LulzSec Announces That It Is Done 412
MaxBooger writes "LulzSec, the notorious hacker group that's been on a rampage, just announced that it's disbanding. This follows 50 days' chaos during which time it took down several websites (including CIA.gov at one point), exposed passwords, exposed documents of the Arizona penal system, and at one point threatened to hit Too Big To Fail banks. Obviously, it's possible that the group will not abide by its promise to quit. Nobody knows."
as the saying goes (Score:2, Interesting)
if you cant stand the heat, get your @$$ out the kitchen
Exactly (Score:2, Insightful)
Once their names started coming out, and their chat logs started being dumped, they sure did tuck their tail and run away quickly.
Re: (Score:2)
I believe that's what they're doing.
Re:as the saying goes (Score:4, Insightful)
They have made their point for now, isn't that sufficient?
The point is clearly that no system connected to the internet is secure, and that it can be cracked given enough skills. So the best protection against a very competent attack is to avoid angering people.
And even if you don't you shall design your systems with a multi-layered approach in mind to avoid massive breaches. Don't allow the presentation layer direct access to the database with sensitive information. Don't use the same authorization database for the web UI for administrative tasks. And if you run an application server (like tomcat) - run it under a security manager/policy that limits access to other services in case someone is able to install something malicious in the application server. You can apply a security policy to Tomcat, and that will at least slow down an attacker considerably since the attacker then needs to gain knowledge of the system. And if you add tripwires in the system that can block attackers automatically if tripped then you make things even harder. Three to five tries and the IP address is shut off for an hour.
Re:as the saying goes (Score:4, Insightful)
That would have been the point if there was any evidence that they had used particularly sophisticated attacks. The actual point seems to be that quite a few systems are secured in a fairly amateurish way and still subject to SQL injection, for example.
Re:as the saying goes (Score:5, Insightful)
Their point was never that 'nothing is secure'. They used simple well known attacks and a lot of humor.
I see their points as:
1) Validate user input.
2) Don't reuse passwords.
3) The first two rules apply to everyone including government contractors.
4) If we can get your details so can, and so have, other groups.
5) So called whitehats are corrupt by nature.
6) It's still possible to be anonymous on the internet if you know what you are doing.
7) Cloudflare works well.
8) We are laughing at you.
9) j3st3r ( or however you spell it ) is a script kiddie who writes very bad PHP.
10) Send us some cash via bitcoin.
11) PROFIT!
Re:as the saying goes (Score:4, Insightful)
No, not the point at all. LulzSec is (was?) a vigilante group fighting organizations they perceive as evil. What they did to Sony was exactly the same thing Sony did to me, and Sony did it with no repercussions at all. The banks have been stealing from all of us for decades, and the government rewarded them with bailouts for it. I'm not sure I agree with the Arizona breaches, but most of what they did were good things.
Re: (Score:3)
The second is worse. And someone who kills my family in front of me and then burns me alive is worse than that. Your point?
I thought my point was obvious. Lulzsec have drawn attention to security issues that can be easily fixed. This might just encourage people with these kinds of security issues to fix them before the really bad guys turn up.
Granted that may not have been their intention, we will never be sure.
Re:as the saying goes (Score:5, Informative)
The funny part is if they didn't disband and a significant number got nailed, everyone would be saying how stupid they were for not quitting while they were ahead.
Course that's not to say a significant number won't get nailed eventually anyway, just noting that crowds are fun
Good for them (Score:5, Insightful)
Quitting while they're ahead.
Re:Good for them (Score:5, Funny)
In other news, mysterious hacker group YhymFrp has announced their intentions to continue what LulzSec started.
Re: (Score:3, Insightful)
Good (Score:3, Insightful)
As much as I'm for protests and such, these kids were just out to cause harm because they could. They need to get a legitimate cause, and stop pissing on ( innocent ) people randomly, or be gone.
They give the rest of us a bad name.
Re:Good (Score:5, Insightful)
Re:Good (Score:5, Insightful)
As much as I'm for protests and such, these kids were just out to cause harm because they could. They need to get a legitimate cause, and stop pissing on ( innocent ) people randomly, or be gone.
They give the rest of us a bad name.
Aside from doxing Arizona law enforcement, what harm did they really cause? They've really just managed to point out a lot of trivial security flaws... I suppose one could argue that they cost Sony billions of dollars, but fighting Sony was a legitimate cause...
Re: (Score:2)
Are you seeing what the are releasing? I am currently dowloading hte battlefield heroes userdata to see if I am on it. I have to take time out of my life to do shit like this cos they released user data. If they had just withheld the usernames and passwords and threatned the source with releasing them if they didnt up their security I would have been much much happier... and supportive.
Re: (Score:3, Informative)
I am currently dowloading hte battlefield heroes userdata to see if I am on it. I have to take time out of my life to do shit like this cos they released user data. If they had just withheld the usernames and passwords and threatned the source with releasing them if they didnt up their security I would have been much much happier... and supportive.
Well if you're smart you use unique passwords for your online services, so log in and change your password. Give Visa/Mastercard/Amex or whomever a quick call, tell them what happened. Problem solved.
Imagine for a second hackers more malicious than the LulzBoat stole your data (especially financial data), they probably wouldn't publicly post it, they'd sell it, or use it in other ways that are far more aggravating than spending five minutes changing a password, and/or a telephone call to your credit car
Re: (Score:2, Flamebait)
They need to get a legitimate cause, and stop pissing on ( innocent ) people randomly, or be gone.
I fail to see how anything they did could be justified even if it was for a 'legitimate' cause. Taking away others' ability to participate in the community [network] is universally wrong. You lose the moral high ground and then some doing that.
Re:Good (Score:5, Informative)
I fail to see how anything they did could be justified even if it was for a 'legitimate' cause. Taking away others' ability to participate in the community [network] is universally wrong.
But they didn't. Sony did that, as a knee-jerk reaction. Don't blame LulzSec for Sony's ill-considered response.
Re: (Score:2)
But they didn't. Sony did that, as a knee-jerk reaction. Don't blame LulzSec for Sony's ill-considered response.
Wait, knocking a MMO offline because they partnered with Sony is okay, because Sony did it first? What kind of argument is that!?
Re: (Score:2)
Re: (Score:3)
Sorry, but I disagree. I think these kids are doing good work that needs doing. Not sure about the Arizona crhacks, but I certainly am for bringing Sony down. What they did to Sony was karma, payback for thousands of us who Sony crhacked with their XCP trojan.
I'd like to see them (or somebody) go after the Delaware cell phone telemarketing spammers at 302-394-6964. Those bastards called my cell phone ten times Friday and 12 timed Thursday. It was just an annoyance to me, as I have a flat fee plan, but it un
Re:Good (Score:4, Funny)
In the US of A where they were born and raised
Corporations pleased customers on most of their days
Chilling out, maxing, relaxing all cool
While employing people fresh out of the school
When a couple of hackers, they were up to no good
Started making trouble in their neighborhood
They got in one little fight and the prez got scared
He said "we're going to war, it's not like anyone cared"
Re: (Score:2)
God, huh? Let me try ...
Lulzsec, peace be upon them.
Hmm. Doesn't work, does it? I'll come in again.
Let us praise God. O Lord... ...Ooh, You are so big... ...So absolutely huge.
O Lord...
Gosh, we're all really impressed down here, I can tell You.
Forgive us, O Lord, for this, our dreadful toadying, and...
And barefaced flattery.
But You are so strong and, well, just so super.
Fantastic.
Amen.
A bit better, but still d
Re: (Score:3, Interesting)
There are no innocent people.
"I believe in karma! It means that I can do mean things to people ALL DAY and assume they deserve it! - Dogbert
Re: (Score:3)
Who says the Laughing God has anything to do with the writings of a bunch of drugged out desert people? You are exceedingly narrow minded if you think that only "The Bible" is a legitimate religious text and that all religious and philosophical discussion should be viewed in context to it. After all, it is the oldest religious text known to man, you know, aside from the Baghavad Gita, the pyramid texts, and the Enuma Elish.
I don't see where you get that I am justifying anything... They claim to be doing thi
Re: (Score:3)
You assume that the Laughing God picks one side or the other... Humor does not pick a side, it points out the merits and flaws of all sides to the potential benefit to all sides involved.
Re: (Score:3)
The ultimate in relativism. "We can't be bothered to think about the nuances of good and bad, everyone is flawed, we'll tear everything down nah-nah-nah-I-can't-hear-you".
A pathetic justification for intellectual laziness.
Whew! (Score:5, Funny)
Now we can finally bring the troops home.
Cui bono? (Score:4, Insightful)
So, when the dust settles, what's left to ask is simply: Who benefits from it?
I predict some new laws...
Re:Cui bono? (Score:5, Insightful)
Well, something tells me this is in response to legal activity. There are surely going to be new laws, probably not ones specifically in response to hacking activity, but others that allow various governments all sorts of access to records to track down hackers.
This will cause 'innovation' in the hacking scene, where people adapt to the new laws and develop new technologies that circumvent them and make them more challenging to implement. Hackers are simply going to go further 'underground' and be harder to track.
This, in turn, it going to lead to a number of high profile hacks of large services who have not matured in terms of how they secure their services. This will make the news, government officials will make unfortunate comments that draw the attention of various hacker groups, who will lash out through their newly developed anonymity.
In turn, this is going to result in new laws... stop me if you heard this before.
Re: (Score:2)
Yeah, plus ca change.
I think they made a laughing stock outta the billion dollar budgets of a lot of pseudo "security" experts in a random assault, kind of like digital "wilding".
Now, it's time to make consulting money.
Re:Cui bono? (Score:4, Insightful)
Re: (Score:2)
I didn't say they were clever.
I didn't say consultants were clever.
But someone needs to remind a bunch of people how to do parsers and isolate data types.
As regards DDoS, defense is a whole other strategy. Yes, you can recover. Yes, it's ugly for a few minutes. But it's survivable. And remember: most of these attacks got inside, not just hosed their TCP transports. They phished inside, got some dirty laundry, and hung it out to dry. They enjoyed watching orgs get punked.
Re: (Score:2)
Re:Cui bono? (Score:4, Insightful)
Yes, and you'd be amazed in how many companies amateurs are at the helm of security. Or rather, how little money and how much burden the average C(I)SO gets on his back that he simply cannot run the required security audits. Bluntly speaking, to get security up to par, the average corporation would at least have to double, more likely triple, its security staff.
Security is a lip service business. Much like insurance. You do what law dictates, not a penny more is spent on it. If the law doesn't dictate that you have to be secure against SQL injections and DDoS attacks, it's mostly a matter of luck and whether the programmer writing the piece of software does it automatically, which in turn again is unlikely because it certainly is neither part of the testing nor of the final inspection protocol. Even if, there simply is no time for more than a cursory glance, so in effect the burden of blame is shifted on some scapegoat, most likely one of the CSOs underlings. Or, lacking said underlings, the CSO.
Re: (Score:3)
It's all really quite simple. Use parameters for every query and you'll never have a problem with SQL injection unless the DB library itself has a hole (much less likely than the possibility that your home grown validation code has a hole in it).
Where I work I do this regularly. Every now and then I find crap like
Re:Cui bono? (Score:4, Insightful)
Compliance has nothing to do with security. Compliance has something to do with laws. Creating laws take time, creating auditing checkbox-ticker-tests take more time and filling them out takes some more time. We're talking months here. By the time you start ticking off checkboxes (assuming that you were fully compliant from the start, which in my 10+ years now never happened, not a single time) you're already about 8-12 months behind the reason the law was passed for.
And a year is a long, long, long time in IT security.
You may rest assured that all companies that got sacked were fully compliant with laws and regulations concerning security. Which essentially means jack when it comes to "real" IT security the way the average geek would think of it. Don't mix compliance with security, they're two very different beasts and sadly, the former is more important to the average CEO than the latter. Because there's very specific laws for the former, but usually just very diffuse ones for the latter.
Re: (Score:3)
Well, something tells me this is in response to legal activity. There are surely going to be new laws, probably not ones specifically in response to hacking activity, but others that allow various governments all sorts of access to records to track down hackers.
The idealist in me wants to believe that we could also get more laws passed holding corporations more accountable for lax security.
Re: (Score:2)
The realist in me realizes that such laws will first of all not be forthcoming, and second of all, even if they were, wouldn't do a thing. Or, worse, hit the wrong ones.
Laws "against" corporations are a matter of money. Nothing more, nothing less. If someone goes to jail for it, some scapegoat will. So that certainly never had any impact on corporations. And the money involved is a cost/risk factor. How much to secure against the risk, how much to pay if it happens, how likely is it to happen? I.e. simple r
Re: (Score:2)
Their true position? A few more years and they can start badgering for minority group protection.
Re: (Score:3)
Huh? Why would it?
The ones that do not understand and are not affected by the hacks won't care. They will not realize anything.
The ones that understand already knew it. They will not realize anything new.
The ones that do not understand but were affected (e.g. by having their credit card exposed) will welcome the laws and feel protected. They will not realize anything ever.
What timing... (Score:2, Insightful)
I don't remember them ever saying anything about limiting their hack-spree to 50 days. Sounds like they've pissed enough people off that they're starting to get ID'ed and arrested, and are hoping they can quit before it gets really bad. They're a bunch of weenies all right, but I don't think it's over for them. I for one will be lulzing my ass off when they all get caught and sent to pound-me-in-the-ass prison.
Re:What timing... (Score:4, Interesting)
Sounds like they've pissed enough people off that they're starting to get ID'ed and arrested
Or their asses kicked.
Re: (Score:2)
Not even remotely.
If they were at risk, why would they post on the web and announce they're stopping or how would they even have the chance, for that matter?
Re:What timing... (Score:5, Insightful)
it's been a few beers in an airport, but still...
do you - downhole - personally feel that sexual abuse in prisons is appropriate ?
including all the innocents getting convicted (think movie witch hunt or other similar cases), all the minor convictions (smoked some weed) and so on ?
personally, i would not have guts to condemn a person who would in the end find the means to kill off those who got them in the prison wrongfully. and i believe we should not make prisons a place to breed people like that.
Re: (Score:3)
Re:What timing... (Score:5, Insightful)
Re: (Score:3)
Yes, I will laugh as they ger raped in prison, because they are criminals.
Ok but consider one thing: imagine that your son would do something stupid one day, like selling 1g of hemp to a friend to help him out or crack into a government website for the lulz, and gets caught. He's a criminal now. Will you still be laughing as he gets raped in prison? If you answer "no", then you're definitely a stinking asshole and a filthy motherfucker, because you want harsh penalties for others but will beg for them not applied to you. And if you answer "yes", then you're definitely a stinking
Over? (Score:4, Insightful)
I doubt it... (Score:4, Insightful)
The Real Question... (Score:5, Insightful)
...is whether everyone else is done with Lulzsec. Unfortunately, they've likely pissed off the kinds of people who don't stop the game just because the opponent wants to quit.
Re: (Score:2)
It's better to burn out than fade away... (Score:4, Interesting)
Batty: I've done... questionable things.
Tyrell: Also extraordinary things; revel in your time.
Batty: Nothing the God of biomechanics wouldn't let you into heaven for
i hope they dont quit (Score:5, Insightful)
Re: (Score:2)
the world needs benevolent black/grey hat hackers to dig up dirty laundry on the establishment,
And you pick LulzSec as the most capable group for this? Hilarious.
Re: (Score:3)
The Information exposed by LulzSec was mainly just proof that these organisations security was too lax.
The only dirty laundry they wanted to expose was that these systems weren't secure.
The Paydirt for LulzSec was getting in in the first place, not any information they found.
Re: (Score:2)
maybe change their strategy and mix things up to evade capture, the world needs benevolent black/grey hat hackers to dig up dirty laundry on the establishment, let the government & police know that if they do wrong that it will be found out and exposed for all the world to see...
I wouldn't go so far as to say "benevolent" but I prefer to live in a world where the watchers are watched and the tyrants are forced to live in fear.
They'll be back... (Score:2)
Though "LulzSec" has disbanded. the members will probably merge back into Anon or start another group.
So expect a release on Monday as planned. It will just have a different name attached...
They think if they change their name it makes it harder for "the Suits" to catch up with them.
They may be right..........
BASIC Gorilla tactics 101:
10 Come together in a small group
20 Make a few big Bolshie attacks
30 Have a few lulz
40 Disband
50 goto 10
Re:They'll be back... (Score:5, Funny)
BASIC Gorilla tactics 101:
No, basic gorilla tactics are to live in troops in tropical and subtropical forests in central Africa.
Re:They'll be back... (Score:5, Funny)
No, that's gorilla STRATEGY. Gorilla tactics is deciding who to fling poo at.
Re: (Score:2)
Re: (Score:2)
50 goto 10
Thought it was bad programming to form goto loops?
=)
-AI
Re:They'll be back... (Score:5, Insightful)
BASIC Gorilla tactics 101
The tactics are to look at the wind-speed meter, consider elevation, and then try an angle and velocity that will strike the opponent with your explodo-banana. Refine your velocity and angle per the rules of "playing the odds" guess too much one way, and too little the other, then extrapolate the correct angle and velocity by interpolation.
A quick search turns up this website that has a flash implementation of the game [kongregate.com] (covered with a skippable ad) that you may use to refine your "BASIC Gorilla" skills.
Re: (Score:3)
You, my friend, have clearly never played that game.
BASIC Gorilla tactics 101
The tactics are to look at the wind-speed meter, consider elevation, and then try an angle and velocity that will strike the opponent with your explodo-banana. Refine your velocity and angle per the rules of "playing the odds" guess too much one way, and too little the other, then extrapolate the correct angle and velocity by interpolation.
A quick search turns up this website that has a flash implementation of the game [kongregate.com] (covered with a skippable ad) that you may use to refine your "BASIC Gorilla" skills.
No, that's QBASIC Gorilla tactics 101.
These are not the droids... (Score:2)
These are not the droids you are looking for...
just sayin'...
What, the script-kiddies have enought? (Score:4, Insightful)
Pathetic really. The only thing different is that these idiots have big mouths. Which, I bet, will be their downfalls. Nothing they did on the hacking side is impressive at all. Competent black-hats know that one of the most dangerous things you can do is public bragging. Having an information-channel back is beyond stupid.
Fortunately, law-enforcement has very long memories and a lot of patience. It is just relatively slow. I predict that we will see them all begging for mercy. Might take months or years, but they were far to careless not to get caught.
Re: (Score:3)
They even set up a telephone hotline.
Re: (Score:2)
Re: (Score:2)
The problem here is the "little knowledge". That is what will prevent them from getting away. They left so many possible traces, I am convinced, law enforcement is currently just checking whether they have identified everybody and have enough evidence. As these LulzIdiots will not all be able to let go of their newfound "power", more evidence will become available shortly. And, no, they do not even have a snowballs chance in hell.
Re: (Score:2)
No, law enforcement is demonstrably incompetent in computer crime. Between the turf wars among agencies, the terrible morass of existing law, the foolish concept that they can defeat computer crime by finding "ringleaders". Ringleaders are very transitory, and easily replaced by bored fools with slight technical knowledge who enjoy a challenge.. A few of these fools will have actually learned some tools, and pass them on, and the rest will be ignored as "small fish". You can see examples of this sort of leg
Done? (Score:2, Funny)
What's the deal here - is it past their bedtime?
Probably a fake - Doesn't anyone read Twitter? (Score:2)
What if...? (Score:2)
...they got a note from Anonymous, and they realized they'd best go away... NOW!
Win like Korea and Vietnam (Score:2)
Wreak havoc, fail to achieve any of your stated political goals, declare victory, and run away because it's too risky to stay. It's not only crackers who are this wasteful and destructive to innocent people's property: take a look at the mess in Iraq, Afghanistan, Panama, Vietnam and Korea for examples in the last 60 years.
Re:Interesting, not ironic (Score:5, Interesting)
Yes, and they had a document release planned for Monday. Something must have just happened.
Re: (Score:2)
It's called cold feet. Too bad it's likely too late.
Re:Cowards (Score:5, Insightful)
What, life get too hard? Clearly someone got close to kicking them out of the game, and they ran before that would happen.
Win the war, not the battle.
Live to fight another day.
I can think of others. Basically sounds like a smart idea to me.
Re: (Score:2)
Re: (Score:2)
Pound me in the ass prison?
That comes to mind to me.
Re: (Score:2)
Re: (Score:2, Insightful)
On June 21st a suspected member is arrested in the UK, on June 25th they call it quits. The prospect of life in a British arse pounding prison was certainly a factor.
The culture of institutionalised rape and its tacit endorsement as part of the punishment (*) is far more closely associated with the American prison system. I'm not saying it doesn't happen here, but it doesn't seem to be a factor to the same extent.
(*) Obviously unless you're the prison rapist, in which case it's more "get to pound some kid locked up for marijuana possession in the ass prison", but let's not think about the logic of it too much.
MOD THIS UP (Score:3)
Prison rape is not considered acceptable in the UK (or most of western Europe) and so the authorities actually try to stamp it out if it happens. As a consequence it is not a major problem.
Prisons in Europe are thus not "Pound me in the arse prisons".
I wonder if judges in the US ever factor this in when they decide upon a sentence.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
sorry for the bad modernization
Re: (Score:2)
>Win the war, not the battle.
>Live to fight another day.
How about...
"I'm not like other people. Pain hurts me!" - Daffy Duck
--
BMO
Re:Cowards (Score:4, Funny)
Win the war, not the battle.
Would that be the war against nintendo, minecraft, sega, or Eve Online?
Re:Cowards (Score:5, Insightful)
Re: Vietnam (Score:3)
For gods sake, let it heal.
There is a history lesson alright: it was an idiotic fight picked by a bunch of paranoid lunatics. It killed, maimed and harmed a huge number of people for no reason at all.
Don't try to paint war-success stories from what is, at best, a cluster fuck of people that should know so much better.
At best, it is yet another lesson in how using weapons solves nothing. If I count correctly, the "using weapons group" is losing 30 to 1. When Afghanistan is over, it will be 31 to 1.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Worked well for the Communists, not so well for the South Vietnamese who weren't communist.
Also look at what happened during Tet '68 to non-communists in Communist controlled provinces.
http://en.wikipedia.org/wiki/Massacre_at_Hu%E1%BA%BF [wikipedia.org].
Re: (Score:2)
Re:Cowards (Score:4, Insightful)
Re: (Score:2)
What pisses me off most is that these new laws will be bad for ALL users of the Internet.
It would be hard for me to convinced that there won't be more harm than good that will come from their actions.
Re: (Score:2)
Called it. [slashdot.org]
What did LulzSec accomplish? They raised the general public's awareness of the dangers of "hackers".
It should be easy to point to their "attacks" when trying to pa
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
We're getting offtopic here, but Bush wining the second time does NOT Prove that elections are rigged. What it actually caused Bush to get re-elected was a swift-boat campaign http://en.wikipedia.org/wiki/Swiftboating [wikipedia.org] on John Kerry right before the election.
I'm replying not to just be pedantic and correct you, I just want to raise awareness of the power of lying TV advertisements - if you know what swiftboating is, you will have the mental tools to recognise it when it happens and respond accordingly.
Do dem