Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
General: The Hacking Plague
SBFord
Former Associate EditorMember LegendaryPosts: 33,129
As the hacking saga continues into the summer of 2011, including the arrest of a potential suspect in the Sony hacking earlier this year, MMORPG.com Managing Editor Bill Murphy takes a look at the issue and the potential repercussions that will affect us all in ways we may not yet understand. See what Bill has to say and then let us know your thoughts on the hacking epidemic.
That’s not to say Lulzsec hasn’t been creative: their fake PBS story about Tupac being alive and well had me chortling at my desk for most of the day. But where is the line drawn? These are peoples’ lives their messing with, not just the companies’ stock prices. At some point someone will be hurt by their actions, and I’m afraid that only then will there be serious action taken by our law enforcement. But what are the larger ramifications? What do these strings of attacks really say about our internet security?
Read more of Bill Murphy's The Hacking Plague.
)
Comments
Play with fire and you will get burned. Yes you will in time, I wounder if Lulzsec is full of late teens and early twenty some things, if there are then they think they know it all, I wounder if they even see that they are goning to get what they donot want.
Is it a plauge?
Or is it a wake up call pushing businesses to quit hording their profits and actually invest in customer safty?
Demonizing the hackers doesn't seem very efficient or logical. If they get caught they should get punished, but the reputation of these companies that got easily hacked- well that needs to be the main issue in all of it.
Plus the industry should catch up. It's sad that they weren't leading the way.
You forgot to mention that Lulzsec and their affiliates have been hacking not only banks and companies, but also official government websites throughout the world. They hacked something in the UK, the US senate and DDoS'd the Brazilian government's website.
I'm not quite sure what will come of that, but maybe such attacks have the potential to spark an even greater repercussion in our daily lives than attacks on companies, since, well, the governments are the ones 'ruling' us... aren't they?
The way I see LulzSec is fairly simple, they are needed. We live in an age where all of our information is put on the internet for "x" and "y" reasons and we expect those informations to be secure. Sadly it turns out that it's not secure, when a huge company like SONY falls for one of the oldest trick in the book, an SQL Injection, I think it says a lot about the horrible security.
There's also the fact that many companies and websites are being hacked daily and have their datas stolen, but will never release this information. "What you don't know, can't hurt you" they'd say, but it's complete rubbish. LulzSec's existance and actions has simply proven how weak, many of us have thought, the security around our informations were. And rather than being silent about it, well they make it public and those companies can't avoid it anymore.
Now don't get me wrong, is what LulzSec is doing a crime? Yes it is, and a terrible one at that and especially when they release so many users informations. But chances are, that, given how insecure the hacked websites were, that the users informations were already made public on whatever shady sites that profits from this. And that's the scary part.
Cyber crimes are working on it, but the reality of it is the most taleneted individuals are not usually law enforcement.
Will they eventually get caught... yes. Because one of their own will be forced into service with law enforcement or be sent to the bottom of a prison forever. This has been the way of things for a very long time. They have pissed off too many people now.
As for tighter security... yes. The internet will be locked down. Cyber-warfare is a reality and a single hacker can devestate a country. The US internet needs to be locked the rest of the world can do their own cleaning. Then we need to weed out the hackers and employ the most brilliant and brightest on pain of prison or worse to protect the United States not attack it.
Will it happen? Maybe it has already.
blah
You hit the nail on the head with "There’s one thing I’m worried all this hacking will be used for though: more arbitrary internet laws." I dont want to sound like Im wearing a tinfoil hat, but I dont think these people are just some teenagers playing around haveing fun and doing it for the lulz.
The problem with 'finding another way' to point out IT security issues to corporations, is that corporations do what corporations do best... Which is having a short sighted view of their own bottom line.
There have been countless times where corporations have been warned over and over again about security issues, yet do absolutely nothing about it. It's not until they're hacked that they even do something about it. Yes, no system is invulnerable to intrusion, but a lot of these companies aren't even making much of any effort to take all of basic steps to secure their system, as proof by the fact that basic injection attacks can bring some of their systems to their knees.
But that makes me wonder, with all of the apprehension to take proper steps to secure their systems, and the delay in tellnig the public. Are all of the companies who get hacked actually owning up and telling their customers? How many people's information has been stolen out of systems, and no one's heard about it because the companies who have been breached figure it hurts their bottom line too much to be honest?
Which brings me to LulzSec. They make no attempt to hide that they're hacking into systems, and are vocally bragging about it. In a twist of some kind of pathetic irony, they are in a way the lesser of evils, because at least when they breach a system, you're guaranteed to hear about it. They are humiliating companies and organizations who should be making an effort to keep themselves safe from cyber attack.
I don't agree with a lot of what Lulzsec does. Releasing personal information, possibly even having sold it, is downright despicable. Though, at least they admit to doing it, and you know to be on guard to be more protective of your personal info. In all honestly I'd rather it be Lulzsec doing it openly, than it being a much more malicious group doing it silently.
I too worry that this will lead to more restrictive Internet Laws. Unfortunately it seems either way we'll get them. The sad truth is that it really is the onus of the companies and organizations to cough up the money to properly secure their own sites if they want to do business on the Internet, but it seems they may rely on governments to oppress freedom to get the job done rather than spending their own money.
