Geek Post Alert: LulzSec aka Hacker group of the month
I have been pretty quiet on the whole LulzSec fiasco. Mostly because I feel like the traffic cop shouting “Nothing to see here, move along…”
This is the hacking group du jour. That’s it, nothing special. They claim they have done some things that should set them apart (did they really hack the CIA)?
Here is the rub, the really good crackers don’t tell anyone what they have cracked. (Crackers are bad guys, hackers are really people who find vulnerabilities and flaws, the media has chosen to use the name hackers for everyone good and bad.)
I am always suspicious when I see a group publicizing their amazing skills. Think about it, if you broke into a government computer system would you:
a) brag to everyone about how clever you are
b) see what data you could get on government contracts or pretty much anything you could turn into valuable stock purchases
c) since these folks don’t seem to be American citizens, download whatever intel you could and sell to the highest bidder and try to keep your presence a secret for as long as possible to continually grab more data
Uh, HELLO! That really wasn’t a hard question, was it? It isn’t like you can turn around and add this to a resume, not a legitimate one anyway.
Regardless of what it may look like in movies or on TV, breaking into stuff is hard, it takes patience, a tremendous amount of trial and error and it takes time. This is not something you wake up one morning to do and have completed by lunch. The larger and more secret the target the more difficult the task, the CIA piece looks to be just public web nuisance stuff anyway.
Look at China, everyone is pretty sure they have one of the largest cyber warfare divisions out there. They deny it. The truth is; coming out of China are some of the more consistent, invasive attacks across the Internet, and again no one is admitting anything, success or failure.
According to The Washington Post this morning, the LulzSec timeline looks something like this:
Early May: LulzSec arrives on Twitter and claims its first series of attacks, leaking what it says is a database of contestants on the show “X Factor.”
May 30: LulzSec breaks into the Web site of PBS and posts a fake story saying rappers Tupac Shakur and Biggie Smalls are alive (both are dead). The hack is seen as a response to a PBS documentary critical of WikiLeaks founder Julian Assange.
June 2: The hackers attack Sony Pictures Entertainment, posting the usernames, passwords, e-mail addresses and phone numbers of tens of thousands of people. Sony enlists help from the FBI.
June 3: Unperturbed by the FBI’s involvement, LulzSec steals 180 passwords from the Atlanta chapter of an FBI partner organization called InfraGard. LulzSec says the attack is in response to reports that the Pentagon may classify some cyberattacks as tools of war. The hackers also say they have used one of the passwords to steal nearly 1,000 e-mails from Unveillance LLC, an Internet surveillance company in Delaware, including an e-mailed report about how Libya’s oil industry could be compromised by computer viruses.
June 7: LulzSec says it has hit Sony again, this time on the company’s developer network and music entertainment division.
June 10: LulzSec leaks what it says is a database of e-mail addresses and passwords of pornography Web site users, including some belonging to U.S. Army members.
June 13: LulzSec says its has stolen information from 200,000 video game users, but doesn’t release much of it because it says it likes the company. The hackers also attack the U.S. Senate Web site by accessing a public-facing server.
June 16: The CIA’s public Web site faces problems, and LulzSec claims responsibility. The hackers also release a “grab bag” of e-mail addresses and passwords.
June 17: LulzSec insists they are not attacking Anonymous, another hacker group.
June 20: InfraGard is attacked again, with several hundred accounts compromised at a Connecticut branch of the company. The U.K.’s Serious Organized Crime Agency Web site is also brought down and the group claims responsibility. Game company Sega is hit with a cyber attack that breaches 1.3 million users’ personal information.
June 21: A 19-year-old British man is arrested and later charged with attacking the Serious Organized Crime Agency. LulzSec says his involvement with the group was only tangential.
June 24: LulzSec claims credit for an attack on the Arizona Department of Public Safety, posting internal documents, manuals, e-mail correspondence, names, phone numbers, addresses and passwords taken from the department. The group said it released the documents because it opposes Arizona’s immigration enforcement law.
June 25: LulzSec announces it is quitting its attacks and releases one final package of hacked data, including internal documents from AOL and AT&T.
The time has come to say Goodbye to Jed and all his Kin…LulzSec thanks for keeping us entertained through the month of June, I wonder who we’ll talk about in July…