Today I was minding my own business in a chatroom that I monitor when somebody posted something about infosecsellout. Normally I ignore anything pertaining to infosecsellout due to an unprofessional and childish comment posted about Alan Shimel. But this time I had to pay attention. This time somebody pointed a finger at who is behind the content posted on the infosecsellout blog site. The finger was pointed at LMH and the Phrack High Council (PHC) (yes, the link is broken but you can check out what it looked like here).
I have no way to confirm any of these statements, but here is the text of the conversation. And, yes, it has been edited to protect identities.
[3:37pm] [informant] okay- i have permission to officially leak it. we think
sellout is LMH and the PHC kids. spread the word
[3:37pm] [cutaway] HA
[3:37pm] [informant] and we think some of them engage in illegal hacks
[3:37pm] [cutaway] HA
[3:38pm] [cutaway] seriously on that last one?
[3:38pm] [informant] yep, btu no evidence
[3:38pm] [cutaway] That would be an interesting blog post
[3:38pm] [informant] yes it would
[3:38pm] [cutaway] Ou would love to drop that
[3:38pm] [informant] if you look up the phrack high club stuff, they state
clearly their goal is to trash the infosec industry
[3:39pm] [informant] what better way to do that than pretend to be insiders,
and make up a bunch of BS and disinformation
[3:39pm] [informant] a disinformation campaign against the infosec industry
[3:39pm] [informant] almost ingenious
[3:39pm] [informant] feel free to leak to ou if you want
[3:40pm] [innocent.bystander] I don’t think I want to be the one to post that.
that is sort of like saying – that group of kids is robbing houses – from
your front porch
[3:40pm] [cutaway] I just might wait on that one
[3:40pm] [cutaway] I was just thinking that
[3:40pm] [innocent.bystander] sort of invites them to come on in
[3:40pm] [informant] yeah, no proof on the illegal stuff
[3:40pm] [cutaway] but what points you in that direction?
[3:40pm] [informant] but we’re pretty sure they do it
[3:41pm] [cutaway] stuff they say or reference in the infosellout blog?
[3:41pm] [informant] when you hear enough rumors from enough sources, and
track that to behavior, eventually a rough picture emerges
[3:41pm] [informant] look at the language on the blog and the pHC stuff
[3:42pm] [cutaway] I am trying to think how to present it when I don’t
read sellout and I don’t have references to specifics
[3:42pm] [cutaway] not that I am asking you for any
[3:42pm] [cutaway] just thinking outloud
[3:43pm] [cutaway] Hmm, I’m going to have to play with that tonight
[3:43pm] [innocent.bystander] gotta go offline for some testing, back in a few
[3:43pm] [cutaway] If I don’t come up with something I’ll ping Ou
[3:43pm] innocent.bystander left the chat room.
[3:43pm] [cutaway] Unknown source of course
[3:43pm] [informant] of course
[3:44pm] [informant] you could just say you got an anonymous email, and that
they’re goal has been to sow chaos
Interesting, yes. Proving illegal activity….well….I doubt I even want to start digging around for that information. But I thought I would check into the claim of PHC trying to discredit the information security industry. First I started with the latest edition of Phrack where I found this:
Q: And about PHC?
A: Well, thats an interesting question. To be honest, PHC did not just do
those bad things we were used to learn from the web or irc, we like some
of them and even know very well a few others. Also, the two attempted
issues 62 and 63 of PHC had an incontestable renew in the spirit and
there were even some useful information on honeypots and protecting
However, we have a problem with unjustified arrogance. If it’s true
the security world has a problem with white/black hats, we think that
the good way to resolve the problem is not to fight everyone,
especially such a poor demonstrative way. It’s not our conception of
hacking. Take the first 20 issues of Phrack and try to find unjustified
arrogant word/sentence/paragraph: you won’t find any. The essence of
hacking is different : it’s learning. Hacking to learn.
You can be a blackhat and working in the IT industry, it’s
not incompatible. We have nothing against PHC and we think the
Underground needs a group like PHC. But the Underground needs a magazine
like Phrack as well. The main battle of PHC is fighting whitehats but
it’s not Phrack’s battle. It’s never been the purpose of Phrack.
If we have to fight against something, it’s against the society and
not targeting whitehats personally (that doesn’t mean that we support
whitehat…). Phrack is about fighting the society by releasing
information about technologies that we are not supposed to learn. And
these technologies are not only Unix-related and/or software
We agree with them when they say that recent issues of Phrack helped
probably too much the security industry and that there was a lack of
spirit. We’re doing our best to change it. But we still need technical
articles. If they want to change something in the Underground, they are
welcome to contribute to Phrack. Like everyone in the Underground
Next I found this post to Full Disclosure:
—– Original Message —–
From: Phrack High Council
Sent: Thursday, November 24, 2005 1:29 PM
Subject: [Full-disclosure] Return of the Phrack High Council
Dear FD Reader,
It’s been a very long time since we last spoke, but just like the Pheonix (not the city, you dumbfuck!) i was reborn from my own ash. We, the PHC, been for too long in the underground (gathering informations, snooping whitehat tty’s, backdooring various boxes, etc.) to be able to keep up with the amount of bullshit that goes to this list on a daily basis. But NOW, the Phrack High Council is once more into the lights! We’ve been in the underground gathering informations about *YOU* and your fellow ‘ethical hackers’.
You should expect to find your mail spool and porn collection on our web page soon enough. Don’t assume you are safe because you are NOT! No, we don’t like you and no, we won’t stop. But, for now, we proudly present the inside of the Star Hackademy (www.thehackademy.net) and an early _final_ PDF version of their lame zine (thanks core, you are a real pal). We couldn’t get our hands on the hardcover; it’s scheduled to be released sometime in december. Sorry!
PHC is not a hacking group, it’s a state of mind. PHC is not a group of people, it’s a movement of people. We do not exist!
Please enjoy visiting http://phrack.efnet.ru as the next home of your mailspool *g* and remember ….
…. “keep pr0j3kt m4yh3m alive!”
The “keep pr0j3kt m4yh3m alive!” quote lead me to a mirror of the Phrack RU site index page:
Phrack High Council – 2005
“Keep pr0j3kt m4yh3m alive!”
It’s been a long time, indeed. Two years of underground, now PHC is back into the scene. I bet
many of you have no fuckin clue *WHY* suddenly, the anti-infosec movement slowed down. Some of you
thought it might’ve been the fedz. Some others said PHC members got security jobs. There were also
some voices stating we have no exploits left. HAHAHAHA! Get real, son! We sit our asses on more
goodies than ISS and iDefense, altogether.
PHC is *NOT* a hacking group, it’s a state of mind! Stop asking about us,
we know all about YOU!
PHC was never *GONE*, we just reached a new state of mind, a new underground level. You, our
faithful follower, our friend, our brother, know where we’ve been. We’ve been scooping the infosec,
getting inside informations, KNOWING OUR ENEMY (thx Spitzc0q), puttin their lifes into misery! But,
in the mean time, we also had our eyes on the scene: some of you kept pr0j3kt m4yh3m alive. The rest
acted like sheeps left w/o sheppard: bowed yer heads to them wolves! This is your last chance: you
either change or become a target. Everyone can be a target: security professionals, CISSP (hi
Johnson aka [t]hief, still playing the ‘hacker’?), security companies, bugtraq wannabeez, all kinds
of wannabeez, them bitches, non-believers, haters, etc.
Gray is not a choice anymore. It’s US or THEM. It’s not a game. The IT Security industry is
affecting our day-to-day life. More and more east-europeans, chinese, indians, pakistani, etc.
think they will find milk and honey working at a security company; you fuckin twats! They’re just
exploiting you. You’re serving a cause that’s not yours, making your boss rich! If you don’t see
our point, then fuck you, you made it to our target list.
Everybody should remember gayh1tler’s last wish: keep pr0j3kt m4yh3m alive! Each and every of
you should follow his words of wisdom. You have no right to do otherwise! And if you do, we see you,
we know who you are and your ass is blast.
It’s the WHITEHAT HOLOCAUST! WHITEHATS, STEP INTO MY OVEN!!!!
– Phrack High Council, 2005 AD
Finally I figured I should check the infosecsellout site to see if I could locate any blantant FUD. The only thing that really stood out was the recent claim of a worm for OS X. Although this may or may not be an attempt to generate bogus information I did not see anything else that could not be described as just another person’s opinion.
Apparently, this information has also gotten around a bit already. It seems that infosecsellout has posted an email from LMH and/or the crew at info-pull that claims they are not affiliated with infosecsellout despite David Maynor‘s opinion.
You know, I am starting to wish I had ignored the original message about infosecsellout. Although I cannot say that there is any specific misinformation associated with the blog. The completely unprofessional attitude and behavior of its author(s) just reminds me of why I started, and should have continued, ignoring this blog, all conversations associated with it, and any claims about who the author(s) may or may not be. I’m also glad I did not bother George Ou with this. Infosecsellout does not need any more publicity than it already gets. I have also come to realize, it is just not that interesting. Although I would like to blame infosecsellout for wasting my time again, I can really only blame myself.
Go forth and do good things,
Help support my training and travel to security conferences. Get your SANS Training and GIAC Certifications through the Security Ripcord.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported.