| Donate $25 for two DVDs of the Cryptome collection of files from June 1996 to the present |
Cryptome Hackers and Consequences
10 October 2010
http://pastebin.com/7yVjiyMb"TEAM KRYOGENIKS MEMBERS DOX
Fucking bunch of script kiddie newbs who think they're elite
Ghost Rider"Includes "Virus" Nieves and "Null" Perras personal information
10 October 2010
Court documents on Justin Perras' hacking capabilities and imprisonment: http://cryptome.org/0002/perras-hacknot.htm
Relevant: At the HOPE conference panel on snitches 18 July 2010, a panelist described how to read court documents to tell that an indicted hacker, or one released with only a warning, had been converted to a snitch for the government. This from one of several on the panel sent to prison by a fellow hacker's concealed testimony, a victim who had also been offered a deal to do the same, but after refusing to accept a deal, had a sentence maximized. At the same panel it was stated that conventional wisdom among hackers is that 25% of them are snitches. Using these odds at least one of the Cryptome hackers is a snitch (see below) who initiated the alleged attack (which is not likely to have happened as reported) to entrap the others, and was surely paid a fee to do so to create disarray and suspicion among the not yet nabbed. This is standard law enforcement, spy and counterspy means and methods. Buy the conference video from 2600.com.
http://www.spywared.com/news/kryogeniks-gang-in-prison-for-comcast-hijack-724.html
28 September 2010
Two men of Kryogeniks gang were sentenced for 18 months in prison for Comcast.com domain hijack. There [sic] third one, James Robert Black Jr., 21, was sentenced in August to four month in prison and made a pact to collaborate with FBI in trying to caught [sic] other partners in crime. Christopher Allen Lewis, 20, of Delaware and Michael Paul Nebel, 28, got 18 month sentence in prison and ordered to pay $89,778.13 each.
oh shit kyrogeniks going down for the comcast hacks
http://www.wired.com/threatlevel/2009/11/comcast-hack/
11-29-2009
[Selected excerpts on snitches]
Sinz: kryogeniks been known to snitch since me and xom got busted in 2k5
Sinz: its not that i dislike virus, its just that he's a lil xom clone in that they both snitch when pressed.
SippieCup: definitely snitching.
SippieCup: edit: i take back my previous snitching statment "definitely snitching" and in replace i say probably. it also could jsur be that they are pleading guilty. this is why you dont fuck with big names like this. they should have just edited the DNS to a server like they did and put an ad on it then every other link go back to the IP of comcast. probably could have gotten away with it for a couple hours before comcast noticed and comcast would not have come down as hard as they did due to no loss in service... still would have gone after them though
Craig: ebk snitched
Sis: [quoting] EBK slept for an hour Wednesday night; Defiant for 20 minutes. Even as the attack was in progress, the hackers began to feel the weight of their actions. Both say they’ve been raided by law enforcement before. “I slept in my clothes, because the last time they came, I was in my underwear with my dong hanging out and shit,” says Defiant.
Rafael Nadal: Rofl are you guys real bitching about snitching? This isn't the mafia, there's no omerta or any kind of code of honor. The homo() is right. Actions have consequences. If they try to save themselves by making a deal, good for them. Snitching shouldn't be a problem if you're not doing anything illegal.
Rafael Nadal: What are you, 12? Do you understand that "snitching" only exists if there's something to "snitch" about? Stop acting so hard. You're a white kid living in a middle class neighborhood. You're not ghetto, you're not gangster, and there's no code of honor on the internet.
Pad: when people willingly cooperate with law enforcement incriminating themselves and their peers it's not only shockingly retarded it's also a display of weakness and a lack of integrity. it has little to do with "acting hard" as much as it has to do with common sense and a basic understanding of the 5th amendment. people tend to bury themselves out of fear and ignorance. and for the record i'm not a kid nor am i "middle class," punk bitch
Rafael Nadal: WHAT INTEGRITY?! What the HELL are you talking about? What part of "actions have consequences" do you not understand? Snitching only exists if there's something illegal going on. If you're not doing anything wrong, nobody can snitch on you. Snitching is also a vital part of the judicial system, as it uses the small fish to catch the big fish, nothing wrong with that. Don't like snitching? Don't open yourself up to prosecution.
