Skip navigation

This weekend, I got an email about this social networking site that some students at Dartmouth made called like Repcoin or something, that was basically a combination of Facebook, LinkedIn and Bitcoin – a real modern day application.  Seeing that our reading this week was about Anonymous, naturally I was inspired to become a h4x0r and see what website vulnerabilities I could find.

On my first peek at source code, I found out that literally every page not only has a list of every user of the site, but loads every person’s profile picture.  If you aren’t technical, this might not sound that bad, but trust me it’s CRAZY.  It was pretty clear that the people who made this didn’t really build it with security in mind.   

(Note:  If you want to see all their users, go to repcoin.com, then right click anywhere on the background and click on Inspect Element, and you will get a little box at the bottom of your browser with HTML.  There should be something that says <div class=“links” style=“display…….>, just click the little arrow to the left of that to twirl it down and you will see all the users’ names. )

After that, it took less than an hour to crash the entire website.  They got it back up pretty quickly and deleted my account, but like whatever it’s probably some freshman from Dartmouth.  Since then, they have fixed none of their security vulnerabilities.

This investigation was definitely just for the “lulz,” and I didn’t really do anything malicious to their website.  However, in about 15 more minutes, there is a good chance that I could have had access to all of the files on their personal computer, and the ability to execute arbitrary code on there too.  This is probably not good for them.

Anyway, I think the point of this story, is that when I was reading the Anonymous article, I guess I never realized how most of their stuff is jokes.  Most of what I hear about is how terrifying they are, and how we should fear them, but this article made me feel like the people who identify as anonymous are more like me, who a lot of the time don’t really have anything huge in mind and are just sort of screwing around.  Clearly they have the power to do really malicious things, and have, but not always.

What I found particularly interesting was how they said that there are people who are part of anonymous who aren’t technical, and just edit videos or pen manifestos. I think that this has some decent political implications.  A group that is just screwing around for lulz doesn’t need anyone to edit their videos or pen manifestos for them, so maybe that is why I thought they were scary and not a joke group.  But then their videos are often pretty humorous too, so that just confuses me a little too, which I guess the article discussed too. Cool reading.