Thursday, June 23, 2011


by Alexia Tsotsis
Jun 17, 2011
Hacker group LulzSec, which only communicates through its own Twitter account, and random messages on Pastebin, has been on a Public Relations tear this morning. For the uninitiated, LulzSec is the loosely conglomerated internet griefer group behind the relentless hacker war on Sony, attacks on PBS, the US Senate, the CIA, and a slew of gaming sites popular with 4Chan users including EVE Online, Minecraft and League of Legends.
But despite the group’s eagerness to get in confrontations for the “lulz” and the numerous mass media headlines to the contrary yesterday, LulzSec is NOT at war with Anonymous, another hacker group — Anonymous, before the appearance of LulzSec, was held to be the preeminent Internet troublemaker. As the @LulzSec Twitter account makes clear this morning …
“To confirm, we aren’t going after Anonymous. 4chan isn’t Anonymous to begin with, and /b/ is certainly not the whole of 4chan. True story./b/ is the peon of all the 4chan boards and 4chan is the mass amplification of crowdsourcing used by AnonOps to gain support. #MediaFacts Saying we’re attacking Anonymous because we taunted /b/ is like saying we’re going to war with America because we stomped on a cheeseburger.”
The group then emphasized this by retweeting a statement by @YourAnonNews, “We are NOT at war with @LulzSec #MediaFags.”
Okay, for those of you still confused, /b/ or a subsector of 4chan which is used by some Anonymous members , and while LulzSec did claim to have infected /b/ and was down for awhile on Wednesday, it is unclear what, if anything, was caused by an organized LulzSec DDoS. In any case, what the @LulzSec tweets are saying is that an attack against /b/ does not equal an attack against the entire Anonymous organization which hangs out primarily on its own IRC channel and not necessarily The main mistake people seem to be making is assuming that the two organizations, Anonymous and 4Chan, are interchangeable.
Explains internet griefing expert Adrian Chen, “If Anonymous and Lulzsec were warring, Lulzsec would have DDoS’d the Anonops servers or something. And instead of just circulating posters on 4Chan and Reddit, there would have been a big campaign by Anonymous to take on Lulzsec.”
All this leaves one wondering where exactly the “friend vs. foe” line is drawn. Despite all its gaming related mischief, apparently LulzSec is a fan of SEGA DreamCast and not involved at all in the SEGA Pass hacking this morning, and indeed wants to “help.” Or that could just be a joke. I for one have no idea.
For more on the (i)rrationale behind their efforts, read their press release, posted in honor of their 10,000 tweet today.
Dear Internets,
This is Lulz Security, better known as those evil bastards from twitter. We just hit 1000 tweets, and as such we thought it best to have a little chit-chat with our friends (and foes).
For the past month and a bit, we’ve been causing mayhem and chaos throughout the Internet, attacking several targets including PBS, Sony, Fox, porn websites, FBI, CIA, the U.S. government, Sony some more, online gaming servers (by request of callers, not by our own choice), Sony again, and of course our good friend Sony.
While we’ve gained many, many supporters, we do have a mass of enemies, albeit mainly gamers. The main anti-LulzSec argument suggests that we’re going to bring down more Internet laws by continuing our public shenanigans, and that our actions are causing clowns with pens to write new rules for you. But what if we just hadn’t released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony… watching… abusing…
Do you think every hacker announces everything they’ve hacked? We certainly haven’t, and we’re damn sure others are playing the silent game. Do you feel safe with your Facebook accounts, your Google Mail accounts, your Skype accounts? What makes you think a hacker isn’t silently sitting inside all of these right now, sniping out individual people, or perhaps selling them off? You are a peon to these people. A toy. A string of characters with a value.
This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn’t released something publicly. We’re sitting on 200,000 Brink users right now that we never gave out. It might make you feel safe knowing we told you, so that Brink users may change their passwords. What if we hadn’t told you? No one would be aware of this theft, and we’d have a fresh 200,000 peons to abuse, completely unaware of a breach.
Yes, yes, there’s always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011. This is the lulz lizard era, where we do things just because we find it entertaining. Watching someone’s Facebook picture turn into a penis and seeing their sister’s shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos to because he can’t secure his Amazon password is priceless. You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it.
Most of you reading this love the idea of wrecking someone else’s online experience anonymously. It’s appealing and unique, there are no two account hijackings that are the same, no two suddenly enraged girlfriends with the same expression when you admit to killing prostitutes from her boyfriend’s recently stolen MSN account, and there’s certainly no limit to the lulz lizardry that we all partake in on some level.
And that’s all there is to it, that’s what appeals to our Internet generation. We’re attracted to fast-changing scenarios, we can’t stand repetitiveness, and we want our shot of entertainment or we just go and browse something else, like an unimpressed zombie. Nyan-nyan-nyan-nyan-nyan-nyan-nyan-nyan, anyway…
Nobody is truly causing the Internet to slip one way or the other, it’s an inevitable outcome for us humans. We find, we nom nom nom, we move onto something else that’s yummier. We’ve been entertaining you 1000 times with 140 characters or less, and we’ll continue creating things that are exciting and new until we’re brought to justice, which we might well be. But you know, we just don’t give a living fuck at this point – you’ll forget about us in 3 months’ time when there’s a new scandal to gawk at, or a new shiny thing to click on via your 2D light-filled rectangle. People who can make things work better within this rectangle have power over others; the whitehats who charge $10,000 for something we could teach you how to do over the course of a weekend, providing you aren’t mentally disabled.
This is the Internet, where we screw each other over for a jolt of satisfaction. There are peons and lulz lizards; trolls and victims. There’s losers that post shit they think matters, and other losers telling them their shit does not matter. In this situation, we are both of these parties, because we’re fully aware that every single person that reached this final sentence just wasted a few moments of their time.
Thank you, bitches.
Lulz Security

4 The Lulz
by Aaron Crayford  Jun 18, 2011
Editor’s note: Aaron Crayford is the CEO of Mighty whose main product is a smart real-time communication framework. While in high school was prosecuted by the US government for what the DoD called “The most organized systematic attack the Pentagon has seen” and was banned from touching a computer or talking about the story for a decade. You can follow him @aaroncray.

Heroes, hackers or douchebags? I’ve seen many takes. Mine goes something like:

FBI agent: “Tell us how you got into the satellite control systems at Lawrence Livermore.”

Kid: “You wanna know, (whisper) you really want to know?”

FBI agent: “yeah tell me”

Kid: “magic”

FBI agent: “this isn’t a fucking game kid!”

Game on! It was 1998 when 20 FBI agents raided my house. The awkward fat kid with working class folks in the corner of your physics class . . . that was me. But what about the LulzSec guys and these Anonymous members? Who are these guys? What the hell are they doing screwing with the cia…THE CIA!? They are revolutionary’s friends. The Washingtons of our times. Their guns are botnets 500gigabit/s strong, and their spies are automated entry system worms and rootkits. They’re taking out injustice one root at a time . . . right?
I knew I wasn’t going to jail and I knew that I had a great excuse for not handing in my chem homework.
Kid: “I was being interrogated by the FBI all night, I didn’t have time”
Teach: “Aaron go back to your seat. That’s the stupidest excuse I’ve ever heard”
(Did I just say I knew I wasn’t going to jail?) That’s the mind frame folks. Criminals never see themselves as criminals simply because of how subjective that word is. Even to this day if you were to ask me what I was doing, I’d focus on the fact that we took down pedophile porn ISP’s, patched thousands of compromised government systems and turned hate monger websites into Happy Hanukkah pages . . . for the lulz. Noob, leet, lulz we used those terms before square bears on Facebook and game networks did and they were just as funny then as they are now.
FBI agent:”Look asshole, you guys leveled Sweden with your bullshit”
Happens sometimes. One group comes to test another group…war…WAR! Right? It’s more like scrabble than devastating economies; barely mentionable in passing the next day. You rooted your friends system, you laugh, and that’s it. It’s hard to understand the impact of what taking down a site like Ebay, Facebook or Sony does. Lulz thinks it’s funny; hell it is pretty funny but the unfortunate fact is at the end of the day workers are hurt and the CEO of Sony still gets in a Maybach and is driven to his mansion. They even call him Sir. Knighthood for someone who strikes at the heart of innovation, at the guy in the garage.

So what is it? What makes these guys do this stuff? They must be evil, they must be huge assholes, they must be geniuses? Maybe. One thing is for certain they understand how to bypass systems of control much better than the techs at Sony. Think of it like this: imagine if, given enough time, you could break into anything or type a command and stop any website in the world from working. What would you do? The hard part of this isn’t figuring out what you would do (in case that’s what you were just doing). I’m not talking about a Harvard dropout patting you on the back and telling you you’re a hard worker because you wrote some php script or you’re in “The Harvard of Silicon Valley” (careful fackers bunnies bite). I’m talking about writing down a piece of code, an exploit no one’s ever seen, on a bar napkin while you’re intoxicated; when you try it later, it compiles and executes perfectly, proving you understand an extremely complicated system better than its creator. The hard part is obtaining that kind of skill and the guys that do never do it with the intention of breaking into places. The application of what you can do with that kind of skill is an after thought. So once you have the skill you hear a story about some innovative smart guy . . .
The guy in the garage. A guy like you;
who reversed engineered a game console . . .
because he bought and owned the game console . . .
and thought he should be able to do with it what he wants . . .
like most normal people would think.
There you go. The company that tries to tear that man down and the ideal of innovation just volunteered for your hell, your wrath. The bully is going down! That’s how they see it. Even though the reality is the FBI or CIA agent that will be tracking you down over the next few months/years doesn’t get paid squat and what drives him is the same thing that drives you; they think what they are doing is justice. The workers that get laid off from the game network because it went down are just 0.1% of the company (up to 10% is acceptable to the guys on Wall Street without much concern . . . considered “leaning out”) and Sir Howard won’t lose a minute of sleep in his big comfortable king sized bed in his mansion on the hill.

What Lulzsec and Anonymous don’t realize is these companies aren’t their enemies. Their exploits are shockingly funny and probably karma but there is a much more difficult system to hack . . . becoming the guy at the head of the board. So when you’re the 40-something-year-old CEO who hears that some kid, some guy in his garage, is tearing your product apart and doing amazing things with it that is hitting your top line revenue, and the VP of Operations is getting the legal team together to discuss your options; you stop the meeting and say “Go find that guy, pay him and lets see what he can do.”

That’s a real hack worth touting and it ends with you sleeping in a king-sized bed in a mansion on the hill and few can claim it’s been done before. Not many, if any, of the people I know from back then made it big in tech. The ones that stayed in security disappeared, working for people I’m too scared to ask about.

So happy hacking.
I hope you leverage your skill to your advantage.
Stay safe and don’t get caught.

If you do and they ask how you did it simply reply, “magic.”

No comments:

Post a Comment