EXCLUSIVE: Hacker “Fear” Breaches Hundreds Of U.S. Govt Websites

A hacker known as Fear claims to have breached hundreds of government servers after hacking into the FTP of Neustar, a company in charge of the .us domain name used to upload and download files from the internet according to Databreaches.net.

“Fear” claims to be a teenager, and said that he took advantage of lax security at Neustar to gain access to a large number of FTP (File Transport Protocol) servers. Neustar has denied the claim, saying the purported breach does not match files the hacker claims to have taken reports The Hill.

The alleged hacker contacted this writer under the condition of anonymity and said that there was way more to come from him and others in the months to come. When asked to expand upon their claims, the hacker did not respond before publishing of this story. He did however say a large data dump was coming and linked me to a twitter account named IRSPartyBus posting data, from Intel claiming the Silicon Valley computer chip company Intel had been hacked as well. He did not note whether these were separate hacks or if this hack was accomplished by breaching Neustar’s domain FTP servers. He added, on that the attacks “were basically to protest censorship in general.” When asked if the attacks were done for the hell of it or if there was a political meaning behind them and if they were to protest S3034 the bill that stops the hand over of ICANN to the UN.

s3034

The Pastebin said, in a statement.

“HELLO INTEL WE ARE THE IRS PARTY BUS AND YOU HAVE BECOME LUGGAGE ALONG WITH ALL THE OTHER

DATABASES WE HAVE DESTROYED, YOU HAVE BEEN STORED IN THE COMPARTMENT AREA.



                                        get your ass on this motherfuckin bus boi
    .---------------------------.       /
   /,--..---..---..---..---..--. `.  ——/
  //___||___||___||___||___||___\_|
  [j__ ######################## [_|
     \============================|
  .==|  |"""||"""||"""||"""| |"""||
 /======"---""---""---""---"=|  =||
 |____    []*          ____  | ==||
 //  \\ its party bus //  \\ |===||  
 "\__/"---------------"\__/"-+---+'   
                                                                                                                                  

//// SHOUTOUT TO MY NIGGAS IN THE IRS PARTY BUS @IRSPARTYBUS
//// SHOUTOUT ALL MY NIGGAS IN @THEFAMILYSYSTEM 

Intel is world's largest chip making factory. But, they still run plain daemon 
on most of their servers -_-. By finding one of their main boxes, 
they got rooted, and just to have fun with them, we decided to upload a backdoor
on their server that logs all their .bash_history, and all nano’d files on the server.
The biggest fail was their passwords, let me just toss out a couple hilarious, 
never forgetting passwords, “intel113”, “applepies0”, and my absolute favorite, “intel”.

A prank we played on them was fucking with their documents, that they were
uploading to their “secure file sharing servers” was accessing the logs they
were sending to their employees, etc… 

This is the end of the log that was edited, which was quite fucking hilarious because it was
sent around so much, and the emails kept getting more and more funnier when they replied 
regarding it. 

The log sent /////

Deleting Key = HKLM\SOFTWARE\Intel\GFX\Intern\AudioFix

[Folder - 121000]

 Recursivly deleting folder C:\Program Files (x86)\Intel\Intel(R) Graphics Media Accelerator Driver

[Custom action - 60001]

  Looking  Tango Creek installer

* Tango Creek installer not found

IIF will NOT initiate reboot

Exit code = 0x0

ResultCode = 0

* greetz from irspartybus and Fear! 

<<< 7/07/2016 03:01:43:490

Another game we played was swapping a small portion of important document names to fuck with them,
so they keep sending incorrect documents, which caused them confusion,
especially in the mail list with all the chinese vendors, and dell clients.

The original document names ///

SSD Form Factor Version1_0.pdf
SFF-9401 Rev 0.3.pdf
Serial Attached SCSI - 3 (SAS-3), T10,BSR INCITS 519 Rev 06.pdf
RST07-1813-1 REV AX1.pdf
RMS36-2092 REV AX2.pdf
RMS36-2091  REV AX2.pdf
RMBCTN00XX REV A.pdf
RHS36-1591 REV AX3.pdf
IntelUSB3.log
IntelGFXCoin.log
IntelCPHS.log
H73691-001 (RHS36-1810 REV AX7).pdf
FAI-21489 RHS36-1591( ID_S1501322 Intel AX5  30AWG)HD Mini SAS to 4X SATA7....pdf
FAI-21140 RST07-1813-3(S14121069  Intel AX1)SATA  cable ass'y 150105-12G.pdf
DMS_AXXCBLLNVKIT3 Rev02.doc
DMS_AXXCBLLNVKIT Rev02.doc

The swaperionos! (@intel, we really hope this cleared up the confusion)

SFF-9401 Rev 0.3.pdf >> SSD Form Factor Version1_0.pdf
SSD Form Factor Version1_0.pdf << SFF-9401 Rev 0.3.pdf
Serial Attached SCSI - 3 (SAS-3), T10,BSR INCITS 519 Rev 06.pdf >> RST07-1813-1 REV AX1.pdf
RST07-1813-1 REV AX1.pdf >> Serial Attached SCSI - 3 (SAS-3), T10,BSR INCITS 519 Rev 06.pdf
RMS36-2091  REV AX2.pdf >> RMS36-2092 REV AX2.pdf
RMS36-2092 REV AX2.pdf << RMS36-2091  REV AX2.pdf
FAI-21489 RHS36-1591( ID_S1501322 Intel AX5  30AWG)HD Mini SAS to 4X SATA7....pdf << FAI-21140 RST07-1813-3(S14121069  Intel AX1)SATA  cable ass'y 150105-12G.pdf
FAI-21140 RST07-1813-3(S14121069  Intel AX1)SATA  cable ass'y 150105-12G.pdf >> FAI-21489 RHS36-1591( ID_S1501322 Intel AX5  30AWG)HD Mini SAS to 4X SATA7....pdf

After making their communications become from peaceful exchange to complete confusion,
we decided to use our root access to expunge all the users from the server
but deleting their accounts from the server. Then we dumped the server 
and pointed our fingers and laughed.

 
            
                                                                  \   `-._
                                                                  |`-._   `-._
                                                                  /    `-._   `-._
                                                                 /    /    `-._   `-._
                                                                /    /    /    `-._   `-._                         WELCOME TO THE DUMP YARD INTEL!
                                                                `-._/    /    /    `-._   `-._         You will be stored with the other disgraceful corporate american 
                                                                  / `-._/    /    /    `-._   `-.                   company that we have owned. 
                                                                  `-._  `-._/    /    /    `-._ o)                   s/o to the ogz of family!
                                                                      `-._  `-._/    /    /    /||
                                                                        //`-._  `-._/    /    / ||
                                                                       //     `-._  `-._/    /  ||
                                                                       o.       /:`-._  `-._/   ||
                                                                       \:`.    /:/    `-./
                                                                        \::\  /:/       
                                               ______                    \::\':/
                                            .'.-----.'.                .--(O)\'
                                           /.':    (| |               /:.-'\::\
                                          / | :`.  || |              /:/   .o):\
                                    ____.'. [-'-----' |             /:/.-'\.'\::\
                                  .'    |=| |     <=| |          _./:/ _.-'   `.:|
                                  |____.'=| [       | |   ____.-' /:/-'_________(o)
                                  (_.....---'-.__   | |\ |________ _______________|
                                  [_|   .------. '._| |'-'--------'---- .------. _|_
                                  [_|__/ .----. \ ___ |[=:=]_:::::::::_/ .----. \___]                                      ____.-.____            ____.-.____
                                 [___|/ /  ..  \ \___||___.-----------/ /  ..  \ \--'                                     [___________]          [___________]
                                       |  (^v)  |                      |  (^v)  |                                        (d|||||||||||b)      ((((d|||||||||||b)))   
                                        \  ''  /                        \  ''  /                                          `|||INTEL|||`       |||(( ND BANK ))|||
                                         `----'                          `----'                                            |||||||||||        |||||||||||||||||||
                                                                                                                           |||||||||||        |||||||||||||||||||
                                                                                                                           |||||||||||        |||||||||||||||||||    
                                                                                                                           `"""""""""`            `"""""""""`


Here is the data we have decided the make public, the rest is to be sold to the highest bidder… 

#####################################
#http://www.filedropper.com/inteldata#
#####################################

