Slashdot Mirror
Authorities Closing On LulzSec
mask.of.sanity writes "The noose is tightening on hacker group LulzSec, according to a coordinated group of like-minded users, some from LulzSec-Exposed that claim to have uncovered the identity of LulzSec members and supplied them to the FBI. An arrest Monday of a UK teenager was rumoured to be former hacker scene member Ryan Clearly, and the trackers, which includes a former FBI agent, say this arrest is the first of many. They refused to disclose the identities of LulzSec chief, saying it would cause the members to burn the evidence of attacks and scatter."
But publishing a news story about the arrests isn't going to cause the members to destroy evidence and scatter? Hahahahahahahahahahahaha.... Fuck.
Do it, do it now, they are on to you. No really, it's not just what they want you to think, they really mean it, your time is up, go to ground and never resurface again. Someone within your own organisation has outed you to the Feds, you can't trust any of them, scatter and break all contact with all your members, as any one of them could be the informant. They will get you if you remain organised.
Really, the FBI isn't afraid that capturing one alleged member of LulzSec won't cause the other members to bolt and hide the evidence, but disclosing the names will?
It's days like these I think elementary logic classes should be manditory.
If our elected representatives no longer represent us, do we still live in a Democracy?
There's a group of Japanese hackers who've been able to shut down businesses, infect users with rootkits and remotely remove functionality from consumer electronics.
They call themselves SONY or something...
"They refused to disclose the identities of LulzSec chief, saying it would cause the members to burn the evidence of attacks and scatter.""
Yes, because announcing you know his identity on the internet wont do that anyway will it?
Obviously not the sharpest tool in the box, such a comment doesn't instill much confidence that they have in fact got the right people.
Let's be honest, the LulzSec people will know if they've let their identity loose to anyone or not, if they have they'll already be watching their backs, if they haven't, then they'll know they have nothing to worry about. Doing what they're doing, attacking the targets they are means you're bound to recognise that keeping evidence around in the first place would be foolish.
This is unfortunate considering what lulzsec is currently doing for the IT job market. These attacks are getting incompetent people fired and making companies go out and look for competent people to hire in their place. Also, it is forcing them to actually invest money in their IT infrastructure instead of just slapping some servers together and letting some clowns straight out of a degree mill run them. People need to realize that this is a net good thing because if a 19 year old with no formal education is ripping servers owned by multi-billion dollar international corporations then the Chinese have already been there. A company would not even know about the Chinese intrusion much less publicize it once they found out so what lulzsec is doing is shining the light on how poorly these companies that hold your data are run.
What is all this media attention on LulzSec, it is kinda amusing. The character assassination of Ryan Clearly in the UK news is crazy. They have interviewed people in his road, called him a shut in and other things, I think i heard terrorist today as well. I have even had 2 family memebers call me up to disscuss lulzSec (my 60 year old mother), this whole story is dominating the news WHY? I have not seen rapists get this kind of media attention and character assassination. The fun thing is, Ryans Role is pretty clear, he was the IRC server host. That's it, so by extension the FBI and UK believe he is now part of Lulzsec. Well Ryan provided a medium for anyone to chat on his IRC server, Its like saying because Google link to the lulzsec page they too are in league with them. Just because someone supply's a medium and someone abuses it, it is not the fault of that person.
This is a massive PR thing and I wonder if LulzSec is government funded. Is it not strange that other hacking groups have been on the slow raise, now a Super hacking group has appeared to create waves just as the government wants to lock down the internet, LulzSec is now running operations with AnonOps maybe this is just one big government honey pot to pull the last reminding old school hackers and take them out in one go while also locking down the internet because of the evil goldstein sorry I mean LulzSec and their abuse of power.
tl:dr Ryan Clearly = IRC host and ScapeGoat, LulzSec could be the new goldstein (might be government placed to get access to other hacking groups), Governments are going to win whatever the outcome, Internet gets locked down and OR the hackers go to jail.
SIDE NOTE (YES I AM SHOUTING)
WHY ARE GOVERNMENT SYSTEMS WITH SENSITIVE DATA EVEN ON THE INTERNET? STOP USING THE PUBLIC NETWORK THAT WAS DESIGNED FOR SHARING INFORMATION AND ATTEMPT TO LIMIT IT TO CREATE YOUR OWN INTERNET> SERIOUSLY GET A PRIVATE NETWORK AND AMERICA STOP TRYING TO CONTROL IT.
It's been obvious from the beginning that Lulzsec might be fickle in their targeting like anons, but that they are a coordinated group. That lends them a bit more power, but also means that despite their bravado they are connected. And since they're not thinking like terrorists, I doubt they have formed "cells" like any organization which doesn't want to fall quickly to a coordinated assault.
Maybe I don't give them enough credit and the IRC operator was careful to shield everyone and knows no one by name. But despite the publicity, and the fact that they have more skill than I, somehow I doubt they are true black hat masters. Braggarts are the most likely criminals to land in jail.
They make it sound like they keep hard copies of all of the hacks
"Governments are going to win whatever the outcome" - how will that happen with the root of the hacking scene now being in russia.
Read radical news here
I call bullshit until I see some actual devolpments. From the article: "LulzSec, in typical style, has laughed off the effort; and said the exposed details were pulled from low-level chat rooms used to recruit sub-crews, or "grunts". LulzSec operators remain free and anonymous, the group said, operating from "cells" in the UK. One tracker in contact with SC Australia refused to provide the names of the suspected LulzSec crew, fearing the group would scatter and "burn the evidence"."
In a shocking turn of events the Chinese Communist Party has just discovered that the leader of LulSec is none other than the renowned international terrorist the Dalai Lama. The Chinese government will be seeking his extradition to China to answer for his heinous crimes.
The majority of Slashdot readers are expected to cheer this victory for justice against the evils of hackerism.
As if the news coverage hasn't been enough to start the burning and scattering?
I use irony whenever I can, but my shirts are still wrinkled...
Ryan Clearly housed a lulz IRC chatroom. He has nothing to do with lulzsec.
Slashdot needs to interview Natalie Portman.
Yes Virginia, the companies generally know when they've been compromised. Really, it's only lack of integrity when you don't hear about it on the news.
"The noose is tightening around lulzsec. Trust me, I have sources." said a random blogger. In true slashdot fashion, no fact checking was done before the editors approved this story.
Hey at least they're not shooting random brazilians in the head on the tube now. Yet.
Seven puppies were harmed during the making of this post.
Basic profiling I'd say. Look at what they're doing and ask yourself who would do that kind of thing most often? A 40 year old IT security expert? A pissed off old man? Or a teenager/young adult? Maybe you missed the AOL script kiddy days, because it was essentially the same situation(with much much lower stakes).
And they live in highsec. Should have moved to nullsec, aka Somalia. Wardec ain't going to hurt there
If they turned that into a movie, I'd totally watch it... P.s. If you're wondering where I got the 4.0 from, here's my list: Hackers (1995), Hackers 2 - Operation Takedown (2000), Hackers 3 - Antitrust (2001).
DRAMATICA, Wackyleeks, Wednesday (textfiles.com) — The noose is tightening on LulzSec, oh yes it is, with a red-handed capture nearly almost imminent, said FBI Media Liaison today, and don't you worry about that.
The drug-running terrorist paedophile probably-Chinese-government members of LulzSec have used their horrifying and "l33t" "Internet Relay Chat" skills (or "sk1llz0r," as "hackers" call them) to break into some of the most complicatedly protected computery gadget devices on the Inter-web-thing, particularly the ones running Microsoft Windows. Just like your computer does!!
"Fortunately," fed an off-the-record FBI source, "we have tracked down these dastardly fiends to their festering basement lairs, where they sit all day exchanging BitCoins via their 'four-channel' systems. Our agents are poised right now to swoop, swoop! upon these avatars of delinquency! Multiple US agencies are involved. They might be right outside!"
Authorities worry the "hackers" will get wind of the raids and scatter and burn the evidence. Repeat, the authorities don't want the group to scatter and burn the evidence. Just so that's clear with everyone.
LulzSec was formed by a group of Scientologists interested in Guy Fawkes. The group is named after "lulls," which is when the four-channel system goes quiet, and "sex," the availability of which would cause the group's immediate collapse.
Picture: Practice safe computing!
http://rocknerd.co.uk
I think I liked Sharks vs. Jets better. Better names.
http://alternatives.rzero.com/
conclude... assume... what difference does it make? /. has been a collective of overly opinionated morons for decades. As this is a well known fact, and yet you write a post a comment like that (not even as AC) proves that you fall into the same category as the rest of us.
As for information that anyone can't have... we know ryan's age... and I think if you wait a moment, there is a pretty good chance we'll find out about a few more. time will tell, and you, my moronic little sister, will know the truth.
Their servers probably have a DBAN disk in the boot drive ready to go.
Have gnu, will travel.
To frame somebody with all this secrecy going on?
It takes a certain character (needing) to become a spook and same goes for the other side.....
Maybe it's just boredom, need for a purpose and stimulation?
Can we have some citations on this matter, please? I'm failing to find them myself on Google.
Change is certain; progress is not obligatory.
time will tell, and you, my moronic little sister, will know the truth.
so then, you are in the same basket with us ...
Read radical news here
If they are closing in, why in the world would they announce it to the world. I mean seriously. Seems they are doing more barking to me than biting.
I am Bennett Haselton! I am Bennett Haselton!
Notice this isn't the FBI saying they are closing in. It's a group of narcs who claim this. Having their own little witch hunt. They better hope they have strong evidence against the people their accusing.
Whatever you think of lulz they are making people take security seriously...better a group of kids force people to fix their shit than a serious lulz deficient state actor working in anger.
What makes you think there isn't also a state actor working in anger as well? As much as people might think, the government does not have unlimited time, money, personnel, and energy to do everything. And, with high profile attacks like these kids are doing, the government is most likely having to pull people from other investigations and monitoring, which makes it that much easier for the state actor to do what it wants, quietly and without drawing attention to itself. So, the damage they may me doing is minor in comparison to what a state actor like, say China could/would do, but they are definitely making it easier for them to operate.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
If so, they are kids about to learn that public confessions can and will be used against you in a court of law.
What idiot would confess to crimes they didn't commit (or being part of a group committing those crimes) and then be surprised when that draws the attention of the authorities?
"Pig, you can't prove anything"
"Really? I've got this video of you saying you're part of the group that did it."
"That won't hold up in court!"
"Really? Let's see what the jury thinks."
You're not incompetent if you want a community where you can keep your door unlocked, but yes, you are incompetent if you keep your door unlocked in the real world and expect it to adjust to your romanticised version of how things should be. We'd all love to live in a world where security isn't necessary, but we don't. Anyone who doesn't secure the data of other people that they have been entrusted with, and in many cases who are paying customers, to at least an agreed minimum standard, should be held criminally liable - and if they use the excuse that they were helping to create a free and open internet by allowing anyone to pry on customer data, they should be certified insane. By the way, you're confusing an open internet with an insecure internet (just because people want to be able to share data and content with open formats, doesn't follow that they don't want to be able to protect their bank accounts), but that's another matter entirely.
so then, you are in the same basket with us ...
yeah... that's pretty much exactly what i said:
you fall into the same category as the rest of us
are you aware that the foremost method to break into servers is ddosing them, causing normally unexploitable bugs and exploits become vulnerable
No.
This is a complete, undiluted bullshit. Everything can be harmed by DDoS, it's only a matter of DDoS being large enough -- though distributed servers can withstand a truly massive DDoS. Consequences of DDoS are limited -- at very worst, server becomes unusable for the duration of DDoS.
Contrary to the popular belief, there indeed is no God.
'harm' and 'compromise' are two different things.
Read radical news here
I mean people use other people's buggy anonymizing technology. They hadnt invented it themselves nor deeply understand it, so are prone to discovery. And these people are often young, still in school or not in adult positions yet. Find more of a game challenge than a potentially dangerous activity.
I know young men on slashdot would wish that there really was some 16 year old girl superhacker goddess out there.
There may very well be but since the world loves female hackers they will likely be too worried about losing their college
scholarship to be doing lulzsec kind of pointless crap.
I wonder if Wikileaks would publish documents that exposed LulzSec.
The more you tighten your grip, Tarkin, the more star systems will slip through your fingers. I dont think that catching a few individuals will do much, if anything, the backlash may recruit more people into the ranks of Anonymous and LulzSec, and make them angrier.This is a classic insurgency and they are a real bitch to fight.
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
Just because you're young and stupid doesn't mean you don't have to deal with the consequences of being stupid. Sure kids do stupid things. I did, I'm sure we all did. That doesn't mean kids immune from the responsibilities of their actions. They are given more leeway, certainly, for having poorly developed sense of judgement, and because of that in this situation you have to take into account that kids are liars and could be falsely claiming responsibility for street cred. But then you look at circumstance:
If some 8-year-old kid who just got his first laptop 3 months ago says on his facebook page that he hacked the FBI, maybe that claim is not trustworthy. But if it is a 17-year old who has been into computers since he was 8 bragging about the same thing, using the lingo, demonstrating the knowledge, etc... maybe you believe him. Or at least you treat it as a credible possibility and investigate. Perhaps even prosecute if you have enough evidence. Maybe he really didn't do it, but then he's going to have to deal with the consequences of saying he did so because he certainly seems like he could have done it.
If you try and convince somebody that you committed a crime, and you do a convincing enough job that they believe you, that's your fault. You better damn well believe that authorities care about high profile felonies, especially ones that are targeted at THEM, which if I recall, some of these attacks were.
Here's a slashdot analogy for you. I was taught not to poke a bees nest when I was a kid. Weren't you? What we're talking about here isn't just poking the bees nest (which the lulzsec guys did), we're talking about somebody else who walked over to the now-angry nest of bees, picked up the stick that was used to poke the nest and stood there under the nest holding the stick. Look, even most kids aren't stupid enough to do that... and the ones who are, what do you make of that? Do you blame the bees for stinging them? He chose to stand there with the stick!
with your logic, you can convict a 6 year old who says 'dodo' during a national anthem.
What in the world does that have to do with our discussion of publicly confessing to felonies?
You can't form cells when you have that few people. I'm not sure how many people are in lulzsec, but all the indications I've seen is that it's less than ten and that includes the noobs who aren't even capable of going into the IRC without compromising themselves.
ObPython
I bought this house and you know I'm boss
Ain't no h'aint gonna run me off
I find the "get a private network" comment interesting. It is an opinion which will largely be ignored if you state it within an organisation and is unlikely to make a difference to the way that anything is run.
I'm not surprised by the comment - I made it myself until recently, however, its an area where you will not win the argument and it is because of what our industry is telling people. Our industry is influencing at senior levels in organisations for cloud based everything and managers (IT and none IT) are being told that the cloud is the right way to do things, open, accessible and someone else's problem. I don't really find it surprising that security breaches happen in this environment as you have a disconnect between those running the servers (that are concerned with the security of their hosting environment) and those writing the applications (that are concerned with the functionality of their applications).
In the pre-cloud computing model you had a middle layer where those teams met and argued security. Now I believe they meet less and less and those arguing security are seen as blocks to success and bypassed. I don't doubt that there are those IT teams who are hot on security who have had someone start to host an application in the cloud without them being aware of it? If people have then I suspect that noone is checking the application security and are either expecting the hosting company to do it or the developers,
'harm' and 'compromise' are two different things.
DDoS (or any kind of DoS) has absolutely nothing to do with compromising systems. What you claimed, doesn't and can't happen.
Contrary to the popular belief, there indeed is no God.
>They refused to disclose the identities of LulzSec chief, saying it would cause the members to burn the evidence of attacks and scatter.
Just the fact they ran this story would make anyone within that group hesitant to continue as plan A and divert to plan b just for the sake of exercising precaution.
That's what i would do if i was in an international hacking group that was the cause of many downed servers....i would want to be 100% that i was not being traced.
My jack-off club, LulzJack, is still stroking away happily.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
The real issue is more simple than that I think. By stating (with reasonable probability) that they commited the crime they probably give the feds enough to gain a warrant. With that warrant they'll confinscate PCs/hard drives and scrub them for the factual evidence that will/willnot lead to a conviction.
Good point.
Next question is, when they find something illegal on those hard drives that does not pertain to the investigation at hand (and perhaps you'll forgive my assumption that they probably will), how likely are they to prosecute for that, considering that they've already spent the time and trouble to gather evidence?
I'd say pretty likely.
Even if these kids are innocent of the crime they're trying to cop to, they're just setting themselves up for a world of hurt.
Conclusion? Sucks to be them, I hope my kid doesn't turn out that dumb.
You may be able to bring them to court if the 6 year old had said "I was involved in that crime that happened.".
As it would happen though, I agree with you on the age thing. The news I have been reading seems to place most of them in their mid to late twenties. Which is much worse for them, since people will think they should have known better.
News to me. DOSing is usually done with the purpose of making sure no one can get a reliable connection to the server. That "no one" usually includes any person trying to also execute a more sophisticated attack.
The real issue is more simple than that I think. By stating (with reasonable probability) that they commited the crime they probably give the feds enough to gain a warrant. With that warrant they'll confinscate PCs/hard drives and plant the factual evidence that will definitely lead to a conviction.
FTFY.
DDOS does not count as being broken into. Show me some evidence the servers were broken into because I think you are spreading a myth or urban legend which isn't true.
CIA servers were DDOS'd. There is no definitive proof that the kid they arrested did it. The kid could have been framed.
news to you. it is quite frequently used for making the vulnerabilities come up. had you been in hosting industry trenches for long, you would know.
Read radical news here
come back when you have worked in hosting industry trenches for enough.
Read radical news here
You may be able to bring them to court if the 6 year old had said "I was involved in that crime that happened.".
and that would be right ?
Read radical news here
It is almost as if authors didn't know that lulzsec already burns all evidence and is already scattered.
"...and here in this dark closet cleverly hidden behind david bowie poster I keep the still-sticky keyboard as well as a hard copy print out of the logs from the time i hacked into PSN"
Once they compromised his cookie it was just a matter of time
The new right fascists are bilingual. They speak English and Bullshit.
Nothing I can find involving DDoS being "the foremost method to break into servers is DDoSing them", honestly.
Change is certain; progress is not obligatory.
I am a developer, you idiot (and you seem to have absolutely no idea how security vulnerabilities look like)!
Contrary to the popular belief, there indeed is no God.