The Fappening; hacking from the outside or leaking from the inside?

image

Some are already calling it the biggest celebrity hacking scandal in history, 4chan is blowing up and doesn’t give a fuck and neither the FBI nor Apple knows how this happened. Just like a meme this topic -which 4chan users celebrate as “The Fappening”- went viral. The actual boost this time wasn’t the pictures or videos, gaining and mis-using the public fame of celebrities pushed this news into the headlines. For those who aren’t familiar, 4chan and especially /b/ is known for hacking peoples life and manipulating polls, such as the Google trends list or the TIME 100 list.

What we knows far  is that Deadspin was aware of this a weeks ago, we also know this could have been a brute-force-attack and not a hack. Just a few hours after the first leaks appeared on 4chan threats a script called “iBruce” which should be responsible for the security breach was quickly pulled down from GitHub. The script can be found here.

Meanwhile Apple has issued a statement:

"After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet.

None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone.”

So far the investigation has not pointed to an iCloud breach, assuming that Apple’s investigation isn’t complete yet; Apple doesn’t know what the fuck is going on because currently the company is the only one on the field who could be guilty.The FBI wasn’t able to make any stable statement.

Reddit claimed to have identified 2 individuals, one of them Bryan H. a 27-year-old from Georgia has gave a interview to BuzzFeed telling it was a scheme to make some easy BitCoins, which made him to a victim for 4chan users. This is not the first time, back in 2012, Christopher Chaney, 36, was arrested in Florida and sentenced to 10 years in prison for hacking into the email accounts of more than 50 people in the entertainment industry in order to gain access to nude photos and private information, but Chaney’s targets and the current ones don’t intersect.

According to a recent article on Mashable, Einar Otto Stangvik, a security expert from Norway, had listed some potential attack methods:

  • iTunes phishing scams
  • Compromised phones or computers
  • Celebrity passwords/emails as part of a larger password dump (such as the Adobe hack)
  • Mobile-phone or computer-repair individuals abusing access
  • Password reset questions guess
  • Brute force

On September 1 the MailOnline posted the pseudonym of the alleged hacker/leaker who goes by the name “OriginalGuy”. As multiple theories began to confuse peoples minds, Gawker again claimed that this allegedly enormous cache of nude celebrity photos likely comes from the work of several hackers who have been involved in a deep-web celebrity image-trading network that may have existed for years but the only known and in 2012 arrested hacker so far is Christopher Chaney. While Apple is trying to play it down with the by stating  “targeted celebrity attack”, the creator of the iBruce script even published a slide show crashing Apples statement and claiming to have exposed a security whole in the iCloud system. A compiled article on hackappcom involvement can be found here.

Until now, none of the victims claimed to have been a victim of a phishing attack and if Apple continues to deny any security breach, it leads the questions; Who else beside the users has access to this files?

Behind The Scenes: How TheAnonMessage targeted Bryan Willman during #OpFerguson

This message is intended for #Anonymous collective participants, it’s followers, and supporters.
During #OpFergusion, the Anon known as @TheAnonMessage released an incorrect d0x of the Michael Brown shooter.
The d0x targeted and individual know as Bryan Willman. We are publishing the logs and commenting on them to show that this was the work of an Anon who was acting against the advice of others.
@TheAnonMessage knew his d0x was likely incorrect but he still released the information. He called a quick vote on #vote early in the morning at 8 a.m. when very few people were around and despite objections.
This is unacceptable and will not be tolerated. Bryan’s Willman’s life was put in danger and the whole operation was jeopardised by a hasty decision and serious lack of judgment.
 
If you read the following tweet you will see that we tried to prevent this situation, but failed.

Those tweets show that @TheAnonMessage thought by releasing an innoncent name it would force the police to reveal the real shooter names, and therefor was a good decision.

Also @TheAnonMessage is known to have acted erratically for a long time and is disliked by a lot of other Anons. Here are some samples from Twitter.

 

You can take a look yourself with this twitter search https://twitter.com/search?q=TheAnonMessage

The following chat logs come from Cyberguerrilla’s IRC channel #OpFerguson on Thursday 14.08.2014. They will show how @TheAnonMessage’s irresponsibly used critical information. @TheAnonMessage did not verify if he had  the right shooter and he even took credit for a d0x which was not his own. He started the claim without sound information also expressed no worries about being wrong.
We think  that “Anonymous|11057” is @TheAnonMessage for various reasons. We know how he thinks and chats, and we can smell him from miles. Also “Anonymous|11057” is the only user who made the claim his d0x was correct, and he displayed a similiar writing style. Crucially, both users never expressed any worries in releasing the dox.


In order to make the logs easier to read, we are quoting experts and ew are marking the significant logs, but you can still access the complete logs here.

The chat logs have been verified by:

-Laurie Segall from CNN, appearing as “Anonymous|42003”
-Doemela, Admin of Cyberguerrilla IRC, appearing as “Doemela”
-katanon, channel operator, appearing as “katanon”
-geekmasterflash, channel operator, appearing as “geekmasterflash”
-Gabriella Coleman, appearing as “biella”
-Crypt0nymous, appearing as “Cry”
-Pharaoh -one of the doxers-, appearing as “Pharaoh”
-Canaan -one of the doxers-, appearing as “Canaan”
-Garfield, appearing as Garfield
Questions or any more leaks? You can find me on twitter @Crypt0nymous, email at crypt0nymous@riseup.net
 
(04:45:08 AM) Anonymous|11057: i think that this guy is the real deal. no joke.
(04:45:20 AM) tx: 11057 - you mean bryan willman right?
(04:45:39 AM) Anonymous|11057: yes tx, i’d be comfortable saying bryan willman
(04:45:57 AM) geekmaterflash: Anonymous|11057, walk me through your logic there.
(04:46:05 AM) Anonymous|11057: okay
(04:46:46  AM) Anonymous|11057: so we’ve got a guy with a police background that  was arested for theft from a quik cash in 2008 served at his place of  employment…
(04:47:21 AM) geekmaterflash: Anonymous|11057, Theft is a felony. Felons can’t be police.
 
geekmaterflash, one operator on the irc channel, questioned Anonymous|11057 -the creator of this theory- regarding which evidence he has.
 
 (04:56:39 AM) TheAnonMessage: tired af, see yall in a few hours, night
(05:50:12 AM) Anonymous|11057: WILLMAN , BRYAN P , Respondent
(05:50:13 AM) Anonymous|11057: *CENSORED*
(05:50:13 AM) Anonymous|11057: *CENSORED*
(05:50:22 AM) TheAnonMessage: 11057 oh shit
(05:50:37 AM) Anonymous|11057: fair statement UK, we;ll try our best to give you a real story
(05:50:38 AM) TheAnonMessage: that checks out with scooby willman
(05:51:11 AM) TheAnonMessage: i have his facebook, unless you guys already have that
(05:51:26  AM) Anonymous|11057: recorded press interview with PD asking for a  response to allegation that bryan willman is the murderer?
(05:51:56 AM) TheAnonMessage: im getting a dox together
(05:52:01 AM) TheAnonMessage: slow down yall XD
 
TheAnonMessage who was supposed to be asleep for “a few hours” instead of 54 minutes  responds in 9 seconds to the release of personal information by  “Anonymous|11057”. Important, the writing style of “Anonymous|11057” and  TheAnonMessage’s on Twitter are very very similar.
 
(05:56:15 AM) Anonymous|2252: anon should attend…
(05:56:23 AM) Anonymous|11057: theyre not going to release the name
Anonymous|11057  doesn’t believe in the FPD announcement which was actually true. So he  just needed to wait 24 hours instead of risking the life on an innocent  and not involved citizen.
 
(06:12:53 AM) TheAnonMessage: NAME: WILLMAN, BRYAN P. , Respondent
(06:12:54 AM) TheAnonMessage: ADDRESS: *CENSORED*
(06:12:54 AM) TheAnonMessage: DOB: *CENSORED*
(06:12:54 AM) TheAnonMessage: https://www.facebook.com/pdboi1982
(06:12:54 AM) TheAnonMessage: Family Members:
(06:12:54 AM) TheAnonMessage: Brandon Willman
(06:12:54 AM) TheAnonMessage: Stuart Willman
(06:12:54 AM) TheAnonMessage: Tammy Herndon
(06:12:54 AM) TheAnonMessage: Kathie Warnack
(06:12:54 AM) TheAnonMessage: Debbie Funke
(06:12:55 AM) TheAnonMessage: Girlfriend: https://www.facebook.com/nicole.murphy.3979?fref=ufi Nichole Murphy
(06:12:56 AM) TheAnonMessage: Stuart Lavern Willman
(06:12:56  AM) TheAnonMessage: Convicted Sex Offender:  http://www.homefacts.com/offender-detail/MO95905925/Stuart-Lavern-Willman.html
 
