LulzSec Hacks the US Senate 344
jfruhlinger writes "LulzSec might not be as famous as Anonymous — they're really best known for hacking sites they like, to prove a point about security — but they may have just raised their profile significantly, posting what appears to be data taken from an internally facing server at the US Senate. However, the fun-loving group might find that the Senate reacts a lot more harshly to intrusions than, say, PBS did."
The group also recently grabbed data from Bethesda Softworks.
Somebody is on a power trip (Score:5, Insightful)
Usually these end in tears. Only the most stupid black-hats (and that is all these morons are now) brag publicly.
Re:Bethesda (Score:4, Insightful)
They want attention. They do not care what kind of attention. Like some emotionally disturbed kids.
Re:Fed Reserve is up next (Score:3, Insightful)
It is good criminal practice, to stay on "annoyance level". If you exceed that, law enforcement comes after you. If you exceed that enough, the people that come after you actually know what they are doing, are well funded and very, very persistent. If these clowns really manage to break into or do several damage to the federal reserve, they will end up in federal prison for a few decades. May take months or years to get them, but they will get caught.
Comment removed (Score:5, Insightful)
Re:Interesting (Score:1, Insightful)
I hope these guys are as good as they claim to be, otherwise we will be seeing their faces with the caption "Further arrests from anonymous hacking group"
They are not. Competent black hats do not brag publicly. These are attention whores with some mediocre IT security skills. Most break-ins are not that hard to do.
Is hacking spate supporting internet lockdown? (Score:5, Insightful)
It seems like the recent outbreak of high-profile cases of computer break-ins is almost calculated to provoke legislation locking down the internet. First the kill-switch proposal, the announcement by the US military that computer intrusion would be considered an act of war, now a constant drumbeat of reporting in the media about major cracks.
Perhaps the hacks are all just being done by people who don't see how useful such stories are to those who want to assert control over the net, but it would be foolish to think that the "problem-reaction-solution" method has stopped being used by those who are after power, or to discount the possibility that some of this hacking and the publicity it receives is actually being provoked or even orchestrated by those seeking to expand government control over the internet.
It's a setup. (Score:4, Insightful)
Re:Somebody is on a power trip (Score:3, Insightful)
All things considered, LulzSec has a better track record than the US Senate.
Re:Interesting (Score:4, Insightful)
No. There is zero benefit to having people know what you're up to as a black hat. That's like leaving riddles inside the bank safe.
Re:Interesting (Score:4, Insightful)
No. There is zero benefit to having people know what you're up to as a black hat. That's like leaving riddles inside the bank safe.
Unless, of course, your goal is to get publicity and make a point about something. (if Lulzsec or whoever just hacked into senate.gov and didn't tell anyone, do you think we'd ever hear about it?)
Re:Interesting (Score:5, Insightful)
You're either a black hat for two reasons
Maybe they're doing it for the lulz?
Re:Somebody is on a power trip (Score:4, Insightful)
I take it you have not heard of the concepts of "lawful evil" and "chaotic good"?
There's nothing important there (Score:5, Insightful)
That's not some inside server. Look at their list of files. It's the Senate's outward-facing web server, "www.senate.gov". It also hosts the public web sites of individual senators. It looks like what you can see on a UNIX system with a guest account. Big deal. Every staffer on the Senate side has that much access.
They have the complete directory of all the paintings in the Capitol. The forms for registering as a lobbyist. Pictures of all the Senators. Lots of stuff for tourists. This session's voting results, in HTML. The base Apache config. Nothing exciting.
Re:Somebody is on a power trip (Score:5, Insightful)
Well, of course the US Senate has the law on its side. They wrote the law, arguably to serve their own interests, just like the Fed is a group of bankers that regulate the banking industry. It's not accountability if you are only accountable to yourself.
Re:Not what Obama meant by "open government"... (Score:4, Insightful)
I'm not sure if you've ever really sent an anonymous "your shit is broken" message to a site, but I bet the level of positive response would be inversely related to how big the company is.
No-one wants their management to find out their stuff is insecure. They'd be looking for a new job. So they likely bottle it and pretend it ain't happening.
I hate to say it, but I think Lulzsec is doing a disturbing but necessary deed. When no-one wants to improve the state of security, are quite happy accepting budget increases for "more security hardware" instead of doing it right the first time and externalise all security issues as vendor problems, there's no real motivation to actually pursue securely developed options. Lulzsec is outing that practice.
I only hope that somehow this crap makes its way to pointing out inherent security flaws in OSes that make it tangible enough to lawmakers to suddenly care. Not "care" as in "pursue legal options rather than fix", not "care" as in "buy more layers of badly managed and ineffective security theatre", but "care" as in "we need to hire people who know what they're doing, then keep them around and include security in all stages of planning, development and operations."
Who's "we"? (Score:4, Insightful)
Oh, the FedRes functions buddy boy. it just functions in ways we never intended it to.
What do you mean, "we"?
Hugs and kisses,
-- Hank Paulson [wikipedia.org]
Re:Interesting (Score:4, Insightful)
The world is many shades of gray. My opinion (although it counts very little) is that intent matters very much. Breaking in to steal credit card/personal info? Black hat. Breaking in to get information to help political prisoners? White hat. Just because you're breaking in to a secure system that isn't yours doesn't mean you are a black hat (depending on what you're doing; http://www.google.com/search?q=wikileaks+good [google.com]). Just like helping the Chinese government find holes to patch in their systems used to prevent the expression of their citizen's human rights doesn't mean you're a white hat.
What is your end goal?
Re:Not what Obama meant by "open government"... (Score:4, Insightful)
The solution is to stop letting HR people with no technical knowledge hire technical people.
This is what results in the common practice of putting a know-nothing idiot with good social skills in charge of doing technical work they can't handle.
Re:Fed Reserve is up next (Score:2, Insightful)
In fiscal year 2010, the FBI requested almost $50,000,000 in new resources for internet crimes. Any bets they get more than that in new resources this year?
Considering the recent story on how a large part of hackers are FBI moles, I wouldn't be surprised if Lulzsec is just a secret three-letter-agency operation to justify a budget increase.
Wild guess (Score:4, Insightful)
Let me take a wild guess: number of ethicists: zero.