backtop


Print 29 comment(s) - last by icanhascpu.. on Jun 9 at 10:40 PM


For now the LulzSec ship sails on, contrary to reports of an "arrest" by phantom FBI agents. The group today posted information from two more hacked Sony properties.  (Source: LulzSec)
Merry brigade's run isn't over yet

There's been some interesting developments in the case of now-legendary griefers LulzSec ("Lulz Security").  Today some news network reported that a member of LulzSec was arrested by "FBI agents".  These reports emerged around the same time as an outage of the group's site so most assumed them to be true, but are they?

I. LulzSec Hacked?

Reports of LulzSec being "hacked" started at 2:39 a.m. EST when "lulzfail@hotmail.com" emailed the security mailing list SecLists.org with a post "Lulzsec == pwnt".

The posted led to a tar file, which contained some nondescript server/chat log-looking text file dumps.  Interesting.

Early in the morning The Epoch Time took the plunge reporting:
Just following the hack, LulzSec chat logs appeared online detailing a government raid of their chat server, stating “military hackers are trying to hack us.” They stated one member of the group, Robert Cavanaugh, was arrested. He is now allegedly in FBI custody.
NOTE:
Robert Cavanaugh has graciously contacted us and stated:

A lot of the information isn't correct I was never arrested that picture isnt me.

He acknowledges that he was a security professional and experienced hacker looking to expand his skills, but that the allegations appearing in various reports were slander against him.

He was only peripherally associated with members of Lulzsec, and did not participate in the group's attacks.

Robert Cavenaugh
The "real" Robert Cavenaugh [Image Source: Robert Cavenaugh]

Likewise, at 8 a.m. Arik Hesseldahl, a former Bloomberg BusinessWeek contributor who obtained a graduate journalism from Columbia University, reported for All Things Digital:

The release came as there was a claim — totally unconfirmed — that a member of the group has been arrested by the FBI. The claim was made on the Full Disclosure mailing list, an independent free-wheeling mailing list that focuses on computer security. The message, which was sent by someone using the Hushmail secure email service, contained what is said to be a chat log from Lulzsec’s private IRC chat server, then mentions at the end that “one of them is already in FBI custody.” I have calls into FBI offices in Washington and New York, trying to corroborate the claim of the arrest.
He cautions:
Obviously, it’s possible that the claim is completely made up. It could be an attempt by someone to falsely implicate someone as a member of the group, throw off the trail, or just a nasty prank.
But then gleefully speculates:
But if an arrest has been made, and the person arrested is a member of LulzSec, then it would probably be a fairly short time until other members are arrested too.
Even ArsTechnica joined in.  And at approximately 5 p.m. EST Slashdot admin "SoulSkill" published a user submitted story from "jjp9999" who wrote:
"LulzSec was compromised and a member of the group, Robert Cavanaugh, was arrested by the FBI on June 6. Meanwhile, LulzSec hacked Sony again, this time leaking the Sony Developer Network source code through file sharing websites."
Unfortunately all of these reporters were mislead to varying degrees (and those who expressed credulity or urged caution were wise to do so).  It turns out the hack of Mr. Cavanaugh dates back to 2010, as seen here, in this cached log on the page 4Chan.

In a series of PNG images and TXT files several teen hackers ("Xero", "XYZ" (Cavanaugh), and others) had their names and home addresses posted.  The teen hackers appeared to have run afoul of Anonymous or some other more seasoned hackers.

According to several anonymous sources we received, XYZ (Cavenaugh) was trying to join LulzSec, but was never a full member.  Purportedly he was arrested in early May, following the LulzSec hack of Square Enix (TYO:9684).  Internet Relay Chat (IRC) conversations have since surfaced online indicating that XYZ was not truly involved in the hack and that the hackers purposefully defaced pages to look like they were hacked by Xero, XYZ, Chipp1337, Venuism, and XiX as a prank.  

Suffice it to say these young men ostensibly have nothing to do with LulzSec getting "pwnt", particularly not over the recent Sony intrusions.

LulzSec took to Twitter at around 6 p.m. denying that they had been hacked.  Shortly thereafter ArsTechnica and The Epoch Times updated their posts to reflect this, with ArsTechnica even catching wind of the suspect PasteBin that was a few weeks old (but failing to mention the much older 4Chan post from Oct. 2010).  As of press time Slashdot and All Things Digital still haven't updated with LulzSec's statement.

II. But the Site was Down!

The reports of the LulzSec arrest poured in like rain -- and around the same time the group's site went down.  Many speculated this was further sign of some sort of massive hack of LulzSec.  Based on the posts on the mailing list some claimed that the group had been hacked using remote root access and had stored root passwords in their email -- embarrassing security mistakes if true.

But in reality the group's site was likely getting stressed by a much bigger true story and the outage was merely an unfortunate coincidence.

The group early this morning had cheered the release of yet another data dump [1][2][3] from a hacked Sony Corp. (6758) property.  Sony has of late become the whipping boy for the hacker community, for reasons we outline here.  These attacks were the sixteenth major attack [1][2][3][4][5] on Sony, thus far.