TheAnonMessage released collected information on Bryan William, which he obtained from mainly from tx, Pharaoh and Canaan who were the only ones in researching and doxing at that time.
 
-(06:15:03 AM) Intangir: Willman isn’t on the list
-(06:16:28 AM) Canaan: Willman’s not on there
 
 
2 of the main involved doxers/researchers confirmed that Willman is not on the Ferguson Police Department list of personel. At the 6:25 AM TheAnonMessage took credit for the 2nd dox on Belmar, which was originally made by the doxers on the channel.
 
-(06:33:28 AM) TheAnonMessage: i hope to god twitter doesnt suspend me lmfao
-(06:34:52 AM) TheAnonMessage: #RIPBryanWillman
-(06:52:27 AM) Anonymous|2252: Please be sure… like i said it’s not just about a  mans life, Anon can easily be turned on by the public if something  truly unjust comes of this. It’s as much about Anon’s reputation as  Scoobys life/livelihood
-(06:53:17 AM)  Anonymous|11057: solid facts are hard to come by in this case. We’re  working on the best data available to us, and that does include  behavioral data.
-(06:54:59 AM)  Anonymous|2252: that’s fine, if that’s the case just make that clear, i  don’t know how you intend to make this public, with a video or just text  content, but if there are any aspects anon is unsure about declare it,  the public can provide more info if they know the info you need.
-(06:56:44 AM) Anonymous|11057: ergo, we’re doing everything in our power to be  certain. If we are wrong, it will out before we post this, yes guys? due  diligence and all
-(06:56:45 AM) Anonymous|2252: anonmessage, i think a cohesive submission should be made
 
Conversation  between “Anonymous|11057” and “Anonymous|2252” (UK-Journalist) about  talking about the degree of fastness of the situation. Here we are  moving towards the first annoucement via TheAnonMessage twitter account,  voting for the release took place in this IRC channel, 7-8 people of ~  80 users participated.
 
-(07:01:02 AM) Anonymous|3549: @gs we still don’t have a confirmation that bry is even on PD
-(07:01:30 AM) Intangir: tensions are high enough right now where there is a slim chance someone might care enough to kill him
 
And  again two users are asking and worried about the releasing of  information, even that no proof has been found that Bryan works for the  Ferguson Police Department.
 
