So, whats your opinion about Lulzsec???

Viewing 40 reply threads
  • Author
    Posts
    • #6513
      j0rDy
      Participant

      we have all read the news lately, and we all have heard about Lulzsec and their escapades. We all know the opinion of the media and of the targeted companies. We know the opinion of Lulzsec (4 the lulz :P), but what do you think of this?

      i personally as a white-hat i don’t agree with their actions (ofcourse), but i see it as a revolution in the security world. Never before has a team of hackers been this open about hacks and clearly they really did think this through.

      Whats your opinion???

    • #40321
      yatz
      Participant

      In their latest “press release” they seem to be expecting to be caught eventually and they really don’t care.  I wonder if they can really speak for the whole when they say that?  Hm.

      That is a good point about them being open about their hacks, which normal people don’t typically hear about.  My guess is in the underground the hacks are just as sensationalized, though I could be wrong.

      The culture of Lulzsec saddens me because I feel it is a culture of people who have lots of potential that can’t make proper use of it, and they need to express their frustration in a kind of cynical, fatalistic activism.  Maybe I’m old fashioned, but I believe anyone with the kind of dedication, expertise and innovation it takes to do these hacks can really make a good life using their talents legally (and morally for that matter).

    • #40322
      lorddicranius
      Participant

      While their adventures on the high seas are illegal, I like Patrick Gray’s article Why we secretly love LulzSec:

      So why do we like LulzSec?

      “I told you so.”

      That’s why.

      They’re finally able to open upper management’s eyes as to how insecure everything really is.  They’re able to do what infosec pro’s have been unable to do (not due to lack of ability, but due to management’s lack of caring).

      It’s mixed feelings really.  ‘Illegal…but thank you!’ *shrug*

    • #40323
      jsm725
      Participant

      ***Disclaimers about how LulzSec is doing illegal things and they are bad people, etc., etc., etc.***

      On one hand I do see it as a revolution. High profile attacks give us (white hat professionals) backing when we make claims that security is not just a cost center but a worthwhile and necessary investment.

      On the other hand, average Joe’s (including the media and Executives) don’t understand these attacks. It’s hard to find stories in mainstream outlets that explain the attacks adequately. If there is one thing that scares people, it is the unknown. These attacks take place in a realm that might as well be supernatural as far as an average person is concerned. This type of fear can lead to unnecessary and far reaching efforts to crack down on internet activity. And that is almost as scary as steady string of high-profile attacks.

      IMHO of course.  😉

    • #40324
      j0rDy
      Participant
    • #40325
      Data_Raid
      Participant

      Maybe not j0rdy:

      Twitter update: LulzSec The Lulz Boat
      Seems the glorious leader of LulzSec got arrested, it’s all over now… wait… we’re all still here! Which poor b*stard did they take down?

    • #40326
      Darktaurus
      Participant

      @Data_Raid wrote:

      Maybe not j0rdy:

      Twitter update: LulzSec The Lulz Boat
      Seems the glorious leader of LulzSec got arrested, it’s all over now… wait… we’re all still here! Which poor b*stard did they take down?

      Did seem a little too easy or fast.  But they do have every organization chasing them.  We will see I guess, who they really have.

    • #40327
      hayabusa
      Participant

      I’m sure they’ll be busting folks for a bit, yet.  Even if they get the leader, you KNOW others will chime in, to make it look like nothing happened, or to ‘assume’ a lead role.  Give the authorities some time.  They’re not done busting, yet…

    • #40328
      jsm725
      Participant

      I am glad to see movement against these guys. My only hope is that the authorities can differentiate punishment between leaders and high-school or college kids that think installing LOIC on there personal computers makes them hackers. Should they be punished? Absolutely. Should it ruin the rest of their lives? Absolutely not.

    • #40329
      El33tsamurai
      Participant

      I don’t really agree what they have done is right but I also wonder if any of there members read these forums?

    • #40330
      SithLord2K
      Participant

      For this sticky situation, My possition would have to be as follows. I agree with the release of information they got from their hacks, HOWEVER I think they should have contacted said companies and informed them of the vulnerabilities without taking the information and posting peoples usernames and passwords online for griefing childish people to get their hands on and use however they please. What they are doing is illegal and as such they should be punished for their crimes, that’s assuming they can be tracked down and arrested. I also feel that the LOIC that Anon has used so much is not a hacker tool, since from the information i could find on it tells me it’s just for disrupting internet connections. Anyways that’s my 2 cents.

