For the LULZ

[Gob]

Move over Anonymous - a new hacking group is on the block and in just a few weeks it has claimed several high-profile scalps including the CIA, US Senate, an FBI affiliate, Sony and several video games companies.

The CIA's website has been knocked offline today and the hacker group, which calls itself Lulzsec, has claimed responsibility. The group has amassed more than 150,000 followers on Twitter and yesterday even set up a US phone hotline for people to call and request targets.

Security journalist Patrick Gray, who runs the Risky.biz podcast, said the recent hack attacks proved that "there is no security".

The Lulzsec hacks come after Australian banks, government departments and other organisations were forced to upgrade their security rapidly following a breach at security provider RSA. The RSA breach resulted in a break-in at defence contractor Lockheed Martin.

Sony, following a major breach of its PlayStation Network that exposed millions of accounts and credit cards, has spent the last few weeks fending off dozens of successful attacks on its networks and websites around the world.

Lulzsec has claimed responsibility for some of these Sony attacks including against Sony Pictures, Sony Music Japan and others.

"The mainstream media are having fun criticising Sony for its poor security, but do we honestly think for a second that the XBox Live network can't be similarly [hacked]," Gray wrote.

"Is there any target out there that can't be 'gotten'?"

The group has also targeted the US Senate website, Nintendo, game developer Bethesda Software, FBI-affiliate Infraguard, US media company PBS and several online multiplayer games such as EVEOnline, League of Legends and Minecraft.

In many of the attacks, including on Bethesda, the US Senate and pornography website pron.com, Lulzsec also released sensitive data online such as the usernames and passwords of users. These lists even revealed that people with White House email addresses had signed up to watch porn.

"While some people think this is a fun game that can also help point out corporate security weaknesses, the truth is that companies and innocent customers are - in the worst cases - having their personal data exposed," said Graham Cluley of computer security firm Sophos.

"There are responsible ways to inform a business that its website is insecure, or it has not properly protected its data. You don't have to put innocent people at risk. What's disturbing is that so many internet users appear to support Lulzsec as it continues to recklessly break the law."

Lulzsec claims it is conducting the attacks "for the lulz", which is internet parlance for "for the laughs".

Other attacks to hit the news recently include a breach of Gmail accounts connected to activists in China and a hack on the International Monetary Fund.

Read more: http://www.smh.com.au/technology/securi ... z1POsWFiZe

[thestoat]

I do a lot of work on cloud based technologies (since I an developing a product that enables you to create private clouds, and share with whomever you wish without having the information out there in the internet as it currently is) and have seen LOADS of hacking recently. There are some REALLY clever people out there and I suspect a load of really nervous companies. I don't believe anyone is really safe from this, though the least some of these companies should do is encrypt user data - yes, Sony, I mean you.

[Gob]

Great! I've wanted to know this for a long time, can you explain, in layman's terms (thick as a brick Layman here,) what the fuck this "cloud" stuff is all about?

[Sean]

http://en.wikipedia.org/wiki/Cloud

[Gob]

Oh you twat!

and I only went and opened it, didn't I?

[Scooter]

Try this one

[thestoat]

The "problem" (for me) is that "the cloud" is being touted as a new tech when it is merely a rehash of an old one. I started my career using a dumb terminal connected to a mainframe - and in fact anyone who uses a cashpoint "hole in the wall" does exactly the same - and migrated to a much cleverer PC as soon as possible. I then moved to a department using X-stations for a while (dumb terminals though with graphics connected to an Unix server) but managed to get myself my own unix machine and much preferred that - as did everyone I worked with (apart from one old bloke who thought they were new fangled ... I remember him).

Now we have a move to dumb down out current PCs and use resources "in the cloud". The only difference is that "cloud" may be on a different continent and many thousands of miles away, whereas when I used to use them I connected over the LAN since they were in the same building. Our internet infrastructure is a lot better these days, though still rubbish for this sort of provision. Send a DVD of information over the internet and it will normally take days. Compare MS Office with Google office and you'll soon see the limits of cloud computing. And the security aspect is a real time bomb. Lutz and Anonymous are showing this on an almost daily basis.

There are huge advantages to cloud computing. I can rent an Amazon server and scale it up almost instantly to serve 10 customers or 10 million customers which is obviously an enormous boon. But I think a lot of people are rushing into the cloud without thinking of the consequences (for security, cost, speed of convenience).

I'll step down from my soap box now

[dales]

Ahead of their time?



Steve Jobs' iCloud version NOT included.

[Gob]

Isn't the major problem for "the cloud" going to be getting people to trust having all that personal info "out there"?

[Sean]

Ahead of their time?



Steve Jobs' iCloud version NOT included.

Hmmm... Microsoft used 'Start me Up' to launch a version of Windows (95?). Maybe all future technology will be based around Stones songs.

I look forward to the 'Jumping Jack Flash Drive'.

[thestoat]

Absolutely Gob ... I have a big problem with it. Though a lot of stuff is already there in banks, etc

[@meric@nwom@n]

http://en.wikipedia.org/wiki/Cloud

Sean, may the fleas of a thousand camels infest your armpits. May your nose grow a beard. May all your children have red hair. A pox upon you. May you step in gum and dog poop every day for 2 weeks.

[Sean]

So you clicked on it too @W eh?

[Gob]

Back to the OP....

The UK Serious Organised Crime agency has taken its website offline after it appeared to be a victim of an attack by hacking group Lulz Security.

Soca said it had taken its website offline to limit the impact attack on clients hosted by its service provider.

Soca.gov.uk had been unavailable for much of Monday afternoon, with an intermittent service restored later.

Lulz Security has said it was behind the denial of service attack which had taken the website offline.

Earlier on Monday, as the agency launched an investigation, LulzSec tweeted: "Tango down - in the name of #AntiSec".

The group has hit a number of high-profile websites in recent weeks, including the CIA and US Senate.

Soca appeared to be the victim of a distributed denial of service (DDoS) attack, where large numbers of computers, under malicious control, overload their target with web requests.




http://www.bbc.co.uk/news/technology-13848510