It puts me on edge that these idiots would pick such media-friendly targets to strafe with their clueless bandwidth wastage; not looking forward to the next round of "cyber security" laws one bit.
"Hey dad, tell me just one more time about how when you were a kid you used to be able to make TCP connections freely and without the connection first being authorized by the NSA." "Go to sleep, son."
More each day, I'm feeling like an old gun slinger watching the freedom of the wild west die, from my rocking chair in front of the cafe as one of those new-fangled automobiles goes smoking down the street.
Yeah, past couple years have not been good at making the case for a free internet. Rampant hacking, information leaks such as WikiLeaks and attacks on infrastructure like Stuxnet. The more we move towards network centric warfare the less the government will want to leave the internet free and open.
What happens when 11 year olds can Metasploit a predator drone and drop a Hellfire on their school?
Could LulzSec actually be working for the Government to help create that "civilized" Internet Sarkozy was talking about. They've certainly created the "worst case scenarios" that politicians can point to now.
But the most surprising thing about them is how confident they are they won't be caught. Can they really be that sure that they will never be caught doing these attacks? Or are they just reckless?
But if they are for real, it might be understandable if they actually had a cause, and a good one. Doing it for the lulz, doesn't seem like a very good cause, and it's only going to give politicians more ammo to restrict the Internet because of "these crazy hackers" that prove the Internet is very "chaotic".
At least when Anonymous attacks they have a pretty good cause, that could actually be supported by most of the public. LulzSec attacks are getting less and less defensible, and maybe even suspicious.
"Recklessness", in particular due to youth, is a plausible scenario. ISTM that attack surfaces have been growing faster than our capability or willingness to secure them. LulzSec is scoring a lot of websites but has not uniformly gotten access to a lot of really valuable data, only sometimes.
Hacking websites isn't really that hard. Especially if you're just shopping around the net for vulnerabilities and then announcing what you hit post-facto (a "called shot" would be a bit more impressive). This is well within reach of invincible-feeling teens. It's a statement about the poor level of security we have; this stuff really is way easier than it should be.
The crazy thing is (I believe) large botnets are worth a lot of money on the black market. It makes no sense that they would waste their network to take down government websites "for the lulz". Something is missing about the situation.
This has been mentioned frequently. Whether it is the case or not, we can do little more than donate a few bucks to the likes of Demand Progress and EFF.
I just wonder... would merely announcing the CIA.gov is hacked on LuLzSec's highly-popular website be enough to cause such spike of curious visitors that the servers collapse?
Kind of self-fulfilling prophecy, it'd be; also a neat hack. Truly anonymous DDoS, too ;-)
All these hacks are nothing but the modern version of kids going out at night and spraying graffiti on public buildings, or going in them to vandalize the hallways, then bragging to their friends at school, and then one day they attack a bigger target and get caught. Only this time they can do all this stuff from their own home so they feel invincible until they get a knock at their doors.
Hilariously, the massive media frenzy surrounding the site outage will send the site enough traffic to DDOS it, even if LulzSec never meaningfully impacted it in the first place.
I can load cia.gov just fine. It doesn't even appear to be slow. I opened up the CIA World Factbook then checked their press section & what's new on cia.gov and there was nothing about it going down.
Also, kudos to the CIA for flipping to HTTPS by default.
Hacking CIA.gov, if they're half as good as one would expect, should yield no more than the static web content hosted. If there half as good as government contractors tend to be, I expect my tax return to be posted shortly.
Can someone explain to this newbie why mine disappeared so quickly, but this stayed? I don't have a problem at all, I just wish to understand the system thanks.
I've seen a lot of the sites they have compromised before; can't disclose where. I wrote f-secure back in 2007 about it. Never a response. A few to watch for in the future Noth Korea's main site; Adam Sandler's home page. I'll have to dig trough my logs to find more. Again, no bodies listening, http://news.ycombinator.com/item?id=2651275.
Maybe a good start-up idea, Internet 911. Grey/White hats find vulns => report => issue gets the attention it deserves. Made me laugh, but something like cyber-police :D
Many Fox news opinion sites(Glen Beck, Hannity, ect) are vulnerable to multiple attacks- read LFI(getfile.php), XSS(search), ect. I would try to contact them, however, the LFI leaves their mail servers vulnerable to ease dropping. As a well established security reseach company I feel disclosure of this should be left to you(the pros); plus it would make a good blog post.
LulzSec feels (to me) like just a group of bored teenagers messing around, randomly attacking whatever websites they can. I suspect if the gov't wanted to scare people, they wouldn't just sponsor/create a group doing things "for the lulz" - they'd make it out to be something larger and scarier.
Wow, without civilians being able to access www.cia.gov for a short period of time due to a ddos I'm sure the military industrial complex will crumble.
Why bother running stories about random DDOS's and defacings? It's even less interesting or important news than mainstream media's celebrity gossip.
This is actually a damn good point. The best way to fight DDOSes is to stop making a big deal out of them. We need to show some restraint, and also to educate the media -- folks being unable to access cia.gov has (to a reasonable approximation) zero effect on the CIA.
yes, i can see no downside to this. i would never expect that there would be an irrational, overblown response that causes lots of people to be arrested and made examples of.
The Jester, greyhat patriot who hacked Talibans' websites and forced Wikileaks to change their hosting, is now going after LulzSec. This is a lot more entertaining than TV: https://twitter.com/#!/th3j35t3r
[+] [-] forgotusername|15 years ago|reply
It puts me on edge that these idiots would pick such media-friendly targets to strafe with their clueless bandwidth wastage; not looking forward to the next round of "cyber security" laws one bit.
"Hey dad, tell me just one more time about how when you were a kid you used to be able to make TCP connections freely and without the connection first being authorized by the NSA." "Go to sleep, son."
[+] [-] sixtofour|15 years ago|reply
I enjoy John Wayne's The Shootist more and more.
http://www.youtube.com/watch?v=7JUfOIglaSc "Books, this is nineteen-ought one, the old days are gone and you don't know it."
[+] [-] gasull|15 years ago|reply
[+] [-] yters|15 years ago|reply
What happens when 11 year olds can Metasploit a predator drone and drop a Hellfire on their school?
[+] [-] maxwell|15 years ago|reply
[+] [-] BasDirks|15 years ago|reply
* I do not condone this course of events, just a prediction.
[+] [-] unknown|15 years ago|reply
[deleted]
[+] [-] nextparadigms|15 years ago|reply
But the most surprising thing about them is how confident they are they won't be caught. Can they really be that sure that they will never be caught doing these attacks? Or are they just reckless?
But if they are for real, it might be understandable if they actually had a cause, and a good one. Doing it for the lulz, doesn't seem like a very good cause, and it's only going to give politicians more ammo to restrict the Internet because of "these crazy hackers" that prove the Internet is very "chaotic".
At least when Anonymous attacks they have a pretty good cause, that could actually be supported by most of the public. LulzSec attacks are getting less and less defensible, and maybe even suspicious.
[+] [-] jerf|15 years ago|reply
Hacking websites isn't really that hard. Especially if you're just shopping around the net for vulnerabilities and then announcing what you hit post-facto (a "called shot" would be a bit more impressive). This is well within reach of invincible-feeling teens. It's a statement about the poor level of security we have; this stuff really is way easier than it should be.
[+] [-] fragsworth|15 years ago|reply
[+] [-] GHFigs|15 years ago|reply
Briefly DDOSing a government website is not a "worst case scenario" by anybody's reckoning.
[+] [-] Hawramani|15 years ago|reply
[+] [-] dexen|15 years ago|reply
Kind of self-fulfilling prophecy, it'd be; also a neat hack. Truly anonymous DDoS, too ;-)
[+] [-] suking|15 years ago|reply
[+] [-] dendory|15 years ago|reply
[+] [-] goo|15 years ago|reply
[+] [-] Aloisius|15 years ago|reply
I can load cia.gov just fine. It doesn't even appear to be slow. I opened up the CIA World Factbook then checked their press section & what's new on cia.gov and there was nothing about it going down.
Also, kudos to the CIA for flipping to HTTPS by default.
[+] [-] argarg|15 years ago|reply
2 hours ago: your comment on this post. Don't you think they had some time to take it back up?
[+] [-] docgnome|15 years ago|reply
[+] [-] abofh|15 years ago|reply
[+] [-] tdfx|15 years ago|reply
[+] [-] dvdhsu|15 years ago|reply
I wonder what the CIA are going to do, especially because LulzSec is directly targeting them now.
[+] [-] brown9-2|15 years ago|reply
[+] [-] blhack|15 years ago|reply
[+] [-] emilepetrone|15 years ago|reply
[+] [-] Graham24|15 years ago|reply
[+] [-] ChuckMcM|15 years ago|reply
Great article btw in the current Popular Mechanics [1] about the new militarized CIA and whether or not that's a Good Thing.
[1] http://www.popularmechanics.com/technology/military/news/spi...
[+] [-] AndyJPartridge|15 years ago|reply
I posted this news 15 minutes before this submission. http://news.ycombinator.com/item?id=2659263
Can someone explain to this newbie why mine disappeared so quickly, but this stayed? I don't have a problem at all, I just wish to understand the system thanks.
[+] [-] woodall|15 years ago|reply
Maybe a good start-up idea, Internet 911. Grey/White hats find vulns => report => issue gets the attention it deserves. Made me laugh, but something like cyber-police :D
From - Sat Aug 07 23:58:30
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00800000
X-Mozilla-Keys: Message-ID: <[re-dictated]@gmail.com>
Date: Sat, 07 Aug 2010 23:58:24 -0500
From: Chris <[my email]@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11) Gecko/20100713 Thunderbird/3.0.6 MIME-Version: 1.0
To: [email protected]
Subject: fox news
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Dear F-Secure:
Many Fox news opinion sites(Glen Beck, Hannity, ect) are vulnerable to multiple attacks- read LFI(getfile.php), XSS(search), ect. I would try to contact them, however, the LFI leaves their mail servers vulnerable to ease dropping. As a well established security reseach company I feel disclosure of this should be left to you(the pros); plus it would make a good blog post.
[+] [-] srl|15 years ago|reply
LulzSec feels (to me) like just a group of bored teenagers messing around, randomly attacking whatever websites they can. I suspect if the gov't wanted to scare people, they wouldn't just sponsor/create a group doing things "for the lulz" - they'd make it out to be something larger and scarier.
[+] [-] lupatus|15 years ago|reply
[1]https://www.cia.gov/library/publications/the-world-factbook/
[+] [-] mkr-hn|15 years ago|reply
[+] [-] blantonl|15 years ago|reply
[+] [-] trotsky|15 years ago|reply
Why bother running stories about random DDOS's and defacings? It's even less interesting or important news than mainstream media's celebrity gossip.
[+] [-] hugh3|15 years ago|reply
[+] [-] Tichy|15 years ago|reply
[+] [-] smogzer|15 years ago|reply
[+] [-] trotsky|15 years ago|reply
[+] [-] sbierwagen|15 years ago|reply
[+] [-] william42|15 years ago|reply
[+] [-] TheIronYuppie|15 years ago|reply
[+] [-] unknown|15 years ago|reply
[deleted]
[+] [-] phektus|15 years ago|reply
lol parallels
[+] [-] zyfo|15 years ago|reply
[+] [-] rbanffy|15 years ago|reply
If, that is, we still care.
[+] [-] omouse|15 years ago|reply
I bet The Jester is as middle-class as the LulzSec people.
[+] [-] kabushikigaisha|15 years ago|reply
[+] [-] dexen|15 years ago|reply
[+] [-] RobAtticus|15 years ago|reply
[+] [-] unknown|15 years ago|reply
[deleted]