backtop


Print 29 comment(s) - last by neogrin.. on Jun 6 at 12:35 PM


LulzSec hacked an FBI affiliate and used obtained information to threaten others.  (Source: Google Cache)

The griefer group has been gaining attention of late for a series of high profile attacks.
Griefer organization isn't worried about making enemies

LulzSec ("Lulz Security") has exploded onto the world hacking scene with a series of high profile system intrusions that have drawn sympathy from some and outrage from others.  Now they've stepping up their attacks, blasting new targets.

I. LulzSec?

Before a few weeks ago pretty much no one had heard about LulzSec.  Now they're making the evening news.

Two weeks ago LulzSec was one of several parties who hacked Sony Corp (6758) using SQL injection to exploit access vulnerabilities in the company's online databases.  At the time most considered LulzSec just another hacker group targeting Sony.

Sony had in recent months become a whipping boy for the hacker community after it allegedly abused the U.S. federal court system to gain access to the personal accounts of famed hardware hacker George "GeoHot" Hotz, invading the young man's privacy.  The hacking community was also resentful about Sony's decision to try to block users from installing Linux on their PlayStation 3s -- a practice they once promoted.  

But LulzSec showed themselves to be more than just an anti-Sony group.  After news network PBS aired a FRONTLINE special called "WikiSecrets", LulzSec hacked the network's servers posting offensive fake stories.  

The group said they attacked the news network because they were upset that its special didn't portray the controversial leaks site Wikileaks in a wholly positive manner.  The decision to mix critical commentaries in with praising ones in the special was apparently unacceptable to the group, and PBS paid the price for its rounded coverage.

And most recently the group hacked Sony yet again, this time completing a much larger breach in which they scooped over 1 million user names and passwords from an online picture service from the company.  Allegedly the passwords were stored in plain text, an astoundingly careless move.

II. Attacks on Fellow Hackers

This last week, in addition to the Sony hack, LulzSec has had its hands full with new targets.

The group targeted famed hacking magazine 2600's servers due to its frustrations at a certain young hacker that used them.  The group claims that a Dutch youth named Martijn Gonlag, who goes by the name "awinee" on Twitter used 2600's IRC and proxy servers.

Mr. Gonlag who recently was arrested [1][2] (video) when he bungled an attempt to use the distributed denial of service (DDOS) tool "Low Orbit Ion Cannon" and accidentally DDOS attacked the Dutch government.

Since then he's carried out a confrontational dialogue with LulzSec on Twitter, with LulzSec mocking his inexperience.

2600 apparently was caught in the crossfire of this grudge match.  LulzSec elected to carry out distributed denial of service attacks on its fellow hackers, taking down IRC chat channels and proxy servers.  The physical news webpage remained accessible throughout much of the week, though.

The IRC channels have recently come back online as the group appears to finally be ceasing hositilities.

But the group appears to be targeting another hacker now -- an individual who goes by the name "th3j35t3r" ("The Jester" in leetspeak).  The Jester primarily leads (first party) denial of service attacks against violent jihadist recruiting websites, acting as a "hacktivist".  He has taken down sites belonging to the Taliban and al-Qaida.  He's also carried out attacks against the Westboro Baptist Church, a radical Kansas-based Christian church who advocates killing gays and who has cheered the death of American soldiers the Middle East.

But The Jester ran afoul of LulzSec due to his role in DOS attacks against Wikileaks.  Now The Jester and LulzSec are engaged in a hostile dialogue on Twitter, in which both parties have implied that they may be looking to attack each other.

III. Pro-FBI Nonprofit Hacked

But LulzSec's highest profile intrusion may have just occurred last night.  In an operation it called "f-ckFBIFriday", it hacked nonprofit Infragard.  

According to Infragard's website, it is a 42,000+ member strong organization that helps connect local businesses with the U.S. Federal Bureau of Investigations to protect themselves from crime.

Late Friday LulzSec hacked the group's servers, grabbing e-mails, passwords and personal contact information for about 180 members.  The group posted a 700 MB torrent, which it claimed to be full of internal emails.  The group also defaced Infragard Atlanta's website posting a defiant message to the FBI posting the text "LET IT FLOW YOU STUPID FBI BATTLESHIPS".

The defaced page carried a picture of LulzSec's favorite target, Mr. Gonlag.

LulzSec has also been at war with Karim Hijazi, CEO of botnet-tracking company Unveillance.  Mr. Hijazi accuses them of trying to hack into his company's corporate network with iPredator, a VPN tunneling tool.  He says they also used phone line tapping techniques to listen in and record an internal call.

He alleges that the LulzSec team contact him via IRC chat demanding he turn over logs on the botnet of Anonymous, which has been used to carry out pro-Wikileaks attacks on U.S. businesses and the U.S. government.  That botnet is believed to be composed of innocent civilians' computers infected by viruses propagated by Anonymous's hacker members.

LulzSec is also believed to have grabbed additional information using Mr. Hijazi's password from Infragard, which LulzSec claims was the same as his passwords for company servers.  By breaching Infragard, LulzSec appears to have gained the means to breach Unveillance as well.

