Sophos Cloud Optix
The latest in a string of attacks by a hacker group known as Lulz Security (LulzSec) targeted the Arizona police today. The hackers exposed user names and personal information of law enforcement officers as well as sensitive documents housed on their servers.
While rumors surfaced about a supposed kingpin of LulzSec being arrested by New Scotland Yard this week, their intimidation tactics continue, and we have no idea who the next target will be.
As usual many of the dumped passwords were easy to guess or crack, showing that too many people believe it can’t happen to them. It is increasingly apparent that using software and encryption to create and protect unique passwords for every website is necessary.
That LulzSec exposed these passwords suggests they were either unencrypted, or used an insecure hashing algorithm. This is bad in and of itself, but far worse if the victims used the same passwords elsewhere.
While many of us are frustrated with the current state of corporate security and would like to affect change in a meaningful way, we control our own destiny. Most of us reside within nations that have democratic governments and can participate in shaping our futures through legal means.
In my view, the hacker ethic is to empower people with understanding and to use our collective intelligence to advance our ideas. Destroying privacy by exposing the information of innocent victims doesn’t advance anything.
Creative Commons lulz photo courtesy of beej55’s Flickr photostream.
Obviously, this is the mature thing to do. /sarcasm.
Our cultural advancement has left us with these pampered idiots who do things for the lulz because they are bored. I'd say, hack some money into accounts of charity organizations overseas 'for the lulz" and maybe people might think you're funny. Otherwise, GTFO of this planet, the world doesn't need you.
These kids are pushing their luck. They will be prosecuted as terrorists if they don't give up these shenanigans. I bet they won't be laughing anymore when they're locked up in federal prison.
Well, I don't believe LulzSec are doing this maliciously, so I don't understand the big hoo-har about it.
In this day and age, personal information is EVERYWHERE on the internet, I mean the details you put into Facebook to create an account are enough to register for some credit cards online!
Ethan, you seem to be saying that because there's no apparent motive, that it's deplorable, however if they were to steal money from individuals or governments and deposit it into the accounts of charity organisations (many of whom have 10's of millions in their banks anyway), that it would then be OK?
I'm not saying what LulzSec is doing is admiral, but I have a certain amount of respect for them. They are teaching corporates and governments that unsecured data WILL, at some point, be compromised and used for malicious purposes.
All they are doing is highlighting this fact and punishing those who haven't heeded the warning.
In a weird sort of way, I actually applaud what they're doing because they are now making security of data important, thus making companies think twice about their policies.
I have no respect for LulzSec. There are plenty of ways to make a point about security without harming innocent people. Like how about just sending the stolen data back to the company you took it from? That sends a strong message to the company that the data is not secure and can be stolen. You can send them the data and explain the security flaw. After doing that you give them time to fix it. If they don't you then go notify others. You don't splash random peoples information across the net.
So when some perp with a grudge uses the personal information leaked to take revenge on a police officer (or their wife – they kindly gave details of partners out as well), is that something you would applaud? Make no mistake, these people have no moral aim or objective. They are screwing with people for fun, and don't care about the consequences. It's dangerous, and needs to be stopped – I hope at least some of them get caught and do some serious time.
Believe it or not, you can compromise systems and prove that you have the information that was extracted without putting any of the users at risk. That is the different between those who are ethical in their approach to security and those who are unethical.
Lulzsec is unethical in every sense of the word. They break in to targeted sites with the intent to steal information and share it with the world. They are not out to protect users privacy or educate anyone. They are performing their attacks with absolutely selfish and malicious intent.
When you declare "Anti-Sec" and rally for people to attack and expose any information that they find, that is in no way protecting or defending the average person. Even if they have an issue with a particular organization, exposing the personal information of those who work for that organization can (and in many cases will) do more damage to the individual than to the organization with which they are affiliated. How respectable is that?
Imagine the potential impact on your life or someone you know/love if their financial information is one day compromised and shared by Lulzsec, then later used by one or more people who found the information after the group exposed it. How much would you respect them while you were speaking with your bank, credit card issuer, etc. to defend yourself against fraudulent charges that might be occurring all over the world.
Ignoring the cold hard facts so that you can justify considering these people as respectable is just plain ignorant. You should be ashamed for even saying that.
More people who dont understand the motivation of others but feel free to comment on it. Well I suppose freedom of speech is what makes the internet great.
The are definitely respectable people in the Arizonan police department. There are people who become police because they do not approve of the current department. Those policemen are heroes but are hurt by this attack just as much as bigoted police. It's not like anybody is going to be convinced.
You guys underestimate the group, they're not the criminals you edit them to be. Jealous of the fact that you are rarely read, but LulzSec is a common name to hear in security?
No doubt it's gone from lulz to terrorism here. Can anyone answer my question here: why is there Twitter still up? It is a huge distribution and gathering tool for them making them all more powerful.
Perhaps Twitter is working with law enforcement to take them down? Or are they just stupid?
I think it boils down to two reasons. First, it's a freedom of speech issue. As far as I know, they haven't breached Twitter's rules. Second, I think the authorities probably want to keep their Twitter feed up so they can gather as much information as they can.
The wonderful part about LulzSec is that they can't help but brag about every job they pull and each job they brag about is a nail in their coffin. Their Twitter feed will definitely be used as evidence against them.
This is the beginning of the end for them. I'm pretty sure they'll be tried as domestic terrorists after this. I guess we just sit back and wait to hear of their arrests.