Slashdot Mirror
LulzSec Hacks the US Senate
jfruhlinger writes "LulzSec might not be as famous as Anonymous — they're really best known for hacking sites they like, to prove a point about security — but they may have just raised their profile significantly, posting what appears to be data taken from an internally facing server at the US Senate. However, the fun-loving group might find that the Senate reacts a lot more harshly to intrusions than, say, PBS did."
The group also recently grabbed data from Bethesda Softworks.
I hope these guys are as good as they claim to be, otherwise we will be seeing their faces with the caption "Further arrests from anonymous hacking group"
Apparently, Anonymous announced an intention to go after the federal reserve next: http://gizmodo.com/5811546/anonymous-goes-after-federal-reserve. It'll be quite interesting if they attempt it. I'm interested in seeing how the fed handles this.
Usually these end in tears. Only the most stupid black-hats (and that is all these morons are now) brag publicly.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
They want attention. They do not care what kind of attention. Like some emotionally disturbed kids.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
As much as I like chaos brought to the powers that be none of this hacking will have any long lasting effects. want to see some serious info leaked that damages someone with real power. I'd rather see these guy dig out info that calls out the hypocrites in positions of power.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Comment removed based on user account deletion
They probably wanted to play Skyrim early.
It seems like the recent outbreak of high-profile cases of computer break-ins is almost calculated to provoke legislation locking down the internet. First the kill-switch proposal, the announcement by the US military that computer intrusion would be considered an act of war, now a constant drumbeat of reporting in the media about major cracks.
Perhaps the hacks are all just being done by people who don't see how useful such stories are to those who want to assert control over the net, but it would be foolish to think that the "problem-reaction-solution" method has stopped being used by those who are after power, or to discount the possibility that some of this hacking and the publicity it receives is actually being provoked or even orchestrated by those seeking to expand government control over the internet.
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery?" - Patrick Henry
This will be used to push forth legislation making script kiddies equivalent to terrorists.
How many more years will slashdot have an off-by-one error on your Score in your profile?
And when that ass gets kicked in the Senate's IT office, you'll have LulzSec to thank. If LulzSec could hack it, so could Iran. We should be grateful for the service they are providing.
Give me Classic Slashdot or give me death!
That's not some inside server. Look at their list of files. It's the Senate's outward-facing web server, "www.senate.gov". It also hosts the public web sites of individual senators. It looks like what you can see on a UNIX system with a guest account. Big deal. Every staffer on the Senate side has that much access.
They have the complete directory of all the paintings in the Capitol. The forms for registering as a lobbyist. Pictures of all the Senators. Lots of stuff for tourists. This session's voting results, in HTML. The base Apache config. Nothing exciting.
...and HalfLife 2 got delayed for months? If this stunt delays Skyrim, these tools deserve a kick in the nuts!
Never let a lack of data get in the way of a good rant.
good luck, they were certainly behind at least 7 proxies.
these guys are not amateurs like the bank DDOS kids
Snowden and Manning are heroes.
I'm not sure if you've ever really sent an anonymous "your shit is broken" message to a site, but I bet the level of positive response would be inversely related to how big the company is.
No-one wants their management to find out their stuff is insecure. They'd be looking for a new job. So they likely bottle it and pretend it ain't happening.
I hate to say it, but I think Lulzsec is doing a disturbing but necessary deed. When no-one wants to improve the state of security, are quite happy accepting budget increases for "more security hardware" instead of doing it right the first time and externalise all security issues as vendor problems, there's no real motivation to actually pursue securely developed options. Lulzsec is outing that practice.
I only hope that somehow this crap makes its way to pointing out inherent security flaws in OSes that make it tangible enough to lawmakers to suddenly care. Not "care" as in "pursue legal options rather than fix", not "care" as in "buy more layers of badly managed and ineffective security theatre", but "care" as in "we need to hire people who know what they're doing, then keep them around and include security in all stages of planning, development and operations."
I know what they did is wrong and all but what you wrote sounds like "Look what you did, you've angered the master, now he's sure to give us all a good whippin'"
Lulzsec's primary means of access is an Apache 0day. Also, one of their primary members works for a Tier 1 ISP, thus giving him privileged access to some high level routers/customer information.
