"Defensive" BGP hijacking?

• Previous message (by thread): "Defensive" BGP hijacking?
• Next message (by thread): flag/global cloud exchange 15412 contact
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

And here's the final bit. I'd like to think that is 100% conclusive proof
of what happened.

The IP range hijacked by backconnect.net, 72.20.0.0/24 returns interesting
results on google:

https://staminus.thecthulhu.com/zine.txt

    ## Global allows
    ALLOW_MAIN=""
    ALLOW_MAIN="$ALLOW_MAIN $RFC1918 $LOCAL"
    ALLOW_MAIN="$ALLOW_MAIN 72.20.1.2 72.20.0.0/24 69.197.1.0/24"   # Internal


Backconnect.net hijacked Staminus's internal management range 72.20.0.0/24
and used that to gain further access to Staminus's systems.

On Sat, Sep 17, 2016 at 11:32 PM, Sean Rose <onetrueseanrose at gmail.com>
wrote:

> I know Bryant Townsend (ex staminus employee), Marshal Webb (aka m_nerva,
> lulzsec informant) and others from backconnect.net performed a similar
> BGP hijacking against staminus earlier this year.
>
> https://bgpstream.com/event/21051
>
> Shortly afterwards, on 10th of march a zine is released leaking the
> Staminus user database and contents of several customer servers.
>
> The times aren't the only interesting factor here, even the format of the
> release just screams m_nerva. Zines are very rare these days. So rare in
> fact that the last similar zine before the staminus hack was released in
> 2013 by HTP, a hacker group m_nerva was loosely affiliated with during it's
> early days.
>
> I *strongly* believe Bryant Townsend and Marshal Webb hacked Staminus and
> produced the "Fuck 'em all." zine
>
>
> Sean Rose
>

• Previous message (by thread): "Defensive" BGP hijacking?
• Next message (by thread): flag/global cloud exchange 15412 contact
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]