root@REDACTED:~ cat /etc/passwd

root::0:0::0:0:Charlie &:/root:/bin/sh
toor:*:0:0::0:0:Bourne-again Superuser:/root:/bin/sh
daemon:*:1:1::0:0:The devil himself:/:/sbin/nologin
operator:*:2:5::0:0:System &:/usr/guest/operator:/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source:/:/sbin/nologin
games:*:7:13::0:0:& pseudo-user:/usr/games:/sbin/infranstr
postfix:*:12:12::0:0:& pseudo-user:/var/spool/postfix:/sbin/nologin
named:*:14:14::0:0:& pseudo-user:/var/chroot/named:/sbin/nologin
ntpd:*:15:15::0:0:& pseudo-user:/var/chroot/ntpd:/sbin/nologin
sshd:*:16:16::0:0:& pseudo-user:/var/chroot/sshd:/sbin/nologin
_pflogd:*:18:18::0:0:& pseudo-user:/var/chroot/pflogd:/sbin/nologin
_rwhod:*:19:19::0:0:& pseudo-user:/var/rwho:/sbin/nologin
_proxy:*:21:21::0:0:Proxy Services:/nonexistent:/sbin/nologin
_timedc:*:22:22::0:0:& pseudo-user:/nonexistent:/sbin/nologin
_sdpd:*:23:23::0:0:& pseudo-user:/nonexistent:/sbin/nologin
_httpd:*:24:24::0:0:& pseudo-user:/var/www:/sbin/nologin
_mdnsd:*:25:25::0:0:& pseudo-user:/nonexistent:/sbin/nologin
_tests:*:26:26::0:0:& pseudo-user:/nonexistent:/sbin/nologin
_tcpdump:*:27:27::0:0:& pseudo-user:/var/chroot/tcpdump:/sbin/nologin
_tss:*:28:28::0:0:& pseudo-user:/var/tpm:/sbin/nologin
_rtadvd:*:30:30::0:0:& pseudo-user:/var/chroot/rtadvd:/sbin/nologin
_unbound:*:32:32::0:0:& pseudo-user:/var/chroot/unbound:/sbin/nologin
uucp:*:66:1::0:0:UNIX-to-UNIX Copy:/nonexistent:/sbin/nologin
nobody:*:32767:39::0:0:Unprivileged user:/nonexistent:/sbin/nologin

The end profit was that we had access to all Intel servers, and were able to access
mail server, all FTP and NFTP servers, and secure file sharing servers.

root@irspartybus:~ cat /Documents/Intel/securefileshare.sql

96.17.174.105 
104.121.66.114
184.24.149.114
2.19.216.105
204.2.255.21
96.17.96.21
184.85.234.105
104.74.20.105
184.27.47.105
72.198.224.18
184.28.76.105
23.48.145.18

For tons of their servers, they ran plain daemon which was fucking stupid of them.

root@irspartybus:~ cat /Documents/Intel/ftpusers

# list of users disallowed any ftp access.
# read by ftpd(8).
Administrator
administrator
root
uucp
daemon
unknown
www


/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Downloads :
#######################################################################################################################################################
#Documents : https://imgur.com/a/tzPZL                                                                                                                #
#Private Plans for chips, and cables : https://imgur.com/a/TOXM9                                                                                      #
#2013 documents from the server (document was too big for imgur) : https://www.filedropper.com/serialattachedscsi-3sas-3t10bsrincits519rev06          #
#######################################################################################################################################################

FTP servers are often used to upload documents/files to a website host.

Neustar is in charge of the “.us” top-level web domain name hosting, an alternative to “.com,” “.edu” and “.org.” used by several sites that are operated in the U.S. including at time’s government websites.

By hacking into the company Neustar, Fear claims he gained access to the FTP accounts for every website ending with the .us domain name.

“I hacked into the Neustar FTP, and I dumped their files, and in the files there were a list of each and every FTP server on a .us, and it had their passwords, users, ftp ip, hostname, and domain,” said Fear in an online chat.

Fear stated his attack was done through an SQL injection — a poorly coded web database that leaks out information.

Neustar again contradicted the claim made by the hacker saying “they do not have access to such a list of login credentials or a list of FTP sites on .us servers.”

“We can’t state unequivocally that he did not hack something, but only because it’s impossible to prove something didn’t happen. We have been looking for evidence since the story came out, and haven’t found anything. And we’re good at this, because we take security seriously.” – Neustar Senior Vice President Rodney Joffee.

Many of the servers that host .us domain websites also host “.gov” domain sites, leaving Fear with what he claimed was access to a wide variety of government information, including voter registration data for every county in all 50 states, prescription databases and the Department of Education to name a few examples according to the hacker himself.

“It only takes 13 hours and 23 minutes and 12 seconds for somebody to finish gathering data on every US citizen. Many states used poor security practices, he said, using passwords no more than five characters and failing to encrypt sensitive information.” – the hacker “Fear”

The files that Fear stole includes credit card information, bank transactions, prescription information, Social Security data and more. Fear said that he planned on selling the information he had downloaded for “thousands of dollars in cryptocurrency” on the darkweb.

avatar
I am an Activist a writer a blogger and an investigative journalist writing for (www.wearechange.org)

A Radio host of the Blog-talk Radio Series:
#SmokeScreenDisclosure

My Sources are everywhere..
Enemy of the New World Order.

Pin It on Pinterest

Share This

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!