http://www.infoworld.com/article/07/07/18/Mac-worm-hacker-vanishes-from-blogosphere_1.html
By Robert McMillan
IDG News Service
July 18, 2007
Just days after claiming to have written a worm that could be used to
attack Mac OS X systems, the anonymous blogger known as Infosecsellout
has gone quiet.
His (or her or their) blog as been renamed. Old posts have been removed,
the blog has been renamed "Security Information," and Infosecsellout
says the blog is finished. Mysteriously, however, there are two new
posts on the blog, one of which provides a link to information on the
alleged worm.
But they are fake posts, according to Infosecsellout, who said the blog
was hacked on Tuesday night and will not be revived.
"Infosecsellout is now dead," the anonymous blogger said in an e-mail
message. "It was a great experiment to see how the industry could handle
some honesty, which they can't. They are quick to attack the credibility
of others in order to hide their own flaws."
Since he started blogging last year, Infosecsellout made his share of
enemies, offering uncensored and occasionally amusing observations on
computer security research and its practitioners. (He once called this
reporter a "mindless hack" for reporting flaws in the beta version of
Safari 3.0.)
The blogger said he needed to remain anonymous because of his unpopular
opinions. "The last thing I want is some crybaby to involve my employer
in things that I say on this blog," he wrote in January.
On Sunday, however, he may have crossed a line, in reporting that he had
been "compensated" for writing a worm that could exploit a variation of
a bug in Apple's Bonjour automatic network configuration service that
was initially patched in May. The flaw lies in Bonjour's mDNSResponder,
which is used to do things like discover printers or share iTunes files
on a local area network, he wrote.
Though Infosecsellout provided nothing to back up his claim, the story
was widely reported and security researchers began to investigate who
may have been behind the blog.
Metasploit developer HD Moore said that he's "70 percent" sure he knows
Infosecsellout's identity, based on a study of his posts and of e-mail
messages from known people performed using a writing analysis tool
called Unmask.
Moore wouldn't say whom he suspected, but he noted that Infosecsellout's
blog vanished soon after he contacted his suspect. Like every other
security researcher contacted Wednesday, he didn't buy Infosecsellout's
story that the blog had been hacked.
"It seems like someone's getting worried that their cover is getting
blown and they're doing cover-up," Moore said. "There's been a lot more
attention from folks trying to unmask [Infosecsellout] in the past day
or two."
A blogger going by the name of Cutaway suggested that a hacker known as
LMH could be behind the blog, but Moore said that this argument did not
seem credible.
Thomas Ptacek, a researcher at Matasano Security, agreed that the
blogger was probably not LMH. "My theory right now is that it's more
than one person," he said.
In an e-mail message, Infosecsellout said that the blog was written by a
group of self-employed authors, but that appeared to contradict the
blog's January post claiming that the author was worried about his
employer being approached.
When asked to explain the apparent contradiction, the blogger said,
"Even the self-employed have employers that are subject to crybabies."
Received on Thu Jul 19 00:33:40 2007