Principia Discordia

http://pastebin.com/raw.php?i=HZtH523f

QuoteDear Internets,

This is Lulz Security, better known as those evil bastards from twitter. We just hit 1000 tweets, and as such we thought it best to have a little chit-chat with our friends (and foes).

For the past month and a bit, we've been causing mayhem and chaos throughout the Internet, attacking several targets including PBS, Sony, Fox, porn websites, FBI, CIA, the U.S. government, Sony some more, online gaming servers (by request of callers, not by our own choice), Sony again, and of course our good friend Sony.

While we've gained many, many supporters, we do have a mass of enemies, albeit mainly gamers. The main anti-LulzSec argument suggests that we're going to bring down more Internet laws by continuing our public shenanigans, and that our actions are causing clowns with pens to write new rules for you. But what if we just hadn't released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony... watching... abusing...

Do you think every hacker announces everything they've hacked? We certainly haven't, and we're damn sure others are playing the silent game. Do you feel safe with your Facebook accounts, your Google Mail accounts, your Skype accounts? What makes you think a hacker isn't silently sitting inside all of these right now, sniping out individual people, or perhaps selling them off? You are a peon to these people. A toy. A string of characters with a value.

This is what you should be fearful of, not us releasing things publicly, but the fact that someone hasn't released something publicly. We're sitting on 200,000 Brink users right now that we never gave out. It might make you feel safe knowing we told you, so that Brink users may change their passwords. What if we hadn't told you? No one would be aware of this theft, and we'd have a fresh 200,000 peons to abuse, completely unaware of a breach.

Yes, yes, there's always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011. This is the lulz lizard era, where we do things just because we find it entertaining. Watching someone's Facebook picture turn into a penis and seeing their sister's shocked response is priceless. Receiving angry emails from the man you just sent 10 dildos to because he can't secure his Amazon password is priceless. You find it funny to watch havoc unfold, and we find it funny to cause it. We release personal data so that equally evil people can entertain us with what they do with it.

Most of you reading this love the idea of wrecking someone else's online experience anonymously. It's appealing and unique, there are no two account hijackings that are the same, no two suddenly enraged girlfriends with the same expression when you admit to killing prostitutes from her boyfriend's recently stolen MSN account, and there's certainly no limit to the lulz lizardry that we all partake in on some level.

And that's all there is to it, that's what appeals to our Internet generation. We're attracted to fast-changing scenarios, we can't stand repetitiveness, and we want our shot of entertainment or we just go and browse something else, like an unimpressed zombie. Nyan-nyan-nyan-nyan-nyan-nyan-nyan-nyan, anyway...

Nobody is truly causing the Internet to slip one way or the other, it's an inevitable outcome for us humans. We find, we nom nom nom, we move onto something else that's yummier. We've been entertaining you 1000 times with 140 characters or less, and we'll continue creating things that are exciting and new until we're brought to justice, which we might well be. But you know, we just don't give a living fuck at this point - you'll forget about us in 3 months' time when there's a new scandal to gawk at, or a new shiny thing to click on via your 2D light-filled rectangle. People who can make things work better within this rectangle have power over others; the whitehats who charge $10,000 for something we could teach you how to do over the course of a weekend, providing you aren't mentally disabled.

This is the Internet, where we screw each other over for a jolt of satisfaction. There are peons and lulz lizards; trolls and victims. There's losers that post shit they think matters, and other losers telling them their shit does not matter. In this situation, we are both of these parties, because we're fully aware that every single person that reached this final sentence just wasted a few moments of their time.

Thank you, bitches.

Lulz Security

:lulz: Nice

I sort of support what they're doing. It is a wake up call for half assed web security, and I kind of like knowing that all my terrible, monstrous secrets are concealed on gmail.  :lulz:

Though fuck them, PSN was down forever. Actually, fuck Sony. Actually, fuck giving a fuck because I rarely boot up my PS3.

...Fuck.

You may well ask, "If you've seen that existence is illusion, why care what happens in it and to id? Why do Magick, why publish, why speak, if existence is simultaneously illusory and perfect?"

The short answer is "for the sport" or "for aesthetic enjoyment." The long answer begins with the precept that there is no virtue in suffering.
      -Maat Magick, p87


I'm not sure whether I'm thrilled or terrified by the idea that the central secret of consciousness is "I did it for the lulz".
      -Doloras LaPicho



(source) (http://chaosmarxism.blogspot.com/2007/10/ia-sathanas-yhbt.html)

:mittens:

nice find, Cram!

I support this.

From the manifesto that Cain posted.

QuoteA string of characters with a value.

Single best line to describe humans of today. At least I think so too.  :lulz:

I mean it too - I don't know whether to be thrilled or terrified

I know this is hopeless romanticism, but I really like the idea of Anon et al being guided by some form of "moralfaggotry". These guys are outside the border right now, they're not well understood, and they have access to tools which are both wonderful and terrible. This gives them a degree of control over the public dialogue. So I always hope that they use it in a way which draws evil to the surface where it can be discussed and confronted. Like the scientology protests, or wikileaks.

It's like how we would go to a forum and not break the rules, but still be totally obnoxious. And the moderators would try to legislate away our behavior, so we'd just change our behavior to still be technically legal but still obnoxious as fuck. It draws the moderator's tribal / control issues to the foreground. We're being dickbags, but in the long run, it helps the community.

But on the other end...
There's this " :boring:" vibe that you see in trolling communities. I first ran into it back when we were trolling Klok's site. Those cats were untrollable because they simply did not care about shit. They produce no content, they have no ideas or group projects, they were wholly uninvested in anything. Through this jadedness, they were immune to most attacks. If we threadbombed a subforum, they wouldn't even delete the threads, they'd just start new ones. You couldn't disrupt their conversations because there was no substance to disrupt, and nobody gave a shit anyway. If we ever got under their skin, they disguised it very well. It was a den of hedons, and it would never be more than that.

Quote from: Cramulus on June 23, 2011, 06:06:52 PM
I mean it too - I don't know whether to be thrilled or terrified

I know this is hopeless romanticism, but I really like the idea of Anon et al being guided by some form of "moralfaggotry". These guys are outside the border right now, they're not well understood, and they have access to tools which are both wonderful and terrible. This gives them a degree of control over the public dialogue. So I always hope that they use it in a way which draws evil to the surface where it can be discussed and confronted. Like the scientology protests, or wikileaks.

It's like how we would go to a forum and not break the rules, but still be totally obnoxious. And the moderators would try to legislate away our behavior, so we'd just change our behavior to still be technically legal but still obnoxious as fuck. It draws the moderator's tribal / control issues to the foreground. We're being dickbags, but in the long run, it helps the community.

But on the other end...
There's this " :boring:" vibe that you see in trolling communities. I first ran into it back when we were trolling Klok's site. Those cats were untrollable because they simply did not care about shit. They produce no content, they have no ideas or group projects, they were wholly uninvested in anything. Through this jadedness, they were immune to most attacks. If we threadbombed a subforum, they wouldn't even delete the threads, they'd just start new ones. You couldn't disrupt their conversations because there was no substance to disrupt, and nobody gave a shit anyway. If we ever got under their skin, they disguised it very well. It was a den of hedons, and it would never be more than that.

I'm just enthralled by the occasional mayhem and the pompous manifestos.

I love this people, the same way I love termites.

Quote from: Captain Swampass on June 23, 2011, 04:32:43 AM
I sort of support what they're doing. It is a wake up call for half assed web security, and I kind of like knowing that all my terrible, monstrous secrets are concealed on gmail.  :lulz:

Though fuck them, PSN was down forever. Actually, fuck Sony. Actually, fuck giving a fuck because I rarely boot up my PS3.

...Fuck.

Because of them and the cutbacks they have lost a lot of uninvolved people their jobs and wasted millions of dollars with nothing to show for them.

So far they are utterly worthless, if they ever start doing something positive then maybe they will be more interesting.

And something more positive they did (http://www.boingboing.net/2011/06/23/breaking-lulzsec-lea.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+boingboing%2FiBag+%28Boing+Boing%29).

QuoteLulzSec announced Thursday evening the publication at Pirate Bay of a trove of leaked material from Arizona law enforcement agencies. Arizona's Department of Public Safety confirmed shortly thereafter that it was hacked.

In the press release included with the dump, a LulzSec affiliate outlines a more activist agenda than is usually associated with the group.

QuoteWe are releasing hundreds of private intelligence bulletins, training manuals, personal email correspondence, names, phone numbers, addresses and passwords belonging to Arizona law enforcement. We are targeting AZDPS specifically because we are against SB1070 and the racial profiling anti-immigrant police state that is Arizona.

    The documents classified as "law enforcement sensitive", "not for public
    distribution", and "for official use only" are primarily related to border
    patrol and counter-terrorism operations and describe the use of informants to
    infiltrate various gangs, cartels, motorcycle clubs, Nazi groups, and protest
    movements.

    Every week we plan on releasing more classified documents and embarassing
    personal details of military and law enforcement in an effort not just to reveal
    their racist and corrupt nature but to purposefully sabotage their efforts to
    terrorize communities fighting an unjust "war on drugs".

    Hackers of the world are uniting and taking direct action against our common
    oppressors - the government, corporations, police, and militaries of the world.
    See you again real soon! ;D

With more than 700 bulletins, email archives, images and other files, the 440MB package will keep readers busy for days. A few excerpts from the most obviously newsworthy documents follow.

Examples of extracts in the article proper.

I was about to post the reference from Slashdot:

http://yro.slashdot.org/story/11/06/23/2352247/LulzSec-Posts-First-Secret-Document-Dump

http://www.zeropaid.com/news/93919/lulzsecs-first-secret-document-dump-hits-web-one-day-early/

Good on yah for beating me to that.

Quote from: Hover Cat on June 24, 2011, 06:28:49 AM
And something more positive they did (http://www.boingboing.net/2011/06/23/breaking-lulzsec-lea.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+boingboing%2FiBag+%28Boing+Boing%29).

That's slightly better then victimising a country that had a nuclear meltdown and got hit by a earthquake. I have no love of sony, but I know those fuckers are going to recoup money by firing people at the bottom.

... wow this is getting a lot more interesting very quickly.

I haven't even had time to read up on what that Arizona data dump means--I'm sure that LulzSec is less careful with censoring real names than Wikileaks was, meaning that if that data dump contains info on informants and undercover people, they're pretty much dead. Right?

But there's more:

LulzSec extorting a botnet monitoring company for money and/or botnet intelligence [info that would make attacking their clients much easier, I guess] -- http://www.unveillance.com/latest-news/unveillance-official-statement/

LulzSec is doin' it wrong regarding secrecy, reading this I'm sure they'll get caught very very soon -- https://www.infosecisland.com/blogview/14706-LulzSec-How-Not-to-Run-an-Insurgency.html

You might remember th3j35t3r (http://twitter.com/#!/th3j35t3r), the "patriot hacker" responsible for the DDoS attacks on Wikileaks last year. Well he's hunting LulzSec too, and according to this tweet (http://twitter.com/#!/th3j35t3r/status/84163369342472192) just an hour ago, he got one of them by the balls, see his pastebin log of a stalking session (http://pastebin.com/76TsPHeU).

So that means the UK police caught this 19yo IRC-op Ryan, and maybe soon one or two others ... It won't last long.


BTW I found that wikipedia is often a good place to get a nicely collected and sourced run-down of the timeline and stuff concerning certain types of current events. http://en.wikipedia.org/wiki/Lulzsec So much is written over so many places, I lose track sometimes. I thought [wrongly] the Sony attacks were pinned on Anonymous, for instance, not LulzSec.

Anonymous were blamed for the first Sony hack but, AFAIK, they never claimed responsibility. Or maybe they did (you know what they're like)

It's interesting to me just how much anonymous do get blamed for. They're fast becoming the internet's general purpose boogeyman.

LulzSec certainly make the world more interesting, IMO. Unlike russian hackers who do it for the money and chinese hackers who do it for great justice , lulzsec do it for the lulz - a much more noble cause and long may it continue :lulz:

Was a pita when PSN went down but the punchline more than made up for it. I just hope they go after cinavia next - it's rendered my PS3 more useless than the fuckin network outage did

"Snitches getting various stitches" -- Lulzsec spilling the dox/info on a couple of other blackhats that snitches on Lulzsec (apparently leading to the arrest of Ryan the IRCop), apparently the blackhats were begging for mercy.
Lulzsec statement -- http://pastebin.com/MBEsm5XQ
Some article about it -- http://techland.time.com/2011/06/21/trouble-in-paradise-lulzsec-outs-two-apparent-snitches-to-the-fbi/#ixzz1Pwt7oST2


This + the extortion thing + actually endangering the lives of undercover policemen definitely puts them on the chaotic evil side of the spectrum, not so much the chaotic neutral they claim to be (http://twitter.com/#!/LulzSec/status/83735655083024384).

interesting comment by some guy at BoingBoing

Quote from: some guy at BoingBoingSomething I wrote back in February, when Julian Assange was still the most dangerous man in the world:Julian Assange™
Wikileaks is kinda like Napster about 10 years ago, remember how Shawn Fanning was always being so cocky and wearing "shared" Metallica shirts and generally starting shit? But eventually Napster got shut down, and that was the end of file sharing, right?
Oh wait, I mean Napster was the tiny tip of a massive iceberg called BitTorrent, imagine what the thing that comes after Wikileaks is going to be like! CIA spooks will look back on the days when Assange was their biggest problem with fondness and bittersweet regret, they'll put flowers on his grave...

It's weird to see a group make Anonymous look relatively responsible, no?

I approve of all of this shit, mostly because I like the idea of real life whackjob conspiracies under every wet rock.

