Updated: After this post was published, other information became available suggesting that law enforcement may not have taken down KickAss and that the seizure notice placed on that url may have either been placed by KickAss or by some third party or parties. See updates at the bottom of this post. This is obviously a developing story. 🙂
After a few days in which thedarkoverlord did not appear in public, the criminal hackers reappeared today to release more files from 9/11.
In a post on Steem, that is available on the busy.org frontend, they wrote, in part:
Hello, world. As you’re well-aware, we designed a compensation plan that would allow for the public crowd-funding of our organisation in order to permit the public disclosure of our “9/11 Papers” in the interest of the public. Part of this plan was to create a tiered escalation plan that would result in multiple layers and milestones (which we’re calling checkpoints) to ensure the powers at be are being properly bent over a barrel. We’ve said it before, and we’ll say it again: we’re financially motivated, and you (the public) has spoken to us in our language (internet money, specifically Bitcoin). Remember, continuing to fund our wallet will continue to keep us motivated to help break the truth to the world by open-sourcing what we’re calling the “9/11 Papers”. To create a bit more buzz, we’ve decided to continue forward and release the decryption key for Layer 2.
A quick skim of some Layer 2 files indicates that they contain a lot more of the litigation and subrogation files, but they are also starting to get into some other interesting reports relating to the FBI and CIA investigations.
Those who have followed actor James Wood’s activism and tweets on Twitter will likely be interested in a file that concerns him. In January, 2002, a memo was created by Todd A. Scharnhorst of Blackwell Sanders Peper Martin that said:
As a clarification to a prior memo, James Woods, a Hollywood actor, was riding in First Class with four men of Middle-Eastern dissent. He was on an American Airlines flight from Boston to Los Angeles. He thought the men were acting very suspiciously. None of them had anything to eat or drink, they did not read, sleep, nor did they appear to make themselves comfortable. They sat in their seats and stared straight ahead, occasionally “whispering something to one another with inaudible tones.” Woods thought the behavior was odd. He reported it to the flight attendants. He then reported it to the ground crew. Should this have put American Airlines on notice (should they have at least done some type of investigation into the four Middle-Eastern passengers)? As it turns out, it appears the four passengers were four of the hijackers who took over that same flight and crashed it into the World Trade Center. It appears James Woods witnessed a “dry run” of their terrorist takeover.
I need to find time to do more reading in this layer.
In the meantime, and in other news concerning thedarkoverlord, not only did they become the first entity ever banned from Steem (or so they tell me, but I’ve seen others who claimed to have been banned, too), but in a joint law enforcement operation, the Kickass Forum where they were posting their offerings and other information was appeared to have been seized today (see UPDATES).
The notice says:
THIS HIDDEN SITE HAS BEEN SEIZED
as part of a joint law enforcement operation by
the Federal Bureau of Investigation, ICE Homeland Security Investigations,
and European law enforcement agencies acting through Europol and Eurojust
in accordance with the law of European Union member states
and a protective order obtained by the United States Attorney’s Office for the Southern District of New York
in coordination with the U.S. Department of Justice’s Computer Crime & intellectual Property Section
issued pursuant to 18 U.S.C. 983(j) by the
United States District Court for the Southern District of New York
So what hack or criminal activity did they allegedly conduct within the Southern District of New York? Was this a biomedical research firm? Was it Aesthetic Dentistry? Was it some victim that we may not even know about or that I’ve simply forgotten?
As Bits&Digits commented on Twitter, in noting the seizure of the forum:
And like that….
#KickAss the forum that#tdo_h4ck3rs allegedly ran, is down and out. Now, this criminal organization has to make a choice to cut and run or play the gamble. Never a good sign to have your site seized, so much evidence.
So will they cut and run or will they play the gamble? Mainstream media has not been reporting on them for the most part, Twitter banned them, Steem banned them, and now the forum that was part of their communication strategy was seized. And the fact that it was seized by order of the Southern District of New York probably means that there is a sealed complaint, too. But all that said, I don’t think we’ve seen the last of them.
Update 1: AnonFiles, a file-sharing service that thedarkoverlord has used to share files from 9/11 and other hacks, is now down. Nathan Dimoff broke the news about AnonFiles on Twitter, and I just took a screenshot to confirm it:
Holy crap, Batman….. there is some serious efforts afoot to stop thedarkoverlord. Stay tuned…
Update 2: This is intriguing. AnonFiles is back up and Vinny Troia is claiming that the KickAss seizure notice is a fake and that KickAss just went private on another url. Other sources tell me that the seizure notice does NOT appear to be by law enforcement, but that it may not have been posted by KickAss or TDO, either.
When asked about the current situation and risk to users of visiting either site, J. Tate from bits&digits told me,
“I wouldnt trust anything that the intergrity seems to be compromised in. Whether or not there is evidence to support the claims at this moment. All OPSEC engineers know, that in these situations with a multitude of symptoms —safer is to step back.”
So I won’t be going to AnonFiles any time soon… or that KickAss onion url, I guess.
Yay!
The next time TAO (or anyone else) tries a takedown, they get stopped by a solid steel wall with spikes. Their kung-fu sucked royally. Based on how it all went down, they couldn’t hit the broad side of a barn! So much for a sophisticated approach. If I didn’t know any better, I would think that TAO has lost talent recently. They missed the backups, they were unable to totally “own” the site, they totally failed to break out of several chroot jails and containers. Overall, they were sloppy. Attribution and RCA were both a breeze.
Next time NSA decides to operate outside of its jurisdiction, PRISM goes TU.
Well, if prism was activated I’m thinking there would be a lot more immediate and tactful action than what has been demonstrated. These take down timelines are not in line with a swift TTP suppression set of a Nation State imo.
The VPSes used for hacking both sites were back-hacked and owned as retaliation. That is how it was confirmed who was responsible. Either that, or someone went to a LOT of trouble setting them up to make it look like TAO/NSA