    • #40331
      tattoo85
      Participant

      Hacking is still hacking whatever word you will say it.  Its still not ethical and what they’re doing is not that good.  Wish it was true that they’re after Lulz for what they did.  Goodluck and keep us posted on their latest escapade. 😉

    • #40332
      j0rDy
      Participant

      @Data_Raid wrote:

      Maybe not j0rdy:

      Twitter update: LulzSec The Lulz Boat
      Seems the glorious leader of LulzSec got arrested, it’s all over now… wait… we’re all still here! Which poor b*stard did they take down?

      maybe, maybe not ;):

      http://www.thesun.co.uk/sol/homepage/news/3651298/Essex-geek-Ryan-Cleary-is-Sony-hacker.html?OTC-RSS&ATTR=News

    • #40333
      cd1zz
      Participant

      Lulz is denying that he is the leader. They said the only way he was affiliated with them was that he hosted one of their public/legitimate IRC servers. Who knows what the real story is.

      They’re way to chatty not to get caught. They’ll make a mistake at some point.

    • #40334
      hayabusa
      Participant

      @tattoo85 wrote:

      Hacking is still hacking whatever word you will say it.  Its still not ethical and what they’re doing is not that good.

      Well, I don’t fully agree with your statement, above.  In the context of malicious ‘hackers / hacking’ I’d agree that it’s illegal and unethical.  However, the term hacker did NOT originate as an evildoer, nor hacking as an evil practice.  In fact, looking up “hack” on http://dictionary.reference.com, yields the following definition:

      Computers . to devise or modify (a computer program), usually skillfully.

      That does NOT imply wrongdoing, nor does it imply a lack of ethics.  The original hackers were those who modified even their OWN code, to do things differently, etc.

      This goes back to the debate over using the term “ethical hacker” versus “penetration tester”  If used in the correct context, either term is valid, but I tend to prefer to use Penetration Tester, so as to remove doubt.

      Edit: But in the context of Lulz, etc, I’d agree… unethical

    • #40335
      El33tsamurai
      Participant

      I am sorry but they are going to far and the people hunting them have more funds backing them they will get caught someday.

    • #40336
      alucian
      Participant

      @lorddicranius wrote:

      While their adventures on the high seas are illegal, I like Patrick Gray’s article Why we secretly love LulzSec:

      So why do we like LulzSec?

      “I told you so.”

      That’s why.

      They’re finally able to open upper management’s eyes as to how insecure everything really is.  They’re able to do what infosec pro’s have been unable to do (not due to lack of ability, but due to management’s lack of caring).

      It’s mixed feelings really.  ‘Illegal…but thank you!’ *shrug*

      I completely agree with you. It even opened the eyes to many security managers.

    • #40337
      El33tsamurai
      Participant

      Yeah but its a really crappy eye opener, I feel bad for them.  Also brings job security to the market though.

    • #40338
      El33tsamurai
      Participant
    • #40339
      j0rDy
      Participant

      The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some “kids who live with their parents”. in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

      hmm, it may have happened sooner then i thought:

      http://www.lulzsecurity.com

      This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare’s Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.

    • #40340
      Cashiuus
      Participant

      Hacker on hacker action, interesting. On3iroi setup a wordpress site announcing some operations: https://on3iroi.wordpress.com. He claims to be the one that took their site down.

    • #40341
      Data_Raid
      Participant

      @j0rDy wrote:

      The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some “kids who live with their parents”. in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

      hmm, it may have happened sooner then i thought:

      http://www.lulzsecurity.com

      This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare’s Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.

      The site is back up, they have added Arizona Law Enforcement info: http://lulzsecurity.com/releases/chinga_la_migra_1.txt

      Amazed at those passwords!

    • #40342
      Marinajha
      Participant

      In coordination with international law enforcement agencies, police in the UK have arrested a young male connected to an infamous hacker group. The Wickford male, aged 19 years, was taken from his home to Scotland Yard for supposed computer infractions. Here is the proof: Accused member of hacker group LulzSec arrested in UK

    • #40343
      Cashiuus
      Participant

      That is the same guy that was arrested a few days ago that LulzSec has denounced all over Twitter as not being an actual member and blaming news media for putting out coverage on false information. Who knows, could be or maybe he isn’t.

    • #40344
      j0rDy
      Participant

      @Data_Raid wrote:

      Amazed at those passwords!

      i always have to *facepalm* when i see another ‘12345’ one…or any other 500 worst passwords password for that matter…

    • #40345
      El33tsamurai
      Participant

      @Data_Raid wrote:

      @j0rDy wrote:

      The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some “kids who live with their parents”. in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

      hmm, it may have happened sooner then i thought:

      http://www.lulzsecurity.com

      This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare’s Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.

      The site is back up, they have added Arizona Law Enforcement info: http://lulzsecurity.com/releases/chinga_la_migra_1.txt

      Amazed at those passwords!

      I have not looked at the document but could only imagine, but the problem is that no one is teaching these people what passwords should be.

    • #40346
      j0rDy
      Participant

      @El33tsamurai wrote:

      @Data_Raid wrote:

      @j0rDy wrote:

      The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some “kids who live with their parents”. in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

      hmm, it may have happened sooner then i thought:

      http://www.lulzsecurity.com

      This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare’s Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.

      The site is back up, they have added Arizona Law Enforcement info: http://lulzsecurity.com/releases/chinga_la_migra_1.txt

      Amazed at those passwords!

      I have not looked at the document but could only imagine, but the problem is that no one is teaching these people what passwords should be.

      the point is that you dont have to TEACH users about strong passwords, just enforce it…or if that is not “user friendly”, provide guidance in choosing a strong password (like you sometimes see at website, with a colour bar that shows the strength of the password).

    • #40347
      El33tsamurai
      Participant

      @j0rDy wrote:

      @El33tsamurai wrote:

      @Data_Raid wrote:

      @j0rDy wrote:

      The work of Lulzsec is clearly that of younger people. When there identities are known (and its not a question if, but when) you will see that the IT business is shocked that this can be done by some “kids who live with their parents”. in the end they will spend a fortune on fixing everything, and within a few years it will all be outdated again, letting the story start from the beginning.

      hmm, it may have happened sooner then i thought:

      http://www.lulzsecurity.com

      This page (http://lulzsecurity.com/) is currently offline. However, because the site uses CloudFlare’s Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking in the background and, as soon as the site comes back, you will automatically be served the live version. Alternatively, you can retry the live version.

      The site is back up, they have added Arizona Law Enforcement info: http://lulzsecurity.com/releases/chinga_la_migra_1.txt

      Amazed at those passwords!

      I have not looked at the document but could only imagine, but the problem is that no one is teaching these people what passwords should be.

      the point is that you dont have to TEACH users about strong passwords, just enforce it…or if that is not “user friendly”, provide guidance in choosing a strong password (like you sometimes see at website, with a colour bar that shows the strength of the password).

      These guys are not info sec guys, they are police officers.  They probably don’t have local IT guys to tell them what a strong password are or enforce. This sounds funny to us because we know what this is, but they don’t.  And to say they don’t need to be TAUGHT just forced well buddy thinking like that will never get you any where.  Forcing people to do something without explaining why they should do it is going to get you no where, this is why people don’t want info sec because most of info sec guys have the mentality that I know more that you so just do it.  From what I have seen and read people work better if you inform them and then tell them the requirements that need to be met, you will get less resistance this way.  So with this said people need to be taught with security awareness.

    • #40348
      hayabusa
      Participant

      You’re absolutely right.  But I think you’re a bit harsh on the rebuttal, towards j0rDy, El33tsamurai.  I don’t think he intended it quite the way you took it.  By enforce it, I’m certain he meant having systems and policies, in place, to not allow ‘weak passwords’

      That said, this is exactly why both companies and govt agencies, alike, need better security postures, and training, guided by folks who do understand the in’s and out’s of ‘real’ security.

    • #40349
      j0rDy
      Participant

      @hayabusa wrote:

      You’re absolutely right.  But I think you’re a bit harsh on the rebuttal, towards j0rDy, El33tsamurai.  I don’t think he intended it quite the way you took it.  By enforce it, I’m certain he meant having systems and policies, in place, to not allow ‘weak passwords’

      That said, this is exactly why both companies and govt agencies, alike, need better security postures, and training, guided by folks who do understand the in’s and out’s of ‘real’ security.

      you are right hayabusa, thats exactly how i mean it. a security awareness training once a year wont hurt anyone, and by implementing policies and guidelines along with applications that just dont allow weak passwords (when you enter one you will get a message that the password is too weak and you have to choose another one) might be considered annoying, but giving the news items lately it has become mandatory to do so.

      if you look at recent developments on password cracking, depending on the cracking and hashing method, an eight character password containing all possible characters takes about a day if you have “just” a high end workstation. after that it becomes significant longer (nine takes about a week and ten takes 20 years or something), so if you want to protect valuable information, i think you know what to do.

    • #40350
      El33tsamurai
      Participant

      @hayabusa wrote:

      You’re absolutely right.  But I think you’re a bit harsh on the rebuttal, towards j0rDy, El33tsamurai.  I don’t think he intended it quite the way you took it.  By enforce it, I’m certain he meant having systems and policies, in place, to not allow ‘weak passwords’

      That said, this is exactly why both companies and govt agencies, alike, need better security postures, and training, guided by folks who do understand the in’s and out’s of ‘real’ security.

      I agree with you and sorry did not mean for it to come off so harsh just working with people that don’t know this stuff I know how sometimes it can be frustrating for them if its forced on them.  The biggest problem before this happened I would say is companies did not want to give that much money to the info sec department because they thought well who’s going to hack us.  Now I think more money will be put towards info sec I hope.

    • #40351
      El33tsamurai
      Participant

      @j0rDy wrote:

      @hayabusa wrote:

      You’re absolutely right.  But I think you’re a bit harsh on the rebuttal, towards j0rDy, El33tsamurai.  I don’t think he intended it quite the way you took it.  By enforce it, I’m certain he meant having systems and policies, in place, to not allow ‘weak passwords’

      That said, this is exactly why both companies and govt agencies, alike, need better security postures, and training, guided by folks who do understand the in’s and out’s of ‘real’ security.

      you are right hayabusa, thats exactly how i mean it. a security awareness training once a year wont hurt anyone, and by implementing policies and guidelines along with applications that just dont allow weak passwords (when you enter one you will get a message that the password is too weak and you have to choose another one) might be considered annoying, but giving the news items lately it has become mandatory to do so.

      if you look at recent developments on password cracking, depending on the cracking and hashing method, an eight character password containing all possible characters takes about a day if you have “just” a high end workstation. after that it becomes significant longer (nine takes about a week and ten takes 20 years or something), so if you want to protect valuable information, i think you know what to do.

      Hey man I am sorry if I came off harsh, also on this note I think security awareness should be going on all the time.  Should have posters made and put up all over the place ie:

      http://www.infosecuritylab.com/index.php?page=9

      This will make people smile as they walk by and more likely to remember the message.  Have the positions changes once a month so the same people are looking at different posters all the time.  Have a security intranet website or newsletter where the people can go and get updates about info sec.  Give away things like pens, mugs, mouse pads, ect if the budge allows for it to people that are security conscience.  Then have trainings once every 6 months or year, but make it fun so people will want to come not just a power point and lecture.  The more fun you make it the more people will want to do it.

    • #40352
      j0rDy
      Participant

      Is it truly the end of Lulzsec???

      http://pastebin.com/1znEGmHa

      Perhaps it is for the best, statement is made, the whole IT market is on its toes again and we are getting more work then ever…

    • #40353
      El33tsamurai
      Participant

      Looks like they are quitting before they all get caught, wonder if this will help them.  The people looking for them I fell will probably find them with all the sorceress at there disposal.

    • #40354
      El33tsamurai
      Participant

      https://www.infosecisland.com/blogview/14784-Warning-Original-50-Days-of-Lulz-Payload-is-Infected.html

      Well, well check this out turns out the RAR file offered as a torrent download turns out to be a backdoor malware!

    • #40355
      El33tsamurai
      Participant
    • #40356
      j0rDy
      Participant

      hmm, i wonder if lulzsec put the RBOT malware there or if the actual system was infected…guess we will never know…

    • #40357
      lorddicranius
      Participant

      An interesting analysis of the download:

      Is LulzSec Final Release really infected with a Trojan?

    • #40358
      El33tsamurai
      Participant

      @j0rDy wrote:

      hmm, i wonder if lulzsec put the RBOT malware there or if the actual system was infected…guess we will never know…

      Come on man oldest trick in the book.  Trojan horse ring a bell, lol?

    • #40359
      lorddicranius
      Participant

      A follow-up/supporting article to the previous link I posted:

      LulzSec’s Parting Trojan Is a False Positive

      So, was AT&T using a pirated copy of WinRar? haha

    • #40360
      j0rDy
      Participant

      @El33tsamurai wrote:

      @j0rDy wrote:

      hmm, i wonder if lulzsec put the RBOT malware there or if the actual system was infected…guess we will never know…

      Come on man oldest trick in the book.  Trojan horse ring a bell, lol?

      odds are (were actually) they put it in themselves, but if they just copy files from a system, chances are they copy (without knowing about it) an infected file with it…but the pirated WinRar story is great!

Viewing 40 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?