LulzSec Hacks Arizona Law Enforcement Agency

LulzSec has announced the publication of a trove of over 700 leaked documents from an Arizona law enforcement agency on the notorious Pirate Bay file sharing site.  Arizona’s Department of Public Safety confirmed that it had been hacked.  The LulzSec press release included with the dump sounds more “hacktivistic” than usual, exposing a political agenda, opposing Arizona’s SB1070, the state’s broad and controversial anti-illegal immigration measure.

Amongst countless mundane documents covering hours worked, officers’ personal information and other stuff of minimal interest are a few fascinating stories of law enforcement activities, such as an encounter with off-duty Marines patrolling the U.S.-Mexico border with assault weapons, and tirades about illegal Mexicans and drug dealers.

LulzSec, Anonymous Declare War On Us All

Lulzsec and Anonymous are declaring open war on all governments, banks and big corporations, worldwide.  They are attempting to unite all hackers to fully expose corruption and “dark secrets”.

“Whether you’re sailing with us or against us, whether you hold past grudges or a burning desire to sink our lone ship, we invite you to join the rebellion.  Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons.  Your hat can be white, gray or black, your skin and race are not important.  If you’re aware of the corruption, expose it now, in the name of Anti-Security.  Top priority is to steal and leak any classified government information, including email spools and documentation.

Prime targets are banks and other high-ranking establishments.  If they try to censor our progress, we will obliterate the censor with cannonfire anointed with lizard blood.”

Don’t be fooled by this diatribe.  The highlighting is mine, but the intentions are clear.  This is online terrorism, and it is totally illegal.  This sort of behavior is itself corrupt.  I’m all for making a difference, I support bringing about positive change, but there is a time, a place, and a proper methodology to follow.  This just isn’t it for me.  I’m not posting links to this, you can Google it up easily enough if you are that interested.

So far, they have not done anything that I have seen that rings true to this “eat the rich” campaign.  They have broken the law, caused large companies reputational and financial hardship, and have expsoed countless individuals to unnecessary risk by posting personal and account information publicly.  What information do those “Prime Targets” hold?  So much for Robin Hood.  Stealing from the poor to hurt the rich??

TNW has posted a handy little widget available if you would like to check all of the LulzSec released files for your email address to see if your accounts have been exposed.  If your email is there, your other information may be as well.

-=[BUSTED]=- LulzSec Related Arrest in UK

A 19-year-old has been arrested in connection with recent attacks, and is being purported to be connected with the LulzSec group, responsible for Sony, and other hacks.  The Channel 4 news agency posted the following tweet on Twitter:

19-year-old suspected of being mastermind behind computer hacking group LulzSec arrested in Wickford, Essex. #c4news

The Metropolitan Police released the following statement on the arrest:

Officers from the Metropolitan Police Central e-Crime  Unit (PCeU) have arrested a 19-year-old man in a pre-planned  intelligence-led operation.  The arrest follows an investigation into network intrusions and  Distributed Denial of Service (DDoS) attacks against a number of  international business and intelligence agencies by what is believed to  be the same hacking group.

The PCeU was assisted by officers from Essex Police and have been working in co-operation with the FBI.  The teenager was arrested on suspicion of Computer Misuse Act, and  Fraud Act offences and was taken to a central London police station, where he currently remains in custody for questioning.

Searches at a residential address in Wickford, Essex, following the arrest last night have led to the examination of a significant amount of material.  These forensic examinations remain ongoing.

“Sabu”, a self-confessed member of LulzSec states that the suspect arrested by the Metropolitan Police was involved in running its IRC channel only.  All of their members remain free and accounted for.

Sega Pass Attacked – 1.29m Records Affected

Sega has apparently become the latest victim of a network breach.  The attack occurred last Friday, and information belonging to 1. 29 million customers has been stolen from its database.  The blog PlayStation LifeStyle posted a letter sent from Sega to users of its Sega Pass service, informing them that unauthorized entry had been gained to the Sega Pass database, and that the company is investigating.

E-mail addresses, dates of birth, and encrypted passwords were obtained.  The letter indicates that none of the passwords obtained were stored in plain text, and no personal payment information was stored by Sega, meaning payment details were not at risk from this intrusion.

