Forgot your password?
typodupeerror
Government Security Your Rights Online

LulzSec Hacks the US Senate 344

Posted by Soulskill
from the going-for-the-gusto dept.
jfruhlinger writes "LulzSec might not be as famous as Anonymous — they're really best known for hacking sites they like, to prove a point about security — but they may have just raised their profile significantly, posting what appears to be data taken from an internally facing server at the US Senate. However, the fun-loving group might find that the Senate reacts a lot more harshly to intrusions than, say, PBS did." The group also recently grabbed data from Bethesda Softworks.
This discussion has been archived. No new comments can be posted.

LulzSec Hacks the US Senate

Comments Filter:
  • Interesting (Score:4, Interesting)

    by Jibekn (1975348) on Monday June 13, 2011 @06:36PM (#36429924)
    I hope these guys are as good as they claim to be, otherwise we will be seeing their faces with the caption "Further arrests from anonymous hacking group"
    • Re:Interesting (Score:4, Interesting)

      by biodata (1981610) on Monday June 13, 2011 @06:45PM (#36430022)
      I'm sure we will see this anyway. It's easy to arrest a few people on suspicion whether they did it or not. It doesn't matter if anyone gets convicted, the arrests are just a bit of media theatre and have to happen soon after the event. Like in Spain, Holland, Turkey, etc.
    • by Rary (566291)

      I hope these guys are as good as they claim to be, otherwise we will be seeing their faces with the caption "Further arrests from anonymous hacking group"

      I don't. I look forward to seeing them shut down.

      As much as I agree with some of their target selections, they're just an annoying bunch of juvenile delinquents who are giving activists a bad name, and will probably provoke the creation of more draconian laws or harsher penalties.

  • by milbournosphere (1273186) on Monday June 13, 2011 @06:37PM (#36429930)
    Apparently, Anonymous announced an intention to go after the federal reserve next: http://gizmodo.com/5811546/anonymous-goes-after-federal-reserve [gizmodo.com]. It'll be quite interesting if they attempt it. I'm interested in seeing how the fed handles this.
    • Re: (Score:3, Insightful)

      by gweihir (88907)

      It is good criminal practice, to stay on "annoyance level". If you exceed that, law enforcement comes after you. If you exceed that enough, the people that come after you actually know what they are doing, are well funded and very, very persistent. If these clowns really manage to break into or do several damage to the federal reserve, they will end up in federal prison for a few decades. May take months or years to get them, but they will get caught.

      • by Dunbal (464142) * on Monday June 13, 2011 @06:53PM (#36430094)
        Severe damage to the federal reserve. Hahaha that made my day, thanks. Buddy, the damage has already been done. There's nothing left.
      • by Ruke (857276)
        While I don't disagree with you, I'm not sure that they're the type to take your advice. Nothing these guys have done has been a "good idea;" honestly, they seem more the type to try, just to see if they can, and, if they can, to brag about it.
      • by cold fjord (826450) on Monday June 13, 2011 @08:41PM (#36431044)

        It is good criminal practice, to stay on "annoyance level". If you exceed that, law enforcement comes after you. If you exceed that enough, the people that come after you actually know what they are doing, are well funded and very, very persistent. If these clowns really manage to break into or do several damage to the federal reserve, they will end up in federal prison for a few decades. May take months or years to get them, but they will get caught.

        In fiscal year 2010, the FBI requested almost $50,000,000 in new resources for internet crimes. Any bets they get more than that in new resources this year?

        • You're assuming that someone of any capability would want to work for them. Typically, the only people working for them are failures ("I got caught, so now I have to work for Uncle Sam, but I'm still a 1337 h@x0r!") or the wanna-bes ("I studied cryptography + network security, downloaded a few scripts / tools (I installed that hacker operating system "linux" and can use nmap), and while I could be a totally 'leet black hat, I've decided to fight for truth, justice, and the American way, because I am a good

  • by gweihir (88907) on Monday June 13, 2011 @06:37PM (#36429932)

    Usually these end in tears. Only the most stupid black-hats (and that is all these morons are now) brag publicly.

    • Re: (Score:3, Insightful)

      by Hatta (162192)

      All things considered, LulzSec has a better track record than the US Senate.

    • They might even find a cruise missile headed their way. Multiple of them, for each node associated in the attack.

      Ok, so I'm kidding - a little. But the last thing you do is fuck with the feds. They will get their pound of flesh. That you can safely bet on.

