Sophos Cloud Optix
The members of LulzSec say that they’re doing it for the “Lulz” and their mission is to spread “fun, fun, fun”.
How are they spreading “fun” into our drab IT lives? By hacking into company websites, exposing personal information and launching denial-of-service attacks against online games.
So, our question is this – are they succeeding in amusing you? Or are you just not getting the joke?
Sorry, the poll is now closed. But thanks to the 1500+ of you have shared your opinion.
It may be true that some companies have not defended their webservers properly, and are careless with their customers’ data. But that doesn’t make it right to act irresponsibly or break the law. There are better ways of getting issues like that resolved.
Even if the company isn’t responding to your concern that their defences are weak, you could approach a journalist and demonstrate the vulnerability to them. They could then publicise the security hole in a responsible way – without putting innocent folks at risk.
Personally, I find it disturbing that so many internet users appear to support LulzSec as it continues to recklessly break the law.
If you still have something to say on the topic, leave a comment below. Whether you believe LulzSec are providing a valuable service by exposing weak security or if you think that their behaviour is irresponsible, we’re interested in hearing your opinion.
Spread the lulz!
LulzSec are providing a valuable service by exposing not only weak security but also strong security, now a days there is no secure at all. But in a near future security will be strong because hackers are contributing to make it better!
Just because they are bored and cannot think of anything better to do, they have to launch illegal hacking attacks on legitimate sites. I get bored, but I don't do anything to spoil other people's lives.
Lulz……reigns..
You are missing an option in the poll.
"I don't find THEM amusing, but they're making a good point at how weak a lot of system security is."
I don't think they're ' uberhackers ' and are using common exploits to gain entry, which is more concerning than uberhackers getting in, stealing info, selling it to their paying client(s) and never revealing the hack.
I’m with you on that, Jayton.
(So I haven’t voted)
Although these are negative actions, they teach people people how insecure their actions are. For example one of the users email addresses leaked contained the password and answers to the secret questions within the email address itself, the regular users don't watch your good video on how to create a strong password or listen to peoples advice, so the only way left to teach these people is to slap them on the face and wake them up to the risks.
If they really wanted lulz then go watch a freaking movie. You don't see me getting lulz by shooting hackers in the face with 3.5" magnum rounds and ruining their day.
I honestly don't know why you are feeding them attention to begin with. That is all they want. They are not some elite group … they use very common exploits that any Internet user can research. Especially SQL Injections. Oh
I think perhaps that is the point. If they're known exploits why have these companies not configured their infrastructure correctly or patched against the threat? I'm don't really know if I support them but surely we should be aware that the data we have stored with them is not secure against common exploits.
I am not a security EXPERT, rather a security hobbyist. Let me start by saying I used to be fan of Lulzsec, albeit agreeing that what they are doing is illegal, and I have no doubt they will eventually get arrested. I Also agree with the article that was written a few weeks back about a majority of the security industry secretly rooting for Lulzec, I used to. They are fun, and amusing to watch, and in a sense they were exposing security weaknesses. However, lately I believe they have become "drunk with power" and are becoming reckless and dangerous. It was "fun" (even though we can’t openly admit it to the guy next to us) to watch them take out porn sites, fight for the individuals without voices and do damage to mega companies that "deserve" it [If you're the type who are anti capitalistic]. Recently I must admit, they have started losing my respect. Its one thing to be the unsung cyber superhero of the internet, but power corrupts. They have now become the somewhat known cyber superA##holes of the internet. Does this bother them? Probably not, this just goes to reinforce above mentioned statement. Sure I waste a few hours a week of my life pretending to achieve something in EVE Online – is this why I wrote this comment, after CCP got hacked and forcing me to use a hour of my life to do something ACTUALLY productive? – I would like to believe not. (Though wives and girlfriends, perhaps even some husbands all over the world probably became secret admirers of lulzec after their usually vegetative-state spouses were forced to spend some time with them) In time Lulzsec will be brought to justice and in time another super cyber villain disguised as a hero will rise, claim fame and fortune, gain a few secret supporters, show their true colours, and get arrested. Rinse and Repeat.
Well said, surely there is s difference between exploiting security holes to force the owners to tighten security (yes it's illegal, but also a 'sort of' public service), but why a DoS on a gaming website? This just seems to be look at what I can do, did I read that they were choosing the site to attack through a forum, if so then the whole public service idea goes straight out of the window, and are we just not left with a bunch of internet bullies?
You are right.. You've written what I wanted to(Other than EVE online part).. I like them for their hacking talent and using it against Powerful Co-op.. But DDoSing is annoying.. That is not actually needed and not at all fun.. According to me, If they wanna attack some one, there must be a valid reason, not just for fun..
Unfortunately, despite going for the cheap laughs, what they are doing is affection millions of lives and is no longer a joke, or kids just playing around. It is a shame to think that with the resources this country has, we have not taken these criminals down.
Due to the very nature of the Internet it makes cyber criminals very hard to track down.
The answer I would have preferred to tick:
"No, I don't approve, but they are still making a serious point about security."
Precisely my sentiments also.
For those that are being entertained by Lulzsec, you may want to be careful about supporting their activities. When you attack any organization that provides a good or service to people and thus cause them to invest more money into breach notifications, 3rd party vendors, system upgrades, etc this drives the price of the good or service up or causes the company to stop rendering this service to it's customers.
Sure, sure, the companies that were breached will give you something "free" for now. But basic economics dictates that if you were spending $50 to produce 1 widget, but now with all security costs involved it now costs $75 to produce 1 widget, the extra $25 dollars goes right to the consumer.
Please don't get me wrong. You should ensure that you have proper patch management, proper change management, and proper security management. Those costs should already be involved. The costs I'm talking about are in direct response to breaches.
There are better ways to motivate corporations into proper security practices. The only people Lulzsec are truly hurting are consumers. Don't be fooled to think that all of the cost that Sony has spent on their ± 19 breaches will just come out of their own pocket. I would not be surprised to see a rise in costs down the road.
Let's also not forget the costs to credit card companies reissuing cards, identity theft monitoring, etc. The credit card companies will gladly feed those costs back into interest rates.
These are just my observations and opinions.
"Don't be fooled to think that all of the cost that Sony has spent on their ± 19 breaches will just come out of their own pocket."
True, but before any breach Sony said that the PSN was secure. We trusted our personal details with them. This was proven not to be the case. It wasn't secure.
It was then claimed by Sony to be a one off. Not true as we saw more and more areas of Sony getting breached.
We've got be be able to trust 100% that our details are SAFE.
Ok so the cost to the consumer will probably go up in order to make sure it is secure. But there would have been a bigger longer term cost to the consumer if people could continue hacking and stealing our details, from either Sony or the banks.
Exactly. I think people can see through the 'leak 20 million customer credit cards to stick it to the big company' mentality. Lulzsec is just taking common vulnerabilities and using them in cases where the rest of us had too much moral fibre. Yes, it might have given those companies a kick in the pants, but the costs involved in crisis management are going to flow straight onto the consumers.
Don't use their services.
emsquared – "They are not some elite group … they use very common exploits that any Internet user can research. Especially SQL Injections."
@emsquared – and that's the point. So long as Lulzsec continue in the way that they are and just highlighting problems by proving that there are problems then we should all really be happy with this. These places that Lilzsec are exploiting are companies that we are placing our trust with in order to hold our personal details securly. The fact that Lulzsec can penetrate these defences with such simple techniques is, quite frankly, shocking.
These companies are like you leaving all your personal details right next to your front door on the inside of your house and then shutting the door but not locking it or putting it on the catch.
Whereas a lot of criminals would open the door and nick your stuff (which shows obviously they got in), Lulzsec simply put a note on the inside of the door (to prove they were there) without taking.
What would you rather:
a) Lulzsec test the security of places we truest with our details and highlight problems
b) You place blind faith in the company when they say "don't worry, it's secure"
But getting hacked is the one thing we are trying to protect ourselves from. Lulzsec isn't testing security, they're leaking credit card data. Would you rather trust your credit card to a big company or a hacking group?
At the moment….neither really.
We should be able to trust these big companies when they say our details are secure. But we have people and groups finding ways in.
I’m glad that after Lulzsec hit the NHS (IIRC) that my details on there will, as a direct result, now be more secure. Ok so NI contributions may go up a tiny amount, but rather that than have my personal details and medical history stolen and sold to the highest bidder.
They’re gonna get caught, they’ve made the mistake of getting a high profile.
Also what’s the point of hacking minecraft?
They didn't "hack" Minecraft. They DDOSed it – there's a huge difference.
And the point is that there is no point; it was just suggested by someone and they did it. That's all there is to it.
O.o I had vote 666… hehehe go figure.
The numerous Sony-related breaches were amusing. Running a phone switchboard and asking everyone for targets is just pathetic. Not amusing, not cool, not impressive from a technical point of view. They're just confirming what some people thought all along; they're a bunch of idiots swiping at low hanging fruit.
I just think at what they did was unbelievable and it should not be attempted the plus side is that they showed where they gaps were in the security of several large companies but to do that its shocking but it shows where improvements can be made in terms of over all security but with Sony…they were so cocky about having next to no security on PSN that they got hit hard there, if Sony does not sort that issue out there, they could take a major blow on the stock markets maybe even become bankrupt because of this all
One or more of the Lulzsec crew are British or had a colonial education.
Language in the twitter feed shows this, as does the html of the lulzsecurity.com website.
As to the question posed by Graham: their mouthpiece is quite a wag.
The high they are on is palpable. That lust for attention may be their downfall, as they are going to have to get even bolder to top each event. Eventually they will make a mistake, or get shopped by an insider.
LulzSec the unskilled Wannabe Kids 😀
Minecraft was the bridge too far that made it personal. There is absolutely nothing funny, amusing, cute, or clever about attacking indie game servers.
And remember, there was nothing "insecure" about Minecraft. They didn't need to be taught a "lesson." These punks just ddos'd a game enjoyed by millions for absolutely no reason.
Way to split the Yes vote into two.
I think we're all capable of adding them together if we want to work out what proportion of folks think LulzSec is funny.
But we did want to recognise that some folks think they're funny, even if they don't approve of what LulzSec is doing.
Amusing…meh. Not really.
But they are pointing out how easy it is to exploit simple security loopholes. Personally, I would prefer my professional security analysts to do that for me but it is obvious that the targetted firms are not. They have people on the payroll to prevent this (the Minecraft DDoS not withstanding) and it seems to me that these companies are paying people for nothing.
Funny no…disturbingly easy? Most definitely.
I might have some modicum of respect for them if they were actually doing it for the consumers or trying to make a point about corporations, but to me they're only doing it for selfish reasons and to feed their egos. They do it for the "lulz" as they say, for their own self amusement. They're jumping on the bandwagon of what Anonymous and other groups before them have done. They're nothing special, they're just following in the footsteps of other trend starters, they just lack the self control and insight to know when to stop.
why do this.. “They could then publicise the security hole in a responsible way – without putting innocent folks at risk.”.. when you can do it the lulzsec way– and graham & co. come to publicize you!
I'm not sure I understand. How has nothing happened to them yet?
The problem is the only point some of their attacks make about security is how many infected machines they can get into a bot net. Using a bot net to perform a DDoS on someone really doesn't show much about the targets security in itself and just causes additional cost in disruption and extra infrastructure even if those companies employ relatively secure practices.
Whether they disclose the issues on their own or via a journalist they would have committed the crime already. The disclosure of private information is just an extra.
I don't approve what they do because of the legal implications, but I do greet them for making all parties aware of the serious lack of secure systems, everywhere.
I would encourage them to stop disclosing sensitive information, though. That's only going to make things worse for them.
Okay so they caused cia.gov to be hung up.. just how much DDoS to a web server until the CIA / FBI gets pissed off and does something about it? This stuff happens every day but "Lulzsec" appears to be the only group that boasts about it like morons. 5-20 years jail time worth it?
I'm sitting on the fence here. I'm not convinced that what they're doing is right, but equally, I don't agree with the assertion that "There are better ways of getting issues like that resolved."
Far too many companies just do not care, they implement poor security and they will still do nothing about it for months after being told about it "the proper way." Hitting them where it hurts seems to be the only way to make them care.
An example from our corporate email "Please click on the following link to access the survey online via a secure website http://www.@@@@@.com.au …" No HTTPS, nothing, just an assertion that an HTTP link in an email is "a secure website"
Lulzsec is nothing more than a bunch of skiddies (script kiddies for those who don't know), which makes this kind of a mixture of hilarious and terrifying at the same time. I mean, sql injections? What, are these companies' IT departments just sitting on their hands all day?
Also, I would have like to have voted "I don't care about their point, i just find it lulzy."
Also, as far as DDoSing Minecraft, LoL, Eve, etc. It's simply about being bored in the downtime between the big raids. Trolling 101, infuriating video game nerds. DDoSing these servers is a huge source of lulz. I mean this isn't hard to understand. Lulzsec wasn't, isn't, and never will be the internet security white knight. so I don't understand why anyone is shocked. Besides, it's only a DDoS, which means what? A few hours of downtime at most. Oh boy life = ruined.
Oh my god, a security company that doesn't like a group of hackers? Your article has not moved me one bit because you are clearly biased, anyways the best way for companies to learn their damn lesson is to be humiliated with a data breach. I'm keeping my eye on the releases to make sure my info isn't gathered, but I use a different password for everything so it's all good 😀
Like that twit Assange, they all need to be locked up and the key thrown away!
They are common criminals with illusions of grandeur.
How ironic is it that these people think that it's OK to release the personal information of thousands (millions) of people on the INTERNET (for the whole World to see), yet their own identities remain anonymous?
+1 @Jayton
he said :
You are missing an option in the poll.
"I don't find THEM amusing, but they're making a good point at how weak a lot of system security is."
I agree with what he said. Your poll mean nothing.
The only way to say it was making a good point of security was to say it was funny….