Here is an interesting article about the inner life of the famous hacker group LulzSec:

http://www.guardian.co.uk/technology/2011/jun/24/inside-lulzsec-chatroom-logs-hackers

Here is an interesting article about the inner life of the famous hacker group LulzSec:
http://www.guardian.co.uk/technology/2011/jun/24/inside-lulzsec-chatroom-logs-hackers

disorganised, incoherent ?

i think they are just misunderstood and trying to express their opinion ;-)

<politics>

whoops yeah my bad, sorry about the use of politics

disorganised, incoherent ?

i think they are just misunderstood and trying to express their opinion ;-)

<politics>

I agree with this and would also add that there are probably a few more skilled individuals with some higher motivation and or agenda, while the vast majority of members are likely along for the ride. Either the fun or the thrills, or they think it will somehow boost their career in some way.

This is nothing new in the hacker community, the concept of hacking for fun is very old, although it's definitely seeing a revival lately.

I, for one, am loving the rise of groups like Lulzsec and Anon. Sure I might not agree with everything they do, but it's fantastic to see so many companies and organisations on the back foot because some highly skilled people decide to mess around for a bit.

I love the somewhat lawless nature of the internet; long may it reign.

it's fantastic to see so many companies and organisations on the back foot because some highly skilled people decide to mess around for a bit.


Hmm. There was some interesting analysis of the effectiveness of some of Anonymous's efforts a while back. It turned out LOIC was completely ineffective, and that all the damage was done by a tiny minority of anons wielding massive botnets.

While I'm sure that most of them are just harmless idealists or kids having a laugh, it seems like the people who actually get things done are not exactly the kind of netizens anyone would admire. They're probably spammers or involved in organised crime (or both), and the kind of people who like putting trojans on your mum's PC that you have to go scrape off.

Personally I'm ambivalent towards hackers. In my opinion they cause more harm than good. If I disagreed with someone I wouldn't dream about breaking into their house. Even if it was possible to do so, (because the locks on their front door weren't good enough) it wouldn't be a smart move, because you would break the law in the process. Then, if your cause really was worthy, you've already lost because you have alienated the majority of people that you wish to influence.

The way I see it, the only legitimate reason for hacking is when you wish to ensure that your own system is secure enough.

(Btw, the term “hacker” is here used in the common sense, not “kernel hacker”, etc.)

Hmm. There was some interesting analysis of the effectiveness of some of Anonymous's efforts a while back. It turned out LOIC was completely ineffective, and that all the damage was done by a tiny minority of anons wielding massive botnets.

While I'm sure that most of them are just harmless idealists or kids having a laugh, it seems like the people who actually get things done are not exactly the kind of netizens anyone would admire. They're probably spammers or involved in organised crime (or both), and the kind of people who like putting trojans on your mum's PC that you have to go scrape off.

A quote from the article:

"Kayla",[one of LulzSec's members] provides a large botnet – networks of infected computers controlled remotely – to bring down targeted websites with distributed denial of service (DDoS) attacks"

Personally I'm ambivalent towards hackers. In my opinion they cause more harm than good. If I disagreed with someone I wouldn't dream about breaking into their house. Even if it was possible to do so, (because the locks on their front door weren't good enough) it wouldn't be a smart move, because you would break the law in the process. Then, if your cause really was worthy, you've already lost because you have alienated the majority of people that you wish to influence.

The way I see it, the only legitimate reason for hacking is when you wish to ensure that your own system is secure enough.

(Btw, the term “hacker” is here used in the common sense, not “kernel hacker”, etc.)

Just remember the term hacking or hacker does not imply malicious intent.

To be ambivolent towards hackers or hacking is stereotyping a misunderstood term.

the railway hobbyists at MIT are turning in there graves ;-)

hacking is about knowledge, cracking or hacking with malicious intent is a free will thing.

I am not ambivolent towards people because some of them are criminals and criminals are people ;-)

but i get your point and i dont mean to seem pedantic, it is just that the media use terms incorrectly even if it is commonplace these days.
You can be a hacker and not commit a crime, you can be a criminal and not be a hacker, you can be also be both a hacker and criminal ;-)

I feel a catb link coming.

No seriously, what haqking said is absolutely correct. Hacker is an extremely misused term that has grown to have a very negative conotation. Cracking, which is what groups like Anonymous and Lulzsec do is generally looked at as poor form in the actual hacking community.

More importantly I would like to add having seen the contents of dangerous kitten, there is no innovation in it. A large percentage of Anonymous are skiddies that want to feel like they are amazing. There may be and likely are a few individuals within each of the groups that posess a better grasp on exploitation techniques. However, by and large the attacks carried out by these organizations are against targets that would be considered low hanging fruit.