      • by Jeremi (14640)

        Ok, so I'm kidding - a little. But the last thing you do is fuck with the feds. They will get their pound of flesh. That you can safely bet on.

        Wait, I thought the Federal gov't was incompetent at everything except wasting taxpayer money. Which is it?

        • They are both.

          It's like this: the feds are kind of like a slow, plodding police inspector (of the Javert variety). They miss a lot of things every day, tons of crimes going on everywhere that never get solved. We all know this, but people are loathe to acknowledge it. To acknowledge it is to admit that something is wrong, and if something is wrong, you may feel some compulsion to do something about it.

          So, when they finally do catch someone, they make sure to punish them extra brutally, supposedly to set an

  • by future assassin (639396) on Monday June 13, 2011 @06:42PM (#36429978) Homepage

    As much as I like chaos brought to the powers that be none of this hacking will have any long lasting effects. want to see some serious info leaked that damages someone with real power. I'd rather see these guy dig out info that calls out the hypocrites in positions of power.

    • by EdIII (1114411)

      Yeah. No Shit.

      If these guys are that good, then let's make Wikileaks look like an accidental slip on the tongue in a White House press conference.

      I want to see them stop fucking around with Sony, because it won't achieve anything, and go after the big ass people. Like the banks, sealed government records, etc.

      What respect are they really going to get from us when all they do is annoyance and harm when their skills could get put to very good use. Specifically, and forcefully, creating transparent governme

  • Thanks Guys (Score:5, Insightful)

    by cozzbp (1845636) on Monday June 13, 2011 @06:43PM (#36429996)
    Now we can be sure to have legislation that will screw us over even more!
    • Re:Thanks Guys (Score:5, Informative)

      by EnsilZah (575600) <EnsilZah AT Gmail DOT com> on Monday June 13, 2011 @08:46PM (#36431080)

      I know what they did is wrong and all but what you wrote sounds like "Look what you did, you've angered the master, now he's sure to give us all a good whippin'"

  • by Savantissimo (893682) on Monday June 13, 2011 @06:48PM (#36430042) Journal

    It seems like the recent outbreak of high-profile cases of computer break-ins is almost calculated to provoke legislation locking down the internet. First the kill-switch proposal, the announcement by the US military that computer intrusion would be considered an act of war, now a constant drumbeat of reporting in the media about major cracks.

    Perhaps the hacks are all just being done by people who don't see how useful such stories are to those who want to assert control over the net, but it would be foolish to think that the "problem-reaction-solution" method has stopped being used by those who are after power, or to discount the possibility that some of this hacking and the publicity it receives is actually being provoked or even orchestrated by those seeking to expand government control over the internet.

    • Perhaps that's exactly why the hacks are occurring...

      It seems like the recent outbreak of high-profile cases of computer break-ins is almost calculated to provoke legislation locking down the internet. First the kill-switch proposal, the announcement by the US military that computer intrusion would be considered an act of war, now a constant drumbeat of reporting in the media about major cracks.

      Perhaps the hacks are all just being done by people who don't see how useful such stories are to those who want to assert control over the net, but it would be foolish to think that the "problem-reaction-solution" method has stopped being used by those who are after power, or to discount the possibility that some of this hacking and the publicity it receives is actually being provoked or even orchestrated by those seeking to expand government control over the internet.

      Its remarkable how quickly the PATRIOT Act was "created" after 911. Most likely was waiting in a desk drawer waiting for something to polarize the public... Now we have teams of hackers that could literally be anyone, causing security problems across the board, from government, to business, to gamers. Clearly the people will now agree the government must put an end to it all...

      • Its remarkable how quickly the PATRIOT Act was "created" after 911. Most likely was waiting in a desk drawer waiting for something to polarize the public...

        Or more likely you underestimate the capabilities of a couple of hundred Congressmen, a thousand or more high level aides/advisers, and who knows how many lower level drones when focused on a task.

    • I'll say this... I'm afraid we're globally heading, and quickly so, for a regulated, locked-down Internet. We'll look back fondly at the decade of 2000s, when the Internet had already reached massive, worldwide use and importance but also remained, for the most part, free. Now we'll likely see increased efforts by some governments to censor the Internet, legislation that would allow governments to easily take down certain sites or networks, legislation that forces ISPs to keep (and reveal upon request) incr

      • by spydum (828400)

        And how exactly do you "lock-down" the internet? That isn't as simple as flipping a switch. Even the great firewall of china has it's limitations.

        • by ACS Solver (1068112) on Monday June 13, 2011 @08:33PM (#36431004)

          Who needs a total lockdown? Make a lockdown that's "tight enough" and that will already have most of the population under control. You don't even need anything too sophisticated. Let's say the government requires that all ISPs have their DNS servers use a centralized government blacklist of sites, resolving any site on the list to 127.0.0.1. That simple measure would prevent most Internet users in that country from accessing sites on the govt's blacklist.

          It's impossible to completely lock down the Internet without changing the entire infrastructure of it, if even then. There will always be the tech savvy 5% of users that are hard to limit. But with very simple technical solutions, you could limit 95% of the users. And probably limit half of the remaining 5% with a bunch of moderately more difficult measures.

  • It's a setup. (Score:4, Insightful)

    by hellop2 (1271166) on Monday June 13, 2011 @06:49PM (#36430056)
    This will be used to push forth legislation making script kiddies equivalent to terrorists.
  • by elysiuan (762931)

    Well there's a big red line to cross. Would could possibly go wrong?!

  • I would've given bonus points had they manipulated the system into displaying random Wikileaks embassy cables.

  • "LulzSec might not be as famous as Anonymous â" they're really best known for hacking sites they like, to prove a point about security"

    Wait, so is LulzSec known for hacking sites they like? Or is Anonymous known for hacking sites they like? Which one of them actually likes Sony since both groups hacked them? (Even disregarding Sony's claims about the stolen PSN information, Anonymous admitted to being responsible for the prior DDoS attack.) Does Anonymous like the Scientologists or does LulzSec like InfraGard? I'm kinda confused by the claim.

  • Or is this more of a case of stepping on the tail of a tiger?
  • It seems like a new high profile hack happens every day. Is this just a fad? Will things calm down again? Or is this the beginning of a radical change for the internet. It used to be that you could get away with just a few weak security measures, but now that doesn't look sustainable. Not to mention the rise of DDOS attacks recently. Will we see a radical shift in the way tech companies operate? Is it really affordable to be secure? Maybe new technologies will be required to bring the cost down. Is it even
    • by Mashiki (184564)

      Seems to me that a lot of these breeches happen to enter the 'shit you should always cover' territory. I.e. secure your SQL database, don't leave open inputs, make sure it's sanitized, hash and salt passwords. Don't store passes in plaintext. And so on.

      Sure the hell makes me wonder who's being hired for their network security. Or if a lot of these companies are simply farming it out.

  • Looks like the lucky senate.gov webmaster gets to see if the key revocation process actually works.

  • by Animats (122034) on Monday June 13, 2011 @08:12PM (#36430810) Homepage

    That's not some inside server. Look at their list of files. It's the Senate's outward-facing web server, "www.senate.gov". It also hosts the public web sites of individual senators. It looks like what you can see on a UNIX system with a guest account. Big deal. Every staffer on the Senate side has that much access.

    They have the complete directory of all the paintings in the Capitol. The forms for registering as a lobbyist. Pictures of all the Senators. Lots of stuff for tourists. This session's voting results, in HTML. The base Apache config. Nothing exciting.

  • Apache 0day (Score:2, Interesting)

    by Anonymous Coward

    Lulzsec's primary means of access is an Apache 0day. Also, one of their primary members works for a Tier 1 ISP, thus giving him privileged access to some high level routers/customer information.

  • just how long have the Russians and Chinese been lounging around in that system? A year? A decade?

  • by Elbereth (58257) on Tuesday June 14, 2011 @12:41AM (#36432544) Journal

    I think it would be hilarious for LulzSec to hack Slashdot and post every single username and password, along with any financial details that they found on Thinkgeek.. Come on. Slashdot is so buggy, their security simply must be a joke. I'd be curious to see what the reaction is. My guess is that some people would still support LulzSec, even saying that they're glad that such a fine group of principled and honorable white hat hackers took the time to demonstrate the flaws of Slashdot's security.

    Back when I was in college, I had a friend who used to break into cars that used The Club [wikipedia.org]. He wouldn't steal anything but The Club itself, to demonstrate to them the uselessness of the product. I found it hilarious. Much like these web site hacks, it was just a harmless prank by some punk kid. But it was also pretty fucking antisocial. Did those people learn a valuable lesson? I don't know. Maybe. That doesn't change the fact that it was wrong to break into those cars.

    By the way, I'm not saying that I'm some paragon of virtue, because, obviously, I'm not (I found the whole thing rather amusing and probably indirectly encouraged his activities by laughing). I don't think you need to be virtuous in order to speak about virtue, however.

All constants are variables.

Working...