Donate $25 for two DVDs of the Cryptome collection of files from June 1996 to the present

Natsios Young Architects

22 October 2010. Hackers working for the Feds fits Wired's promoting snitches in its work for the Feds.

Cryptome Hackers May Be Feds - Wikileaks a Target Too

A sends:

I got curious and there IS a link on the Encyclopedia Dramatica Xyrix article to the 4chan raid of December, 2007, under Blow_Jays.

Xyrix and the others issued a New 4chan manifesto as if it were coup d'etat, pretty funny, but they couldn't deal with the bandwidth after they hijacked the site for more than a few minutes (they were trying to host and run the imageboard on their own or other hijacked equipment, pretending they had permanently stolen it).

The interesting part is this girl Angyl elected to call m00t to demand ransom in exchange for turning the site back over to him. m00t is the owner of 4chan. There is an audio clip as well as a transcript at the above link, the audio is still available on the MIRROR link from rapidshare:

(if it saves as a 7 MB html file, just change the html extension to MP3 manually)

She says clearly that 4chan had its "open DNS jacked"... more DNS stuff from these people.

Angyl fell out with Xyrix a bit later. It might be worth noting she joined the g00nz group, and that their IRC began hosting the Anonymous attacks on Scientology, and further that some people associated with g00nz began a backraid against the 4chan raid on Scientology, including a character named Nemesis [or similar] who later shacked up with Angyl. Allegedly Scientology also hired a Romanian hack group called Reliant or Revelant or Relevant or something like that to run a real backraid on the 4chan raid. The g00nies distanced themselves from the attack on 4chan and embraced the Scientology offensive publicly, but in the background there were people working the other side, logging chat, taking down names, the whole gamut. g00nz rid themselves of the Scientology activists after a while by claiming to go on vacation for a few months and shutting off the IRC. Maybe they were in some danger of the "Party Van" (feds) coming down on them, idk. Whatever the case, the g00nz's style is completely different than Xyrix's, like night and day.

Another little thing: Xyrix and his group seem to have a penchant for iconoclastically attacking underground/counterculture sites. He mentions TPB in one of his missives on the 4chan attack available at the first link provided above. When they defaced Cryptmoe, they put "<3 Bradley Manning" and their bragging makes a big deal of the spurious Wikileaks Insider emails. In other words, the drang nach osten seems to target Sweden as the first theater of battle then and now, 2007 and 2010. Or maybe they were just reading Wired and thought they found something big and SEKRIT in the Wikileaks Insider emails. You have to wonder though when the same people keep targeting the same targets the Man wants targeted, while claiming to be doing it for kicks, "for the lulz," or a la Sir Edmund "Because it's there."

It would also be surprising if Xyrix didn't have or claim to have some minor Mafia connections, or to be available for hire, in which case it doesn't matter if he knows he's working for the Feds or not, it's easy enough to run something like that a few steps removed. I wouldn't get too paranoid about it yet, though, it's probably just stupid fat kids from Jersey doing what stupid fat kids from Jersey do, or following some path laid out for them to attack TPB and Wikileaks, for whatever personal motivations. I assume they were more interested in attacking WL than Cryptome because of the publicity.

Just thinking out loud.


A sends:

I read all that. The Dec 14 2007 (?) 4chan "pwnage" will be documented somewhere. It happened around the time Operation CoSplay began, to DDOS Church of Scientology webpage, operational name later changed to something or other. EncyclopediaDramatica sometimes has stuff like a minor 4chan outage still online. Xyrix has his own personal ED page, apparently, it might be linked there. It sounds like he got in as an admin or something and locked people out, but I don't recall the event specifically.

Attached for possible separate perusal is what I laughingly called the 4chan In Real Life Lawful Spying Guide. My what a tangled web. Use it if you can make sense of it! It's not relevant to your hacker problem afaik. (Not examined by Cryptome.)


> Thanks very much, this info could be very useful.
> Several of the alleged Cryptome hackers have been accused of
> hacking 4chan. This has been discussed on forum (now
> down but available in Google cache - search " Xyrix 4chan.")
> Also discussion on, search on
> " Xyrix."
> Regards,
> John


A sends:

Hadn't checked cryptome for a few weeks, saw the hack attack news item. This is strange but I think I recognize the IP:

Corey Barnhill
541 Hamilton St Apt A
Harrison, NJ 07029
IP Address: Host name:

There's been sort of a conflict for the past few weeks, documented on and

Some firm in the UK hired some hackers in India to attack and some people on organized a counter-response, took down the Indian "call center" and the UK lawyer, and thought it such fun that they're still at it.

Last I saw they were ddosing and

While this has been going on, tpb and demonoid have gone down at least once apiece. tpb claimed routine maintenance.

The 4chan group, Operation Payback is a Bitch, have had their IRC channels targetted and shut down several times, most recently by a C&D letter from some org in the UK.

The kryogenicks people in their correspondence to you are TRYING HARD to claim a 4chan association, that's what the BACKTRACE stuff is all about. "Consequences will never be the same" came out of an outraged father whose daughter fell in with the wrong crowd and had her facebook etc raided. He shouted at the webcam, uttering inanites like "YOU HAVE BEEN BACKTRACED BY THE FBI!" It made the 4channers giggle with delight.

Now, kryogenicks claiming 4chan affiliation is all wrong, on a raid 4channers deny any connection, or claim "eBaumsWorld did it." And yes, the 4chan anons attacked Church of Scientology for over a year.

I think you got some blowback from one of the hacker groups working for the Man to fight torrenters and their supporters.

I recognize the IP pasted in above:

For several days this IP (I'm fairly sure anyway) in concert with a address in CA and MO (and perhaps a pool.fios.verizon agent) were blocking the seeding of a demonoid torrent, something silly, a week's worth of Coast to Coast AM audio MP3s. The way they did it was to open and close connections to a seeder in rapid succession and in multiple instances, then do the handshake stuff and close, reopen, etc etc. It used up all the bandwidth and was rapidfire. They tried to make direct p2p connections via the tracker, rather than uTP peer connect. Once they had the client seemingly in their grasp, they'd spoof the router address and start sending requests to the router, so with a series of ports tried in sequence from zero to 655000 or whatever the maximum is. Sniffing to create a botnet via the Coast audience?

I could be completely wrong that this IP is the same as the one you encountered, but I'm still blocking ALL comcast addresses because of it, it was very annoying.

One other thing, one of the sites Operation PBIAB targetted was a live music franchise in the UK, and that or a lawyer (I forget which) began SPOOFING THE DEFAULT ROUTER ADDRESS as a regular DNS internet address too,, so the payers back were supposed to DDOS their modems, but people caught on quickly and stopped.

I think your deface/breach was related to the prof hackers hired to take down the TPB, in terms of a general trend, but not the same exact guys.

cryptome-hack5.htm    "Xyrix" "Virus" "Null" "Trainreq" Linked         October 17, 2010
thug-mugshots.htm     "Xyrix" "Virus" "Null" Hacker-Thug Mug Shots     October 14, 2010
cryptome-offer.htm    Cryptome Offer to Hackers and Wired              October 11, 2010
cryptome-nobreach.htm Cryptome Not "Breached"                          October 11, 2010
perras-hacknot.htm    "Justin Perras" Disavows Cryptome Hack Update    October 10, 2010
cryptome-hack4.htm    Cryptome Hackers and Consequences Update         October 9, 2010
cryptome-hack3.htm    Cryptome Hack 3 Updated                          October 8, 2010
wired-crime.htm       Wired Complicit in Federal Crimes by Hacker      October 5, 2010