Slashdot Mirror

← Back to Stories (view on slashdot.org)

LulzSec Announces That It Is Done

Posted by timothy on from the oh-they-all-say-that dept.

MaxBooger writes "LulzSec, the notorious hacker group that's been on a rampage, just announced that it's disbanding. This follows 50 days' chaos during which time it took down several websites (including CIA.gov at one point), exposed passwords, exposed documents of the Arizona penal system, and at one point threatened to hit Too Big To Fail banks. Obviously, it's possible that the group will not abide by its promise to quit. Nobody knows."

37 of 412 comments (clear)

  1. Good for them by OopsIDied · · Score: 5, Insightful

    Quitting while they're ahead.

    1. Re:Good for them by Zerth · · Score: 4, Funny

      In other news, mysterious hacker group YhymFrp has announced their intentions to continue what LulzSec started.

    2. Re:Good for them by DemonGenius · · Score: 3, Insightful

      Rational people know not to strive for a Pyrrhic victory.

  2. Good by nurb432 · · Score: 3, Insightful

    As much as I'm for protests and such, these kids were just out to cause harm because they could. They need to get a legitimate cause, and stop pissing on ( innocent ) people randomly, or be gone.

    They give the rest of us a bad name.

    --
    ---- Booth was a patriot ----
    1. Re:Good by trapnest · · Score: 4, Insightful

      >implying all kinds of things

    2. Re:Good by bennett000 · · Score: 5, Insightful

      As much as I'm for protests and such, these kids were just out to cause harm because they could. They need to get a legitimate cause, and stop pissing on ( innocent ) people randomly, or be gone.

      They give the rest of us a bad name.

      Aside from doxing Arizona law enforcement, what harm did they really cause? They've really just managed to point out a lot of trivial security flaws... I suppose one could argue that they cost Sony billions of dollars, but fighting Sony was a legitimate cause...

    3. Re:Good by arth1 · · Score: 4, Informative

      I fail to see how anything they did could be justified even if it was for a 'legitimate' cause. Taking away others' ability to participate in the community [network] is universally wrong.

      But they didn't. Sony did that, as a knee-jerk reaction. Don't blame LulzSec for Sony's ill-considered response.

    4. Re:Good by ifiwereasculptor · · Score: 3, Funny

      In the US of A where they were born and raised
      Corporations pleased customers on most of their days
      Chilling out, maxing, relaxing all cool
      While employing people fresh out of the school
      When a couple of hackers, they were up to no good
      Started making trouble in their neighborhood
      They got in one little fight and the prez got scared
      He said "we're going to war, it's not like anyone cared"

    5. Re:Good by bennett000 · · Score: 3, Informative

      I am currently dowloading hte battlefield heroes userdata to see if I am on it. I have to take time out of my life to do shit like this cos they released user data. If they had just withheld the usernames and passwords and threatned the source with releasing them if they didnt up their security I would have been much much happier... and supportive.

      Well if you're smart you use unique passwords for your online services, so log in and change your password. Give Visa/Mastercard/Amex or whomever a quick call, tell them what happened. Problem solved.

      Imagine for a second hackers more malicious than the LulzBoat stole your data (especially financial data), they probably wouldn't publicly post it, they'd sell it, or use it in other ways that are far more aggravating than spending five minutes changing a password, and/or a telephone call to your credit card company.... Granted this still doesn't make the Lulz crew's actions 'right', but there are SERIOUS online crimes going down every second...

      the worst part about the Lulz debacle isn't the possible net regulation the future holds... that's speculation. the worst part is the REAL criminals are still flying under the radar hacking the RSA, Lockheed Martin, etc...

  3. Whew! by willoughby · · Score: 5, Funny

    Now we can finally bring the troops home.

  4. Cui bono? by Opportunist · · Score: 3, Insightful

    So, when the dust settles, what's left to ask is simply: Who benefits from it?

    I predict some new laws...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Cui bono? by techsoldaten · · Score: 4, Insightful

      Well, something tells me this is in response to legal activity. There are surely going to be new laws, probably not ones specifically in response to hacking activity, but others that allow various governments all sorts of access to records to track down hackers.

      This will cause 'innovation' in the hacking scene, where people adapt to the new laws and develop new technologies that circumvent them and make them more challenging to implement. Hackers are simply going to go further 'underground' and be harder to track.

      This, in turn, it going to lead to a number of high profile hacks of large services who have not matured in terms of how they secure their services. This will make the news, government officials will make unfortunate comments that draw the attention of various hacker groups, who will lash out through their newly developed anonymity.

      In turn, this is going to result in new laws... stop me if you heard this before.

    2. Re:Cui bono? by cavreader · · Score: 3, Insightful

      Consulting Money? These ass hats did not do anything worth hiring them for. Re-packaged SQL injection and DDOS attacks are strictly amateur hour.

    3. Re:Cui bono? by Opportunist · · Score: 3, Insightful

      Yes, and you'd be amazed in how many companies amateurs are at the helm of security. Or rather, how little money and how much burden the average C(I)SO gets on his back that he simply cannot run the required security audits. Bluntly speaking, to get security up to par, the average corporation would at least have to double, more likely triple, its security staff.

