nanog mailing list archives
Re: "Defensive" BGP hijacking?
From: Sean Rose <onetrueseanrose () gmail com>
Date: Sun, 18 Sep 2016 00:16:26 +0200
And here's the final bit. I'd like to think that is 100% conclusive proof of what happened. The IP range hijacked by backconnect.net, 72.20.0.0/24 returns interesting results on google: https://staminus.thecthulhu.com/zine.txt ## Global allows ALLOW_MAIN="" ALLOW_MAIN="$ALLOW_MAIN $RFC1918 $LOCAL" ALLOW_MAIN="$ALLOW_MAIN 72.20.1.2 72.20.0.0/24 69.197.1.0/24" # Internal Backconnect.net hijacked Staminus's internal management range 72.20.0.0/24 and used that to gain further access to Staminus's systems. On Sat, Sep 17, 2016 at 11:32 PM, Sean Rose <onetrueseanrose () gmail com> wrote:
I know Bryant Townsend (ex staminus employee), Marshal Webb (aka m_nerva, lulzsec informant) and others from backconnect.net performed a similar BGP hijacking against staminus earlier this year. https://bgpstream.com/event/21051 Shortly afterwards, on 10th of march a zine is released leaking the Staminus user database and contents of several customer servers. The times aren't the only interesting factor here, even the format of the release just screams m_nerva. Zines are very rare these days. So rare in fact that the last similar zine before the staminus hack was released in 2013 by HTP, a hacker group m_nerva was loosely affiliated with during it's early days. I *strongly* believe Bryant Townsend and Marshal Webb hacked Staminus and produced the "Fuck 'em all." zine Sean Rose
Current thread:
- Re: "Defensive" BGP hijacking?, (continued)
- Re: "Defensive" BGP hijacking? Christopher Morrow (Sep 14)
- Re: "Defensive" BGP hijacking? John Curran (Sep 19)
- Re: "Defensive" BGP hijacking? Christopher Morrow (Sep 19)
- Re: "Defensive" BGP hijacking? John Curran (Sep 20)
- Re: "Defensive" BGP hijacking? Christopher Morrow (Sep 20)
- Re: "Defensive" BGP hijacking? John Curran (Sep 20)
- Re: "Defensive" BGP hijacking? Rich Kulawiec (Sep 14)
- Re: "Defensive" BGP hijacking? Sean Rose (Sep 18)