Apr 08 2009
CasperNet meets Warcraft III
Found this on D0mber’s Basecamp and I think they are right:
Lost33′s logo on his blog:
And a character from Warcraft III, called footman:
Now all of the links are complete.
Tag Archive 'CasperNet'
Apr 04 2009
CasperNet gets punked
Remember the fable about the Scorpion and the Frog? Well, we got stung…
Lost33 did not make contact with Jumper last night. In fact, it seems he spent the night changing his QQ number and deleting all info from his blog. The website is now completely empty, except for a change to his personal data. Lost33 changed his current residence from Sichuan to Beijing:
We retained a full copy of the previous night’s conversation with Lost33 but have decided to only release two sections. The first section is being reprinted to prove the connection between Lost33 and the losttemp33 hotmail account:
jumper_tdv 2009-04-02 23:57:28
Do you have the email address losttemp33@hotmail.com?
周小屁 2009-04-02 23:57:30
Sorry for my english too
周小屁 2009-04-02 23:58:11
yes ,but i never use it.
The second section is being released…well, to be honest, just because I think it is funny. I can practically see Jumper’s expression as he types, “Yes, really.”
jumper_tdv 2009-04-03 00:05:29
The problem is that your lost33 email is used to register DNS names for hackers
周小屁 2009-04-03 00:05:43
really?
jumper_tdv 2009-04-03 00:05:51
Yes, really
Are we surprised, shocked, or angry over Lost33 punking us…
-Hey, it’s just his nature.
Apr 03 2009
Children of a lesser malware
UPDATE: Added further comment by Nart Villeneuve at the bottom (Great guy!)
Yep, that would be us…
According to researchers at IWM, Lost33′s information was only included in the GhostNet report because his malware was found on two computers associated with the Dalai Lama’s network. However, it was different from the remote control access tool gh0stRAT that made up the backbone of GhostNet.
From the report by Robert Lemos at Security Focus:
However, the e-mail address was found only on two of the computers analyzed for the investigation, said Nart Villeneuve, a researcher at the CitizenLab and one of the authors of the GhostNet report. Both computers had been infected with a second piece of malware, separate from the gh0st remote access tool (gh0stRAT) that formed the backbone of the surveillance network, he said.
“That is a valid piece of malware but it is not the one related to the malware that connected to the admin interface for the gh0stRAT,” Villeneuve said.
So it looks like we are now investigating a massive network intrusion of two computers. One, two. We will call our project CasperNet.
Spoke with Jumper earlier today and he still feels it is worthwhile to pursue. So, he will continue his conversation with Lost33 tonight.
UPDATE: Wanted to add this comment left by Nart Villeneuve because I thought it was super nice of him. I botched up his report but he was still kind enough to stop by and offer these words of encouragement:
“I wouldn’t say lesser at all — just different. The CasperNet (www.lookbytheway.net/www.macfeeresponse.org) which sounds way better than what I’ve been calling it (CGI after their use of CGI scripts) was the one that was found to be retrieving a sensitive document related to the Dalai Lama’s negotiating position. In addition to being found at the OHHDL it was also found at the Tibetan NGO Drewla.”
