Off the Cuff By Chris A. Porter firstname.lastname@example.org WNI Web Developer and PVtrib.com webmaster shares his perspective on technology, local and national politics, and life in the Quad-city area.
Friday, June 24, 2011
Blog: Hacker warfare: Harmless pranksters or terrorists in-the-making?
Among the ranks of the self-proclaimed 'hacker' world, a new trend of online warfare targeting high level online entities has erupted this month, and attacks seem to be happening more and more frequently. Campaigns to leak sensitive information stored in databases from corporations to government agencies in efforts to 'force transparency' is the ultimate goal for a few elusive and anonymous hacker communities.
In the most recent salvo protesting SB 1070 specifically targeting Arizona law enforcement, a group calling themselves LulzSechacked Arizona DPS computers on Thursday releasing hundreds of law enforcement files to the public including personal information about officers as well as documents on counter-terrorism operations.
The group is calling the action "Operation Chinga La Migra" and claims to be targeting the Arizona Department of Public Safety because they are against SB 1070, believing it to be anti-immigrant racial profiling, referring to Arizona as a "police state".
The documents classified as "law enforcement sensitive", "not for public distribution", and "for official use only" are primarily related to border patrol and counter-terrorism operations and describe the use of informants to infiltrate various gangs, cartels, motorcycle clubs, Nazi groups, and protest movements.
Every week we plan on releasing more classified documents and embarrassing personal details of military and law enforcement in an effort not just to reveal their racist and corrupt nature but to purposefully sabotage their efforts to terrorize communities fighting an unjust "war on drugs".
Experts have since closed all external access to the DPS system after the breach was identified as coming from 7 email accounts of seven DPS officers. The passwords for said accounts were posted online. DPS does not believe any sensitive information that might compromise current investigations has been released yet.
Earlier this month, this group claimed responsibility for breaching a public portion of the Senate.gov website as well as other low level breaches of websites for PBS, Bethesda Networks, Fox.com, CIA and NHS. Their preferred method of attack is via Distributed Denial of Service (DDoS), where targeted web servers are barraged with external communication requests until the host website is rendered unusable. A few weeks ago they hacked the Sony Pictures Entertainment website, exposing the personal information of some 37,000 users.
Their name is derived from 'lulz,' which is internet slang as well as a derivative of LOL, a common online acronym for "laugh out loud" and 'Sec,' which is short for security. The 'lulz,' or laughs, is supposed to signify the intent is purely for amusement.
Their attitudes are sanguine and they seem hardly fearful of getting caught. In an interview with Gawker, a leading member of LulzSec says he doesn't feel threatened at all in regards to member identities being exposed within the community. Quite the contrary, actually: the group seems to openly thumb their noses at authority, even boldly announcing their latest online conquests via posts on Twitter using a popular account called "The Lulz Boat" which boasts over 250,000 followers.
The recent attacks come in an aftermath of the cyber-crimes arrest of Ryan Cleary, a 19-year-old from the UK who authorities say has ties to the LulzSec group. He's been charged with cyber-attacks on Britain's Organized Crimes Agency and Phonographic Industry. LulzSec seems to disavow Cleary as a member of their community.
"What's changed? Ryan isn't part of LulzSec... No LulzSec arrests have been made. Our Twitter hasn't even been suspended," says a member who goes by the alias 'Topiary'.
The FBI is not amused. Agencies are actively investigating the Lulz Security Group (LulzSec) after the Sony breach, as well as an announcement that they stole 180 passwords from InfraGrad, a partner organization for the FBI. LulzSec claims to have used them to steal 1,000 emails from a Delaware-based internet surveillance company called Unveillance, LLC.
From 'lulz' to perhaps something a bit more sinister
LulzSec is alleged to be a spinoff of another media-renowned hacker group called Anonymous - though Anonymous' goals tend to be more activist-oriented, under promotion of internet freedom and freedom of speech. This group, which has supporters that have been photographed wearing Guy Fawkes masks, also boasts some serious online security breaches, including YouTube, The Church of Scientology, Epilepsy Foundation, and even hacking the Australian Prime Minister's website.
This latest DPS hack might show an unsettling transformation of LulzSec's former happy-go-lucky intentions to profound political and philosophical motivations. The hack is apparently an opening salvo in what the group calls "Operation Anti-Security," which they claim will target more law-enforcement agencies, private security contractors, banks and possibly even military installations.
Making enemies among their own
LulzSec has garnered the ire of rival groups of hackers TeaMp0isoN and Web Ninjas. The former is connected to the Palestinian-friendly "Mujahideen Hacking Unit" responsible for defacing Facebook in December of last year. Their plan is to take LulzSec out, hacker-style, and give them a taste of their own medicine.
Off the Cuff:
As a bit of a 'script kiddie' myself in younger days, a harmless hack can be humorous (to some) as long as the damage is minimal and quickly reversible. This, however, is a whole other level of online shenanigans.
Should an officer or informant be harmed or even killed due to certain sensitive information being leaked to the public, this group instantly gets promotion to terrorist organization. In the case of such a situation, I have absolutely no sympathy and the chips will fall where they may. I question their broad motivation, namely SB 1070, as being the only catalyst, especially since key parts of it have been deemed unconstitutional, and are therefore blocked.
In regards to attacking banks? Well, messing with sources of people's money in a recession sounds like a recipe for disaster to me - no matter how harmless the attacks might seem.
Going after law enforcement seems an even more fruitless endeavor. These are not folks you want holding grudges against your organization. Hacking the military sounds like an even dumber idea.
So best of luck to you, 'hacker communities,' I hope all those proxies can protect you, for sometimes the 'hackers' can quite easily become the 'hacked' in the blink of an eye, and life in prison is a long, long time, no matter how well you behave once you get there.
As always, your comments and remarks are very much appreciated.
Posted: Thursday, July 21, 2011
Article comment by:
Personally i support them.They are givng the elite and this system at large the middle finger.And hitting them where it counts,their pockets.For far too the long the western powers that be have done their dirt with impunity.Now they are getting uncomfortable because somebody is calling them on their own s***.And yes eventually these guys will be labeled as a terrorist organization,i fully expect it.Oh well...I would expect no less from the elite.I hope anonymous and these others continue to bring the war to the oligarchy's front door.It of course will take better planning.We certainly cant go hacking from our homes now can we?..LOL..Hackers need to implement better security protocols.Tiny details keeps your ass out of jail.
Posted: Sunday, July 10, 2011
Article comment by:
Better to get your system hacked by kids that promptly tell the world about it, than skilled criminals who steal all your base.
If you don't want to get hacked by kids, close your holes.
In the case of citibank it was a huge hole that even the lamest hacker could exploit without working up a sweat.
Posted: Monday, July 4, 2011
Article comment by:
Snail Mail User
Frankly, these hackers have me worried enough that I will not do financial transactions over the internet. I saw a piece on the news about a church's finances being hacked. Their insurance company covered the cost, but WHO ultimately pays?
Many companies (utilities, vendors, banks, etc.) want you to transact business on-line, and provide incentives to do so. Social Security is the ultimate on-line user! I will not, if at all possible, use the internet for financial transactions due to a large doubt about the security of even my small amounts & information being hacked.
There are reasons why snail mail, although not completely safe by any means, will continue to be my first choice.
Posted: Saturday, July 2, 2011
Article comment by:
Food for Thought
I agree with some of the points made here but think about thisÖ. If these are American kids/people and we set a tough example the only ones hacking us will be foreigners. We have no jurisdiction over them. I would rather we get on these system administrators to get the job done right.
It is the system people that have let this information venerable not the people getting into it. To me itís like leaving the building doors unlocked and going home. Now that we are a technical world there needs to be more accountability from the companies.
It doesnít matter if itís police, state, investment, banks or whatever security starts with the System Administrator!
Posted: Thursday, June 30, 2011
Article comment by:
Being a "script kiddie" back in the day is nothing to brag about. Denial of Service attacks have always been considered lame as well among legitimate, white collar hackers. As a matter of fact, these hackers aren't even good. They take advantage of open source penetration testing tools such as Metasploit and poke and prod at certain networks until they find a "door" that happens to not be locked. These tools are available to anyone who knows how to use Google.
Hackers who pull off malicious attacks such as these always carry flimsy manifestos and honestly believe their approach to exploiting these networks help the system administrators know the vulnerabilities to their network. These hackers are child-like and arrogant.
Once they are caught, I will have no sympathy for any of them. They are riding a fine line between average burglars to terrorists and hopefully once they are caught they are made examples of.
Posted: Wednesday, June 29, 2011
Article comment by:
It may be that I'm a little impressed as well as amused with this groups ability to breach so many security systems. However, it's unfortunate that they're risking the security of DPS officers for their cause. Although I'm not crazy about cops in general, I understand that there's a need for them. And when it comes down to it, officers are really just more people who have to go to work and do what their bosses tell them to do just like so many of us. Some of them may even be required to enforce SB 1070 even though they don't agree with it themselves, but they still have to keep their jobs because they have families they need to provide for and bills to pay. If LulzSec's motivation really is because of SB 1070 then it would have made more sense to specifically target legislators, and/or Jan Brewer. Even Joe Arpaio, (who I feel has been obnoxiously gung-ho for SB 1070) might have even been a fair target. (Might of even had it coming.) They should be focusing their attacks at people who have higher authority. Not on people like officers who don't have any actual authority in passing legislation and who are ultimately just doing their jobs.