Popular Image hosting service service ImageShack was hacked Friday evening (July 10) by a group calling itself Anti-Sec.
The Imageshack hack saw all images hosted on the service replaced by an image that detailed Anti-Sec’s manifesto. The group also distributed a copy of their manifesto to Imageshack’s users via the same email facility used to update Imageshack users with site updates and news.
Anti-Sec is calling on the security industry to stop the practice of full disclosure, the practice of publicly making available exploits and security vulnerabilities. According to the group, full disclosure is a scam that helps security companies sell software such as firewalls and anti-virus tools as the published exploits can and are used by script kiddies; that is the companies are purposely empowering those doing the wrong thing so as to create more fear and exploits as part of driving business for services that offer protection against these things.
There’s no official word from ImageShack yet as to when the service may return to normal, although at the time of writing parts of the site would appear to be working. Anti-Sec suggests in their manifesto that images on ImageShack have not been deleted.
All images appear with the text..
“mageshack proudly presents...
Anti-sec. We're a movement dedicated to the eradication of full-disclosure. We wanted to give everyone an image of what we're all about.
Full-disclosure is the disclosure of exploits publicly - anywhere. The security industry uses full-disclosure to profit and develop scare-tactics to convince people into buying their firewalls, anti-virus software, and auditing services.
Meanwhile, script kiddies copy and paste these exploits and compile them, ready to strike any and all vulnerable servers they can get a hold of. If whitehats were truly about security this stuff would not be published, not even exploits with silly edits to make them slightly unusable.
As an added bonus, if publication wasn't enough, these exploits are mirrored and distributed widely across the internet with a nice little advertisement embedded in them for the crew or website which first exposed the vulnerability to the public.
It's about money. While the world is difficult to change, and money will certainly continue to be very important in the eyes of many, our battle is that of the removal of full-disclosure for the purpose of making it harder for the security industry to exploit its consequences.
It is our goal that, through mayhem and the destruction of all exploitative and detrimental communities, companies, and individuals, full-disclosure will be abandoned and the security industry will be forced to reform.
How do we plan to achieve this? Through the full and unrelenting, unmerciful elimination of all supporters of full-disclosure and the security industry in its present form. If you own a security blog, and exploitation publication website or you distribute any exploits... "you are a target and will be rm'd. Only a matter of time."
This isn't like before. This time everyone and everything is getting owned.
Signed: The Anti-sec Movement
No images were harmed in the making of this...image.”
