Tuesday, December 28, 2010

Debunking the Botnet Infiltration Video

Title: Debunking the BOTNET INFILTRATION VIDEO
Notice, I lie about the facility, stateing that I had infiltrated a corporation, when in fact I worked there.
The video was nothing more than juvinile posturing gone too far, notice the Mission Impossible Theme song in the back ground.
I also claim to have oph cracked the computer in the video, and place a USB device into the computer and execute a file, which was indeed a melting batch file; completely harmless. When the FBI put me in federal prison, THEN they pulled the computers disk images and ran their forensic software, and came up with NO BOTNET.  hmmm.... Go figure.

mystery behind 27

Pursuant to my 1st Amendment and the Universal Declaration of Human Rights; Article 19, Freedom of the Press: The right to print and publish materials without governmental intervention, as guarenteed by the First Amendment. ANY RETALIATION of these RIGHTS can not be justified.
SELECTIVE PROSECUTION 1. Selective Enforcement 2. The practice or an instant of a criminal prosecution brought at the discretion of a prosecutor rather than one brought as a matter of course in the normal functioning of the prosecuting authorities office. Selective prosecution violates the EQUAL PROTECTION CLAUSE of the 14th Amendment if a defendant is SINGLED out for prosecution when others similarly situated have not been prosecuted and the prosecutor's reasons for doing so are impermissible.
"the mystery of the 27"
LOGS FROM MY LOGMEIN.COM ACCOUNT
1- 66.137.227.133-dsl.rcsntx.swbell.net
2- 70.251.65.110-dsl.rcsntx.swbell.net
3- 70.251.72.165-dsl.rcsntx.swbell.net
4- 70.251.72.166-dsl.rcsntx.swbell.net
5- 70.251.93.64-dsl.rcsntx.swbell.net
6- 70.251.73.81-dsl.rcsntx.swbell.net
7- 209.183.51.16-alnmagr1fe07-dmz.mycingular.net
8- 209.183.51.14-alnmagr1fe05-dmz.mycingular.net
9- 209.183.51.10-alnmagr1fe01-dnz.mycingular.net
10- 209.183.51.248-mobile.mymmode.com
11- 85.31.187.183-blue.kundencontroller.de
12- 68.1.78.28-ip68-1-78-28.pn.at.cox.net
13- 68.1.136.139-ip68-1-136-139.mc.at.cox.net
14- 70.248.61.34-dsl.rcsntx.swbell.net
15- 174.33.246.195-host17433246195246.directway.com
16- 64.216.15.126-ded.swbell.net
17- 69.152.162.60-dsl.okcyok.swbell.net
18- 24.79.173.24-s0106001e8cbdb7f2.wp.shawcable.net
19- 66.167.112.211-static.dllatx37.couad.net
20- 66.140.47.217-dsl.rcsntx.swbell.net
21- 209.30.33.246-dsl.rcsntx.swbell.net
22- 67.105.71.195-mail.thecirrusgroup.com
23- 70.245.28.72-dsl.okcyok.swbell.net
24- 70.243.203.164-dsl.rcsntx.swbell.net
25- 70.243.203.77-dsl.rcsntx.swbell.net
26- 70.254.83.98-wbcarrelclinic.com
27- 76.185.237.232-cpe-76-185-237-232-tx.es.rr.com
Unfortunatly, no one knows who they are, and no one cares. These people are not even ETA members and the FBI knows this and doesnt even care. What do you, the viewer think about all this?

chatlogs

These are chatlogs that are included in my discovery evidence.
Discovery #1b1-00000213 (chatlog with tullywacker08 and Y2JSaveUs222 aka Isaac Guest from Anonymous)
Y2JSaveUs222 (2:05:31PM) : and i set him up lol
Y2JSaveUs222 (2:07:28PM) : i plan on taking him out for good
Discovery #1b1-00000294 (chatlog with isaac guest aka ecwrvdkoolaid1 and myself)
(23:34) ecwrvdkoolaid1: she gave me everything
(23:26) ecwrvdkoolaid1: i have convos from me and coax talking weeks ago about how he wants me to have you arrested for the shit u have done to many people
(23:42) ecwrvdkoolaid1: it was method who told me u were arlington texas lol
(23:43) ecwrvdkoolaid1: he gave me ur info
(23:43) ecwrvdkoolaid1: and ur dads info
(23:52) ecwrvdkoolaid1: isaac > eta.. owned
(23:54) ecwrvdkoolaid1: tell your daughter if she needs a REAL daddy... ill be there for her
(23:54) ecwrvdkoolaid1: and if ur girl needs someone to fuck...
Note: Method is the leader of the H2K Hacker Crew. Isaac conspired with others to enumerate information about me.
Discovery #1b1-00000210 (chatlog between isaac guest aka Y2JSaveUs222 and a decoy internet Haet macheen AIM account)
(00:15) Y2JSaveUs222: but i already have ghsot being taken care of
(00:16) Y2JSaveUs222: i have him fucked... had a case open with the fbi for about a month now on him
(00:17) Y2JSaveUs222: because i want to ruin him
(00:17) Y2JSaveUs222: and i want to take him away from his family
(00:18) Y2JSaveUs222: i want his daughter to grow up without a father.. at least not him..
(00:18) Y2JSaveUs222: and i want his life to be fully ruined

