No announcement yet.


  • Filter
  • Time
  • Show
Clear All
new posts

  • LulzSec

    I've wanted to start a thread on LulzSec several times as I'm sure people around here have opinions. I'm not really sure what to say about them.

    If you haven't heard of them by now, I'd be really surprised, but as a short introduction they seem like an outgrowth of 4chan, given their heavily meme-influenced public persona. Where Anonymous, another 4chan outgrowth, has grown increasingly political (lately calling for Ben Bernanke's resignation), LulzSec does it, well, for the lulz. There doesn't seem to be any particular pattern to the targets they choose.

    They've hacked several sites and exposed confidential user data, throwing up torrents of it and posting links on their Twitter feed (which presently has 160,000 followers). Today they DDoSed the CIA web site.

    While on the one hand they seem to be doing a great job of raising awareness of how vulnerable things are, I sure would hate to have my personal data disclosed.

    Thoughts? Is there any good to what they're doing? Do you think they'll get caught, or just live on in infamy?
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

  • #2
    Re: LulzSec

    Originally posted by bascule View Post
    Thoughts? Is there any good to what they're doing? Do you think they'll get caught, or just live on in infamy?
    There have been a few blogs and posts that assert security people secretly and sometimes openly enjoy the activities of LulzSec:
    * Their activities draw attention to the need for better security
    * Like post 9/11, where the government started investing more heavily in security-related programs, businesses will allocate more cash after highly publicized break-ins.
    * For places with break-ins, the security staff can gloat, say, "I told you so," even if only in their own mind.
    * After security people are told, "those are edge cases and we don't need that much security," highly visible examples are coming to light, bring discussions of security to the foreground and concessions that a comprehensive policy that includes edge-cases is needed.
    * Such highly visible example may be enough to convince CEO and other executives to include themselves in the security policy decisions instead of the exceptions because, "security is too hard, so I will take my laptop with HR info to the local airport, hop onto the new free WiFi, and let all my automated services log me into all my Internet services, some with insecure protocols, and use the same 7 character all-lower-case-letters password everywhere. Oh, my laptop has blue-screened, but that is okay, there is an Internet Kiosk with free Internet access, so i can check my email from there. I'm the fuckin' CEO, I can do whatever I want."

    Long-term, the masses gain long-term benefit at the cost of short-term consequences, and those not impacted with break-in or data-loss are entertained.

    People learn from their mistakes or they won't. If they learn from their mistakes, maybe they will apply some changes based on what they have learned and try again.


    • #3
      Re: LulzSec

      I don't think there really is a "they" in the sense that there is an agenda around what they do. They are organized on chan's and motivated by whatever thread happens to be popular at the time. Targets are most likely selected by some sort of mob mentality, and attacks are coordinated via hidden services on tor. It most definitely is a group that has grown out of anon/4chan. I view them like a slightly more focused/less chaotic anonymous. Same exact principles guide them, same exact people are involved in it, just a little more focused.

      I think for the most part there's a core group of decent hackers surrounded by a group of fodder that are used to set up their systems for basically a botnet for the core group to use. I think also that the core group are probably professional security engineers in their day jobs and most likely are "behind 7 proxies" and won't be caught. The fodder is a different story.

      I think what they are doing is amusing and troubling at the same time, I guess it could be viewed as a free vulnerability assessment against networks. DDoS'ing the CIA was a pretty big mistake, same thing with attacking the senate. That will definitely get some very serious attention focused on them. But that attention will probably only garner some low hanging fruit (less technically adept) members of lulzsec.

      Of course, I could be wrong about everything :D

      lol internet!
      Network Jesus died for your SYN


      • #4
        Re: LulzSec

        So I guess the question is: Do the ends justify the means?