Slashdot Mirror

← Back to Stories (view on slashdot.org)

LulzSec Hacks the US Senate

Posted by Soulskill on from the going-for-the-gusto dept.

jfruhlinger writes "LulzSec might not be as famous as Anonymous — they're really best known for hacking sites they like, to prove a point about security — but they may have just raised their profile significantly, posting what appears to be data taken from an internally facing server at the US Senate. However, the fun-loving group might find that the Senate reacts a lot more harshly to intrusions than, say, PBS did." The group also recently grabbed data from Bethesda Softworks.

36 of 344 comments (clear)

  1. Interesting by Jibekn · · Score: 4, Interesting

    I hope these guys are as good as they claim to be, otherwise we will be seeing their faces with the caption "Further arrests from anonymous hacking group"

    1. Re:Interesting by biodata · · Score: 4, Interesting

      I'm sure we will see this anyway. It's easy to arrest a few people on suspicion whether they did it or not. It doesn't matter if anyone gets convicted, the arrests are just a bit of media theatre and have to happen soon after the event. Like in Spain, Holland, Turkey, etc.

      --
      Korma: Good
    2. Re:Interesting by LearnToSpell · · Score: 3, Insightful

      Competent black hats *who take the proper precautions* brag publicly.

      No. There is zero benefit to having people know what you're up to as a black hat. That's like leaving riddles inside the bank safe.

      --
      Haida Manga
    3. Re:Interesting by Anonymous Coward · · Score: 4, Funny

      On another note, does Amazon keep any sort of network/VM logging from someone who spun up/used/spun down a virtual machine with a prepaid visa card?

      No, but they have shipping addresses of everybody who ever ordered a Guy Fawkes mask, which should be close enough for government work.

    4. Re:Interesting by Tr3vin · · Score: 3, Funny

      The real question here is "Who is afraid of the big black bat?"

    5. Re:Interesting by lambent · · Score: 3

      Two things come to mind:

      "Those who speak, do not know; those who know, do not speak."

      and ...

      "Loose lips sink ships."

      You're correct; there's no benefit to these childish displays. Their juvenile antics will be their own downfall.

    6. Re:Interesting by Ruke · · Score: 3, Interesting

      These guys aren't black hats; they're a different breed. They're clearly not in it for the money. They're not in it to help people. They're in it for the chaos, and the power trip, and, well, the lulz.

      They're probably going to get caught, but I don't think it's quite fair to characterize them as "incompetent," just because they're playing a different game than everyone else.

    7. Re:Interesting by Jeremi · · Score: 3, Insightful

      No. There is zero benefit to having people know what you're up to as a black hat. That's like leaving riddles inside the bank safe.

      Unless, of course, your goal is to get publicity and make a point about something. (if Lulzsec or whoever just hacked into senate.gov and didn't tell anyone, do you think we'd ever hear about it?)

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    8. Re:Interesting by Anonymous Coward · · Score: 3, Informative

      Assuming perfectly rational actors... which don't exist.

      In the real world, people are complex, and just because you don't see a clear "benefit" to a behavior doesn't mean it won't occur.

      And before you claim "but then they wouldn't be competent", I suggest you read up on the No True Scotsman fallacy.

    9. Re:Interesting by TooMuchToDo · · Score: 3, Informative

      You're either a black hat for two reasons: a) financial gain or b) publicity. You keep your mouth shut if you're in scenario A. B? Not so much.

    10. Re:Interesting by DrBoumBoum · · Score: 5, Insightful

      You're either a black hat for two reasons

      Maybe they're doing it for the lulz?

    11. Re:Interesting by TooMuchToDo · · Score: 3, Insightful

      The world is many shades of gray. My opinion (although it counts very little) is that intent matters very much. Breaking in to steal credit card/personal info? Black hat. Breaking in to get information to help political prisoners? White hat. Just because you're breaking in to a secure system that isn't yours doesn't mean you are a black hat (depending on what you're doing; http://www.google.com/search?q=wikileaks+good). Just like helping the Chinese government find holes to patch in their systems used to prevent the expression of their citizen's human rights doesn't mean you're a white hat.

      What is your end goal?

  2. Fed Reserve is up next by milbournosphere · · Score: 5, Interesting

    Apparently, Anonymous announced an intention to go after the federal reserve next: http://gizmodo.com/5811546/anonymous-goes-after-federal-reserve. It'll be quite interesting if they attempt it. I'm interested in seeing how the fed handles this.

    1. Re:Fed Reserve is up next by Dunbal · · Score: 5, Funny

      Severe damage to the federal reserve. Hahaha that made my day, thanks. Buddy, the damage has already been done. There's nothing left.

      --
      Seven puppies were harmed during the making of this post.
    2. Re:Fed Reserve is up next by cold+fjord · · Score: 4, Informative

      It is good criminal practice, to stay on "annoyance level". If you exceed that, law enforcement comes after you. If you exceed that enough, the people that come after you actually know what they are doing, are well funded and very, very persistent. If these clowns really manage to break into or do several damage to the federal reserve, they will end up in federal prison for a few decades. May take months or years to get them, but they will get caught.

      In fiscal year 2010, the FBI requested almost $50,000,000 in new resources for internet crimes. Any bets they get more than that in new resources this year?

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    3. Re:Fed Reserve is up next by gweihir · · Score: 4, Interesting

      Believe that all you like. Then ask yourself who the larges employer of mathematicians (not an easy study by any means) in the world is. And they have other pretty good people too.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  3. Somebody is on a power trip by gweihir · · Score: 4, Insightful

    Usually these end in tears. Only the most stupid black-hats (and that is all these morons are now) brag publicly.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Somebody is on a power trip by Hatta · · Score: 3, Insightful

      All things considered, LulzSec has a better track record than the US Senate.

      --
      Give me Classic Slashdot or give me death!
    2. Re:Somebody is on a power trip by Dragon+Bait · · Score: 5, Funny

      Most likely have nothing to live for and are probably wanting to end it all by making others suffer.

      Are you talking about the hackers or the senators?

    3. Re:Somebody is on a power trip by betterunixthanunix · · Score: 3, Informative

      Yet the US senate has the law on its side, and LulzSec does not.

      --
      Palm trees and 8
    4. Re:Somebody is on a power trip by selven · · Score: 3, Insightful

      I take it you have not heard of the concepts of "lawful evil" and "chaotic good"?

    5. Re:Somebody is on a power trip by wickerprints · · Score: 4, Insightful

      Well, of course the US Senate has the law on its side. They wrote the law, arguably to serve their own interests, just like the Fed is a group of bankers that regulate the banking industry. It's not accountability if you are only accountable to yourself.

  4. Re:Bethesda by gweihir · · Score: 3, Insightful

    They want attention. They do not care what kind of attention. Like some emotionally disturbed kids.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  5. I want to see some Juicy stuff by future+assassin · · Score: 3, Interesting

    As much as I like chaos brought to the powers that be none of this hacking will have any long lasting effects. want to see some serious info leaked that damages someone with real power. I'd rather see these guy dig out info that calls out the hypocrites in positions of power.

    --
    by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
  6. Comment removed by account_deleted · · Score: 5, Insightful

    Comment removed based on user account deletion

  7. Is hacking spate supporting internet lockdown? by Savantissimo · · Score: 4, Insightful

    It seems like the recent outbreak of high-profile cases of computer break-ins is almost calculated to provoke legislation locking down the internet. First the kill-switch proposal, the announcement by the US military that computer intrusion would be considered an act of war, now a constant drumbeat of reporting in the media about major cracks.

    Perhaps the hacks are all just being done by people who don't see how useful such stories are to those who want to assert control over the net, but it would be foolish to think that the "problem-reaction-solution" method has stopped being used by those who are after power, or to discount the possibility that some of this hacking and the publicity it receives is actually being provoked or even orchestrated by those seeking to expand government control over the internet.

    --
    "Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery?" - Patrick Henry
    1. Re:Is hacking spate supporting internet lockdown? by VortexCortex · · Score: 4, Informative
      Perhaps that's exactly why the hacks are occurring...

      It seems like the recent outbreak of high-profile cases of computer break-ins is almost calculated to provoke legislation locking down the internet. First the kill-switch proposal, the announcement by the US military that computer intrusion would be considered an act of war, now a constant drumbeat of reporting in the media about major cracks.

      Perhaps the hacks are all just being done by people who don't see how useful such stories are to those who want to assert control over the net, but it would be foolish to think that the "problem-reaction-solution" method has stopped being used by those who are after power, or to discount the possibility that some of this hacking and the publicity it receives is actually being provoked or even orchestrated by those seeking to expand government control over the internet.

