backtop


Print 39 comment(s) - last by masamasa.. on Jun 22 at 3:53 PM


Late this afternoon the CIA homepage was DDoSed.

The hacker group LulzSec claimed responsibility. They also did a phone attack on the FBI today. It's clear they think they're untraceable.  (Source: LulzSec)

Aaron Barr, disgraced former CEO of HBGary appears to be involved in an attempt to implicate LulzSec in Bitcoin theft. It does not appear LulzSec did anything of the sort. It is unclear whether a series of posting are designed to discredit/attack LulzSec, Bitcoin, or both.  (Source: Nerd Merit Badges)
Group's attack continue to grow more flagrant, as do its detractors

At around 6 p.m. Wednesday night after a busy day of distributed denial of service (DDoS) attacks some "31337" 2005-era "/b/tards" posted a microblog to Twitter.  But these weren't just any "/b/tards"; these were the most infamous hackers of the year -- LulzSec.
 
And they didn't just post any old message.  They typed:

Tango down - cia.gov - for the lulz.

Indeed the U.S. Central Intelligence Agency's homepage was unreachable.  

I. Brazen Hacks, Phone DOS

The apparent takedown of the CIA homepage is merely the latest in the griefers' audacious run of high profile system intrusions and DDOS attacks on gaming services, government entities, and more.

The hack outraged th3j35t3r ("The Jester" in leetspeak), a pro-American "hacktivist".  He swore to LulzSec:

@lulzsec - re: your last hit. Gloves off. Expect me. My silence is not an indication of weakness, as your mouth is an indication of yours.

But if The Jester or anyone else can stop the group, they haven't yet.  LulzSec appears to think itself untraceable, given its flagrant hacks -- infiltrating the U.S. Senate servers, hacking an U.S. Federal Bureau of Investigations affiliate, and now hacking the public presence of the world's "most powerful" intelligence agency.

And it's using new tactics.  LulzSec has set up two phone lines -- 614-LULZSEC or 732-993-7703 -- and is taking thousands of calls a day.  Some it actually answers, asking guests questions for prizes or regaling them in a faux French accents.  But it's also redirect the calls to phone denial of service (DOS) attacks -- something rarely seen today.

Today it direct this phone wrath at the online MMORPG World of Warcraft's customer support, the FBI's Detroit headquarters, and "a certain hosting company" (many suspect it was GoDaddy).  Last, but not least it direct attacks at disgraced security firm HBGary who was the subject of much lashing at the hands of Anonymous earlier this year.

II. Framing Attempt?

LulzSec has been the subject of what appears to be wildly bizarre framing attempt involved the increasingly popular peer-to-peer digital currency Bitcoins.  Former HBGary CEO, Aaron Barr, posted to Twitter:

Lulzsec manages to pilfer nearly a half million dollars in bitcoins while running their tele-DDOS-athon today. tinyurl.com/3mfngql

Only the link in question didn't receive the funds today -- it received them on Monday (6/13).  And while it did send a donation to LulzSec's public donations account:
176LRX4WRWD5LWDMbhr94ptb2MW9varCZP

It only sent the typical token gesture: 0.31337 ("elite" in leetspeak) -- worth about $7 USD.

So where did this bizarre rumor begin?  It appears to trace back to a Pastebin:
http://pastebin.com/88nGp508" rel="nofollow

Which was a repost of the Bethesda press release, with one important alteration -- the account was altered to make it look like:
1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg

...was a LulzSec donations account.

Clearly that account appears to be involved with some mass fraud or is a clever social engineering project to offer the appearance of a mass fraud.  Either way, the attempt to tie LulzSec to it seems clearly flawed and like a clear framing.  No official LulzSec press release has ever carried that number.

It's unclear whether Mr. Barr is merely a uninformed observer, or is more deeply involved with this possible framing attempt.  But it's clear that his wild claims appear unfounded.

It's also possible that the postings are some sort of attempt to discredit Bitcoin itself.  In recent weeks several news agencies have been spreading posts with dubious claims, attempting to discredit the digital crypto-currency.

For example The Guardian's Ruth Whippman writes:

An odd alliance of libertarians, geeks, businesspeople and drug kingpins hail Bitcoin as the future of the internet – global, private and immune from national economic crises and the whims of reckless bankers. Its critics in the political sphere fear that it could give rise to an online Wild West of gambling, prostitution and global bazaars for contraband.

Previously dismissed as a nerdy curiosity, the untaxable Bitcoin may soon be due for a crackdown.