Oh, the FedRes functions buddy boy. it just functions in ways we never intended it to.
What do you mean, "we"?
Hugs and kisses,
-- Hank Paulson
"What in the name of Fats Waller is that?"
"A four-foot prune."
The solution is to stop letting HR people with no technical knowledge hire technical people.
This is what results in the common practice of putting a know-nothing idiot with good social skills in charge of doing technical work they can't handle.
1984 was not supposed to be an instruction manual.
I think it would be hilarious for LulzSec to hack Slashdot and post every single username and password, along with any financial details that they found on Thinkgeek.. Come on. Slashdot is so buggy, their security simply must be a joke. I'd be curious to see what the reaction is. My guess is that some people would still support LulzSec, even saying that they're glad that such a fine group of principled and honorable white hat hackers took the time to demonstrate the flaws of Slashdot's security.
Back when I was in college, I had a friend who used to break into cars that used The Club. He wouldn't steal anything but The Club itself, to demonstrate to them the uselessness of the product. I found it hilarious. Much like these web site hacks, it was just a harmless prank by some punk kid. But it was also pretty fucking antisocial. Did those people learn a valuable lesson? I don't know. Maybe. That doesn't change the fact that it was wrong to break into those cars.
By the way, I'm not saying that I'm some paragon of virtue, because, obviously, I'm not (I found the whole thing rather amusing and probably indirectly encouraged his activities by laughing). I don't think you need to be virtuous in order to speak about virtue, however.
Let me take a wild guess: number of ethicists: zero.
I hope these guys are as good as they claim to be, otherwise we will be seeing their faces with the caption "Further arrests from anonymous hacking group"
I agree, if they really claim to "not like the US government", then a much smarter move would be to snoop around quietly and dig up something REALLY juicy. Where's the meat? They brag about hacking the Senate but then give us what looks like little more than a list of mundane files on a webserver, or something. Whoop. Sounds more like they managed to find one unsecured machine, and just couldn't wait to brag about it ... I can just see it ... 'ZOMG dude we hacked teh Senate!!11!' 'Oh yeah we're awesome!'. It has no class. They had an opportunity to get onto the network and look around for something really interesting, like evidence of corruption or something, instead they just hollered as loud as they could and now security will be stepped up, helping close the opportunity to do something good.
The most drastic change occurs by revolution, but I'd say the best change occurs by evolution. And good outcomes certainly don't come from idealists without a real plan for replacing the establishment. Crap, that's just asking for the guillotine.
Revolutions rarely have a good ending. 1789? Led to a reign of terror. 1917? Led to a reign of terror. 1776 is maybe the only one that led to more freedom. But it seems, only temporarily so.
The main problem is that we replaced aristocracy with plutocracy. Instead of birthright and divine providence, money is now the deciding factor of your worth in society. And while superficially more porous, since anyone could get rich, nothing really changed but the people on top. It is still the same flawed system.
Originally, aristocracy was a meritocratic concept. Those of virtue (be it battle prowess or great leadership) were put in charge, since they proved they can rule and lead people. And as it is very natural for us, these people wanted to leave a legacy, and titles and offices became hereditary. Unfortunately, virtue and leadership are not. And without challenge to their rule, there was no need to distinguish themselves and prove they're "worthy" to lead. The result was their ultimate demise when it became blatantly obvious that the king had no clothes.
The current plutocratic system suffers from the same flaw. Originally, those who came to riches had to be good investors, careful planners, foresighted industrial thinkers and hard workers who knew the value of work and the hardships associated with them. The current generation of industrial leaders never had to distinguish themselves. They got their position due to a network of other plutocrats that elevated them into the positions they hold today, they have no connection to the company they lead, they never "built" it, they don't care about it or anything done in it. Most of all, they also have no responsibility for it as the current "too big to fail" scam shows. It does not matter whether they know what they're doing or whether they are essentially playing the lottery.
It's the same shit all over again. Another time, another set of players, another "merit" to have to be one. But else, same shit as 300 years ago.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.