Hacker groups such as Anonymous has attacked many different targets
The hacker group known as Lulz Security has leapt to prominence by carrying out a series of attacks on Sony, Nintendo, and broadcasters Fox and PBS.
What is Lulz Security? Like many hacker groups, LulzSec appears to be a loosely organized collective in which no-one is really in charge. It claims to specialize in finding poorly protected websites to attack. Information they steal is sometimes posted to the web.
Sony has been prominent among its victims. In early June Lulz Security broke into the servers behind the sonypictures.com, sonybmg.nl and sonybmg.be websites.
The group gained access to around one million user accounts and published details of several thousand online.
Why Lulz? Lulz is a corruption of the famous web abbreviation
The logo of Lulz Security suggests the group does not take what it does too seriously
LOL which stands for "Laugh Out Loud".
Humour forms part of the group's agenda, as outlined on its website.
"Considering fun is now restricted to Friday, where we look forward to the weekend, weekend, we have now taken it upon ourselves to spread fun, fun, fun, throughout the entire calendar year," declares a message on the front page.
The humour references seem to be intended to separate the group from others that hack for money.
But not everything LulzSec does is for the fun of it.
The group also hacked the website of America's Public Broadcasting Service because it made a documentary critical of Wiki-leaks.
Who are they? No-one knows.
The internet and the web make it easy to be superficially anonymous and LulzSec has done a good job of hiding its tracks.
We do not even know if it is a group or just an individual with lots of time on their hands.
How long has LulzSec been active? Since early May.
One of the first documents the group posted was a list of US X Factor contestants complete with names, date of birth, e-mail addresses and phone numbers.
However, it is impossible to know whether members of Lulz Security were active in other groups before they joined this one.
It is possible that LulzSec was formed by people who were disillusioned with other groups and wanted to cause a stir on their own. Members of LulzSec may also still be part of other hacking groups.
Can't they be tracked down? Not really.
Net analysis suggests that the computers handling their website are located in Palo Alto, California. However, it is easy to administer a website from far away, so that is no guide to their location.
Some have tried to look at the group's Twitter stream to see when they post messages and to work out their time zone.
Even that could be misleading because the Tweets could be posted automatically or by a member of the group in that part of the world.
Any reasonably competent hacker group will pipe what they do through a series of machines that sit in different jurisdictions to complicate any attempt to track them down.
LulzSec are likely to find themselves getting more attention from law enforcement following their recent attack on Unveillance, a non-profit organization affiliated to the FBI.
How good are they at what they do? Hard to say.
The tricks they have used to winkle out information from websites are well-known and tools to carry them out are available for free all over the net.
In the case of the recent Sonypictures.com hack, the group used an SQL injection - a relatively straightforward attack on the website's log on system.
Their success may have more to do with the security failings of their targets than it does with their command of computer code.
Are there lots of hacking groups? Hundreds.
They range from disinterested academics and professionals through teenage trouble-makers to out-and-out criminals.
At one end of the scale are "white hat" hackers who find vulnerabilities and inform website owners so they can fix them
"Black hat" hackers represent the other extreme - they are typically criminals or hackers working for criminals looking to access information for profit.
In the middle are "Grey hat" hackers who are generally intent on mischief making. At the moment, LulzSec seems to fall into this category.
Related post:
Hackers Have Stolen Name and Passwords PSN
No comments:
Post a Comment