After fifty days of wreaking security busting mayhem on websites round the globe, Lulzsec says it's hanging up its hacking hats. Perhaps to forestall accusations either that its members were sinking the LulzBoat in response to rival TeamPoison's threat to expose its members, or that they're clearing out the basement before the …
seems like a reason to keep someone in?
"...he had been diagnosed with Asperger's syndrome since his arrest and has agoraphobia..."
Pity it wasn't Tourette's: he could just tell them to 'Fuck off.'
..... breaking news
Watch and wonder as Mrs 'Lulzsec's Mum' reads this and declares that he has Tourette's syndrome on top of the Agoraphobia and Aspergers.
May be I am the only cynical one who thinks it just a little more than coincidental that when these Über hackers get caught they suddenly develop a whole range of psychological problems?
Cue furious flicking through the pages by anonymous mothers ..........
How can you joke about this? It is clear to me that this youngster can't be responsible for his actions, and that the authorities are overreacting. He is unlikely to get a fair trial, and receive a punishment far worse than is justified. This is UK/US injustice at it's very best.
What mother would do anything different?
I've worked with a few and personally known one person with Asbergers: Unless very severe, Asbergers does not prevent you from knowing the difference between right and wrong or from being responsible for your actions. Certainly not if it went undiagnosed until he was arrested.
As for asserting that he won't get a fair trial, you're drifting off into conspiracy - If it goes to trial, it will be like all trials in the UK, open and held in public. You can make a decision at that point if you think it's not fair, but as I struggle to think of miscarriges of justice in the last 20odd years, I'll stick with a default position of fair, until appears to be otherwise.
"I've worked with a few and personally known one person with Asbergers: Unless very severe, Asbergers does not prevent you from knowing the difference between right and wrong or from being responsible for your actions. Certainly not if it went undiagnosed until he was arrested."
Given that many people who have read the LulzSec stories and don't have any known psychological problems don't think that he or any of the members did anything wrong, you have no ground to stand on for this argument.
If you stand naked in your front window as the school bus passes, are you guilty of indecent exposure or are they guilty of violating your privacy?
Just because you don't think they did anything wrong doesn't mean it wasn't illegal.
Hint: accessing systems without permission and taking a dump of the database != legal behaviour
..... and yet if you are found to have DDoS attacked a web site you may be found guilty of an offense under the Computer Misuse act 1990. How do your various analogies, such as the one above, and the other one about leaving furniture out, suggest that LulzSec haven't done anything wrong?
>>"Given that many people who have read the LulzSec stories and don't have any known psychological problems don't think that he or any of the members did anything wrong, you have no ground to stand on for this argument."
Forget 'wrong', how many of them are confident he and the rest of them didn't do anything *illegal*?
I'm pretty sure that the average prison has loads of people in it who have managed to convince themselves that they haven't really done anything 'wrong', and that any negative outcomes of their actions are really someone else's fault.
If someone made a judgement about the actions of a whole group of people *without even being aware of all the actions those people did*, I'd have to wonder why they were so particularly keen to believe in the innocence of the people in question.
I certainly wouldn't put much trust in the judgement having been reached in good faith, rather than being leapt to as a result of simple rationalisation.
So, if they didn't think that they were doing anything wrong, why would they go to such lengths to stay anonymous?
Also, why did they go on about "doing it for the lulz"? That implies that they knew it was wrong.
@ Re AC
On the contrary, you don't seem to understand that trials and law do not have anything to do with what a handful of people think is "right" or "wrong".
They depend on L A W. If you disapprove of laws, act to change them BEFORE, not AFTER someone gets caught up in a violation, because to have justice, that law must apply just as it had to all those who came before and were tried under it, else it gets elevated to a higher court to decide.
You must be kidding though, to take a vigilante position attacking person(s) because you disapprove of what they do is not wrong? Of course it is, the legal system is the recourse for such things and just as it is that you should let your voice be known to repeal unjust laws, so you should also voice what new laws are needed to keep moving toward justice. Vigilantism cannot fit into this model, it is based on subjective decisions instead of popular vote regardless of what some herd of teenagers with nothing better to do, agree upon to fit in with their peers.
@ClareCares--Right, he won't get a fair trial because he's embarrassed the IT Establishment.
Whether the kid is responsible for his actions remains to be seen, however there's no doubt that those caught hacking become scapegoats for a failed, totally inadequate, security system--especially so when their primary purpose is just to hack rather than premeditated cyber crime.
