backtop


Print 29 comment(s) - last by lwesten.. on Jun 9 at 11:56 AM


Black & Berg CyberSecurity Consulting LLC were defaced by LulzSec today -- but they were happy about it. Turns out they were having a hacking contest.

A closeup of the photoshopped image that LulzSec posted to the defaced page. The group has refused the $10K cash prize promised by the security firm.
They just did it for the "lulz"

LulzSec ("Lulz Security") a group of skilled computer hackers/cyber-griefers have earned a reputation for controversy.  They took down parts of the computer network of famed hacker publication 2600, arbitrarily due to a feud with a single Dutch user.  They hacked PBS in what some argue was an attempt to subvert the new network's freedoms of speech and the press.  And they posted user names and plaintext passwords of elderly users (and others) from recent system intrusions [1][2][3] at Sony Corp. (TYO:6758).

But the group's latest effort is unlikely to create much controversy.  After all the affected party was asking for it-- literally.

LulzSec defaced the homepage of the "Cybersecurity For The 21st Century, Hacking Challenge" sponsored by Black & Berg Cybersecurity Consulting, LLC.  Black & Berg who do contract work for government agencies and private companies writes:
Change this website's homepage picture and win $10K and a position working with Senior Cybersecurity Advisor, Joe Black.

You can probably guess where this is going.  LulzSec altered the page background slightly and photoshopped their monocled mascot into the picture displayed on the page.  And amusingly they refused the cash prize stating:

DONE, THAT WAS EASY. KEEP YOUR MONEY WE DO IT FOR THE LULZ

Given that the group recently hacked a U.S. Federal Bureau of Investigations affiliate, it's not terribly surprising that they wouldn't want to compromise their location by accepting a prize from a public contest.  As Admiral Ackbar would say, "It's a trap!" (Potentially, at least.) Perhaps they should have offered the prize in bitcoins.

Founder Joseph K. Black took to Twitter, posting praise for the group.  He writes:

Black & Berg Cybersecurity Consulting appreciate all the hard work that you're putting in. Your Hacking = Clients for us. Thx ~Joe

We've said it once, and we'll say it again -- for better or worse, we doubt this is the last we'll see of LulzSec.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: The government...
By mrjminer on 6/8/2011 9:59:20 PM , Rating: -1
The most hilarious thing is that my post is 100% accurate. People like you know nothing about security and presume these nimrods know what they're doing just because they "hack a site." What I said is a fact. The only way they are able to "hack" a site is if the site is coded poorly, or if they find a zero-day vulnerability. Of course, I guess I did forget to mention that if Apache is configured by a complete moron there might be another way they can sneak something in.

All they are doing is using exploits that have all been known for over a decade, and all of which can ONLY be used in the event the person/persons coding the website fails to implement common, standard security measures that have been around for the same ten years or longer.

I think it would be pretty hilarious if they logged in and posted as me, too, but I don't think that's going to happen since I think this website actually uses a framework that implements the simple security precautions that are necessary for a secure website.


RE: The government...
By twhittet on 6/8/2011 10:25:02 PM , Rating: 2
You'll probably get pissy and blab some definition of "hacking" - but, there is more than one way to get into a site. Why brute force hack the web server when you can phish passwords from people who work for the company? Or even work for the company?

Anything made by humans is fallible, even if using "a framework that implements the simple security precautions that are necessary for a secure website."


RE: The government...
By Etsp on 6/8/2011 10:48:58 PM , Rating: 2
Not to mention the fact that just because website code is written securely, if there are vulnerabilities in the webserver platform (either unpatched security holes, or poor configuration), it would be easy to run arbitrary code and get in that way. No phishing necessary.


"The whole principle [of censorship] is wrong. It's like demanding that grown men live on skim milk because the baby can't have steak." -- Robert Heinlein














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki