Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Grakelin]

I kind of dislike how this thread is just a laundry list of crap that happens rather than actual discussion. I think we can discuss without getting every single thread locked.

The main reason is to avoid the pointless chatter which can be summarized as 'wow, those assholes suck, i bet they get arrested soon' 'nuh uh, they is good at h4x0rs.' That is to say, at this point, I don't see much constructive discussion possibility. If something akin to the IMF hacking was to come along, sure; that would warrant discussion, as there are big questions yet to be explored, such as who sponsored the hacking and what the motives were. LulzSec's actions, persona, ect, are all crystal clear; there is really nothing to be gained discussing them aside from post count. So while the ban on discussing in this thread currently stands, it may be waved in the future if events transpire which are particularly worthy of discussion.

That all seems kind of restrictive and contrary to the purpose of an online discussion forum, to me. This isn't really a news website.

[alway]

My purpose for this thread is twofold:
1: a meta-analysis of interesting trends over the course of weeks or months
2: discussion about important or particularly interesting events

The reason I'm leery to open it up for more discussion about these rather mundane individual events is simply to keep the thread from devolving as the past two have. The two hacking threads previously in GD, both about Anon, ended very badly. The first ended in people talking about whether they should piss or poop in mailboxes of Anon members before being locked by its creator by popular decree, while the second was bad enough that IIRC it was wiped entirely from the forum by one of the mods. And those were discussions about Anon, a group which was tame in comparison to LulzSec. So, for now at least, this thread will remain a news-aggregating thread until a pattern or event emerges about which people will have enough content to discuss without resorting to shitposting.

Edit: To clarify, as I realize these posts are a bit harsh, discussion is not banned in this thread; however, keep it on one of the two above points, keep it as brief as possible, and if you don't have anything helpful, constructive and informative to add, don't post it.

And back on topic: http://www.smh.com.au/technology/security/thousands-of-aussie-websites-exposed-in-hack-attack-20110617-1g6vd.html
Seems there was a hack at the web hosting service distribute.it on Saturday; As far as I know, this is the first news about the hack. Details are a bit unclear at this point, but supposedly they would have access to pretty much all the databases from the thousands of websites hosted by the company, including credit card info.

[nenjin]

I'm ok with discussion. I just want it to be slightly higher level than what's already been mentioned.

http://www.smh.com.au/technology/security/thousands-of-aussie-websites-exposed-in-hack-attack-20110617-1g6vd.html

This is where it starts reaching unacceptable levels for me. I suppose it already would have had I been a member of a hacked website or service and had my information exposed.

But when hackers start hitting large distribution points or nodes...that's when this starts resembling cyber terrorism, for lack of a better word. Cyber crime doesn't seem to cover stuff of this scale.

It reminds me vaguely of virus-laden ads being served through popular ad services. People were randomly getting hit with viruses whenever one was served up by the ad service, and website owners had almost no control of which ads were served. The ad services also didn't do a good job of vetting ads before they added them. That's the kind of wide-ranging, rampant viral outbreak that I'm worried comes next with all these high profile, and highly successful attacks. To me the hierarchy of internet crime goes like:

Low - DDoS
Med - Data theft
High - Viral insertion

To me the next logical step is viral insertion on prime targets that have been compromised. Those attacks will be coming from the people following in the wake of Anon and Lulzsec's attacks.

[alway]

Speaking of which, I nearly forgot about the Richard Clarke op-ed in the WSJ which appeared yesterday, summary of which can be found here: http://www.popsci.com/technology/article/2011-06/richard-clarke-china-laying-digital-bombs-across-us

Spoiler: for long quote (click to show/hide)

Clarke worked in various high-level security roles for every president from Reagan to G.W. Bush, leaving the White House in 2003 with the title Special Advisor to the President on cybersecurity. That is, he’s got some background on the topic at hand. And his assessment is pretty bleak: Senior U.S. officials know--and have known--that Chinese hackers are systematically infiltrating our networks, stealing source code, valuable R&D, and trade secrets from corporations while probing our power grids and other critical infrastructure for weaknesses, leaving behind easy access for themselves should they ever need to return and carry out more malicious acts.

Updating The List with today's events.

Edit: Going to writerspace, it would appear the list of 62k username/passwords were actually not entirely from that site; according to the site's main page, only 12k accounts were released from their site. Thus the 62k represents at least 2 websites whose username/password databases were accessed by lulzsec.

[nenjin]

And then there's just good old fashioned Cyber Warfare.

China claims these are rogue elements already....but I think in truth, if these hackers actually ever do go rogue and decide they want to watch the internet burn, they can probably do it. Planting back doors in the US electrical grid is one step removed from planting virii in major internet hubs. And since they're on the bleeding edge of intrusion methods already....I'm guessing their virus engineers are pretty damn good too.

Here's the direct link to Clarke's WSJ Op-Ed piece: http://online.wsj.com/article/SB10001424052702304259304576373391101828876.html

[Jack A T]

Another group to point out: LulzRaft.  LulzSec imitators.  Got two police department databases up on Twitter yesterday, for example.

A selection of their released data.

EDIT: To list their post-June 13th releases/claims:

*June 14th: University of Northern Alabama pictures passwords, Shuang Liu hack and database dump, City Media database dump
*June 15th: 2 police department databases
*June 16th: SuzeFreeWorld login dump

[Strife26]

I'd just like to congratulate Lulsec on attacking the CIA.gov. There awesomeness of taking down a public, non-classified website. Thereby denying people access to the World Factbook and CIA's online application process for awhile.

[alway]

Another group to point out: LulzRaft.

Thanks for bringing that one up, it slipped under my radar entirely. Events added to the list for their respective days.

@Strife26: This is why we can't have nice things.

So, for now at least, this thread will remain a news-aggregating thread until a pattern or event emerges about which people will have enough content to discuss without resorting to shitposting.

[Grakelin]

I think he was reiterating the fact which has been mentioned before that Lulzsec is actually pretty weak. They figured out how to stay hidden, and now they DDoS low-security websites for cred.

[jester]

posting to watch

[Strife26]

Are you THE Jester, Jester, my favoritest hacker of all time?

[Cheese]

SEGA have been hacked, apparently not by Lulzsec but by an unknown group.

[Jack A T]

On the more minor end, I just found something on the Game on Glen Rock website being defaced on Thursday by someone going by the name Alx Ksa.

Who, apparently, has been going around and defacing quite a few minor websites.  A Google search for his name results in a nice list of websites that have been defaced at some point by him.

[Jack A T]

Back to LulzSec: their actions today:

*Took down HackForums.net by request.
*Took down TribalWars.net by request.

[Bdthemag]

LulzSec seems to love taking down low security websites, and bragging on how good they are at it.