I'm glad they were doing it for the lulz. Some day someone's going to be doing it, not for the lulz, and the price we'll have to pay for this kind of massive developer/it-sec incompetence will be extremely high. Hopefully this has served as a wake-up call to people who weren't already aware how low the fruit has been hanging.
You say you are glad they were doing it for fun and wait for someone to do it not for fun? How do you know it's not already been done? A true hacker wouldn't expose their actions and would continue with the exploit.
I think these kids have exposed the true lack of security around the world in general and it has raised some serious attention for other people to take a look at their own defence, which is good in some respects.
What they have also successfully done is lowered peoples trust in massive corporations which in turn is going to hurt the economy globally, which is not good in any respect.
I think they should have hacked it then made the companies aware, not the whole world. It's hard enough getting someone to trust and pay for services from a company when they think they are safe, they really won't when there is no trust there at all.
These guys are like the kids who paint your cat with spray paint. It seems with most groups, and computer criminals doesn't seem to have escaped, they have people who span the range from 'harmless' to 'lethal'. This prank (and it was a prank) was more in the 'harmless' side, Stuxnet was more on the 'lethal' side.
Some people see the end of the internet as we know it in these stories, I see new opportunities to sell locks :-)
Yep, the dox linked here are pretty old. Topiary, Kayla and a bunch of others listed are members of Anon as well, giving the theory of Lulzsec and Anon being related more credibility.
Not surprising since they are just a bunch of weekend warriors and kids. Any real smooth operator wouldn't be working out of his house, and especially not on a personal browsing machine. From the opposite perspective of that, the government hasn't seen diddly when it comes to digital terrorism. Just wait until the FBI can't track down the culprits from their broadband bill and drive over to their parents house and make the arrest...
Not surprised. Hacking Sony is one thing. Hack the FBI and you end up in a dark room somewhere. I almost feel bad for these kids, if they are indeed kids.
This wasn't the FBI, it was some other hacker who was pissed at him. The screenshots [1] show that quite clearly. That guy likely just turned xyz over to the feds after doxing him (and rooting him, and taking over most of his online accounts)
Wow, I would def not consider myself a security expert but I seriosly have higher standards than this when it comes to security. Most obvious fails on this dude: 1) Windows, 2) Gmail (if i would be a hacker i would not use this for obvious reasons), 3) specifying any personal credentials in my "hacker" acount, 4) same username (...i would not use same user-id). I mean, c'mon...I had higher expectations on this guys really (considering I'm not into those kind of networks - call be hacker noob). Let's hope the other guys was more paranoid than this.
Btw, what will be the jail-sentence in US for this you think? Let's hope he's a minor - looks like a teenager.
Last I checked they were alive and well. As for them supposedly being Amateurs, no... no they are not. The attacks they are pulling they could get away with if they kept the secret. But something is motivating them.
Seeing as how Anon has moved up to hacktivism against third world dictatorships and other government agencies, I wonder if LulzSec is a splinter group.
Almost: script kiddies using Windows. It helps the script distributors, by making it easier to target the script kiddies with embedded botnet software :)
So they got exposed because they were acting like a bunch of children and taking no precautions?
Man, if people who don't know what they're doing are this successful, imagine what it means about people who are. And how any laws we make about computer security are just security theater.
When you talk about IT security with people with real secrets (governments), they talk about LulzSec-types being the "lowest risk" category of attackers.
The mid-risk category are the real professionals; they leave no trace, you never hear about them, you never know they were on your system, they just take your data and sell it.
The highest-risk category is true information warfare, targeted attacks by other governments and large entities. As the previous replier said, just look at Stuxnet. You don't have to be a government for this to be a real threat. Imagine if Nintendo had compromised Sony's servers, and somehow loaded corrupt firmware onto the Playstation update system...
These threats are real and constant, and anyone with sensitive data needs to be aware of them. Simply firing up iptables and disabling root SSH isn't sufficient - you need to be aware of the intricacies of your system on a day-to-day basis.
That's one thing a lot of non-experts don't appreciate about these sorts of attacks. They are not terribly sophisticated, nor are they terribly malicious. This is why I put so much blame on Sony and Gizmodo, because they're not being attacked by some elite team of super hackers with an elaborate plot to destroy the company. Rather, they're being attacked by bored teens who are using crude techniques that no public facing website should be vulnerable to in 2011 and they are just dumping what data they gain access to on the internet. Compared to the sort of mischief a talented and dedicated hacker could achieve this is nothing.
starts off with <Topiary> telling everyone to get off this network, ED IRC (it could be a server in their own network, but if that were the case their network would already be breached)
<pwnsauce> calls for a new operation (similar to how anon has various operations).
Then <Topiary> admits to hiring a botnet to help them.
<joepie91> chimes in, talking about an irc server exploit is basically killing his computer.
<storm> asks for an exploit, <lol> says he has it, but is scared to get it out and give it to him (meaning that, for all his "security knowledge" he still managed to get viruses on his stuff.
About half an hour later, <Topiary> insults a few people they want to crack, and mentions an apache 0 day exploit. The rest is them asserting their masculinity, and a mention of the gawker root.
oh, and then a message saying one of the guys is in FBI custody, but I assume that's not part of what you wanted translated.
It looks like they were just connecting to a private IRC server directly from their own machines. It is possible to remain reasonably anonymous online, but only if you take certain precautions.
In some public NATO reports, they said that during the Kosovo thing, NATO hackers took out specific Serbian radar installations to cover for the strike planes. I guess the Serbians didn't get the memo about putting critical infrastructure on a routable network...
[+] [-] scythe|15 years ago|reply
There will always be another garishly-named group willing to sql-inject and xss the low-hanging fruit.
[+] [-] omouse|15 years ago|reply
[+] [-] aw3c2|15 years ago|reply
edit: Indeed, following the thread reveals http://seclists.org/fulldisclosure/2011/Jun/88 -> http://pastebin.com/mmvBT7n5 The root entry dated May 13.
[+] [-] msc|15 years ago|reply
[+] [-] newobj|15 years ago|reply
[+] [-] chrislomax|15 years ago|reply
I think these kids have exposed the true lack of security around the world in general and it has raised some serious attention for other people to take a look at their own defence, which is good in some respects.
What they have also successfully done is lowered peoples trust in massive corporations which in turn is going to hurt the economy globally, which is not good in any respect.
I think they should have hacked it then made the companies aware, not the whole world. It's hard enough getting someone to trust and pay for services from a company when they think they are safe, they really won't when there is no trust there at all.
[+] [-] ChuckMcM|15 years ago|reply
Some people see the end of the internet as we know it in these stories, I see new opportunities to sell locks :-)
[+] [-] gbrindisi|15 years ago|reply
As reported here some logs are old: http://seclists.org/fulldisclosure/2011/Jun/88
[+] [-] getsat|15 years ago|reply
Guess this was a joke/defamation attempt after all.
[+] [-] invalidOrTaken|15 years ago|reply
"Someone just sent over $7200 worth of BitCoins. Whoever you are... thank you... Balance: 7853.35 USD #Speechless"
http://twitter.com/#!/LulzSec
[+] [-] shii|15 years ago|reply
[+] [-] philthy|15 years ago|reply
[+] [-] unknown|15 years ago|reply
[deleted]
[+] [-] Bud|15 years ago|reply
From what I observe, it just keeps getting progressively easier for the FBI to do that. Not harder.
[+] [-] TheloniusPhunk|15 years ago|reply
[+] [-] rbanffy|15 years ago|reply
[+] [-] redthrowaway|15 years ago|reply
[1]
[+] [-] olalonde|15 years ago|reply
[+] [-] grimen|15 years ago|reply
Btw, what will be the jail-sentence in US for this you think? Let's hope he's a minor - looks like a teenager.
[+] [-] saulrh|15 years ago|reply
(edit: seriously, though, something seems just a bit off here.)
[+] [-] lwat|15 years ago|reply
Lulzsec response here: http://pastebin.com/yut4P6qN
[+] [-] dmix|15 years ago|reply
http://89.248.164.63/dox/xyz/3.png
[+] [-] christoph|15 years ago|reply
[+] [-] jimmyjim|15 years ago|reply
[+] [-] drivebyacct2|15 years ago|reply
I like the picture of the kid doing coke.
[+] [-] jackie_singh|15 years ago|reply
[+] [-] derrida|15 years ago|reply
[+] [-] Apocryphon|15 years ago|reply
[+] [-] unknown|15 years ago|reply
[deleted]
[+] [-] bromagosa|15 years ago|reply
[+] [-] jff|15 years ago|reply
[+] [-] bxr|15 years ago|reply
Man, if people who don't know what they're doing are this successful, imagine what it means about people who are. And how any laws we make about computer security are just security theater.
[+] [-] willidiots|15 years ago|reply
The mid-risk category are the real professionals; they leave no trace, you never hear about them, you never know they were on your system, they just take your data and sell it.
The highest-risk category is true information warfare, targeted attacks by other governments and large entities. As the previous replier said, just look at Stuxnet. You don't have to be a government for this to be a real threat. Imagine if Nintendo had compromised Sony's servers, and somehow loaded corrupt firmware onto the Playstation update system...
These threats are real and constant, and anyone with sensitive data needs to be aware of them. Simply firing up iptables and disabling root SSH isn't sufficient - you need to be aware of the intricacies of your system on a day-to-day basis.
[+] [-] ilikepi|15 years ago|reply
[+] [-] InclinedPlane|15 years ago|reply
That's one thing a lot of non-experts don't appreciate about these sorts of attacks. They are not terribly sophisticated, nor are they terribly malicious. This is why I put so much blame on Sony and Gizmodo, because they're not being attacked by some elite team of super hackers with an elaborate plot to destroy the company. Rather, they're being attacked by bored teens who are using crude techniques that no public facing website should be vulnerable to in 2011 and they are just dumping what data they gain access to on the internet. Compared to the sort of mischief a talented and dedicated hacker could achieve this is nothing.
[+] [-] leon_|15 years ago|reply
[+] [-] younata|15 years ago|reply
starts off with <Topiary> telling everyone to get off this network, ED IRC (it could be a server in their own network, but if that were the case their network would already be breached)
<pwnsauce> calls for a new operation (similar to how anon has various operations).
Then <Topiary> admits to hiring a botnet to help them.
<joepie91> chimes in, talking about an irc server exploit is basically killing his computer.
<storm> asks for an exploit, <lol> says he has it, but is scared to get it out and give it to him (meaning that, for all his "security knowledge" he still managed to get viruses on his stuff.
About half an hour later, <Topiary> insults a few people they want to crack, and mentions an apache 0 day exploit. The rest is them asserting their masculinity, and a mention of the gawker root.
oh, and then a message saying one of the guys is in FBI custody, but I assume that's not part of what you wanted translated.
[+] [-] shareme|15 years ago|reply
[+] [-] weavejester|15 years ago|reply
[+] [-] thyrsus|15 years ago|reply
[+] [-] r00fus|15 years ago|reply
[+] [-] jvandenbroeck|15 years ago|reply
[+] [-] unknown|15 years ago|reply
[deleted]
[+] [-] jvandenbroeck|15 years ago|reply
Check this email, it's the USA looking to hack Libya's oil infrastructure: http://pastebin.com/Jf406RVs
I didn't know war got that advanced:)
[+] [-] stef25|15 years ago|reply
[+] [-] shubble|15 years ago|reply