Jump to content

LulzSec

Magnus

By Magnus
in Other

 Share

Recommended Posts

Magnus Forum Resident

Magnus

Posted
Posted

As we know, this whole fiasco started at Anonymous taking down Sony's websites over Sony's policy of 'PS3s being rentals only.' After that, PSN got probed and hacked and Sony's half-assed security and their habit of NOT encrypting data is exposed, but Anonymous denies involvement.

 

Still not sure who did that, but a faction of Anonymous had broken off and became LulzSec, and started a hacking spree afterwards. They hacked Sony's picture website, which they exposed to have just as shoddy security. Then an FBI branch. Now Bethesda.

 

They also have a convenient list on their website of who and what they've hacked.

 

http://lulzsecurity.com/

http://twitter.com/#!/lulzsec

http://lulzsecurity.com/releases/1000th_tw...ess_release.txt

 

Everything they've released so far is on their website. Everything they've hacked so far is noted on their twitter. Keep an eye out for your shit, and if you get victimized, prepare to randomize your passwords everywhere if they're not all different already.

 

My current standing on LulzSec is that they have an honest goal, which is to raise awareness about how poor internet security is and how people shouldn't be reusing their passwords for every single thing. However, even though their methods do raise awareness the most effectively, they fuck of most people who weren't ready for it at all, which is not as cool.

 

They hit game developers (Bethesda and Codemasters) and login servers for MMOs (EVE Online) mostly, since that would grab the most attention from gamers. But they defended Sega.

 

Please note: LulzSec hacked Sony's picture website. That is not PSN, no matter how much Pendragon says it is, and they are not continuing to hack it. (And Geohot did not hack the PSN, nor did he hack the PS3, just distributed how to. And Geohot is not Anonymous, who also did not hack the PSN.)

 

===

 

Recently, LulzSec has re-teamed with Anonymous to start up Operation AntiSec, which is to blatantly attack government institutions. Of course, this means they have pretty much all of the government files and it won't be long before everything is on wikileaks, and this may very spread like wildfire to other countries up to speed with internet.

 

 

I have no idea if this guy is important or not, but The Jester is apparently going to try and shut down Lulzsec. Lulzsec deleted all their posts against Jester after Jester declared "War".

 

Apparently Lulzsec also broke into the CIA's public website, CIA.gov. Seeing as the CIA can take that as cyberterrorism, does that make Lulzsec enemies of the USA?

 

And of course, what's going to happen with Net Neutrality now?

 

Lulzsec releases a large password database.

 

Gizmodo has set up a neat little database checker to see if your Email has been exposed in this recent hack.

http://arstechnica.com/tech-policy/news/20...you-bitches.ars

 

http://lulzsecexposed.blogspot.com/

 

Seems some of them are former /b/ old guard from back in 2005.

 

Web ninjas are fighting back. and it's likely that they are starting to get scared.

 

[citation needed] Apparently one of Lulzsec's hackers works for the Guardian[/citation needed]

Link to comment
Share on other sites
  • Replies 121
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Liarbird Advanced Member

Liarbird

Posted
Posted
Well, it is kind of true. No-one is going to die from Lulzsec stealing data unless someone kills themself.

 

They're pretty much screwing around with people's sense of security (No not of the computing kind), which can be jarring.

 

True enough, but yeah, it is jarring. this guy treated it like it was nothing.

 

However, the compromise of FBI agent identities could lead to the deaths of field agents.

Link to comment
Share on other sites
Magnus Forum Resident

Magnus

Posted
  • Author
Posted

Yeah, I don't get why they defended Sega. Sure, everyone loved Dreamcast, but just look at the shit they've been releasing.

 

Also, thanks Tony. I missed that quote. Hard work sorting through that trainwreck.

Link to comment
Share on other sites
Artdeux Advanced Member

Artdeux

Posted
Posted
Recently, LulzSec has re-teamed with Anonymous to start up Operation AntiSec, which is to blatantly attack government institutions. Of course, this means they have pretty much all of the government files and it won't be long before everything is on wikileaks, and this may very spread like wildfire to other countries up to speed with internet.

Hm, while I don't agree with Lulzsec getting into government databases, I do believe that the government shouldn't be able to hide information that would damage their reputation.

 

If they couldn't hide such information, you'd think they would be less inclined to do these things in the first place yes?

Link to comment
Share on other sites
Artdeux Advanced Member

Artdeux

Posted
Posted
If I may ask... you simply dont approve of them Arty?

Well, overall it's a really touchy subject, as evidenced by Pendragon.

 

I cannot simply disprove of their antics now because I believe in the idea of Wikileaks. Having Politicians be afraid of the general populace, not the other way around. Could help prevent politicians from corrupting in the first place.

 

Their previous information releases aren't something I can support, especially with people using the same passwords everywhere. But at least they give you the chance for you to find out if your information is out there. A few weeks after the PSN incident, my Blizzard account was broken into because I forgot to change the password because I don't use it very often. Blizzard locked the account before much could be done with it as far as I know.

 

At least people might start using better passwords than "Password" or "13245678" for all their accounts. Ehh... Probably not.

 

I fear that this will throw net neutrality out the window though.

 

I wonder how many adult toys have been bought from hijacked Amazon accounts.
Link to comment
Share on other sites
Harakiri Tiger Forum Dweller

Harakiri Tiger

Posted
Posted

I moved this from General Chat and cleaned it up a bit so it can be a more serious topic with less spam.

 

Keep it on topic and calm or you get a 3-day ban.

 

As for me, I do not agree with any of this LulzSec stuff really. This is an imbecilic method to raise awareness and will likely do significantly more harm then help. The only part that rings remotely agreeable with me is the government documents that may or may not be leaked.

Link to comment
Share on other sites
Pendragon Forum Regular

Pendragon

Posted
Posted (edited)

I don't trust a word Lulzsec says personally.

 

There's a fine line where their point would've been made and they've clearly passed it. At this point they're just poking the bear in the cage, and when net neutrality goes out the window, I know who I'm blaming.

 

Messing with the government, though it seems noble, will be the dumbest mistake they've ever made.

Edited by Pendragon
Link to comment
Share on other sites
Liarbird Advanced Member

Liarbird

Posted
Posted

My apologies for going off of the chain there, but I'm pretty fed up with what was going on before.

 

@Magnus welcome, I try to stay on topic when I can.

 

 

as for AntiSec well, these guys are just going to be digging a mass grave for themselves.. all the while destroying it for everyone. Nice.

Link to comment
Share on other sites
Ataraxis Forum Resident

Ataraxis

Posted
Posted

I can understand wanting to put flaws in security on display so that companies can improve on them and consumers can be aware of them, as well as demonstrating to people how constantly using the same password for everything can be a bad idea, but I really can't agree with the type of methodology employed here.

 

To be perfectly honest with you, I see the current way things are set up as being more of a problem than peoples' laziness with regard to it. Everything needs a password. Banking, bills, e-mail, et cetera; these are all things we usually take good care of when it comes to security, but it gets a little overwhelming when we add to that the fact that we take up more and more recreational endeavors that need passwords. ACU is an obvious example, though I'm sure there's a few of us who've lost track as to how many forums and games we've joined up on over the years.

 

The problem has become further compounded due to the fact that a lot of these things have become integrated with each other. Things like PSN/Live, FaceBook, and Twitter can all be tied in together, and share ties with items previously listed as well. Personally, I support the idea of such integration, because the whole thing was becoming a giant pain in the ass. It felt like steps were being taken in the right direction to ease the password burden, and then something like this happens.

 

All this accomplishes, in my opinion, is change through fear. That's not the way to go about things. If people do end up being more careful about all of this, they'll also be more wary of taking steps towards a proper method of how these systems should be handled. Progress towards a better management system will be slowed, and we'll have to deal with this nonsense even longer.

 

Again, if people are more careful because of this, I expect that any sense of caution instilled will be replaced once more by apathy after only a short while due to the password burden. There comes a point where, be it for ease, practicality, laziness, or otherwise, most people just pick something and go with it. I'd expect any companies affected will take it more seriously, because things like what Sony went through can be crippling.

Link to comment
Share on other sites
Artdeux Advanced Member

Artdeux

Posted
Posted
I can understand wanting to put flaws in security on display so that companies can improve on them and consumers can be aware of them, as well as demonstrating to people how constantly using the same password for everything can be a bad idea, but I really can't agree with the type of methodology employed here.

You must admit that people wouldn't take them seriously otherwise.

 

To be perfectly honest with you, I see the current way things are set up as being more of a problem than peoples' laziness with regard to it. Everything needs a password. Banking, bills, e-mail, et cetera; these are all things we usually take good care of when it comes to security, but it gets a little overwhelming when we add to that the fact that we take up more and more recreational endeavors that need passwords. ACU is an obvious example, though I'm sure there's a few of us who've lost track as to how many forums and games we've joined up on over the years.

I do password tiers, going by Bank webpage > E-Mail > Games (Seperate Passwords between MMOs) > Other Webpages > Forums. It's not so bad to remember, and one could always put the passwords on a piece of paper under their mattress.

 

Forums are probably one of the easiest places to break into when it comes to people wanting to steal information.

 

The problem has become further compounded due to the fact that a lot of these things have become integrated with each other. Things like PSN/Live, FaceBook, and Twitter can all be tied in together, and share ties with items previously listed as well. Personally, I support the idea of such integration, because the whole thing was becoming a giant pain in the ass. It felt like steps were being taken in the right direction to ease the password burden, and then something like this happens.

Pretty much.

 

All this accomplishes, in my opinion, is change through fear. That's not the way to go about things. If people do end up being more careful about all of this, they'll also be more wary of taking steps towards a proper method of how these systems should be handled. Progress towards a better management system will be slowed, and we'll have to deal with this nonsense even longer.

You'd be amazed how much change can be done with fear though. 9/11 anyone?

 

Again, if people are more careful because of this, I expect that any sense of caution instilled will be replaced once more by apathy after only a short while due to the password burden. There comes a point where, be it for ease, practicality, laziness, or otherwise, most people just pick something and go with it. I'd expect any companies affected will take it more seriously, because things like what Sony went through can be crippling.

Again, pretty much.

 

If they lost a job over it, they won't be forgetting to change their passwords between services.

Link to comment
Share on other sites
Brit New Member

Brit

Posted
Posted

While I disagree with the methods, all I can say is that people frequently do illegal things that aren't always the wrong thing to do. What I mean is similar to my conversation with Pendragon earlier and using the American Revolution as a sort of parallel. Had those colonist not committed treason against the Crown, we would all be British citizens today.

 

I'm not defending them at all, as releasing that much information into the Internet is DEFINITELY the wrong method to prove your capabilities, but I will say that there will be positive and negative results from this movement.

 

If you want something to change you have to show them why it should. I bet PSN will never be hacked again.

Link to comment
Share on other sites
Ataraxis Forum Resident

Ataraxis

Posted
Posted
You must admit that people wouldn't take them seriously otherwise.

No, I certainly must not.

 

More often than not, the persistent threat of an action is more effective than the action itself. The Cold War carried itself largely on this principle, and it's the basic idea behind terrorism, oppression, hold ups, blackmail, bullying, etc. You don't even need proof of capability; the illusion will suffice.

 

@ Magnus;

 

The problem with that analogy is that you've provided a case of punishment for a crime. Other than, perhaps, Sony (I allude to your rental comment), people aren't being punished for any crime. They're being attacked for carelessness. Yes, I understand the notion that there's no real harm being done, but this is, regardless of opinion, a stress inducing incident and time eater for at least some people. It's not a case of 'no harm, no foul.'

 

Even without being the target, people are getting caught in the proverbial crossfire.

 

Furthermore, it's a common misconception that punishments and deterrents are the same thing. While deterrence is often cited as a justification for punishment, they are separate things.

 

I do password tiers, going by Bank webpage > E-Mail > Games (Seperate Passwords between MMOs) > Other Webpages > Forums. It's not so bad to remember, and one could always put the passwords on a piece of paper under their mattress.

I don't do my banking or pay any bills online, but when it comes to most things where I need one, I use a variety of different passwords. Sure, it's "not so bad", but I still wouldn't call it a good system, and I see no reason not to try and improve upon mediocrity.

 

You'd be amazed how much change can be done with fear though. 9/11 anyone?

I don't think I would. Where the tone of the after effects is concerned, comparing this to 9/11 is appropriate. It's been a source of propaganda, the justification behind various invasions of privacy, discriminatory laws and actions, and the reason behind diminishing relations between various countries (e.g. Canada and the U.S.). But oh, air travel is "safer." Totally worth it.

 

My point here being that results gained through fear tend to be pretty shitty.

 

If they lost a job over it, they won't be forgetting to change their passwords between services.

Honestly, I'm not so sure about that. It's not far fetched to believe that some people would think their hiring company would try and have all bases covered.

Link to comment
Share on other sites
Artdeux Advanced Member

Artdeux

Posted
Posted
No, I certainly must not.

 

More often than not, the persistent threat of an action is more effective than the action itself. The Cold War carried itself largely on this principle, and it's the basic idea behind terrorism, oppression, hold ups, blackmail, bullying, etc. You don't even need proof of capability; the illusion will suffice.

Of course, but those are large groups of people, countries, armies. Lulzsec appears to be maybe 10 people doing the major organizing with countless anonymous people trying to help Lulzsec where they can.

 

Another thing is that unlike real wars, Lulzsec cannot create a crisis. No nuclear war, or war at all. That is one of the things that made the Cold War a very real threat, like the Cuban Missile Crisis. Lulzsec can't punch you through your monitor.

 

Not to mention propaganda that is forced on people by these organizations. If you mention Russia in the USA, someone is going to tell you that they're terrible communists. Propaganda is not something that Lulzsec can force on people through the internet.

 

If we posted on Twitter as ACUsec, and threatened to hack ACO every now and then, it would lose its impact from no results after the 2nd threat.

 

Furthermore, it's a common misconception that punishments and deterrents are the same thing. While deterrence is often cited as a justification for punishment, they are separate things.

Correct. A deterrent would have the person themselves causing harm to themselves if they tried something. Like an electric fence.

 

 

I don't do my banking or pay any bills online, but when it comes to most things where I need one, I use a variety of different passwords. Sure, it's "not so bad", but I still wouldn't call it a good system, and I see no reason not to try and improve upon mediocrity.

The system will -have- to be improved very soon. People are getting the ability to use GPU's to crack very secure passwords in just a few days time.

And that was from 2007. If we get into quantum computing, cracking a password will take less than a second. I don't know how we can improve the system other than increasing the bit encryption from 128-bit to something crazy like 512 though.

 

I don't think I would. Where the tone of the after effects is concerned, comparing this to 9/11 is appropriate. It's been a source of propaganda, the justification behind various invasions of privacy, discriminatory laws and actions, and the reason behind diminishing relations between various countries (e.g. Canada and the U.S.). But oh, air travel is "safer." Totally worth it.

 

My point here being that results gained through fear tend to be pretty shitty.

Agreed entirely. Being ruled by fear is something that corrupt governments do.

 

I'd say fear is also one of the prime reasons many people in the USA have a gun.

Link to comment
Share on other sites
Ataraxis Forum Resident

Ataraxis

Posted
Posted

Point #1

 

Hold ups, bullying, and blackmail can all be accomplished easily through individual efforts. Terrorism can embed itself within the media or other means, and have literally no actual persons behind it. The internet only makes these kinds of efforts easier to enact, as a single person can reach a wider audience.

 

LulzSec can create a crisis. Hitting someone's wallet, privacy, or other such 'commodity' is, to many, a greater offense than hitting their face.

 

With people living as much of their lives through FaceBook and Twitter, propaganda can be spread, I would argue, more easily than it had in the past through news and social circles (largely because FaceBook and Twitter act as many peoples' social circles, as well as their mean to news). People can't "force" you to read their tweets or comments, anymore than they could force you to listen to them or watch the news. But you're going to.

 

Where threat impact is concerned, it's only diminished if people defy you and you can't back up your words. Defiance is considerably less common than compliance in such situations, but in the event that people weren't wary of the threat, you're right; not backing it up would lead to future threats being meaningless.

 

There also exists the possibility of having two opposing parties that may have valid threats against each other, which has the odd effect of validating the threat of both parties. We can see at least a partial example of that even in this situation, via TheJester vs LulzSec.

 

Where we stand now, the cards have been played. There's no escalation of consequence. I know they've said that the stolen information isn't going to be used to rob anyone, or cause any real harm, but the idea is out there. There are people (e.g. Pendragon) who won't be convinced otherwise. When faced with such situations, people tend to feel they've got

and give in to further carelessness/recklessness.

 

Point #2

 

I like how you used the exact example I had in mind. Electric fences. So good.

 

Point #3

 

That's exactly what I wanted to get at. It's a necessary step. They were trying some new methods out, and I can't say they were going to work (and so far the idea of integration has backfired), but we would have progressed away from what is currently in place.

 

A password system is flawed in and of itself though, so they're going to need to cook something better up.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...