Craig: snitching is a problem in ebk's case, where he was involved in this and went on a tell-all rampage (exposing his boiz) just to potentially save some skin on his ass
Pad: snitching is a problem in any case i feel like i just woke up in narnia
9 October 2010
Cryptome to A2:
Thanks for the advice. Train Req appears from all boxes on our LAN, some never before logging onto Earthlink. We will look more closely as you suggest. However, Earthlink is likely running a honey pot for its own use or for its lawful cohorts. We have noted that on Cryptome just now.We have previously published the virtues of using honey pots as part of security. The Cryptome hackers are fools if they don't know this. They have been logged from the beginning and still are. That has not yet been published but is by way of this insecure email. Samples:
"Xyrix" Barnhill:c-76-124-84-68.hsd1.nj.comcast.net -- "Opera/9.80 (Windows NT 6.0; U; en) Presto/2.6.30 Version/10.62"
"Virus" Nieves:
pool-96-250-224-79.nycmny.fios.verizon.net -- "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3"
"Null" Perras or others using IP 69.164.221.72:
o-0.bz (aka Kyrogeniks.org, Poisonapple.net, Belegit.org):
wtf.o-0.bz -- "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10"
To be sure, ever more interesting techniques are being used beyond the reach of our smug delusions. The varmints never sleep, nor do our daemons.
You may know that NetSol is heavily used for its honey pot capabilities along with the other giants such as Earthlink who never seem to provide sufficient security except for those who pay extremely high prices for it -- IBM, Microsoft, Oracle, on and on, all induced to do so by bountiful lawful funding.
That is known, what is less known is the honey pot use of allegedly much more secure ISPs offering allegedly greater security than the foolish giants. Sec "experts" chuckle: the greater the security offered the more likely snake oil, security theater or worse, outright deception. Good money to be made that way.
Small ISPs are very vulnerable despite what they claim. No doubt some don't know what they are being used for. And get very indignant if challenged to allow an independent full-bore test. Thus the urgent need for confidentiality and secrecy across the security spectrum.
Security is bogus.
9 October 2010
Cryptome to A:
You will know that the mail address cryptome[at]earthlink.net is not secure: Earthlink has not closed the hole made by the hackers. It is a honey pot for several watchers.You are being social engineered by Nieves, and he is likely doing it to others as well.
Several sources are providing material on the alleged culprits and the three are probing, bluffing and threatening to find out who. Pretending to know more than they do, a technique you will recognize.
Here is "Perras" ' attempt today: http://cryptome.org/0002/perras-hacknot.htm
Pretending to be you, among others, is to be expected. This response pretends to go along with it.
"Justin Perras" Disavows Cryptome Hack:
http://cryptome.org/0002/perras-hacknot.htm
No evidence provided that this is by Justin Perras and not a standard hacker impersonation. Several impersonations and forgeries have been received related to the Cryptome hack. Some were apparently provided to Kim Zetter at Wired and no evidence was provided by her for those either. A call to the telephone number listed will get a bogus response. Perras and other perps like him have tried to weasel out of previous misdeeds by claiming they were impersonated, misunderstood or falsely accused.
9 October 2010.
Information here consists merely of allegations and the named perps are presumed innocent until proven guilty. Proof is coming in thanks to a bevy of contributors. With proof in hand, Step 2 of the ass-burning will commence.
If the hackers have downloaded the personal and office files of John Young's LAN as alleged, it is expected follow-up attacks 1-15 described below will be attempted. Indication of using any of the stolen LAN files, or more likely forgeries based on them, will be welcomed to demonstrate a constructive and educational response.
Add information on Corey "Xyrix" Barnhill, Michael "Virus" Nieves and Justin "Null" Perras.