It's clear to me that the IT Establishment has set out to make an example of such kids and throw the book at them because it is embarrassed by its sheer longstanding incompetence and utter inability to protect its IT systems. It's a classic case of 'blame anyone but yourself' and amateur hackers are the obvious target.
It seems revenge is a lot easier than being professionally competent. Over the years, we've witnessed the deliberate revenge the Establishment has handed out to those that embarrass it--from hackers and crackers such as Kevin Mitnick and Jon Johansen to music downloaders like Joel Tenenbaum, all are held up as Satan incarnate. When caught, these people are severely punished and ostracised worldwide yet a bank safecracker is likely to get little more than page-3 notoriety in the local press.
That for many years kid hackers have continually outwitted and made fools of the world's best security experts points us to the REAL culprits--the IT Establishment itself. It's the so-called IT security experts and the manufacturers of Swiss-cheese code such as the Microsofts of this world who are truly responsible for this problem, not a few amateur hackers; yet, as they control establishment power, they not only all get off scot-free and avoid imprisonment but they've real power to shift the full blame onto those who ought to be just bit players.
Those with power can and do and have always set the agenda here; it's never been set by what's morally and technically right or correct.
Users are responsible for protecting their own IT systems in the same way I'm responsible for protecting my wallet. If I don't button up my back pocket or I throw banknotes in the street then it's silly for me to expect that they're going to remain there indefinitely. Banks have long understood this when it comes to locking up and securing cash but it seems that after 50-plus years the IT world has yet still to learn this fact let alone understand how to fix the problem.
The reaction and indignation to Lulzsec by those in the know is the hight of hypocrisy. And that to ordinary citizens, legislators etc., the IT Establishment can hide behind the mumbo-jumbo world of IT security doesn't make it any less so. In reality, the spotlight ought to be focused much more on the IT security profession than on Lulzsec.
Furthermore, that IT security is in such tatters is both serious and alarming. Clearly, if a bunch of amateur hackers can, at will, bring large corporate systems to their knees then just imagine what would happen in an all-out orchestrated cyber war carried out by a foreign power with unlimited resources at its disposal. Frankly, it's hard to believe IT security is in such a shambles but it can't be denied as Lulzsec's provided the necessary proof.
With proper well engineered IT security commonplace, Lulzsec would find something more interesting to do than to show how flawed IT security really is. Pride aside, we ought to take our hats off to them for showing us the way forward.
Presumably, all the thumbs-downs to your post have come from second-raters who don't have a good handle on IT security; clearly they're jealous of Lulzsec's superior IT security skills.
Massive typo alert
>"Clearly's defense attorney"
Cleary's defence lawyer.
...hearing about LulzSec's forays. Can't say I approve of what they've done because there was potentially a lot of real-world hurt unleashed. Some things got poked that needed poking; but they could have thought about the collateral damage, is what I'm sayin'.
Glad it's over. If it is. Suicide notes on the intertubes are worth the paper they're printed on.
LOL @ lulz
script kiddies poke the big dog with a long stick and run away very fast when it wakes up. sad.
Re: LOL @ lulz
And if they kept going untill they got caught.you would call them stupid for not knowing when to quit.
I just call them
self centred little tits with no empathy who delight in making other people's lives more difficult in order to gratify their pathetic egos...
If they are Sk1pt KiDD!355
Then god help us all, because if script kiddies can do that then think what real talent could do.
DDoS and SQL injection
You can learn how to do it in about five mintues on Google, download software someone else wrote, and set about randomly hitting websites until you find one with a vulnerability. Then you claim you wanted to attack them all along, invent some incoherent and self-contradictory justification, and if you didn't hide behind about seven proxies and a couple of VPNs, wait for the police to arrive.
Script kiddies, that's all they are. Script kiddies with big egos and an inability to keep their mouths shut.
@ Norfolk 'n' Goode
I'd call them stupid if they'd kept going and stupid if they'd stopped. They're just stupid little kids. Exposing personal data of ordinary people does nothing except piss off ordinary people.
They are stupid...
Because firstly, they are just a bunch of script kiddies vandalising things. I have yet to see them create anything to improve any part of the world, anywhere. Oh yes, silly me. Talentless little script kiddies can't actually create anything worthwhile, but they can destroy things.
In response to a previous post; They are also stupid because they did keep going until one of their members got caught. At which point he started helping the police track down the other members so quickly the others panicked and quit. Saying afterwards that they planned to quit after X number of days is something only the gullible or stupid will actually beleive. If they intended to quit after X number of days, they would have announced that at the start.
£5 says they are shitting themselves at the moment, which trying to delete all the evidence. Unfortunately, the little kiddies have yet to completely grasp the fact that given that they decided to attack servers, logs of their nefarious activities are spread across the planet, held by people who will be delighted to help the police with their enquiries.
Not so easy
None of my data has been exposed by Lulzsec and yet I still consider them Script Kiddies.
Downloading and using tools someone else wrote to attack servers, using no personal knowledge other than how to use the toolz. That'd be a Script Kiddie!
@Norfolk 'n' Goode
>>"And if they kept going untill they got caught.you would call them stupid for not knowing when to quit."
Unless there's potentially something meaningful to gain from the attempt, poking a dog with a stick is stupid whether or not it's carried on to the point where the dog bites the poker (or someone else).
Thinking that doing something risky wasn't daft simply because someone got away with it is *classic* immature-male logic.
Anyway, in this case, it's possible that the dog can wait to bite until *long* after the poking has stopped.
@LOL @ lulz -- Are you really saying all it takes is script kiddies?
Are you really saying all it takes is script kiddies to wreak such hacoc?
If so, then security is even in a more chaotic state that I outline in my earlier @ClareCares post.
Lulzsec's a bit more than script kiddies methinks.
@A. Coward -- Re: "self centred little tits with no empathy..."
"self centred little tits with no empathy..." they may be. But it's better to find out security weaknesses now than during an all-out cyber war by a foreign power that has unlimited resources.
At some future time you may thank Lulzsec for the opportunity to fix things in advance.
@ david wilson
"Thinking that doing something risky wasn't daft simply because someone got away with it is *classic* immature-male logic"
As I said nothing of the sort that makes you just another fool who can't read.
@Anonymous Coward -- Another one who's happy with cyber security as it is. Shame!
Your comment, and similar 'script kiddies' comments in posts by others, are the reasons why cyber security is in such a shambles (and why software generally is in such a mess).
Fucking hell, can't you understand that none--THAT MEANS NOT ONE--of these major sites should have been vulnerable to script kiddies.
What you and others are blatantly saying (admitting to) is that major systems can be attacked by amateur script kiddies, yet your only real response is that they're naughty to have done it. Unfortunately, this sloppy unprofessional attitude permeates the IT security industry (and IT generally) and primarily it's the underlying cause of the longstanding IT security problem.
If bridges were designed to such sloppy engineering standards then there would be deaths every week from bridge collapses. However, unlike the very public lives of bridge designers, those who write the code for security systems, hide their sloppiness and mistakes in the compiled code. Compilation and proprietary (secret code) not only hides mistakes but gives programmers anonymity (and thus after disaster a means to escape the wrath of harmed users). Tell me, in all the publicity about all those systems breached by Lulzsec where were all the names of those responsible for designing and programming them. Correct, there were none. Yet again, unscathed, the true perpetrators have escaped to repeat again and again!
Perhaps the details of breaches ought to be the subject of a Wikileaks investigation.
I have considered for quite some time that significant improvements to security systems would result if the designers and programmers were publicly responsible for their code. Programming in Ada and such--where programmers' details are properly logged and embedded in the code module by module--would help to enforce better security. Then, every time a security module was compromised or breached, the name, rank and serial number of the designers/programmer(s)--the perpetrators--would be available for all the world to see. Public disgrace and humiliation not to mention future employment being put in jeopardy would quickly enforce better security standards.
This is not without precedent either, and it goes back a long way in civil engineering. Take for example the Tay Bridge disaster of 1879 where the bridge designer--the notoriously tight-arsed, cheapskate engineer, Sir Thomas Bouch--cut corners everywhere which resulted in the loss of 75 lives. A subsequent inquiry exposed him when it summed up the bridge as being "badly designed, badly built, and badly maintained". Bouch died in disgrace shortly afterwards. A similar fate befell the famous and very successful bridge designer Leon Moisseiff--the still-standing Manhattan Bridge amongst his achievements--but whose Tacoma Narrows bridge (Galloping Gertie) dramatically failed in 1940. Moisseiff became too cocky and failed to attend to minor but significant details that would have prevented the collapse. He too died in disgrace several yeas later with his wonderful career in tatters.
Today, any bridge designer knows that a collapse means disgrace, humiliation and end of career. So too should be the fate of the system designers/programmers of large security systems that fail and are breached by hackers.
If the incessant level of security breaches continue as they have in recent years, then sooner or later legislation will mandate acceptable standards. And rest assured, as with similar legislation elsewhere, it will require the publication of all those involved both with a security system's design along with those involved in its deployment/implementation.
Seems to me you (and others) wouldn't have publicly expressed this attitude if you'd not been Anonymous Cowards; but, no doubt, you'd still have thought it.
Young Graham, please could you point towards where I stated that i'm happy with the current security situation?
Uh, that'll be nowhere then. Just because someone would prefer to call talentless script kiddies by their real title rather than call them hackers (they are only doing it for the ego boost, why give them the gratification?) does not mean that they are happy with the current status quo. Other than the fact that one of those same script kiddies is sitting in a police station. Perfectly happy with that.
as another of the anonymous cowards above, I'm seriously unimpressed that script kiddies with access to a bunch of easily-found tools can "wreak such havoc". That doesn't mean "methinks" they're anything more than script kiddies. They're not, or if they are they kept it well hidden under a raft of DDoS attacks and a couple of well-known SQL injections.
The fact that they could publicise so much of this is a damning indictment of internet security and there should be a lot of people landing in hot water for it -- but that doesn't make them anything more than what they are, which is script kiddies with big egos and an inability to keep their mouths shut.
Ok theyr'e getting out whilst remaining on top, good for them.
Now ask yourself the following, all of their knowledge, tools and expertise are not suddenly going to disappear. These guys are a little more than just script kiddies.
They were very public now they will become very private.
Which is the most dangerous, when you know publically whats going on or ...................The large institutions will no longer be obliged to publish the hacks now..
I am not convinced that the real damage has even begun.
QUOTE: "Now ask yourself the following, all of their knowledge, tools and expertise are not suddenly going to disappear. These guys are a little more than just script kiddies"
A few reg readers seem to believe what they read, are told by the police, see on TV news, and seem arrogant in their comments
Someone calls them script kiddies and the rest of the reg readers parrot this without any rational thought, i guess it's true, using computers turns users into lobotomised chimps!
Arrogance is for the Stupid.
No back to reseting all my passwords
... I think you missed the point the OP was making. He was saying that the members of LulzSec are more than mere "script kiddies" and that they may now be more dangerous than they wee before - i.e. he was disagreeing with the use of the term by earlier posters, and putting forward what seems to be your point of view.
No, the script kiddies want to be famous "hackers"
Script kiddies want everybody to consider them hackers for the boost to their ego.
I have yet to see any evidence to indicate they are anything but script kiddies smashing up random websites using prepackaged attack tools that the creators aren't stupid enough to use themselves,such as LOIC for DDOS's.
Therefore i'm calling them script kiddies, and I hope everybody else does as well. They don't like that? Good.
They were attacking websites using a SQLi tool released by an Iranian Security company. Download it and give it a whirl, it's ridiculously simple to use and requires _NO_ skills at all to use.
If it finds a vuln it'll try to download the whole database for you.
They've not even the skills to use something a little more adult like sqlmap.
They appear to have made use of LOIC as well as botnets.
Sure, they've a wider skillset than the average internet user but hackers? Please! Anyone here could probably teach a 12 year old to do what they've done using the tools they were using.
Re AC 9:17
If it is so easy, call your shot and take down the site you mark.
Lots of people on here talking big without cashing checks.
Legality be damned eh?
Run an attack just to prove you can? A little egotistical to say the least!
Have you even taken a peek at the tools they were using? They are childsplay to use, and anyone with low morals could attack sites with them (assuming of course those sites were vulnerable).
The creators of the Iranian software do seem to been quite skilled in SQLi, it's a good (if basic) bit of kit. Just because the tool is well made doesn't mean the users have any knowledge.
Funny, if we were talking about bomb making would you be asking for a practical demonstration?
Script kiddies or not, everyone using the 'omg they didn't write their own software' argument is being idiotic. Why would they bother to spend weeks discovering new vulnerabilities and writing their own tools when it's quite clear the sites of large corporations can be screwed over with simple SQL injection? You said it yourself, the tools are already there and easy to use, so why put in more effort to achieve the same result?
Think the point is
Careful research, development of own tools and some basic knowledge is more a hacker trait
Use of someone elses tools, pandering to the media, little apparent knowledge as to how the tools you are using work is a script kiddie trait.
Which of the group you fall in probably doesn't matter if you are successful, but those of us who take time to actually _learn_ how things work are often quite proud of that fact. Being lumped in with a bunch of spotty oiks with little (note I don't say no) knowledge because of overuse of the word hacker? Not exactly going to go down well is it?
The thing is, what they did was childsplay, anyone here could have done it without breaking a sweat. The fact it was so easy to do _is_ a major problem, and companies need to sort themselves out, but Lulzsec have hardly earned the hero status that some people here seem to have elevated them to.