If you look at every major case you will see some commonalities.

Sony - weak passwords, SQL injection, remote file inclusion
Infragard Atlanta - weak passwords, SQL injection.
Unveillance - weak password policies, poor physical security, vulnerable VPN application.
Nintendo - weak passwords, SQL injection
Westborough baptist church - weak passwords, SQL injection

The list goes on and you will notice the commonalities across the board. None of these attacks take great skill to use, not a single line of original exploit code needed to be written. Although it may have been after the fact for post exploitation, and escalation I do not have access to information in that matter as the companies who do will not release it.

So it comes back to simple problems,these companies made themselves targets by using poor security policies. Was it illegal for someone to break in and steal data? Of course, was it going to happen eventually? absolutely. Could the companies have protected themselves better? Without a doubt in my mind.

haqking & Dangertux:

“Just remember the term hacking or hacker does not imply malicious intent.”

“Hacker is an extremely misused term that has grown to have a very negative conotation”

We all agree about that one. This was the very reason why I pointed it
out in the first place. See: https://secure.wikimedia.org/wikipedia/en/wiki/Hacker_%28term%29



So it comes back to simple problems these companies made themselves targets by using poor security policies. Was it illegal for someone to break in and steal data? Of course, was it going to happen eventually? absolutely. Could the companies have protected themselves better? Without a doubt in my mind.

I agree... Although it is no justification for what these groups did, one cannot but wonder how many sites that have been successfully hacked into for malicious purposes, which never comes to the attention of the public, simply because the hackers never are detected.

I agree... Although it is no justification for what these groups did, one cannot but wonder how many sites that have been successfully hacked into for malicious purposes, which never comes to the attention of the public, simply because the hackers never are detected.


Exactly this, just because there is mass media attention to these incidents, does not mean that it has not happened in the past.

Something all companies should take into account, just because you didn't see it happen doesn't mean it hasn't happened. Which is exactly why best practices are crucial from the start and not just when s*** hits the fan if you know what I mean.

It seems lately, major corporations seem to think that Infosec is a good place to save money, I am not sure where that delusion came from, but it needs to end.

I, for one, am loving the rise of groups like Lulzsec and Anon. Sure I might not agree with everything they do, but it's fantastic to see so many companies and organisations on the back foot because some highly skilled people decide to mess around for a bit.

I love the somewhat lawless nature of the internet; long may it reign.

1. While they initially went after companies, now they've been leaked the passwords and personal info of innocent people that have nothing to do with these corporations.

2. They are not highly skilled, as said above, they've in large skiddies just throwing DDoS' around.

I assume Triblaze is referring to the Porn site password posting, by Lulzsec.

I think they are trying to make the point that people are putting trust into companies that are not taking their sensitive information seriously. While it is usually a point better made through "peaceful" alternatives it is a good point to grasp.

I assume Triblaze is referring to the Porn site password posting, by Lulzsec.

I think they are trying to make the point that people are putting trust into companies that are not taking their sensitive information seriously. While it is usually a point better made through "peaceful" alternatives it is a good point to grasp.

http://gadgetsteria.com/2011/06/24/ready-aim-fire-lulzsec-releases-facebook-paypal-login-information-for-62000-accounts/

Not just porn sites.

And while I think it's good that they're exposing security holes that sites have, I don't like how they go about it. For example, when they released some passwords a while ago, they posted it for everyone and told their followers to go nuts with it. Not exactly the most moral thing to do, especially with innocent people.

I see it like this:

A bunch of large companies had their data stolen by these groups, who's to say that anyone could have done it but just never announced their exploits/not left tracks?

If the claims of "There all script kiddies" are true, then there you go, companies holding millions of dollars worth of data got cracked and emptied out by TOTAL NOOBS!

Who feels safe leaving their data with a large holding now?;)

I see it like this.

A bunch of large companies had their data stolen by these groups, who's to say that anyone could have done it but just never announced their exploits/not left tracks?

If the claims of "There all script kiddies" are true, then there you go, companies holding millions of dollars worth of data got cracked and emptied out by TOTAL NOOBS!

Who feels safe leaving their data with a large holding now?;)

Therein lies my point -- regardless of if they are script kiddies or not (I don't know any members personally at least to my knowledge). They have proven the point that this information can be compromised using exploitation methods that a 15 year old with access to google and a VPN can execute.

I assume Triblaze is referring to the Porn site password posting, by Lulzsec.