Discovery #1B1-00000216 (chatlog between myself and AAUGUSTA3, from Anonymous via AIM)
(00:39) AAUGUSTA3: any ides who last name is b
(00:40) AAUGUSTA3: i dunno what you think gh0st do you know anybody with the name b
(00:41) AAUGUSTA3: 70.251.75.79 is ppp-70-251-75-79.dsl.rcsntx.swbell.net
(00:43) AAUGUSTA3: come for my dick in your wifes asshole

Americanidiot continued

The WsFcic website has a a couple big disclaimers that say: Important: The Public Records and commercially available data sources used on reports have errors. Data is sometimes entered poorly, processed incorrectly and generally not free from defect. this system shoudl not be relied upon as definitively accurate. Another disclaimer quotes under all these "fake names" i supposedly have: Does NOT usually indicate any type of fraud or deception. However, the FBI agents on my case took a sworn oath, and completely fabricated stories of me owning a fake ID kit and using various fake names, and how i could send a signal to a cell phone to erase forensic evidence (under my youtube video ETA MEMBER ARRESTED where i actually state the opposite).
So how did all this software cause so much disaster? WHAT DISASTER? Read between the lines. "He could have gained access to patient records, he could have shut down the HVAC, he could have ruined the refrigerated medicine, he could have crashed the network." etc etc. The hype is not based on any factual evidence, only a vast hypothesis of possibilities. So how did this software get on these computers? Lets look at Discovery Evidence #1B1-00000216, An aol instant message chat log between me and an Anonymous member, AAUGUSTA3 on Feb 14, 2009 @16:46:58 Saturday (00:41) AAUGUSTA3 posts 70.251.75.79 is ppp-70-251-75-79.dslrcsntx.swbell.net    Which is an IP/DNS of one of the Carrel Clinic's computers. imagine an attacker performing a cross site script tunnel (xss) to the HVAC system's web browser which gives him accesss to the HVAC's file systems where he could upload, download, modify files on that system. With Cain and Abel now installed and remote access established by capturing the logins to my gmail and then LMI, he could easily sniff the network and find my laptop, the only computer on the entire network in the middle of the night generating traffic. passing on the new configurations on the hvac to the rest of the network becomes effortless because the HVAC is a redundancy system. The 27 unknown individuals via LMI, can now leave digital fingerprints using my signature, durring my night shift, after my shift, day and night, even logging in some 5-10 minutes after my shift while I am driving home from Dallas to Arlington. For more about official evidence of me being framed, check out the chat logs blog. Also view "the unknown 27" to learn more. Let me explain about the potential damages an Rxbox/w32/sdbot.worm could have done to the Carrel Clinic's networks. This "robot network" file was designed to temporarily steal a small ammount of bandwidth from each infected network it is infected upon for means to perform a Distributed Denial of Service attack (ddos) against a remote target host. It is NOT ideal to infect multiple computers on a single network which would only slow/crash that network and bring unwatned attention to that crash, the bot discovered and removed. It is ideal to collect various networks, not various computers on one given network. When the bandwidth is stolen, it only siphons off multiple kilobytes (kb) from each infected host, under one megabyte (mb), which is why a bot master needs at least 50 to 100 infected hosts to pull off a low-level ddos attack on a remote target host.
In reality, when you download mp3's, videos and programs using a peer 2 peer client like limewire, you are causing more damage to your networks bandwidth, than a botnet leeching a few hundred kb. Example: I am on xbox live, you are downloading mp3's on limewire on the same network. Your downloading has dramatically slowed down the netowkr speed, and now i cam no longer stay connected to xbox live because my network ping is so effin high. Get it? Got it? Good

truth behind the mask #6

Pursuant to the 1st Amendment:
"Dont wanna be an american Idiot, one nation controlled by the media"
228 Fed Red 3D Series  ..."Courts may enjoin illigal activity without running a foul of the constitution."
A Critical thinking society is a people not easily effected by fabricated. bias media designed propeganda. Draw your own verdict.
www.blogs.dallasobserver.com/unfairpark/2010/05/hacker_known_as_ghostexodus)wh.php "who hacked into 14 computers... intended to shut it down, shut it all down." - Internesting enough, the media doesnt clarify much on the malicious code, which went from RXbotnet, to logmein.com, and teamviewer.com and Cain & Able, (a network traffic sniffer). For those of you who understand networking, we know that teamviewer is not an Ip based application, and can not be accessed remotely when it is protected behind a firewall. Only interal LAN access at that point. In the forensic evidence, the HVAC was also hacked even before my employment, this redundancy system with absolutely no password what so ever; the forensic analysis shows me checking my myspace, googling, gmail, downloading ophcrack vista and burning it to cd with daemon tools. And not a single computer there to my knowledge and based on the evidence was/is running Vista. Also, a keylogger was placed on the system which captured all MY logins. Yes, its in the evidence. Why would I install Cain and Able to sniff the network for activity passing through the network, when I was the only active person on the network? I would only be capturing my own data packets. So lets talk about Logmein (LMI). These logs show 27 unauthorized individuals from all over the world accessing my LMI account, and also the feds pulled logs from GOOGLE that showed my gmial and The Fixer's gmail account as compromised. Who are these 27 different people? The FBI refused to investigate, and my prosecutor refused to prosecute. (Selective Prosecution, goolg me.) The feds and I knew that none of these people were ETA members, but they wanted to make a story, and so they did. I refused their 5k.1 deal (to snitch on innocent people) so my attorney at the time, John M. Nicholson calls my wife on the phone going against my wishes and behind my back to try to gain information from her to score points for the prosecution. I tried to fire him, and two days later I was given a 14 count superceding indictment. interesting... On page 6 of the affadavidt, you see XxxImmortalxxX providing information to CW-1 (Robert Wesley McGrew)
On www.securityprivacyandthelaw.com/tags/electronik-tribulation-army-/ you find: "Immortal appears to have burned McGraw/GhostExodus" and "Thanks are owed to mr. McGrew and Immortal for writing in to clarify the cast of charactars involved in this incident." You identify their collaboration. Immortal, an infiltrator from the group ANONYMOUS and Robert McGrew who also collaborates with ANONYMOUS even on his own website, has not been entirely honest about his identity and personal involvement in this case, but interesting enough has a history of deception and subjecting his "competitors" to public ridicule and contempt. I speak primarily of Yousif Yalda from http://www.vapt.sec.com/., who tried to confide in Mr. McGrew on a "business leve", which McGrew defamed him, causing a loss of vapt-sec's revenue and reputation, and even gained unauthorized access to Yousif's own personal computer, taking a screen shot of it and pasted it on http://www.mcgrewsecurity.com/.
Check out: www.mcgrewsecurity.com/2008/03/26/the-strange-case-of-yousif-yalda/
www.mcgrewsecurity.com/2008/09/01/yousif-yalda-part-2/
www.blog.c22.cc/20082/09/07/yousif-yalda-strikes-again/
http://www.writequit.org/
McGrew even had Anonymous dox/profile Yousif on his own website, exposing yousif to public hatred. This was also done to myself, dev//null and the fixer. You see, McGrew is not promoting security awareness merely, he's simply marketing himself by destroying reputations, fabricating stories, by holding lectures about me as Mississippi State Univerty (CS4243/6243)
The devil is in the details. Heres some more:
www.mcgrewsecurity.com/2009/09/30/eta-is-leaking/
www.mcgrewsecurity.com/2009/06/30/ghostexodus-the-eta-and-a-control-systems-incident-at-carrel-clinic-part1/
www.mcgrewsecurity.com/2009/08/30/slides-for-cse4243-ghostexodus-lecture/
www.mcgrewsecurity.com/2009/07/07/ghostexodus-part4/
www.mcgrewsecurity.com/2009/07/23/ghostexodus-indicted-for-control-system-incident/
www.mcgrewsecurity.com/2009/07/02/ghostexodus-part2/
www.mcgrewsecurity.com/2009/09/03/electronik-tribulation-army-gone-white-hatish/
www.mcgrewsecurity.com/reversing-an-electronik-tribulation-army-php-irc-bot/
www.mcgrewsecurity.com/?s=Jesse+McGraw