Interesting comment buried in Schneier's blog:

http://www.schneier.com/blog/archives/2011/06/the_problem_wit_3.html#c553519

QuoteThere's several other people that have recently been "doxed" as lulzsec members by th3j35t3r and some outfit called "Web Ninjas". See http://lulzsecexposed.blogspot.com/ and https://th3j35t3r.wordpress.com/2011/06/16/quick-n-dirty-just-for-clarification/ .

th3j35t3r alledgedly is a former military and lone wolf with massive amounts of bandwith (and some zero days) at his disposal which he regularly uses to DDoS jihadi and other religious fundamentalist websites (like WBC). Although he doesn't seem to have much of a problem with corporate hacks, he seems to turn on anyone messing with government infrastructure or that of outfits closely affiliated to it. Web Ninjas (duh !) equally profile themselves as cyber vigilantes.

For as far as Anonymous and its presumed spin-off Lulzsec are concerned, it is reasonably easy to get involved when hanging out on their IRC servers, preferably over a VPN since they block traffic from known Tor exit nodes. Most of the folks out there seem to be utter idiots indulging in all kinds of profanity and enjoying the delusion of elite status once they figure out how to use LOIC from their dads PC. I did however have some really intelligent conversations with a couple of channel operators when I DM'd them offering my services and explaining a bit of my IT background. Both tried to recruit me almost instantly to do some development work for them.

Personally, I believe that both Anonymous and Lulzsec are made up of a core of idealists on a mission with an army of unreliable goofy followers, while at the same time being heavily infiltrated, if not manipulated by groups and agencies with entirely different agendas. The same goes for these so-called cyber vigilantes. The shadow wars they both believe to be waging on their perceived enemies and each other are interesting to follow from a security angle as they so painfully expose many of the issues we have been warning about for ages, but ultimately may have the exact oposite effect of what they are trying to achieve.

We are already seeing numerous legislative initiatives everywhere to increase government control over the internet with as sole purpose the curtailing of free speech, free flow of information and right of assembly. To those behind them, Anonymous and Lulzsec are gifts from heaven as much as the ominous Chinese hackers we keep being told about.

Seems to suggest that th3j35t3r might actually be a government contractor, or something. Which is something I wondered about ever since he DDoSed Wikileaks.

Also interesting idea that LulzSec and Anon have been infiltrated and are directed by groups with their own agendas.

It's all just speculation anyhow.



BTW reading articles about these developments, I didn't really find any mention of the leaked Arizona Police files putting lives of undercover police or informants in danger. I suspect if it was in there we'd be hearing all about it by now, so I guess the leaked stuff didn't have info on that.

There are other tidbits though
http://www.deathandtaxesmag.com/109376/lulzsecs-arizona-hack-reveals-off-duty-marines-patrol-arizona-mexico-border-as-mercenaries/
http://www.theatlanticwire.com/national/2011/06/highlights-whats-been-found-lulzsecs-arizona-documents/39244/

The bit about infiltration and manipulation is almost certainly true.

"Cyberwarfare" is the new terrorism, and, well....

Strategy Of Tension.

Look it up.

Going to read the Wikipedia article on it, thanks. I think I did before (?), but didn't finish it.


BBC News interviews LulzSec via online chat: http://www.bbc.co.uk/news/technology-13912836

It's even more complex than the Wikipedia article makes out, in the Italian case. 

But essentially you had circles within circles which always led back to national intelligence agencies, transnational military authorities and powerful financiers.

The fear of cyberwarfare has been hyped since early 2009, as Obama threatened to draw down the War on Terror (that never happened, but he did lose the rhetoric).  I have seen enough articles and interviews to convince me cyberwarfare is the latest manifestation of "military Keynesianism" intended to transfer responsibilities and funding to military and intelligence agencies and to enrich private contractors who supply for said agencies (most of which are run by former military and intelligence men).  It's a bubble, inflated by scary scenarios which do not make sense given the capabilities of most hackers.

Lulzsec come out of nowhere.  They are carrying out big hacks roughly once every four days.  They have a decentralized command and control structure that is vulnerable to infiltration by anyone armed with the correct signalling tools (ie; knowledge of Anonymous memes) and the low barrier for committing crimes on the internet and getting away with them make "inititation rituals" a poor deterrent.  They use Twitter to draw even more attention to themselves.

I wouldn't be surprised if at least some of their targets were chosen for reasons other than the ones they are aware of, to further certain objectives which they do not understand.  The above mentioned companies also make a good killing providing security contracting for various large corporations, since almost no-one has the in-house resources to deal with transnational hacking attempts.  Creating a climate of computer insecurity is no doubt leading to some hastily negotiated contracts.

"We are releasing hundreds of private intelligence bulletins, training manuals,
personal email correspondence, names, phone numbers, addresses and passwords
belonging to Arizona law enforcement."

