A hacker known as Fear claims to have breached hundreds of government servers after hacking into the FTP of Neustar, a company in charge of the .us domain name used to upload and download files from the internet according to Databreaches.net.
“Fear” claims to be a teenager, and said that he took advantage of lax security at Neustar to gain access to a large number of FTP (File Transport Protocol) servers. Neustar has denied the claim, saying the purported breach does not match files the hacker claims to have taken reports The Hill.
The alleged hacker contacted this writer under the condition of anonymity and said that there was way more to come from him and others in the months to come. When asked to expand upon their claims, the hacker did not respond before publishing of this story. He did however say a large data dump was coming and linked me to a twitter account named IRSPartyBus posting data, from Intel claiming the Silicon Valley computer chip company Intel had been hacked as well. He did not note whether these were separate hacks or if this hack was accomplished by breaching Neustar’s domain FTP servers. He added, on that the attacks “were basically to protest censorship in general.” When asked if the attacks were done for the hell of it or if there was a political meaning behind them and if they were to protest S3034 the bill that stops the hand over of ICANN to the UN.
The Pastebin said, in a statement.
“HELLO INTEL WE ARE THE IRS PARTY BUS AND YOU HAVE BECOME LUGGAGE ALONG WITH ALL THE OTHER
DATABASES WE HAVE DESTROYED, YOU HAVE BEEN STORED IN THE COMPARTMENT AREA. get your ass on this motherfuckin bus boi .---------------------------. / /,--..---..---..---..---..--. `. ——/ //___||___||___||___||___||___\_| [j__ ######################## [_| \============================| .==| |"""||"""||"""||"""| |"""|| /======"---""---""---""---"=| =|| |____ []* ____ | ==|| // \\ its party bus // \\ |===|| "\__/"---------------"\__/"-+---+' //// SHOUTOUT TO MY NIGGAS IN THE IRS PARTY BUS @IRSPARTYBUS //// SHOUTOUT ALL MY NIGGAS IN @THEFAMILYSYSTEM Intel is world's largest chip making factory. But, they still run plain daemon on most of their servers -_-. By finding one of their main boxes, they got rooted, and just to have fun with them, we decided to upload a backdoor on their server that logs all their .bash_history, and all nano’d files on the server. The biggest fail was their passwords, let me just toss out a couple hilarious, never forgetting passwords, “intel113”, “applepies0”, and my absolute favorite, “intel”. A prank we played on them was fucking with their documents, that they were uploading to their “secure file sharing servers” was accessing the logs they were sending to their employees, etc… This is the end of the log that was edited, which was quite fucking hilarious because it was sent around so much, and the emails kept getting more and more funnier when they replied regarding it. The log sent ///// Deleting Key = HKLM\SOFTWARE\Intel\GFX\Intern\AudioFix [Folder - 121000] Recursivly deleting folder C:\Program Files (x86)\Intel\Intel(R) Graphics Media Accelerator Driver [Custom action - 60001] Looking Tango Creek installer * Tango Creek installer not found IIF will NOT initiate reboot Exit code = 0x0 ResultCode = 0 * greetz from irspartybus and Fear! <<< 7/07/2016 03:01:43:490 Another game we played was swapping a small portion of important document names to fuck with them, so they keep sending incorrect documents, which caused them confusion, especially in the mail list with all the chinese vendors, and dell clients. The original document names /// SSD Form Factor Version1_0.pdf SFF-9401 Rev 0.3.pdf Serial Attached SCSI - 3 (SAS-3), T10,BSR INCITS 519 Rev 06.pdf RST07-1813-1 REV AX1.pdf RMS36-2092 REV AX2.pdf RMS36-2091 REV AX2.pdf RMBCTN00XX REV A.pdf RHS36-1591 REV AX3.pdf IntelUSB3.log IntelGFXCoin.log IntelCPHS.log H73691-001 (RHS36-1810 REV AX7).pdf FAI-21489 RHS36-1591( ID_S1501322 Intel AX5 30AWG)HD Mini SAS to 4X SATA7....pdf FAI-21140 RST07-1813-3(S14121069 Intel AX1)SATA cable ass'y 150105-12G.pdf DMS_AXXCBLLNVKIT3 Rev02.doc DMS_AXXCBLLNVKIT Rev02.doc The swaperionos! (@intel, we really hope this cleared up the confusion) SFF-9401 Rev 0.3.pdf >> SSD Form Factor Version1_0.pdf SSD Form Factor Version1_0.pdf << SFF-9401 Rev 0.3.pdf Serial Attached SCSI - 3 (SAS-3), T10,BSR INCITS 519 Rev 06.pdf >> RST07-1813-1 REV AX1.pdf RST07-1813-1 REV AX1.pdf >> Serial Attached SCSI - 3 (SAS-3), T10,BSR INCITS 519 Rev 06.pdf RMS36-2091 REV AX2.pdf >> RMS36-2092 REV AX2.pdf RMS36-2092 REV AX2.pdf << RMS36-2091 REV AX2.pdf FAI-21489 RHS36-1591( ID_S1501322 Intel AX5 30AWG)HD Mini SAS to 4X SATA7....pdf << FAI-21140 RST07-1813-3(S14121069 Intel AX1)SATA cable ass'y 150105-12G.pdf FAI-21140 RST07-1813-3(S14121069 Intel AX1)SATA cable ass'y 150105-12G.pdf >> FAI-21489 RHS36-1591( ID_S1501322 Intel AX5 30AWG)HD Mini SAS to 4X SATA7....pdf After making their communications become from peaceful exchange to complete confusion, we decided to use our root access to expunge all the users from the server but deleting their accounts from the server. Then we dumped the server and pointed our fingers and laughed. \ `-._ |`-._ `-._ / `-._ `-._ / / `-._ `-._ / / / `-._ `-._ WELCOME TO THE DUMP YARD INTEL! `-._/ / / `-._ `-._ You will be stored with the other disgraceful corporate american / `-._/ / / `-._ `-. company that we have owned. `-._ `-._/ / / `-._ o) s/o to the ogz of family! `-._ `-._/ / / /|| //`-._ `-._/ / / || // `-._ `-._/ / || o. /:`-._ `-._/ || \:`. /:/ `-./ \::\ /:/ ______ \::\':/ .'.-----.'. .--(O)\' /.': (| | /:.-'\::\ / | :`. || | /:/ .o):\ ____.'. [-'-----' | /:/.-'\.'\::\ .' |=| | <=| | _./:/ _.-' `.:| |____.'=| [ | | ____.-' /:/-'_________(o) (_.....---'-.__ | |\ |________ _______________| [_| .------. '._| |'-'--------'---- .------. _|_ [_|__/ .----. \ ___ |[=:=]_:::::::::_/ .----. \___] ____.-.____ ____.-.____ [___|/ / .. \ \___||___.-----------/ / .. \ \--' [___________] [___________] | (^v) | | (^v) | (d|||||||||||b) ((((d|||||||||||b))) \ '' / \ '' / `|||INTEL|||` |||(( ND BANK ))||| `----' `----' ||||||||||| ||||||||||||||||||| ||||||||||| ||||||||||||||||||| ||||||||||| ||||||||||||||||||| `"""""""""` `"""""""""` Here is the data we have decided the make public, the rest is to be sold to the highest bidder… ##################################### #http://www.filedropper.com/inteldata# ##################################### root@REDACTED:~ cat /etc/passwd root::0:0::0:0:Charlie &:/root:/bin/sh toor:*:0:0::0:0:Bourne-again Superuser:/root:/bin/sh daemon:*:1:1::0:0:The devil himself:/:/sbin/nologin operator:*:2:5::0:0:System &:/usr/guest/operator:/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/sbin/nologin games:*:7:13::0:0:& pseudo-user:/usr/games:/sbin/infranstr postfix:*:12:12::0:0:& pseudo-user:/var/spool/postfix:/sbin/nologin named:*:14:14::0:0:& pseudo-user:/var/chroot/named:/sbin/nologin ntpd:*:15:15::0:0:& pseudo-user:/var/chroot/ntpd:/sbin/nologin sshd:*:16:16::0:0:& pseudo-user:/var/chroot/sshd:/sbin/nologin _pflogd:*:18:18::0:0:& pseudo-user:/var/chroot/pflogd:/sbin/nologin _rwhod:*:19:19::0:0:& pseudo-user:/var/rwho:/sbin/nologin _proxy:*:21:21::0:0:Proxy Services:/nonexistent:/sbin/nologin _timedc:*:22:22::0:0:& pseudo-user:/nonexistent:/sbin/nologin _sdpd:*:23:23::0:0:& pseudo-user:/nonexistent:/sbin/nologin _httpd:*:24:24::0:0:& pseudo-user:/var/www:/sbin/nologin _mdnsd:*:25:25::0:0:& pseudo-user:/nonexistent:/sbin/nologin _tests:*:26:26::0:0:& pseudo-user:/nonexistent:/sbin/nologin _tcpdump:*:27:27::0:0:& pseudo-user:/var/chroot/tcpdump:/sbin/nologin _tss:*:28:28::0:0:& pseudo-user:/var/tpm:/sbin/nologin _rtadvd:*:30:30::0:0:& pseudo-user:/var/chroot/rtadvd:/sbin/nologin _unbound:*:32:32::0:0:& pseudo-user:/var/chroot/unbound:/sbin/nologin uucp:*:66:1::0:0:UNIX-to-UNIX Copy:/nonexistent:/sbin/nologin nobody:*:32767:39::0:0:Unprivileged