I think they are trying to make the point that people are putting trust into companies that are not taking their sensitive information seriously. While it is usually a point better made through "peaceful" alternatives it is a good point to grasp.


well they did leak and you can still view the personal details and passwords, contact numbers etc of the Arizona police department members etc.

I wont post the link obviously ;) but it is out there

1. While they initially went after companies, now they've been leaked the passwords and personal info of innocent people that have nothing to do with these corporations.

2. They are not highly skilled, as said above, they've in large skiddies just throwing DDoS' around.

1) Meh, the vulnerabilities were publicly exposed. Someone was (or maybe even has) going to do it at some point, I'd rather it were done by people who want everyone to know that information has been stolen so you can take steps to minimize the damage. Rather that than no-one finding out about the hack at all & then people finding their accounts compromised, etc.
Plus, many people are FAR too wreckless when it comes to their personal information and passwords (etc). I checked through the last list of hacked emails/passwords (first to check if one of mine was on there!) and many of the passwords people had were '123456', 'abcdef', 'password', etc.
Many companies have been criminally negligent about their security, and if this is what it takes for many to wake up and beef up their defences & protect their customer's data, then so be it.

2) Credit where credit's due; they're ******* off many government agencies in an extremely high profile way and the authorities haven't been able to catch them. That's not your typical bunch of script kiddies.

3) I must admit that I find the showboating villainy hilarious. I'm quite enjoying the theatrics of it all, to be perfectly honest.

2) Credit where credit's due; they're ******* off many government agencies in an extremely high profile way and the authorities haven't been able to catch them. That's not your typical bunch of script kiddies.

3) I must admit that I find the showboating villainy hilarious. I'm quite enjoying the theatrics of it all, to be perfectly honest.

Actually, that alone does not denote that they are amateurs or not. Large numbers of people in agreeance about anything, regardless of knowledge generally tend to scare the hell out of governments.

Actually, that alone does not denote that they are amateurs or not. Large numbers of people in agreeance about anything, regardless of knowledge generally tend to scare the hell out of governments.

Large number of people? Lulzsec has less than 10 members.

It's pleasant to see hacking isn't dead yet. I just hope they will stay out of politics (even if they use it as an excuse to their criminal activity), and just push the art of hacking to the maximum. Two of the targets I especially want to see defeated are Google and Amazon. Other that that, any major achievement will be great.

i'm gonna try hacking a new colour theme to this website, thank me later.

i'm gonna try hacking a new colour theme to this website, thank me later.

+1 for the joke (Seriously, it's like the mods are on valve time.)

+infinity if you actually did it.

I personally like the fact that all the media sites talking about it, most of them provide links to the exposed data or to the perpetrators website itself.

MMMM yes lets visit the website of the cyber anarchist group causing havoc around the globe....LOL good practice ;-)

Large number of people? Lulzsec has less than 10 members.

That is a bit speculatory, or self incriminating , which we may never know. However, if you buy into the idealogy of either group, neither group is actually a group nor do they have members.

They are individuals who seek a common goal, for now they fight for the same cause and are on the same path. Tomorrow, who knows.

Speculation as to how many "members" the group may or may not have is completely irrelevant though. They have influenced over a quarter of a million people, look at their Twitter followers. This in and of itself scares governments.

The issue is not will they be caught or can they be caught. Those two are inevitabilities that will come to pass. The question that should really be raised in all of this, what did the companies that were breached do to fix the future possibility of this? A question who's answer will probably be swept under the carpet in six to 12 months when arrests happen and something else is making headlines.

So where do we end up? Right back where we started, under the same illusion that security exists, bad guys go to jail, and the government is really here to protect us. Outside of the entertainment value, the shenanigans of these groups will have little to no impact on the world around us.

That is a bit speculatory, or self incriminating , which we may never know. However, if you buy into the idealogy of either group, neither group is actually a group nor do they have members.

They are individuals who seek a common goal, for now they fight for the same cause and are on the same path. Tomorrow, who knows.

Speculation as to how many "members" the group may or may not have is completely irrelevant though. They have influenced over a quarter of a million people, look at their Twitter followers. This in and of itself scares governments.

The issue is not will they be caught or can they be caught. Those two are inevitabilities that will come to pass. The question that should really be raised in all of this, what did the companies that were breached do to fix the future possibility of this? A question who's answer will probably be swept under the carpet in six to 12 months when arrests happen and something else is making headlines.

So where do we end up? Right back where we started, under the same illusion that security exists, bad guys go to jail, and the government is really here to protect us. Outside of the entertainment value, the shenanigans of these groups will have little to no impact on the world around us.