Roger, is there any possibility PI relating to you could be published?

Quote from: Cain on June 25, 2011, 05:53:09 PM
It's even more complex than the Wikipedia article makes out, in the Italian case. 

But essentially you had circles within circles which always led back to national intelligence agencies, transnational military authorities and powerful financiers.

The fear of cyberwarfare has been hyped since early 2009, as Obama threatened to draw down the War on Terror (that never happened, but he did lose the rhetoric).  I have seen enough articles and interviews to convince me cyberwarfare is the latest manifestation of "military Keynesianism" intended to transfer responsibilities and funding to military and intelligence agencies and to enrich private contractors who supply for said agencies (most of which are run by former military and intelligence men).  It's a bubble, inflated by scary scenarios which do not make sense given the capabilities of most hackers.

Lulzsec come out of nowhere.  They are carrying out big hacks roughly once every four days.  They have a decentralized command and control structure that is vulnerable to infiltration by anyone armed with the correct signalling tools (ie; knowledge of Anonymous memes) and the low barrier for committing crimes on the internet and getting away with them make "inititation rituals" a poor deterrent.  They use Twitter to draw even more attention to themselves.

I wouldn't be surprised if at least some of their targets were chosen for reasons other than the ones they are aware of, to further certain objectives which they do not understand.  The above mentioned companies also make a good killing providing security contracting for various large corporations, since almost no-one has the in-house resources to deal with transnational hacking attempts.  Creating a climate of computer insecurity is no doubt leading to some hastily negotiated contracts.

That makes sense, especially when you think about some of the government targets, the CIA front page goes down for a few hours and someone gets applauded for their work fighting the government.
A few hours earlier he could have just told then to pull the plug on the site, hell its not even a big interruption for them, government sites go down for maintenance for a few hours every so often anyway.

Yeah, the CIA front page is hosted on an entirely different server to the ones they use for their internal communications (and the much vaunted "intelligence wiki" for that matter).

All it does is mean members of the public couldn't email tip-offs to the CIA and read hilarious denials of involvement in the drug trade for a few hours.

Quote from: Faust on June 25, 2011, 05:53:39 PM
"We are releasing hundreds of private intelligence bulletins, training manuals,
personal email correspondence, names, phone numbers, addresses and passwords
belonging to Arizona law enforcement."

Roger, is there any possibility PI relating to you could be published?

Possibly, but I doubt it.  I was a Barney Fife in a fucking podunk mining town not far from New Mexico.

ETA:  And who cares?  All my PI except my name has changed since then.

Quote from: Doktor Howl on June 25, 2011, 07:29:07 PM

Quote from: Faust on June 25, 2011, 05:53:39 PM
"We are releasing hundreds of private intelligence bulletins, training manuals,
personal email correspondence, names, phone numbers, addresses and passwords
belonging to Arizona law enforcement."

Roger, is there any possibility PI relating to you could be published?

Possibly, but I doubt it.  I was a Barney Fife in a fucking podunk mining town not far from New Mexico.

ETA:  And who cares?  All my PI except my name has changed since then.

I wasn't implying anything by it, it just occurred to me when I heard Arizona that we have people from Arizona who could be mentioned in some of those.

Seems they made a peace offering :lulz:

http://twitter.com/#!/LulzSec/status/84422195333447680

 :lulz:

I read somewhere that the AZ info comes from a single computer and was targeted to info in 7 LEO email accounts. Can't confirm that yet.

Seems they actually quit??

"50 days of Lulz" farewell message http://pastebin.com/1znEGmHa

Plus another 500MB release on TPB full of random stuff they stole and/or leaked.

Obviously they're chickening out instead of taking it to the wall.

Probably because a load of "scene", "underground" and "whitehat" hackers were also chasing them, and apparently found out their info/dox:

http://pastebin.com/raw.php?i=iVujX4TR
http://ifoundtheinter.net/?p=111

Unsure what exactly happened, but it wasn't th3j35st3r's work. Check out this one-two:

open letter from LulzSec to Th3J35st3r: http://pastebin.com/XDXyQ5KQ
Th3J35st3r responds: http://pastebin.com/YnuwarHX

Gotta agree with LulzSec on one thing, that so-called "LulzHunter" PHP script was really crappy. It wouldn't work, terrible coding style, and you would write it better in 5 lines of bash--which would be multi-threaded and therefore 100x faster. Plus, I'm not 100% sure as I never used it, but afaik nmap (which should be in the toolkit of every half-serious hacker) is a tool that already does exactly that, and more.

According to the BBC, dox have been uploaded with the full history of LulzSec, including a lot of information on the purported ringleaders of the group.

Suggesting they were infiltrated right from the very start.  And therefore suggesting the whole group could've been wrapped up fairly quickly.  And lending further credence to the idea that they are crumbling because of external and internal pressure, and that disbanding this soon was not part of the plan.

That would be the first Pastebin link (http://pastebin.com/raw.php?i=iVujX4TR) I posted, afaik. The one made by the "A Team".

Lots of speculation in comment threads says that the "A Team" is actually ... Aaron Barr. (from HBGary)

Made up of collected information that was already available. And that at least a few of the names are people that don't have anything or not much to do with LulzSec.

I haven't read any actual proof that it's Aaron Barr except for similarities in misspellings and how he likes to use Facebook to track people.


I agree disbanding was not part of the plan, that seems pretty obvious, as yesterday they were still planning on releasing stuff on Monday. How does this suggest they were infiltrated right from the start though?

In case you're interested, it pays to read that pastebin link. Contains a couple of interesting snips of IRC logs. And yeah they kinda caved in on eachother. Especially some transgender person named Laurelia or something that didn't do much hacking but just hung around on the elite channels causing drama, that got visited by the feds, who were all very nice and she snitched on all of them, sort of, also made up some shit.

So basically what we are looking at now is some very high profile ED/4chan style drama :)

This is pretty much the entire line of reasoning why A-team would be Aaron Barr. It's kinda thin IMO:

"Aaron Barr (HB Gary) is A-team. The format of this is similar to what he compiled about Anonymous, with similar spelling mistakes, and releasing people's personal info (which in some cases was wrong, and he was basically harming innocent people)"

Yeah, the "A-Team" one.  Guess I shoulda clicked the links first, eh?

As for infiltration from the start, the "A-Team" doc states they've been infiltrating the Gn0sis group since the Gawker hack.  Which was December 2010.  Gn0sis then teamed up with Anon hacktivists to form LulzSec.  If Gn0sis was compromised since January 2011, and LulzSec have only been in existence for 50 days (just under two months), it means from the moment of inception it was being monitored.

Good point.

Here's an interview with Aaron Barr about LulzSec from 17 June:
http://threatpost.com/en_us/blogs/barr-unbowed-hbgary-ceo-says-learn-lulzsec-061511

It's a bit long so I haven't read it yet.

It's mostly just everybody on Reddit seems to agree it's him, btw.

Re-reading that pastebin with that in mind, and also that he didn't find Sabu and Kayla (the ones that actually did some coding) and also that the first two people he mentioned (one nicknamed "Uncommon", the other his friend) apparently don't have much to do with anything, except for hanging around on those channels, apparently.
it's totally obvious that HANNIBAL user on the first IRC log [lines 180-202] is fishing for anything to get him to admit he hacked Gawker. Except that in the out-of-context quote, he doesn't really actually say it. Quoting that as "proof" does indeed smell like Aaron Barr.

http://globalguerrillas.typepad.com/globalguerrillas/2011/06/journal-lulzsec-as-an-open-source-insurgency.html (http://globalguerrillas.typepad.com/globalguerrillas/2011/06/journal-lulzsec-as-an-open-source-insurgency.html)

John Robb seems quite enamoured.

I'll give him credit where it's due: "open source insurgency" is one of the dumbest phrases I've read in a very long time.



Hey, can anybody shed some light on what happened with Lulzsec's "disbanding"?

What do you mean, what happened? Unsure which of the dox are actually true, but apparently *some* people got too close and they got scared.

The "we quit after exactly 50 days" line is a bullshit excuse. Things just got WAY too hot for their comfort so they ducked out. Probably too late, as well.

Anyone know if there's any new developments btw?

BTW the reason they were tracked down / d0xed isn't a very technical one either.

Their proxies/busyboxes were fine, it's just that they shouldn't have been boasting about their exploits so much on those IRC channels and heeded KYFMS.

Quote from: Triple Zero on June 29, 2011, 12:45:29 PM
BTW the reason they were tracked down / d0xed isn't a very technical one either.

Their proxies/busyboxes were fine, it's just that they shouldn't have been boasting about their exploits so much on those IRC channels and heeded KYFMS.

Forgive my l33t-h4x0r ignorance, but, isn't busybox just a shell alternative to bash with some basic built in tools?  I only ever use bash (and xfce4 for compositing desktop eye-candy), so maybe I'm missing something, but from what I remember and what I can find on the busybox website, it's just a packaged console with some gnu-like tools... and if that's true, how does it help keep heat off of hackers?

Or is it just that they install busybox to a proxy and use something like ssh to route their hackiness to the victim?

I think so, yeah.

