Print 29 comment(s) - last by lwesten.. on Jun 9 at 11:56 AM

Black & Berg CyberSecurity Consulting LLC were defaced by LulzSec today -- but they were happy about it. Turns out they were having a hacking contest.

A closeup of the photoshopped image that LulzSec posted to the defaced page. The group has refused the $10K cash prize promised by the security firm.
They just did it for the "lulz"

LulzSec ("Lulz Security") a group of skilled computer hackers/cyber-griefers have earned a reputation for controversy.  They took down parts of the computer network of famed hacker publication 2600, arbitrarily due to a feud with a single Dutch user.  They hacked PBS in what some argue was an attempt to subvert the new network's freedoms of speech and the press.  And they posted user names and plaintext passwords of elderly users (and others) from recent system intrusions [1][2][3] at Sony Corp. (TYO:6758).

But the group's latest effort is unlikely to create much controversy.  After all the affected party was asking for it-- literally.

LulzSec defaced the homepage of the "Cybersecurity For The 21st Century, Hacking Challenge" sponsored by Black & Berg Cybersecurity Consulting, LLC.  Black & Berg who do contract work for government agencies and private companies writes:
Change this website's homepage picture and win $10K and a position working with Senior Cybersecurity Advisor, Joe Black.

You can probably guess where this is going.  LulzSec altered the page background slightly and photoshopped their monocled mascot into the picture displayed on the page.  And amusingly they refused the cash prize stating:


Given that the group recently hacked a U.S. Federal Bureau of Investigations affiliate, it's not terribly surprising that they wouldn't want to compromise their location by accepting a prize from a public contest.  As Admiral Ackbar would say, "It's a trap!" (Potentially, at least.) Perhaps they should have offered the prize in bitcoins.

Founder Joseph K. Black took to Twitter, posting praise for the group.  He writes:

Black & Berg Cybersecurity Consulting appreciate all the hard work that you're putting in. Your Hacking = Clients for us. Thx ~Joe

We've said it once, and we'll say it again -- for better or worse, we doubt this is the last we'll see of LulzSec.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: The government...
By mrjminer on 6/8/2011 5:42:52 PM , Rating: -1
ROFL? Do you honestly think these guys have any talent whatsoever? The ONLY reason they are able to get into these sites is because they implement extremely poor security. Seriously, SQL injection on Sony's site -- that's nothing more than gross negligence on Sony's part. This site, on the other hand, obviously left an exploit open to attract attention. They had a contest going prior to the "hack" -- IE: they intentionally left a known security vulnerability open for publicity.

A correctly coded site is impossible to hack in any manner other than hacking into the server itself, which, effectively, means they have to find an unknown zero-day vulnerability.

Want to know how to "secure" a website from China and other hackers? Here:
1. Escape user data prior to sending it to the database
2. Escape user data being displayed on a page
3. Use a framebreaker
4. CSRF tokens on all forms
5. Limit login attempts to x every xx minutes

RE: The government...
By karielash on 6/8/2011 6:35:38 PM , Rating: 2

Do you talk crap for a living?

RE: The government...
By StraightCashHomey on 6/8/2011 9:12:00 PM , Rating: 1
It would be hilarious if someone responded to your post, as you, and said "LULZ, this guy thinks he knows what he's talking about"

RE: The government...
By mrjminer on 6/8/11, Rating: -1
RE: The government...
By twhittet on 6/8/2011 10:25:02 PM , Rating: 2
You'll probably get pissy and blab some definition of "hacking" - but, there is more than one way to get into a site. Why brute force hack the web server when you can phish passwords from people who work for the company? Or even work for the company?

Anything made by humans is fallible, even if using "a framework that implements the simple security precautions that are necessary for a secure website."

RE: The government...
By Etsp on 6/8/2011 10:48:58 PM , Rating: 2
Not to mention the fact that just because website code is written securely, if there are vulnerabilities in the webserver platform (either unpatched security holes, or poor configuration), it would be easy to run arbitrary code and get in that way. No phishing necessary.

"What would I do? I'd shut it down and give the money back to the shareholders." -- Michael Dell, after being asked what to do with Apple Computer in 1997

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki