Angry Animal 5

Rebuttal: Paul C Dwyer, ICTTF and LulzSec

Tue Jun 28 19:27:18 CDT 2011

security curmudgeon

This is a rebuttal piece to "Lulzsec Hits ICTTF?" (June 26, 2011) by Paul C. Dwyer.




Apparently, the now-notorious group "LulzSec" attacked the International Cyber Threat Task Force (ICTTF), despite no mention of the attack on their Twitter feed or their various pastebin.com releases. I certainly hope the attack really did happen, and that Dwyer is attributing the attack to the correct person(s). Otherwise, making up an attack as an excuse to write an insipid blog reply is sleazy.

Firstly, let's get some context on this. The ICTTF International Cyber Threat Task Force is a not for profit organisation formed as a "Cyber Security Community". The general purpose is to promote and assist with the fight against cyber threats. That is cyber criminality, cyber warfare and cyber scum (pedophiles, stalkers, etc)

You clearly define the ICTTF mission as fighting against cyber threats, particularly "cyber criminality". Yet you go on to say that "I am not going to share any of the attack details with [law enforcement]". Why wouldn't you? The FBI has a case open on LulzSec and is always willing to take information and tips to assist their investigation. Why would you state your purpose and immediately defy it? This only makes me think that the attack did not happen, you did not collect information and this is only being used as publicity for your group. If true, you can claim success; I had never heard of your organization before this.

Our site has been hugely successful and positively received around the globe. With up to 30,000 visitors a day and over 1,000 members around the world we are going from strength to strength.

An organization like yours should measure success in the number of bad people you helped get rid of. So, Paul, how many paedophiles, stalkers or cyber criminals have you helped put away? Do you have any proof of whatever number you throw out as a response?

So recently we received a number of emails purporting to be from Lulzsec threatening to take down the site. Yaaaaawwwwwwwwwn!

Purporting to be? In case you had your head in the sand, you should know that many claims made on behalf of LulzSec were debunked. The group said many times "That wasn't us - don't believe fake LulzSec releases unless we put out a tweet first." I don't recall seeing the ICTTF or your name being mentioned on their feed. Based on that, since you only received e-mails, I believe you were not the target of LulzSec at all, rather impersonators.

DDoS and LOIC attacks and such like are about as intellectually impressive as boasting about the size of the breasts on your avatar girlfriend! They proved only that you managed to follow the 2 min video tutorial. The fact that you had to use a video to teach you tells us how great you are. BTW That was .sarcasm. oooops three syllables maybe I.ve lost you now?

I haven't seen this much virtual dick waving since .. days ago, watching all the hackers drop each other's docs and shit-talk each other. You are proving yourself to be their intellectual equals, by your standards.

Now if these recent attacks were Lulzsec or a pseudo copycat Lulzsec it doesn't really matter. Who cares! The MO's are pretty similar and unsophisticated.

Anyone with a shred of integrity cares. Anyone who believes in the concept of "innocent until proven guilty" cares. Your blog title maligns LulzSec, despite you having absolutely no evidence it was really them. You then say it doesn't matter if it isn't really them, because they are all essentially the same. Are you a security professional or a bigoted fraud?

I am not going to share any of the attack details with LE, suffice as to say the hop through the Pfizer server in NY was a mistake. Judging by the amount of "shemale" porn on your desktop you are a little confused in life. My apologies for switching on your webcam last night but it was the only way I could take a picture of you! Put it this way, you are young so don't make more mistakes that may change the direction and path of your life. At ICTTF we do not dial 911

So you traced an attack against your system to a server in NY, then immediately jump to what the attacker had on his/her desktop. Either this is bullshit grandstanding, or you just admitted to felony computer crime on the ICTTF blog. Maybe someone should report you to law enforcement. Last I heard, they do not take kindly to acts of vigilantism. Your ad hominem attacks against their supposed lifestyle choices are not taken kindly by a lot of people either.

If you didn't report this to LE, did you at least give Pfizer a heads-up so they can try to fix their system? If not, remind me what the ICTTF mission is again?

You, sir, are a raging jackass.


main page ATTRITION feedback