Who is LulzSec? A phone call with the hacker pranksters. (Xeni on The Madeleine Brand Radio Show)

Discuss

59 Responses to “Who is LulzSec? A phone call with the hacker pranksters. (Xeni on The Madeleine Brand Radio Show)”

  1. Anonymous says:

    Who cares about Sony i just hope LulzSec doesn’t hack Xbox Live or something.

    • Gulliver says:

      First they came for CBS,
      and I didn’t speak out because I don’t watch CBS.

      Then they came for the PC games,
      and I didn’t speak out because I wasn’t a PC gamer.

      Then they came for the Sony Playstation,
      and I didn’t speak out because I didn’t have a Sony Playstation.

      Then they came for me
      and it turns out Microsoft’s network sucks so hard hacking it was an improvement.

      • Anonymous says:

        Har har they took down Sony and the PSN, whatever. But Eve is my home, the place I have friends..

        As you said..

        Then they came for me
        and there was no one left to speak out for I was having lulz at the other sites that were taken down.

  2. a5h3r4 says:

    I said *dollars.* About 40k bitcoins.

  3. emmdeeaych says:

    … a rabid elephant on PCP wearing a top hat rampage through a crowded market with explosive banana diarrhea.

    just look at it

  4. Anonymous says:

    i am still surprised to see that a lot of people are trying to figure out what they are all about, what their agenda is, why they hack certain targets, how to categorize them.

    it’s actually really simple: they are trolling.

  5. Anonymous says:

    They may be slashing tires and harming companies by DDoSing them but in the short term future that will force those companies to reinforce their tires, something that:
    1) they should have done a looong time ago
    2)will protect them from further harm they might have suffered at the hand of much less scrupulous hacker groups, at much greater costs than just downtime and user passwords revealed

    http://risky.biz/lulzsec

  6. Anonymous says:

    No, the slashed tires analogy is pretty much spot on. Except for these companies it could cost them a hundred thousand dollars as opposed to a couple hundred. Although, given the nature of LoL, Minecraft, and EVE, I’d speculate that the ‘opportunity cost” of their servers being down for 12 hours is nigh negligible.

    Oh god, CCP hires contractors to wait until a ddos ends. That’s, um, to be expected, I suppose.

    I’d still laugh at a ferrari or lamborghini with slashed tires though…

  7. or420 says:

    I still think this Lulz Sec hacking campaign will do little to make computer and network systems more secure. The fundamental realities are that security is reactive, computer and network systems are so complex that finding flaws is relatively easy and of course, humans are involved. The reason RSA got hacked is the same reason I keep cleaning out viruses from my family’s computers. No matter how many times I establish basic security rules they should follow, one person tends to break them and they infect their machine. This behavior is mimicked not only by people who use a corporation’s networks and computers, but also by sysadmins who, for one reason or another, don’t apply the latest updates, or have lax security policies so the CEO doesn’t have to go through hoops to connect to the network, or other countless reasons.

    For now, attackers have the advantage and have the power to break systems (relatively) stealthily, easily and from anywhere in the world with an internet connection. Until this security paradigm changes (though new security technologies or other means), I don’t think we’ll see meaningful change.

  8. Anonymous says:

    The group itself is a annoying group, gamer enthusiasts that come home from work to play games- instead of say going out and beating the crap out of people and getting drunk- to let off steam. Some use it as a way to get rid of anger (fps, violent games) so they dont actually hurt people irl, Others use it to enjoy company with friends because irl they have hard time understanding other subjects other than games. So all they are doing is pissing off a part of society that I wouldn’t recommend – I always say if someone did make games illegal in state that there would probably be more murders, rape, and shootouts cause you took a way to let off steam.

    Now as for the others sites I am have no comment to as they have no direct link to my life that I can change. Word of warning though more you expose how THE ‘US’ Internet problem is more russia will take advantage or other countries by getting hackers or hacking knowledge to take down sites for good…

    • emmdeeaych says:

      so… lulzsec is doing us a disservice by taking away the distractions that allow us not be sociopaths to each other at the end of the day? If what you say is true, then we own lulzsec way more than lulz.

      If our society is made up of distracted sociopaths, we’re more fucked than we would be if sony were hackable. Then again, you might just mean you.

  9. Elijah says:

    @Ryanwoofs : yeah yeah – in all seriousness, I get you. Security breaches as a performance art can potentially serve the betterment of all. No sarcasm, I’m with you. And, mea culpa, I don’t know enough about network security to truly understand how their exploit.

    From my perspective they seem like bullies. I acknowledge – and hope – that this is not so.

    @HereticGestalt : much less enthusiastic ‘yeah.’ I so want to type more, but that link I got sent?

    @Anon : Yeah, good link. Touché.

    @Xeni : sorry if I was out of line.

  10. Anonymous says:

    they should take out WOW; that would create chaos… :)

  11. Morrigan says:

    “We are the concentrated success of 2005 /b/, being “hunted” by the 2011 furry horde. Challenge accepted, losers. :D”

    Interesting.

  12. Anonymous says:

    They’re more like terrorists hacking systems for “the lulz” but how funny is it when they get the balls to take all your money? When you wake up in the morning with no money and your house is gone with a note saying “ha lulz” how funny is it when you need a police officer quickly and all you get is “please hold” due to lulzsec hacking the phone lines…

    Its terrorism and to be honest they should be shut down and arrested before they hit serious things. Just my opinion though…

  13. Anonymous says:

    LulzSec is just Skidsrus people, where Ryan Cleary (one of the backstabbers of the older AnonOps network) is also hosting their IRC network.
    They are just irritating and annoying other people and network that are having holes in it.
    They sometimes use 0-sec exploits and sometimes they already hacked it some time ago.
    Some of the lulzsec guys are new but most of them are known from Skidsrus.

  14. Ambiguity says:

    Maybe I’m just being a bit naive, but it seems pretty obvious who they are: a group of kids having some fun. And like all such groups from the dawn of time, they’re going to do (and have done) some things of questionable ethics and wisdom.

    On the other hand, they do seem to have a sense of humor and some of their hijinks are pretty funny (unlike Anonymous, who don’t seem to have much of a sense of humor, apart from hacking the Spanish police site and shopping the GF masks onto the police).

    But yea, they’ve angered some pretty determined people, so I think this will end badly for them.

  15. Anonymous says:

    Oh, how the world has changed. You can now REQUEST A TARGET for LulzSec to attack. They are operating a phoneline for requests.

  16. Teller says:

    They’re just job-hunting with real-time resumes.

  17. sharon says:

    I’m one of those people that had ALL there info STOLEN from Sony by LulzSec and a few days later I had money stollen from my Bank account and there are others that I’m friends with that have had the same thing happen to them after Sony got Hacked by LulzSec.
    Far as I’m concerned, they are a criminal organisation that are committing identity theft and frourd and they should all be sent to jail.

    • Gilbert Wham says:

      Seriously? Your bank uses a SINGLE password to authenticate you? And you used the same password on a gaming network. Sorry, but I don’t believe you.

  18. Courtney says:

    I don’t get LulzSec.

    But I just wanted to say that “a rabid elephant on PCP wearing a top hat rampage through a crowded market with explosive banana diarrhea” is quite possibly one of the finest phrases I have read this week.

    • mccrum says:

      +1 on all that. I don’t understand who they are or their goals but that metaphor certainly brings visual comprehension to the table.

  19. Elijah says:

    When it was Iran and the gubmints, I was kind of nodding in approval of an unorthodox approach to promoting transparancy. Sony started to make me squirm a bit – the gamers most affected didn’t seem to do anything to warrant the action, hard to see the lulz there.

    But now they’re going after, what, six guys in Sweden? A moderately successful video game website? EVE Online? I can’t help but think whatever point they’re trying to make regarding ‘big, powerful entities’ is getting badly diluted. Even Bethesda was stretching it in my most H of O’s.

    Hell, isn’t Boing Boing as at risk of these merry pranksters as anyone else?

    The faint whistling you hear is my enthusiasm for hacktivists steadily deflating.

    I’ll just sit quietly over here and wait for someone to paraphrase Martin Niemöller’s “First they came for…”

    • holtt says:

      I have to agree Elijah. If one day it’s BB that’s down, is it not interesting anymore? And seriously – Minecraft? A cool success story of a guy who was just doing what he loves and got some mad success? There’s no big brother/government/corporation there to hate.

      • Anonymous says:

        Ruh-roh, they ddosed a few game servers and a magazine site. Hardly of any great danger or interest. It would be lulzy if they ddosed them with the FBI botnets.

        Why is the assumption that Lulzsec is disclosing all of their hacks so global or that they aren’t taking financial gain from non-disclosed hacks? While I enjoy the idea that they are interwebz freedom fightas, I think it is quite naive to ignore the possibility that lulzsec is about more than that and the lulz. Certainly, making such a public stink doesn’t lend itself to enabling them to steal identities and cash as easily as before (well, that’s the hope), but it doesn’t exclude those activities by definition.

        I’ll be honest; I laughed at the cockorow hack. I’ll probably laugh if BB gets hacked by lulzsec. Then I’ll make my email password much more secure.

  20. smonkey says:

    I wouldn’t call them a chan group.

    They don’t seem to like that.

    Just sayin’.

  21. Xeni Jardin says:

    I don’t think LulzSec has identified themselves as hacktivists, ever. That’s kind of the point.

    Yes, BB is a potential target for malfeasance, from any number of directions. We’ve been hacked before. Recently, but before that, too. We will probably be targeted again. Won’t change the fact that this story, and related stories in the spectrum of hacking/cybercrime/pranksterism are interesting.

    If LulzSec is reading this: guys, we’d appreciate it if you don’t nuke us. We already know you are capable of great pwnage. Thanks.

  22. Anonymous says:

    One time, someone went down a few streets in my neighborhood, randomly slashing the tires of the cars parked in the street. I fail to see any real difference between these DDOS attacks and that act of random vandalism. The DDOS attacks are low-tech, require little more than a streak of malice, and end up costing money for people who have done nothing to the vandals. Sure, after time passes it will be seen as little more than a nuisance, but the only lesson it teaches is that there are jerks out there who will harm others merely because they are entertained by the inconvenience they cause.

    • Antinous / Moderator says:

      One time, someone went down a few streets in my neighborhood, randomly slashing the tires of the cars parked in the street. I fail to see any real difference between these DDOS attacks and that act of random vandalism.

      This is more like going down the street, checking all the car doors and leaving notes in the unlocked cars telling them to start locking their doors.

      • Anonymous says:

        Except that these guys didn’t leave notes. They disrupted service, which required companies to spend money to investigate the disruption and find ways around it. CCP, the company that runs EVE Online, stated that they go to external sources to help them deal with this type of problem, which I take to mean they have outside contractors. They have to evaluate their system to determine if any customers’ accounts were compromised, whether credit card information was obtained, etc. So they have to pay them. This would result in actual damages for companies like CCP. Not to mention the opportunity costs of reassigning internal programmers to address the situation, when they could be developing code for expansions, improved servers, etc. On top of this, add the people who wanted to play the accounts they’ve paid for, but couldn’t because CCP shut down their servers to avert any further damage.

        I recognize this is not the worst type of attack, but I would argue that it’s not just a white-hat attack to notify someone of a vulnerability.

      • Anonymous says:

        Leaving notes?
        DDOS:sing is nothing about leaving notes. It’s like forcing all the lights to be red. It little to nothing to do with security of the cars themselves.

      • Anonymous says:

        If this was about data compromises, we can bicker metaphors forever. “Taking down the VIN of every unlocked car on the block, as well as any personal information in the glove box and posting copies of everything on every block in the house.”

        That’s entirely missing it. As someone who’s had to deal with service denial in a variety of contexts, I can tell you that your argument is orthogonal to what you’re really talking about. Seriously? Mojang? Your message to Mojang is that they should be consumers of bandwidth large enough that they can dictate to their Tier 1 provider what they should null-route?

        (P.S. The actual metaphor in this context is someone going down the block and letting the air out of the tires on every car. Some of them have their own pump, some of them can get a pump, some of them need to get their whole car towed, and some of them prepaid for 87 tire’s full of air and all of those escaped.)

      • purple-stater says:

        [quote]This is more like going down the street, checking all the car doors and leaving notes in the unlocked cars telling them to start locking their doors. [/quote]

        No, it’s more like they slashed the tires of Public Transportation buses.

        Breaking the law for a cause is at least somewhat understandable. “lulz” being your cause never is.

        • Anonymous says:

          Close but not close enough its like this, They walk down the street piss on car here, put a sticky note on it say lulz tango down, go over to another car slash the tires sticky note it saying sunk your ship lulz, finally go over to atm machine kick it few times then sticky it saying Got your accounts lulz here the are 60,000+ with passes – all you see is abc – 123 written 150 times…. As a hacking group in comparison to what they have down is pathetic plus HOW do we really know this group is responsible to the sony attack and not just saying that they did it. They may only saying they are doing this so they look cool as for ddos I dont doubt they did that because thats a simple task to do in comparison to hacking sony taking them down for while and stealing account info.

      • Punchcard says:

        ….then pulling out your spark plugs, removing a few fuses, making a copy of your registration and insurance info and then leaving it all sitting on the drivers seat

      • Anonymous says:

        It’s around the attack on Minecraft, who probably couldn’t afford better security if they wanted to, that this argument started striking as some stone bullshit.

        • zikman says:

          are you kidding me? do you know how much that minecraft guy has made just from his video game sales? they *definitely* could afford it.

          • Anonymous says:

            Yes.

            About as much as a fairly profitable small business. Or maybe an orthidontist.

            Are you expecting Joe’s House of Beds (Now with 3 locations!) to invest in the same level of security as, say, your bank? Should he need to invest in that level of security just in case some group of locksmiths and burglar fetishests decide to break in and shit on all the matresses to teach him a valuable lesson about improving his security?

            Or is it more reasonable to decide ‘Hey, maybe you shouldn’t go around breaking into places and shitting on the matresses?’

  23. Gemma says:

    Passwords video…. from 1:24 to 1:51. Nearly 30 seconds of 123456.

  24. Slone13 says:

    “Prankster” certainly seems an interesting word choice.

  25. querent says:

    May you live in interesting times.

  26. Anonymous says:

    I agree that they should be taken down somehow… But that will prove difficult. These types of people are clever.

    That being said, there is no such thing as a perfect criminal.

  27. Elijah says:

    “transparency” – sorry for the misspelling.

    @Xeni : Ok, so they are not hacktivists. You never made any such claim and the inference was all mine. In defense of my word choice I was trying to put a positive spin on what they were doing by assigning them an agenda to which I was sympathetic when, admittedly, I have no idea what that would be.

    Should we then assume they have no agenda? Yet they certainly seem intent on drawing a great amount of attention. How, then, are we to conceptualize them? Dada extremists?

    The phrase seems needlessly weighty. Surely there’s a more colloquial terms bandied about by their targets of malfeasance.

    Maybe dicks? Dinks? Dorks? I mean, pardon a tendency towards phallic metaphors, but I’m seeing forced intrusions here. For the lulz? Ha ha?

    Funny. I wouldn’t think that would make people laugh.

    • HereticGestalt says:

      I’m not sure you understand the meaning of “in it for the lulz.” Sometimes people do things – art and sport/play come to mind – that are not primarily driven by agendas or profit motives. You don’t have to be a “Dada extremist” to do things for no other reason than that you like to show off and be challenged and entertained, aka because you can.

      Why is it so hard to imagine that LulzSec is just not in it for the Big Message? They’re funny and really good at what they do, and they keep people on their toes. It’s not really a morally apt paradigm of behavior.

    • Ryanwoofs says:

      More important questions are:
      If a group doing this “for the lulz” can wreak so much havoc, what could a group with more malicious intent do?

      We’re only hearing about these incidents because LulzSec is publishing/boasting about them. How would we otherwise know? How would the affected companies even know if they had been breached in many cases, if they can’t even maintain the most overt of data security measures?

  28. Chydanos says:

    Going after major video game companies may seem like a questionable idea, but these merely offer addictive distractions to a large amount of people who could spend their valuable time doing more productive things in life. I think LulzSec going after World of Warcraft sometime in the future would be a good idea.

  29. Anonymous says:

    haha CCP Hacked…and this time NOT by people on the inside doing “insider trading in spaaaaaaaaace”.

  30. Nicky G says:

    So they blatantly acknowledge being closely aligned with the transdimensional Illuminati shape-shifting reptilian alien overlords, and all you people do is sit back and LAUGH?! We are SO doomed. *sigh*

  31. Anonymous says:

    none of these posters bothered to read the article apparently.

  32. james4765 says:

    Speaking as someone who has dealt with web security since my time as a local Indymedia collective site admin starting in 2003, and got 0wned by some right-wing hackers a couple of times, I can say with absolute certainty that I’m having a blast watching a lot of self-important companies get slapped with a big trout, after getting their pants pulled down.

    Lulzsec is running around at breakneck speed, pretty much smashing everything they can get their hands on ’till the hammer falls on them. Now, the rich and powerful are learning what those of us who were doing this stuff years ago have learned – there are better, smarter, more agile groups out there who will embarrass the hell out of you when they get the chance.

    Hey – much more damage could be done by these guys. Wiping databases, injecting malware links into random stories, loading their servers with horse porn and warez – and that’s just the stuff I’ve had to clean up in the past. These guys are operating like it’s a different era – counting coup instead of stabbing a motherf**er to death.

    /me grabs popcorn and sits down to watch.

  33. Anonymous says:

    LulzSec is more like they punctured a bunch of tires with a chopstick, which forced the tire company to replace them with better tires to all their customers rather than continue to manufacture cheap ones that can be punctured with a chopstick. Meanwhile, you’re realizing how much you rely on having good tires and maybe you’d be less likely to just blindly give your money to the company that makes tires that can be punctured with a dull wooden instrument.

  34. zikman says:

    you didn’t have to bring bananas into this

  35. a5h3r4 says:

    They’ve racked up nearly a million dollars in bitcoins of late, which explains the seeming anarchy behind their behavior. It’s cover for nastier doings.

Leave a Reply