Well, if you had any feelings that the Electronik Tribulation Army had turned over a new leaf, after declaring themselves to be a whitehat group, disavowing the alleged crimes of their former leader, and opening up their forums for public registration, then it is probably safe to put those feelings to rest.  Old habits die hard.

Since their coming-out, the admin, Xon (pronounced, “Zon”), maintained a private area of the forums so that “trusted” ETA members could “still conduct our operations without everyone in the world seeing it.”  This is, by itself, not unusual.  Many forums have private sections for “elite” or paying members.

What is interesting, however, is that in their move today to new forum software, Xon (pronounced, “Exxon”) neglected to protect those normally private areas of their site, offering normal members a view behind-the-scenes.

Among old posts of pirated software and skiddie tools, is a forum named “Blacklist Watch”, described as “This is where we actually watch people who we know, we hate and we want to watch out for and other stuff to”.  Apparently, I am the only person they know and hate (and want to “other stuff to”), as there is only one thread in that forum: “Robert Wesley McGrew”.

I have archived that post here, as it likely won’t last much longer on the original site.  Note that, due to idiosyncrasies of the new forum, after the first, top post, further posts are in reverse chronological order:

Some highlights to watch for, from the usual crew (XXxxImmortalxxXX, E.T.A. Fixer, Xon (pronounced, “Zone”), et. al.):

  • A flattering estimate of my age
  • Me somehow getting burned by Paul Schmehl on FD by being CC’d on a email he responded to
  • XXxxImmortalxxXX calling my wife a fat bitch
  • “Identity: SANS Wesley Mcgrew , Mississippi State University CIPC SCADASUMMIT”
  • Discussion of getting my high school transcripts so they can see how I totally aced a typing course that still involved IBM Selectric typewriters
  • This discussion:
    • E.T.A. Fixer: Nice thread, anyone have a black van?
    • Xon (pronounced “Ex Oh En”): No, but I have a white car…
    • E.T.A. Fixer: How big is the trunk?
    • Xon (pronounced “Zune”): Big enough…. trust me…
    • Backdoor.Armageddon: Hahaha i see where this is going now lmao….
  • Some other Crystal McGrew’s live.com/hotmail.com account!  Fascinating!
  • Apparently, all Mac OS X-using security geeks are homos.
  • The absence anything that I didn’t willingly put on the Internet
  • The absence of a surprising amount of things that I did willingly put on the Internet

Edit: Xon argues that the timestamps are off from the move to a new forum software (that has been reverted). It’s easy to see, however, that a majority of these posts were made after their “transformation”, as there is information in there that applies to my new hosting, which I switched to on September 8th.


Last week, Michael Farnum, of the excellent An Information Security Place podcast asked me if I would like to be interviewed for the show.  Michael’s one of my favorite folks to follow on twitter (@m1a1vet) and a really nice guy, so I agreed and we recorded on Monday afternoon.  Prior to this, I hadn’t used Skype or my headset since last year when I was on Securabit talking about DNS vulnerabilities!

Episode 25 of the podcast is Michael’s interview with me.  We discuss the GhostExodus incident, and spend some time afterwards talking about SCADA and control-systems security.  It was very casual and candid, and I had a great time.  The episode is available here:

…although I recommend subscribing to the podcast to keep up with new episodes of it.


While Dr. Vaughn was traveling this week, I lectured the CSE 4243/6243 Information and Computing Security class on Wednesday, and today (or will, in about 30 minutes).  These two lectures are a mile-high overview of terminology and examples surrounding vulnerabilities, exploits, malware, and denial of service attacks.  Chapter 3 of Charles P. Pfleeger’s Security in Computing, 4th Edition was the assigned reading for this week, and much of the material in the slides for this lecture was adapted from this text or used it as a guide.

The slides area available here, for the students who would like to add them to their study materials for the upcoming test, and for anyone else who might be interested:

The slides may be of limited use without the accompanying lecture, as I often bump out of the slides to look at classic or recent examples of things on the Internet.  I’m more than happy to talk about them to anyone who contacts me, though.


I am currently in the process of setting up a new host for mcgrewsecurity.com .  This should be the last post on the old host.  I’m just throwing this on here so by the time I switch (probably later today) this will already be in folks’ RSS readers to explain any (hopefully minimal) downtime or weirdness.

The look and content is going to stay the same for now, so you won’t have to change feed URLs or links.

Some alternative contact info, in case mail starts bouncing or dropping, or if you just want to see how it’s going:

EDIT: Everything seems to be working fine!


If you took a look at the slides for Monday’s lecture (or were there in-person), you might recall that the last slide of content contained quotes from the ETA’s current site on the Internet, eoeta.com. The new leader, “Xon”, has disavowed the actions that led to the previous leader’s arrest, and is very firm in stating that the new ETA is “ethical” and no longer engages in illegal activities.

Registration on their forums has also opened up, and I was surprised that Xon made the goodwill gesture of activating the account I created the night before my lecture. Here’s a direct link to their forum section:

There are still posts on the forums that go back to just after Jesse “GhostExodus” McGraw’s arrest, before the ETA’s attempt to transform into a white-hat organization, so there is some pretty interesting reading there.  Registering an account and having it approved by an admin is required to gain access to the forums, however the process seems to go pretty fast.

Is the Electronik Tribulation Army really a white-hat group now?  While Xon may feel strongly about the transformation, he may find it difficult to bring the members in line for it.  With members like “E.T.A FIXER” (aka DarthAnonymous, TrashBagTeddy, etc.) that continued to troll the comments sections of this site, and scroll insults (and creative ASCII art) in this site’s IRC channel long after the arrest, other ETA members may find it difficult to convince others that they have truly abandoned their blackhat ways.

This is also the first time someone’s made a “motivational” poster about me.  Touching! :

(Credit goes to Fixer.  I did crop the image a bit.  You can find the original in a couple of threads on the ETA forums)


Shawn Moyer and Nathan Hamiel’s talk at Defcon 17, Weaponizing the Web: More Attacks on User-Generated Content, is now available on Vimeo:

Shawn Moyer and Nathan Hamiel: Weaponizing the Web (DefCon 17) from Vim EeeeOOO on Vimeo.

I just finished watching it (unfortunately missed it while I was in Vegas), and it’s very good.  I’m looking forward to playing with MonkeyFist.

© 2012 McGrew Security Suffusion theme by Sayontan Sinha