Hacking Twitter: Visualize Hacker Communities

posted Jan 23, 2012, 4:36 AM by Anthony Lai   [ updated Jan 23, 2012, 7:59 AM ]
Today is Chinese Lunar New Year, I would like to represent VXRL to say "Kung Hei Fat Choy" to you all.

As there are two high-profile hacking teams, Lulzsec and Anonymous, giving us their latest act via Twitter. I am curious about their activities and any connection in between on a snapshot basis. 

Retweet Network
I just requested the Twitter request via its provided API[1] to pass me 100 resulting records via a Python program[2].

Interestingly, from Lulzsec graph, I have found a number of similar/correlated groups of Anonymous and explicitly state that it's from British, Sweden and some are named as IRC bots indeed, I believe it is good for them to ensure their act and news are successfully propagated if Twitter closed one of their accounts, meanwhile, I may guess their major forces (or volunteers?) are from Europe.

The twitter accounts supporting Anonymous (may be owned by them or volunteers) include:
- YourAnnoNews
- AnonOpsSweden
- AnonOpsBrazil
- AnonymousIRC
- BritAnonymous
- AnonymousBrazil
- AnonymousOnly

From the graph, it shows AnonOpsSweden acts a core for people or other team/group to follow.

For LulzSec, accounts include:
- LulzSec
- LulzSec47
- LulzSecBrazil

It is quite interesting that other than Europe, we could find groups from Brazil supporting both LulzSec and Anonymous explicitly. Will the major operation reside in Brazil as well? :)



Figure 1: Mutual support and notification between LulzSec and Anonymous
Figure 2: AnonOpsSweden looks like another center?

Lulzsec looks like their friend group and retweet Anonymous's messages with good connection.

Further Exploration
Let me take a shot over AnonOpsSweden. I got two more interesting groups, AnonCentral and AnonyOps, I could say It is
readily "Anonymous Everywhere".
Figure 3: More groups are found.



I have there are many "representatives" from various countries and claim they are "AnonXXXX". 


What is their next act?
Alright, it is now the main dish and what's their recent and next act? I simply made a query with keyword "DDoS" with the following Python code. However, you need a Twitter package in prior to access Twitter API.
>>> import twitter
>>> import json
>>> twitter_search = twitter.Twitter(domain="search.twitter.com")
>>> search_results = []
>>> search_results = twitter_search.search(q="DDoS")
>>> print json.dumps(search_results, sort_keys=True, indent=1)

I simply find and highlight the conversation with "DDoS" as the keyword up to 2345 on 23 Jan 2012 (HKT). Aha, they readily have volunteers indeed to launch DDoS attack.


As an observer, it is nice for us to have their latest and planned acts, I do appreciate their mindset to
change the people mindsets to make a better security, but could we use another mean? However, it is always
a dilemma, ethics and justice looks like it cannot be balanced in the real world, some tasks must be left to the hackers to handle.  

Enjoy it ;-)

References:
[1] Twitter API
URL: https://dev.twitter.com/docs

[2] Mining the Social Web
URL: https://github.com/ptwobrussell/Mining-the-Social-Web









ċ
DDoS.txt
(14k)
Anthony Lai,
Jan 23, 2012, 7:55 AM
ą
Anthony Lai,
Jan 23, 2012, 6:43 AM
ą
Anthony Lai,
Jan 23, 2012, 4:36 AM
ą
Anthony Lai,
Jan 23, 2012, 4:36 AM
Comments