LulzSec have posted a manifesto

Triple Zero · June 26, 2011, 12:24:27 PM

Seems they actually quit??

"50 days of Lulz" farewell message http://pastebin.com/1znEGmHa

Plus another 500MB release on TPB full of random stuff they stole and/or leaked.

Obviously they're chickening out instead of taking it to the wall.

Triple Zero · June 26, 2011, 01:13:54 PM

Probably because a load of "scene", "underground" and "whitehat" hackers were also chasing them, and apparently found out their info/dox:

http://pastebin.com/raw.php?i=iVujX4TR
http://ifoundtheinter.net/?p=111

Unsure what exactly happened, but it wasn't th3j35st3r's work. Check out this one-two:

open letter from LulzSec to Th3J35st3r: http://pastebin.com/XDXyQ5KQ
Th3J35st3r responds: http://pastebin.com/YnuwarHX

Gotta agree with LulzSec on one thing, that so-called "LulzHunter" PHP script was really crappy. It wouldn't work, terrible coding style, and you would write it better in 5 lines of bash--which would be multi-threaded and therefore 100x faster. Plus, I'm not 100% sure as I never used it, but afaik nmap (which should be in the toolkit of every half-serious hacker) is a tool that already does exactly that, and more.

Cain · June 26, 2011, 07:44:11 PM

According to the BBC, dox have been uploaded with the full history of LulzSec, including a lot of information on the purported ringleaders of the group.

Suggesting they were infiltrated right from the very start. And therefore suggesting the whole group could've been wrapped up fairly quickly. And lending further credence to the idea that they are crumbling because of external and internal pressure, and that disbanding this soon was not part of the plan.

Triple Zero · June 26, 2011, 07:57:52 PM

That would be the first Pastebin link I posted, afaik. The one made by the "A Team".

Lots of speculation in comment threads says that the "A Team" is actually ... Aaron Barr. (from HBGary)

Made up of collected information that was already available. And that at least a few of the names are people that don't have anything or not much to do with LulzSec.

I haven't read any actual proof that it's Aaron Barr except for similarities in misspellings and how he likes to use Facebook to track people.

I agree disbanding was not part of the plan, that seems pretty obvious, as yesterday they were still planning on releasing stuff on Monday. How does this suggest they were infiltrated right from the start though?

In case you're interested, it pays to read that pastebin link. Contains a couple of interesting snips of IRC logs. And yeah they kinda caved in on eachother. Especially some transgender person named Laurelia or something that didn't do much hacking but just hung around on the elite channels causing drama, that got visited by the feds, who were all very nice and she snitched on all of them, sort of, also made up some shit.

So basically what we are looking at now is some very high profile ED/4chan style drama

Triple Zero · June 26, 2011, 07:59:19 PM

This is pretty much the entire line of reasoning why A-team would be Aaron Barr. It's kinda thin IMO:

"Aaron Barr (HB Gary) is A-team. The format of this is similar to what he compiled about Anonymous, with similar spelling mistakes, and releasing people's personal info (which in some cases was wrong, and he was basically harming innocent people)"

Cain · June 26, 2011, 08:07:52 PM

Yeah, the "A-Team" one. Guess I shoulda clicked the links first, eh?

As for infiltration from the start, the "A-Team" doc states they've been infiltrating the Gn0sis group since the Gawker hack. Which was December 2010. Gn0sis then teamed up with Anon hacktivists to form LulzSec. If Gn0sis was compromised since January 2011, and LulzSec have only been in existence for 50 days (just under two months), it means from the moment of inception it was being monitored.

Triple Zero · June 26, 2011, 08:56:56 PM

Good point.

Here's an interview with Aaron Barr about LulzSec from 17 June:
http://threatpost.com/en_us/blogs/barr-unbowed-hbgary-ceo-says-learn-lulzsec-061511

It's a bit long so I haven't read it yet.

It's mostly just everybody on Reddit seems to agree it's him, btw.

Re-reading that pastebin with that in mind, and also that he didn't find Sabu and Kayla (the ones that actually did some coding) and also that the first two people he mentioned (one nicknamed "Uncommon", the other his friend) apparently don't have much to do with anything, except for hanging around on those channels, apparently.
it's totally obvious that HANNIBAL user on the first IRC log [lines 180-202] is fishing for anything to get him to admit he hacked Gawker. Except that in the out-of-context quote, he doesn't really actually say it. Quoting that as "proof" does indeed smell like Aaron Barr.

BabylonHoruv · June 28, 2011, 07:31:45 PM

http://globalguerrillas.typepad.com/globalguerrillas/2011/06/journal-lulzsec-as-an-open-source-insurgency.html

John Robb seems quite enamoured.

Cramulus · June 28, 2011, 07:42:36 PM

I'll give him credit where it's due: "open source insurgency" is one of the dumbest phrases I've read in a very long time.

Hey, can anybody shed some light on what happened with Lulzsec's "disbanding"?

Triple Zero · June 29, 2011, 12:41:11 PM

What do you mean, what happened? Unsure which of the dox are actually true, but apparently *some* people got too close and they got scared.

The "we quit after exactly 50 days" line is a bullshit excuse. Things just got WAY too hot for their comfort so they ducked out. Probably too late, as well.

Anyone know if there's any new developments btw?

Triple Zero · June 29, 2011, 12:45:29 PM

BTW the reason they were tracked down / d0xed isn't a very technical one either.

Their proxies/busyboxes were fine, it's just that they shouldn't have been boasting about their exploits so much on those IRC channels and heeded KYFMS.

trix · June 29, 2011, 10:09:19 PM

Quote from: Triple Zero on June 29, 2011, 12:45:29 PM
BTW the reason they were tracked down / d0xed isn't a very technical one either.

Their proxies/busyboxes were fine, it's just that they shouldn't have been boasting about their exploits so much on those IRC channels and heeded KYFMS.

Forgive my l33t-h4x0r ignorance, but, isn't busybox just a shell alternative to bash with some basic built in tools? I only ever use bash (and xfce4 for compositing desktop eye-candy), so maybe I'm missing something, but from what I remember and what I can find on the busybox website, it's just a packaged console with some gnu-like tools... and if that's true, how does it help keep heat off of hackers?

Or is it just that they install busybox to a proxy and use something like ssh to route their hackiness to the victim?

Triple Zero · June 30, 2011, 08:25:46 PM

I think so, yeah.

I only heard the term mentioned since a few days in some of those logs as well, to be fair

The busybox is just a very lightweight bash shell. The thing is, it's often installed on embedded hardware such as routers. So I figure they hack the router and use it as a proxy.

Triple Zero · July 08, 2011, 07:37:05 PM

http://arstechnica.com/security/news/2011/07/anonymous-vows-revenge-after-15-arrested-in-italy-antisec-hacks-continue.ars

Triple Zero · July 11, 2011, 11:48:43 PM

Anonymous hacks Booz Allen Hamilton, US military contractor, 90k logins dumped

link is to the discussion on Hackernews, which links to the torrent on piratebay. Just in case you feel uncomfortable about clicking straight to such a torrent (although I suggest you do, because the info text that comes with the torrent explains better what's inside it than the startup nitwits at HN talk about)

Principia Discordia

News:

LulzSec have posted a manifesto

Triple Zero

Triple Zero

Cain

Triple Zero

Triple Zero

Cain

Triple Zero

BabylonHoruv

Cramulus

Triple Zero

Triple Zero

trix

Triple Zero

Triple Zero

Triple Zero