A note to AnonOps about their net provider

On a McAfee blog, "Don’t Confuse ‘Anonymous’ With a Russian Gang", Francois Paget gives a timeline of events leading up to the SpamHaus DDoS attack.

Of note he says: "I am opposed to illegal activity on or off the Internet. I want to alert all hacktivists to be careful of engaging in any virtual demonstration when they cannot verify the launching source. Not only could their actions in fact be detrimental to their causes, they could also expose people to identity theft, financial fraud, and other troubles." (this author's highlight)

Agreed Francois. This sentiment also reflects what I posted a few days ago; "Personally I have no doubt the Wikileaks situation became exploitable when SpamHaus highlighted this serious issue. Immediately Operation Payback became payback for past blacklistings by SpamHaus, using an instant army of unwitting do-gooders protecting freedom of speech, or so the DDoS'ers thought."

Past experience has shown that anyone that uses Heihachi is immediately under suspicion of trying to exploit normal users, this suspicion with a more than high probability of being correct as history has shown time  and again.

So of importance on the McAfee blog as Francois points out:
"As we examine this chronology, it seems to me that something is out of place:

  • The Anonymous group claims to have stopped DDoS attacks
  • The security community sends an alert about a suspicious WikiLeaks mirror site hosted on the dangerous Heihachi.net (a den of criminals)
  • Spamhaus suffers DDoS attacks but says neither LOIC nor LOIC-like tools are involved in the attacks
  • In some semiprivate forums AnonOps members deny responsibility
  • A new Anonymous communication network is created in Russia. Ten or so IRC servers are linked to the same Heihachi.net.
  • One of these IRC servers–irc.anonops.ru–drove #operationBoa (Bank of America, .." 
If we consider what cybercrime is and how it abuses the internet and anonymity to deprive ordinary users of their rights to legal recourse, this is a great injustice being done to these users, on par if not greater than anything Wikileaks may be exposing. Most victims to cybercrime are statistics if they report it, while the majority do not bother. The internet is a place of extremes, extreme good to extreme bad. Heihachi represents the extreme bad end of this spectrum.

As such it may now be argued that AnonOps by using Heihachi, is now supporting a hosting company run by unknown persons and encouraging a class of business that is extremely harmful to ordinary internet users and that has seen many people and their families defrauded. Additionally they are exposing their supporters to these same dangers.

Is this what AnonOps wants and what they support? I very much doubt it.

However it clear that there is a bad core in AnonOps and that any sympathy the public may have with AnonOps could disappear rather rapidly. AnonOps depends on the internet to achieve it's goal. Their most valuable resource is now being driven "on the dangerous Heihachi.net (a den of criminals)" (to borrow Francois's phrase, which many a security researcher can testify to).

This begs the questions:
  • Why despite being warned about the Heihachi issues, does AnonOps  insist on using this infamous provider?
  • Why did a DDoS attack follow on the above warning? (We need to consider SpamHaus protects the ordinary internet user and is not involved in anything Wikileaks related) 
  • Who in AnonOps is giving that group bad advice?
If AnonOps is not to go down in history as a case study of a civil protest that was hijacked for criminal purposes, where volunteers were led like lambs to the slaughter, they had better look into their trusted core and do some thorough introspection, expelling those that would abuse them and ordinary internet users. 

AnonOps: Heihachi has seen enough victims to crime already, please do not be part of this rotten core of the internet. Do not allow your supporters to be unknowing pawns to criminal activity. You owe at least this to your supporters.


  1. Ihr seit doch behindert, nur weil euer Dreckshoster names CiniCRAP nicht klar kommt müsst ihr viel bessere Hoster schlecht sprechen? Haha, sieht man ja wie das klappt. Über 2000 Domainregistrierungen und über 500 belegte IPs sprechen für sich, da kann CiniCRAP und der Rest einpacken.

    Und BTW, falls du es, Herr Kessler, nicht gerafft hast: AnonOps steht HINTER heihachi, nicht umsonst machen die überall Werbung für die (Banner usw.). Schon dumm wenn man mit aller Kraft versucht einen guten Hoster schlecht zu sprechen aber andauernd auf die Schnauze fällt? Böses Heihachi, jaja, scheiß Neider :D

  2. I am not in the habit of posting rant replies, but the latest reply does bear mentioning.

    Of late I have been receiving rather cryptic "CiniCRAP" posts that made no sense from the sender identifying himself as Admin, until the last post.

    Since I am not really capable of reading German and mostly use Google Translate for German text, I tried running the above message through it. The results were intriguing

    "But since you disabled, just because your dirt hostnames CiniCRAP not get along you have to speak much better Hoster bad? Haha, yes you can see how it works out. Over 2,000 domain registrations and over 500 IPs occupied speak for themselves, as can pack CiniCRAP and the rest.

    And BTW, if you do, Mr. Kessler have not gathered: AnonOps Behind Heihachi, not for nothing do the advertising for all the (banners, etc.). Even with all their stupid if you tried a good host to talk bad but constantly falls flat on its face? Evil Heihachi, yes, fuck envy: D "

    Even with a translation it still took me a bit of time to figure out who Mr Kessler is, but only after a bit upon working out that the "CiniCRAP" Admin is referring to is actually CINIPAC IB and Mr Kessler is associated with them.

    My retort would be: How wrong can you get it? My surname is not Kessler and I do not use or in any way affiliated with CINIPAC. I have no financial interest in the hosting or domain business, although I have been making a good living in IT.

    If there is any truth in the above reply, AnonOps is will be alienating themselves from a lot of potential friends, endangering their supporters and losing all credibility in legitimate non-governmental security circles.

    The only remaining question to Admin would be; is he representing Heihachi, AnonOps or just trying to find a place to troll?