user:/nonexistent:/sbin/nologin The end profit was that we had access to all Intel servers, and were able to access mail server, all FTP and NFTP servers, and secure file sharing servers. root@irspartybus:~ cat /Documents/Intel/securefileshare.sql 96.17.174.105 104.121.66.114 184.24.149.114 2.19.216.105 204.2.255.21 96.17.96.21 184.85.234.105 104.74.20.105 184.27.47.105 72.198.224.18 184.28.76.105 23.48.145.18 For tons of their servers, they ran plain daemon which was fucking stupid of them. root@irspartybus:~ cat /Documents/Intel/ftpusers # list of users disallowed any ftp access. # read by ftpd(8). Administrator administrator root uucp daemon unknown www ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// Downloads : ####################################################################################################################################################### #Documents : https://imgur.com/a/tzPZL # #Private Plans for chips, and cables : https://imgur.com/a/TOXM9 # #2013 documents from the server (document was too big for imgur) : https://www.filedropper.com/serialattachedscsi-3sas-3t10bsrincits519rev06 # #######################################################################################################################################################
@Intel #BREACHED! #irsPartyBushttps://t.co/iGkvRItmIm
— IRS PARTY BUS (@irsPartyBus) September 20, 2016
FTP servers are often used to upload documents/files to a website host.
Neustar is in charge of the “.us” top-level web domain name hosting, an alternative to “.com,” “.edu” and “.org.” used by several sites that are operated in the U.S. including at time’s government websites.
By hacking into the company Neustar, Fear claims he gained access to the FTP accounts for every website ending with the .us domain name.
“I hacked into the Neustar FTP, and I dumped their files, and in the files there were a list of each and every FTP server on a .us, and it had their passwords, users, ftp ip, hostname, and domain,” said Fear in an online chat.
Fear stated his attack was done through an SQL injection — a poorly coded web database that leaks out information.
Neustar again contradicted the claim made by the hacker saying “they do not have access to such a list of login credentials or a list of FTP sites on .us servers.”
“We can’t state unequivocally that he did not hack something, but only because it’s impossible to prove something didn’t happen. We have been looking for evidence since the story came out, and haven’t found anything. And we’re good at this, because we take security seriously.” – Neustar Senior Vice President Rodney Joffee.
Many of the servers that host .us domain websites also host “.gov” domain sites, leaving Fear with what he claimed was access to a wide variety of government information, including voter registration data for every county in all 50 states, prescription databases and the Department of Education to name a few examples according to the hacker himself.
“It only takes 13 hours and 23 minutes and 12 seconds for somebody to finish gathering data on every US citizen. Many states used poor security practices, he said, using passwords no more than five characters and failing to encrypt sensitive information.” – the hacker “Fear”
The files that Fear stole includes credit card information, bank transactions, prescription information, Social Security data and more. Fear said that he planned on selling the information he had downloaded for “thousands of dollars in cryptocurrency” on the darkweb.
OH YEAH, since we are not corporate or government owned help us out here.
YOU CAN ALSO SUPPORT US ON
We gratefully accept Crypto Coins
Dash – XiZebHViTKxjngJ8U8Gekbz34XDcMjKe29
Bitcoin – 1F6oeUnhXfr5UMC95apbJg7CLjm3BUrT8V
ETH – 0x9124589c4eAD555F04a7214214c86EA80E129abB
FOLLOW WEARECHANGE ON SOCIAL MEDIA
WEARECHANGE MERCHANDISE
https://wearechange.org/store
https://teespring.com/stores/wearechange/