Anonymous Builds New Haven For Stolen Data

  /     /     /  
Publicated : 22/11/2024   Category : security


Anonymous Builds New Haven For Stolen Data


Saying Pastebin has censored its posts, Anonymous creates AnonPaste, a new site where hacktivists can dump stolen data.



Anonymous: 10 Facts About The Hacktivist Group (click image for larger view and for slideshow)
Anonymous, together with a group known as the Peoples Liberation Front, Tuesday announced the immediate availability a new website for hacktivists to dump their stolen (doxed) data.
Dubbed AnonPaste, the website has been created as an alternative to Pastebin and other websites that allow people to anonymously upload large amounts of text, the two groups said in a
joint press release
. Shared content can be set to expire after 10 minutes, an hour, a day, a month, a year, or never. In addition, the site promises to remain advertising-free and unmoderated, maintain no connection logs, and store only encrypted data.
The AnonPaste site says, [The] server has
zero knowledge
of data being stored. Your data is safe even in case of server breach or seizure. But it cautions that in the event that a hacker manages to successfully install crooked JavaScript libraries, future pastes could be captured.
AnonPaste, which accepts donations via WePay and
BitCoins
, was built using the open source ZeroBin software, which doesnt record the IP addresses of uploaders. In addition, the software encrypts and decrypts all text in the browser--before uploading it--using 256-bit AES encryption. The software also automatically convert URLs into clickable links.
[ Anonymous members dont always cover their own tracks. See
Anonymous Hackers Not Smart On Anonymity, Feds Say
. ]
But should would-be submitters of anonymous information trust the software on which AnonPaste is based?
ZeroBin
was created by, and is hosted on the personal website of, Sebastien Sauvage, a French developer with experience in developing online payment and authentication systems for French banks, which suggests he brings relevant knowledge to bear. Likewise, the softwares tagline--Because ignorance is bliss--suggests that the software has been purpose-built to keep anonymous submissions anonymous.
But the ZeroBin software itself comes with numerous cautions: its a test service and data may be deleted at the administrators discretion. The ZeroBin site also warns, Kittens will die if you abuse this service. That suggests that the server software hasnt been stress-tested against--or possibly, built to resist--the types of
distributed denial-of-service attacks
to which sites like Pastebin have been subjected.
Why the need for a new Pastebin? In part because Pastebin hasnt warmly embraced hacktivists who use it as a dox dumping ground. In fact, the site was created by Paul Dixon back in 2002 as a place for programmers to
share snippets of source code
. After
20,000 Hotmail account credentials were leaked
via a Pastebin post in 2009, Dixon temporarily took the site offline while he added modifications to help prevent such data dumps.
Regardless, after the site was sold to Dutch entrepreneur and programmer Jeroen Vader in 2010, Pastebin became the go-to site for
LulzSec to release dox or brag about attacks
. By the middle of 2011, the site was recording its highest levels of traffic ever.
At the time, Vader told Social Media that the site had
put a system in place to deal with takedown requests
over sensitive data that ends up on the site, and said the site always complies with requests from authorities.
But earlier this month, Vader apparently triggered hacktivists ire with comments he made to the BBC when discussing the
1,200 daily abuse reports
the site receives, requesting that specific posts be erased. I am looking to hire some extra people soon to monitor more of the websites content, not just the items that are reported, Vader told the BBC. He also noted that the site, which records the IP address of every uploader, tends to comply with requests from authorities for that IP information, provided they have a proper court order.
Vaders revelations led to a
backlash from the Anonymous set
, which took to Twitter to accuse him of practicing censorship. Many also began
promoting alternatives to Pastebin
for would-be document dumpers.
Interestingly, AnonPaste wasnt the only Anonymous version of a popular service to debut this month. Another service being talked up by Anonymous fans has been
TalkOpen
, which offers itself as an alternative to Twitter that will never share users information with outsiders. The site runs on
StatusNet
, which is free, open source microblogging software that offers a Twitter-like, stream-oriented interface.
But the service offers some non-Twitter-like promises. This service will NOT comply with court orders to turn over your private information, states the TalkOpen FAQ. We aim to run a secure yet private service, and doing this would defeat the purpose of TalkOpen. In cases regarding child pornography or murder however, we will comply.
Of course, talk is cheap when it comes to
promising to keep customers anonymous
at all costs, since in the event of a court order, the sites administrators might be forced to share information with authorities or risk imprisonment, not to mention seeing their site forced offline. A
whois lookup
of the TalkOpen domain name reveals that the server running the site is hosted in France, by French ISP Ovh Systems. Notably, its terms of service state that it can discontinue service for any customer that doesnt comply with its code of conduct, which requires customers to abide by all applicable French laws and regulations, as well as the intellectual property rights of others.
Put an end to insider theft and accidental data disclosure with network and host controls--and dont forget to keep employees on their toes. Also in the new, all-digital
Stop Data Leaks
issue of Dark Reading: Why security must be everyones concern, and lessons learned from the Global Payments breach. (Free registration required.)

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security

▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security

▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Anonymous Builds New Haven For Stolen Data