Forgot your password?
typodupeerror
Security IT

LulzSec Announces That It Is Done 412

Posted by timothy
from the oh-they-all-say-that dept.
MaxBooger writes "LulzSec, the notorious hacker group that's been on a rampage, just announced that it's disbanding. This follows 50 days' chaos during which time it took down several websites (including CIA.gov at one point), exposed passwords, exposed documents of the Arizona penal system, and at one point threatened to hit Too Big To Fail banks. Obviously, it's possible that the group will not abide by its promise to quit. Nobody knows."
This discussion has been archived. No new comments can be posted.

LulzSec Announces That It Is Done

Comments Filter:
  • as the saying goes (Score:2, Interesting)

    by Anonymous Coward

    if you cant stand the heat, get your @$$ out the kitchen

    • Exactly (Score:2, Insightful)

      by Anonymous Coward

      Once their names started coming out, and their chat logs started being dumped, they sure did tuck their tail and run away quickly.

    • I believe that's what they're doing.

      • by Z00L00K (682162) on Sunday June 26, 2011 @02:57AM (#36574402) Homepage

        They have made their point for now, isn't that sufficient?

        The point is clearly that no system connected to the internet is secure, and that it can be cracked given enough skills. So the best protection against a very competent attack is to avoid angering people.

        And even if you don't you shall design your systems with a multi-layered approach in mind to avoid massive breaches. Don't allow the presentation layer direct access to the database with sensitive information. Don't use the same authorization database for the web UI for administrative tasks. And if you run an application server (like tomcat) - run it under a security manager/policy that limits access to other services in case someone is able to install something malicious in the application server. You can apply a security policy to Tomcat, and that will at least slow down an attacker considerably since the attacker then needs to gain knowledge of the system. And if you add tripwires in the system that can block attackers automatically if tripped then you make things even harder. Three to five tries and the IP address is shut off for an hour.

        • by Angostura (703910) on Sunday June 26, 2011 @06:24AM (#36575022)

          The point is clearly that no system connected to the internet is secure, and that it can be cracked given enough skills.

          That would have been the point if there was any evidence that they had used particularly sophisticated attacks. The actual point seems to be that quite a few systems are secured in a fairly amateurish way and still subject to SQL injection, for example.

        • by 1s44c (552956) on Sunday June 26, 2011 @02:55PM (#36577608)

          Their point was never that 'nothing is secure'. They used simple well known attacks and a lot of humor.

          I see their points as:

          1) Validate user input.
          2) Don't reuse passwords.
          3) The first two rules apply to everyone including government contractors.
          4) If we can get your details so can, and so have, other groups.
          5) So called whitehats are corrupt by nature.
          6) It's still possible to be anonymous on the internet if you know what you are doing.
          7) Cloudflare works well.
          8) We are laughing at you.
          9) j3st3r ( or however you spell it ) is a script kiddie who writes very bad PHP.
          10) Send us some cash via bitcoin.
          11) PROFIT!

    • by Anonymous Coward on Saturday June 25, 2011 @11:47PM (#36573674)

      The funny part is if they didn't disband and a significant number got nailed, everyone would be saying how stupid they were for not quitting while they were ahead.

      Course that's not to say a significant number won't get nailed eventually anyway, just noting that crowds are fun

  • Good for them (Score:5, Insightful)

    by OopsIDied (1764436) on Saturday June 25, 2011 @08:05PM (#36572434)

    Quitting while they're ahead.

  • Good (Score:3, Insightful)

    by nurb432 (527695) on Saturday June 25, 2011 @08:06PM (#36572454) Homepage Journal

    As much as I'm for protests and such, these kids were just out to cause harm because they could. They need to get a legitimate cause, and stop pissing on ( innocent ) people randomly, or be gone.

    They give the rest of us a bad name.

    • Re:Good (Score:5, Insightful)

      by trapnest (1608791) <janusofzeal@gmail.com> on Saturday June 25, 2011 @08:28PM (#36572614)
      >implying all kinds of things
    • Re:Good (Score:5, Insightful)

      by bennett000 (2028460) on Saturday June 25, 2011 @08:34PM (#36572646) Journal

      As much as I'm for protests and such, these kids were just out to cause harm because they could. They need to get a legitimate cause, and stop pissing on ( innocent ) people randomly, or be gone.

      They give the rest of us a bad name.

      Aside from doxing Arizona law enforcement, what harm did they really cause? They've really just managed to point out a lot of trivial security flaws... I suppose one could argue that they cost Sony billions of dollars, but fighting Sony was a legitimate cause...

      • Are you seeing what the are releasing? I am currently dowloading hte battlefield heroes userdata to see if I am on it. I have to take time out of my life to do shit like this cos they released user data. If they had just withheld the usernames and passwords and threatned the source with releasing them if they didnt up their security I would have been much much happier... and supportive.

        • Re: (Score:3, Informative)

          by bennett000 (2028460)

          I am currently dowloading hte battlefield heroes userdata to see if I am on it. I have to take time out of my life to do shit like this cos they released user data. If they had just withheld the usernames and passwords and threatned the source with releasing them if they didnt up their security I would have been much much happier... and supportive.

          Well if you're smart you use unique passwords for your online services, so log in and change your password. Give Visa/Mastercard/Amex or whomever a quick call, tell them what happened. Problem solved.

          Imagine for a second hackers more malicious than the LulzBoat stole your data (especially financial data), they probably wouldn't publicly post it, they'd sell it, or use it in other ways that are far more aggravating than spending five minutes changing a password, and/or a telephone call to your credit car

    • Re: (Score:2, Flamebait)

      They need to get a legitimate cause, and stop pissing on ( innocent ) people randomly, or be gone.

      I fail to see how anything they did could be justified even if it was for a 'legitimate' cause. Taking away others' ability to participate in the community [network] is universally wrong. You lose the moral high ground and then some doing that.

      • Re:Good (Score:5, Informative)

        by arth1 (260657) on Saturday June 25, 2011 @09:01PM (#36572820) Homepage Journal

        I fail to see how anything they did could be justified even if it was for a 'legitimate' cause. Taking away others' ability to participate in the community [network] is universally wrong.

        But they didn't. Sony did that, as a knee-jerk reaction. Don't blame LulzSec for Sony's ill-considered response.

        • But they didn't. Sony did that, as a knee-jerk reaction. Don't blame LulzSec for Sony's ill-considered response.

          Wait, knocking a MMO offline because they partnered with Sony is okay, because Sony did it first? What kind of argument is that!?

      • by Lehk228 (705449)
        sounds like SOMEONE made a $600 mistake buying a PS3
    • by mcgrew (92797) *

      Sorry, but I disagree. I think these kids are doing good work that needs doing. Not sure about the Arizona crhacks, but I certainly am for bringing Sony down. What they did to Sony was karma, payback for thousands of us who Sony crhacked with their XCP trojan.

      I'd like to see them (or somebody) go after the Delaware cell phone telemarketing spammers at 302-394-6964. Those bastards called my cell phone ten times Friday and 12 timed Thursday. It was just an annoyance to me, as I have a flat fee plan, but it un

  • Whew! (Score:5, Funny)

    by willoughby (1367773) on Saturday June 25, 2011 @08:06PM (#36572456)

    Now we can finally bring the troops home.

  • Cui bono? (Score:4, Insightful)

    by Opportunist (166417) on Saturday June 25, 2011 @08:07PM (#36572460)

    So, when the dust settles, what's left to ask is simply: Who benefits from it?

    I predict some new laws...

    • Re:Cui bono? (Score:5, Insightful)

      by techsoldaten (309296) on Saturday June 25, 2011 @08:14PM (#36572514) Journal

      Well, something tells me this is in response to legal activity. There are surely going to be new laws, probably not ones specifically in response to hacking activity, but others that allow various governments all sorts of access to records to track down hackers.

      This will cause 'innovation' in the hacking scene, where people adapt to the new laws and develop new technologies that circumvent them and make them more challenging to implement. Hackers are simply going to go further 'underground' and be harder to track.

      This, in turn, it going to lead to a number of high profile hacks of large services who have not matured in terms of how they secure their services. This will make the news, government officials will make unfortunate comments that draw the attention of various hacker groups, who will lash out through their newly developed anonymity.

      In turn, this is going to result in new laws... stop me if you heard this before.

      • Yeah, plus ca change.

        I think they made a laughing stock outta the billion dollar budgets of a lot of pseudo "security" experts in a random assault, kind of like digital "wilding".

        Now, it's time to make consulting money.

        • Re:Cui bono? (Score:4, Insightful)

          by cavreader (1903280) on Saturday June 25, 2011 @09:50PM (#36573080)
          Consulting Money? These ass hats did not do anything worth hiring them for. Re-packaged SQL injection and DDOS attacks are strictly amateur hour.
          • I didn't say they were clever.

            I didn't say consultants were clever.

            But someone needs to remind a bunch of people how to do parsers and isolate data types.

            As regards DDoS, defense is a whole other strategy. Yes, you can recover. Yes, it's ugly for a few minutes. But it's survivable. And remember: most of these attacks got inside, not just hosed their TCP transports. They phished inside, got some dirty laundry, and hung it out to dry. They enjoyed watching orgs get punked.

          • by Dunbal (464142) *
            Oh so you've been all over that fbi, cia and senate shit already, huh?
          • Re:Cui bono? (Score:4, Insightful)

            by Opportunist (166417) on Sunday June 26, 2011 @12:44AM (#36573938)

            Yes, and you'd be amazed in how many companies amateurs are at the helm of security. Or rather, how little money and how much burden the average C(I)SO gets on his back that he simply cannot run the required security audits. Bluntly speaking, to get security up to par, the average corporation would at least have to double, more likely triple, its security staff.

            Security is a lip service business. Much like insurance. You do what law dictates, not a penny more is spent on it. If the law doesn't dictate that you have to be secure against SQL injections and DDoS attacks, it's mostly a matter of luck and whether the programmer writing the piece of software does it automatically, which in turn again is unlikely because it certainly is neither part of the testing nor of the final inspection protocol. Even if, there simply is no time for more than a cursory glance, so in effect the burden of blame is shifted on some scapegoat, most likely one of the CSOs underlings. Or, lacking said underlings, the CSO.

            • Simple code reviews can find SQL injections quite easily. Just search for the method names for executing queries then make sure that there are NEVER string concatenations which include user input.

              It's all really quite simple. Use parameters for every query and you'll never have a problem with SQL injection unless the DB library itself has a hole (much less likely than the possibility that your home grown validation code has a hole in it).

              Where I work I do this regularly. Every now and then I find crap like
      • by TimTucker (982832)

        Well, something tells me this is in response to legal activity. There are surely going to be new laws, probably not ones specifically in response to hacking activity, but others that allow various governments all sorts of access to records to track down hackers.

        The idealist in me wants to believe that we could also get more laws passed holding corporations more accountable for lax security.

        • The realist in me realizes that such laws will first of all not be forthcoming, and second of all, even if they were, wouldn't do a thing. Or, worse, hit the wrong ones.

          Laws "against" corporations are a matter of money. Nothing more, nothing less. If someone goes to jail for it, some scapegoat will. So that certainly never had any impact on corporations. And the money involved is a cost/risk factor. How much to secure against the risk, how much to pay if it happens, how likely is it to happen? I.e. simple r

  • What timing... (Score:2, Insightful)

    by downhole (831621)

    I don't remember them ever saying anything about limiting their hack-spree to 50 days. Sounds like they've pissed enough people off that they're starting to get ID'ed and arrested, and are hoping they can quit before it gets really bad. They're a bunch of weenies all right, but I don't think it's over for them. I for one will be lulzing my ass off when they all get caught and sent to pound-me-in-the-ass prison.

    • Re:What timing... (Score:4, Interesting)

      by nurb432 (527695) on Saturday June 25, 2011 @09:10PM (#36572864) Homepage Journal

      Sounds like they've pissed enough people off that they're starting to get ID'ed and arrested

      Or their asses kicked.

      • by poetmatt (793785)

        Not even remotely.

        If they were at risk, why would they post on the web and announce they're stopping or how would they even have the chance, for that matter?

    • Re:What timing... (Score:5, Insightful)

      by richlv (778496) on Sunday June 26, 2011 @03:53AM (#36574572)

      it's been a few beers in an airport, but still...

      do you - downhole - personally feel that sexual abuse in prisons is appropriate ?
      including all the innocents getting convicted (think movie witch hunt or other similar cases), all the minor convictions (smoked some weed) and so on ?

      personally, i would not have guts to condemn a person who would in the end find the means to kill off those who got them in the prison wrongfully. and i believe we should not make prisons a place to breed people like that.

    • Re:What timing... (Score:5, Insightful)

      by DrBoumBoum (926687) on Sunday June 26, 2011 @05:23AM (#36574828) Journal
      I see that many people here on /. seem very bitter and angry about those kids. First let me tell you that "laughing you ass off when they get raped in prison" only shows that you're a very mean and despicable individual. But apart from that those kind of hackers are really doing people a favor by exposing clearly to the general public how terrible the security of their personal data is. Rest assured that for every bragging Lulzsec there are ten quiet hackers from different governmental and criminal groups, silently collecting your data and placing back doors in your systems, and not saying a word about it. Without public exposure authorities and corporations will naturally do all they can to swipe the problem under the rug. The kind of very visible but mostly harmless actions from the likes of Lulzsec is what's necessary to have them move their ass and finally do something about the security issue. I for one see them more as the vaccine that will eventually help the Internet grow some real security than the hateful vandals that old grumps of your kind want to portray.
  • Over? (Score:4, Insightful)

    by gadzook33 (740455) on Saturday June 25, 2011 @08:19PM (#36572556)
    You knocked on the devil's door my friends.
  • I doubt it... (Score:4, Insightful)

    by Lohrno (670867) on Saturday June 25, 2011 @08:21PM (#36572568)
    My totally random guess here is that they are a group of people who probably knew each other well before creating this group. More than likely they have just stopped calling themselves LulzSec. They're just getting too much scrutiny most likely. I don't think this is the last we hear from them, just they won't be calling themselves LulzSec necessarily...
  • by Stormy Dragon (800799) on Saturday June 25, 2011 @08:25PM (#36572590) Homepage

    ...is whether everyone else is done with Lulzsec. Unfortunately, they've likely pissed off the kinds of people who don't stop the game just because the opponent wants to quit.

