Slashdot Mirror
LulzSec Phone-Bombs FBI and Blizzard
Revotron writes "Anonymous hacker group LulzSec has begun to harness the power of the crowd in their latest griefing attempts. After a day of numerous DDoS attacks on a handful of famous MMOs, LulzSec's phone lines lit up with an estimated 20 calls per second. Using a fairly simple phone redirect, they sent all of their incoming calls to various offices, among them the FBI office in Detroit, Blizzard Customer Support, online retailer Magnets.com, and most recently, the corporate offices of HBGary." Update: It looks like they also brought down the CIA website tonight, but it is up now.
They've got balls of steel.
Doesn't this make them griefers?
I don't want to sound like a tinfoil hatter (even if I do), but something tells me that these guys are contracted by the government because supporters of the Patriot Act are thinning in numbers.
So screwing over WOW players trying to get customer support is now "justice"? What a bunch of wankers.
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo! http://goo.gl/J9bkO
“Tango down - http://t.co/2QGXy6f - for the lulz.” http://twitter.com/#!/LulzSec/status/81115804636155906 wtf
I was sitting in our office when all of a sudden all the phones in the office rang at the same time. The number that came up was 800.555.1212, or 800-Directory Assistance. Since there are only a handful of us in the office today, it was ironic that only a few of us experienced it. According to our phone clocks, this happened about 2:55PM EDT. That's a little off from the article report time of attack but is it merely a coincidence? I'm curious if any other Slashdotters out there experienced this same phenomenon today.
"Anonymous hacker group"...with phone lines? Does not compute.
These fiends have gone to far. Quick, someone turn on the internet bat signal!
Seems like if I were a serious Black Hat and not just some anonymous/lulzsec script kiddie, I wouldn't welcome the unwanted attention drawn towards internet security. It might not be a good thing to anger both sides of the fence.
the LulzSec manages to get its daily scoop of attention on SlashDot.
I wonder if we could have a new section on the left for them now.
Can we use mod points to try and get an article off the first page? please? LulzSec stuff should never hit front page on principle.
what's SCO up to these days?
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Call them Lord Nikon. The King of Nynex.
"I hope you know how very lucky you are to know me, because I am so incredibly incredible."
I, of course, do not condone the actions of LulzSec. However, they represents the true spirit of what 4chan was always about before so called "Anonymous" hijacked our name and took things way too seriously. Anyone remember the Internet Hate Machine video? It was a joke. The most dastardly thing /btards had done at that point was prank call Tom Green. Before letterhead and newsletters, before stupid legion, it was always about just fucking around and having fun. While this is taking things too far, obviously, it is fun to sit on the sidelines and watch.
"Lawmakers today announced new legislation that will take away more of our civil liberties, in response to recent attacks by the groups LulzSec and Anonymous."
LulzSec's disabling of the CIA's website (CIA.gov) is currently being discussed on ZeroHedge: LulzSec Takes Down Cia.gov One thing is certain. The crackers in LulzSec are damned good, OR they have considerable "inside" help at the CIA and FBI. Or BOTH!!
A lawyer & digital forensics examiner. Also an expert on open source software (OSS).
Isn't this along the same line as causing a traffic jam at a busy intersect just to say hay you should have a police officer watching every traffic corner?
Maybe I'm missing the point but mostly they just seem to cause petty disturbances. Are they trying to make it so companies have to weigh every new venture they role out with the thought of risk vs reward?
I always wanted to be a person who achieves something not someone that goes over to the next guys sand castle and kicks it down and says damn should have made that sucker hurricane proof. Better luck next time.
I'm just surprised these guys don't naturally just turn on each other over time.
One thing is certain. The crackers in LulzSec are damned good, OR they have considerable "inside" help at the CIA and FBI. Or BOTH!!
Or the CIA doesn't use the public facing web server for anything important, so they didn't bother securing it very well.
Give me Classic Slashdot or give me death!
better by their mugshots. This is getting annoying. At this point they pissed lots of people off, someone will find them.
Does anyone honestly believe that LulzSec is anything other that some government agency. They're clearly trying to piss off the general public... and to what purpose? Support for some key upcoming regulatory changes to the internet?
It takes almost no skill to execute a DDoS attack, which is all this bullshit is.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
I'm sorry I don't see the connection between "criminal" CEOs, bankers and government officials, and EVE Online, magnets.com and Minecraft. Please elaborate.
Seven puppies were harmed during the making of this post.
SIP Invites hardly qualify as phreaking.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Either these guys are fucked and we are about to get rammed with legislation, or the government is pulling this off and we are about to get rammed with legislation. Either way the general public takes the red white and blue schwanze in the end.