(07:29:49 AM) Cry [51596058@CgAn-sjf.0lt.dmkgld.IP] entered the room.
(07:29:50 AM) Anonymous|11057: the only real way to get a confirmation would be  an eyewitness report from the scene of the crime. otherwise it’s hearsay  and shillery
(07:30:23 AM) Anonymous|11057: the fastest way to eliminate a suspect is to call him a suspect…
(07:30:36 AM) Anonymous|11057: mabe not the best tx, but the fastest
(07:30:43 AM) Cry: So who thinks it is White?
(07:30:50 AM) Anonymous|11057: White?
(07:30:56 AM) Cry: Micheal White?
(07:31:12 AM) Anonymous|11057: did i miss something…
(07:31:25 AM) Cry: looks like rumors going around, names going around.
(07:31:50 AM) Cry: Yeah, I think kind of too. I searched a bit, I found 2 names. No sure who it really is.
(07:32:26  AM) Anonymous|11057: ah, the ‘first’ identified shooter, right, that  wasn’t researched at all… this at least has human beings discussing it  with the real fact that this mans life may hang in the balance…
(07:32:45 AM) Anonymous|11057: we are all terrified of being unjust, but the pegs keep fitting in the holes…
(07:33:02  AM) Cry: I would not suggest the core group of opferguson the release  any name, once we hit the wrong person. oh boy shit is gonna gegt hot  there
(07:33:06 AM) Cry: would turn into lynch
(07:33:15 AM) Anonymous|11057: that’s why it’s another 30 mins before its released.
(07:33:27 AM) Anonymous|11057: i want to see *any* sign pointing away from him.
(07:33:36 AM) Anonymous|11057: this includes the St ann website link connex
(07:33:37 AM) TheAnonMessage: T-25
(07:33:43 AM) Cry: who gonna release what?
(07:33:57 AM) TheAnonMessage: voting will happen 5 minutes before
(07:34:03 AM) Anonymous|11057: i don’t either, he’s very likely under house arrest or under confinement at this point
(07:34:08 AM) Anonymous|3549: ^agree
(07:34:10 AM) Cry: lol, thats not poker guys. voting lol
(07:34:15 AM) TheAnonMessage: unanimous
(07:34:31 AM) Cry: you know the whole op is down if you even have the wrong first or last name
(07:34:49 AM) Cry: more than down, other anons would d0x yoi.
(07:34:52 AM) Cry: lol
(07:35:02 AM) Cry: i hope the core doesnt hop in that shit
(07:35:13 AM) Anonymous|Free: We cant keek going back and forth
(07:35:30  AM) Cry: i talked with several other guys yesterday involved in doxing  the whole pd, they have 2 different names and pics of the offc
(07:35:47 AM) Cry: once you go back here, you fucked. you can never go forth
(07:36:06  AM) Anonymous|11057: I’m not worried about getting doxed. I can handle  the heat, i’d just rather not if i don’t have to. If this turns out  wrong TheAnonMessage will get a tweet from me taking full responsibility  for the leak.
 
Like  I said, I (“Cry”) joined the IRC and talked about the things you can see above.  Important to realize now that “Anonymous|11057” takes credit if they  failed, what they did. Why so risky? Everyone Anon knows that  TheAnonMessage is someone who seeks attention from the mainstream  media. For example after the first tweet in that night he also tweeted  an email for journalists, probably to get credit. His account grew from  15.000 followers up to ~ 90.000 followers during this operation. He didn’t expected that Twitter could suspend his account, because no account was suspended so far for any dox.
 
(08:09:06 AM) Anonymous|3549: @OpFerguson should RT
(08:09:11 AM) TheAnonMessage: *deep breath*
(08:09:37  AM) TheAnonMessage: @OpFerguson said he believes that wasnt the name of  the officer and he has several possibilities that werent them
 
TheAnonMessage stated that the core group leading the Op, denied to release any name due unstable evidence.
 
(08:25:28  AM) Anonymous|11057: simply put, we realesed the name, we have his  picture, we have documents, we want the PD to respond to our  allegations, and either confirm our findings so this can be laid to  rest, or some out with the name of the real killer. one way or the  other.
(08:25:30 AM) Anonymous|42003: I go on in the 9a hour
 
"Anonymous|42003" has been verified as Laurie Segall  from CNN, who went on air the same day, joined the chat at 08:17:50 AM. TheAnonMessage loses the  connection with the IRC at 08:20:26 AM. "Anonymous|11057" releases a  statement at 08:23:38 AM. Possible that TheAnonMessage is "Anonymous|11057", because actually the same statement went on air on CNN.
 

Here are some more facts regarding TheAnonMessage and how he publishes crazy stories about himself simply to get attention.
Facts:

- main channel got hacked and taken over by unkown, created new channel
- 18 of 22 videos have been copied from others, 4 low quality videos
-  Twitter accounts TheAnonMessage/InsideAnon are handled by this one person
Attentionwhore:
- IRC chat log regarding his FBI kidnapping: http://pastebin.com/dDgEZpdb
- Video regarding the kidnapping has been taken down, but copied by others: http://www.youtube.com/watch?v=ZJStYmEA—0
 

TheAnonMessage, you wanted attention? I think you have more than you ever wanted. We are all  watching you.
Before you comment on this, be a man and tell Kathie Warnack, the stepmother of Bryan William, that you did this shit.
Yes, we said that we gonna risk a lot, -our- lives, -our- freedoms and -our-  families, but not the life of an innocent and not involved citizen.

All chat logs: https://www.cyberguerrilla.org/blog/?p=20030