagenseil <pwagenseil@techmedianetwork.com> wrote:

Yeah, I would ... about last week, and about Jester's Twitter hack. Can I call or email you in the morning?

Thanks,

Paul

Sent from my iPad

On Mar 11, 2012, at 5:35 PM, "Barrett Brown" <barriticus@gmail.com> wrote:

Paul-

Sorry I'm just get now getting back to you, was raided by the FBI last week. Let me know if you'd still like to talk.
On Wed, Mar 7, 2012 at 5:43 AM, Paul Wagenseil <pwagenseil@techmedianetwork.com> wrote:
Mr. Brown--

Like every other tech reporter in the land, I've been asked to put together a story on What Yesterday's Busts Mean for Anonymous.

I personally don't think things will change that much. But I could be wrong. Will Sabu's flipping on his friends sow such suspicion within the ranks that Anonymous will cease to be a force? Or will the decentralized and pseudonymous nature of the movement enable it to carry on?

Please let me know what you think, if you've got a minute or two to spare.

Thanks,

Paul Wagenseil
Managing editor, SecurityNewsDaily | | www.SecurityNewsDaily.com
150 Fifth Avenue, 9th Floor | New York, NY 10011
pwagenseil@techmedianetwork.com
(212) 703-5818

--
Regards,

Barrett Brown
512-560-2302

--
Regards,

Barrett Brown
940-735-9748