And Gawker adds:

Not all Bitcoin enthusiasts embrace Silk Road. Some think the association with drugs will tarnish the young technology, or might draw the attention of federal authorities. "The real story with Silk Road is the quantity of people anxious to escape a centralized currency and trade," a longtime bitcoin user named Maiya told us in a chat. "Some of us view Bitcoin as a real currency, not drug barter tokens."

Silk Road and Bitcoins could herald a black market eCommerce revolution. But anonymity cuts both ways. How long until a DEA agent sets up a fake Silk Road account and starts sending SWAT teams instead of LSD to the addresses she gets? As Silk Road inevitably spills out of the bitcoin bubble, its drug-swapping utopians will meet a harsh reality no anonymizing network can blur.

Seemingly, some people are suggesting that Bitcoin is more villainous than the far more anonymous form of currency -- cash.  The source of this misinformation/smear campaign is unknown, though, news agencies seem happy to spread it gleefully.

III. Insecure World

Much has been made to explain how LulzSec is doing what it does.  But the fact of the matter is that the group isn't using new tactics, new tools, or new exploits.  It's just getting more attention because it's good at advertising what it does and its affecting lots of people.

But the fact of the matter is that many corporate and government systems today are incredibly insecure and the vast majority of users are utterly incompetent when it comes to security [1][2][3] -- even some system administrators [1].

Combine these factors and you get an infinitely abusable system.

The abuses have occurred in years past.  They may be happening at a faster rate this year.  But the system has been insecure for years.  And it will likely still be insecure next year, as well.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

so friggin easy
By ElijahsFury on 6/15/2011 8:52:45 PM , Rating: 2
All you have to do is buy a laptop(used from an old computer store. pay cash), find a city with free wifi, and create a whole seperate identity from your real one, never linking it back to your real email or information. For sites where you need emails, you create fake names. never make purchases with credit cards under that identity(unless they are fake too, hehe) and how is somebody going to trace anything back to you? Its impossible! Thats if your working alone though. The more chefs in the kitchen....




RE: so friggin easy
By Treckin on 6/15/2011 10:44:28 PM , Rating: 2
Better yet use your laptop and free wifi access and prepaid cards to create 2 separate fake identities, with fake ID's and all.

then rent 2 apaprtments, say across the street from eachother.

Add a little homebrewed networking gear so you can get wireless internet shared between the two spaces.

Then just sit in your little apartment off the grid accessing internet by yourself but never physically being present at the offending IP.

And assuming you use this level of security, you would be connecting over many proxies and perhaps even piggybacking through an infected and stable machine before and after proxying.

IDK food for thought...


RE: so friggin easy
By chagrinnin on 6/15/2011 11:26:41 PM , Rating: 5
uhm,..idk,...i'd hafta leave my mom's basement and prolly get a job. pass. good plan tho.


RE: so friggin easy
By chopperpl on 6/16/2011 11:04:53 AM , Rating: 2
I don't think so... They are very well aware of open wifi. They would do drive by first before storming the place, and sniff all users connected to that router. Most likely you would be the only one. Then all they have to do is to track the signal strength, which would lead them to the building where you are. There goes your second apartment cover. BUSTED!!!!!


RE: so friggin easy
By JasonMick (blog) on 6/16/2011 11:36:33 AM , Rating: 4
quote:
I don't think so... They are very well aware of open wifi. They would do drive by first before storming the place, and sniff all users connected to that router. Most likely you would be the only one. Then all they have to do is to track the signal strength, which would lead them to the building where you are. There goes your second apartment cover. BUSTED!!!!!

The trick is to simply do what the original op suggested, but rather than using public Wi-Fi just find a local private connection in a somewhat distant city and break the encryption to gain access.

There's docs widely available on cracking WPA-protected connections...

After you do that, you can simply route through tor, proxies, and hijacked machines, as suggested.

And if you did this in multiple areas it'd be very hard to track you, particularly if you made a point to center your connections within a one-tank driving distance of some central suburban location that was NOT your home.

Of course, you'd have to have a pretty cushy job (maybe software off-site contracting) it order to do this and not be dirt broke...


RE: so friggin easy
By Reclaimer77 on 6/16/2011 1:22:50 PM , Rating: 2
Doesn't matter. Everyone talks, and these people are obviously part of an online community somewhere. SOMEONE knows, or can find out, who these hackers are. The FBI will catch a small fish, or lean on one they already have in jail, and make them squeal or find out something key about this Lulz group. Someone will cut a deal and talk. They always do.


RE: so friggin easy
By geddarkstorm on 6/16/2011 1:57:43 PM , Rating: 2
Absolutely true. The more they do, the higher the chance to get caught, especially now that they've done Phone DOSing. They are angering everyone, since they aren't following any guiding or noble principles, other than "lulz", and just causing trouble for trouble's sake at this point. They will eventually get hit, and it'll be interesting to see what the judicial system does with them.


RE: so friggin easy
By Reclaimer77 on 6/16/2011 6:58:04 PM , Rating: 2
I would say 50 years in federal prison, probably get paroled in 20 years or so. I mean, come on, people have to get over this nostalgic love affair with hacking. These aren't a few kids who hacked into the public library system or something. They have effected millions of people, threatened their private information, broken federal laws and so on and so forth. People need to get real about the massive scope of their crimes.


RE: so friggin easy
By GrammarPolice on 6/17/2011 9:38:51 AM , Rating: 4
*affected


RE: so friggin easy
By Boissez on 6/17/11, Rating: 0
RE: so friggin easy
By Reclaimer77 on 6/17/2011 11:50:54 AM , Rating: 3
Whoa talk about left field. What a straw man, we're not even talking about that. I wasn't even THINKING about that when I wrote it. What does it have to do with ANYTHING?


RE: so friggin easy
By masamasa on 6/22/2011 3:53:42 PM , Rating: 2
A bullet would be a better solution.


Anonymous, where are you?
By rudolphna on 6/15/11, Rating: 0
RE: Anonymous, where are you?
By Amedean on 6/15/11, Rating: 0
RE: Anonymous, where are you?
By Amedean on 6/15/2011 8:00:35 PM , Rating: 2
But if I am wrong I apologize Dailytech.


RE: Anonymous, where are you?
By JasonMick (blog) on 6/15/2011 8:35:03 PM , Rating: 4
quote:
But if I am wrong I apologize Dailytech.

A news site covers breaking news and you get downrated on a public forum?? Clearly a conspiracy!!

"Ummm FBI I believe LulzSec took a break from DOSing your phone lines and taking down the CIA's homepage to conspire to downrate me!"

Good luck, but may I recommend you stock up, before contacting them...
http://www.amazon.com/SPECIAL-SALE-Pack-HYTOP-ALUM...

It's a special sale! You can make that protective hat you've been yearning for!


RE: Anonymous, where are you?
By icanhascpu on 6/15/2011 8:47:20 PM , Rating: 2
I disagree about buying foil online. Much easier to goto the store...

...unless they thought of that already and are expecting me to!


RE: Anonymous, where are you?
By MrBlastman on 6/16/2011 10:24:23 AM , Rating: 3
Dude man, didn't you know?

If you buy your foil online they know where you ARE! They have your address, they can trace you. They might even install a plant in the metal.

Noooooo maaaan. Don't buy online. They'll get you.

At least when you buy your foil in the store you can inspect it. You can use a tri-band field meter to examine it and make sure it is clean. You can also dust it for prints and run it versus a background check database just to be sure they didn't contaminate the metal.

But, if you didn't already know, the real foilheads smelt their own! Yeah man, they comb junkyards for aluminum car parts and then melt it down. It's the only way to be sure!

Of course, you can't just go to the yard and get the parts yourself. The owner will know! He'll be in on it. You instead have to train a special greyhound dog which you will use to toss over the fence at night. Why a greyhound? Because a. It is grey (duh! harder to see at night!) and b. it runs fast (to outrun the dobermans!). So you teach the dog to grab aluminum car parts and run like heck back to the fence.

Of course, you can only do this if you are wearing an all-black, aluminum lined trenchcoat with an additional fariday-cage lining. Those junkyards have advanced sensors! They know what the movement is trying to do!

/paranoia ;)


RE: Anonymous, where are you?
By Amedean on 6/15/11, Rating: 0
RE: Anonymous, where are you?
By JasonMick (blog) on 6/15/11, Rating: 0
RE: Anonymous, where are you?
By Amedean on 6/16/11, Rating: 0
RE: Anonymous, where are you?
By Amedean on 6/16/2011 3:11:59 AM , Rating: 2
I wish I could edit here - well I have to say this, you guys have definitely got the edge by whatever means you investigate with because when it comes to this kind of stuff you guys are on top. SO good I think it is natural to be suspicious.


RE: Anonymous, where are you?
By Regected on 6/16/2011 9:06:33 AM , Rating: 2
I knew about this happening about an hour before it was posted here. I was just watching the right twitter feed at the right time.


RE: Anonymous, where are you?
By drlumen on 6/18/2011 1:34:15 PM , Rating: 2
I'm not sure about the "terrorist" label yet but since they hacked and released the senate emails I would definitely think they could be convicted of treason. And, the last time I checked, the death penalty can still apply to traitors.


RE: Anonymous, where are you?
By Justin Case on 6/15/11, Rating: 0
RE: Anonymous, where are you?
By omnicronx on 6/16/2011 12:56:20 AM , Rating: 2
If you don't like the way in which the site is run, why both reading let alone commenting?


RE: Anonymous, where are you?
By Mumrik on 6/16/11, Rating: -1
Fun
By p05esto on 6/15/2011 10:27:34 PM , Rating: 2
This is one of those news stories you see in slow motion playing out and know the ending. As months pass we'll see some kids getting busted and go to jail, all will be under 30yrs old I'm sure, all male, all white, etc etc. They'll most likely get busted from social engineering and old school investigation work which the FBI has been doing for decades. Someone will slip up, someone will have a friend with a big mouth, someone will make a simple mistake. There's probably 200 people under survelience as we speak, a case building on their heads while they play their games. You Krazy Klutz group should probably leave the country about now, lol.




RE: Fun
By Ringold on 6/15/2011 11:05:16 PM , Rating: 4
Yes, and the smart one among them would be smart to contact the FBI right now and agree to flip and help gather evidence on the rest of the group in return for immunity.


RE: Fun
By 91TTZ on 6/16/2011 1:47:24 PM , Rating: 2
quote:
Yes, and the smart one among them would be smart to contact the FBI right now and agree to flip and help gather evidence on the rest of the group in return for immunity.


More realistically, the FBI would arrest that person, offer them no immunity, and then continue its work while this person sits in jail.


RE: Fun
By maven81 on 6/16/2011 11:03:35 AM , Rating: 2
You seem to assume that all of them are Americans. I'm sure that a lot of them are, but probably not all of them. It would be much harder to stop this if you're dealing with foreign nationals.
And since we're making assumptions here, as Jason points out at least part of the group is made up of people that have known eachother since 2005. that seems like plenty of time to weed out people you don't trust. Worse yet they don't seem to be interested in money, so bribes probably wouldn't work either.
I do think it will fall apart in the end, just not nearly as quickly as you think. So far their biggest problem is arrogance.


Urgent these are false flag attacks.
By ASCulottes on 6/15/2011 9:13:33 PM , Rating: 2
Read story for details, this is a follow-up story.
http://www.americansansculottes.com/2011/06/urgent...




RE: Urgent these are false flag attacks.
By geddarkstorm on 6/16/2011 2:04:11 PM , Rating: 3
I'm sure it's not a conspiracy of any sort, just plane old incompetent security. But, it does give ammo to fuel those who want to crack down on the internet. It's all leading to an internet war, which we are kinda already in now.


By GrammarPolice on 6/17/2011 9:40:57 AM , Rating: 4
*plain


WoW?
By Scootie on 6/16/2011 3:21:30 AM , Rating: 2
I really dont get it what do they have with Blizzard and their mmorpg WoW?! As far back as I remember they were always a very very friendly company.




RE: WoW?
By CrazyBernie on 6/16/2011 11:01:31 AM , Rating: 2
Somebody got all buttsore because blizzard canceled their account for bot use and called the lulsec hotline, in all likelihood.


RE: WoW?
By jimhsu on 6/18/2011 11:45:42 PM , Rating: 2
I think the same thing happened with EVE Online (someone getting caught for bot use, or "alliance politics"). I don't see any other reason to attack CCP otherwise. Thankfully, I quit a few years ago.

I don't get though why anyone would attack Minecraft. Why?


Nutbag? A big may be!
By garagetinkerer on 6/16/2011 7:37:48 PM , Rating: 2
UK is coming up with a law to disconnect people off internet. There was talk about Oz doing the same. Well, US is so far more liberal, but think about it. Companies have formed unholy unions such as RIAA/ MPAA and well created laws which resulted in a single mother paying $400,000 per song as a penalty. It really doesn't seem that far fetched to me to think that there's going to be a new legislation coming in sometime soon... People who are calling proponents of such theories hacks, and other such remember DMCA came and is here still. What did you get out of it? Threats to be sued, or, you got sued if you were a single mother, and oh, ley us not forget DRM which is infecting every bit of technology slowly. People say Vista was bad, but it was so as MS was forced to implement DRM. Remember HDCP, when you're brand new hardware was suddenly not good enough to play HD content.

On the other hand it may be just some guys 'doing this for lulz' as they claim...




Wonder Who...
By mmatis on 6/20/2011 11:04:23 PM , Rating: 2
could possibly gain from hacking BitCoin and framing LulzSec? FedPig, perchance? Seems like the most probable suspect...




"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." -- Bill Gates














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki