16 Jun 2011
Hacking group Lulzsec has claimed responsibility for a recent outage of the CIA website.
Late on Wednesday evening, at the time of the outage, the group wrote on its Twitter feed: "Tango down – cia.gov – for the lulz."
Last month the Pentagon announced that a cyber attack originating from another country could constitute an act of war and prompt a military response, according to a report in the Wall Street Journal.
This helps highlight the seriousness with which the US government now treats cyber crime.
Graham Cluley, senior technology consultant at security firm Sophos, stated that the attackers would be severely punished if caught.
"If the US manages to identify these hackers, they will be made an example of – the US wants to send out the message that these attacks will be taken very seriously indeed."
He added that the attack itself was relatively unsophisticated.
"This attack was a simple Distributed Denial of Service (DDOS) attack, which isn't terribly sophisticated. It's like a whole bunch of fat guys trying to get through the same revolving doors. They bombard the website with requests until it can't cope and goes offline.
"Hopefully the CIA will invest in infrastructure to minimise the problem in future."
Lulzsec, which last month stole the personal details of more than one million customers from one of Sony's servers, recently opened a phone line allowing the public to suggest online targets for their attacks.
"It's like ringing into Radio 2 and making a song request. People are calling in and saying have a go at this site," said Cluley.
He added that the majority of attacks from hacking collectives such as Lulzsec and hacktivist group Anonymous are fairly basic in nature, suggesting that many corporate and government websites are poorly defended.
Cluley stated that UK government sites were equally vulnerable. He recommended that organisations check the security of their online presence.
"The message for organisations is that they need to secure their websites. The attacks that Lulzsec is responsible for are fairly elementary.
"Websites can be up for years before they're given a refresh, and you may not have the team in house to check its security. You need to have someone who knows what they're doing to give your website the once-over," he concluded.
I think I just realized an interesting misconception that some people refer to. There IS a hacking collective that is being referred to here. You can see it through anonops.com, AnonNews twitter, and that sort of thing. They are different in the "Hacktivism vs. Lulz" concepts, but not much else. However they are being labeled as *THE* Anonymous by many sources. These people, while yes they are almost certainly a group that helped in Anonymous operations in the past, they are but a fraction of the hackers and activists that have participated in the past. Most people who've protested, covered their face with a mask in public, anyone who's operated a simple bot, or in anyway helped taken down a website, even if just a one time thing, would consider themselves part of Anonymous. As Lulzsec said on twitter: "Saying we're attacking Anonymous because we taunted /b/ is like saying we're going to war with America because we stomped on a cheeseburger." This can be taken many ways. For ease of use and the need for the media to have everything "dumbed down" lulzsec just identifies the aforementioned group as "Anonymous". But all the little pranks and hackvtivist events weren't orchestrated from Anonops.com, we weren't updated by AnonNews. I jumped in a thread and said "what's up". They said "we're making marblecake!". "Cool I wanna help!". Then I botted some captchas on time.com and made some Marblecake with, I'm assuming a bunch of other guys. And since the symbol didn't show up in the last post, "Procedure is greater-than productivity"
Posted by: The Herp of the Derp 18 Jun 2011
I think the main difference I see is Anonymous is an anarchist structured movement to accomplish something. It usually just has general goals which were what brought the people together. It's huge, threads on forums everywhere, usually moving to dead chans. But when everything starts supporters flood in. Lulzsec is orchestrated to some extent. The aren't just gathering in a small groups that are loosely connected. Anonymous's own motto is based off of fight clubs "we are everywhere: we fix your cars, cook your food, pump your gas etc." Honestly I doubt anything that was truly in the fashion of the old Anonymous since the Scientology Wars. Unless you count small silly incidents like tons of people standing in malls shouting "DUMBLEDORE DIES" on the release day of a Harry Potter book.
So the point is, One is more of a concept that people loosely gather under, while Lulzsec is a group that appears to have a defined hierarchy in place. I think the various hacking group that claims the Anonymous flag while having their own name are more comparable to Lulzsec, if they would go and do something. Anonymous only exists when the whole nether regions of the internet rise up and declare it, or at least the majority of the ones that have a significant ability to hack/bot/ddos etc. And people know when that is happening. At one point of time I bet most of the Lulzsec members were involved in one of those events.
PS. Sorry for the previous post being a bit jumbled; my boss was on the phone saying I couldn't bypass the internet logon just because I forgot my password, it's against company policy evidently. Procedure Productivity.
Posted by: The Herp of the Derp 17 Jun 2011
Many thanks for your comment Mr Of the Derp. Whilst I accept that Lulzsec and Anonymous have different goals, they're similar in that they're both 'hacking collectives' (to at least a loose extent in the latter's case) as a I described in the article.
However, I'd be very interested if you have a different opinion.
Thanks.
Posted by: Stuart Sumner 17 Jun 2011
Two simple things. Although seemingly similar Anon and Lulzsec are completely different. Anonymous is a non-entity. You can't make a twitter for it. There is no leader. There wouldn't be a person to run it. It is a group of people on the internet coming together for various reasons to accomplish something; aka hacktivism. Sometimes it's for the lulz, which is 100% what Lulzsec is doing.
Lulzsec isn't trying to accomplish anything except laughing at people squirm and lose dignity, customers, the glorious wonderful amazing all important and worship worthy PROFIT, and get extremely butt-hurt because their rules have been broken and there is absolutely NOTHING they can do about it.
tl:dr 1 tl;dr: Anon: 0 hierarchy w/ worthwhile goal, Lulzsec: organized "Hay it would be hilarious if..."
Posted by: The Herp of The Derp 16 Jun 2011
Have your say on this article
Newsletters
Latest stories from Hacking
You may also like
Hacking jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