      Its remarkable how quickly the PATRIOT Act was "created" after 911. Most likely was waiting in a desk drawer waiting for something to polarize the public... Now we have teams of hackers that could literally be anyone, causing security problems across the board, from government, to business, to gamers. Clearly the people will now agree the government must put an end to it all...

    2. Re:Is hacking spate supporting internet lockdown? by ACS+Solver · · Score: 3, Informative

      Who needs a total lockdown? Make a lockdown that's "tight enough" and that will already have most of the population under control. You don't even need anything too sophisticated. Let's say the government requires that all ISPs have their DNS servers use a centralized government blacklist of sites, resolving any site on the list to 127.0.0.1. That simple measure would prevent most Internet users in that country from accessing sites on the govt's blacklist.

      It's impossible to completely lock down the Internet without changing the entire infrastructure of it, if even then. There will always be the tech savvy 5% of users that are hard to limit. But with very simple technical solutions, you could limit 95% of the users. And probably limit half of the remaining 5% with a bunch of moderately more difficult measures.

  8. It's a setup. by hellop2 · · Score: 3, Insightful

    This will be used to push forth legislation making script kiddies equivalent to terrorists.

    --
    How many more years will slashdot have an off-by-one error on your Score in your profile?
  9. Re:Not what Obama meant by "open government"... by Hatta · · Score: 5, Interesting

    And when that ass gets kicked in the Senate's IT office, you'll have LulzSec to thank. If LulzSec could hack it, so could Iran. We should be grateful for the service they are providing.

    --
    Give me Classic Slashdot or give me death!
  10. There's nothing important there by Animats · · Score: 4, Insightful

    That's not some inside server. Look at their list of files. It's the Senate's outward-facing web server, "www.senate.gov". It also hosts the public web sites of individual senators. It looks like what you can see on a UNIX system with a guest account. Big deal. Every staffer on the Senate side has that much access.

    They have the complete directory of all the paintings in the Capitol. The forms for registering as a lobbyist. Pictures of all the Senators. Lots of stuff for tourists. This session's voting results, in HTML. The base Apache config. Nothing exciting.

  11. Re:Not what Obama meant by "open government"... by adri · · Score: 3, Insightful

    I'm not sure if you've ever really sent an anonymous "your shit is broken" message to a site, but I bet the level of positive response would be inversely related to how big the company is.

    No-one wants their management to find out their stuff is insecure. They'd be looking for a new job. So they likely bottle it and pretend it ain't happening.

    I hate to say it, but I think Lulzsec is doing a disturbing but necessary deed. When no-one wants to improve the state of security, are quite happy accepting budget increases for "more security hardware" instead of doing it right the first time and externalise all security issues as vendor problems, there's no real motivation to actually pursue securely developed options. Lulzsec is outing that practice.

    I only hope that somehow this crap makes its way to pointing out inherent security flaws in OSes that make it tangible enough to lawmakers to suddenly care. Not "care" as in "pursue legal options rather than fix", not "care" as in "buy more layers of badly managed and ineffective security theatre", but "care" as in "we need to hire people who know what they're doing, then keep them around and include security in all stages of planning, development and operations."

  12. Re:Thanks Guys by EnsilZah · · Score: 5, Informative

    I know what they did is wrong and all but what you wrote sounds like "Look what you did, you've angered the master, now he's sure to give us all a good whippin'"

  13. Who's "we"? by zooblethorpe · · Score: 3, Insightful

    Oh, the FedRes functions buddy boy. it just functions in ways we never intended it to.

    What do you mean, "we"?

    Hugs and kisses,

    -- Hank Paulson

    --
    "What in the name of Fats Waller is that?"
    "A four-foot prune."
  14. Re:Not what Obama meant by "open government"... by cstdenis · · Score: 3, Insightful

    The solution is to stop letting HR people with no technical knowledge hire technical people.

    This is what results in the common practice of putting a know-nothing idiot with good social skills in charge of doing technical work they can't handle.

    --
    1984 was not supposed to be an instruction manual.
  15. Wild guess by ThatsNotPudding · · Score: 3, Insightful

    Then ask yourself who the larges employer of mathematicians (not an easy study by any means) in the world is. And they have other pretty good people too.

    Let me take a wild guess: number of ethicists: zero.