The Web sites for computer game giant Eidos Interactive and one of its biggest titles — Deus Ex— were defaced and plundered on Wednesday in what appears to have been an attack from a splinter cell of the hacktivist group Anonymous. The hack comes just days after entertainment giant Sony told Congress that Anonymous members may have been responsible for break-ins that compromised personal information on more than 100 million customers of its PlayStation Network and other services.
For several hours early Thursday morning, the Deus Ex Web site, user forum, and Eidos.com were unreachable. For a brief period late Wednesday evening, the sites displayed a defacement banner that read “Owned by Chippy1337” (click screen shot at right for a larger version), along with several names and hacker handles of those supposedly responsible for the break-in.
KrebsOnSecurity.com obtained an archived copy of the attackers’ online chatter as they were covering their tracks from compromising the sites. A hacker using the alias “ev0” discusses having defaced the sites and downloading some 9,000 resumes from Eidos. ev0 and other hackers discuss leaking “src,” which may refer to source code for Deus Ex or other Eidos games. In a separate conversation, the hackers also say they have stolen information on at least 80,000 Deus Ex users and that they plan to release the data on file-sharing networks.
Neither Eidos nor its parent company Square Enix Co. could be immediately reached for comment. (This may not be the first time Eidos was breached: In a story I wrote earlier this year, I detailed how hackers on an underground criminal forum claimed to be selling access to Eidos’ customer database).
The attack seems to have been engineered by a faction of the hacker collective that recently seized control over Internet relay chat (IRC) channels previously used by Anonymous to help plan and conduct other, high-profile attacks. According to several news sites which covered that coup, the Anonymous control networks were taken over by a 17-year-old hacker from the United Kingdom who uses the handle “Ryan,” (shown in the chat conversation included below using the nickname “Blackhatcat”).
Also in the channel discussing the defacement and theft of the Deus Ex database are hackers “ev0,” “nigg” and “e”, screen names of Anonymous sympathizers who have been connected with Ryan’s recent coup. But according to one observer who’s been monitoring the Anonymous faction’s activities, this Anonymous splinter group appears to be splintering as well, turning on each other and framing one another for this latest attack. In the defacement message left on Eidos.com, ev0 and nigg finger Ryan in the hack, even using his supposed real name (Ryan Cleary). According to reporting by Ars Technica, Anonymous organizers angry over Ryan’s activities recently “doxed” him — publishing documents including his full name, home address, phone number and Skype handle, among other details.
“ev0 and nigg got the 0day they used to break in [to Eidos.com] from one guy, then got Blackhatcat to execute it and then screwed everyone, stole the database,” said the observer, who asked not to be named for fear of retribution from the hackers. “This is how those guys roll: One day they work together, the next they war. They drop dox on each other like it’s a game. Just like they did pinning the defacement of Dues Ex on Blackhatcat. Then denied the whole thing. Its psychotic behavior like I have never seen. Its like they hate each other but will work together on certain ops if it suits them, but then might turn on each other in the end…and then laugh it off.”
As an illustration of the above-described dynamic, a snippet of the chat conversation between ev0 and nigg discussing what to do with the Deus Ex Web site and data is pasted below. (WARNING: some of the text below contains strong language that may be offensive to readers):
[16:06] <ev0> we should put 0day
[16:06] <ev0> or exploits
[16:06] <ev0> in the pdf
[16:06] <ev0> and see if someone logs in
[16:06] <ev0> we will use a RAT
[16:06] <ev0> that will be the payload
[16:07] <ev0> one thing that would be funny
[16:07] <ev0> i write a nasty virus
[16:07] <ev0> that will bsod on startup
[16:07] <ev0> fuck up all your drivers
[16:07] <ev0> delete tons of files
[16:07] <ev0> forkbom on start
[16:07] <ev0> etc
[16:08] <ev0> we put that in an exploit kit
[16:08] <ev0> on the main page
[16:08] <ev0> there security will be responsible
[16:08] <ev0> for like
[16:08] <ev0> thousands of fucked up computers
[16:08] <ev0> and it would make the news
[16:08] <ev0> n`
[16:09] <@n`> no
[16:09] <@n`> wont work
[16:09] <@n`> be serious
[16:09] <@n`> this is srs biz
[16:09] <ev0> i am serious
[16:09] <ev0> oh we wil lget fucked
[16:09] <@n`> more like
[16:09] <@n`> where do we get the 0day from
[16:09] <@n`> who writes the virus
[16:09] <@n`> tests it etc
[16:09] <@n`> fyi
[16:09] <ev0> an exploit kit
[16:10] <@n`> i vote for
[16:10] <@n`> defacing this right now
[16:10] <ev0> alright
[16:10] <ev0> im game
[16:10] <ev0> wanna make a deface page
[16:10] <ev0> make one with #krack
[16:10] <ev0> and leak the src
[16:10] <ev0> in a torrent
[16:10] <ev0> and we’ll make a twitter
[16:10] <ev0> and link it to the page
[16:11] <@n`> no
[16:11] <@n`> dont link it to krak
[16:11] <@n`> baadddd idea
[16:12] <@n`> make a deface page pointing @ xero
[16:12] <@n`> with personal info
[16:12] <@n`> or someone else you dont like
[16:12] <@n`> “This hack was brought to you by X\
[16:12] <@n`> ya i got them all here
[16:13] <ev0> is the lfi patched
[16:13] <ev0> and the box secured
[16:13] <ev0> we’re going to get ddos
[16:13] <@n`> no
[16:13] <@n`> too much effort
[16:13] <@n`> i cleared the logs
[16:13] <ev0> we put it in the name of chippy1337
[16:13] <ev0> and direct it to irc.ddosing.eu #808
[16:13] <ev0> and write the names
[16:14] <ev0> ryan, dfs, xero, nikon, xix, venuism
[16:14] <ev0> and evilhom3r
[16:14] <@n`> YES
[16:14] <@n`> *yes
[16:14] <ev0> lol
[16:14] <@n`> and call out their dox if we have it
[16:14] <@n`> add some skiddy shit
[16:14] <@n`> idk
[16:15] <@n`> make it look funny
[16:15] <ev0> we can put ryans dox
[16:15] <ev0> kayla said she was gonna get xeros dox
[16:15] <ev0> hmm
[16:15] <ev0> we put Ryan Cleary
[16:15] <ev0> Ryan King
[16:15] <ev0> Xero aka Ryan King
[16:15] <ev0> Ryan Cleary
[16:15] <ev0> like that
[16:16] <@n`> ya
[16:16] <ev0> 16:16 &ev0 http://deusex.com
[16:16] <ev0> 16:16 &ev0 look at it now
[16:16] <ev0> 16:16 &ev0 because it will be different later…
[16:16] <ev0> said that in their irc
[16:17] <ev0> this is the ultimate troll
Anyone interested in reading more can see the entire conversation at this Pastebin link.
Anonymous has officially denied being responsible for the Sony breaches. Meanwhile, the Financial Times reports that two veterans of Anonymous have acknowledged that members of the cyber-activist group are likely to have been behind the recent hacking attacks on Sony, in spite of the group’s official denials.
Anonymous has been around in various forms for many years, but it vaulted into the international spotlight last year when it leaped to the defense of WikiLeaks, after the latter came under fire for posting secret government documents. It is worth noting that Anonymous seems to be in a state of conflict at a time when Wikileaks appears to be trying to discourage disloyalty among its own sympathizers. A story Wednesday by New Statesman reporter David Allen Green reveals that Wikileaks founder Julian Assange now makes his associates sign a nondisclosure agreement that asserts that the organization’s huge trove of leaked material is ‘solely the property of WikiLeaks,’ and that anyone who violates this agreement by leaking the organization’s unpublished material is subject to penalties of up to 12 million British pounds– nearly $20 million.
I just know that the these guys are just going to love the fact that they don’t know who is idling in their IRC channels. I am surprised Kayla wasn’t involved in this. Ev0 and Kayla have been going back and forth for a week talking about Ryan and Anon stuff.
Pastebin link not working…. Unknown Paste ID!
Should be working now. Refresh this blog post and check the link again.
Very interesting. Nice work, Brian.
That conversation sure sounds like them. I was wondering why they went for Eidos and Deus Ex. That source code was a nice steal maybe a half-decade or so ago, but today? Perhaps they weren’t skilled enough to penetrate the repo’s of some truly valuable source code, like Modern Warfare 3 or Windows 8. I doubt they will be capable of that, as it takes talented clever hackers. These guys were script kiddies with self-esteem issues.
the code for the new Deus Ex game coming out in a few months might be worth something to someone….
A: I see nothing here that indicates that this group has any relation to Anonymous
B: There is no evidence to suggest that members of Anonymous are hackers beyond the use of DDOS attacks, which this is not an instance of.
