A note to AnonOps about their net provider

On a McAfee blog, "Don’t Confuse ‘Anonymous’ With a Russian Gang", Francois Paget gives a timeline of events leading up to the SpamHaus DDoS attack.

Of note he says: "I am opposed to illegal activity on or off the Internet. I want to alert all hacktivists to be careful of engaging in any virtual demonstration when they cannot verify the launching source. Not only could their actions in fact be detrimental to their causes, they could also expose people to identity theft, financial fraud, and other troubles." (this author's highlight)

Agreed Francois. This sentiment also reflects what I posted a few days ago; "Personally I have no doubt the Wikileaks situation became exploitable when SpamHaus highlighted this serious issue. Immediately Operation Payback became payback for past blacklistings by SpamHaus, using an instant army of unwitting do-gooders protecting freedom of speech, or so the DDoS'ers thought."

Past experience has shown that anyone that uses Heihachi is immediately under suspicion of trying to exploit normal users, this suspicion with a more than high probability of being correct as history has shown time  and again.

So of importance on the McAfee blog as Francois points out:
"As we examine this chronology, it seems to me that something is out of place:

  • The Anonymous group claims to have stopped DDoS attacks
  • The security community sends an alert about a suspicious WikiLeaks mirror site hosted on the dangerous Heihachi.net (a den of criminals)
  • Spamhaus suffers DDoS attacks but says neither LOIC nor LOIC-like tools are involved in the attacks
  • In some semiprivate forums AnonOps members deny responsibility
  • A new Anonymous communication network is created in Russia. Ten or so IRC servers are linked to the same Heihachi.net.
  • One of these IRC servers–irc.anonops.ru–drove #operationBoa (Bank of America, .." 
If we consider what cybercrime is and how it abuses the internet and anonymity to deprive ordinary users of their rights to legal recourse, this is a great injustice being done to these users, on par if not greater than anything Wikileaks may be exposing. Most victims to cybercrime are statistics if they report it, while the majority do not bother. The internet is a place of extremes, extreme good to extreme bad. Heihachi represents the extreme bad end of this spectrum.

As such it may now be argued that AnonOps by using Heihachi, is now supporting a hosting company run by unknown persons and encouraging a class of business that is extremely harmful to ordinary internet users and that has seen many people and their families defrauded. Additionally they are exposing their supporters to these same dangers.

Is this what AnonOps wants and what they support? I very much doubt it.

However it clear that there is a bad core in AnonOps and that any sympathy the public may have with AnonOps could disappear rather rapidly. AnonOps depends on the internet to achieve it's goal. Their most valuable resource is now being driven "on the dangerous Heihachi.net (a den of criminals)" (to borrow Francois's phrase, which many a security researcher can testify to).

This begs the questions:
  • Why despite being warned about the Heihachi issues, does AnonOps  insist on using this infamous provider?
  • Why did a DDoS attack follow on the above warning? (We need to consider SpamHaus protects the ordinary internet user and is not involved in anything Wikileaks related) 
  • Who in AnonOps is giving that group bad advice?
If AnonOps is not to go down in history as a case study of a civil protest that was hijacked for criminal purposes, where volunteers were led like lambs to the slaughter, they had better look into their trusted core and do some thorough introspection, expelling those that would abuse them and ordinary internet users. 

AnonOps: Heihachi has seen enough victims to crime already, please do not be part of this rotten core of the internet. Do not allow your supporters to be unknowing pawns to criminal activity. You owe at least this to your supporters.