Computers are insecure. It's inevitable that these people will figure out ways to hack into servers and steal information. What pisses me off is the amount of information that these companies want. Every bit of software out there wants to be registered and is allowed to annoying keep pestering you about handing over personal information to the company, trusting them to keep it safe. Of couirse by installing the software you accept the terms of the EULA which determines that the company isn't liable for anything. Does my antivirus software really need to know my address? I might as well not have the internet if I don't have an antivirus, so they really have you under the barrel.
All I want is the option to keep my information secure, and still enjoy the benefits of the internet. As it sits right now, the only way that I have to do that is provide false information to companies, in essence using fraud to protect ones identity. Doesn't that seem wrong to anybody else?
All of my posts are either intelligent, thought provoking, funny, satirical, sarcastic or intentionally disrespectful. Take your pick.
I get banned in the forums for games I love, so lets see if I do better in the forums for games I hate.
I enjoy the serenity of not caring what your opinion is.
I don't hate much, but I hate Apple© with a passion. If Steve Jobs was alive, I would punch him in the face.
We have to admire the real hackers for their skill and will to explore secrets. On the other hand, these pure hackers who does it for the adventure and to prove their cunning, are but a fraction of these. Ten years ago I would have called hackers for geeks exploring the possibilities of technologi, but nowadays most of them are just plain thieves who steal information for those who will pay them. Some hackers have high morale standards, and some have lower, but when money talks even the best can compromise a bit on their beleifs.
But the worst part about hacking today is the same problem as with terrorism. The countermeasures are simply worse than the crime itself. Just look at the law changes beeing proposed in many countries around the world. George Orwell cries from his grave these days, and we are too stupid to see it comming.
"I am my connectome" https://m.youtube.com/watch?v=HA7GwKXfJB0
New laws don't really help much....particularly given the international nature of many black hats.
What will help is companies getting more serious about thier security measures and realizing that doing business on the internet requires a certain amount of overhead expenditure devoted to security.
In the last few years, security has been treated as a sort of red-headed step child. It's taken a back seat not just to cost cutting measures but also to things like ease of use, convenience, speed to market, throwing all sorts of useless bells and whistles into applications that can be exploited...and the bosses pet project to make sure that he can monitor the copy machine from his I-pod. Business needs to take a step back to fundementals and understand that if you can't deliver a reasonable amount of security in your products then none of the other stuff really matters.
Note that there is no such thing as an entirely secure system. Any security measure invented by human beings can also be defeated by human beings. With enough time and resources anything can be hacked but the amount of effort required is directly proportional to how much effort is put toward security. Puting a reasonable amount of effort into securing something can go a long way toward warding off most hackers. Just like regular criminals, they'll usualy pass up the house with the dogs and the alarm system and go for the one with nobody home and the windows open.
There is another thing that needs to be understood by everyone, the internet is an inherently insecure system. You can do alot to make it more secure, but there is no magic bullet. There really are alot of things that don't need to be and probably AUGHT not to be connected to interconnected public network. By far, the strongest security measure involves simply unplugging the internet connection and forcing someone to be physicaly present in a location in order to do mischief. I've worked in IT for more then 20 years, I don't do any of my banking online, there is a good reason for that.
None of this is to excuse the hackers who perform these crimes, they are criminals pure and simple.... but we know that the world is an imperfect place and criminals exist. In the real world, you wouldn't leave your wallet unattended for 2 hours on a public bench and expect it to be there when you get back....you shouldn't leave your computer systems unsecured and expect them to be ok either.
Finaly it's important to understand that there is a big difference between different types of attacks. For instance a DDOS is very different then actualy having your systems compromised and your data stolen. Almost anyone can get hit by a DDOS, it's simply a traffic jam... it overwhelms your resources (bandwith, CPU capacity, etc) with what looks like legitimate traffic. If you can filter out the automated traffic from the real traffic at your upstream...your back in business and all you've lost is some time. Peoples data don't get exposed and stolen through a DDOS...that requires someone to exploit a flaw in your system.
Both are malicious acts and need to be punished but a site that gets hit by a DDOS is not neccesarly a sign of bad security...especialy if they are able to get back online in a reasonable amount of time.
And everyone is mad, mad cause they tell it to their faces
their crime is not that of hacking, as that happens regularly , their main crime is to tell it right into the face of the victims
how nice is it to live ignorant and free of wories and now they have taken it away
now instead of crying to the devs cause their acc got hacked they pull out the torches and march into the woods looking for lulzsec, silly citizens not knowing pirates are on the sea
but do not worry, there are other who do know how to hunt the scourge of the sea and they seem to progress in their hunt quite well so rest in your armchairs dream of grandour and wait
Pi*1337/100 = 42
I have a hard time understanding why LulzSec is targeting game developers in the first place. As nerds, I have a really hard time believing that these guys really want to cause harm to companies like CCP and Bethesda. Yet, for some reason, they have been increasingly targetting them. It just doesn't make sense....
afaik they said lets ddos something , take aim we will fire and some random twitterfags called target on ccp so ccp wasnt really their idea, they just followed trough
Pi*1337/100 = 42
As someone who has always wanted to learn how to hack and am all for hacker's hacking big company to do what ever dmg they can to them. I envy there skill's and companys have long used hacks to hacks other companys for INFO and now there just what has been needed to happen to them done.
As for if the governments start to put anymore internet laws up trust me that will start there war right then and there. Governments think they rule the people the people rule the goverment we are the army we are the workers we and the keepers of the number's we rule the net.
They dare put 1 new internet law up mark my words you will have a flood of hackers and crackers chewing the vary floor of what you walk on bringing you down from the golden tower.
revolution is coming with in 5 years companys and goverment will fall to there knees to the power of the people. GO LULZSEC CRUSH THEM just dont relase or use info on our own kind.
You are cheering the hackers on to take down evil governments and corporations, yet at the same time I don't see these hackers re-routing money into charity organizations or helping "the people". When evil government fails, the one for sure thing will happen is more evil "people" will rise up. When evil corporations fail, the one for sure thing that'll happen is that tens of thousands of normal people will lose their jobs and lose their house, perhaps lose their marriage and family. So I ask you again, is this really a good thing to cheer on?
There is no evil government or corporations, it's just evil people, and they are amongst us, they're in your family, they're one of your friends. Heck they may be you. Until I see robinhood style good deeds done by these hackers, I don't buy that they are doing it for the good of the people. They are doing it for themselves, they are stealing innocent people's data, they are making other innocent people lose their jobs. They are disrupting services that millions of people enjoy everyday.
You want to get righteous with me, let me see good deeds. Let me see them track down criminals, break up organized crime, break up drug/prostitution rings, solve murder mystery, get gangsters off the street. Let me see them target email spammers that we ALL hate, let me see them track down malicious hackers that steal information for their profit. Until then, they are just as bad as the people they claim evil, the people they are trying to take down.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
The gaming industries slow reaction and apparent ease for hackers to get into their servers to access customer information, some of it old and outdated to the point you wonder what the hell they're doing with it still, and other info that is questionable they had in in the first place, is just a symptom of the problem. In order for the industry to protect customer data properly, they actually have to car enough about their customers to do it. I don't see that, the caring. Sony's initial response, or lack of, followed by the shrug go take care of it on your own... showcases this general attitude.
parrotpholk-Because we all know the miracle patch fairy shows up the night before release and sprinkles magic dust on the server to make it allllll better.
Agreed, especially the last paragraph. Not sure how much more we can get build on that.
As for the hackers; Lulzsec are punks, plain and simple. Any idealism, any claim of a noble purpose is, as Shakesphear would say, "full of sound and fury, signifying nothing." All they want is to wreck havoc and they seem pretty unconcerned about who gets caught in the crossfire. I mean really, Minecraft? If you want a story that flies in the face of the corporatization of the video game industry, guys like Notch and Zachary Barth are your man. Attacking the indie scene, which are generally small groups who simply cannot afford leet security software, at all is like agreeing to boycott Walmart because you should then going to vandalize your local mom and pop corner store just because you can...
They're not saints, nor did they ever claim to be.
While a lot of their actinos are distasteful, I can honestly say I'd rather immature vandalism putting the spotlight on poor security, than have a truly malicious group exploiting the same security weaknesses to cause much more damage while we're all oblivious to it.
Maybe OP you could have pointed Wikileaks affaire which is the source of all this hacking phenomena, that would maybe give a hint to people why and how this is evolving like this.
I agree with everything said in this article, but I have no choice in this matter.
*cough* *cough*
The King wishes this was as romantic or as exciting as the media wished it to be.
William Gibson writes it way better. But I don't think we'll be killing each other over 320 gigs of dataspace any time soon.
Funny thing is the idiot in this video is supposed to be a lulzsec DDoSer can not see him having any brian cells less than to just be a bad script kiddie who fails at hiding his I.P....
http://www.thesun.co.uk/sol/homepage/news/3653684/Bleary-eyed-internet-hacking-suspect-Ryan-Cleary-looks-wasted-after-inhaling-gas.html
Great post and spot on.
These hackers aren't heroes on any level. They are emotionally stunted attention whores. Let's see them do some actual good, not being brats and "tee heeing" about it.
Godfred's Tomb Trailer: https://youtu.be/-nsXGddj_4w
Original Skyrim: https://www.nexusmods.com/skyrim/mods/109547
Serph toze kindly has started a walk-through. https://youtu.be/UIelCK-lldo
Not all hacker agree with what Lulzsec are doing. Web ninjas have started a blog to name and shame them.
http://lulzsecexposed.blogspot.com/
I agree with your sentiment on the Industry being lax with their customers information.
BUT there are ways Lulzsec could have embarrassed the companies without leaking some unfortunate peoples personal details all over the internet.... like oooh I dunno maybe leaking some of the info & how it was obtained to credible media outlets ?
Not putting it on bittorrents where criminals are the primary downloaders......
For leaking personal Info punlicly I hope they get what they so richly deserve... and thats not a warm handshake..... its more likely something hard & warm from a guy name Bubba in prison....