Unveillance Official Statementby admin, unveillance.com
June 3rd 2011
FOR IMMEDIATE RELEASE
Official Statement from Karim Hijazi, CEO of Unveillance
Over the last two weeks, my company, Unveillance, has been the target of a sophisticated group of hackers now identified as “LulzSec.” During this two week period, I was personally contacted by several members of this group who made threats against me and my company to try to obtain money as well as to force me into revealing sensitive data about my botnet intelligence that would have put many other businesses, government agencies and individuals at risk of massive Distributed Denial of Service (DDoS) attacks.
In spite of these threats, I refused to pay off LulzSec or to supply them with access to this sensitive botnet information. Had we agreed to provide this data to them, LulzSec would have been able to grow the size and scope of their DDoS attack and fraud capabilities.
Plain and simple, I refused to comply with their demands. Because of this, they followed through in their threats – and attacked me, my business and my personal reputation.
I believe this incident shows the true nature of LulzSec. For those who might think otherwise, consider the following exchanges, taken directly from several of our IRC chats:
(KARIM) So did we wrong you in some way, let’s get to the point?
(LULZ) <@Ninetales> If you wronged us, all of your affiliates would be crushed. Don’t worry, you’re in the good books. The point is a very crude word: extortion.
(LULZ) <@Ninetales> And what we’re both willing to agree upon that you sacrifice in return for our silence.
(LULZ) <@Ninetales> While I do get great enjoyment from obliterating whitehats from cyberspace, I can save this pleasure for other targets. Let’s just simplify: you have lots of money, we want more money.
(LULZ) <@Ninetales> Prepaid Visas, MoneyPaks, BitCoins, Liberty Reserve, WebMoney, the flavor of your choice. Naturally we’ll avoid PayPal.
(LULZ)[15:04] hamster_nipples: what made you decide to get into this business?
(LULZ)[15:04] hamster_nipples: you realize the security business is severely dangerous?
(LULZ)[15:04] hamster_nipples: do you realize there are blackhats x1000 worse than us that would have harrassed your
(LULZ)[15:04] hamster_nipples: personal life?
(KARIM)[15:04] me: Saw a need… usually a good reason.
(LULZ)[15:04] hamster_nipples: you should consider yourself lucky.
(LULZ)[15:04] pwnage: heard of the guy who runs ZeuStracker?
(KARIM)[15:05] me: yes
(LULZ)[15:05] pwnage: they planned to have him whacked
(LULZ)[15:05] pwnage: faked his suicide
(LULZ)[15:05] pwnage: fucked with his life big style
(KARIM)[15:23] me: I need to think and be able to think clearly without the threat of extortion.
(LULZ)[15:23] hamster_nipples: haha
(LULZ)[15:24] hamster_nipples: unfortunately you have little choice at this point
(LULZ)[15:24] hamster_nipples: don’t think of it as extortion
(KARIM)[15:24] me: Without that luxury, my company will fail…
(LULZ)[15:24] hamster_nipples: consider it a partership
(LULZ)[15:24] hamster_nipples: at this point I don’t want your business to fail
I think that says it all.
A few points I wish to clarify:
1. I have been able to protect the sensitive data which LulzSec was ultimately after. All they have stolen and publicly dumped are my personal and work emails.
2. I am now, and have been, in full cooperation with the FBI. In fact, I contacted the FBI and US-CERT immediately after I began receiving threats from LulzSec to request their assistance – and to explain the nature of the threat. I offered my full cooperation to the FBI in an effort to rectify the situation.
3. Unveillance is not a security company. We are a private botnet monitoring service – and a good one, which is why we were targeted. I do not provide security services to other companies. What I do provide clients with is the first zero false-positive analysis tool for identifying confirmed botnet infections in their computer networks.
4. I am not surprised by this attack; or the information dump on me; or their slanderous statements against me and my company. This is precisely what they threatened me with – in addition to other things, including allusions to physical harm to me and my family – if I did not cooperate with their demands.
5. I do not regret refusing to cooperate with LulzSec. My data is of national security importance. I could not and cannot, in good conscience, agree to release my botnet intelligence to an organization of hackers.
I stand firm behind my decision not to comply with the demands of LulzSec. I hope this incident will enlighten others as to the true character and intent of this organization.
- Karim Hijazi
Shared from Read It Later