Sunday, June 19, 2011

And You Will Know Us by the Trail of Lulz

And You Will Know Us by the Trail of Lulz

The hacker group LulzSec has been carrying out a security-busting blitzkrieg across the Web over the last few weeks, and its targets are getting bigger and bigger. You can tell where it's been by the path of sites left shivering in a fetal position -- sites belonging to organizations like PBS, Sony (NYSE: SNE), Bethesda Softworks, and even the U.S. Central Intelligence Agency.

LulzSec's latest stunt's been to set up a so-called dial-a-hack hotline. You can call in and make a case that Lulz's hackers should make their next target whatever group or company you presently have a beef with. If Lulz likes your suggestion, they'll do what they do and run roughshod over that organization's computer systems, leaking data, shutting down systems and causing general cyberchaos. Judging by the sites they've hit so far, it seems some of them are pretty good at it, too.

What's perhaps most unusual about LulzSec is its motive. Its hackers don't seem to be doing what they do for a direct profit -- so far there's no indication they're stealing credit card data to sell on the black market, which is where the money is for for-profit hackers. The word "Lulz" in the name suggests they're doing it for the pure hell of it. It's Internetspeak for the joy derived from causing disorder in the lives of others. But perhaps the point isn't entirely to just go around griefing up the place. They also seem intent on proving a point by actively demonstrating how just how weak so many computer security systems really are, even ones used by hundreds of thousands of people.

That's not to say what LulzSec is doing is harmless. Publicizing the usernames and passwords for tens of thousands of online accounts isn't harmless, and that's exactly what Lulz has done on multiple occasions. That could easily result in fraud committed by a third party. Weaknesses in the security systems used to protect these users' info might be partially to blame, but generally accepted etiquette among hackers holds that if you find a weakness, you tell the site's admins about it and give them ample time to fix it before threatening to spew the data. LulzSec apparently just spews away.

There's even been speculation that some members of LulzSec might actually be white-hat hackers by day, working at familiar and trusted security companies that do play by the rules. Then they go home, change into some shade of gray perhaps, and go about "fixing" security in a very different way.

Important detail: LulzSec is not the same as Anonymous. In fact, the two hacker groups have reportedly butted heads recently, and 4chan, a site closely associated with Anonymous, was down for a few hours this week, possibly due to a LulzSec strike. It appears the scuffle is rooted in video games -- LulzSec's attack on various online game networks pulled the rug out from under certain games favored by 4channers, and they vowed mortal revenge.

0 comments:

Post a Comment

 
google-site-verification: googled369cca6fe19a90a.html