Parties claiming to be Michael Nieves and Justin Perras have emailed and telephoned Cryptome a clumsily forged cease and desist demand to remove information in this file. The two are rightly frightened: Perras is an ex-convict and Nieves avoided prison just barely, thus easy targets for law enforcement hammering as repeat offenders and being used as undercover entrappers and snitches. The two are also easily manipulated by Barnhill who is known to bully, extort, exploit and blame those he thinks weaker by using personal information, often stolen, and challenges to "manhood." Barnhill like all bullies is a coward terrified of those he cannot bluff, thus surely a snitch under LE pressure to rat other perps. These three will shop one another as pressure builds, Perras the first to crumble due to his prison record and complicity in setting up stings to entrap hackers.
A notable security person says that based on direct experience "Virus" is the likely perp of the Cryptome email burglary setting in motion the larger hack and theft of files. That Virus is adept at social engineering but technologically deficient.
8 October 2010
Add message from someone alleging to be Mike "Virus" Nieves, a standard hacker spoof with no means to legitimate.
Previous: http://cryptome.org/0002/cryptome-hack3.htm
Cryptome Hackers and Consequences
Based information sent to Cryptome and found elsewhere --Wired in particular has valorized, monetized and lied about them -- the alleged Cryptome hackers, operating collectively as Kryogeniks, are:
XyriX/Ruxpin
Corey Barnhill
541 Hamilton St Apt A
Harrison, NJ 07029
(973) 413-9719
T-Mobile Account Number: 509081572
http://encyclopediadramatica.com/Xyrix
http://www.facebook.com/Xyrix?ref=ts
http://pastesite.com/4388
IP Address: 76.124.84.68. Host name: c-76-124-84-68.hsd1.nj.comcast.net.
Aka: b0lt29[at]yahoo.com
IP Address: 72.79.104.160
Virus
Michael Nieves
20-30 Merle Place, Apt 3F
Staten Island, NY 10305-3751
http://encyclopediadramatica.com/Virus
http://www.facebook.com/profile.php?id=573809896
http://www.nypost.com/p/news/regional/item_yHmeo2QCQCkvL9DYsCo2dP
SSN: [omitted, ends in 916]
Birthday: 10/21/1948 [Likely an error. Virus is not this old based on his
Facebook photo]
Driver Licences: [omitted, ends in 979]
Home telephone: 347-466-4996
[Omitted] = sister
Old home phone (347) 466-4996
Mikenieves[at]tmail.com - T-mobile line
3476731499 = grandcentral number
IP Address: 96.250.224.79. Host name: pool-96-250-224-79.nycmny.fios.verizon.net.
Null
Justin Perras
116 David Street
New Bedford, MA
Convicted for fraud and identity theft; 1 year in prison, 3 years supervised
release ending March 2010.
Court documents on imprisonment:
http://cryptome.org/0002/perras-hacknot.htm
http://www.facebook.com/jperras1
http://www.govtech.com/security/Jail-Time-for-US-Law-Database.html
http://www.informationweek.com/news/security/showArticle.jhtml?articleID=197801256
http://www.washingtonpost.com/wp-dyn/content/article/2006/06/30/AR2006063001222.html
Featured by Kim Zetter at Wired in 2005:
http://www.wired.com/techbiz/media/news/2005/05/67629?currentPage=all
VPN // proxy IP: 69.164.221.72 (also Kryogeniks.org). Owned by Linode.com.
Screenshot of Kryogeniks taken 8 October 2010 10:40AM ET:
![[Image]](kryogeniks-16.jpg)
These alleged Cryptome hackers (and other hackers along with their mentors and employers: official, commercial and criminal spies) are known to:
1. Blackmail for payment by threatening to expose confidential information after providing tips to reporters about a break-in or sending demands to the victim with samples of evidence.
2. Make demands on ISPs for payment to conceal security vulnerabilities with taunting disclsoures to journalists for stories and samples of evidence.
3. Sell confidential information to others who will blackmail or mark-up and sell to others for criminal use.
4. Snitch on and blame others to cover their tracks using multiple levels and methods of snitching and blaming.
5. Provide confidential information, legitimate and forged, to officials and law enforcement to punish a victim.
6. Provide confidential information, legitimate and forged, to law enforcement for payment.
7. Provide confidential information, legitimate and forged, to law enforcement as part of a deal to escape prosecution.
8. Claim to destroy their computers to avoid being prosecuted for what is on them.
9. Claim they were only bragging about exploits but did not actually do them.
10. Claim they are protected by contacts in law enforcement through family and friends.
11. Claim they hacked for patriotic reasons and not for personal gain (hmm, smells like Lamo, Wikileaks and TLAs).
12. Claim they hacked to demonstrate skill at exposing the truth but not cause harm. (like Lamo and Wikileaks)
13. Claim they were too inexperienced to understand the consequences of what they were doing.
14. Claim hacking was just teen-age fun and should not be taken as a real threat.
15. Claim they do not hack for payment or for publicity or for anything non-hackers do for success.
16. Cloak their behavior with pretentious language, clothing, insults, arrogance, mock humility and cowardice when caught, and much more, as fabulously described and exemplified at http://encyclopediadramatica.com (no other website so deftly deflates pretentiousness, stupidity, vainglory and perfidy on- and offline -- cringe and laugh at your heroes, enemies and yourself there laid bare).
Date: Fri, 8 Oct 2010 12:07:36 -0400
Subject: Hello
From: Michael Nieves <mike[at]kryogeniks.org>
To: jya[at]pipeline.com
John Young,
I really don't appreciate you making false accusations against me and other members of our group, lying about our group and posting my previous address which I no longer reside at but my elderly mother still does. I have done nothing to you or your website and have no interest in your files or mail spools, please cease your lies and slander immediately.
Thank you
Michael Nieves
From: Paul Roberts <Paul.Roberts[at]kaspersky.com>
To: John Young <jya[at]pipeline.com>
Date: Fri, 8 Oct 2010 12:21:44 -0400
Subject: Earthlink
Hey – who have you been talking to/communicating with at Earthlink? Trying to go through the front door (their PR) and its very time consuming…
Also, had an interesting conversation with Mr. Barnhill. He claims it was [omitted] (or whatever) gave them up. True?
Happy to chat if you’re around: 617 817 0198.
Thanks,
Paul F. Roberts
Editor, Threatpost.com
781 503-2642
617 237-0592 (GOOG)
Twitter & AIM: paulfroberts
_________
Pete LNU is the Earthlink (high official he says) person handling the matter. His cell: 770-608-xxxx. Scribbled the number almost illegibly. If not accurate let me know. [Later Paul says the number is not Pete's.]
Pete said on Wednesday he would be traveling for a couple of days.
[Omitted] was the first to report to us he was being set up by Barnhill to punish him after money extortion by Barnhill failed. I don't want [omitted] identified yet: he is afraid of Barnhill, a big guy who can be violent. Okay to report Barnhill can be violent and is feared by those he falsely accuses and bullies.
Mike Virus Nieves, or more likely an imposter, has written to protest being defamed. That message has been added to [this file].
If you believe any of this shit you must be a redneck. Like Earthlink. Do you know it is owned by Scientologists? Not that that matters, but some hackers think its a sign of evildoing.
I have done architectural work for Scientologists in NYC. Also for Church of Christ Scientists, Opus Dei, Baptists, Episcopaleans, atheists, socialists, Black Panthers, 5 Percenters, Mafia, Muslims, communists (yes, the last Marxist school inf NYC), and so forth. Been screwed on fees by many of them. No secrets those, most are on our architectural website.
Listen, I can't over-emphasize the importance of
http://encyclopediadramatica.com
for understanding what is going on in hacker world of lying, cheating and criminality, including Wikileaks hyperbole machine, and as ever, that of angelic journalism.
John