Sega offers a few common sense cautions:

• If you use the same login information for other websites and/or services as you do for Sega Pass, you should change that information immediately.
• They have also reset your password and all access to Sega Pass has been temporarily suspended.
• Please take extra caution if you should receive suspicious e-mails that ask for personal or sensitive information.

The hacking group LulzSec, which has hacked Sony, Nintendo, FBI affiliates, and others rather indiscriminately and with no remorese, has sent out a public tweet addressed to Sega: “@Sega – contact us, we want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.”  So, LulzSec is not responsible for this one, even though it matches their MO very nicely.  They have suddenly become formally organized enough know what all of their “members” are up to, and are nobly motivated to take some action against an unknown attacker.  Personally, I smell barnyard…

LulzSec Doing Public Service?

Melissa Bell at The Washington Post seems to believe that LulzSec is doing us all a great big favor by breaking the laws in multiple countries, breaching private networks, and posting sensitive information in publicly accessible sites.  “Laugh with them, or despise them, either way, they are, at the least, making a valid public service announcement: the web is an insecure space. Act accordingly.” Says the Post.

Laugh with them?  You know what, you are probably a real good, professional journalist there at the WP, and think that you are doing the right thing, either for your paper, the nation, or the general public.  But give your bloody head a shake, we can all stand the noise until whatever screw is loose inside there settles down and falls back into place.  I can hardly wait until YOUR webpage, network, personal computer and sensitive files are posted somewhere by these guys, or someone like them.  That would be a public service announcement too?  Doubt it.

Rather than sensationalizing what these CRIMINALS are doing, how about putting some thought into making the public aware of SOLUTIONS.  Why not do some RESEARCH and offer the public FREE INFORMATION about Information Security to lead them to the REAL lessons to be had here.

• There are risks inherent in connecting to the Internet, and each of us should be aware of them.
• The Internet is crawling with the same sorts of people as your apartment buildings, neighborhoods, cities, suburbs and parks.  Some are genuinely friendly, some are downright vicious, and it is very hard to tell the difference on the Internet.  Would you let just any of them randomly access your home at will?
• There are precautions that each of us can and should take with our systems, accounts and online trust.
• There are technical controls that each of us should be aware of and using; hardware firewalls, content filters, DNS filters, personal firewalls, sandboxes, spam filters, !!! and information !!!
• It just takes one malware infected system to compromise an entire network, and all of the networks and systems that connect and trust that network.

If LulzSec and other hacking groups WANT to do some community and public service, they would privately contact the owners of the networks that are weak or vulnerable, and advise them of the weaknesses rather than exploiting them.  Once the vulnerabilities are exploited, the networks and systems compromised, the attackers’ motives and information can no longer be trusted.  They are acting with malice, and may have compromised other systems within these weak networks, maintaining unauthorized access, and doing other illegal misdeeds.

If the network and system owners don’t respond within a timely fashion, or don’t fix the issues after some given point in time, then the groups should post an advisory WITH NO SPECIFIC ATTACK or WEAKNESS DETAILS, publicly admonishing and shaming the company or organization.  The public would spank them well enough, encouraging them to be careful with what ultimately is THEIR information.  If they continue to ignore the warnings, they would lose customer trust and support, and would eventually be hacked as others become aware of the details.  At that point, they have almost asked for it.

LulzSec and groups like them are acting irresponsibly, and Washington Post is reporting irresponsibly by hyping these criminals, and pinning Robin Hood like mystique to their criminal actions.  Nothing personal, but I hope that you become a target, Melissa, for educational purposes only, however I suspect that views like mine that are polar to the attackers are more likely to solicit their attention.

Just my 2¢…

LulzSec, Anonymous, & The End of The Internet

So it seems that LulzSec, the notorious hacking group, is not so altruistic and politically bent as they first appeared.

They apparently like to play computer games, and can’t resist showing off to the world just how kewl their new found skillz are.

They are looking more and more to me as an opportunistic bunch of parasites that have gotten drunk on their own intoxicating brew of exploits and media hype.  What used to sound like the kind of claims and warnings issued by supposed “whitehat hackers” and self proclaimed whilstle blowers is now sounding more and more like “look at me, I am the coolest kid on the block!  I wear my hat backwards, and I can spit real far!”

.

First, check out the Sony incidents timeline at attrition.org.  Then peruse the recent headlines gathered regarding LulzSec.

Continue reading →