I only heard the term mentioned since a few days in some of those logs as well, to be fair :)

The busybox is just a very lightweight bash shell. The thing is, it's often installed on embedded hardware such as routers. So I figure they hack the router and use it as a proxy.

http://arstechnica.com/security/news/2011/07/anonymous-vows-revenge-after-15-arrested-in-italy-antisec-hacks-continue.ars

Anonymous hacks Booz Allen Hamilton, US military contractor, 90k logins dumped (http://news.ycombinator.com/item?id=2751782)

link is to the discussion on Hackernews, which links to the torrent on piratebay. Just in case you feel uncomfortable about clicking straight to such a torrent (although I suggest you do, because the info text that comes with the torrent explains better what's inside it than the startup nitwits at HN talk about)

Booz Allen Hamilton are some of the biggest "cyberwarfare" pimps out there.  That they got hacked by Anonymous is not only hilarious, but in a just world would reduce their stock price to pennies, since they cannot even defend against teenagers doing it for the lulz, let alone military-trained Chinese and Russian hackers.

It wont though, since BAH are closely connected to the previous administration. They have political cover.

http://geeks.thedailywh.at/2011/07/11/anonymous-news-of-the-day/

QuoteAnonymous News of the Day: In the latest release from Operation AntiSec, Anonymous has leaked 90,000+ military email logins, pilfered from private security contractor Booz Allen Hamilton. The company had "basically ... no security measures in place," which allowed Anon to retrieve the emails and plunder some other digital booty:

Additionally we found some related datas on different servers we got access to after finding credentials in the Booz Allen System. We added anything which could be interesting.

And last but not least we found maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while.

Meanwhile, Anon is also said to be planning an attack on the London Metropolitan Police, protesting the cops' involvement in the News International cellphone hacking scandal and the planned extradition of WikiLeaks leader and Anonymous hero Julian Assange.

According to the Guardian, someone behind a chain of proxies has already been probing News International's servers.

As we move into the new feudal era, this adds a layer of interest.

Guardian interviews Topiary of LulzSec:

http://www.guardian.co.uk/technology/2011/jul/14/why-lulzsec-decided-to-disband?CMP=twt_gu

It's a lot of blabla we've already heard and knew, but one interesting point is that he strongly denies LulzSec had anything to do with the alleged extortion of US security corp Unveillance. If that's true it clears their name a littlebit for me (even though a lot of their actions were rather childish and pointless), because IMO that was the most unethical thing they did. Next to the potential endangering of undercover Arizona policemen, of course. I wonder what came of that, though.

Somewhat hilarious bitchfight between AnonSabu and Charles Arthur tech editor of The Guardian:

http://twitter.theinfo.org/93969411270123520

Quote from: Triple Zero on July 21, 2011, 08:58:27 PM
Somewhat hilarious bitchfight between AnonSabu and Charles Arthur tech editor of The Guardian:

http://twitter.theinfo.org/93969411270123520

That was totally funny!

Topiary arrested:

http://nakedsecurity.sophos.com/2011/07/27/suspected-hacker-arrested-in-shetland-islands/

The Shetland Islands?  They don't have hot water there yet, never mind the internet.

How was Topiary doing the hacking - sending packets via Shetland Pony?

Maybe I should visit this place some day, it looks pretty cool on Wikipedia. Doesn't get hotter than 23C, but also not colder than -9C, that's not bad :) Too bad about the perpetual daylight in the summer though, that would drive me crazy, not to mention the reverse in winter.

LOL NOPE!

http://www.dailytech.com/Exclusive+British+Police+Duped+by+LulzSec+Into+Arresting+the+Wrong+Guy/article22280.htm

:lulz:

(http://www.cnet.com/i/bto/20091209/3675717991_f750f4a35f_o.jpg)

Is anybody else feeling like we're reliving 1995, specifically the movie "Hackers"? We're living a world where adults are increasingly alienated by technology, but kids adapt to it naturally.

It makes me want to log onto prodigy via dialup and order a pizza

 :lulz: :lulz: :lulz: Totally.

See?  Nothing interesting ever happens in the Shetlands.

Quote from: Cain on July 28, 2011, 09:58:54 PM
See?  Nothing interesting ever happens in the Shetlands.

:lol:

Quote from: Cramulus on July 28, 2011, 08:24:51 PM
(http://www.cnet.com/i/bto/20091209/3675717991_f750f4a35f_o.jpg)

Is anybody else feeling like we're reliving 1995, specifically the movie "Hackers"? We're living a world where adults are increasingly alienated by technology, but kids adapt to it naturally.

It makes me want to log onto prodigy via dialup and order a pizza

IS THAT REMINGTON IN THE BACK??????

Quote from: Joh'Nyx on July 29, 2011, 03:24:46 AM

Quote from: Cramulus on July 28, 2011, 08:24:51 PM
(http://www.cnet.com/i/bto/20091209/3675717991_f750f4a35f_o.jpg)

Is anybody else feeling like we're reliving 1995, specifically the movie "Hackers"? We're living a world where adults are increasingly alienated by technology, but kids adapt to it naturally.

It makes me want to log onto prodigy via dialup and order a pizza

IS THAT REMINGTON IN THE BACK??????

Ahahaha.  It can't be, or his sister would be photobombing it.

http://www.dailytech.com/LulzSec+Hacked+Nope+Sony+Hacked+Again+Yes+Twice/article21832.htm

The story above cracked me up! (and kinda scared me a bit) The guy Robert Cavanaugh, or 'xyz,' who Lulzsec apparently pinned the blame on, used to hang out on this private site I'm on... He used to do drugs on Tinychat at one point (I'm pretty sure the picture in the link was taken while I was watching him) and then he got more into the hacking stuff, just general script kiddying and fairly low level stuff as far as I was aware. He posts on this forum one time a few months back -- "oh shit guys something fucked up just happened, I gotta bail from the internet," we hear nothing from him for a few weeks, then he comes back with a different nick. Aaaand now. Well. Nobody's seen him for a while now. :lulz:

Quote from: Eater of Clowns on July 29, 2011, 03:34:46 AM

Quote from: Joh'Nyx on July 29, 2011, 03:24:46 AM

Quote from: Cramulus on July 28, 2011, 08:24:51 PM

Is anybody else feeling like we're reliving 1995, specifically the movie "Hackers"? We're living a world where adults are increasingly alienated by technology, but kids adapt to it naturally.

It makes me want to log onto prodigy via dialup and order a pizza

IS THAT REMINGTON IN THE BACK??????

Ahahaha.  It can't be, or his sister would be photobombing it.

You mean like this? 



(http://i5.photobucket.com/albums/y153/Meiintas/overlooked.jpg)

Quote from: Jenkem and SPACE/TIME on July 29, 2011, 06:36:03 AM

Quote from: Eater of Clowns on July 29, 2011, 03:34:46 AM

Quote from: Joh'Nyx on July 29, 2011, 03:24:46 AM

Quote from: Cramulus on July 28, 2011, 08:24:51 PM

Is anybody else feeling like we're reliving 1995, specifically the movie "Hackers"? We're living a world where adults are increasingly alienated by technology, but kids adapt to it naturally.

It makes me want to log onto prodigy via dialup and order a pizza

IS THAT REMINGTON IN THE BACK??????

Ahahaha.  It can't be, or his sister would be photobombing it.

You mean like this? 



(http://i5.photobucket.com/albums/y153/Meiintas/overlooked.jpg)

her demented stare is so awesome  :lulz:

Isn't the guy in the back one of the main characters, ZeroCool ?



Anyway, yet another LulzSec member arrested, only two more left at large (or so they say)

http://arstechnica.com/tech-policy/news/2011/09/fbi-arrests-lulzsec-member-for-sony-pictures-hack.ars

And seriously? Afaik, HideMyAss.com is a USA-based site. What the fuck did he expect?? And really it's not that hard to get a proxy/secure shell in a country that's not quite as bad of a totalitarian police state--such as China or Russia. They accept creditcards, just fine!

Oh wow, that's rather sad.  HideMyAss.com... do never use proxies based in the USA for illegal activity.  That is what South American and African proxies are for.

Rather unsurprising and uninteresting statement by HideMyAss:

http://blog.hidemyass.com/2011/09/23/lulzsec-fiasco/

The HN discussion, is quite interesting, again:

http://news.ycombinator.com/item?id=3030470

QuoteI find curious that they first state this:

"As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company we will cooperate with law enforcement if we receive a court order"

And then this:

"In 2005 we setup HMA primarily as a way to bypass censorship of the world-wide-web whether this be on a government or a corporate/localized scale."

If censorship is government driven, it means that the law prohibits you to see some things. If you still do it, you get arrested because you are breaking the law. This is an illegal activity and they should cooperate with law enforcement, as stated in the first point.

So, how do they decide what is illegal but permitted and what is not? If they allow some illegal behavior and not some other, they are actually judging the morality of an act, and not if it respect laws.

QuoteI guess to them "censorship" is something only other countries do, not their own. I notice a lot of companies, and even the Government itself, want to fight against censorship in other countries, but when it happens in US, they're more than happy to comply, and sometimes they do it with just one phone call, like in Amazon or Paypal's case with Wikileaks.

I can't wait until Russia develops a technology that allows the "oppressed cyber-activists" of the USA to avoid detection and capture by the state security forces.

Because they will.  If China doesn't do it first.

:lulz:

If that's going to be the result of the whole LulzSec saga, they totally earned the "Lulz" in their name!!!