      Security is a lip service business. Much like insurance. You do what law dictates, not a penny more is spent on it. If the law doesn't dictate that you have to be secure against SQL injections and DDoS attacks, it's mostly a matter of luck and whether the programmer writing the piece of software does it automatically, which in turn again is unlikely because it certainly is neither part of the testing nor of the final inspection protocol. Even if, there simply is no time for more than a cursory glance, so in effect the burden of blame is shifted on some scapegoat, most likely one of the CSOs underlings. Or, lacking said underlings, the CSO.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:Cui bono? by Opportunist · · Score: 3, Insightful

      Compliance has nothing to do with security. Compliance has something to do with laws. Creating laws take time, creating auditing checkbox-ticker-tests take more time and filling them out takes some more time. We're talking months here. By the time you start ticking off checkboxes (assuming that you were fully compliant from the start, which in my 10+ years now never happened, not a single time) you're already about 8-12 months behind the reason the law was passed for.

      And a year is a long, long, long time in IT security.

      You may rest assured that all companies that got sacked were fully compliant with laws and regulations concerning security. Which essentially means jack when it comes to "real" IT security the way the average geek would think of it. Don't mix compliance with security, they're two very different beasts and sadly, the former is more important to the average CEO than the latter. Because there's very specific laws for the former, but usually just very diffuse ones for the latter.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  5. Re:Interesting, not ironic by etymxris · · Score: 5, Interesting

    Yes, and they had a document release planned for Monday. Something must have just happened.

  6. Re:Cowards by Anonymous Coward · · Score: 5, Insightful

    What, life get too hard? Clearly someone got close to kicking them out of the game, and they ran before that would happen.

    Win the war, not the battle.

    Live to fight another day.

    I can think of others. Basically sounds like a smart idea to me.

  7. Over? by gadzook33 · · Score: 3, Insightful

    You knocked on the devil's door my friends.

  8. I doubt it... by Lohrno · · Score: 4, Insightful

    My totally random guess here is that they are a group of people who probably knew each other well before creating this group. More than likely they have just stopped calling themselves LulzSec. They're just getting too much scrutiny most likely. I don't think this is the last we hear from them, just they won't be calling themselves LulzSec necessarily...

  9. The Real Question... by Stormy+Dragon · · Score: 5, Insightful

    ...is whether everyone else is done with Lulzsec. Unfortunately, they've likely pissed off the kinds of people who don't stop the game just because the opponent wants to quit.

  10. It's better to burn out than fade away... by Bodhammer · · Score: 3, Interesting

    Tyrell: The light that burns twice as bright burns for half as long - and you have burned so very, very brightly, Roy. Look at you: you're the Prodigal Son; you're quite a prize!
    Batty: I've done... questionable things.
    Tyrell: Also extraordinary things; revel in your time.
    Batty: Nothing the God of biomechanics wouldn't let you into heaven for

    --
    "I say we take off, nuke the site from orbit. It's the only way to be sure."
  11. i hope they dont quit by FudRucker · · Score: 4, Insightful

    maybe change their strategy and mix things up to evade capture, the world needs benevolent black/grey hat hackers to dig up dirty laundry on the establishment, let the government & police know that if they do wrong that it will be found out and exposed for all the world to see...

    --
    Politics is Treachery, Religion is Brainwashing
  12. What, the script-kiddies have enought? by gweihir · · Score: 3, Insightful

    Pathetic really. The only thing different is that these idiots have big mouths. Which, I bet, will be their downfalls. Nothing they did on the hacking side is impressive at all. Competent black-hats know that one of the most dangerous things you can do is public bragging. Having an information-channel back is beyond stupid.

    Fortunately, law-enforcement has very long memories and a lot of patience. It is just relatively slow. I predict that we will see them all begging for mercy. Might take months or years, but they were far to careless not to get caught.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  13. Re:Cowards by carlzum · · Score: 5, Insightful

    Excellent analogy, wrong conclusion. Know your objective, how what you're willing to invest to achieve it, and exit when you've reached your goal or exceeded your costs. LulzSec made some headlines and embarrassed a few major organizations. Going to jail isn't worth a few more headlines.

  14. Re:They'll be back... by theweatherelectric · · Score: 4, Funny

    BASIC Gorilla tactics 101:

    No, basic gorilla tactics are to live in troops in tropical and subtropical forests in central Africa.

  15. Re:What timing... by nurb432 · · Score: 3, Interesting

    Sounds like they've pissed enough people off that they're starting to get ID'ed and arrested

    Or their asses kicked.

    --
    ---- Booth was a patriot ----
  16. Re:They'll be back... by VortexCortex · · Score: 4, Insightful
    You, my friend, have clearly never played that game.

    BASIC Gorilla tactics 101

    The tactics are to look at the wind-speed meter, consider elevation, and then try an angle and velocity that will strike the opponent with your explodo-banana. Refine your velocity and angle per the rules of "playing the odds" guess too much one way, and too little the other, then extrapolate the correct angle and velocity by interpolation.

    A quick search turns up this website that has a flash implementation of the game (covered with a skippable ad) that you may use to refine your "BASIC Gorilla" skills.

  17. Re:They'll be back... by Stormy+Dragon · · Score: 5, Funny

    No, that's gorilla STRATEGY. Gorilla tactics is deciding who to fling poo at.

  18. Re:Cowards by scubamage · · Score: 3, Insightful

    Agreed. Right now everyone who is anywhere in security is most likely hyperaware. I know at my company (a large carrier) we've done security audits across the spectrum to ensure customer data was well protected, along with proprietary info. It makes sense if they let the waters die down a bit, and then hit when people are soft and inevitably get lazy again.

  19. Re:as the saying goes by Anonymous Coward · · Score: 5, Informative

    The funny part is if they didn't disband and a significant number got nailed, everyone would be saying how stupid they were for not quitting while they were ahead.

    Course that's not to say a significant number won't get nailed eventually anyway, just noting that crowds are fun

  20. Re:Cowards by LordLimecat · · Score: 3, Funny

    Win the war, not the battle.

    Would that be the war against nintendo, minecraft, sega, or Eve Online?

  21. Re:as the saying goes by Z00L00K · · Score: 3, Insightful

    They have made their point for now, isn't that sufficient?

    The point is clearly that no system connected to the internet is secure, and that it can be cracked given enough skills. So the best protection against a very competent attack is to avoid angering people.

    And even if you don't you shall design your systems with a multi-layered approach in mind to avoid massive breaches. Don't allow the presentation layer direct access to the database with sensitive information. Don't use the same authorization database for the web UI for administrative tasks. And if you run an application server (like tomcat) - run it under a security manager/policy that limits access to other services in case someone is able to install something malicious in the application server. You can apply a security policy to Tomcat, and that will at least slow down an attacker considerably since the attacker then needs to gain knowledge of the system. And if you add tripwires in the system that can block attackers automatically if tripped then you make things even harder. Three to five tries and the IP address is shut off for an hour.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  22. Re:What timing... by richlv · · Score: 5, Insightful

    it's been a few beers in an airport, but still...

    do you - downhole - personally feel that sexual abuse in prisons is appropriate ?
    including all the innocents getting convicted (think movie witch hunt or other similar cases), all the minor convictions (smoked some weed) and so on ?

    personally, i would not have guts to condemn a person who would in the end find the means to kill off those who got them in the prison wrongfully. and i believe we should not make prisons a place to breed people like that.

    --
    Rich
  23. Re:What timing... by DrBoumBoum · · Score: 4, Insightful

    I see that many people here on /. seem very bitter and angry about those kids. First let me tell you that "laughing you ass off when they get raped in prison" only shows that you're a very mean and despicable individual. But apart from that those kind of hackers are really doing people a favor by exposing clearly to the general public how terrible the security of their personal data is. Rest assured that for every bragging Lulzsec there are ten quiet hackers from different governmental and criminal groups, silently collecting your data and placing back doors in your systems, and not saying a word about it. Without public exposure authorities and corporations will naturally do all they can to swipe the problem under the rug. The kind of very visible but mostly harmless actions from the likes of Lulzsec is what's necessary to have them move their ass and finally do something about the security issue. I for one see them more as the vaccine that will eventually help the Internet grow some real security than the hateful vandals that old grumps of your kind want to portray.

  24. Re:as the saying goes by Angostura · · Score: 3, Insightful

    The point is clearly that no system connected to the internet is secure, and that it can be cracked given enough skills.

    That would have been the point if there was any evidence that they had used particularly sophisticated attacks. The actual point seems to be that quite a few systems are secured in a fairly amateurish way and still subject to SQL injection, for example.

  25. Re:as the saying goes by mcgrew · · Score: 3, Insightful

    No, not the point at all. LulzSec is (was?) a vigilante group fighting organizations they perceive as evil. What they did to Sony was exactly the same thing Sony did to me, and Sony did it with no repercussions at all. The banks have been stealing from all of us for decades, and the government rewarded them with bailouts for it. I'm not sure I agree with the Arizona breaches, but most of what they did were good things.

    --
    Free Martian Whores!
  26. Re:as the saying goes by 1s44c · · Score: 4, Insightful

    Their point was never that 'nothing is secure'. They used simple well known attacks and a lot of humor.

    I see their points as:

    1) Validate user input.
    2) Don't reuse passwords.
    3) The first two rules apply to everyone including government contractors.
    4) If we can get your details so can, and so have, other groups.
    5) So called whitehats are corrupt by nature.
    6) It's still possible to be anonymous on the internet if you know what you are doing.
    7) Cloudflare works well.
    8) We are laughing at you.
    9) j3st3r ( or however you spell it ) is a script kiddie who writes very bad PHP.
    10) Send us some cash via bitcoin.
    11) PROFIT!