backtop


Print 53 comment(s) - last by just4U.. on Jul 2 at 12:57 AM


EA was the latest victim of LulzSec. In the group's farewell hack it aired 550,000 users' information via torrent.  (Source: EA)

The group also grabbed 200,000 accounts from a popular hacker forum.
Group says they will continue operations under the name "AntiSec", but are retiring their moniker

LulzSec is gone -- for now.  The group on Sunday morning at 12:01 a.m. announced its surprise departure via a press release.  But they aren't really going anywhere, and they didn't "leave" their moniker without a parting shot -- they posted the results of their latest hacking campaigns to The Pirate Bay in a modest archive.

I. Bye Bye Birdie

LulzSec has been at it for 50 days now, hacking the planet.  They've hacked [1][2][3] Sony Corp. (TYO:6758).  They've DDoSed the CIA.  They've hacked the U.S. Senate and the Arizona state police.

But after all their fun, they say their bidding adieu to the LulzSec moniker -- for now.  On the anniversary of George Orwell's birthday, they write:
Friends around the globe,
We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.

For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others - vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It's what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.

While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn't that interesting to know? The mediocre painter turned supervillain liked cats more than we did.

Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we've gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don't stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.

So with those last thoughts, it's time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.

Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.

Let it flow...
Lulz Security - our crew of six wishes you a happy 2011, and a shout-out to all of our battlefleet members and supporters across the globe

The speech brings to mind the famous comedian Johhny Carson's farewell words in 1992 on his late night show:
I can only tell you that it has been an honor and a privilege to come into your homes all these years and entertain you. And I hope when I find something that I want to do and I think you would like and come back that you'll be as gracious in inviting me into your home as you have been. I bid you a very heartfelt good night.
Of course Johnny Carson went about spreading "lulz" in quite a different fashion.  And he hacked far less people.

II.  750,000 More People Exposed

The parting shot was no "Pentagon Papers", but it did have a bit of something for everyone.

Leading the way are internal mappings of AT&T Inc. (T) and AOL Inc.'s (AOL)  servers.  The group also posted a file entitled "Office networks of corporations.txt".  The hack brings to mind Adrian Lamo's watchdog side Inside-AOL.com, from the 1990s.

But where Mr. Lamo never exposed a significant class of users, LulzSec takes joy in engaging in that activity as well.  Their biggest post was leaked info of 550k users of Electronic Arts, Inc.'s (ERTS) cartoony FPS game Battlefield Heroes.  At press time we have not yet obtained the full archive, so we're unable to ascertain what details were leaked.

EA appears to confirm the breach, writing:

Battlefield Heroes is Offline

We are currently investigating an apparent security breach related to our free-to-play Battlefield Heroes franchise. We are working to identify which accounts were affected and will take all precautions to ensure those players are notified as quickly as possible. We apologize for any inconvenience and hope to have the game back online shortly.

It also posted account information on 50k "random" game forum users.

The hackers also turned on their fellow novice brethren, publishing records on the users  of Hackforums.net (they appear to have obtained this data via the tried and true method of SQL injection -- somewhat embarrassing for a self-proclaimed "hacking" site).  In total 200k accounts were reportedly compromised on the site (that's a lot of hackers!).

The forum writes:

All ub3r and l33t must do a password reset to their email. Use contact form if you do not get your password email reset or do not have access to the email on file.

Then there's 12k North Atlantic Treaty Organization e-book center usernames and passwords (somebody will have fun reading).  NATO more or less already confirmed this breach to be authentic, posting on Friday:
Probable data breach from a NATO-related website

Police dealing with digital crimes have notified NATO of a probable data breach from a NATO-related website operated by an external company. NATO’s e-Bookshop is a separate service for the public for the release of NATO information and does not contain any classified data. Access to the site has been blocked and subscribers have been notified.
The group also posted an image file entitled "navy.mil owned.png", which we'll debrief you on shortly.

And then there's 29 emails and passwords [PasteBin] at P.I. Limited of Dublin.  It's always embarrassing when security professionals wind up in these releases.

Rounding off the release, there's a post detailing an apparent vulnerability [PasteBin] of an FBI web property involving the open source content management system Plone.  And there's a cool 2,454 IP addresses [PasteBin] that are listed apparently using "root" or "admin" as their password for the corresponding administrator/superuser account name.  Ouch. 

III. Why the Sudden Exit?

The sudden departure made us initially wonder if the awaited police axe finally fell upon the audacious crew.  However as of early this morning, one of the group's ringleaders, "Sabu", was still happily posting.

He writes:
Nobody is leaving. we're working on the #antisec movement.