  • by Bodhammer (559311) on Saturday June 25, 2011 @08:27PM (#36572606)
    Tyrell: The light that burns twice as bright burns for half as long - and you have burned so very, very brightly, Roy. Look at you: you're the Prodigal Son; you're quite a prize!
    Batty: I've done... questionable things.
    Tyrell: Also extraordinary things; revel in your time.
    Batty: Nothing the God of biomechanics wouldn't let you into heaven for
  • by FudRucker (866063) on Saturday June 25, 2011 @08:32PM (#36572634)
    maybe change their strategy and mix things up to evade capture, the world needs benevolent black/grey hat hackers to dig up dirty laundry on the establishment, let the government & police know that if they do wrong that it will be found out and exposed for all the world to see...
    • the world needs benevolent black/grey hat hackers to dig up dirty laundry on the establishment,

      And you pick LulzSec as the most capable group for this? Hilarious.

    • by Salvo (8037)

      The Information exposed by LulzSec was mainly just proof that these organisations security was too lax.
      The only dirty laundry they wanted to expose was that these systems weren't secure.

      The Paydirt for LulzSec was getting in in the first place, not any information they found.

    • maybe change their strategy and mix things up to evade capture, the world needs benevolent black/grey hat hackers to dig up dirty laundry on the establishment, let the government & police know that if they do wrong that it will be found out and exposed for all the world to see...

      I wouldn't go so far as to say "benevolent" but I prefer to live in a world where the watchers are watched and the tyrants are forced to live in fear.

  • Though "LulzSec" has disbanded. the members will probably merge back into Anon or start another group.
    So expect a release on Monday as planned. It will just have a different name attached...

    They think if they change their name it makes it harder for "the Suits" to catch up with them.

    They may be right..........

    BASIC Gorilla tactics 101:
    10 Come together in a small group
    20 Make a few big Bolshie attacks
    30 Have a few lulz
    40 Disband
    50 goto 10

  • These are not the droids you are looking for...
    just sayin'...

  • by gweihir (88907) on Saturday June 25, 2011 @08:47PM (#36572738)

    Pathetic really. The only thing different is that these idiots have big mouths. Which, I bet, will be their downfalls. Nothing they did on the hacking side is impressive at all. Competent black-hats know that one of the most dangerous things you can do is public bragging. Having an information-channel back is beyond stupid.

    Fortunately, law-enforcement has very long memories and a lot of patience. It is just relatively slow. I predict that we will see them all begging for mercy. Might take months or years, but they were far to careless not to get caught.

    • by Dan541 (1032000)

      They even set up a telephone hotline.

    • The objective was to draw attention to causes that interested a loose collection of impassioned individuals with a little knowledge, a little access, and an internet connection. What was accomplished was more then many civil disobedience campaigns that last for years can do, and most of the people involved are going to get away with it. The scary part isn't the script kiddies, it's that they got vaguely organized and directed in a way that would be nearly imposable to direct and stop before they hit. If a
      • by gweihir (88907)

        The problem here is the "little knowledge". That is what will prevent them from getting away. They left so many possible traces, I am convinced, law enforcement is currently just checking whether they have identified everybody and have enough evidence. As these LulzIdiots will not all be able to let go of their newfound "power", more evidence will become available shortly. And, no, they do not even have a snowballs chance in hell.

        • No, law enforcement is demonstrably incompetent in computer crime. Between the turf wars among agencies, the terrible morass of existing law, the foolish concept that they can defeat computer crime by finding "ringleaders". Ringleaders are very transitory, and easily replaced by bored fools with slight technical knowledge who enjoy a challenge.. A few of these fools will have actually learned some tools, and pass them on, and the rest will be ignored as "small fish". You can see examples of this sort of leg

  • Done? (Score:2, Funny)

    What's the deal here - is it past their bedtime?

  • A recent LulzSec post on twitter reads: "Oh, oh, finally! Media, please be sure to report on the actual files we leaked, not just our silly press statement. Much love. 3 Ciao. 3" As Rambo said, "Nothing is over!" At least, that's how I read it.
  • ...they got a note from Anonymous, and they realized they'd best go away... NOW!

  • Wreak havoc, fail to achieve any of your stated political goals, declare victory, and run away because it's too risky to stay. It's not only crackers who are this wasteful and destructive to innocent people's property: take a look at the mess in Iraq, Afghanistan, Panama, Vietnam and Korea for examples in the last 60 years.

"Of course power tools and alcohol don't mix. Everyone knows power tools aren't soluble in alcohol..." -- Crazy Nigel

Working...