This time around, the attackers had made off with a 54 MB code dump from Sony Computer Entertainment’s Developer Network, and an internal network map of Sony BMG.  The blog "attrition.org" listed the attack as the sixteenth major intrusion at Sony since the attacks began in April.

LulzSec mocked:
Konichiwa from LulzSec, Sony bastards!

We've recently bought a copy of this great new game called "Hackers vs Sony", but we're unable to play it online due to PSN being obliterated. So we decided to play offline mode for a while and got quite a few trophies. Our latest goal is "Hack Sony 5 Times", so please find enclosed our 5th Sony hack.
So LulzSec appears to have DDOSed itself with all the excitement it generated.

III. What's Next

While the "arrest" this time proved false, it's very possible that the group may eventually see some sort of real world law enforcement action.  The group is making powerful enemies -- namely the U.S. Federal Bureau of Investigation and Sony.  And while these entities have yet to prove their security competence, they have the advantage of money on their side.

LulzSec arguably is costing Sony what could amount to billions in financial damages.  It thus seems only a matter of time before Sony swallows its pride and tries to hire security professionals to strike back.

So far LulzSec has only seen incompetent attacks, such as an attempt to SQL inject the group's static pages on lulzsecurity.com.  The group posted via Twitter:

Someone is trying to SQL inject our static pages on LulzSecurity.com - we can see you trying it, you are really embarrassing yourself. <3

Shortly thereafter they DDOSed the attacker IP.

But, according to some, LulzSec is burning through whatever community sympathy it generated by publishing user names and passwords, which it stole from Sony.  Such actions -- particularly the group's decision to publish private information on innocent gamers and elderly contest entrants -- may eventually provoke retaliation from the broader hacker community as well, which is already a bit annoyed at LulzSec for trying to DDOS the servers of veteran hacker publication 2600 and flame-baiting anti-terrorist veteran hacker th3j35t3r ("The Jester") on Twitter.

The group remains as defiant as ever.  And as usual they're not talking to the media (or "fucking media bullshit" in their words).  That silence combined with the overeagerness of online media means that this won't likely be the last time the story gets confused.  For now the LulzSec "ship" sails on.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

hah
By TheRequiem on 6/6/2011 10:23:00 PM , Rating: 2
LOL @ lulz security.




RE: hah
By AssBall on 6/6/2011 10:28:26 PM , Rating: 2
Jesus Christ this Sony hacking sh*t is completely out of control. They need to seriously divert some massive resources, or something, because now it is just lulz.


RE: hah
By geddarkstorm on 6/7/2011 1:15:38 PM , Rating: 1
16 friggin times... Cripes. They've had two months to fix things, but seems they haven't made any progress :|. So incredibly inexcusable, how can any costumer trust Sony with private data of any sort if their network security amounts to a sponge?

On the other hand, it is very wrong for Lulzsec to post information like that. All was needed was to show Sony's incompetence, not endanger other folks in the process. They need to knock it off too, and get their heads back on straight.


RE: hah
RE: hah
By Spuke on 6/6/2011 11:39:04 PM , Rating: 2
This is really getting funny AND embarrassing for Sony.


RE: hah
By SandmanWN on 6/7/2011 1:15:43 AM , Rating: 5
I find it more embarrassing for the people doing this. While the tech savvy of other nations grow up hacking western countries for information on how to evolve their industry through whatever means necessary and stealing all the information they can get their hands on, the pathetic youth of western countries are too busy hacking a gaming company, or searching for UFO's on public military websites, or simply wasting away playing a gaming console.


RE: hah
By Aloonatic on 6/7/2011 5:51:28 AM , Rating: 2
I'm just wondering who the kids that live in the nation with the most advanced tech in the world should be hacking for information? China to find decades old stealth information? India for old rocket and nuke tech?

I'm not saying that I support what they are doing by the way, but it seems unfair to praise foreign hackers who actually have something meaningful to go after when hacking the US/West and to compare them to hackers in the US/West who might hack into China or wherever, but what's the point?

Sony is more than just a gaming company too. It's annual turnover is probably larger than many countries GDP. It has a global presence and it's actions are probably felt by more people than those of most governments around the world too.


RE: hah
By Strunf on 6/7/2011 7:18:11 AM , Rating: 2
China is today competing with western countries for resources, knowing with which country they are making deals and the extent of them would be of most interest to many.


RE: hah
By nafhan on 6/7/2011 10:47:46 AM , Rating: 2
They don't necessarily have to be stealing military secrets to be beneficially utilizing their skill sets. I think he was making the point that the Chinese hackers are doing something that benefits their people, while these guys are just wasting their time and skills to annoy and inconvenience a large consumer electronics manufacturer and it's customers.


RE: hah
By Aloonatic on 6/7/2011 1:27:56 PM , Rating: 2
I get the point.

My point is that it is one thing to expect hackers to hack into the DoD, NASA or whoever and steal info on the latest stealth fighters and such. It's another to expect US/Western hackers to be interested in hacking into China to find out who they are trading with and find quarterly accounting reports etc.

Yes, the information might be equally valuable, but it's hardly interesting or the sort of thing that anyone starts hacking for, so I don't blame US/Western hackers for not bothering with such things and going after the more interesting information held by their own governments.

