Mac worm hacker vanishes from blogosphere

Mac worm hacker vanishes from blogosphere
Mac worm hacker vanishes from blogosphere 

By Robert McMillan
IDG News Service
July 18, 2007

Just days after claiming to have written a worm that could be used to 
attack Mac OS X systems, the anonymous blogger known as Infosecsellout 
has gone quiet.

His (or her or their) blog as been renamed. Old posts have been removed, 
the blog has been renamed "Security Information," and Infosecsellout 
says the blog is finished. Mysteriously, however, there are two new 
posts on the blog, one of which provides a link to information on the 
alleged worm.

But they are fake posts, according to Infosecsellout, who said the blog 
was hacked on Tuesday night and will not be revived.

"Infosecsellout is now dead," the anonymous blogger said in an e-mail 
message. "It was a great experiment to see how the industry could handle 
some honesty, which they can't. They are quick to attack the credibility 
of others in order to hide their own flaws."

Since he started blogging last year, Infosecsellout made his share of 
enemies, offering uncensored and occasionally amusing observations on 
computer security research and its practitioners. (He once called this 
reporter a "mindless hack" for reporting flaws in the beta version of 
Safari 3.0.)

The blogger said he needed to remain anonymous because of his unpopular 
opinions. "The last thing I want is some crybaby to involve my employer 
in things that I say on this blog," he wrote in January.

On Sunday, however, he may have crossed a line, in reporting that he had 
been "compensated" for writing a worm that could exploit a variation of 
a bug in Apple's Bonjour automatic network configuration service that 
was initially patched in May. The flaw lies in Bonjour's mDNSResponder, 
which is used to do things like discover printers or share iTunes files 
on a local area network, he wrote.

Though Infosecsellout provided nothing to back up his claim, the story 
was widely reported and security researchers began to investigate who 
may have been behind the blog.

Metasploit developer HD Moore said that he's "70 percent" sure he knows 
Infosecsellout's identity, based on a study of his posts and of e-mail 
messages from known people performed using a writing analysis tool 
called Unmask.

Moore wouldn't say whom he suspected, but he noted that Infosecsellout's 
blog vanished soon after he contacted his suspect. Like every other 
security researcher contacted Wednesday, he didn't buy Infosecsellout's 
story that the blog had been hacked.

"It seems like someone's getting worried that their cover is getting 
blown and they're doing cover-up," Moore said. "There's been a lot more 
attention from folks trying to unmask [Infosecsellout] in the past day 
or two."

A blogger going by the name of Cutaway suggested that a hacker known as 
LMH could be behind the blog, but Moore said that this argument did not 
seem credible.

Thomas Ptacek, a researcher at Matasano Security, agreed that the 
blogger was probably not LMH. "My theory right now is that it's more 
than one person," he said.

In an e-mail message, Infosecsellout said that the blog was written by a 
group of self-employed authors, but that appeared to contradict the 
blog's January post claiming that the author was worried about his 
employer being approached.

When asked to explain the apparent contradiction, the blogger said, 
"Even the self-employed have employers that are subject to crybabies."

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. 

Site design & layout copyright © 1986-2015 CodeGods