Lulzsec hacks U.S. Senate

LulzSec today announced recent hacks of the U.S. Senate's website—"is this an act of war, gentlemen?"—and game developer Bethesda Softworks, whose 200k users were spared in the hope that forthcoming fantasy epic Skyrim will not be delayed.


  1. I do wonder what the upshot of all this hacking activity will be.

    I’d love to believe that it’ll mean a greater focus on network security and a general dissolution of amateur-hour website development and network administration.

    Sadly I think it’ll just mean a lot of high-powered people throwing their weight around and tighter, more authoritarian Internet access controls.

    1. If that’s the case, I can only see Anon or the general public pushing back even harder. It’s the history of censorship and the internet – you build a wall, and they will just work harder at finding a hole through it. You don’t need to take the wall down – just poke a couple of holes in it. The rest will take care of itself.

      1. I’d hate to envoke Goodwin’s Law so early in the conversation, but the Nazi’s proved that concept against the Russians during their Blitzkreig. It’s especially true during the internet age; with enough Anons running Low Orbit Ion Cannon (and other apps), any wall can be breached.

        The whole Representative Weiner’s weiner debacle should have proven to everyone by now that you can’t get away with anything once it’s put online (internet, intranet, or otherwise), nor is there any going back. To which, I’m surprised to see people suddenly act all shocked when they realize that their super secret info they posted online is released to the public.

        Hell, I’ll even propose a new axiom right now, “NickFifteen’s Law”, which states: “If you post anything online, no matter where it’s posted, consider it public data.” Or perhaps “No data online remains private forever.” I’m sure someone has a better way of coining this.

    2. Bare minimum, it means that the government will plug their holes and be even more secure from enemy hack attacks. Like when LulzSec hacked Nintendo; no information was stolen, so in the end it left Nintendo more secure. What more could you ask for?

      But the thing is, even under tighter controls, groups of people still have to program it, and even larger groups of people will have access to it’s code. As such, how can you guarantee that that just ONE person isn’t going to reveal the holes and/or code to Anonymous and/or other hactivist groups… or isn’t a member of Anonymous themselves? It’s the very fact that one can’t be 100% secure, and the near light speed rate that information spreads across the internet which makes these kinds of things damn near impossible to pull off.

      It is espionage… but unlike in the past where it’s one secret organization getting the secrets of another secret organization, this time it’s where one organization where technically EVERYONE is a member getting the secrets of a secret organization…. only to spread it online where everyone can see it. Governments will soon find the near impossible nature of trying to arrest everyone who has access to top secret code, just as the whole AACS encryption key clusterfuck situation proved.

  2. Nothing like a reminder of “we can keep this up allll day, gentlemen… So are you guys gonna stop being secretive dicks, or will you start transparenting up a bit? You can’t beat us, because we ARE the people, the same guys who YOU say are your ‘bosses’.”

    Of course, maybe this is the most “illegitimate”, bass-ackwards way of trying to get the government to straighten up and fly right in the quickest way possible, but if you think this is “wrong” to do, then I issue you a challenge: figure out a more “legitimate” way to get the government to straighten up as quick or quicker than Anonymous-esque/Wikileaks-esque hacktivist actions which is BOTH realistic and effective. And no, asking them nicely (or even writing to your congressperson) is neither realistic nor effective in these cases, unless somehow we manage to elect non-career politicians who are willing to act when asked nicely.

    Until then, hactivism is the best–if not only–way to get the government to straighten up, lest all their secrets be exposed (or at least until the Gov’t switches back to paper-based, non-electronic means of data storage, file transfer and communications). But again, I am willing to accept the more “legitimate” way to realistically reform the government to be more transparent and “of/by/for the people”, assuming it exists to begin with… I’m all ears!

    1. “Until then, hactivism is the best–if not only–way to get the government to straighten up, lest all their secrets be exposed (or at least until the Gov’t switches back to paper-based, non-electronic means of data storage, file transfer and communications).”

      How so? I’m not trying to provoke you; I don’t know how this’ll work out, and I’m just not seeing the connection that you are. What I mean is, how does this current round of “hacktivism” contribute to better government?

      1. I don’t mind being provoked, I WANT people to challenge me. That is to say, sometimes I get in my mind what I think is a “good idea”, only to have it not stand up to scrutiny when I actually sit down and think about it. This could be another case of that, but only one way to find out!


        I don’t really see it as a “current round”, but merely one part of a greater scheme of hactivism. Specifically, it reminds the powers that be that “we’re not going away, and we’ve managed to hit THIS far in… we can see all your secrets, and maybe we’ve already made copies of them and plan to release it!” I’ll admit I didn’t RTFA, so I don’t know what exactly the details of the hack are. Maybe I’ve idealized this hack because I didn’t RTFA, to which, perhaps I should?

        But I was also just speaking in general terms of the value of hactivism, which I’m sure few people here need reminding of. The ideals of it is that “you think you can get away with shit, but you’re stupid enough to post evidence of your shit moves online. As such, we’ll use our powers to find them and release it online. You can then arrest us if you want, but the information is out there, and arresting us won’t get it back, nor will it stop future hactivist attacks. Therefore, you can either stop doing shit to where there would be NO evidence of you doing sit to begin with, or you could try to hide your info from us, but that would mean not using the internet period, and I doubt you’d be willing to go THAT far backwards in time, nor would it mean that someone else with access to that non-digital data ISN’T anon.”

