Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Government Security Your Rights Online

LulzSec Hacks the US Senate 344

Posted by Soulskill
from the going-for-the-gusto dept.
jfruhlinger writes "LulzSec might not be as famous as Anonymous — they're really best known for hacking sites they like, to prove a point about security — but they may have just raised their profile significantly, posting what appears to be data taken from an internally facing server at the US Senate. However, the fun-loving group might find that the Senate reacts a lot more harshly to intrusions than, say, PBS did." The group also recently grabbed data from Bethesda Softworks.
This discussion has been archived. No new comments can be posted.

LulzSec Hacks the US Senate

Comments Filter:
  • by gweihir (88907) on Monday June 13, 2011 @05:37PM (#36429932)

    Usually these end in tears. Only the most stupid black-hats (and that is all these morons are now) brag publicly.

  • Re:Bethesda (Score:4, Insightful)

    by gweihir (88907) on Monday June 13, 2011 @05:38PM (#36429950)

    They want attention. They do not care what kind of attention. Like some emotionally disturbed kids.

  • by gweihir (88907) on Monday June 13, 2011 @05:42PM (#36429982)

    It is good criminal practice, to stay on "annoyance level". If you exceed that, law enforcement comes after you. If you exceed that enough, the people that come after you actually know what they are doing, are well funded and very, very persistent. If these clowns really manage to break into or do several damage to the federal reserve, they will end up in federal prison for a few decades. May take months or years to get them, but they will get caught.

  • Thanks Guys (Score:5, Insightful)

    by cozzbp (1845636) on Monday June 13, 2011 @05:43PM (#36429996)
    Now we can be sure to have legislation that will screw us over even more!
  • Re:Interesting (Score:1, Insightful)

    by gweihir (88907) on Monday June 13, 2011 @05:44PM (#36430012)

    I hope these guys are as good as they claim to be, otherwise we will be seeing their faces with the caption "Further arrests from anonymous hacking group"

    They are not. Competent black hats do not brag publicly. These are attention whores with some mediocre IT security skills. Most break-ins are not that hard to do.

  • by Savantissimo (893682) on Monday June 13, 2011 @05:48PM (#36430042) Journal

    It seems like the recent outbreak of high-profile cases of computer break-ins is almost calculated to provoke legislation locking down the internet. First the kill-switch proposal, the announcement by the US military that computer intrusion would be considered an act of war, now a constant drumbeat of reporting in the media about major cracks.

    Perhaps the hacks are all just being done by people who don't see how useful such stories are to those who want to assert control over the net, but it would be foolish to think that the "problem-reaction-solution" method has stopped being used by those who are after power, or to discount the possibility that some of this hacking and the publicity it receives is actually being provoked or even orchestrated by those seeking to expand government control over the internet.

  • It's a setup. (Score:4, Insightful)

    by hellop2 (1271166) on Monday June 13, 2011 @05:49PM (#36430056)
    This will be used to push forth legislation making script kiddies equivalent to terrorists.
  • by Hatta (162192) on Monday June 13, 2011 @05:51PM (#36430082) Journal

    All things considered, LulzSec has a better track record than the US Senate.

  • Re:Interesting (Score:4, Insightful)

    by LearnToSpell (694184) on Monday June 13, 2011 @06:09PM (#36430196) Homepage
    Competent black hats *who take the proper precautions* brag publicly.

    No. There is zero benefit to having people know what you're up to as a black hat. That's like leaving riddles inside the bank safe.
  • Re:Interesting (Score:4, Insightful)

    by Jeremi (14640) on Monday June 13, 2011 @06:16PM (#36430254) Homepage

    No. There is zero benefit to having people know what you're up to as a black hat. That's like leaving riddles inside the bank safe.

    Unless, of course, your goal is to get publicity and make a point about something. (if Lulzsec or whoever just hacked into senate.gov and didn't tell anyone, do you think we'd ever hear about it?)

  • Re:Interesting (Score:5, Insightful)

    by DrBoumBoum (926687) on Monday June 13, 2011 @06:37PM (#36430432) Journal

    You're either a black hat for two reasons

    Maybe they're doing it for the lulz?

  • by selven (1556643) on Monday June 13, 2011 @07:07PM (#36430758)

    I take it you have not heard of the concepts of "lawful evil" and "chaotic good"?

  • by Animats (122034) on Monday June 13, 2011 @07:12PM (#36430810) Homepage

    That's not some inside server. Look at their list of files. It's the Senate's outward-facing web server, "www.senate.gov". It also hosts the public web sites of individual senators. It looks like what you can see on a UNIX system with a guest account. Big deal. Every staffer on the Senate side has that much access.

    They have the complete directory of all the paintings in the Capitol. The forms for registering as a lobbyist. Pictures of all the Senators. Lots of stuff for tourists. This session's voting results, in HTML. The base Apache config. Nothing exciting.

  • by wickerprints (1094741) on Monday June 13, 2011 @07:20PM (#36430884)

    Well, of course the US Senate has the law on its side. They wrote the law, arguably to serve their own interests, just like the Fed is a group of bankers that regulate the banking industry. It's not accountability if you are only accountable to yourself.

  • by adri (173121) on Monday June 13, 2011 @07:31PM (#36430982) Homepage Journal

    I'm not sure if you've ever really sent an anonymous "your shit is broken" message to a site, but I bet the level of positive response would be inversely related to how big the company is.

    No-one wants their management to find out their stuff is insecure. They'd be looking for a new job. So they likely bottle it and pretend it ain't happening.

    I hate to say it, but I think Lulzsec is doing a disturbing but necessary deed. When no-one wants to improve the state of security, are quite happy accepting budget increases for "more security hardware" instead of doing it right the first time and externalise all security issues as vendor problems, there's no real motivation to actually pursue securely developed options. Lulzsec is outing that practice.

    I only hope that somehow this crap makes its way to pointing out inherent security flaws in OSes that make it tangible enough to lawmakers to suddenly care. Not "care" as in "pursue legal options rather than fix", not "care" as in "buy more layers of badly managed and ineffective security theatre", but "care" as in "we need to hire people who know what they're doing, then keep them around and include security in all stages of planning, development and operations."

  • Who's "we"? (Score:4, Insightful)

    by zooblethorpe (686757) on Monday June 13, 2011 @09:04PM (#36431640)

    Oh, the FedRes functions buddy boy. it just functions in ways we never intended it to.

    What do you mean, "we"?

    Hugs and kisses,

    -- Hank Paulson [wikipedia.org]

  • Re:Interesting (Score:4, Insightful)

    by TooMuchToDo (882796) on Monday June 13, 2011 @09:33PM (#36431816)

    The world is many shades of gray. My opinion (although it counts very little) is that intent matters very much. Breaking in to steal credit card/personal info? Black hat. Breaking in to get information to help political prisoners? White hat. Just because you're breaking in to a secure system that isn't yours doesn't mean you are a black hat (depending on what you're doing; http://www.google.com/search?q=wikileaks+good [google.com]). Just like helping the Chinese government find holes to patch in their systems used to prevent the expression of their citizen's human rights doesn't mean you're a white hat.

    What is your end goal?

  • by cstdenis (1118589) on Monday June 13, 2011 @09:52PM (#36431936)

    The solution is to stop letting HR people with no technical knowledge hire technical people.

    This is what results in the common practice of putting a know-nothing idiot with good social skills in charge of doing technical work they can't handle.

  • by Anonymous Coward on Tuesday June 14, 2011 @01:38AM (#36432992)

    In fiscal year 2010, the FBI requested almost $50,000,000 in new resources for internet crimes. Any bets they get more than that in new resources this year?

    Considering the recent story on how a large part of hackers are FBI moles, I wouldn't be surprised if Lulzsec is just a secret three-letter-agency operation to justify a budget increase.

  • Wild guess (Score:4, Insightful)

    by ThatsNotPudding (1045640) on Tuesday June 14, 2011 @06:41AM (#36434044)

    Then ask yourself who the larges employer of mathematicians (not an easy study by any means) in the world is. And they have other pretty good people too.

    Let me take a wild guess: number of ethicists: zero.

System going down in 5 minutes.

Working...