The hacking scene is a very complex territory to delve into. High profile group Lulzsec have been in the press in recent weeks for hacking into many corporations, such as Sony, as well as US government bodies.
Behind the scenes however it appears there is more than a little friction right now between various individuals and groups. One guy who appears to want the closure of Lulzsec is a chap called “th3 j35t3r.” He has an active Twitter stream which is filled with taunts and insults against Lulzsec.
By following the link, people are taken to the website of Karim Hijazi, the CEO of Unveillance. His business is a private botnet monitoring service which locates and confirms botnet infections in computer networks. On June 3rd Karim published a press release on his site which highlights a conversation he had with some members of Lulzsec after they targeted him.
(KARIM) So did we wrong you in some way, let’s get to the point?
(LULZ) <@Ninetales> If you wronged us, all of your affiliates would be crushed. Don’t worry, you’re in the good books. The point is a very crude word: extortion.
(LULZ) <@Ninetales> And what we’re both willing to agree upon that you sacrifice in return for our silence.
(LULZ) <@Ninetales> While I do get great enjoyment from obliterating whitehats from cyberspace, I can save this pleasure for other targets. Let’s just simplify: you have lots of money, we want more money.
(LULZ) <@Ninetales> Prepaid Visas, MoneyPaks, BitCoins, Liberty Reserve, WebMoney, the flavor of your choice. Naturally we’ll avoid PayPal.
Karim finishes the press release with some other details:
1. I have been able to protect the sensitive data which LulzSec was ultimately after. All they have stolen and publicly dumped are my personal and work emails.
2. I am now, and have been, in full cooperation with the FBI. In fact, I contacted the FBI and US-CERT immediately after I began receiving threats from LulzSec to request their assistance – and to explain the nature of the threat. I offered my full cooperation to the FBI in an effort to rectify the situation.
3. Unveillance is not a security company. We are a private botnet monitoring service – and a good one, which is why we were targeted. I do not provide security services to other companies. What I do provide clients with is the first zero false-positive analysis tool for identifying confirmed botnet infections in their computer networks.
4. I am not surprised by this attack; or the information dump on me; or their slanderous statements against me and my company. This is precisely what they threatened me with – in addition to other things, including allusions to physical harm to me and my family – if I did not cooperate with their demands.
5. I do not regret refusing to cooperate with LulzSec. My data is of national security importance. I could not and cannot, in good conscience, agree to release my botnet intelligence to an organization of hackers.
Lulzsec claim that they were deliberately trying to expose Karim to see if he would sell out. It all becomes rather confusing, although we can see from the events over the last couple of months that Lulzsec don't appear to be defrauding individuals by using credit card information they compromise from servers. Kitguru doesn't claim to know their thinking or what their motives really are and while their actions are illegal in many countries, they have yet to target any members of the public.
One thing is for sure, both Lulzsec and Anonymous are certainly on the hitlist for many of the government agencies. We wonder how long they can remain hidden from authorities. The recent attacks also have many high profile companies worrying about their security and perhaps some good can come from the attacks. After all we are pretty sure by the end of the year that Sony's networks will be a heck of a lot more secure than they were a few months ago.
Kitguru says: Do you agree with the actions of Anonymous and Lulzsec? Some insiders claim that certain individuals are actually members of both groups.
I question that. Sony was hacked what, 3-5 times? Each time, they seemed to have made minimal Security Upgrades, in some cases I question if there were any at all. They may have finally learned their lesson, but only after they lost a BIG load of Customers, which will take a lot of time, and offers, which will in turn cost them a lot of money as well.
If they implemented some sort of advanced encryption system that would be a start (even if they already have one, upgrade it…). After that, instead of trying to sue them, track them and hire them. Like Gates did with the kid who hacked the XBox Network. Don’t waste cash in Lawsuits. They’re organized, the important ones are most likely in non-Extradition Countries so don’t bother with Law Enforcement, they’re tied up in Red Tape. Corporations can always benefit from having Hackers such as these at their service anyway.
Sony have been shown to be very very sloppy this year. I know no company will stop any hacker skilled enough, but it was attack after attack. slow responses, poor updating to customers. and repeated failures.
By the end of the year their network should be the most secure in the world, but they were exposed as being fairly incompetent.
http://lulzsuc.blogspot.com/
You can’t hire the kind of people who do this. Regardless of whether Sony’s network was weak, the members of Lulzsec are criminals and deserve to be treated as such. Giving them jobs because of their skills is a reward they do not deserve. They deserve nothing more than to be locked up for a considerable amount of time.
Whenever someone else decides to target Sony after this, either to make them into a laughing stock for not having done anything with their PSN Security, or either to just see if they bothered to do anything with their Security, having a highly-skilled LulzSec and/or Anonymous Hacker on your team working with your Security in a Counter-Attack is an ideal situation.
Like I said before, these people are organized and well trained. The most important ones of them are most likely in Non-Extradition Countries, and even the ones that aren’t will be incredibly hard to track down. No matter what illusions and claims the FBI is making, this will not be easy, and will cost a lot of money.
While America enjoys it’s illusion that its a “World Police Force” (example, attempts to prosecute a British Citizen for Copyright Crimes done in the UK, after passing the SPEECH Act which states that all US Citizens will not be extradited for prosecution in other countries for Crimes committed in the US), unless they Illegally Extradite them, I doubt there’ll be any way to prosecute them. Wanted Posters on InterPol’s Website and Sentences for the Minor League Players will be the best they’ll be able to do, at the most. And that’s assuming they don’t just turn them into FBI Informants instead. 1/4 US Hackers is an FBI Informant these days, according to an Article from a week or two ago.
Funny part is, most of them probably Hacked something sloppily as Teenagers (like the guy arrested in Spain a few weeks back) which landed them up getting arrested and threatened with super-long Jail Sentences…. FBI is reaching a point where Under-cover Agents simply doesn’t cut it. You can learn to talk all Gangster, but to enter the Elite Hacker’s Inner Circles takes Skill which takes years to learn and a lot of practice to master, so they turn to threats instead.