Backstopping Backtrace: Maltego Mapping of Anonymous

Tuesday, March 29, 2011

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

I have been following the Backtrace Security vs. Anonymous battle since BT decided to “dox” the Anon’s who were running the HBGary Federal event.

After the Feds had BT pull the dox (I got copies though, I mean, it is the Internet... Nothing goes away) I decided it was time to see just what was in them.

I then read the entire transcript file and teased out some pertinent data. Once that was done, I booted up Maltego and began looking around.

Laurelai Storm

(Laurelai Storm)

Now, the Anon’s claim that the data was bogus to start, but, I am seeing some hits here from the very thing I have written about here before. The re-use of nicks on other venues WILL lead to compromise of anonymity IF they actually tag real attributive data to their use.

The transcript of the IRC #HQ channel though, does show that the Anon’s were seeking to create disinformation campaigns of their own as well as salt the Internet with false profiles after the HBG attack.

It is important to note though, that this seems to only have been the case this last February, meaning that they were not all creating those false personae online as red herrings before this.

This is a key factor as much of the data Maltego was locating pre-dates the Anonymous OP’s that are germane. As this is the case, then the data I am finding, I believe, is actually solid and could lead to personae compromise of these Anon’s.

image

(Nessuno834 aka Kieron Parr)

As you can see from the maps, once key data points are added together and mapped, you can see the intersections where the users identities touch and can lead to even more data.

Having had not only the nick but also a real name adds to this greatly and as you can see, you can make inferences as to patterns of behaviour, posting, and actual validity of the claim by BT.

It is only a matter of time and sorting through the hits to weed out the false ones that you can get a pretty good picture of who the person is, their previous postings using the same nick, and whether or not they seem to be a likely candidate.

In the cases of the three nicks searched here, I was able to pretty safely say that they all are technical individuals with connections to 4chan/Anonymous and as such, the authorities are likely paying attention to them already through their own investigations.

image

So, I guess in the final assessment, one could say that these people had created these personae as backstops and that these are just another red herring.

On the other hand, I believe that this is pretty much not the case. The data points go back to 2008 or earlier and as such, human nature has bitten them in the end with regard to habits and lack of OPSEC.

I guess time will tell as to who may or may not get pinched… Whoever Hubris is, they chose their name well.

K.

Cross-posted from Krypt3ia

Possibly Related Articles:
25089
Anonymous Hacktivist hackers HBGary Federal BackTrace Maltego
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.