'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
a DDoS has nothing to do with security. It's only about wasting resources. It's not even hard to do.
These guys should be taken out and shot. Ignoring all the service disruptions etc, just stop and think of all the power these jackasses are wasting.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
FBI... ok, so you're an anarchist
WoW... ok, so you're anti-capitalist
Magnets.com... uhh, so you don't like your shitty kid's art messing up your fridge...?
>> Or the CIA doesn't use the public facing web server for anything important
A honey pot would be important :). (but one with enough challenge to obfuscate the fact)
Atlas Shrugged : Thematic Story
In the UK on 30th June lots of civil servants are going to go on strike. Previous governments made General Strikes illegal, so each group of civil servants is going to be protesting their own disputes but conveniently doing it on the same day. This will be a major denial of service to a wide range of people in schools, transport etc. Does it piss me off? Not nearly as much as the widespread abuses of power they are trying to draw attention to. For me, lulz ddos ranks on the same scale. The inconvenience can be annoying but I'm glad someone is demonstrating that power is more diffuse than generally acknowledged. At least they are not taping their lunch to their heads and occupying the city centres until the government is toppled, as recently happened in several countries. I'd find that much more disruptive.
Korma: Good
they put up a text file of the initial proof
http://lulzsecurity.com/releases/senate.gov.txt
along with config files, usernames, and enough data for others to get back in, of course security has probably been increased 100 fold since the root hack
They have all the password file for that FBI site they hacked up on their torrent account: http://thepiratebay.org/user/LulzSec
They are in pretty damn deep, even though there is many lulz, for their sake I hope they know what they doing, or they will soon meet Bubba in prison
Not all.
Attacking people with the resources to find and make you disappear is stupid.
You know that moment in a super hero movie where the idiot bad guy says something insulting to the hero and you know he's going to get his backside handed to him six ways from Sunday? Lulzsec just did the insult bit.
- Michael T. Babcock (Yes, I blog)
The Sony hacks illustrated just how exposed our data is; the treasure trove of personal data sitting out there for the EASY taking by real criminals is a disaster waiting to happen on an unprecedented scale. I'd rather a group like Lulz go around poignantly dispelling our notions of information security rather than have actual identity thieves take on the mantle of a wake up call themselves. I applaud their point: if you can't even stop people compromising systems for laughs, you'll never be able to stop those who are doing so for profit.
Interfering with someone else's electronics is in fact a serious crime in most places. The Internet is primarily privately run these days, so you might find it strange but private companies' resources being misused is not the same as dancing like an idiot in a public park. Its a direct assault on private property, like your examples.
- Michael T. Babcock (Yes, I blog)
lol if I had mod points right now I'd so dole them out, man.
That retro rocked.
-- This space for lease, low setup fee, inquire within!
While I agree fully (hey, I was part of the old era of the different layers of hacking, most of us probably (hopefully?) were...)... I'm only worried about another revamp of the near totalitarian political shift that occurred back then due to the "anarchy". That word was dolled out so much it was pathetic and meaningless.
The day we have to worry about the FBI tracking us down for downloading the wrong thing, or transferring the wrong kind of encryption across country lines is a sad day again... wait, what's that? It's still that way? The FBI has been too worried about what? Stuff in people's shoes on planes? At least there's a slight distraction for the gestapo the last 10 or so years...
-- This space for lease, low setup fee, inquire within!
Thanks for noticing, it's additional knowledge. I did a little research before I submitted, and according to @LulzSec on Twitter, they targeted WoW Customer Service as well. FWIW, my original headline focused on the FBI and HBGary. But for whatever reason, samzenpus thought "Blizzard" fit better in there... not quite sure why.
While I agree fully (hey, I was part of the old era of the different layers of hacking, most of us probably (hopefully?) were...)... I'm only worried about another revamp of the near totalitarian political shift that occurred back then due to the "anarchy".
Hmmm... how old? Because last time a counter-culture decided to "stick it to the man" was about half a century ago. And, after a while (with McCarthy and Nixon gone), it was better... for about 20 years.
Questions raise, answers kill. Raise questions to stay alive.
and "they" had a much more compelling case back then
I used to think that websites getting hacked was a bit of a laugh. Now it's a PITA. I am sick of getting emails from large companies stating that they have been compromised, and X data has been stolen. It's time to take the nappies off and get out into the real world.
All you are doing is pissing people off, and it WILL come and bite you in the arse.
Or the CIA doesn't use the public facing web server for anything important, so they didn't bother securing it very well.
In fact, they probably set it up this way on purpose with an eye towards attracting interesting targets to their honey pot. It's a cheap and effective method when compared to other forms of surveillance and the CIA need only spend minimal effort and resources to promote their honey pot where desirable targets are likely to find it and follow up on any promising leads.
Attacking the CIA website is like kicking a nest full of killer bees.
Who would do such an idiotic thing and hope to have a life worth living afterward?
When a guy breaks into your house and steals your belongings, "Hey, he had a lousy alarm system and was gone over Labor Day Weekend, he was asking for it!"
A rapist: "She was wearing a provocative outfit! Anyone could see that she was asking for it".
Now these script kiddies: "Hey, we broke in and found plaintext! Sony was asking for it."
Same logic. "It's not my fault, you did not prevent me from committing a crime so it is your fault. I am not responsible for my criminal actions, you are. You are also responsible for the third-parties I hurt because you did not adequately prevent me from doing it".
Exactly...does anyone here really have that "action movie" idea that some massive mainframe inside CIA headquarters is really running the CIA website? And that it's not just farmed out to some contractor like rackspace?
Or like most public sector organisations across the globe.
They're just pretty fucking incompetent when it comes to this kind of thing.
Having worked in public sector, for 6 years, I know where I'd place my bets.
Frankly, I think they hit that point the other day, when they took down Goonswarm's EVE fun.
"I Know You Are But What Am I?"
... is the further erosion of Internet freedom, personal civil liberties, and the consolidation of more power to government.
The government will respond to these embarrassing attacks by clamping down even more on liberty, and by more tightly regulating the Internet. They will use it as justification for more warrantless eavesdropping, reading your email (they already do that, actually), and tapping your phones.
I did not hear if blizzard was really affected, i mean so what, instead disrupt their servers for the online gaming, that would be impressive, just taking up their phone support lines, blizzard could have done on their own to avoid costs, and blamed it on some stupid hacking group....er....wait a minute....
Y'know.. I remember a day when we had to have an actual understanding of network protocols, operating systems and applications... and write our own "tools" to exploit system weaknesses "for fun".
Apparently these days all you need to be cool is a freshest copy of MetaSploit and no life.... and if m'Sploit can't get you in, just DoS the target and claim responsibility for being so skilled.
Shouldn't you kids be outside playing?
chown -R us
I don't know that technical incompetence is exactly right. It's more likely management incompetence.
I worked once as a government code monkey. The most imporant thing was getting stuff done according to schedule. Security was important but nobody knew the details of what was required until it was too late. Security configurations should have been considered and built in from the design phase on, instead it was always tacked on at the end. Which means there is never any money/time to get anything but the most trivial issues addressed.
Is it a ladyboy?
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
How is it cracking a web site to DDoS it? These guys aren't cracking shit, unless it is the routers cracking under the strain.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
You're lucky you even had schedules :)
When I was there it was more a case of "Hi, I know this is last minute but this needs doing by Friday" on a Monday.
Then on Tuesday morning "Why isn't it done yet, I said it needed to be done by last night?".
i.e. no planning, no scheduling, no competence, random decisions as to what needed doing and when!
But I did find IT deeply polarised there, amongst a team of around 40 IT staff I'd say only about 10 were truly competent and were holding organisation up for the other 30 by fixing the things they broke and doing their work for them.
Without a doubt public sector has competent people, but in my experience, more often than not, they're an absolute minority, and when they raise issues like security flaws they're treated as troublemakers creating extra work which was an affront to the work-shy co-workers rather than being seen as people who just want to honestly do a good job and make sure tax payers were getting what they paid for.
Hmm, going after all of these sites (including government sites), might not be a good idea. They may be in it for the lulz, but if they get found, they are kinda fucked. I will say though, that what they did with the phone bombing is kinda funny though. The DDoS attacks were not all that funny, but when you redirect your phones to other places creating a little bit of chaos, then it gets amusing. I know that they are not affiliated with Anon, but I do personally find it odd that they started getting in the headlines after all of the Anon stuff. Were they around before Anon and just got headlines because Anon did a bunch of crap, or did they form after Anon? I know they are not affiliated, I am just saying that it is fishy that I have not heard much from Anon since the WBC was hit (I think they did another attack after that as well) and then they just kinda dropped from the headlines and LulSec hopped up.
The world is how you make it
One thing is certain. The crackers in LulzSec are damned good, OR they have considerable "inside" help at the CIA and FBI. Or BOTH!!
Or the CIA doesn't use the public facing web server for anything important, so they didn't bother securing it very well.
Exactly, you aren't going to put your secret plans for world domination on the fucking internet, are you?
To have a right to do a thing is not at all the same as to be right in doing it