RE: Think the he point is
The reason Lulzsec have their status, regardless of whether you think what they were doing was right or not, is because they actually had the balls to do it. It's all very well saying that it's childs play and that most of us could do it in our sleep but the point is we don't and therefore don't get the status.
Also, if you don't want to be lumped in with the Lulzsec lot then describe yourself as something other than a hacker. Like it or not, with it's adoption by the general public it's meaning has changed. It's not the rest of the world's fault you've built your ego around being a 'hacker' and now everyone thinks you're a 16 year old kid, living with his parents, ddos'ing MegaCorp.
Yeah it must just be a coincidence that the alleged leader of Lulzsec gets arrested and then under a week later the group are shutting down.
That's Lulzsec wiped out. Now they just need to do the same to Anon.
I thought this was just some guy who sort of belongs to the group, rather than anyone important.
I still suspect they're scuttling under the carpet to avoid the much bigger and more dangerous hacking group that's gunning for them.
"Yeah it must just be a coincidence that the alleged leader of Lulzsec gets arrested and then under a week later the group are shutting down."
lol, he was just an admin of a forum, not the leader
Calling for the demise of Anon, whilst posting anonymously.
Nothing more to say to that.
There is nothing wrong with Anon.
They have my unqualified support for letting air and light where it is needed. However, that support could evaporate quickly if it doesn't keep to the apparent code of ethics it has shown so far. LulzSec, on the other hand, didn't show the same balance in what they did, and gave pain to innocent bystanders - they have not had quite the same amount of support from me.
"That's Lulzsec wiped out"
Golly gee, what with their forum and IRC dude helping the police with their enquiries, I'm sure every last member of lulzsec will be hanging up their hacking hat and never being so naughty again!
Or, y'know, they'll be back under a different name next week. All the talent is still out there. The only need they have for leadership is someone to point at a target and say 'kill'.
Nothing wrong with Anon
"They have my unqualified support for letting air and light where it is needed. However, that support could evaporate quickly if it doesn't keep to the apparent code of ethics it has shown so far. LulzSec, on the other hand, didn't show the same balance in what they did, and gave pain to innocent bystanders - they have not had quite the same amount of support from me."
Code of ethics? Anonymous are as bad as Lulzsec. They're in it for the lulz, not because of any deep political beliefs or moral compass. See it for what it is - a bunch of malcontents and juveniles with the power to disrupt websites, usually with some post hoc ergo propter hoc justification for doing it. And many of them lack the sense to see the consequences of their actions either for the sites they attack or ultimately for themselves.
The funny part is realizing that long after people have forgotten about LulzSec / Anonymous some of these jerks will be stewing in prison. Even the ones who get a slap on the wrist may will have ruined their careers even before they started. And it will serve them right.
Just an admin...
"lol, he was just an admin of a forum, not the leader"
How many site admins are you aware of that would host a service on their servers and not help run it?
What is funny is that Lulzsec have packed it all in and thrown in the towel before their latest operation "AntiSec" really gained any ground at all.
Lets be real here, one of their own got busted and now the media is reporting that he is "helping the Police and FBI with their enquiries"
Surprise surprise the group goes to ground.
If this was a planned end of their run then they wouldn't have started AntiSec so close to the end to leave it unfinished for Anon to pick up.
>>"They have my unqualified support for letting air and light where it is needed. However, that support could evaporate quickly if it doesn't keep to the apparent code of ethics it has shown so far."
Didn't they effectively publicise the personal data of the people that ACS:Law was trying to get money from?
Sure, there was a great deal of incompetence and the bulk of the responsibility on the part of ACS:Law, but that doesn't relieve anyone who assisted in publishing that information of responsibility for their part in any consequences.
Seems like they were focussed pretty much entirely on causing maximum embarrassment for their target, which, however laudable a goal, can't excuse a lack of concern about possible effects on any number of innocent people.
I'm not sure that 'the end justifies the means' or even 'If I didn't help publish it, someone else would' are quite what I'd call an 'ethical' philosophy.
Neither would 'well, it was *really* the fault of his bad data practices'.
That's rationalisation, not ethics.
- Geek's Guide to Britain INSIDE GCHQ: Welcome to Cheltenham's cottage industry
- 'Catastrophic failure' of 3D-printed gun in Oz Police test
- Game Theory Is the next-gen console war already One?
- BBC suspends CTO after it wastes £100m on doomed IT system
- Peak Facebook: British users lose their Liking for Zuck's ad empire