Well, if you had any feelings that the Electronik Tribulation Army had turned over a new leaf, after declaring themselves to be a whitehat group, disavowing the alleged crimes of their former leader, and opening up their forums for public registration, then it is probably safe to put those feelings to rest.  Old habits die hard.

Since their coming-out, the admin, Xon (pronounced, “Zon”), maintained a private area of the forums so that “trusted” ETA members could “still conduct our operations without everyone in the world seeing it.”  This is, by itself, not unusual.  Many forums have private sections for “elite” or paying members.

What is interesting, however, is that in their move today to new forum software, Xon (pronounced, “Exxon”) neglected to protect those normally private areas of their site, offering normal members a view behind-the-scenes.

Among old posts of pirated software and skiddie tools, is a forum named “Blacklist Watch”, described as “This is where we actually watch people who we know, we hate and we want to watch out for and other stuff to”.  Apparently, I am the only person they know and hate (and want to “other stuff to”), as there is only one thread in that forum: “Robert Wesley McGrew”.

I have archived that post here, as it likely won’t last much longer on the original site.  Note that, due to idiosyncrasies of the new forum, after the first, top post, further posts are in reverse chronological order:

Some highlights to watch for, from the usual crew (XXxxImmortalxxXX, E.T.A. Fixer, Xon (pronounced, “Zone”), et. al.):

  • A flattering estimate of my age
  • Me somehow getting burned by Paul Schmehl on FD by being CC’d on a email he responded to
  • XXxxImmortalxxXX calling my wife a fat bitch
  • “Identity: SANS Wesley Mcgrew , Mississippi State University CIPC SCADASUMMIT”
  • Discussion of getting my high school transcripts so they can see how I totally aced a typing course that still involved IBM Selectric typewriters
  • This discussion:
    • E.T.A. Fixer: Nice thread, anyone have a black van?
    • Xon (pronounced “Ex Oh En”): No, but I have a white car…
    • E.T.A. Fixer: How big is the trunk?
    • Xon (pronounced “Zune”): Big enough…. trust me…
    • Backdoor.Armageddon: Hahaha i see where this is going now lmao….
  • Some other Crystal McGrew’s live.com/hotmail.com account!  Fascinating!
  • Apparently, all Mac OS X-using security geeks are homos.
  • The absence anything that I didn’t willingly put on the Internet
  • The absence of a surprising amount of things that I did willingly put on the Internet

Edit: Xon argues that the timestamps are off from the move to a new forum software (that has been reverted). It’s easy to see, however, that a majority of these posts were made after their “transformation”, as there is information in there that applies to my new hosting, which I switched to on September 8th.

  28 Responses to “ETA is Leaking, drops a few docs”

  1. You know Mcgrew, if I didnt know better I would think of this as an inflamatory post, I almost got angry at your public display of aggravation. But I would reccommend you stop sitting on our forum like a bird waiting for an egg to hatch and get a hobby.

    Most of that material was posted by your buddy Immortal. I have no interest in “profiling” you or anything like that. After careful reconsideration, and listening to you talk about the events, as far as I am concerned anyone in your shoes would have done what you did. As far as the black van thing, that was just humor. You can relax, nobody is going to pull up in a van with offers of candy and a ride to the corner store. Fortunatly for you, none of us who are capable of doing something like that, are that stupid.

    In general, the ones who are that stupid, are not capable.

  2. It’s funny how these guys think they’re dropping docs just because they’ve figured out how to use Google and the White Pages. Most of the “information” they found on me, isn’t even mine, just the gmail address and myspace. Funny how they didn’t find my other email addresses, twitter account, facebook, or personal blog.

    Also, XXxxImmortalxxXX, to be so polite on the phone, I’m surprised you would call me a fat bitch, even though that is a fairly accurate description. However, you forgot to add crazy to that. Crazy bitch is Wesley’s pet name for me actually :-)

    Thanks ETA for providing hours of lulz to the McGrew home .

  3. “’its funny how these guys think they’re dropping docs”

    Its funny how you guys think we, “think were dropping docs”

    I personally am not interested in expressing any sort of hostilities towards you Mr Mcgrew.. Read my previous post.

  4. And btw, IMHO Macs are for idiots with too much money, who are also too incompetant to keep pc operational..

  5. Now, please do me a favor and correct your misleading blog and indicate that your buddy Immortal was the one trying to dox you, Not XON and Not Myself either.

    Thank you, that is all I ask.

  6. Ha ha ha ha… man what a good lulz for the morning…

    Hey McGrew, really man, if you didn’t realize, those are all old posts. Before the hole change of heart. Anyway, everything is being redone, so pardon my slowness in taking down info about you which I honestly don’t care about.

    What you don’t seem to realize is that we are a bunch of normal guys. So we joke around. Apparently to you, everything we say is always in complete seriousness.

    As for all the mis pronouncements of my name… Man, you really hit rock bottom with that. You must really be trying hard to get some attention. But you know, I am sure that is what you really want. You want as much attention as possible. The funny thing is, is that you can’t get any without trying to pick a fight. That shows real maturity. You know, I could really point out more and more fallacies but it doesn’t do anything…. I just want to set the record straight. And honestly, this post is just a worthless ranting to try and fill a blog that is almost less that a bore…

    Anyway, the name is Xon (exxon) but I wouldn’t expect your brain to handle that, so you can call me whatever you want.

  7. I went back into my email and checked, and to be clear: you opened up registration on or just before August 30th. The public facing portions of eoeta.com reflected your “hole change of heart” some time before that (couple of weeks at least). The majority of the posts to that thread are timestamped well after that time.

    If you truly have, as a group, undergone a “hole change of heart”, turned whitehat, and disavowed your past, then I’m very happy for you. It doesn’t, however, buy you out of having a post like this made, and don’t expect everyone to start taking what you say seriously right away, with no evidence other than emphatic assertion.

  8. Whatever, I am not going to explain myself. Last I checked, we have freedom of speech.

    Either way, its down, so you don’t have to worry about it because I know you really fret over these little slandering statements…

  9. You do have freedom of speech, and as far as I can tell have done nothing illegal, in that thread.

    I have locally mirrored the thread, so that my readers can have some fun and check it out.

  10. Oooo, oooo, who is going to get the last word. I love pissing matches!

  11. Im gonna piss all over ya soon.

  12. drip drip drip, counter blog up

  13. Yo Wesley McGrew, sorry to burst your bubble tard, but that shit is about 6 months old LOL you have no idea what your really doing … seriously you do not its so funny how you think you do… next time you try to fool like that i will personally shut down your computer, little faggot boy. the new ETA is by far more white hat you can ever dream of. but i am not that. “BLACK HAT LIST” was when i was still in ETA and that was about 6 months ago like i said… butt boy shit dick cumdumpter

  14. You’ve got some reading comprehension problems to go with that tourette’s don’t you, r00t34d?

  15. I dont know about the rest of ETA
    fixer aka kingwifu@aim.com
    is a fucking clown , ever since i dropped his docs like 2 yrs ago
    he constantly ims me with some youtube video about some anonfags
    hes even gone so far as to post my aim name on the forums “so noobs will i/m this anonfag” thinking its him . they banned me right after i posted not sure if they erased the post http://forums.eoeta.com/index.php?topic=237.0

  16. Fixer is a fucking clown, this is true, hes a dumb faggot. i agree with you chilly :)

  17. “XXxxImmortalxxXX calling my wife a fat bitch”

    LOL
    I dunno why but that amused me… Now I remember him saying it though.

    I also want to point out where it says, “Since their coming-out, the admin, Xon (pronounced, “Zon”), maintained a private area…” Xon is actually pronounced “X-on” not like Zon.
    That’s kind of off topic but I just felt like throwing that in there.

  18. r00t34d , you are a fucking retarded mogaloid and punk with no respect. Your opinion means jack shit, and little to anyone. And as far as this anonfaggot “dropping dox” You havent done shit ass clown.

    But here, allow me, my names

    Benjamin E. Nichols 405 753 7158
    1926 N Rockwell #249
    Bethany, Ok 73008

    awwww snap guess wut anonfag, Im not afraid of you, and I dont give a fuck.

  19. mcgrew do you actually provide security or do you just bitch all day about nothing

  20. hey mcgrew is this your real address i wouldn’t mind coming over for a beer
    7867A HWY 19 N COLLINSVILLE, MS 39325

  21. If you’d like a current address, why don’t you just whois my domain name? It’s not like I’m trying to hide it.

    Do you usually need this much help from the guy you’re “dropping docs” on?

  22. Actually, the information I got was from an 0-day exploit I found on the SMF forums, before the switch. I don’t believe you released the version of your browser and your ip online. I don’t know, maybe you did, but I found it using this exploit. Anyways, what I did was in no way illegal, because it’s dynamically loaded content that YOU load on your computer, by visiting the website you are agreeing to such scans. For a security expert, you don’t seem to know much about your profession.

    • You may have found my IP address and User Agent by some zero-day exploit in their forum, but what I’m saying is that it’s nothing that I have tried to hide. That’s the same information that gets provided by the browser to any of hundreds of sites I visit in a day. It’s sitting in logs for any webmaster bright enough to read them, and probably for some sites, publicly indexed in Google in folks’ aw-stats.

      I know that finding my IP and UA wasn’t your only reason for hacking the eoeta forums, but here you’re acting like you deserve props for finding them just because you did it a “harder” way. If you want a cookie for that, you’ll have to go elsewhere.

  23. Since when in the security community was finding an 0-day not a big deal? I was merely stating that while some of the posters dropped stupid pipl.com and google.com searches, even those that were poorly done. I used an interesting 0-day, which, really, is what hacking is all about. The information is not that interesting, the method, is. Especially if it is considered the innovative php that could be devised to exploit this hole.

    • The 0-day might be interesting, I’ll give you that. Post it to milw0rm and/or full-d, get the credit you deserve for it, and enjoy it. I agree that’s what hacking’s all about.

      I think we’re speaking at cross-purposes here, but to straighten it out: We both agree that the information you found isn’t really that interesting no matter how you found it, but the exploit itself could be. Is that fair?

      I honestly don’t have a beef with you, or what you’ve done (otherwise I wouldn’t have mirrored it on my own site). It’s just interesting to point it out in context, for the folks who follow this site to enjoy and have a laugh at.

    • Also, just a heads up: I’ll approve pretty much anything you want to post as a comment through the moderation queue, but the last one went into the Spam queue for whatever reason.

      I’ll keep a close eye on the Spam queue too, but if you post something and a lot of time goes by without it showing up, It may be because I overlooked and cleared it. Send me an email and I’ll straighten it out.

  24. Yeah, I don’t have a beef with you either. (ETA members can quote me on that.) Anyways, I would probably post it on securityfocus.com (my preference of security website). But I want to experiment with images made by php that include XSS holes first, that would be cool. Meh, whatever, I still feel you shouldn’t be “lurking” the forums. I mean, honestly, you are a titled security expert, drop some input into some of the threads. I’m admin, if someone flames you for no reason, I’ll delete the post, but seriously, at least be active, please.

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

   
© 2012 McGrew Security Suffusion theme by Sayontan Sinha