In an interview with CNET he states, "They had me under the gun for a little over a week with threats and extortion. The very nature of having to contend with someone who is holding something ransom is not pleasant."

LulzSec has posted on Twitter claiming Mr. Hijazi tried to hire him and citing his "corrupt" behavior as justification for their leak of his company's information.  They write:

Karim offered to go into business with us even before we put on the pseudo-extortion. He tried even harder after - corrupt, filthy man.

We leaked Karim because we had enough proof that he was willing to hire us as hitmen. Not a very ethical thing to do, huh Mr. Whitehat?

IV. Who is LulzSec?

LulzSec sure is making a lot of enemies -- likely some hackers at 2600, The Jester, the FBI, Unveillance, Infragard, Sony, and more.

The group maintains chat channels on irc.lulzco.org and maintains an "official" webpage at lulzsecurity.com.  The group also communicates with the public through Twitter and Pastebin postings.

Its members firmly assert that they are not a renaming of the 4Chan hacker group Anonymous, despite sharing many similar enemies -- those who criticize Wikileaks, Sony, et al.

What is known about LulzSec at this point is that they are very sophisticated attackers.  They also appear to be members of the growing "griefer" movement, which includes such players as the obscenely-named GNAA/GoatseSec and Gnosis (who breached Gawker Media, owners of Gizmodo, last year).

The thing about griefers is that they love free speech -- until it works against them.  For that reason, and for the wealth of corporations with woeful security (link to LulzSec's hack of Nintendo), we doubt the online world has seen the last of LulzSec, who these days is given Anonymous a run for its money.

It should be interesting to see how the U.S. intelligence community responds, now that LulzSec's attacks are hitting close to home.

Update: Sunday 6/5/2011 12:25 a.m.-

Adrian Lamo, famed hacker/"snitch" and admin for 2600 shared the following statement with us:

Lulzsec's activities on 2600's IRC servers at irc.2600.net have been an ephemeral issue, which has been resolved internally in hacker tradition.

Indiscriminate attacks accomplish nothing, and the methods employed by LulzSec would be better-used against states hostile to the United States.

Attacks against government-affiliated entities such as Infragard are exceptionally unacceptable, and require decisive action if continued.


On a lighter note, I am proud to be the "owner" of lulzsec.com - I appreciate the gift.

Apparently LulzSec registered their website using Mr. Lamo's 2600 email address, so he now has rights to the domain.  Mr. Lamo has been in the spotlight since he turned in accused Wikileaks source U.S. Army Spc. Bradley Manning last summer.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

This is now BS
By pr0m3th3u5 on 6/5/2011 1:09:18 AM , Rating: 3
I can not believe what I am reading, these douchebags are attacking 2600? 2600, cDc, l0pht they are all the grandfathers to the hacking scene. Then these no skill half brained idiots start messing with them. Garbage crackers why don't they go back to cracking software or putting up torrents, or maybe better yet go back to the Jolly Rodgers Cookbook follow his directions and do themselves in. They are playing with masters and are going to get slapped down like the red headed step children they are.




RE: This is now BS
By Darkefire on 6/5/2011 1:30:13 AM , Rating: 5
They're getting cocky, thinking that they're the greatest hackers in the world because they've blasted a few high-profile targets with lax security. Pretty soon they're going to pick on someone bigger than they are, and then the real lulz will begin.


RE: This is now BS
By chick0n on 6/5/2011 7:38:05 AM , Rating: 1
they already picked someone bigger than they will ever be.

gotta love these script kiddies.


RE: This is now BS
By slunkius on 6/6/2011 2:00:37 AM , Rating: 2
"script kiddies", as in you are master in much more sophisticated attacks? if your are better than them, go and make them sorry.
gotta love keyboard cowboys like you


RE: This is now BS
By neogrin on 6/6/2011 12:35:23 PM , Rating: 2
You don't need to be an expert to be able to recognize skill (or lack thereof).

We've seen a SQL injection "hack" and a DoS or two from these guys. Neither of which are too impressive.

So yes, at this point, "script kiddies" would be a valid label for these guys.

Maybe when they get done waving their arms and yelling "Look At Me", they could actually pull off a sophisticated Hack.


RE: This is now BS
By RedemptionAD on 6/6/2011 7:18:55 AM , Rating: 2
That group while may be getting a little cocky, but there was a recent audit by the DOJ that showed that over 30% of the FBI cyber security personel was unfit for the task. This is the article that I found on a quick BING search(the source may have a religous context, but the fact of the audit is the important part and can be quoted from many other sources)

http://www.csmonitor.com/USA/2011/0427/Cyberespion...

From a security standpoint, if they know what they are doing they can cover their steps for quite a while before ever getting caught. Anonymous has been active for quite some time and they still are no weaker than when they started. Decentralized guerrilla cyber war is a nearly impossable task to stop, no matter who they face.


"Vista runs on Atom ... It's just no one uses it". -- Intel CEO Paul Otellini














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki