Wednesday, June 15, 2011
LulzSec Offers To Hack Web Sites by Request
Web sites can be hacked on request, LulzSec has offered, although the phone number provided produced just a standard voice-mail message. The LulzSec group appears to be laughing at Internet security, but it's no laughing matter to web sites and the law. LulzSec's web site features links to data taken from the U.S. Senate and other sites.
The band of merry hackers known as LulzSec, fresh from causing mayhem with breaches of corporate, government and game sites, is now going where no hacker has gone before by opening a request line. The group, whose name is a derivative of the online shorthand for laugh out loud (LOL) and security Relevant Products/Services (as in laugh at your security) posted a tweet Tuesday brazenly offering a number where fans can request a hack of their least favorite web site.
"Now accepting calls from true lulz fans -- let's all laugh together at butthurt gamers. 614-LULZSEC, accepting as many as we can, let's roll," read the tweet.
Security Is 'Drab'
Our call to that number produced only a standard outgoing voice-mail message from "Pierre Dubois." A reverse lookup of the number was unsuccessful, as it appears to be unlisted.
LulzSec first emerged last month with attacks on a wide range of targets. "We're ... a small team of lulzy individuals who feel the drabness of the cyber community is a burden on what matters: fun," the group posted in its own web site, which on Wednesday featured a long list of links to internal data Relevant Products/Services LulzSec says it retrieved from the U.S. Senate, Sony Pictures, Nintendo, Fox and PBS.
"We don't like the U.S. government very much," reads the post with the Senate data, a long list of programming code. "Their boats are weak, their lulz are low, and their sites aren't very secure. In an attempt to help them fix their issues, we've decided to donate additional lulz in the form of owning them some more! This is a small, just-for-kicks release of some internal data from Senate.gov -- is this an act of war, gentlemen? Problem?"
Despite the playful tone -- the LulzSec site greets visitors with the theme from the Love Boat TV show -- the breaches are serious business Relevant Products/Services to cybersecurity experts.
Flirting with Jail
"They are definitely breaking the law," said Graham Cluley, senior technology consultant at U.K.-based Sophos Security and author of its Naked Security blog. "In most countries around the world, it is illegal to access Relevant Products/Services a computer Relevant Products/Services system without authorization -- and they have clearly done that by exposing users' information and sensitive data. Furthermore, they have launched denial-of-service Relevant Products/Services attacks against web sites, which has seen other hackers go to prison in the past."
Can they be traced and stopped?
"I would imagine that the authorities are looking into that," Cluley said. "However, my guess is that LulzSec is being careful to cover its tracks and hide their location. The danger for LulzSec, of course, is that they may get cocky and make a stupid mistake."
Cluley said despite the brazenness, LulzSec should quit while it's ahead. "They've gained a lot of attention from the media, and the computer-crime authorities will be very keen to identify them," he said.
Last September, Edwin Andres Pena, 27, was sentenced to 10 years in prison for hacking Internet phone networks to make unauthorized calls. And in March 2010, Albert Gonzalez, 28, who used the code name Soup Nazi, got 20 years for hacking credit accounts and stealing as much as $200 million.
But LulzSec doesn't appear to be interested in hacking for profit, only for fun, and, it claims, to expose security weaknesses.