Lulzsec.....

[V_R]

What are they doing!?

https://twitter.com/#!/LulzSec

So far today they've DDoS'ed Minecraft login servers, EVE servers, The Escapest and more...

Lulz Security, the hacking group apparently motivated by nothing more than their desire to laugh at the mayhem they cause, has had a busy day in an event they called Titanic Takeover Tuesday. Taking a break from their dumps of user data and server break-ins, today saw the group perform a bunch of distributed denial of service attacks against a range of targets.

First up—and still only intermittently available at the time of writing—was gaming magazine The Escapist, with no apparent reason for the attack. LulzSec boasted that taking down the site required just 0.4 percent of its DDoS capacity.

Next in line were the login servers for the game EVE Online. The effect of this attack was to bring down the EVE Online website at the same time, though LulzSec insists that this was not the actual target. In response to the DDoS, CCP Games, makers of EVE, have taken all their systems offline, for fear that they might be hacked. The company has also issued a statement to assure customers that their personal information remains secure.

The third target—and the only one for which the group has offered a rationale beyond "lulz"—is an IT security company named Finfisher. Their site was taken down, briefly, because "apparently they sell monitoring software to the government or some **** like that."

Gamers were once more in the crosshairs with the fourth target; more login servers, this time for Minecraft. Just as with EVE Online, going after the login servers also took out the game's website.

The pattern was repeated for the fifth target; login servers for the game League of Legends were knocked offline, a move which also brought down the game's website.

The result of all this? Lot of enraged gamers complaining about the downtime, and hence, many lulz for Lulz Security. Going after gaming targets hasn't made the group universally popular; posters on 4chan's /b/ forum, who might normally be sympathetic to lulz-motivated shenanigans, attempted to hunt LulzSec down. LulzSec dismissed the "/b/tards" as "damn furries," saying that they were the cream of the /b/ crop from 2005, distancing themselves from the /b/tards of today.

http://arstechnica.com/tech-policy/...ay-lulzsecs-busy-day-of-hacking-escapades.ars

 

[Silverhazesurfer]

This was issued just the other day
http://lulzsecurity.com/releases/****_fbi_friday_PRETENTIOUS PRESS STATEMENT.txt

And while this doesn't relate to lulzsec really, this is interesting also. Recently released.

This world is starting to get interesting.

 

[V_R]

http://twitter.com/#!/LulzSec/status/81115804636155906

Tango down - www.cia.gov - for the lulz.

They DDoS attacked cia.gov.... Getting a little too much now isn't it?

 

[Silverhazesurfer]

Too much? I don't know. It is something to wonder about what will happen in the near future. It proves that no system is un-hackable.

All I know is that I am preparing my Zombie Fortress and getting some canned goods.


However, you have to admire a group that uses a pixelated image of a flying cat with a pop tart on it's back and rainbows shooting out of it's bum

 

[V_R]

They just released 62K worth of usernames and passwords for Facebook, Amazon, Paypal, WoW and other sites.....

 

[Silverhazesurfer]

which is why i don't do anything that is really important on the internet, like banking. While my info is probably stored in the hacked database, I prefer the face-to-face that the local branch provides.

In the end, I keep all my money in the shoebox under my bed. Let's see them hack that. And for when money isn't worth anything, I will be in my fortress.

 

[Abarbarian]

http://twitter.com/#!/LulzSec/status/81115804636155906

Tango down - www.cia.gov - for the lulz.

They DDoS attacked cia.gov.... Getting a little too much now isn't it?

Yup pretty disgusting that the security services of the most powerful country in the world cannot maintain a secure pc network.

Men in Suits = 0

Spotty Geeks = top marks.

 

[V_R]

That is just the CIA's website, it wont be run, hosted, maintained or anything else actually by the CIA.

Their systems and network will be far more secure....

 

[Silverhazesurfer]

Unless they are using "classified equipment," i would believe that they wouldn't be much more secure than anyone else in the government. They may be able to know when someone tries to get in and perhaps cut them off, but I doubt that they have anything that actually prevents someone from getting in.

I don't know about the most powerful, but at least we got more bombs than anyone else.

 

[Abarbarian]

That is just the CIA's website, it wont be run, hosted, maintained or anything else actually by the CIA.

Their systems and network will be far more secure....

I figured that. But most folk will see "CIA Hacked" and think that it is a really serious security breach.

I'm pretty much an anarchist at heart so I find the whole " we hacked you nah nah nah " type of attack quite funny. Serious hacking for criminal gain is never funny.
Attacks or reported breaches like some of these below can be beneficial to society though, see 2,3,7,8.

https://www.infosecisland.com/blogview/12786-Top-Ten-Embarrassing-Data-Breach-Events.html

 

[V_R]

No one said CIA hacked. They didn't hack it, they DDoS'ed it. Theres a big difference.

 

[bootneck02]

Can anyone tell me what satisfaction these idiots get in hacking into these servers. As far as I can see most software engineers could do this but dont. What do these spotty faced geek idiots think they are up to.

 

[Abarbarian]

Can anyone tell me what satisfaction these idiots get in hacking into these servers. As far as I can see most software engineers could do this but dont. What do these spotty faced geek idiots think they are up to.

E-mail em an ask em.

Meanwhile just to confuse you further.

http://www.tgdaily.com/security-features/56706-sega-pass-downed-after-pwnage

In an ironic twist, the hacker group known as Lulz Security has offered its repertoire of services to Sega in an effort to catch and punish the unknown perpetrators. "@Sega - contact us," a LulzSec rep tweeted earlier this morning.
"We want to help you destroy the hackers that attacked you. We love the Dreamcast [and when we find them] these people are going down."

http://www.tgdaily.com/security-features/56701-lulz-security-clarifies-ongoing-operations

Lulz Security has issued an official communiqué explaining its hacking operations against various entities, including Sony, Bethesda, Eve Online, PBS, the FBI and CIA.

I'm glad they finally cleared the air a bit.

 

[V_R]

Was just going to post that, saw this on another forum. An email from SEGA (not to me)

Dear James,

As you may be aware, the SEGA Pass system has been offline since yesterday, Thursday 16 June.

Over the last 24 hours we have identified that unauthorised entry was gained to our SEGA Pass database.

We immediately took the appropriate action to protect our consumers’ data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems.

We have identified that a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text.

Please note that no personal payment information was stored by SEGA as we use external payment providers, meaning your payment details were not at risk from this intrusion.

If you use the same login information for other websites and/or services as you do for SEGA Pass, you should change that information immediately.

We have also reset your password and all access to SEGA Pass has been temporarily suspended.

Additionally we recommend you please take extra caution if you should receive suspicious emails that ask for personal or sensitive information.

Therefore please do not attempt to login to SEGA Pass at present, we will communicate when the service becomes available.

We sincerely apologise for this incident and regret any inconvenience caused.

We are contacting all our members with these recommendations.

If you have any further questions please contact SEGA customer support on (e-mail address removed)

@Sega - contact us. We want to help you destroy the hackers that attacked you. We love the Dreamcast, these people are going down.

https://twitter.com/#!/LulzSec/status/81765889329991680

 

[V_R]

Busted?

http://lulzsecexposed.blogspot.com/

 

[floppybootstomp]

I dunno what to make of this lulz lot, part of me really wants to cause them quite painful physical harm yet a greater part of me does indeed lulz and admires them for what they do.

Strange choice of targets they picked though, in my opinion some victims thoroughly deserved what they got, others did not.

I do worry a little about monies disappearing from my bank accounts, I have two which I use online quite a lot. Nothing's happened in 15 years though so I'm not overly worried. I don't pay for any online gaming services but I wonder how secure my Steam connection is. And I couldn't really give a monkeys about my Facebook account, help yourself you spotty young oiks.

What these actions have shown is how insecure many online sites are. I can't see a way of preventing a DDOS attack but surely companies could take greater measures to prevent their data being hacked? Sony's non-encryption of passwords was really quite unbelievable.

Perhaps online security specialist companies may now be poised to make as much money as some anti-virus software companies. Lulz are probably too young to be business concious enough to realise they're creating a market for a service.

One fact remains: if it can be done, it will be done, and lulz' modus operandi may be no more complicated than 'because we can'.

 

[Taffycat]

On June 16, 2011, LulzSec released over 62,000 accounts containing emails and passwords in cleartext obtained from random sources......The table below is the list of these accounts. Passwords have been partially masked to protect the users from further attacks.

Use the search box below to find out if your email is in the list. If yes, you are advised to change your password immediately if it is still in use elsewhere. For your privacy, do not enter your complete email in the search box. Try using the first part of your email instead...

http://dazzlepod.com/lulzsec/

Maybe worth taking a look, if anyone wants to check that their e-mail accounts haven't been published for all to see.

 

[floppybootstomp]

Entering your e-mail address(es)into that link's search box could be a very handy way for somebody to harvest a nice spamming list.

Even a partial entry is enough, they'll just add a '.com' '.co.uk' '.ger' etc.

Just a thought

 

[Abarbarian]

Entering your e-mail address(es)into that link's search box could be a very handy way for somebody to harvest a nice spamming list.

Even a partial entry is enough, they'll just add a '.com' '.co.uk' '.ger' etc.

Just a thought

I searched for just three letters from my e-mail addy ----- eng ------ I do not see how anyone could guess the rest of my e-mail addy from that. That threw up 120 finds and mine was not one of them.

 

[V_R]

Thats the same list that they uploaded last week. I actually downloaded the text file and checked i or anyone i know wasn't on it. Yes i did delete it...

Sadly it doesn't contain the details of any other of their attempts.

EDIT: Just read that its been released before? Apparently its an old list. But i dont know for sure.