Slashdot Mirror

← Back to Stories (view on slashdot.org)

LulzSec Announces That It Is Done

Posted by timothy on from the oh-they-all-say-that dept.

MaxBooger writes "LulzSec, the notorious hacker group that's been on a rampage, just announced that it's disbanding. This follows 50 days' chaos during which time it took down several websites (including CIA.gov at one point), exposed passwords, exposed documents of the Arizona penal system, and at one point threatened to hit Too Big To Fail banks. Obviously, it's possible that the group will not abide by its promise to quit. Nobody knows."

33 of 412 comments (clear)

  1. Good for them by OopsIDied · · Score: 5, Insightful

    Quitting while they're ahead.

    1. Re:Good for them by DemonGenius · · Score: 3, Insightful

      Rational people know not to strive for a Pyrrhic victory.

  2. Good by nurb432 · · Score: 3, Insightful

    As much as I'm for protests and such, these kids were just out to cause harm because they could. They need to get a legitimate cause, and stop pissing on ( innocent ) people randomly, or be gone.

    They give the rest of us a bad name.

    --
    ---- Booth was a patriot ----
    1. Re:Good by trapnest · · Score: 4, Insightful

      >implying all kinds of things

    2. Re:Good by bennett000 · · Score: 5, Insightful

      As much as I'm for protests and such, these kids were just out to cause harm because they could. They need to get a legitimate cause, and stop pissing on ( innocent ) people randomly, or be gone.

      They give the rest of us a bad name.

      Aside from doxing Arizona law enforcement, what harm did they really cause? They've really just managed to point out a lot of trivial security flaws... I suppose one could argue that they cost Sony billions of dollars, but fighting Sony was a legitimate cause...

  3. Cui bono? by Opportunist · · Score: 3, Insightful

    So, when the dust settles, what's left to ask is simply: Who benefits from it?

    I predict some new laws...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Cui bono? by techsoldaten · · Score: 4, Insightful

      Well, something tells me this is in response to legal activity. There are surely going to be new laws, probably not ones specifically in response to hacking activity, but others that allow various governments all sorts of access to records to track down hackers.

      This will cause 'innovation' in the hacking scene, where people adapt to the new laws and develop new technologies that circumvent them and make them more challenging to implement. Hackers are simply going to go further 'underground' and be harder to track.

      This, in turn, it going to lead to a number of high profile hacks of large services who have not matured in terms of how they secure their services. This will make the news, government officials will make unfortunate comments that draw the attention of various hacker groups, who will lash out through their newly developed anonymity.

      In turn, this is going to result in new laws... stop me if you heard this before.

    2. Re:Cui bono? by cavreader · · Score: 3, Insightful

      Consulting Money? These ass hats did not do anything worth hiring them for. Re-packaged SQL injection and DDOS attacks are strictly amateur hour.

    3. Re:Cui bono? by Opportunist · · Score: 3, Insightful

      Yes, and you'd be amazed in how many companies amateurs are at the helm of security. Or rather, how little money and how much burden the average C(I)SO gets on his back that he simply cannot run the required security audits. Bluntly speaking, to get security up to par, the average corporation would at least have to double, more likely triple, its security staff.

      Security is a lip service business. Much like insurance. You do what law dictates, not a penny more is spent on it. If the law doesn't dictate that you have to be secure against SQL injections and DDoS attacks, it's mostly a matter of luck and whether the programmer writing the piece of software does it automatically, which in turn again is unlikely because it certainly is neither part of the testing nor of the final inspection protocol. Even if, there simply is no time for more than a cursory glance, so in effect the burden of blame is shifted on some scapegoat, most likely one of the CSOs underlings. Or, lacking said underlings, the CSO.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:Cui bono? by Opportunist · · Score: 3, Insightful

      Compliance has nothing to do with security. Compliance has something to do with laws. Creating laws take time, creating auditing checkbox-ticker-tests take more time and filling them out takes some more time. We're talking months here. By the time you start ticking off checkboxes (assuming that you were fully compliant from the start, which in my 10+ years now never happened, not a single time) you're already about 8-12 months behind the reason the law was passed for.

      And a year is a long, long, long time in IT security.

      You may rest assured that all companies that got sacked were fully compliant with laws and regulations concerning security. Which essentially means jack when it comes to "real" IT security the way the average geek would think of it. Don't mix compliance with security, they're two very different beasts and sadly, the former is more important to the average CEO than the latter. Because there's very specific laws for the former, but usually just very diffuse ones for the latter.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. Exactly by Anonymous Coward · · Score: 2, Insightful

    Once their names started coming out, and their chat logs started being dumped, they sure did tuck their tail and run away quickly.