Exactly, totally agree ^

Same s*** different day, new generation replacing the old !

who they are (whether listed online on certain media sites, there online personas, locations is all speculatory anyways.

who knows !

i will still get up in the morning, log into the forums and drink my coffee and not give a flying s*** ;-)

i will still get up in the morning, log into the forums and drink my coffee and not give a flying s*** ;-)

Amen...

It was an awful thing to do for this organization. To think that they have created a chaos and problems to companies. Its good to hear that authorities in the UK have detained an alleged participant of a hacker group that may have contributed to the Sony Playstation Network hack. Accused member of hacker group LulzSec arrested in UK (http://www.newsytype.com/7966-lulzsec/) and the arrest was carried out in conjunction with other law enforcement agencies. The male was taken from his home in Wickford, less than 50 miles from London, to Scotland Yard for supposed computer infractions.

The group LulzSec, short for LulzSecurity, appears to a be a similar organization to Anonymous, a group of hacktivists without a leadership structure. Currently the group is allying itself with Anonymous on a campaign called “AntiSec,” anti-security, presumably with the intention of cracking online security structures various businesses and government agencies if they cross them.

I just hope that this organization learn to make good things. they're intelligent and really has the potential to be successful if they just use their talent in a good way.

It was an awful thing to do for this organization. To think that they have created a chaos and problems to companies. Its good to hear that authorities in the UK have detained an alleged participant of a hacker group that may have contributed to the Sony Playstation Network hack. Accused member of hacker group LulzSec arrested in UK (http://www.newsytype.com/7966-lulzsec/) and the arrest was carried out in conjunction with other law enforcement agencies. The male was taken from his home in Wickford, less than 50 miles from London, to Scotland Yard for supposed computer infractions.

According to the article in the Guardian, this guy was just a kid that hosted
one of their chatrooms:


Metropolitan Police Commissioner Sir Paul Stephenson described the arrest as "very significant", though LulzSec itself was quick to claim Cleary was not a member of the group and had only allowed it to host "legitimate chatrooms" on his server.
"Clearly the UK police are so desperate to catch us that they've gone and arrested someone who is, at best, mildly associated with us," the group tweeted.
http://www.guardian.co.uk/technology/2011/jun/24/inside-lulzsec-chatroom-logs-hackers

According to the article in the Guardian, this guy was just a kid that hosted
one of their chatrooms:
http://www.guardian.co.uk/technology/2011/jun/24/inside-lulzsec-chatroom-logs-hackers

Here's the thing with that. If he is so unimportant to the group, why is he affiliated with them at all? It's not that hard to set up a chatroom/server and Lulzsec obviously has the knowledge to set one up. If this guy truly brought nothing else to the group other than a chatroom I doubt Lulzsec would have allowed him to be there listening in on their conversations. He would be the weak link in their security chain.

I think this guy is more important that Lulzsec is letting on.

http://www.independent.co.uk/news/uk/crime/inside-the-secret-world-of-the-geeks-with-the-power-to-unleash-anarchy-2302562.html

love the last bit ;-)

"If the world knew what underground hackers had access to, within 24 hours of knowing there would be a meeting of world leaders," TriCk says ominously as the chat session with The Independent comes to a close.

Here's the thing with that. If he is so unimportant to the group, why is he affiliated with them at all? It's not that hard to set up a chatroom/server and Lulzsec obviously has the knowledge to set one up. If this guy truly brought nothing else to the group other than a chatroom I doubt Lulzsec would have allowed him to be there listening in on their conversations. He would be the weak link in their security chain.

I think this guy is more important that Lulzsec is letting on.

Another quote from LulzSec, taken from the same article:


They added: "Those logs are primarily from a channel called #pure-elite, which is /not/ the LulzSec core chatting channel. #pure-elite is where we gather potential backup/subcrew research and development battle fleet members – ie, we were using that channel only to recruit talent for side-operations."http://www.guardian.co.uk/technology/2011/jun/24/inside-lulzsec-chatroom-logs-hackers

But hey, I'm not saying you are wrong. Perhaps they are lying.

Another quote from the same article:


http://www.guardian.co.uk/technology/2011/jun/24/inside-lulzsec-chatroom-logs-hackers

But hey, I'm not saying you are wrong. Perhaps they are lying.

The media lie or talk about things they have no real idea about ? NO WAY, SURELY NOT ;-)

http://www.independent.co.uk/news/uk/crime/inside-the-secret-world-of-the-geeks-with-the-power-to-unleash-anarchy-2302562.html

love the last bit ;-)

"If the world knew what underground hackers had access to, within 24 hours of knowing there would be a meeting of world leaders," TriCk says ominously as the chat session with The Independent comes to a close.