If you read the statement your questions will be answered. There's only been one arrest; Ryan, and he isn't part of lulzsec.

No one is disappearing. find us all @ #antisec
According to the group, they're not ceasing their activities -- they're just dropping the "lulz" and getting serious about their campaign of "cyberwar" against the world's ruling powers.  And those powers still appears as helpless as ever to capture brains behind the group.

That said, there's one major outstanding question -- what happened to Topiary.  The hacker, allegedly a core member of Anonymous, fell silent last week.  His last Twitter post was dated June 17.  So it's possible there could be something more to this story -- though for now it's just an interesting observation.

Meanwhile, another 812,000+ users will wake up Sunday morning and groan.  They've yet again been the victim of poor IT management and the ever bolder presence of Anonymous and its affiliates -- LulzSec and AntiSec.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

lulz @ self-righteous hackers
By vazili on 6/26/2011 6:39:14 AM , Rating: 5
I honestly love when hackers say "look at us! We're exposing the guvimint!"

What are they really posting? How a low-level government bureaucrat thinks about a situation. Nothing new. Nothing good. Nothing revealing.




RE: lulz @ self-righteous hackers
By Mike Acker on 6/26/11, Rating: -1
RE: lulz @ self-righteous hackers
By chick0n on 6/26/2011 8:01:02 AM , Rating: 1
One thing I should mention is that web sites get hack all the time, except that they're stupid enough to expose themselves this "much" and now everybody is after them. All they did was using free tools that you can download everywhere (if you know where to look for them) and start scanning sites for known exploits. People call these "script kiddies"

Can't help it, most of these low life morons still living in their mom's basement and they never set a foot out of their rooms.

Watch people going to get them, one by one. Lulz?


RE: lulz @ self-righteous hackers
By jabber on 6/26/2011 9:54:39 AM , Rating: 2
Yeah best way for the CIA/FBI to stop all this is to infiltrate these groups and allow them access to female company.

They will then find there are far more fun things to do in life.

http://www.youtube.com/watch?v=alWX-4dJ4P0


RE: lulz @ self-righteous hackers
By SPOOFE on 6/26/2011 11:36:38 PM , Rating: 2
I think it's very telling of the quality of the Feds/CIA if they can't infiltrate these groups. I worry that the bloated bureaucracy has hampered their ability to deal with loosely organized soft-targeting groups that require very little in the way of manpower or resources.


RE: lulz @ self-righteous hackers
By hanmen on 7/1/2011 10:56:13 AM , Rating: 2
welcome to our online store site:<a http://www.buy3buy.com
looking forward to your visiting,hope to meet your need all cheap but good quality,best sevice ,free shipping.


RE: lulz @ self-righteous hackers
By Mr Joshua on 6/28/2011 6:31:29 PM , Rating: 2
These guy are not that stupid as to fall for that old trick.


RE: lulz @ self-righteous hackers
By hanmen on 7/1/2011 11:03:34 AM , Rating: 2
welcome to our online store site: http://www.buy3buy.com
looking forward to your visiting,hope to meet your need all cheap but good quality,best sevice ,free shipping.


RE: lulz @ self-righteous hackers
By PReiger99 on 6/26/2011 10:06:00 AM , Rating: 3
quote:
People call these "script kiddies"

And I suppose any script kiddies can successfully hack firms like Black & Berg Cybersecurity Consulting, and claim a $10k prize (all this completely legal as the company was literally asking for it).

So at this point there is two angles you can use to view this:
A) Script kiddies can't be bought, easy money doesn't interest them, and cybersecurity firms know less about security than script kiddies.
B) They are good, and as such there is no shame to be defeated by a superior opponent. All you can do is learn from them and fix the flaws that have been exposed in your system.


RE: lulz @ self-righteous hackers
By mcnabney on 6/27/2011 10:14:02 AM , Rating: 3
Ah yes, after the thieves broke into my house by cutting the power lines, jamming the backup wireless frequencies and burning through a 3" steel door - I have no one to blame but myself?

Sorry, I can't walk into your house and cart-off your TV even if you left the door open. On the bright side, now that more 'people' are becoming victims of this I imagine future juries might be a little more vengeful and be more willing to send the cute young punks to PMITA prison for a few decades.


By icanhascpu on 6/27/2011 3:34:32 PM , Rating: 2
Holy shit someone gets it.

You don't belong here,


RE: lulz @ self-righteous hackers
By The0ne on 6/27/2011 4:45:18 AM , Rating: 5
You must be kidding yourself. You think good hackers use tools you can find on everyday websites? Of all the hackers I've know since my college years we were heavily into programming and networks. We don't use what you will find on websites (hardly any websites back then hahaha) as we created our own. You can figure out why this is needed.

And low life living in their mom's basement? That's something that Hollywood sure got you guys on. Sure there are those around but I don't know of a single hacker that is like that, do you or anyone here? :) Keep thinking like this though, if that helps.

There are good hacker and bad hackers. Most of us back then did it because we wanted to learned more, challenged ourselves and possibly created better infrastructures. The bad ones are ....well bad as you know them.

Keep downloading those web hacking tools on the net. It's a great way to get trojans, viruses, key loggers and all that good stuff :) Trust me.


RE: lulz @ self-righteous hackers
By runutz on 6/27/11, Rating: 0
RE: lulz @ self-righteous hackers
By Maiyr on 6/27/2011 2:27:20 PM , Rating: 3
"Such as; There's a real world out there."

says the person replying to a forum post on DT...

lulz (pun intended)


RE: lulz @ self-righteous hackers
By fictisiousname on 6/28/2011 9:35:44 AM , Rating: 2
"by Maiyr on June 27, 2011 at 2:27 PM

"Such as; There's a real world out there."

says the person replying to a forum post on DT...

lulz (pun intended)"

Most people don't need all day to read a forum post. Sorry that offends you. lulz indeed


RE: lulz @ self-righteous hackers
By hanmen on 7/1/2011 11:00:41 AM , Rating: 2
welcome to our online store site:<a http://www.buy3buy.com
looking forward to your visiting,hope to meet your need all cheap but good quality,best sevice ,free shipping.


By icanhascpu on 6/27/2011 3:44:27 PM , Rating: 2
Why reply to people like that? They are weak enough to let movies and shows on TV brainwash their idea of a label. They obviously cant think for themselves.

Protip kids: Knowledge is the power of this world. Successful hackers, businessmen, politics, etc. Those the run the world, run on knowledge. -Current- knowledge. Its is where the money is, but more than that, it is where the power is. This isn't found in a wiki. It is found through exploration and exploitation. Get your heads out of your collective assess and look around you.


RE: lulz @ self-righteous hackers
By FITCamaro on 6/26/2011 10:29:43 AM , Rating: 1
Anyone with a brain already knew that.

All they've done is give identity thieves an orgasm.


RE: lulz @ self-righteous hackers
By mondo1234 on 6/26/2011 5:49:06 PM , Rating: 5
quote:
LulzSec has done the entire world a great service by ripping up the carpet and showing everyone what a total lie "security" is -- in too many instances


Just like a drive by shooting. They dont care who is in the way, mow them all down, innocent and all. Thanks for the favor.


By icanhascpu on 6/27/2011 3:37:15 PM , Rating: 1
Yes, exactly like a drive by shooting!
Except not at all, because no one was killed.

Only on DT does this sort of analogy get up-voted to a 5.


By Autisticgramma on 6/28/2011 11:48:44 AM , Rating: 1
Every one Mod'ed Mike Acker down, however he has a point. Our financial world rests on the security of these major companies. Electronic voting machines email, the rest.

I have supported way too many executives, and devs (yes Devs!!!?) who look at security as just something else in the way of doing their job.

Basically as FUD.

And no "I have a MAC" isn't going to work either. (Not any more effective than your 15 year old condom in your wallet, but it makes you happy to know it's there right?)

Its about time that business realized: "The computer network is the fabric of your business." If it isn't secured, not only does commerce stop, the chance of it starting back up again is low. Any one with the know how can now snipe your customers/suppliers.

#AntiSec may sound full of them selves: their hubris is nothing compared with big business.

-Gramma


RE: lulz @ self-righteous hackers
By Mithan on 6/27/2011 3:00:11 PM , Rating: 2
I was hoping all the hackers would do something cool like hack into Top Secret government security and release info on Aliens and Alien Technology, Reptilians and the after life.

That would be awesome!


By icanhascpu on 6/27/2011 3:33:05 PM , Rating: 1
5 5 5 5 5 5 5 5 5 5

CUZ YOU ARE DOING SO MUCH MORE.


reply
By chrisfam on 6/26/2011 2:09:21 PM , Rating: 5
Maybe this has something to do with it-

http://gizmodo.com/5815599/a+team-hacker-group-pos...




RE: reply
By Flunk on 6/26/2011 7:17:54 PM , Rating: 2
I was going to post that. Interesting if true isn't it?


By chromal on 6/26/2011 1:19:22 PM , Rating: 5
A bigger pile of jackasses the Internet has never seen. I'll be popping the popcorn when they're arrested.