  5. hmm by Dyinobal · · Score: 1, Insightful

    So the government project is done? did the government funded attacks, spark enough outrage to get new laws passed by the senate and house regardless of their long term damage?

  6. Too Late by Anonymous Coward · · Score: 0, Insightful

    Sorry LulzSec, you may be quitting your game (at least publicly), but you all still committed major crimes and you will still be hunted down and prosecuted like the dogs you are. Hope you enjoyed your 'lulz' though.

  7. Re:Cowards by Anonymous Coward · · Score: 5, Insightful

    What, life get too hard? Clearly someone got close to kicking them out of the game, and they ran before that would happen.

    Win the war, not the battle.

    Live to fight another day.

    I can think of others. Basically sounds like a smart idea to me.

  8. What timing... by downhole · · Score: 2, Insightful

    I don't remember them ever saying anything about limiting their hack-spree to 50 days. Sounds like they've pissed enough people off that they're starting to get ID'ed and arrested, and are hoping they can quit before it gets really bad. They're a bunch of weenies all right, but I don't think it's over for them. I for one will be lulzing my ass off when they all get caught and sent to pound-me-in-the-ass prison.

    --
    I don't reply to ACs
    1. Re:What timing... by richlv · · Score: 5, Insightful

      it's been a few beers in an airport, but still...

      do you - downhole - personally feel that sexual abuse in prisons is appropriate ?
      including all the innocents getting convicted (think movie witch hunt or other similar cases), all the minor convictions (smoked some weed) and so on ?

      personally, i would not have guts to condemn a person who would in the end find the means to kill off those who got them in the prison wrongfully. and i believe we should not make prisons a place to breed people like that.

      --
      Rich
    2. Re:What timing... by DrBoumBoum · · Score: 4, Insightful

      I see that many people here on /. seem very bitter and angry about those kids. First let me tell you that "laughing you ass off when they get raped in prison" only shows that you're a very mean and despicable individual. But apart from that those kind of hackers are really doing people a favor by exposing clearly to the general public how terrible the security of their personal data is. Rest assured that for every bragging Lulzsec there are ten quiet hackers from different governmental and criminal groups, silently collecting your data and placing back doors in your systems, and not saying a word about it. Without public exposure authorities and corporations will naturally do all they can to swipe the problem under the rug. The kind of very visible but mostly harmless actions from the likes of Lulzsec is what's necessary to have them move their ass and finally do something about the security issue. I for one see them more as the vaccine that will eventually help the Internet grow some real security than the hateful vandals that old grumps of your kind want to portray.

  9. Over? by gadzook33 · · Score: 3, Insightful

    You knocked on the devil's door my friends.

  10. I doubt it... by Lohrno · · Score: 4, Insightful

    My totally random guess here is that they are a group of people who probably knew each other well before creating this group. More than likely they have just stopped calling themselves LulzSec. They're just getting too much scrutiny most likely. I don't think this is the last we hear from them, just they won't be calling themselves LulzSec necessarily...

  11. The Real Question... by Stormy+Dragon · · Score: 5, Insightful

    ...is whether everyone else is done with Lulzsec. Unfortunately, they've likely pissed off the kinds of people who don't stop the game just because the opponent wants to quit.

  12. i hope they dont quit by FudRucker · · Score: 4, Insightful

    maybe change their strategy and mix things up to evade capture, the world needs benevolent black/grey hat hackers to dig up dirty laundry on the establishment, let the government & police know that if they do wrong that it will be found out and exposed for all the world to see...

    --
    Politics is Treachery, Religion is Brainwashing
    1. Re:i hope they dont quit by Anonymous Coward · · Score: 2, Insightful

      the world needs benevolent black/grey hat hackers to dig up dirty laundry on the establishment,

      And you pick LulzSec as the most capable group for this? Hilarious.

      I don't think he did pick LulzSec. They're just the ones doing it at the moment with a bit of spotlight. Last month it was Julien Assange, next month it'll be someone else. Most likely not you though as you'd rather trapse around the internet being condescending. Hilarious.

  13. Re:Cowards by Anonymous Coward · · Score: 1, Insightful

    So they're going to win the war by quitting, have I got that right?

    See a history book on Vietnam for an example of how well that works out in reality.

  14. What, the script-kiddies have enought? by gweihir · · Score: 3, Insightful

    Pathetic really. The only thing different is that these idiots have big mouths. Which, I bet, will be their downfalls. Nothing they did on the hacking side is impressive at all. Competent black-hats know that one of the most dangerous things you can do is public bragging. Having an information-channel back is beyond stupid.

    Fortunately, law-enforcement has very long memories and a lot of patience. It is just relatively slow. I predict that we will see them all begging for mercy. Might take months or years, but they were far to careless not to get caught.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  15. Re:Cowards by carlzum · · Score: 5, Insightful

    Excellent analogy, wrong conclusion. Know your objective, how what you're willing to invest to achieve it, and exit when you've reached your goal or exceeded your costs. LulzSec made some headlines and embarrassed a few major organizations. Going to jail isn't worth a few more headlines.

  16. Re:They'll be back... by VortexCortex · · Score: 4, Insightful
    You, my friend, have clearly never played that game.

    BASIC Gorilla tactics 101

    The tactics are to look at the wind-speed meter, consider elevation, and then try an angle and velocity that will strike the opponent with your explodo-banana. Refine your velocity and angle per the rules of "playing the odds" guess too much one way, and too little the other, then extrapolate the correct angle and velocity by interpolation.

    A quick search turns up this website that has a flash implementation of the game (covered with a skippable ad) that you may use to refine your "BASIC Gorilla" skills.

  17. Re:Cowards by scubamage · · Score: 3, Insightful

    Agreed. Right now everyone who is anywhere in security is most likely hyperaware. I know at my company (a large carrier) we've done security audits across the spectrum to ensure customer data was well protected, along with proprietary info. It makes sense if they let the waters die down a bit, and then hit when people are soft and inevitably get lazy again.

  18. Re:Cowards by Anonymous Coward · · Score: 2, Insightful

    On June 21st a suspected member is arrested in the UK, on June 25th they call it quits. The prospect of life in a British arse pounding prison was certainly a factor.

    The culture of institutionalised rape and its tacit endorsement as part of the punishment (*) is far more closely associated with the American prison system. I'm not saying it doesn't happen here, but it doesn't seem to be a factor to the same extent.

    (*) Obviously unless you're the prison rapist, in which case it's more "get to pound some kid locked up for marijuana possession in the ass prison", but let's not think about the logic of it too much.

  19. Re:err by Anonymous Coward · · Score: 0, Insightful

    I'm surprised you're implying that these guys were bright.

  20. Re:as the saying goes by Z00L00K · · Score: 3, Insightful

    They have made their point for now, isn't that sufficient?

    The point is clearly that no system connected to the internet is secure, and that it can be cracked given enough skills. So the best protection against a very competent attack is to avoid angering people.

    And even if you don't you shall design your systems with a multi-layered approach in mind to avoid massive breaches. Don't allow the presentation layer direct access to the database with sensitive information. Don't use the same authorization database for the web UI for administrative tasks. And if you run an application server (like tomcat) - run it under a security manager/policy that limits access to other services in case someone is able to install something malicious in the application server. You can apply a security policy to Tomcat, and that will at least slow down an attacker considerably since the attacker then needs to gain knowledge of the system. And if you add tripwires in the system that can block attackers automatically if tripped then you make things even harder. Three to five tries and the IP address is shut off for an hour.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  21. Re:as the saying goes by Angostura · · Score: 3, Insightful

    The point is clearly that no system connected to the internet is secure, and that it can be cracked given enough skills.

    That would have been the point if there was any evidence that they had used particularly sophisticated attacks. The actual point seems to be that quite a few systems are secured in a fairly amateurish way and still subject to SQL injection, for example.

  22. Re:as the saying goes by mcgrew · · Score: 3, Insightful

    No, not the point at all. LulzSec is (was?) a vigilante group fighting organizations they perceive as evil. What they did to Sony was exactly the same thing Sony did to me, and Sony did it with no repercussions at all. The banks have been stealing from all of us for decades, and the government rewarded them with bailouts for it. I'm not sure I agree with the Arizona breaches, but most of what they did were good things.

    --
    Free Martian Whores!
  23. Re:as the saying goes by 1s44c · · Score: 4, Insightful

    Their point was never that 'nothing is secure'. They used simple well known attacks and a lot of humor.

    I see their points as:

    1) Validate user input.
    2) Don't reuse passwords.
    3) The first two rules apply to everyone including government contractors.
    4) If we can get your details so can, and so have, other groups.
    5) So called whitehats are corrupt by nature.
    6) It's still possible to be anonymous on the internet if you know what you are doing.
    7) Cloudflare works well.
    8) We are laughing at you.
    9) j3st3r ( or however you spell it ) is a script kiddie who writes very bad PHP.
    10) Send us some cash via bitcoin.
    11) PROFIT!