LulzSec: Absolute, Grade A Imbeciles?

Paul Carr

Paul Carr

How long before Paul Carr (author of The Upgrade, coming soon from disinformation) finds his online identity is no longer his own? He takes on Lulzsec in this article for the Guardian, which has been modified after complaints about his original choice of words:

If one is to believe the media coverage – particularly here in the US‚ no one is safe from the ingenious hackers and their devilishly complex attacks. The truth is, there’s almost nothing ingenious about what LulzSec is doing: CIA and Soca were not “hacked” in any meaningful sense, rather their public websites were brought down by an avalanche of traffic – a so-called “distributed denial-of-service” (DDoS) attack. Given enough internet-enabled typewriters, a monkey could launch a DDoS attack – except that mentally subnormal monkeys have better things to do with their time.

Even the genuine hacks are barely worthy of the word. Many large organisations use databases with known security holes that can easily be exploited by anyone who has recently completed the first year of a computer science degree: it’s no coincidence that so many of these hacker collectives appear towards the end of the academic year.

Still, what LulzSec might lack in technical prowess, it certainly makes up for in its ability to grab attention. Hackers have always boasted of their work – leaving messages on their victims’ servers, posting proof of their exploits on bulletin boards‚ so in a world where every criminal and his dog has a YouTube channel and a Facebook fan-page it’s hardly surprising that LulzSec is obsessed with online publicity. The group has been particularly smart in their use of Twitter: in less than two months it has amassed over 240,000 followers which, amusingly, means it can launch a DDoS attack simply by tweeting the web address of its next target and waiting for the tsunami of clicks to have the desired effect.

Given the group’s modus operandi – boasting on social networks, sticking it to the man – it was entirely unshocking when, on Tuesday morning, the police arrested their first suspect: a teenager who, according to his mum, suffers from agoraphobia and “lives his life online”. Ryan Cleary may, of course, be found completely innocent but when the group’s leaders are rounded up it’s a fairly safe bet that none of them will turn out to be attractive, outgoing 30-year-old women…

[continues in the Guardian]

, , , ,

  • Hadrian999

    these poor bastards, I don’t think they have any clue what they are playing with sony is one thing, irritating the cia for no real gain is quite another. if they are lucky they will be declared  enemy combatants and get relocated to some secret prison, if they are unlucky they will just be removed.

  • Hadrian999

    these poor bastards, I don’t think they have any clue what they are playing with sony is one thing, irritating the cia for no real gain is quite another. if they are lucky they will be declared  enemy combatants and get relocated to some secret prison, if they are unlucky they will just be removed.

  • TiredOfSelfRighteousNobodies

    Usually these scornful, self righteous, pompous reactions to Lulzsec antics come from people who crave attention and contain very little actionable information. Regardless of wether you agree with what they are doing, you have no right to refer to them as equals because they, righteously or not, have superstar status and you’re a nobody. Therefore you might as well drop the namecalling and show some respect to people who are good at what they do. You have no right to share the visibility they have achieved and be patronizing about it because if your article had nothing to do with them, it prolly wouldn’t be read.

    • http://www.facebook.com/Kate.Mangan Kate Mangan

      GOOD hackers do not have superstar status.

  • TiredOfSelfRighteousNobodies

    Usually these scornful, self righteous, pompous reactions to Lulzsec antics come from people who crave attention and contain very little actionable information. Regardless of wether you agree with what they are doing, you have no right to refer to them as equals because they, righteously or not, have superstar status and you’re a nobody. Therefore you might as well drop the namecalling and show some respect to people who are good at what they do. You have no right to share the visibility they have achieved and be patronizing about it because if your article had nothing to do with them, it prolly wouldn’t be read.

  • dumbsaint

    I would think the CIA has bigger fish to fry. Do they really need to put resources into tracking down some kids who caused their relatively unimportant public relations website to get clogged with traffic?

    Apparently they’ve retired anyhow. http://news.cnet.com/8301-1009_3-20074416-83/hacking-group-lulzsec-says-its-calling-it-quits/

    • Hadrian999

      now would be the wise time to remove them, before they have names and faces and start to aooroach the status of a julian assange.

      • DeepCough

         Paul Carr is half-right in his article: LulzSec is a sophmoric group just engaging in trendy hacking hijinks that require no skill real skill (A DDoS attack is what commonly happens to a debut MMORPG game), but you have to tip your hat to the recent AZ dump.

        • Hadrian999

          i was speaking of the thought processes of groups like the cia not personal feelings, the AZ dump was good but presenting a visible target was stupid, if they really wanted to make a difference they would do operations like that without taking credit and distributing the data through things like wikileaks. juvinile pranks like the sony and cia jobs accomplish nothing(unless the sony thing were industrial sabotage for hire) and present a nice juicy propaganda target for the fbi.

    • quartz99

      It occurred to me while I was reading the story you linked that if I was a security company trying to pitch someone like, say… Sony, or a Sony competitor, the absolute best thing that could happen was for my potential client (or someone in their league, a direct competitor or a vendor/client of my mark) to get hacked and lose a lot of money over it… perhaps such a good thing that I might consider staging a group to hack them so they are antsy and looking for a contractor… But you have to have multiple targets around the same time or the mark gets suspicious… then the hacking group fades away before any identifiable information can link them back to the security company…

      eh, but then, I have a suspicious mind…

  • Anonymous

    I would think the CIA has bigger fish to fry. Do they really need to put resources into tracking down some kids who caused their relatively unimportant public relations website to get clogged with traffic?

    Apparently they’ve retired anyhow. http://news.cnet.com/8301-1009_3-20074416-83/hacking-group-lulzsec-says-its-calling-it-quits/

  • Hadrian999

    now would be the wise time to remove them, before they have names and faces and start to aooroach the status of a julian assange.

  • quartz99

    You know, I was right there with this author in the first couple paragraphs. A ddos takes next to no brain power to engineer, basic cross-site scripting is “hacking” the same way a ten year old with training wheels on his bike is “cycling”. Technically it’s so, but really not that sophisticated, and not what people who know what they’re talking about think of when they use the word.

    But then he gets into the stereotyping. There are plenty of women, even *gasp* attractive adult women, who are into computers and more than capable of far more than what lulzsec has done. Piss off you sexist prick.

    If lulz keeps itself to forays like the recent Arizona one, then they will earn some respect. Destroying the lives of Sony customers, however, is worthy only of scorn (scorn for both lulz and for sony for failing to such a simple script and keeping passwords in freaking plaintext!). We’ll see which way they decide to go…

  • Anonymous

    You know, I was right there with this author in the first couple paragraphs. A ddos takes next to no brain power to engineer, basic cross-site scripting is “hacking” the same way a ten year old with training wheels on his bike is “cycling”. Technically it’s so, but really not that sophisticated, and not what people who know what they’re talking about think of when they use the word.

    But then he gets into the stereotyping. There are plenty of women, even *gasp* attractive adult women, who are into computers and more than capable of far more than what lulzsec has done. Piss off you sexist prick.

    If lulz keeps itself to forays like the recent Arizona one, then they will earn some respect. Destroying the lives of Sony customers, however, is worthy only of scorn (scorn for both lulz and for sony for failing to such a simple script and keeping passwords in freaking plaintext!). We’ll see which way they decide to go…

  • DeepCough

     Paul Carr is half-right in his article: LulzSec is a sophmoric group just engaging in trendy hacking hijinks that require no skill real skill (A DDoS attack is what commonly happens to a debut MMORPG game), but you have to tip your hat to the recent AZ dump.

  • DeepCough

     Paul Carr is half-right in his article: LulzSec is a sophmoric group just engaging in trendy hacking hijinks that require no skill real skill (A DDoS attack is what commonly happens to a debut MMORPG game), but you have to tip your hat to the recent AZ dump.

  • Hadrian999

    i was speaking of the thought processes of groups like the cia not personal feelings, the AZ dump was good but presenting a visible target was stupid, if they really wanted to make a difference they would do operations like that without taking credit and distributing the data through things like wikileaks. juvinile pranks like the sony and cia jobs accomplish nothing(unless the sony thing were industrial sabotage for hire) and present a nice juicy propaganda target for the fbi.

  • RevEggplant

    For a bunch of teeny-boppers, they certainly captured the attention of the world. And if big corporations and government entities are stupid enough not to close up those holes that 1st-year CS students could hack, who’re the real dummies? Go away with your barbed words, friend. They amount to a hill of shit when compared to the what these guys have accomplished in bringing to the fore security awareness.

    • Hadrian999

      a DDOS doesn’t really attack a hole, throw enough traffic at any system and it’s going down, the funny about security of any kind is that many corporations skimp on it because it doesn’t generate any revenue, eventually you get caught with your pants down. I’m curious about the backroom conversations between their developers, many big games today live or die by multiplayer like the CoD series, I wonder what economic impact the extended downtime of the playstation network had on those type of games.

      • dumbsaint

        I was playing a subscription based game that was taken offline for 2 weeks or so due to the Sony hacks (DCUO). When it came back the population was absolutely decimated. They were trying everything to get people to keep playing from 45 days of free time to a ‘shiny new hat’ but there was no saving it. This was a big release for the company about 5 months prior with a big name IP and it became a total ghost town. These sorts of games rely on a mild addiction and once the habits broken I think people move on pretty quickly. It would have cost Sony buckets of cash.

        • Hadrian999

          not only sony but the developers who produce the games, this whole incident could have a bad effect on sony’s ability to get 3rd party developers for online heavy games for the ps3, or at least force sony to give better publishing deals.

        • Mr. Coffee

          You mean DC Universe Online?

  • http://www.facebook.com/profile.php?id=1262340724 Rich Clark

    For a bunch of teeny-boppers, they certainly captured the attention of the world. And if big corporations and government entities are stupid enough not to close up those holes that 1st-year CS students could hack, who’re the real dummies? Go away with your barbed words, friend. They amount to a hill of shit when compared to the what these guys have accomplished in bringing to the fore security awareness.

  • Majikmay0

    You totally missed the point man. :(

    The DDoS attacks were not performed by LulzSec as stated by LulzSec. You can find the information if you want. Don’t post it until you look it up.

    And you’re right about the “Many large organizations use databases with known security holes that
    can easily be exploited by anyone who has recently completed the first
    year of a computer science degree” part. But that is exactly the point! They even said it over and over again. This is what I mean by go and look it up before posting. They are trying to make the community and the companies aware of the GIANT holes in their security. (They have also said this multiple times, again go look it up.)

    Also because the NEWS said they caught a leader of LulzSec doesn’t mean they caught a leader. I hear all that kid did was handle the IRC chat. You should go look it up. :D

  • Majikmay0

    You totally missed the point man. :(

    The DDoS attacks were not performed by LulzSec as stated by LulzSec. You can find the information if you want. Don’t post it until you look it up.

    And you’re right about the “Many large organizations use databases with known security holes that
    can easily be exploited by anyone who has recently completed the first
    year of a computer science degree” part. But that is exactly the point! They even said it over and over again. This is what I mean by go and look it up before posting. They are trying to make the community and the companies aware of the GIANT holes in their security. (They have also said this multiple times, again go look it up.)

    Also because the NEWS said they caught a leader of LulzSec doesn’t mean they caught a leader. I hear all that kid did was handle the IRC chat. You should go look it up. :D

  • Hadrian999

    a DDOS doesn’t really attack a hole, throw enough traffic at any system and it’s going down, the funny about security of any kind is that many corporations skimp on it because it doesn’t generate any revenue, eventually you get caught with your pants down. I’m curious about the backroom conversations between their developers, many big games today live or die by multiplayer like the CoD series, I wonder what economic impact the extended downtime of the playstation network had on those type of games.

  • Anonymous

    I was playing a subscription based game that was taken offline for 2 weeks or so due to the Sony hacks (DCUO). When it came back the population was absolutely decimated. They were trying everything to get people to keep playing from 45 days of free time to a ‘shiny new hat’ but there was no saving it. This was a big release for the company about 5 months prior with a big name IP and it became a total ghost town. These sorts of games rely on a mild addiction and once the habits broken I think people move on pretty quickly. It would have cost Sony buckets of cash.

  • Izkata

     Yay, an article written by someone who doesn’t have the slightest idea of what’s going on.

    DDoS attacks cannot gain any access to databases, whatever their security holes.  DDoS attacks prevent access, hence the name, “Distributed Denial of Service attacks”.  And they are simple, but whether or not LulzSec uses them doesn’t matter.  Gaining access to databases requires far more skill, and LulzSec has succeeded many times over.

  • Izkata

     Yay, an article written by someone who doesn’t have the slightest idea of what’s going on.

    DDoS attacks cannot gain any access to databases, whatever their security holes.  DDoS attacks prevent access, hence the name, “Distributed Denial of Service attacks”.  And they are simple, but whether or not LulzSec uses them doesn’t matter.  Gaining access to databases requires far more skill, and LulzSec has succeeded many times over.

  • Izkata

     Yay, an article written by someone who doesn’t have the slightest idea of what’s going on.

    DDoS attacks cannot gain any access to databases, whatever their security holes.  DDoS attacks prevent access, hence the name, “Distributed Denial of Service attacks”.  And they are simple, but whether or not LulzSec uses them doesn’t matter.  Gaining access to databases requires far more skill, and LulzSec has succeeded many times over.

  • guest

    Paul Carr lives in his mom’s basement and is a professional troll.  He only pretends to be an uber smart, computer genius-hacking lord, because he envies all of the attention the supposed “teenage boy” hacking groups are receiving. He was recently scorned by a beautiful 30 year old female Computer Science graduate fully capable of actions such as these and much greater. So forgive him, for his little man child is crying inside and he must take his pain out on those he is jealous of most – and with very little creativity I might add. Everyone knows teenage boys is a hacking stereotype. Is that the best you could do Paul? And why post such a giant picture of yourself next to the article? Do we all really need to see who you are and how awesome you think you are, with your faux hawk and your gaze that screams, “I have a superiority complex because s my inferiority makes me cry on the inside!”

  • guest

    Paul Carr lives in his mom’s basement and is a professional troll.  He only pretends to be an uber smart, computer genius-hacking lord, because he envies all of the attention the supposed “teenage boy” hacking groups are receiving. He was recently scorned by a beautiful 30 year old female Computer Science graduate fully capable of actions such as these and much greater. So forgive him, for his little man child is crying inside and he must take his pain out on those he is jealous of most – and with very little creativity I might add. Everyone knows teenage boys is a hacking stereotype. Is that the best you could do Paul? And why post such a giant picture of yourself next to the article? Do we all really need to see who you are and how awesome you think you are, with your faux hawk and your gaze that screams, “I have a superiority complex because s my inferiority makes me cry on the inside!”

  • Hadrian999

    not only sony but the developers who produce the games, this whole incident could have a bad effect on sony’s ability to get 3rd party developers for online heavy games for the ps3, or at least force sony to give better publishing deals.

  • Proxies

    Noobs need to use proxies.

  • Proxies

    Noobs need to use proxies.

  • http://twitter.com/MiGaOh Michael G. O’Hair

    That guy looks like Brack from This Island Earth.

  • http://twitter.com/MiGaOh Michael G. O’Hair

    That guy looks like Brack from This Island Earth.

  • http://www.facebook.com/Kate.Mangan Kate Mangan

    GOOD hackers do not have superstar status.

  • Anonymous

    It occurred to me while I was reading the story you linked that if I was a security company trying to pitch someone like, say… Sony, or a Sony competitor, the absolute best thing that could happen was for my potential client (or someone in their league, a direct competitor or a vendor/client of my mark) to get hacked and lose a lot of money over it… perhaps such a good thing that I might consider staging a group to hack them so they are antsy and looking for a contractor… But you have to have multiple targets around the same time or the mark gets suspicious… then the hacking group fades away before any identifiable information can link them back to the security company…

    eh, but then, I have a suspicious mind…

  • Anonymous

    http://pastebin.com/iVujX4TR

    lulzsec got counter hacked and exposed.

  • dumbsaint

    http://pastebin.com/iVujX4TR

    lulzsec got counter hacked and exposed.

  • Mr. Coffee

    You mean DC Universe Online?