Who cares?
By sleepeeg3 on 6/26/2011 10:50:00 PM , Rating: 3
Quit giving these basement dwellers free press. The sooner the publicity ends, the sooner these anarchist losers go back to slitting their wrists.




RE: Who cares?
By SPOOFE on 6/26/2011 11:38:43 PM , Rating: 2
Think of it this way: These anarchist losers are giving established publications lots of hits and ad revenue.


Funny-ass title...hehe
By MartyLK on 6/26/2011 3:09:58 PM , Rating: 3
I can't help chuckling about that title and image chosen for this story... "Fires Parting Shot" and shows a picture of a ship just kinda meandering away...LMAO.




Rofl
By stm1185 on 6/27/2011 4:56:06 PM , Rating: 3
They are really sticking it to the government and security firms by stealing those Battlefield Heroes accounts. Take that big brother!




You can't stop them all but...
By Beenthere on 6/26/2011 11:54:23 AM , Rating: 2
...the more hackers that go to prison the better. Do the crime, go to prison.




EA is a "world ruling power"?
By DrApop on 6/26/2011 1:30:28 PM , Rating: 2
quote:
they're just dropping the "lulz" and getting serious about their campaign of "cyberwar" against the world's ruling powers.


Hey, they want to have fun...that's up to them. But I just don't see how releasing user info from the likes of EA, etc is functioning as a "cyberwar against the world's ruling powers".

If EA is a ruling power, we are all in trouble :)

Also, releasing user info from NATO, while upsetting, isn't some major world crushing victory. Sure they show how poor security is on the internet but WikiLeaks at least provided useful information regarding the inner workings, secrets, and hidden agendas of the worlds powers.

These guys seem to be more like mischief makers or poor graffiti artists rather than Ocean's Eleven type criminals.




What a buch of idiots
By slickr on 6/27/2011 5:38:36 AM , Rating: 2
What a bunch of idiots. What did they expose? Absolutely nothing, just some innocent people's book reading history.

No confidential or secret files, no big revelation or anything, just some low level already publicly available data on the FBI.

If they are not to be considered bunch of morons, they need to hack into classified materials and post those documents.




like the parting comment..
By just4U on 7/2/2011 12:57:09 AM , Rating: 2
"If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere."

Interesting how that was worded. It sounds sort of familiar. Regardless, I like that phrase.




Hide behind laws?
By infidel01 on 6/26/11, Rating: 0
To defeat them...
By Rob94hawk on 6/26/11, Rating: -1
RE: To defeat them...
By MeesterNid on 6/26/2011 3:12:39 AM , Rating: 5
lol, what? Are you also going to tell your bank, utility company, doctor's office, work/school, etc to do the same? It's not like the only place they have to get your personal info is your own computer.


RE: To defeat them...
By ussfletcher on 6/26/2011 3:14:54 AM , Rating: 2
Also, LulzSec isn't some magical hacking enterprise, they are making use of some freeware tools to run exploits on servers... The same things people have been doing silently for years.


RE: To defeat them...
By icanhascpu on 6/26/11, Rating: -1
RE: To defeat them...
By freeagle on 6/26/2011 5:12:16 AM , Rating: 2
quote:
There will be others that can and will do a hell of a lot more damage to the common person unless laws start to come into place to make corporations more accountable.


No, not laws. All you'd gain from that is a false feeling of security.


RE: To defeat them...
By wordsworm on 6/26/2011 7:09:51 AM , Rating: 2
I suppose that would be a bit like trying to put all the gas station and liquor store robbers in jail or passing more laws against those who commit them. No matter what, there's another piece of trash to take the last one's place. The solution must then be what? What can we do to prevent every rapist from raping? every murderer from murdering? every molester from molesting? every hacker from hacking?

I've heard lots of security experts say that there is no such thing as an absolutely secure network unless it's not connected to the Internet. So, aside from that solution, what do you think that they ought to do? I mean, aside from a blanket statement that they ought to be held accountable for the actions of others? ie, blame the child for the molestation, the murdered for the murder, and the raped for the rape? Is that the idea behind 'make corporations more accountable'?

Maybe the real trick is to force the adoption of new ip protocols. Assign every device that uses the Internet a number, and require that every Internet user be a registered Internet citizen with their own unique identity, have all devices be required to be registered to an Internet citizen. Make open Wifi portals illegal unless there is some kind of registration system where people are required to identify themselves for every bit of information that gets up- or down-loaded. That way, perhaps people could be identified more quickly for the crimes that they commit.

Whatever the case, the only way to become more secure is to give up our anonymity. Maybe that's the era that those Lulzers will help usher us into.


