backtop


Print 29 comment(s) - last by lwesten.. on Jun 9 at 11:56 AM


Black & Berg CyberSecurity Consulting LLC were defaced by LulzSec today -- but they were happy about it. Turns out they were having a hacking contest.

A closeup of the photoshopped image that LulzSec posted to the defaced page. The group has refused the $10K cash prize promised by the security firm.
They just did it for the "lulz"

LulzSec ("Lulz Security") a group of skilled computer hackers/cyber-griefers have earned a reputation for controversy.  They took down parts of the computer network of famed hacker publication 2600, arbitrarily due to a feud with a single Dutch user.  They hacked PBS in what some argue was an attempt to subvert the new network's freedoms of speech and the press.  And they posted user names and plaintext passwords of elderly users (and others) from recent system intrusions [1][2][3] at Sony Corp. (TYO:6758).

But the group's latest effort is unlikely to create much controversy.  After all the affected party was asking for it-- literally.

LulzSec defaced the homepage of the "Cybersecurity For The 21st Century, Hacking Challenge" sponsored by Black & Berg Cybersecurity Consulting, LLC.  Black & Berg who do contract work for government agencies and private companies writes:
Change this website's homepage picture and win $10K and a position working with Senior Cybersecurity Advisor, Joe Black.

You can probably guess where this is going.  LulzSec altered the page background slightly and photoshopped their monocled mascot into the picture displayed on the page.  And amusingly they refused the cash prize stating:

DONE, THAT WAS EASY. KEEP YOUR MONEY WE DO IT FOR THE LULZ

Given that the group recently hacked a U.S. Federal Bureau of Investigations affiliate, it's not terribly surprising that they wouldn't want to compromise their location by accepting a prize from a public contest.  As Admiral Ackbar would say, "It's a trap!" (Potentially, at least.) Perhaps they should have offered the prize in bitcoins.

Founder Joseph K. Black took to Twitter, posting praise for the group.  He writes:

Black & Berg Cybersecurity Consulting appreciate all the hard work that you're putting in. Your Hacking = Clients for us. Thx ~Joe

We've said it once, and we'll say it again -- for better or worse, we doubt this is the last we'll see of LulzSec.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

funny how, but...
By Spoogie on 6/8/2011 4:25:25 PM , Rating: 2
It really has become an amusing series of stories about Lulzsecurity. But they're beginning to look like attention starved reality show wanna-bes.

And eventually they'll get caught, and get they're 15 minutes. Then it will be lulz.




RE: funny how, but...
By MrBlastman on 6/8/2011 4:48:45 PM , Rating: 2
The only one having the Lulz will be Bubba, Bubba Buttram the burly cellmate from Mobile, Alabama. "Why dontcha laugh about that, pretty boy. Now lemme hear ya squeal!" ;)


RE: funny how, but...
By Skywalker123 on 6/8/2011 9:20:42 PM , Rating: 5
Sounds like you're talking from experience.


RE: funny how, but...
By icanhascpu on 6/8/2011 7:39:04 PM , Rating: 2
Because they are forcing people to write news stories about them, dumbass?

umad


RE: funny how, but...
By Amedean on 6/8/11, Rating: -1
RE: funny how, but...
By icanhascpu on 6/8/2011 8:02:44 PM , Rating: 1
Riiight......


RE: funny how, but...
By B3an on 6/8/2011 9:02:38 PM , Rating: 2
He hid for roughly 10 years after the U.S spent billions trying to find him. Not exactly as great accomplishment. They were even looking for him before 9.11.
I dont think LulSec have anything to worry about.


RE: funny how, but...
By Farfignewton on 6/9/2011 1:08:27 AM , Rating: 3
It IS a great accomplishment. Finding people who will go to any lengths not to be found is not easy. The Atlanta Olympics bomber hid in our own backyard for five years.

Give me a handful of religious zealots and I could hide 10 years in the middle of the White House lawn.


RE: funny how, but...
By ekv on 6/9/2011 3:14:56 AM , Rating: 3
quote:
Give me a handful of religious zealots and I could hide 10 years in the middle of the White House lawn.
Even though I doubt it, if you've seen the way this president "swings" golf clubs -- if you can call it that -- you will want some very serious protection if you do try to hide there. Just sayin'


RE: funny how, but...
By shiftypy on 6/9/11, Rating: -1
The government...
By Obujuwami on 6/8/2011 5:09:31 PM , Rating: 5
should offer these guys amnesty for all their "crimes" and offer them a job to hack the Chinese government organizations. After they do their stint with the government, they can make a TON of money making sure that peoples networks are actually secure from China and other hackers.




RE: The government...
By mrjminer on 6/8/11, Rating: -1
RE: The government...
By karielash on 6/8/2011 6:35:38 PM , Rating: 2

Do you talk crap for a living?


RE: The government...
By StraightCashHomey on 6/8/2011 9:12:00 PM , Rating: 1
It would be hilarious if someone responded to your post, as you, and said "LULZ, this guy thinks he knows what he's talking about"


RE: The government...
By mrjminer on 6/8/11, Rating: -1
RE: The government...
By twhittet on 6/8/2011 10:25:02 PM , Rating: 2
You'll probably get pissy and blab some definition of "hacking" - but, there is more than one way to get into a site. Why brute force hack the web server when you can phish passwords from people who work for the company? Or even work for the company?

Anything made by humans is fallible, even if using "a framework that implements the simple security precautions that are necessary for a secure website."


RE: The government...
By Etsp on 6/8/2011 10:48:58 PM , Rating: 2
Not to mention the fact that just because website code is written securely, if there are vulnerabilities in the webserver platform (either unpatched security holes, or poor configuration), it would be easy to run arbitrary code and get in that way. No phishing necessary.


RE: The government...
By kerpwnt on 6/9/2011 3:17:54 AM , Rating: 2
Your comment about the government got me thinking about conspiracy theories. With all the LulzSec news, I think we are overdue. I'm no conspiracy artist, but I'll take a crack at it. Here goes:
----
LulzSec is a group of "elite" military hackers enlisted by the US government. With the rise of Chinese-originated cyber attacks on US computer systems, the US government is experimenting with new military protocols for potential cyber-retaliation.

The attacks on Sony, FBI affiliates, and Black & Berg were all training exercises. By successfully hacking the aforementioned parties, the team of hackers has secured their position in the US military and prepared an arsenal intended to protect our cyber-borders.
----
How's that for a start? I went with a good guy scenario, but an invasive anti-privacy/snooping (patriot act) approach could also work. Add some wacky code names and a bogus money trail and we might have a decent conspiracy theory on our hands!


RE: The government...
By Peter898 on 6/9/2011 11:55:27 AM , Rating: 2
What evidence are you basing your claim on ?
'Conspiracy-theorists' as you call them usually have
FACTS to support their claims .. Like the JFK-crowd claiming he was shot from the front, they actually have a film showing just that.


Responsibility of press and other things
By garagetinkerer on 6/8/2011 7:43:54 PM , Rating: 5
Say it once and no one may believe you. Say it once more and there may be more. Repeat and then some more... this, is how propaganda works. You keep saying how Lulzsec is trying to curb, or is indeed curbing freedom of speech of Press. I do not agree with what Lulzsec did. They could have had posted something on their site or something, but who would care? Not many really... I know they erred, but what other choices do they have?

Truth is there's little or no responsibility borne by the media in general. Look at Iraq, where everyone was saying there are weapons of mass destruction. All this is in public domain, but available through not regular channels in media. You have to watch indie docs, some obscure website... Why isn't Fox, ABC, CNN, PBS or any one else asking questions? You know the answer... They want all the freedom, but nothing to do with responsibility with so much power. The behaviour of Press in general is questionable, and to say otherwise is dubious in nature. PBS came out with a documentary about how Bush administration did a bang up job handling the economic recession called "Inside the meltdown". I'm not saying that he could have done any better with the bunch of morons/ thugs assisting him "Capitalism, this that..." No sir, it is economics and a plain old democracy. Look at how UK's government saved all the public money invested. You know what, they're to make a profit for that matter. Propaganda sir, that's what did Bush administration in, in handling over $700 billion for nothing. Honestly most here would negate this opinion from me, but i'm just trying to bring to your attention that there are hard choices everyone has to make... I'm sure rating my post down isn't one such :D Then again... everybody errs.

Most of what is fed to us is by and large propaganda. Now not only the governments, there are also the corporations which are targeting us. Wikileaks is a necessary evil(to mostly governments/ corporates)... there are a lot of things that happen which remain obscured from our sights. It is only good for us commoners if there's a way to find out about things. Would you rather be a puppet, or would you take your destiny in your own hands? Sometimes you need an insider, and that guy (Bradley Manning) who actually was crucified for this all, is someone who we all would revere one day. Reminds me something... a large part of the world DOES revere a guy who was crucified (as they say in the book) for others.




RE: Responsibility of press and other things
By Etsp on 6/8/2011 11:05:14 PM , Rating: 5
I agree that the world (and the U.S. specifically) needs a site like wikileaks to keep the crooks (in the Military, Government, and private sector) in check. I disagree that wikileaks itself is the answer. I make no judgement on Julian RE: rape allegations; It's not unlikely that he is being framed after the way he made himself a target.

However, that does not mean that he is acting responsibly in how he is handling the release of sensitive data entrusted to him. Much of the information he leaked was not "This is wrong and people need to know about it" but more along the lines of "Releasing this will harm U.S. interests"

I very much believe that Julian is an anarchist, and I believe LulzSec are as well. Bradley Manning is not the hero of your movement. He did not see wrong-doing and decided to do something about it. He was upset about being passed over for promotion (among other things), and decided to strike out against the system by dissembling harmful and sensitive information.


As advertised, they gave me my lulz
By Taft12 on 6/8/2011 4:09:18 PM , Rating: 5
So, will the security consulting company let us in on how Lulzsec managed to break in? Or could it be they don't even know how it was done...




By fic2 on 6/8/2011 4:29:07 PM , Rating: 2
I am sure that for a fee the security company will tell you if they know or don't know how they were hacked.


By lwesten on 6/9/2011 11:56:50 AM , Rating: 2
If you View Source, you can see an sql error output at the bottom of the page. Injection attack attempt, obviously.

If they did use an injection attack, I'm wondering if they exploited the mailing list signup input. The developers that built the site used js to generate the query string to submit the input data instead of using a FORM tag. Looks like they have at least SOME server-side validation, but obviously not enough. :)

On top of that, looking at the INSERT error, they're not hiding the absolute script path, either.

These guys are supposed to be experts? I don't condone what these guys are doing, but damn. Issuing a $10k challenge and not knowing wtf you're doing is kinda asking for it.


Honeypot?
By nafhan on 6/8/2011 5:18:32 PM , Rating: 4
So... is the guy from "Black & Berg" claiming their corporate homepage was a honeypot or something? More importantly (and less likely to be advertised), was it actually a honeypot? I just don't really see how getting hacked shows that you own a good security firm...




By Tegrat on 6/8/2011 4:27:17 PM , Rating: 3
Ummmm.... good luck getting clients Aaron Barr... oops I mean "Joe"

Good way to advertise your "Security" business.




the monies...
By GoodRevrnd on 6/8/2011 5:34:24 PM , Rating: 3
I could see how accepting the money would be next level stupid, but I would have asked the company to donate it to the EFF or something. Not that the EFF would want any sort of connection no matter how remote to Lulzsec...




Should have donated the money.
By Chudilo on 6/9/2011 10:44:15 AM , Rating: 3
Should have donated the prize money to a good cause.




"This is about the Internet.  Everything on the Internet is encrypted. This is not a BlackBerry-only issue. If they can't deal with the Internet, they should shut it off." -- RIM co-CEO Michael Lazaridis














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki