Authorities Closing On LulzSec

mask.of.sanity writes "The noose is tightening on hacker group LulzSec, according to a coordinated group of like-minded users, some from LulzSec-Exposed that claim to have uncovered the identity of LulzSec members and supplied them to the FBI. An arrest Monday of a UK teenager was rumoured to be former hacker scene member Ryan Clearly, and the trackers, which includes a former FBI agent, say this arrest is the first of many. They refused to disclose the identities of LulzSec chief, saying it would cause the members to burn the evidence of attacks and scatter."

Logic disconnect...

[Eggplant62]

But publishing a news story about the arrests isn't going to cause the members to destroy evidence and scatter? Hahahahahahahahahahahaha.... Fuck.

Re:Logic disconnect...

[Marc Madness]

Maybe that's the intention. By putting out a press release stating that arrests are imminent, maybe they are hoping that LulzSec will destroy their own infrastructure and go into hiding, thus eliminating them as a threat. It's true doublethink; it can mean that they have no leads whatsoever, or that they do.

Re:

[poetmatt]

this is just another "war on something". They are about as close to lulzsec as imagination is to reality.

Re:Logic disconnect...

[interkin3tic]

By putting out a press release stating that arrests are imminent, maybe they are hoping that LulzSec will destroy their own infrastructure and go into hiding, thus eliminating them as a threat. It's true doublethink; it can mean that they have no leads whatsoever, or that they do.

-The FBI has identified the members, can capture them, will capture them, put out this statement to scare them into stopping the attacks until they can be arrested
-The FBI has identified the members, can capture them, will capture them, couldn't keep a lid on the rumors, leading to this leak
-The FBI has identified the members, can capture some of them, but want to scare off the ones they can't with this
-The FBI has not identified the members, and wants to scare them off
-The FBI thinks it has identified the members, foolishly bragging about it beforehand, and will be have egg on their face when the people they arrest have little to do with it, attacks continue

Re:

[cgeys]

Nice way to ruin your life.

Ryan, described as a loner who ‘lives his life online’, faces the prospect of extradition to the U.S. where he could face 60 years behind bars for allegedly hacking into the CIA and Senate websites.

The funny thing is, soon everyone will forget about the whole thing, but he gets to spend his life in the prison. For a few "lulz".

Re:Logic disconnect...

[biodata]

if he's ever charged with anything

Re:

[singhulariti]

Something tells me he might end up being hired by the FBI after a few years

Re:

[smelch]

Something tells me you underestimate true hacking talent, and the value of not being a dumbfuck attention whore. Seriously, what makes you think this guy is a more talented hacker than any of the people who actually write viruses, malware, develop jailbreaks, reveal encryption keys in hardware etc.? The only thing that got this guy attention was sticking his e-peen where it didn't belong and waving it about in people's faces.

I don't think the FBI needs more people to hunt out low-hanging fruit. Not to me

Re:

[MBGMorden]

The Frank Abagnale situation has happened precious few times. It's not typically a recruitment method. Most likely, if he's convicted, "Federal pound-me-in-the-ass" prison is what awaits, not cushy employment with the FBI.

Re:

[X0563511]

Yea, because running an IRC server gets you into CIA servers...

Re:

[cavreader]

They hit the public facing websites which are little more than ebrochures and contact info. They did not penetrate any secure systems. I seriously doubt the CIA offers a public portal for thier spies to login and make reports.

Re:Logic disconnect...

[sosume]

How can someone who has never entered the US be convicted to 60 years for breaking US laws??

Re:

[RazzleFrog]

Entered physically perhaps but he accessed US server allegedly. Of course, he's lucky they don't just call him an "enemy combatant" and send him to Guantanamo.

Re:

[kevinNCSU]

The same way if someone in North Dakota fires an arrow up into the air and it lands in the chest of a little Canadian boy on the other side of the border the American who fired the arrow can be extradited and tried for breaking the Canadian laws regarding murder because the countries have extradition treaties. How is this at all confusing? Just because someone breaks the law online doesn't mean the legal system can't possibly figure things out because your in a different country AND online.

Re:

[goodmanj]

I agree with your point, but that's the most ridiculous example of a cross-border crime I've ever heard. How about using smuggling, mail fraud, or some other crime that actually happens?

Re:

[X.25]

The same way if someone in North Dakota fires an arrow up into the air and it lands in the chest of a little Canadian boy on the other side of the border the American who fired the arrow can be extradited and tried for breaking the Canadian laws regarding murder because the countries have extradition treaties. How is this at all confusing? Just because someone breaks the law online doesn't mean the legal system can't possibly figure things out because your in a different country AND online.

So, if American hacks into Chinese server, you agree that it will be ok to extradite said American to China?

Or even better, if you insult King of Thailand, you just broke some Thai laws. Therefore, you should be extradited to Thailand.

Right?

Re:Logic disconnect...

[kevinNCSU]

The same way if someone in North Dakota fires an arrow up into the air and it lands in the chest of a little Canadian boy on the other side of the border the American who fired the arrow can be extradited and tried for breaking the Canadian laws regarding murder because the countries have extradition treaties. How is this at all confusing? Just because someone breaks the law online doesn't mean the legal system can't possibly figure things out because your in a different country AND online.

So, if American hacks into Chinese server, you agree that it will be ok to extradite said American to China?

Or even better, if you insult King of Thailand, you just broke some Thai laws. Therefore, you should be extradited to Thailand.

Right?

In the case of China, no, I do NOT agree that we should extradite citizens to a country we don't even have an extradition treaty with, duh, this would be illegal. In the case of Thailand, I believe we have a dual criminality treaty (most of our extradition treaties are dual criminality, while a few specifically list extraditable offenses) , and since insulting the King of Thailand isn't a criminal offense in the United States, it doesn't fall under an extraditable offense under the treaty. If I'm incorrect and we have a list treaty I'm pretty sure that one ain't on the list. Now if a citizen started committing a bunch of mail fraud or hacking a bunch of servers belonging to the Thailand government (acts that are also illegal here) and that government requested extradition through diplomatic channels then sure, by all means extradite him as long as it agrees with our current foreign policy goals.

Re:

[S.O.B.]

It could be argued, and will be I'm sure, that since the CIA servers are on US soil then the crime he committed was on US soil even though he was physically outside the US.

We can't let criminals get away with stealing or destroying data simply because they are sitting in another country while they do it.

If I put a bomb on an airplane but it only explodes once it is in another country am I not responsible? And wouldn't the country where the bomb exploded have the right to charge me for breaking their laws?

A

Re:

[Skarecrow77]

I agree with you up to a point in theory, but in practice I think we run into issues.

The problem comes when you realize that some places have some very weird laws, and their laws don't require you to even be anywhere near the location in order to be "breaking" those laws.

I'm pretty sure I remember reading some stories 6 months or a year ago where a company in California was was selling sex toys and the like via website, and some municipality in Florida tried to charge the employees of the company with break

Re:Logic disconnect...

[bws111]

And just to clarify, the first thing in the extradition treaty [statewatch.org] is:

"An offense shall be an extraditable offense if the conduct on which the offense is based is punishable under the laws in both States by deprivation of liberty for a period of one year or more or by a more severe penalty."

Re:

[Skarecrow77]

Oh I am perfectly aware that extradition treaties work both ways, and Denmark isn't too likely to send their cartoonist to get his hand chopped off or something like that, that's why I said it was the "ridiculous" extreme, I was simply pointing out that you may be able to get only slightly less ridiculous and still fall under the umbrella of "oh shit this could actually happen".

Also, you make my own point for me. Since both UK and US have cybercrime laws, we don't need to charge the British kid with breakin

Re:

[bws111]

That makes no sense at all. First of all, if the CIA's website (for example) gets hacked, the FBI is going to investigate it, not Scotland Yard or whoever investigates such things for the UK. All of the procedures followed, etc are going to be US procedures, not UK procedures. All the rules of evidence are going to be US rules.

Secondly, and more importantly, the crime was committed against the US, not the UK. Why should the UK be burdened with prosecuting the case and paying for incarceration, etc for a

Re:

[makomk]

Quite easily. In fact, thanks to Britain's one-sided extradition treaty with the US it's even possible for British citizens to be extradited to the US for crimes committed entirely in the UK against UK corporations, and this has actually happened.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[NeverVotedBush]

One thing about prison - he'll probably have a lot more sex than he had been having. ;-)

Re:

[telekon]

Infrastructure? LOL.

Re:

[bhcompy]

Basic profiling I'd say. Look at what they're doing and ask yourself who would do that kind of thing most often? A 40 year old IT security expert? A pissed off old man? Or a teenager/young adult? Maybe you missed the AOL script kiddy days, because it was essentially the same situation(with much much lower stakes).

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[unity100]

time will tell, and you, my moronic little sister, will know the truth.

so then, you are in the same basket with us ...

Re:i dont know whether youre a moron or not

[Skarecrow77]

Just because you're young and stupid doesn't mean you don't have to deal with the consequences of being stupid. Sure kids do stupid things. I did, I'm sure we all did. That doesn't mean kids immune from the responsibilities of their actions. They are given more leeway, certainly, for having poorly developed sense of judgement, and because of that in this situation you have to take into account that kids are liars and could be falsely claiming responsibility for street cred. But then you look at circumstance:

If some 8-year-old kid who just got his first laptop 3 months ago says on his facebook page that he hacked the FBI, maybe that claim is not trustworthy. But if it is a 17-year old who has been into computers since he was 8 bragging about the same thing, using the lingo, demonstrating the knowledge, etc... maybe you believe him. Or at least you treat it as a credible possibility and investigate. Perhaps even prosecute if you have enough evidence. Maybe he really didn't do it, but then he's going to have to deal with the consequences of saying he did so because he certainly seems like he could have done it.

If you try and convince somebody that you committed a crime, and you do a convincing enough job that they believe you, that's your fault. You better damn well believe that authorities care about high profile felonies, especially ones that are targeted at THEM, which if I recall, some of these attacks were.

Here's a slashdot analogy for you. I was taught not to poke a bees nest when I was a kid. Weren't you? What we're talking about here isn't just poking the bees nest (which the lulzsec guys did), we're talking about somebody else who walked over to the now-angry nest of bees, picked up the stick that was used to poke the nest and stood there under the nest holding the stick. Look, even most kids aren't stupid enough to do that... and the ones who are, what do you make of that? Do you blame the bees for stinging them? He chose to stand there with the stick!

with your logic, you can convict a 6 year old who says 'dodo' during a national anthem.

What in the world does that have to do with our discussion of publicly confessing to felonies?

Re:

[ArsenneLupin]

That's what we poker player know by the technical term "bluff". And methinks, you just called it... Congrats!

Burn the evidence of attacks and scatter

[RivenAleem]

Do it, do it now, they are on to you. No really, it's not just what they want you to think, they really mean it, your time is up, go to ground and never resurface again. Someone within your own organisation has outed you to the Feds, you can't trust any of them, scatter and break all contact with all your members, as any one of them could be the informant. They will get you if you remain organised.

Re:

[aaaaaaargh!]

LOL

+1 funny

Re:Burn the evidence of attacks and scatter

[PNutts]

Do it, do it now, they are on to you. No really, it's not just what they want you to think, they really mean it, your time is up, go to ground and never resurface again. Someone within your own organisation has outed you to the Feds, you can't trust any of them, scatter and break all contact with all your members, as any one of them could be the informant. They will get you if you remain organised.

I always wondered what the tin foil hat says.

Re:

[not-my-real-name]

All is discovered! Flee at once!

Re:

[Dunbal]

What, you clicked on it despite the fact that it says "[goatse.fr]" right there next to the link?

Re:

[SilentStaid]

WARNING: Parent can't read, but thankfully the low-flying joke still whooshed right over his head.

Huh?

[Afforess]

Really, the FBI isn't afraid that capturing one alleged member of LulzSec won't cause the other members to bolt and hide the evidence, but disclosing the names will?

It's days like these I think elementary logic classes should be manditory.

Re:

[Registered Coward v2]

Really, the FBI isn't afraid that capturing one alleged member of LulzSec won't cause the other members to bolt and hide the evidence, but disclosing the names will?

It might, but in they may see themselves, at least individually, as well hidden and smarter than the FBI and others. Besides, they want attention, and what better way to get it than taunt authorities

Sure, they could hide evidence but, in the US at least, hiding evidence could be construed as obstructing justice, which could land them in jail even if they committed no actual crimes. In some ways, that makes it easier for the government since all they basically need to show is they acted to influence the inve

Re:

[delinear]

I don't know - it reminds me of police press conferences on the news here in the UK. Generally if the case is proceeding well and they have a good trail of evidence/witnesses to follow they don't give press conferences (why risk spooking the criminals into hiding, let alone waste police time?). When they have nothing they'll often do a conference saying that they believe the net is closing and whoever is sheltering the criminal should give them up - this is pretty standard operating procedure when they have

Re:

[SCHecklerX]

It's days like these I think elementary logic classes should be manditory.

