Authorities Closing On LulzSec

mask.of.sanity writes "The noose is tightening on hacker group LulzSec, according to a coordinated group of like-minded users, some from LulzSec-Exposed that claim to have uncovered the identity of LulzSec members and supplied them to the FBI. An arrest Monday of a UK teenager was rumoured to be former hacker scene member Ryan Clearly, and the trackers, which includes a former FBI agent, say this arrest is the first of many. They refused to disclose the identities of LulzSec chief, saying it would cause the members to burn the evidence of attacks and scatter."

Huh?

[Afforess]

Really, the FBI isn't afraid that capturing one alleged member of LulzSec won't cause the other members to bolt and hide the evidence, but disclosing the names will?

It's days like these I think elementary logic classes should be manditory.

Very Unfortunate.

[crow_t_robot]

This is unfortunate considering what lulzsec is currently doing for the IT job market. These attacks are getting incompetent people fired and making companies go out and look for competent people to hire in their place. Also, it is forcing them to actually invest money in their IT infrastructure instead of just slapping some servers together and letting some clowns straight out of a degree mill run them. People need to realize that this is a net good thing because if a 19 year old with no formal education is ripping servers owned by multi-billion dollar international corporations then the Chinese have already been there. A company would not even know about the Chinese intrusion much less publicize it once they found out so what lulzsec is doing is shining the light on how poorly these companies that hold your data are run.

Re:Very Unfortunate.

[wintercolby]

While it is good for the IT industry as a whole, as far as investment in infrastructure and qualified administrators, it is also bad for Internet freedom. The less secure people feel on the Internet, the more we will lose anonymizing proxies and the more public everything we do on the Internet will be. Today we have the "sexting representative", tomorrow it will be a senator that looks at free porn on his home computer. The extreme cases convince us that we need to lose some privacy, and then government passes laws that are harsher and harsher, and relaxes warrant requirements, because no one loses elections for being strong against "crime".

Re:Very Unfortunate.

[Dhalka226]

I understand what you're saying, and to some degree I agree: The state of security on Internet-facing web properties is staggeringly bad, and the fact that companies who do an incompetent job protecting their users are getting publicly called out is, in its own way, a good thing.

Still, there are right ways and wrong ways to do things and LulzSec is clearly on the wrong side of the line. This is particularly true when you read their own postings about how they do it "for the lulz." "You wouldn't know we hacked people if we weren't arrogant shitheads about it!" was nothing more than a post-event attempt at rationalization. And their nonsense with hacking into porn sites and trying to publicly shame people who visit them made me want to strangle them with my own hands.

Some good can come of all this, and I hope it does. But yes, I also hope these people are caught and punished. There are a lot of horrible things people can do to one another that might, in some way, lead to good conclusions, but that does not mean that they should be done. Robbing your neighbor to prod them into locking their doors at night may end up with a good outcome, but I should still go to prison for it. The same applies here.

Once they have done their time and paid their debts, I'm sure they can make quite a handy little salary doing these same damn things the right way.

Re:Very Unfortunate.

This isn't the broken window fallacy. Nobody is trying to boost the economy by breaking perfectly good things.

They are showing the weakness in the existing system, exposing people who can't do their jobs, and generally forcing everyone to up their game.

It's a completely different situation.

Re:Very Unfortunate.

[woolpert]

This isn't the broken window fallacy. Nobody is trying to boost the economy by breaking perfectly good things.

Rubbish. The systems they are targeting are working fine. They are breaking perfectly working things, thus demonstrating that they are BREAKABLE. That's irrelevant. In the broken window fallacy the windows are breakable too.

Wrong.

If the systems they are targeting are breakable they are not working fine.

A window can be breakable and still perform its primary mission. The breakability of the window has nothing to do with the point of the story.

An authentication server can not be susceptible to such attacks while still be considered performing its primary mission.

PR madness, Something strange going on

What is all this media attention on LulzSec, it is kinda amusing. The character assassination of Ryan Clearly in the UK news is crazy. They have interviewed people in his road, called him a shut in and other things, I think i heard terrorist today as well. I have even had 2 family memebers call me up to disscuss lulzSec (my 60 year old mother), this whole story is dominating the news WHY? I have not seen rapists get this kind of media attention and character assassination. The fun thing is, Ryans Role is pretty clear, he was the IRC server host. That's it, so by extension the FBI and UK believe he is now part of Lulzsec. Well Ryan provided a medium for anyone to chat on his IRC server, Its like saying because Google link to the lulzsec page they too are in league with them. Just because someone supply's a medium and someone abuses it, it is not the fault of that person.

This is a massive PR thing and I wonder if LulzSec is government funded. Is it not strange that other hacking groups have been on the slow raise, now a Super hacking group has appeared to create waves just as the government wants to lock down the internet, LulzSec is now running operations with AnonOps maybe this is just one big government honey pot to pull the last reminding old school hackers and take them out in one go while also locking down the internet because of the evil goldstein sorry I mean LulzSec and their abuse of power.

tl:dr Ryan Clearly = IRC host and ScapeGoat, LulzSec could be the new goldstein (might be government placed to get access to other hacking groups), Governments are going to win whatever the outcome, Internet gets locked down and OR the hackers go to jail.

SIDE NOTE (YES I AM SHOUTING)
WHY ARE GOVERNMENT SYSTEMS WITH SENSITIVE DATA EVEN ON THE INTERNET? STOP USING THE PUBLIC NETWORK THAT WAS DESIGNED FOR SHARING INFORMATION AND ATTEMPT TO LIMIT IT TO CREATE YOUR OWN INTERNET> SERIOUSLY GET A PRIVATE NETWORK AND AMERICA STOP TRYING TO CONTROL IT.

Re:Logic disconnect...

[biodata]

if he's ever charged with anything

Re:Not the brightest

[mr_gorkajuice]

Are you suggesting that these people are incapable of mistakes, and cannot ever possibly be outsmarted by feds?
I believe you're vastly overestimating these guys, and similarly underestimating authorities.

Re:Burn the evidence of attacks and scatter

[Dunbal]

What, you clicked on it despite the fact that it says "[goatse.fr]" right there next to the link?

Re:Logic disconnect...

[sosume]

How can someone who has never entered the US be convicted to 60 years for breaking US laws??

Re:Not the brightest

[Xest]

I'm suggesting that when you've been thinking about such things long enough there's very little room to make mistakes, and that if you have, you'll tend to know about it. The hacker mindset is one of meticulous attention to detail and obsessive thought about a subject on their mind, you can guarantee that particularly when paranoid about being caught which is going to be more the case with such announcements as this that the scope for mistakes will be so small, and the scope for mistakes that can't be cleaned up after the fact and before discovery is even smaller.

I'm not saying they couldn't be outsmarted by the feds, simply that they wont be outsmarted by someone foolish enough to post on the internet "We know the leader's identity", before he's actually been brought to justice. I also suspect that to actually catch them they're likely to somewhat cheat, and throw due process out the window- they may have a rough idea who is involved but not have the evidence to legitimately question them or seize their kit, so they'll make up some false charge to seize it and build up evidence upon that anyway. They may not even have a case then but the authorities including the judiciary seem quite competent at ruling against people even when the evidence is unacceptably weak in the first place.

They probably will get them some way or another, but it may not be through a legitimate thoroughly proper and clean legal process. Sure many such hackers have been caught in the end, but how many haven't over the years? How many spammers go untouched, how many criminal hackers do the authorities not even know the rought whereabouts of? how many DDOS attacks against major corporations even before anonymous started doing them went unpunished? you only have to look at the rather famous case of Al Capone, where physical evidence should theoretically have been much easier to come by and see that they had to do him on tax evasion in the end to see that sometimes, achieving proper justice against criminals can be quite the impossible task. The result then is either failure to deal with them at all, or a bending of the law.

I think more realistically you're underestimating the ability of smart criminals, particularly in the digital world to evade justice. For all the feel good stories about "criminal X has been caught" hammered into us on the news, and newspapers, there's plenty more who are not. It's perfectly possible they will fall into this category, and it seems blurting out to the world that you know the identities of these people even if you don't announce said identity is only going to make life that much harder for the authorities who may truly find any potential evidence has already been burnt and shredded already whether in the physical or digital sense. A smart investigation would simply not announce knowledge of the identity of the target until they were already in custody, anything else is just foolish penis waving.

Re:Logic disconnect...

[interkin3tic]

By putting out a press release stating that arrests are imminent, maybe they are hoping that LulzSec will destroy their own infrastructure and go into hiding, thus eliminating them as a threat. It's true doublethink; it can mean that they have no leads whatsoever, or that they do.

-The FBI has identified the members, can capture them, will capture them, put out this statement to scare them into stopping the attacks until they can be arrested
-The FBI has identified the members, can capture them, will capture them, couldn't keep a lid on the rumors, leading to this leak
-The FBI has identified the members, can capture some of them, but want to scare off the ones they can't with this
-The FBI has not identified the members, and wants to scare them off
-The FBI thinks it has identified the members, foolishly bragging about it beforehand, and will be have egg on their face when the people they arrest have little to do with it, attacks continue

Re:i dont know whether youre a moron or not

[Skarecrow77]

Just because you're young and stupid doesn't mean you don't have to deal with the consequences of being stupid. Sure kids do stupid things. I did, I'm sure we all did. That doesn't mean kids immune from the responsibilities of their actions. They are given more leeway, certainly, for having poorly developed sense of judgement, and because of that in this situation you have to take into account that kids are liars and could be falsely claiming responsibility for street cred. But then you look at circumstance:

If some 8-year-old kid who just got his first laptop 3 months ago says on his facebook page that he hacked the FBI, maybe that claim is not trustworthy. But if it is a 17-year old who has been into computers since he was 8 bragging about the same thing, using the lingo, demonstrating the knowledge, etc... maybe you believe him. Or at least you treat it as a credible possibility and investigate. Perhaps even prosecute if you have enough evidence. Maybe he really didn't do it, but then he's going to have to deal with the consequences of saying he did so because he certainly seems like he could have done it.

If you try and convince somebody that you committed a crime, and you do a convincing enough job that they believe you, that's your fault. You better damn well believe that authorities care about high profile felonies, especially ones that are targeted at THEM, which if I recall, some of these attacks were.

Here's a slashdot analogy for you. I was taught not to poke a bees nest when I was a kid. Weren't you? What we're talking about here isn't just poking the bees nest (which the lulzsec guys did), we're talking about somebody else who walked over to the now-angry nest of bees, picked up the stick that was used to poke the nest and stood there under the nest holding the stick. Look, even most kids aren't stupid enough to do that... and the ones who are, what do you make of that? Do you blame the bees for stinging them? He chose to stand there with the stick!

with your logic, you can convict a 6 year old who says 'dodo' during a national anthem.

What in the world does that have to do with our discussion of publicly confessing to felonies?