It seems pretty petty to criticise western hackers for this IMHO, but there you go.

Anyway, if US/Western government and the people who vote for and fund them want US/Western hackers to employ their skillz more beneficially, then pay them to. Why you expect hackers to do this for free to benefit you and your government seems a silly notion too. Why shouldn't they go after what they feel is interesting? That's all that foreign hackers will be doing, unless they are being employed by the state, and then it's a different matter entirely.


RE: hah
By nafhan on 6/7/2011 4:52:17 PM , Rating: 2
Gotcha'
I agree with the sentiment. Further, I'd be surprised if Chinese hackers were doing all that out of love and patriotism for their motherland (or whatever). There's probably support at some level from the Chinese government.


RE: hah
By SandmanWN on 6/9/2011 12:13:54 AM , Rating: 2
Clearly you missed the point. The point, may I add since it flew straight over your head, is that this is a complete waste of talent and skill. The comparison isn't targets of opportunity but the desire and want of knowledge rather than a teenagers hurt feelings over the big bad corporations that they took their lollipops.

That was the zooming sound your heard buzzing around your head when you typed two completely misguided posts.


RE: hah
By infidel01 on 6/7/2011 1:26:16 PM , Rating: 2
So what, your saying these people are not bad people beacuse they are hacking but they are bad people as they are not hacking for the goals you would? Or for the same goals other people are?


RE: hah
By SandmanWN on 6/9/2011 12:07:44 AM , Rating: 2
you've tried to place words in my mouth and have done little more than confused yourself. If you want my opinion, ask. Of the two wastes to society, the west has the best of the worst. Got it boy genius?


RE: hah
By icanhascpu on 6/9/2011 10:40:23 PM , Rating: 1
1. Not everyone in the west fits your little description
2. If you dont think other nations hackers are do'n the same sort of shit on smaller scales, you're a fool.

The only embarrassing thing about this is what you've managed to convince yourself.


RE: hah
By B3an on 6/7/2011 5:38:14 AM , Rating: 1
It got funny and embarrassing a long time ago.


hm
By LumbergTech on 6/6/2011 11:56:49 PM , Rating: 4
I don't agree with them posting the data, but nonetheless it is hilarious to see Sony eat crow after all their bs.




RE: hm
By Obujuwami on 6/7/2011 12:02:43 AM , Rating: 5
I just wish they would steal something interesting...like Sony's financial books!


RE: hm
By UnauthorisedAccess on 6/7/2011 5:59:55 AM , Rating: 3
I'd prefer them to 'locate' technical details on how I can run Linux on my PS3 Slim :)


RE: hm
By tastyratz on 6/7/2011 11:23:39 AM , Rating: 3
imagine that!

lulzsec if you are reading this: Finding out sony is cheating on their taxes somewhere and posting that online? now THAT would be funny. how about sony bmg internal communications that could essentially destroy all riaa cases? how about the riaa themselves?

hacking pbs is sad, 2600 is burning bridges. There are quality targets out there if you so feel the need.


RE: hm
By Lord 666 on 6/7/2011 2:49:05 PM , Rating: 2
Not really about 2600... it was to prove that even the hacker community is vulnerable.


RE: hm
By tastyratz on 6/7/2011 5:47:50 PM , Rating: 2
the same could be established by shooting boy scouts and old ladies. Everyone is vulnerable, but I guess proving it that way would be terrorism?
Or is it all the same...

These people are not fighting for a cause other than anarchy and their means equate to the founding definition of terrorists. There are large companies that could benefit from being put in their place tastefully but they are hardly robin hood here...


RE: hm
By robinthakur on 6/7/2011 4:59:43 AM , Rating: 5
Yer, this is for the Dreamcast Sony!!!


20 Reasons
By lutherblissett on 6/7/2011 10:28:59 AM , Rating: 3
anyone seen this interesting take on what's going on in cyberspace at the moment:

http://deterritorialsupportgroup.wordpress.com/201...

somekind of anarcho hipster blog but pretty indepth look at the events of the last month...




RE: 20 Reasons
By geddarkstorm on 6/7/2011 2:07:22 PM , Rating: 2
That is an amazing piece of writing. Keeping up with the sudden domino effect going on in the internet is hard, but a succinct and comprehensive piece like that really nails down the beginnings of this new age we're entering. Thanks for the share.


Community sympathy?
By piroroadkill on 6/8/2011 4:54:47 AM , Rating: 2
Who cares? that's not a reason to hack Sony, and they should carry on regardless of sentiment! Do it for the lulz!




Having
By icanhascpu on 6/6/2011 11:32:43 PM , Rating: 1
fun Jason? :P




Oy vey...
By FastEddieLB on 6/7/2011 5:30:00 AM , Rating: 1
It's just trolls trolling trolls at this point




I have the same monitor
By Lord 666 on 6/7/2011 3:59:12 PM , Rating: 1
At first I thought someone took that pic in my house...




"There's no chance that the iPhone is going to get any significant market share. No chance." -- Microsoft CEO Steve Ballmer














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki