agoraphobia
seems like a reason to keep someone in?
50 day lullaby of Lulzsec is over .. for now
After fifty days of wreaking security busting mayhem on websites round the globe, Lulzsec says it's hanging up its hacking hats. Perhaps to forestall accusations either that its members were sinking the LulzBoat in response to rival TeamPoison's threat to expose its members, or that they're clearing out the basement before the …
-
-
-
Monday 27th June 2011 10:08 GMT Anonymous Coward
..... breaking news
Watch and wonder as Mrs 'Lulzsec's Mum' reads this and declares that he has Tourette's syndrome on top of the Agoraphobia and Aspergers.
May be I am the only cynical one who thinks it just a little more than coincidental that when these Über hackers get caught they suddenly develop a whole range of psychological problems?
Cue furious flicking through the pages by anonymous mothers ..........
-
Monday 27th June 2011 12:04 GMT ClareCares
Joke ?
How can you joke about this? It is clear to me that this youngster can't be responsible for his actions, and that the authorities are overreacting. He is unlikely to get a fair trial, and receive a punishment far worse than is justified. This is UK/US injustice at it's very best.
What mother would do anything different?
-
Monday 27th June 2011 12:18 GMT Anonymous Coward
@Clare
I've worked with a few and personally known one person with Asbergers: Unless very severe, Asbergers does not prevent you from knowing the difference between right and wrong or from being responsible for your actions. Certainly not if it went undiagnosed until he was arrested.
As for asserting that he won't get a fair trial, you're drifting off into conspiracy - If it goes to trial, it will be like all trials in the UK, open and held in public. You can make a decision at that point if you think it's not fair, but as I struggle to think of miscarriges of justice in the last 20odd years, I'll stick with a default position of fair, until appears to be otherwise.
-
Monday 27th June 2011 13:17 GMT Anonymous Coward
Re AC
"I've worked with a few and personally known one person with Asbergers: Unless very severe, Asbergers does not prevent you from knowing the difference between right and wrong or from being responsible for your actions. Certainly not if it went undiagnosed until he was arrested."
Given that many people who have read the LulzSec stories and don't have any known psychological problems don't think that he or any of the members did anything wrong, you have no ground to stand on for this argument.
If you stand naked in your front window as the school bus passes, are you guilty of indecent exposure or are they guilty of violating your privacy?
-
Monday 27th June 2011 14:59 GMT Anonymous Coward
@Bullseyed
..... and yet if you are found to have DDoS attacked a web site you may be found guilty of an offense under the Computer Misuse act 1990. How do your various analogies, such as the one above, and the other one about leaving furniture out, suggest that LulzSec haven't done anything wrong?
-
Monday 27th June 2011 15:48 GMT david wilson
@Bullseyed
>>"Given that many people who have read the LulzSec stories and don't have any known psychological problems don't think that he or any of the members did anything wrong, you have no ground to stand on for this argument."
Forget 'wrong', how many of them are confident he and the rest of them didn't do anything *illegal*?
I'm pretty sure that the average prison has loads of people in it who have managed to convince themselves that they haven't really done anything 'wrong', and that any negative outcomes of their actions are really someone else's fault.
If someone made a judgement about the actions of a whole group of people *without even being aware of all the actions those people did*, I'd have to wonder why they were so particularly keen to believe in the innocence of the people in question.
I certainly wouldn't put much trust in the judgement having been reached in good faith, rather than being leapt to as a result of simple rationalisation.
-
-
Tuesday 28th June 2011 06:33 GMT JC 2
@ Re AC
On the contrary, you don't seem to understand that trials and law do not have anything to do with what a handful of people think is "right" or "wrong".
They depend on L A W. If you disapprove of laws, act to change them BEFORE, not AFTER someone gets caught up in a violation, because to have justice, that law must apply just as it had to all those who came before and were tried under it, else it gets elevated to a higher court to decide.
You must be kidding though, to take a vigilante position attacking person(s) because you disapprove of what they do is not wrong? Of course it is, the legal system is the recourse for such things and just as it is that you should let your voice be known to repeal unjust laws, so you should also voice what new laws are needed to keep moving toward justice. Vigilantism cannot fit into this model, it is based on subjective decisions instead of popular vote regardless of what some herd of teenagers with nothing better to do, agree upon to fit in with their peers.
-
-
Tuesday 28th June 2011 07:50 GMT Graham Wilson
@ClareCares--Right, he won't get a fair trial because he's embarrassed the IT Establishment.