        The other thing of note is that the only thing that is harmed in hactivist actions–generally speaking, that is–is time and money, and the reputations of corrupt politicians (oh, what a loss). I mean, unlike other “IRL” actions to get politicians to straighten up, which include blowing up buildings, assassinating politicians, putting innocent people at harm, and other such harmful actions… these kinds of hacks do nothing more than reveal data. Of course it’s not to say hacked data won’t reveal troop positions and so on that WOULD put innocent people (or at least people who could be needlessly harmed by our enemies), and thus I wouldn’t go so far as to say these actions are COMPLETELY harmless. But unless someone can figure out a COMPLETELY harmless route to expose politicians quicker and essentially force the gov’t to be transparent*, then I would vote for hactivism.

        That is, unless I’ve COMPLETELY misinterpreted the whole concept of hactivism.

        (* Journalism could be used as a completely harmless way to encourage the gov’t to straighten up… but is it effective enough? I’d also suggest that politicians have ways to defend themselves against journalism–bribing individual journalists, encouraging their parent companies to keep them away from “sensetive situations” lest their parent companies feel the wrath of the government, etc–and as such have nothing to fear from journalism.)

  3. I’m not sure that hacking the Senate’s public webserver counts as ‘espionage’. Now, if they were able to use that as a jumping-off point for other non-public servers, that could be a different story, but…as it has been pointed out, total security is a pipe dream. Practical security, then, is not putting anything important in the places that are easiest to hack. Yes?

  4. I can see this playing out real well…

    Spooked, the U.S. Government will create an initiative to achieve total security compliance by 2014. After a year to staff the blue ribbon panel, they’ll take another year to determine that the best way to achieve total security is to augment the existing IT contracts with the various companies with whom they do business. After 4 years of dicking around while paying billions to the likes of Lockheed Martin, Northrop Grumman, Raytheon, and yes, KBR, they’ll determine that the plan is now outdated and will need to start fresh with a new recommendation task force.

  5. I do enjoy LulzSec; their antics are funny, they’re clever, and it’s just good fun.

    Now, I have a question. Before I ask, I’d like to clear something up. This analogy has been used in the past to justify making criminals of people who access servers without authorization, such as in this case. I’ve always thought it to be ignorant. The context has changed though, and so I’m going to ask it anyhow.

    How is what they are doing any different than breaking in through somebody’s window, rifling through the homeowner’s belongings, and then announcing to the world that their security sucked? Sure, you can fortify your house with iron bars and 24/7 security, but who does that? You expect most of the time that most people will just respect your stuff and not mess with you and your belongings.

    I know that the analogy is weak in several areas still in this case, but in its simplest form I do think it raises a good point. At least some discussion.

    1. The difference is that LulzSec “broke in” through a window that was already open. If I understand comptuer security well enough, I would compare it more with an extremely complex hedge maze than a literal wall. Nothing actually is “broke”, just circumvented, and as such, it’s not like everyone behind them get a free pass in…

      The other analogy could be that after LulzSec/hackers “break in”, they repair the damage behind them. In the end, there is no real “damage” other than the fact that the way in is now public knowledge and thus the hedge maze either needs to be patched up or rebuilt.

      People (though I’m not saying YOU per se) make analogies to the internet using “IRL” comparisons which “make sense” to the average schmuck, but you and I know they don’t hold and water. Classic example: “stealing” movies, music, etc online. How do you steal something online, when the original is still there on its owner’s server?

      “Breaking into” a server implies the server wasn’t “broke” before.

    2. How is what they are doing any different than breaking in through somebody’s window, rifling through the homeowner’s belongings, and then announcing to the world that their security sucked?

      Here’s a better analogy for you, OK? I will try to make it as close to your own as possible, though.

      You left your diary and your bank book on the kitchen table and your window open. Lulzsec used a telescope to read your private information, then they painted it on every billboard in town. They didn’t break your window, and they didn’t steal your diary or your bank book. They most certainly did violate your privacy! And if you happen to be a saintly person and a pillar of the community, everyone will be outraged on your behalf, and will give Lulzsec a sharp slap on the back of the noggin when next they see the nasty little peeper. But if you happen to be an outrageous liar and generally horrible person, who turns out to be keeping things in your diary that you should not even have, then everyone is sort of appreciative of Lulzsec, despite being uneasy about the methods.

      This is a common theme in computer crime – people want to equate copying of bits with destruction of property, and it’s really not in any way equivalent, of course.

      But invasion of privacy is still rude and cannot be condoned under most circumstances. Just because the government does it with wild abandon doesn’t make it right.

  6. The ultimate conclusion to the assorted hackers pursuit of transparency will be restrictions on how the internet will be used/useable. Should this hacking trend continue, how much of our freedom will be taken away due to governmental reaction?

    Sadly, the day when we all are like, “Remember when the internet was free?” is approaching.

  7. “Practical security, then, is not putting anything important in the places that are easiest to hack. Yes?”

    The problem is that government agencies deliberately weaken security because of a need or perception that those exceptions are required for law enforcement purposes.

  8. I hope they fixed all of Bethesda’s bug-ridden games (which I love) while they were in there. Because god knows Bethesda isn’t any good at it.

  9. So, how is hacking Bethesda “hacktivism”? Are they just, like, raising general awareness about security issues?

  10. Hacktivism is way too generic a term. The community could really help itself out by narrowing the defintion. As it stands now that ambiguity leaves lots of room open for creative interpretation.

    This is coupled with the fact that Hacktivism is just one of the many many politcal factions inside of the bubbling cauldron of western civilization.

    If you the hacktivist community is serious about political integration, then the community could do well by softening its tactics and refining its image with the general public.

    Of course don’t take my word for it. A good place to start would be to ask some of those “poor” folks who’ve, “lived in one location for their entire life.”

Comments are closed.