Elementary spelling classes, too.

Re:

[Afforess]

It's days like these I think elementary logic classes should be manditory.

Elementary spelling classes, too.

That or the ability to edit posts. ;)

Re:

[interkin3tic]

Really, the FBI isn't afraid that capturing one alleged member of LulzSec won't cause the other members to bolt and hide the evidence, but disclosing the names will?

I think it's more likely that people at the FBI are afraid they'll lose their jobs if people start thinking they're nowhere with this.
Congressman: "How is it that the FBI hasn't caught these 'loosesex' people yet? What are you people doing? I think we need to investigate the FBI's ability to-"
FBI brass: "Well Congressman, you must have missed the rumors that we're about to capture them."
Congressman: "Oh. Well then, back to doing nothing."

Re:

[arth1]

If one them gets caught, what keeps another member from going to the FBI and making a deal to expose the others while protecting themselves?

That they're in countries without an FBI office, or that the FBI has no judicial authority to make deals in those countries?

Re:

[smelch]

When did they sign the extradition treaties? I don't know when but it certainly wasn't recent. And it's not just a game of applying US law to UK citizens whenever we feel like it. This is standard international law and has been for a long time. US/UK Extradition Treaty of 2003 was the most recent treaty affecting extradition. This isn't a last minute "we want that guy lets get him" move, this is standard legal procedures when somebody in country A fucks country B.

Re:

[Daetrin]

They probably expect that a number of the members are thinking "they're not on to me. I'm too good at this to get caught".

This. Just look at the number of comments here alleging that the FBI doesn't have a clue and are just saying this to keep everyone from thinking they're totally incompetent. If they named a specific person within the organization at least some of the members would probably crap their pants and start running for cover. As it is LulzSec is probably just laughing it up.

Another Hacker Group

[Anonymous Coward]

There's a group of Japanese hackers who've been able to shut down businesses, infect users with rootkits and remotely remove functionality from consumer electronics.

They call themselves SONY or something...

Re:

[poetmatt]

sony? Other than the japanese part, don't you mean microsoft/EA/Intel?

Re:

[Tim C]

No, he's referring to the (music) CDs that shipped with auto-install anti-piracy software hidden on them that behaved basically the same as a rootkit and remotely removing the Other OS feature from the Playstation 3. Not sure about the reference to shutting down businesses, but the other points are valid.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[delinear]

I believe the shutting down businesses is a reference to Sony's practice of going after people selling modchips, or imported consoles and the like - the most prominent of these probably being Lik Sang [wikipedia.org].

Not the brightest

[Xest]

"They refused to disclose the identities of LulzSec chief, saying it would cause the members to burn the evidence of attacks and scatter.""

Yes, because announcing you know his identity on the internet wont do that anyway will it?

Obviously not the sharpest tool in the box, such a comment doesn't instill much confidence that they have in fact got the right people.

Let's be honest, the LulzSec people will know if they've let their identity loose to anyone or not, if they have they'll already be watching their b

Re:Not the brightest

[mr_gorkajuice]

Are you suggesting that these people are incapable of mistakes, and cannot ever possibly be outsmarted by feds?
I believe you're vastly overestimating these guys, and similarly underestimating authorities.

Re:Not the brightest

[Xest]

I'm suggesting that when you've been thinking about such things long enough there's very little room to make mistakes, and that if you have, you'll tend to know about it. The hacker mindset is one of meticulous attention to detail and obsessive thought about a subject on their mind, you can guarantee that particularly when paranoid about being caught which is going to be more the case with such announcements as this that the scope for mistakes will be so small, and the scope for mistakes that can't be cleaned up after the fact and before discovery is even smaller.

I'm not saying they couldn't be outsmarted by the feds, simply that they wont be outsmarted by someone foolish enough to post on the internet "We know the leader's identity", before he's actually been brought to justice. I also suspect that to actually catch them they're likely to somewhat cheat, and throw due process out the window- they may have a rough idea who is involved but not have the evidence to legitimately question them or seize their kit, so they'll make up some false charge to seize it and build up evidence upon that anyway. They may not even have a case then but the authorities including the judiciary seem quite competent at ruling against people even when the evidence is unacceptably weak in the first place.

They probably will get them some way or another, but it may not be through a legitimate thoroughly proper and clean legal process. Sure many such hackers have been caught in the end, but how many haven't over the years? How many spammers go untouched, how many criminal hackers do the authorities not even know the rought whereabouts of? how many DDOS attacks against major corporations even before anonymous started doing them went unpunished? you only have to look at the rather famous case of Al Capone, where physical evidence should theoretically have been much easier to come by and see that they had to do him on tax evasion in the end to see that sometimes, achieving proper justice against criminals can be quite the impossible task. The result then is either failure to deal with them at all, or a bending of the law.

I think more realistically you're underestimating the ability of smart criminals, particularly in the digital world to evade justice. For all the feel good stories about "criminal X has been caught" hammered into us on the news, and newspapers, there's plenty more who are not. It's perfectly possible they will fall into this category, and it seems blurting out to the world that you know the identities of these people even if you don't announce said identity is only going to make life that much harder for the authorities who may truly find any potential evidence has already been burnt and shredded already whether in the physical or digital sense. A smart investigation would simply not announce knowledge of the identity of the target until they were already in custody, anything else is just foolish penis waving.

Re:

[Missing.Matter]

I think more realistically you're underestimating the ability of smart criminals

The smart criminals usually get away because they know when to stop. Greedy criminals, who continue to commit their crime time and time again tend to get caught because they slip up eventually. I think it's evident LulzSec doesn't know how to quit while they're ahead.

Very Unfortunate.

[crow_t_robot]

This is unfortunate considering what lulzsec is currently doing for the IT job market. These attacks are getting incompetent people fired and making companies go out and look for competent people to hire in their place. Also, it is forcing them to actually invest money in their IT infrastructure instead of just slapping some servers together and letting some clowns straight out of a degree mill run them. People need to realize that this is a net good thing because if a 19 year old with no formal education is ripping servers owned by multi-billion dollar international corporations then the Chinese have already been there. A company would not even know about the Chinese intrusion much less publicize it once they found out so what lulzsec is doing is shining the light on how poorly these companies that hold your data are run.

Re:Very Unfortunate.

[wintercolby]

While it is good for the IT industry as a whole, as far as investment in infrastructure and qualified administrators, it is also bad for Internet freedom. The less secure people feel on the Internet, the more we will lose anonymizing proxies and the more public everything we do on the Internet will be. Today we have the "sexting representative", tomorrow it will be a senator that looks at free porn on his home computer. The extreme cases convince us that we need to lose some privacy, and then government passes laws that are harsher and harsher, and relaxes warrant requirements, because no one loses elections for being strong against "crime".

Re:

[cheekyjohnson]

I think that says more about the people willing to throw away their own privacy because someone hacked websites on the internet than it does about Lulzsec.

Re:Very Unfortunate.

[Dhalka226]

I understand what you're saying, and to some degree I agree: The state of security on Internet-facing web properties is staggeringly bad, and the fact that companies who do an incompetent job protecting their users are getting publicly called out is, in its own way, a good thing.

Still, there are right ways and wrong ways to do things and LulzSec is clearly on the wrong side of the line. This is particularly true when you read their own postings about how they do it "for the lulz." "You wouldn't know we hacked people if we weren't arrogant shitheads about it!" was nothing more than a post-event attempt at rationalization. And their nonsense with hacking into porn sites and trying to publicly shame people who visit them made me want to strangle them with my own hands.

Some good can come of all this, and I hope it does. But yes, I also hope these people are caught and punished. There are a lot of horrible things people can do to one another that might, in some way, lead to good conclusions, but that does not mean that they should be done. Robbing your neighbor to prod them into locking their doors at night may end up with a good outcome, but I should still go to prison for it. The same applies here.

Once they have done their time and paid their debts, I'm sure they can make quite a handy little salary doing these same damn things the right way.

Re:

[ArsenneLupin]

And their nonsense with hacking into porn sites and trying to publicly shame people who visit them made me want to strangle them with my own hands.

Keep your energy for your chicken, that feels much better...

Re:Very Unfortunate.

[crow_t_robot]

And their nonsense with hacking into porn sites and trying to publicly shame people who visit them made me want to strangle them with my own hands.

Anyone who pays for porn on the internet should be shamed. Seriously.

Re:

[vegiVamp]

I strongly disagree. The ones who pay for porn on the internet are the reason you and me can get it for free. If no-one pays for it, it doesn't get made.

That being said, these days that no longer fully holds true, thanks to xtube and the like providing oozes of homemade; but one has to wonder how much of their money comes from paid advertising accounts posting 15-second clips of commercial porn.

Re:

[Dishwasha]

This is unfortunate considering what lulzsec is currently doing for the [door and lock] job market. These attacks are getting incompetent [locksmiths] fired and making companies go out and look for competent [locksmiths] to hire in their place. Also, it is forcing them to actually invest money in their [door and key] infrastructure instead of just slapping some [keyholes] together and letting some clowns straight out of a [high school] mill [install] them. People need to realize that this is a net good thin

Re:

[phreakv6]

why cry foul if the govt. resorts to the same tactics? (say if they planned an attack that helped pass a bill)

Re:

[poetmatt]

Absolutely. Even Penny arcade agrees [penny-arcade.com]
from the article on PA:

Like the electronic smash and grab at Sony, I think the endgame here is better security at the places we trust with our data. It’s been an education for me, to be sure: custom passwords everywhere, now, 2-step where available, and when I need a new password I let my daughter go fucking crazy nuts on the keyboard. And then I say who’s my little hash function? Who is it? She knows who.

Focusing on harming lulzsec is really ignoring that peo

Re:

[Riceballsan]

Unfortunately few companies will see it that way, the more targets lulz succeeds at attacking, the more likely companies will view them as an unforeseeable and unstoppable act of god rather then a sign their security is garbage. History has shown that the response to a hacker is almost never, oh gosh our security is bad, and more often OMG this criminal must be stopped, push better laws to monitor who's online, catch these criminals and make sure they all get life sentences, and hey while we're at it, the f

Re:

[Anonymous Coward]

This isn't the broken window fallacy. Nobody is trying to boost the economy by breaking perfectly good things.

They are showing the weakness in the existing system, exposing people who can't do their jobs, and generally forcing everyone to up their game.

It's a completely different situation.

Re:

[MBGMorden]

This isn't the broken window fallacy. Nobody is trying to boost the economy by breaking perfectly good things.

Rubbish. The systems they are targeting are working fine. They are breaking perfectly working things, thus demonstrating that they are BREAKABLE. That's irrelevant. In the broken window fallacy the windows are breakable too. That doesn't mean that it's a good thing to break them and then smugly suggest that the shop owner replace them with steel plates for extra security.

Not to mention that this ass-clowns have not even bothered to try and put for that tired old "we're just trying to demonstrate securi

Re:Very Unfortunate.

[poetmatt]

"Working" and "set up properly" are entirely different.

They aren't breaking into complex shit, they're breaking into the equivalent of the old adage: "leaving the barn door wide open." If you are vulnerable to a SQL injection, whose fault is it that you set up your website that way? You're acting like it was working perfectly fine. It wasn't. It was left with a clearly bad process, almost guaranteed to have been done either a: as a cost cutting measure or b: by incompetent/underqualified people. Et cetera.

They have also very explicitly said whenever they release things that people should be more secure. Clearly you have a reading comprehension issue.

Re:Very Unfortunate.

[woolpert]

This isn't the broken window fallacy. Nobody is trying to boost the economy by breaking perfectly good things.

Rubbish. The systems they are targeting are working fine. They are breaking perfectly working things, thus demonstrating that they are BREAKABLE. That's irrelevant. In the broken window fallacy the windows are breakable too.

Wrong.

If the systems they are targeting are breakable they are not working fine.

A window can be breakable and still perform its primary mission. The breakability of the window has nothing to do with the point of the story.

An authentication server can not be susceptible to such attacks while still be considered performing its primary mission.

Re:

[phreakv6]

this is stupid. you don't go picking locks to make your neighbor get better locks

Re:

[Exitar]

This isn't the broken window fallacy. Nobody is trying to boost the economy by breaking perfectly good things.

They are showing the weakness in the existing system, exposing people who can't do their jobs, and generally forcing everyone to up their game.

It's a completely different situation.

Are you sure that a group defining itself "the world's leaders in high-quality entertainment at your expense" is working for a better world?

Re:

[crow_t_robot]

Actually, it isn't. The government does this every day with consumer automobiles. If they don't pass safety standards, the company is told to go back and fix it. This is the same thing except the CONSUMER is telling the company to go fix their shit and stop being so fucking lazy.

Re:

[Dunbal]

Except that this isn't the broken window fallacy. IT people aren't paying lulzsec to go around poking holes in people's security in order to increase IT jobs. It's more the "tornado that ripped through town and is now proving good for the construction industry" scenario. Stop repeating what you think you know like a parrot, and sit and think for a while.

Re:

[woolpert]

You just made the broken window fallacy yourself!

The fallacy isn't that a person (instead of a force of nature) performed the damage, but rather that money is diverted into replacing perfectly functional things.

A tornado is never good for the economy, for while it may divert money towards the construction industry it has a net negative impact on total wealth.

Re:

[Dunbal]

Insecure websites are not "perfectly functional things". In fact, an insecure website is "cheaper" up front in the same manner that dumping raw sewage into a river is "cheaper". There are hidden costs involved. In the sewage case it will be the dead ecosystem in the river, and in the IT case it will be the costs incurred when the website eventually gets hacked and confidential information is made public.

And no, the fallacy isn't specific to a person, it's about the argument that the glass-maker paying th

Re:

[N0Man74]

It's funny. I agree that this isn't exactly a broken window fallacy. However, it's funny that you say that this is like a tornado being good for the construction industry, because my understanding is *that* would actually be precisely an example of the broken window fallacy.

My understanding of the broken window fallacy does not require that the boy goes around breaking windows. The parable has been expanded to ponder that possibility as well, however it was not assumed in the initial parable and is not r

Re:

[MareLooke]

Why so serious?

Re:

[WaffleMonster]

Again, not really a big concern. And wouldn't make any of it ok if it did.

But do try again. I find it interesting how much people want to turn pranks for lulz into some kind of really good thing for society. The only real gain is the few people that finally start maintaining more than one password

Do you think CTOs read about all of this high profile crap happening around them complete with massive losses due to liability and public humiliation and still feel no pressure of any kind to at least try and get their act together?

Heck IT shops flinch whenever defcon is in town. To think otherwise is exceedingly foolish.

Any pressure that can be brought to bear on society to take the security of their electronic shit seriously without having to suffer destructive attacks in order to learn ones lesson shoul

PR madness, Something strange going on

[Anonymous Coward]

What is all this media attention on LulzSec, it is kinda amusing. The character assassination of Ryan Clearly in the UK news is crazy. They have interviewed people in his road, called him a shut in and other things, I think i heard terrorist today as well. I have even had 2 family memebers call me up to disscuss lulzSec (my 60 year old mother), this whole story is dominating the news WHY? I have not seen rapists get this kind of media attention and character assassination. The fun thing is, Ryans Role is pr

How

[unity100]

"Governments are going to win whatever the outcome" - how will that happen with the root of the hacking scene now being in russia.

Re:

[Ash Vince]

The fun thing is, Ryans Role is pretty clear, he was the IRC server host. That's it, so by extension the FBI and UK believe he is now part of Lulzsec.

If he had a modicum of common sense he would steer very well clear of people engaging in activities that are illegal in the country in which he resided. Alternatively he would realise that just by knowingly providing a place where people could discuss illegal activities english law would consider him an accomplice. The english legal system does not have any decent protection of freedom of speech and we have no bill of rights. The police in this country do not even need to ask a judge before writing themselv

LulzSec's downfall is that clearly it is NOT anon

[Borland]

It's been obvious from the beginning that Lulzsec might be fickle in their targeting like anons, but that they are a coordinated group. That lends them a bit more power, but also means that despite their bravado they are connected. And since they're not thinking like terrorists, I doubt they have formed "cells" like any organization which doesn't want to fall quickly to a coordinated assault.

Maybe I don't give them enough credit and the IRC operator was careful to shield everyone and knows no one by name. But despite the publicity, and the fact that they have more skill than I, somehow I doubt they are true black hat masters. Braggarts are the most likely criminals to land in jail.

More misinformation.

[rhadamanthus]

Ryan Clearly housed a lulz IRC chatroom. He has nothing to do with lulzsec.

Re:

[guruevi]

What's important is what a judge/jury will hear and think. They don't understand the difference and even saying "IRC is an anonymous chat system" will mean you're a hacker terrorist that needs to be locked up.

Thanks to the sensationalist media and government even the First Amendment rights have been all but relegated to the academia. Guilt by association is the norm now.

Re:

[RivenAleem]

http://www.youtube.com/watch?v=O2rGTXHvPCQ

Clearly indicates that IRC is nothing but a den for hackers.

Thankfully there's no chance whatsoever that any jury will have ever seen it.

Re:

[optymizer]

I question your reasoning that "he has nothing to do with lulzsec". A 70 year old grandma in Kenya would have nothing to do with lolzsec, but, in this case, Ryan willingly hosted an IRC server for lulzsec, hence he had *something* to do with them and the feds will find out what. And btw, why did they need their own public IRC server? Did we run out of IRC networks? Last I checked, freenode was still alive.

Hackers 4.0

[Tasha26]

If they turned that into a movie, I'd totally watch it... P.s. If you're wondering where I got the 4.0 from, here's my list: Hackers (1995), Hackers 2 - Operation Takedown (2000), Hackers 3 - Antitrust (2001).

Authorities definitely closing in on LulzSec

[David Gerard]

DRAMATICA, Wackyleeks, Wednesday (textfiles.com) — The noose is tightening on LulzSec, oh yes it is, with a red-handed capture nearly almost imminent, said FBI Media Liaison today, and don't you worry about that.

The drug-running terrorist paedophile probably-Chinese-government members of LulzSec have used their horrifying and "l33t" "Internet Relay Chat" skills (or "sk1llz0r," as "hackers" call them) to break into some of the most complicatedly protected computery gadget devices on the Inter-web-thing, particularly the ones running Microsoft Windows. Just like your computer does!!

"Fortunately," fed an off-the-record FBI source, "we have tracked down these dastardly fiends to their festering basement lairs, where they sit all day exchanging BitCoins via their 'four-channel' systems. Our agents are poised right now to swoop, swoop! upon these avatars of delinquency! Multiple US agencies are involved. They might be right outside!"

Authorities worry the "hackers" will get wind of the raids and scatter and burn the evidence. Repeat, the authorities don't want the group to scatter and burn the evidence. Just so that's clear with everyone.

LulzSec was formed by a group of Scientologists interested in Guy Fawkes. The group is named after "lulls," which is when the four-channel system goes quiet, and "sex," the availability of which would cause the group's immediate collapse.

Picture: Practice safe computing! [newstechnica.com]

LulzSec vs LulzSec Exposed

[tverbeek]

I think I liked Sharks vs. Jets better. Better names.

How easy is it?

[no-body]

To frame somebody with all this secrecy going on?

It takes a certain character (needing) to become a spook and same goes for the other side.....

Maybe it's just boredom, need for a purpose and stimulation?

Sounds more like disinformation to me...

[g0bshiTe]

If they are closing in, why in the world would they announce it to the world. I mean seriously. Seems they are doing more barking to me than biting.

Narcs.

[Beelzebud]

Notice this isn't the FBI saying they are closing in. It's a group of narcs who claim this. Having their own little witch hunt. They better hope they have strong evidence against the people their accusing.

Re:

[Dunbal]

Hey at least they're not shooting random brazilians in the head on the tube now. Yet.

Re:

[bhcompy]

And they live in highsec. Should have moved to nullsec, aka Somalia. Wardec ain't going to hurt there

Re:

[Dunbal]

What is it with Americans, Chinese, and the fucking Dalai Lama. It's like you only have room for a single thing in your heads. Get the fuck over it, Tibet was 50 years ago. Otherwise you have a shitload of occupied land you should be giving back to Mexico, not to mention a few other countries having "the shit freed out of them" by American occupation at present. To the victor the spoils, and it ends there. Otherwise you turn into a fucking arab and 1000 years from now you're still arguing about shit that is

Re:

[Joe U]

Yeah, my BS detector went to 11 on this story.

Wait a sec, Slashdot has editors? Is this new? I've been here a while and I don't remember editors.

Re:

[RazzleFrog]

Well when I say that I am "burning the midnight oil" I am not literally burning oil anymore but the metaphor still works.

Re:

[PPH]

Their servers probably have a DBAN [dban.org] disk in the boot drive ready to go.

Re:

[delinear]

You're not incompetent if you want a community where you can keep your door unlocked, but yes, you are incompetent if you keep your door unlocked in the real world and expect it to adjust to your romanticised version of how things should be. We'd all love to live in a world where security isn't necessary, but we don't. Anyone who doesn't secure the data of other people that they have been entrusted with, and in many cases who are paying customers, to at least an agreed minimum standard, should be held crimi