Whether the kid is responsible for his actions remains to be seen, however there's no doubt that those caught hacking become scapegoats for a failed, totally inadequate, security system--especially so when their primary purpose is just to hack rather than premeditated cyber crime.
It's clear to me that the IT Establishment has set out to make an example of such kids and throw the book at them because it is embarrassed by its sheer longstanding incompetence and utter inability to protect its IT systems. It's a classic case of 'blame anyone but yourself' and amateur hackers are the obvious target.
It seems revenge is a lot easier than being professionally competent. Over the years, we've witnessed the deliberate revenge the Establishment has handed out to those that embarrass it--from hackers and crackers such as Kevin Mitnick and Jon Johansen to music downloaders like Joel Tenenbaum, all are held up as Satan incarnate. When caught, these people are severely punished and ostracised worldwide yet a bank safecracker is likely to get little more than page-3 notoriety in the local press.
That for many years kid hackers have continually outwitted and made fools of the world's best security experts points us to the REAL culprits--the IT Establishment itself. It's the so-called IT security experts and the manufacturers of Swiss-cheese code such as the Microsofts of this world who are truly responsible for this problem, not a few amateur hackers; yet, as they control establishment power, they not only all get off scot-free and avoid imprisonment but they've real power to shift the full blame onto those who ought to be just bit players.
Those with power can and do and have always set the agenda here; it's never been set by what's morally and technically right or correct.
Users are responsible for protecting their own IT systems in the same way I'm responsible for protecting my wallet. If I don't button up my back pocket or I throw banknotes in the street then it's silly for me to expect that they're going to remain there indefinitely. Banks have long understood this when it comes to locking up and securing cash but it seems that after 50-plus years the IT world has yet still to learn this fact let alone understand how to fix the problem.
The reaction and indignation to Lulzsec by those in the know is the hight of hypocrisy. And that to ordinary citizens, legislators etc., the IT Establishment can hide behind the mumbo-jumbo world of IT security doesn't make it any less so. In reality, the spotlight ought to be focused much more on the IT security profession than on Lulzsec.
Furthermore, that IT security is in such tatters is both serious and alarming. Clearly, if a bunch of amateur hackers can, at will, bring large corporate systems to their knees then just imagine what would happen in an all-out orchestrated cyber war carried out by a foreign power with unlimited resources at its disposal. Frankly, it's hard to believe IT security is in such a shambles but it can't be denied as Lulzsec's provided the necessary proof.
With proper well engineered IT security commonplace, Lulzsec would find something more interesting to do than to show how flawed IT security really is. Pride aside, we ought to take our hats off to them for showing us the way forward.
Presumably, all the thumbs-downs to your post have come from second-raters who don't have a good handle on IT security; clearly they're jealous of Lulzsec's superior IT security skills.
-
-
-
-
-
Sunday 26th June 2011 23:32 GMT Anonymous Coward
I've enjoyed...
...hearing about LulzSec's forays. Can't say I approve of what they've done because there was potentially a lot of real-world hurt unleashed. Some things got poked that needed poking; but they could have thought about the collateral damage, is what I'm sayin'.
Glad it's over. If it is. Suicide notes on the intertubes are worth the paper they're printed on.
-
-
-
-
Tuesday 28th June 2011 08:52 GMT Graham Wilson
@A. Coward -- Re: "self centred little tits with no empathy..."
"self centred little tits with no empathy..." they may be. But it's better to find out security weaknesses now than during an all-out cyber war by a foreign power that has unlimited resources.
At some future time you may thank Lulzsec for the opportunity to fix things in advance.
-
-
-
Monday 27th June 2011 09:17 GMT Anonymous Coward
They are stupid...
Because firstly, they are just a bunch of script kiddies vandalising things. I have yet to see them create anything to improve any part of the world, anywhere. Oh yes, silly me. Talentless little script kiddies can't actually create anything worthwhile, but they can destroy things.
In response to a previous post; They are also stupid because they did keep going until one of their members got caught. At which point he started helping the police track down the other members so quickly the others panicked and quit. Saying afterwards that they planned to quit after X number of days is something only the gullible or stupid will actually beleive. If they intended to quit after X number of days, they would have announced that at the start.
£5 says they are shitting themselves at the moment, which trying to delete all the evidence. Unfortunately, the little kiddies have yet to completely grasp the fact that given that they decided to attack servers, logs of their nefarious activities are spread across the planet, held by people who will be delighted to help the police with their enquiries.
-
-
Monday 27th June 2011 11:39 GMT david wilson
@Norfolk 'n' Goode
>>"And if they kept going untill they got caught.you would call them stupid for not knowing when to quit."
Unless there's potentially something meaningful to gain from the attempt, poking a dog with a stick is stupid whether or not it's carried on to the point where the dog bites the poker (or someone else).
Thinking that doing something risky wasn't daft simply because someone got away with it is *classic* immature-male logic.
Anyway, in this case, it's possible that the dog can wait to bite until *long* after the poking has stopped.
-
-
-
This post has been deleted by its author
-
Tuesday 28th June 2011 11:31 GMT Graham Wilson
@Anonymous Coward -- Another one who's happy with cyber security as it is. Shame!
Your comment, and similar 'script kiddies' comments in posts by others, are the reasons why cyber security is in such a shambles (and why software generally is in such a mess).
Fucking hell, can't you understand that none--THAT MEANS NOT ONE--of these major sites should have been vulnerable to script kiddies.
What you and others are blatantly saying (admitting to) is that major systems can be attacked by amateur script kiddies, yet your only real response is that they're naughty to have done it. Unfortunately, this sloppy unprofessional attitude permeates the IT security industry (and IT generally) and primarily it's the underlying cause of the longstanding IT security problem.
If bridges were designed to such sloppy engineering standards then there would be deaths every week from bridge collapses. However, unlike the very public lives of bridge designers, those who write the code for security systems, hide their sloppiness and mistakes in the compiled code. Compilation and proprietary (secret code) not only hides mistakes but gives programmers anonymity (and thus after disaster a means to escape the wrath of harmed users). Tell me, in all the publicity about all those systems breached by Lulzsec where were all the names of those responsible for designing and programming them. Correct, there were none. Yet again, unscathed, the true perpetrators have escaped to repeat again and again!
Perhaps the details of breaches ought to be the subject of a Wikileaks investigation.
I have considered for quite some time that significant improvements to security systems would result if the designers and programmers were publicly responsible for their code. Programming in Ada and such--where programmers' details are properly logged and embedded in the code module by module--would help to enforce better security. Then, every time a security module was compromised or breached, the name, rank and serial number of the designers/programmer(s)--the perpetrators--would be available for all the world to see. Public disgrace and humiliation not to mention future employment being put in jeopardy would quickly enforce better security standards.
This is not without precedent either, and it goes back a long way in civil engineering. Take for example the Tay Bridge disaster of 1879 where the bridge designer--the notoriously tight-arsed, cheapskate engineer, Sir Thomas Bouch--cut corners everywhere which resulted in the loss of 75 lives. A subsequent inquiry exposed him when it summed up the bridge as being "badly designed, badly built, and badly maintained". Bouch died in disgrace shortly afterwards. A similar fate befell the famous and very successful bridge designer Leon Moisseiff--the still-standing Manhattan Bridge amongst his achievements--but whose Tacoma Narrows bridge (Galloping Gertie) dramatically failed in 1940. Moisseiff became too cocky and failed to attend to minor but significant details that would have prevented the collapse. He too died in disgrace several yeas later with his wonderful career in tatters.
Today, any bridge designer knows that a collapse means disgrace, humiliation and end of career. So too should be the fate of the system designers/programmers of large security systems that fail and are breached by hackers.
If the incessant level of security breaches continue as they have in recent years, then sooner or later legislation will mandate acceptable standards. And rest assured, as with similar legislation elsewhere, it will require the publication of all those involved both with a security system's design along with those involved in its deployment/implementation.
Seems to me you (and others) wouldn't have publicly expressed this attitude if you'd not been Anonymous Cowards; but, no doubt, you'd still have thought it.
-
Tuesday 28th June 2011 12:17 GMT Anonymous Coward
Twit.
Young Graham, please could you point towards where I stated that i'm happy with the current security situation?
Uh, that'll be nowhere then. Just because someone would prefer to call talentless script kiddies by their real title rather than call them hackers (they are only doing it for the ego boost, why give them the gratification?) does not mean that they are happy with the current status quo. Other than the fact that one of those same script kiddies is sitting in a police station. Perfectly happy with that.
Yours,
AC.
-
This post has been deleted by its author
-
-
-
-
-
-
Monday 27th June 2011 07:01 GMT Khaptain
Careful Folks
Ok theyr'e getting out whilst remaining on top, good for them.
Now ask yourself the following, all of their knowledge, tools and expertise are not suddenly going to disappear. These guys are a little more than just script kiddies.
They were very public now they will become very private.
Which is the most dangerous, when you know publically whats going on or ...................The large institutions will no longer be obliged to publish the hacks now..
I am not convinced that the real damage has even begun.
-
Monday 27th June 2011 08:36 GMT Anonymous Coward
No joke
QUOTE: "Now ask yourself the following, all of their knowledge, tools and expertise are not suddenly going to disappear. These guys are a little more than just script kiddies"
A few reg readers seem to believe what they read, are told by the police, see on TV news, and seem arrogant in their comments
Someone calls them script kiddies and the rest of the reg readers parrot this without any rational thought, i guess it's true, using computers turns users into lobotomised chimps!
Arrogance is for the Stupid.
No back to reseting all my passwords
-
Monday 27th June 2011 09:17 GMT Intractable Potsherd
@AC...
... I think you missed the point the OP was making. He was saying that the members of LulzSec are more than mere "script kiddies" and that they may now be more dangerous than they wee before - i.e. he was disagreeing with the use of the term by earlier posters, and putting forward what seems to be your point of view.
-
Monday 27th June 2011 09:17 GMT Anonymous Coward
No, the script kiddies want to be famous "hackers"
Script kiddies want everybody to consider them hackers for the boost to their ego.
I have yet to see any evidence to indicate they are anything but script kiddies smashing up random websites using prepackaged attack tools that the creators aren't stupid enough to use themselves,such as LOIC for DDOS's.
Therefore i'm calling them script kiddies, and I hope everybody else does as well. They don't like that? Good.
-
Monday 27th June 2011 09:38 GMT Anonymous Coward
Script Kiddies
They were attacking websites using a SQLi tool released by an Iranian Security company. Download it and give it a whirl, it's ridiculously simple to use and requires _NO_ skills at all to use.
If it finds a vuln it'll try to download the whole database for you.
They've not even the skills to use something a little more adult like sqlmap.
They appear to have made use of LOIC as well as botnets.
Sure, they've a wider skillset than the average internet user but hackers? Please! Anyone here could probably teach a 12 year old to do what they've done using the tools they were using.
-
This post has been deleted by its author
-
Monday 27th June 2011 14:05 GMT Anonymous Coward
Legality be damned eh?
Run an attack just to prove you can? A little egotistical to say the least!
Have you even taken a peek at the tools they were using? They are childsplay to use, and anyone with low morals could attack sites with them (assuming of course those sites were vulnerable).
The creators of the Iranian software do seem to been quite skilled in SQLi, it's a good (if basic) bit of kit. Just because the tool is well made doesn't mean the users have any knowledge.
Funny, if we were talking about bomb making would you be asking for a practical demonstration?
-
Monday 27th June 2011 14:59 GMT Anonymous Coward
Stupid arguments...
Script kiddies or not, everyone using the 'omg they didn't write their own software' argument is being idiotic. Why would they bother to spend weeks discovering new vulnerabilities and writing their own tools when it's quite clear the sites of large corporations can be screwed over with simple SQL injection? You said it yourself, the tools are already there and easy to use, so why put in more effort to achieve the same result?
-
Monday 27th June 2011 18:11 GMT Anonymous Coward
Think the point is
Careful research, development of own tools and some basic knowledge is more a hacker trait
Use of someone elses tools, pandering to the media, little apparent knowledge as to how the tools you are using work is a script kiddie trait.
Which of the group you fall in probably doesn't matter if you are successful, but those of us who take time to actually _learn_ how things work are often quite proud of that fact. Being lumped in with a bunch of spotty oiks with little (note I don't say no) knowledge because of overuse of the word hacker? Not exactly going to go down well is it?
The thing is, what they did was childsplay, anyone here could have done it without breaking a sweat. The fact it was so easy to do _is_ a major problem, and companies need to sort themselves out, but Lulzsec have hardly earned the hero status that some people here seem to have elevated them to.
-
Monday 27th June 2011 22:28 GMT Anonymous Coward
RE: Think the he point is
The reason Lulzsec have their status, regardless of whether you think what they were doing was right or not, is because they actually had the balls to do it. It's all very well saying that it's childs play and that most of us could do it in our sleep but the point is we don't and therefore don't get the status.
Also, if you don't want to be lumped in with the Lulzsec lot then describe yourself as something other than a hacker. Like it or not, with it's adoption by the general public it's meaning has changed. It's not the rest of the world's fault you've built your ego around being a 'hacker' and now everyone thinks you're a 16 year old kid, living with his parents, ddos'ing MegaCorp.
-
-
-
-
-
-
-
-
-
-
Monday 27th June 2011 10:46 GMT Anonymous Coward
Just an admin...
"lol, he was just an admin of a forum, not the leader"
How many site admins are you aware of that would host a service on their servers and not help run it?
What is funny is that Lulzsec have packed it all in and thrown in the towel before their latest operation "AntiSec" really gained any ground at all.
Lets be real here, one of their own got busted and now the media is reporting that he is "helping the Police and FBI with their enquiries"
Surprise surprise the group goes to ground.
If this was a planned end of their run then they wouldn't have started AntiSec so close to the end to leave it unfinished for Anon to pick up.
-
-
Monday 27th June 2011 09:17 GMT Intractable Potsherd
There is nothing wrong with Anon.
They have my unqualified support for letting air and light where it is needed. However, that support could evaporate quickly if it doesn't keep to the apparent code of ethics it has shown so far. LulzSec, on the other hand, didn't show the same balance in what they did, and gave pain to innocent bystanders - they have not had quite the same amount of support from me.
-
Monday 27th June 2011 10:08 GMT DrXym
Nothing wrong with Anon
"They have my unqualified support for letting air and light where it is needed. However, that support could evaporate quickly if it doesn't keep to the apparent code of ethics it has shown so far. LulzSec, on the other hand, didn't show the same balance in what they did, and gave pain to innocent bystanders - they have not had quite the same amount of support from me."
Code of ethics? Anonymous are as bad as Lulzsec. They're in it for the lulz, not because of any deep political beliefs or moral compass. See it for what it is - a bunch of malcontents and juveniles with the power to disrupt websites, usually with some post hoc ergo propter hoc justification for doing it. And many of them lack the sense to see the consequences of their actions either for the sites they attack or ultimately for themselves.
The funny part is realizing that long after people have forgotten about LulzSec / Anonymous some of these jerks will be stewing in prison. Even the ones who get a slap on the wrist may will have ruined their careers even before they started. And it will serve them right.
-
Monday 27th June 2011 12:40 GMT CD001
erm...
----
Anonymous are as bad as Lulzsec. They're in it for the lulz, not because of any deep political beliefs or moral compass. See it for what it is - a bunch of malcontents and juveniles with the power to disrupt websites, usually with some post hoc ergo propter hoc justification for doing it.
----
Erm.... surely anon is just that, anon - could be you, could be me, could by anyone with access to the intertubes... apart from motivation they may not be any different from the teachers going on strike next week - protesting against something they disagree with. ... or not, they're anonymous, who knows *shrugs*
-
Monday 27th June 2011 15:48 GMT DrXym
Well no
"Erm.... surely anon is just that, anon - could be you, could be me, could by anyone with access to the intertubes..."
It could be but it isn't. Just because you don't know the ringleaders doesn't mean there are no ringleaders. Someone writes the tools, someone hosts their chat sites, someone has the crypto keys to start campaigns, someone proposes targets and urls. They're ringleaders - people with the skills and motivation to run attacks. It may be some come and go between particular attacks but there is a continuous thread running through all attacks.
The smart ones just make sure not to actually participate in the attacks and let some other morons take the fall.
-
Monday 27th June 2011 15:55 GMT david wilson
@CD001
>>"apart from motivation they may not be any different from the teachers going on strike next week - protesting against something they disagree with. ..."
Not any different at all.
Apart from the matter of legality, of course.
And the fact that people going on strike do so openly.
And the fact that they probably take more time to think about things than a bunch of online teenagers do, and are likely much more aware of the consequences of their actions.
If the actions of Anonymous are justifiable, they are best justified by looking at the supposed causes of its actions, and their effects, not by making a piss-weak analogy with an radically different scenario, where about the /only/ thing in common is the claim that protest was a *cause* of the Anonymous actions, when to many people, it looks more like an excuse.
If the actions can't be justified on a standalone basis, then an analogy (even a non-useless one) is pointless.
If they can be justified on a standalone basis, then an analogy is superfluous.
-
-
Monday 27th June 2011 13:17 GMT Anonymous Coward
Re DrXyrm
"Code of ethics? Anonymous are as bad as Lulzsec."
Since you don't appear to be in the know, LulzSec splintered off of Anon as a result of the HBGary hack. Anon kept some of the emails and data private against the wishes of some of the hackers. Thus they formed their own group determined to act in a 'no holds barred' manner.
And you all need to realize what this was: a recruitment drive. The new group needs members to become as strong as Anon. They pulled off these high profile acts to get more talent interested in the group and to build up some fanboys to do things like run their IRC.
-
-
-
This topic is closed for new posts.
Biting the hand that feeds IT