C: Anonymous is not a group with members in the traditional sense and are certainly not in any way an organized hactivist group or even really hactivists for that matter. Largely they are teenagers and young adults who happen to browse the same image boards that do not require usernames.
Please do your research before making correlations. I have written a discourse on the philosophy of hacking that has a large section on Anonymous and their association with hactivism as well as the history of hacktivism. If you are interested in reading it to augment your research for further articles such as this feel free to email me.
I am bit confused by your post. You begin by saying that you see nothing that ties this group to Anonymous. Then you say that Anonymous has no members who are “hackers”, and that they only use DDOS. And finally you indicate that they aren’t a formal group.
Given that Anonymous is random gathering of loosely affiliated individuals for a sometimes common cause your arguments seem a bit contradictory. It seems entirely plausible to me that Anonymous would contain some “hackers” with more significant skills than visiting a LOIC page. In fact I have seen convincing proof of that fact in the past.
Your last point that Anonymous isn’t a traditional group, I agree with. And for that reason it seems entirely likely that the group referenced in the article may indeed be related to Anonymous.
Overall I disagree with your points A and B, and personally I thought the correlations made were reasonable. Having also researched this particular story in a variety of other locations I think your argument here is a bit flawed.
Dangit, that was @ Daniel Marino(not football player)
Care to share some of your other various sources? The only other two places I have seen this discussed were #1 where ev0 and his bitches hang out and on cnet (who point to this blog here). Troll fail my friend.
I have a friend who has been following the IRC of anon and other hacker groups and thinks he has learned hacking techniqeues etc etc. Today I challenged him to try to take down my webserver (a pretty fast VPS server), the server isn’t anything crazy, Centos 5.5 64-bit, with whm and cpanel, well he has tried everything in his power and his little script program for the last id say 4 hours and hasn’t managed to find a SINGLE entry way into my server, these are script kiddies like someone said above that think they are hot shit because they actually managed to get into a server, anyone who knows how to actually run a web server securely would have no problem defending against these kids.
You make no point other then your “buddy” has no skillz. So, basically he lurks on anon irc servers and is a moron…
Yep, it’s been out there but no seeders – lol.
Yeah, i uploaded a new torrent. http://tinyurl.com/deusexhack
my partner in crime didn’t seed it properly :/
ev0 make up your mind, are you a hacker, snitch, or a just a weak little bitch? http://pastebin.com/rg3Acsvy
Also I’m not Anonymous and i’m no skiddie, I’m just in it for the lulz. fllow updates @ http://twitter.com/ev0_xyz
no, you are a teen retard.
Are you kidding me?
there’s three types of hackers,
1. Black-Hat Hackers: they break in and steal info like passwords, Credential info and the like.
2. White-Hat Hackers: they’re payed to get through “security systems” to further increase the payers “Anti-Hacker-Defence”
3. Gray-Hat hackers: by far the most dangerous, they have their own agenda and are a cross between black and White-hat hackers.
There are more then three kinds of hackers. Once you have only recognized white/grey/black hat’s, the game is over as you have only identified the basic moral association amongst the different “classes”.
Thanks to our wonderful, clueless lawmakers, the majority would fall into being blackhat criminals over basic concepts such as watching digitally pirated content, looking at specific computer code or using your sisters computer without asking…
If you are looking to elaborate amongst the different “class” of hackers, albeit not as descriptive as it needs to be, Bruce Schneier posted a link to a great article explaining the different kinds of hackers and the roles they play in today’s society…
“hackers”=teen pathetic shitcocks
what a dump troll.
but a very interes. article/blogpost
i will hack you to prove it, i am fluent in over 32 programming languages and have tutored high profile hackers on everything.
i have over 17 million bots as well in my botnet
Well, if you really have control over 17 million bots as you boast, would be easy to prove by voting your own comment here 10.000 times “thumbs-up”. Are you up for this challenge ? I guess not…
evo appears to actually control a botnet of 7.
32 programming languages? Really? Coming from someone who was “Just learning C” in Feb.?
Just cause you know how to command bots, doesn’t make you special.
evo please get anonops working again its still owned you faggot
Official statement by Square-Enix:
Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again.
Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio. Regrettably up to 350 of these resumes may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation. In addition, we have also discovered that up to 25,000 email addresses were obtained as a result of this breach. These email addresses are not linked to any additional personal information. They were site registration email addresses provided to us for users to receive product information updates.
No dissemination or misappropriation of any other personal information has been identified at this point.
We take the security of our websites extremely seriously and employ strict measures, which we test regularly, to guard against this sort of incident.
lmao, what a fail hacker. Some resumes and email addresses? You know, just in case LinkedIn is down. Biggest fail of the week.
downloading the torrent now
not gonna turn down 25k of emails in the gaming niche!
You know who I blame, the parents. They need to monitor their children’s internet use. I would really love to find out what their parents would think of them if they knew their child was doing this sort of thing. Very sad indeed, very sad.
Know who I blame? Weak little bitches that hack under the cozy watch of federal agents…
Granted, our culture has always had a history of double agents, from Agent Steal to Albert Gonzalez. I realize it’s the ultimate dream to hax on the Feds dime, but what they don’t realize is once there has been a leak, snitches still working, still get to visit prison.
Anonymous is a sample of the waste
Please introduce a doctor
Unusual to have say such things on this blog but: Anonymous is not a group and therefore doesn’t have splinter groups.
“…an attack from crackers who have used the Anonymous name in the past.”, might make more sense.
I have to say anyone here bringing up Anonymous needs to get educated, this is Ryan Cleary and his friends who also hacked Anon ops sites and release Anon members information they are no friends to Anon, they are working for their own self interests and it’s only a matter of time before Essex Police pick Ryan up and I.D his friends.
You speak as if you have a informed opinion, little do you know you are just as uneducated as most people commenting here. The people who understand and know the full truth are laughing at this whole thing. ev0/xyz aka Robert Cavanaugh of 306 Old Westbury Road,
has/will most likely get arrested, considering the FBI are involved.
So fuckin retarded…
If those are Hackers im Santa Claus 🙂
And Mr Krebs should know this with his years of Experience in this field also 😉
“Julian Assange now makes his associates sign a nondisclosure agreement that asserts that the organization’s huge trove of leaked material is ‘solely the property of WikiLeaks,’ and that anyone who violates this agreement by leaking the organization’s unpublished material is subject to penalties of up to 12 million British pounds– nearly $20 million.”
This is classic; “I have stolen information in my possession, so it’s mine and if you steal it from me I will have you prosecuted…”
WTF world is he living in?
Yeah.I also would like to know what world Assange is on to have an NDA on material stolen from the US?
Still shaking my head over that one.
here is a list of a few of anon’s passwords. They were in the pastebin link provided. I don’t know if they still work, hopefully they were smart enough to change them.
AnonRyUk -> nickserv: identify MyLif3Rulz
AnotherAnon -> NickServ: IDENTIFY asdfjkl
Bastion -> NickServ: IDENTIFY lanterne
Bastion -> NickServ: identify lanterne
Billlybot -> nickserv: identify billybot budgie69
Billlybot -> nickserv: identify budgie69
Billlybot -> nickserv: identify help
Billybot -> nickserv: identify budgie69
Busirako -> nickserv: identify Chaosium
Cr1SA1 -> NickServ: IDENTIFY crisao09*
CrimsonKing -> nickserv: identify 123456789987654321
Deadward -> NickServ: IDENTIFY wutlol
Der_Bluthund -> NickServ: IDENTIFY endemoniada
DocEvil -> NickServ: IDENTIFY bbc199421
Echelo -> nickserv: IDENTIFY p455w0rd1q2w3e
Emperor_Whimsical -> NickServ: identify blaze11
Emperor_Whimsical -> nickserv: identify blaze11
EsPeJiSmO -> nickserv: identify c4rolin4
Hajiki -> NickServ: IDENTIFY 1337h4x
Hajiki -> NickServ: IDENTIFY anxpv189@$
Joe_Yabuki -> nickserv: identify azazel
Kashiwaba_Tomoe -> nickserv: identify tomoenewed
Kashiwaba_Tomoe_ -> nickserv: identify tomoenewed
Kl4us -> NickServ: IDENTIFY c0p0clephile
LoBot -> NickServ: IDENTIFY pass4egg
M4C -> NickServ: IDENTIFY M4C P455w0rd
M4C_ -> NickServ: IDENTIFY M4C P455w0rd
MacGyver -> nickserv: identify azazel
Mugen -> nickserv: identify sepialoca
Muskui -> nickserv: identify skariot&darkness
Mutiny -> NickServ: IDENTIFY bros4lyfe
OpNoPro -> NickServ: identify batman1927
Piruco -> NickServ: IDENTIFY icaro2011
Psycho -> nickserv: identify Marlene
Radiation -> nickserv: identify nuclear
Ryonymous -> nickserv: identify alpha1010182198
Sabit -> nickserv: identify lawlawl
Sam-L -> nickserv: identify 123456
Shinigami -> NickServ: IDENTIFY 1337#4x0r
Silivrenion[away] -> NickServ: IDENTIFY homework6
SmilingDevil -> nickserv: identify owk426wi
Swahv -> nickserv: identify leinad298198
TheFizz -> nickserv: identify hibillymays
UnrealPancake -> nickserv: identify keepout1
Vertigo -> nickserv: identify 01326fr
Yamajun -> nickserv: identify escarabajo
aKnox -> nickserv: identify pornoM
aldiyen -> nickserv: identify Yay1nt3rN3ts!2
anolio -> NickServ: identify okm09889
anon-ymous -> nickserv: identify logitech123
anon-ymous32 -> nickserv: identify logitech123
anon_weqtq4fgkjrfk -> nickserv: identify foobar
anonemous -> NickServ: IDENTIFY Anonymous
anteaterz2 -> nickserv: identify derzderz
antitodo -> nickserv: identify julio1889
arash -> nickserv: identify paganihuayra
brainsh -> nickserv: identify hxcbmxn1
cooljack -> NickServ: IDENTIFY kekse123
crapulia -> nickserv: identify hispano
d3t3r0k -> nickserv: identify l0r3n1t4
daboogieman -> nickserv: IDENTIFY r2d2c3po9021
daboogieman -> nickserv: identify r2d2c3po9021
dpsi -> NickServ: IDENTIFY dar1997ien
drp -> nickserv: identify metalgear
e -> NickServ: IDENTIFY lolpass2
edgey -> nickserv: identify blackhatcatmakesmehard
gailo -> NickServ: IDENTIFY passwerd
gtn -> nickserv: identify hockey14
hacknwheeze -> NickServ: IDENTIFY Anonymous
halcy -> nickserv: identify iluvero
heyguise -> nickserv: identify p@ss4anon
kk -> nickserv: identify hockey14
kzanon -> nickserv: identify viertel
mR_doigO -> nickserv: identify jojojo**
maximus -> nickserv: identify 12345
moe -> nickserv: identify 1234
nawcom -> nickserv: identify nawben123
opensourcerer -> NickServ: IDENTIFY fajita3a
opoze -> NickServ: IDENTIFY nolimit13
packetfl0 -> nickserv: identify .4n0n0ps!
packetfl0 -> nickserv: identify 4n0n0ps
packetfl0 -> nickserv: identify 4n0n0ps!
packetfl0 -> nickserv: identify 4n0n1rc
packetfl0 -> nickserv: identify 4n0n1rc!
pipe1143 -> nickserv: identify pipe88
plato -> NickServ: IDENTIFY throw1away
pnook|awy -> NickServ: IDENTIFY k27p9f3x
pnook|awy -> nickserv: IDENTIFY k27p9f3x
pr0ject -> nickserv: IDENTIFY mynewpassw0rd
pr0ject -> nickserv: IDENTIFY password
pr0ject -> nickserv: IDENTIFY password1
pr0ject -> nickserv: IDENTIFY pw1
psycho_ -> nickserv: identify nototetremor
sleinad -> nickserv: IDENTIFY lolol
stonedguise -> NickServ: identify p@ss4anon
sylvian -> NickServ: identify 52522704140608
toxin2 -> NickServ: IDENTIFY 21121983geb
turen365 -> nickserv: identify Behemoth0089
xyz -> nickserv: identify FUCKYOU
younghero` -> NICKSERV: IDENTIFY chronic
younghero` -> nickserv: identify chronic
zaiger -> NickServ: IDENTIFY password
zaiger -> nickserv: Identify password
zappe -> nickserv: identify mosquito
Funny thing is I know Xero (one of the hackers). We used to talk before, not often but we did.
He is skilled, very skilled…
As you might know by now Ryan Cleary was arressted by the eCrime unit of the. UK’s Met Police.
However if you search the Internet on the other home address (ie 10 South… not 33) you will find that the family is well known to Essex police. His Mother and elder brother have been convicted of drugs related crime. Further both of them are claiming state benifits for agriphobia even though there are a number of photos of them up on the net walking around outside.