Yesterday, the malicious Internet prankster group LulzSec directed a heavy salvo of distributed denial of service attacks at cia.gov—the public facing front for the United States Central Intelligence Bureau. As DDoS attacks are somewhat unsophisticated brute-force attempts to shut down a website, nobody was that impressed by their technical ability in causing cia.gov to go offline; but many watching this drama unfold have noted that Lulz Security is continuing to bait the US government.
Starting with their #TitanicTakedownTuesday, Lulz Security moved from cracking and exposing sensitive database information (break ins) to denial of service attacks (more akin to mob protesting outside of a building so nobody can get in.) Most of those DDoS attacks came from requests made on their elusive telephone switchboard and targeted gaming industry sites such as EVE Online, Minecraft, and League of Legends.
Then they moved from gaming websites, back to poking governments.
“Tango down – cia.gov,” the hackers tweeted over @LulzSec after the deed had been done. The website is back up and running fine now.
Certainly some bulk of their 177k Twitter followers might be impressed by this, but the IT Security community had some choice words about the hacker group’s ultimately juvenile activity, according to Fox News,
…over at Sophos, Ducklin said what Lulz was doing was “about as intellectually interesting and important as a bunch of schoolboys boasting in the playground about who’s got the hottest imaginary girlfriend.”
He said most of the break-ins had been “languorously orchestrated, using nothing more sophisticated than entry-level automatic web database bug-finding tools, available for free online.”
He admitted Lulz’s behavior was a “timely wake-up call,” but insisted that didn’t justify LulzSec’s behavior.
“Time spent throwing bricks through other people’s digital windows doesn’t actually teach anyone anything about glassmaking, glazing or civil engineering,” Ducklin said. “If you consider yourself a hacker and you have time to spare, grow some moral spine and use your skills for active benefit.”
“Follow the lead of a guy like Johnny Long and hackersforcharity.org,” he added. “I dare you to look at his site and decide that LulzSec is a more worthwhile cause.”
Nobody is surprised that a childish group of apparently teenage hackers lack moral backing for their activity. What is surprising a lot of the Internet community is how they’ve managed to rampantly diss a multitude of heavy hitters and still sail unscathed across the choppy waters of the Internet. No doubt, though, the different clandestine groups investigating them are biding their time as they develop evidence against the group and discover the group’s members. Their most recent exploits do not include actual hacking or cyber-burglary. Mostly just noisemaking and saber rattling.
After the message from Sophos mocking their behavior, LulzSec had some choice words of their own:
“Sophos are all butthurt as usual. Perhaps jelly… perhaps. “Fun, fun, fun” and “lulz”, very hard concepts for people to grasp it seems…” says the @LulzSec Twitter mouthpiece. “Sophos are the type of people who would judge throwing bricks through windows pedantically, deciding who threw the brick with more style. Guess what Sophos, every brick throw doesn’t have to involve a double-backflip and secret handshake; the window is fucked either way.”
And finally they add, “Security Expert is jealous that schoolboys get more attention than Sophos without doing anything but tweet batshit things.”
It seems like soon we’ll be writing about LulzSec’s “Catch Me If You Can” antics when the various agencies they’ve prodded close in on them; meanwhile, I hope everyone can learn something about personal to industry security and the culture that spawned them.
Tango out.
[...] to down websites, including one run by the United States Central Intelligence Agency leading to the IT security industry outfit, Sophos, to dismiss LulzSec as debutantes and cybervandals without any [...]
[...] more on SiliconANGLE This entry was posted in Uncategorized and tagged CIA.gov, Community, Downs, Eyes, Group, hacker, [...]
[...] Hacker Group LulzSec Downs CIA.gov Website, IT Security Community Rolls Their Eyes Yesterday, the malicious Internet prankster group LulzSec directed a heavy salvo of distributed denial of service attacks at cia.gov—the public facing front for the United States Central Intelligence Bureau. As DDoS attacks are somewhat unsophisticated brute-force attempts to shut down … Continue reading → Hacker Group LulzSec Downs CIA.gov Website, IT Security Community Rolls Their Eyes is a … Read more on SiliconANGLE [...]
[...] method that Lulz Security and others are revealing the totality of that poor security. Even the IT Security sector thinks that LulzSec have been utilizing juvenile hacking techniques—which exemplifies their apparent manifesto: it’s so easy to break your stuff! [...]
[...] This new type of document release shows that LulzSec has entered into a new and more dangerous path in their adventures. Before this release, they had kept to the more staid activities of malicious Internet pranksters—breaking through poor security on gaming forums and official websites; or DDoSing targets off the Internet. [...]
[...] their break up, but this certainly has not ended the manhunt for their members. During their run, LulzSec used DDoS to strike down the CIA website among others and dropped more than 100k passwords and e-mail addresses into the public domain. [...]
[...] June 16, 2011: Hacker Group LulzSec Downs CIA.gov Website, IT Security Community Rolls Their Eyes [...]
[...] for almost an hour using DDoS as a disruption technique to draw attention to their activity. LulzSec downed the website in June last year, prompting security experts to point out the lack of sophistication in using DDoS attacks. [...]