Thanks for the link! I'll check it out tomorrow. (I'm off to bed now, good night) ;)

The media lie or talk about things they have no real idea about ? NO WAY, SURELY NOT ;-)

I was referring to LulzSec ;)

I was referring to LulzSec ;)


oh gotcha, well my post remains valid..LOL

This just came in:

Tony Blair's personal details 'hacked'

http://www.telegraph.co.uk/news/politics/tony-blair/8598172/Tony-Blairs-personal-details-hacked.html

http://pastebin.com/1znEGmHa

Hoax?

i see that the lulz ship is sailing of on it's final voyage, it's over to antisec now.

i think it was fun, like watching a movie with all the stuff that was happening,

and if anyone even read the logs they would see that the lulzsec boys said between themselves that they wouldn't even let that kid ryan who got busted into there pure elite channel. so that speaks for it's self.

when there where a few other kids who got to hang out in that pure elite channel who were not even part of lulzsec.

oh well lulzsec

it's been entertaining if nothing else,

as for me i wish them all the best, and if one good things come out of this, it's that all my passwords for facebook email online banking etc etc etc and now different, long, symbols letters and numbers.

at least we all know now how safe we have to be,

another handle i used even appeared on that mtgox list of hacked accounts, but that wasn't lulzsec.

thankfully the lulz lizards had taught me by then not to reuse, so i lost nothing.

well boy's

fair winds and following seas


:KS


Bon Voyage

i see that the lulz ship is sailing of on it's final voyage, it's over to antisec now.

i think it was fun, like watching a movie with all the stuff that was happening,

and if anyone even read the logs they would see that the lulzsec boys said between themselves that they wouldn't even let that kid ryan who got busted into there pure elite channel. so that speaks for it's self.

when there where a few other kids who got to hang out in that pure elite channel who were not even part of lulzsec.

oh well lulzsec

it's been entertaining if nothing else,

as for me i wish them all the best, and if one good things come out of this, it's that all my passwords for facebook email online banking etc etc etc and now different, long, symbols letters and numbers.

at least we all know now how safe we have to be,

another handle i used even appeared on that mtgox list of hacked accounts, but that wasn't lulzsec.

thankfully the lulz lizards had taught me by then not to reuse, so i lost nothing.

well boy's

fair winds and following seas


:KS


Bon Voyage





Bye Lulzsec

http://www.youtube.com/watch?v=caFlyh01w-g

:-)

edit: probably would of got a telling off ;-)

LulzSec retires (http://knowyourmeme.com/memes/events/lulzsec-hacks#retirement)

LulzSec retires (http://knowyourmeme.com/memes/events/lulzsec-hacks#retirement)

Cowards.

They probably wanted to avoid a surprise visit from the FBI :lolflag:

and the punishment for Ryan Cleary (an aspergers suffering hermit who stayed locked up indoors (whom by the way i have no opinion on whether criminal or not or whether associated with lulz or not) is......wait for it !

a curfew from 9pm to 7am....LOL

I see it like this:

A bunch of large companies had their data stolen by these groups, who's to say that anyone could have done it but just never announced their exploits/not left tracks?

If the claims of "There all script kiddies" are true, then there you go, companies holding millions of dollars worth of data got cracked and emptied out by TOTAL NOOBS!

Who feels safe leaving their data with a large holding now?;)
The future of computing is in the cloud!

Not.

:)

and the punishment for Ryan Cleary (an aspergers suffering hermit who stayed locked up indoors (whom by the way i have no opinion on whether criminal or not or whether associated with lulz or not)


Assuming he really did do nothing.

They could probably show up at my door and publish the same story.;)

Except I'd be a few years younger, making for bigger headlines.

Assuming he really did do nothing.

They could probably show up at my door and publish the same story.;)

Except I'd be a few years younger, making for bigger headlines.


exaclty, i have no interest in whether he did anything or not, the media can make up what they like and do, i just found the curfew thing hilarious..;-)

exaclty, i have no interest in whether he did anything or not, the media can make up what they like and do, i just found the curfew thing hilarious..;-)

Especially seeing how he's being accused of crimes committed over the INTERNET!!!!

Then again, I hear they took all his kit anyway.

Probably python hacking on pen and paper right now.......

Just remember the term hacking or hacker does not imply malicious intent.

To be ambivolent towards hackers or hacking is stereotyping a misunderstood term.

According to Merriam-Webster, both definitions are acceptable:

Hacker
3: an expert at programming and solving problems with a computer

4: a person who illegally gains access to and sometimes tampers with information in a computer system Getting onto people for using the word "hacker" in the illegal sense (which is an accepted definition) is as bad as people being mad about software that is called "free software" because it is free of charge.