RE: To defeat them...
By freeagle on 6/26/2011 8:20:36 AM , Rating: 2
No, no registrations. That would create even more centralization. We, people, individuals, need to take control back to us, not give even more away.

The way we indetify ourselves on the internet is upside down. We take our usernames and passwords, give them to some authority and ask: "I have this and this. Am I me?". We give that which makes us to someone else. That's what's wrong.


RE: To defeat them...
By bodar on 6/26/2011 9:01:06 AM , Rating: 1
And you don't think these unique IDs will be spoofed by criminals and griefers? Keep dreaming. Now you're just eliminating online privacy for the illusion of security. Good job.

Yes, any system can be compromised given enough time, effort, and resources, but it is the job of IT security to use multiple layers of security to mitigate the damage of a breach. If management wants to skimp on the security then they simply don't deserve our business.

Would you give your bank a free pass if they locked the safety deposit room with a bike lock and called it a day? And after the robbery, they said "Oops, sorry we didn't protect your valuables better... here's a free toaster!" There are reasonable security measures (allegedly) NOT being taken here, like server patches.


RE: To defeat them...
By BugblatterIII on 6/27/2011 3:58:21 AM , Rating: 2
The point of accountability isn't to victimise companies; it's to make them responsible for taking reasonable precautions.

We've seen time and again that these hacks are being achieved with very simple attacks, e.g. SQL injection. There's no excuse for being vulnerable to that. These companies have a duty to take reasonable precautions to protect our data.

Who can determine what's reasonable? Since you have a judiciary that doesn't even know enough about tech to want the bigger gee bees that's a tricky one. However the situation should improve with time.


RE: To defeat them...
By Mike Acker on 6/26/11, Rating: -1
RE: To defeat them...
By freeagle on 6/26/2011 7:59:51 AM , Rating: 2
Yes, laws can make corporations accountable for damages. That's it.

In the end, that's what will allow corporations to rise prices of products which will mean that we, customers, will end up paying for damages done to us. Among other things...


RE: To defeat them...
By SPOOFE on 6/26/2011 11:48:26 PM , Rating: 2
quote:
that's what will allow corporations to rise prices of products

What's stopping them now? Oh yeah, other companies. What if Company A goes sloppy security and raises prices, while Company B, C, and D choose instead to tighten their security and not raise prices?


RE: To defeat them...
By freeagle on 6/27/2011 1:01:06 PM , Rating: 2
quote:
What's stopping them now?


They don't have a reason good enough to be accepted by customers. Such laws coming into effect would give them one.

quote:
What if Company A goes sloppy security and raises prices, while Company B, C, and D choose instead to tighten their security and not raise prices?


Then companies B, C and D will have harder time to survive, because tightening security costs money and that will make their profit margins smaller.


RE: To defeat them...
By FITCamaro on 6/26/2011 10:28:36 AM , Rating: 1
No amount of laws will ever stop this kind of thing from happening.

If corporations are held legally liable for the illegal actions of others, then you can say goodbye to most internet innovation. Nothing is 100% secure. No company would take the risk of constantly being able to be sued because their firewalls were hacked.

Besides, whats a laws going to do? Politicians, like on most subjects they stupidly pass laws on, know nothing about internet security. And any law actually passed will be irrelevant in a year as computers get faster.

The issue is that computers have gotten so fast, that you don't need mainframes to do brute force attacks anymore. You can do it with a couple GPUs. Or you can create a bot that the unwitting will download which will take down someones server as millions of copies infest PCs worldwide.

About the only way a companies servers are truly secure is if they're not plugged in.


RE: To defeat them...
By derricker on 6/26/2011 2:59:06 PM , Rating: 2
quote:
If corporations are held legally liable for the illegal actions of others, then you can say goodbye to most internet innovation.


Nice propanda speech you got there, corporations can't be held reponsible for the seas of crap they make but people do??


RE: To defeat them...
By interstitial on 6/27/2011 10:01:04 AM , Rating: 2
Perhaps they should be required to maintain a certain level of security then. Obviously you can't promise you won't be hacked but holding passwords in plaintext or unsalted MD5 should really be considered negligence likely to cause customers material damage.


RE: To defeat them...
By borismkv on 6/27/2011 2:11:22 PM , Rating: 2
There are numerous regulatory systems that businesses are *supposed* to comply with in storing things like this. PCI, SAS70, Sarbanes Oxley, etc. Unfortunately, a lot of companies don't feel the need to comply with those regulatory systems. In some cases, though, larger corporations may actually be bribing past the regulatory committees.


"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki