Saturday, June 18, 2011

LulzSec Posts Stolen E-Mail Addresses, Passwords

The band of hackers that claims it is trying to make cybersecurity more fun released on Thursday a database Relevant Products/Services of what it said was 62,000 e-mail addresses and stolen passwords. But hosting service MediaFire quickly removed the data Relevant Products/Services for violating its terms of service.

LulzSec, whose name suggests the hackers are laughing at the cybersecurity of their victims, has been on a month-long binge attacking game sites, government agencies -- including the CIA -- media outlets, and others and posting what it says is stolen data.

Dial a Hack

On Wednesday the group offered to take requests.

Inviting calls to a 614 area-code number that led to the voice mail of a Pierre Dubois, LulzSec told its followers to "pick a target and we'll obliterate it. Nobody wants to mess with The Lulz Cannon -- take aim for us, Twitter."

It later claimed "5,000 missed calls and 2,500 voice mails from today. The Lulz Boat must sail off and organize itself. Hope you enjoyed."

PC magazine said the hacked e-mail accounts were from Comcast, Yahoo Mail, Hotmail and Gmail. Gizmodo set up a tool to check if your information was made public.

One LulzSec follower claimed via Twitter to have accessed profiles for dating sites using the posted passwords and added obscene photos to the users' profiles.

The flippant LulzSec, whose logo features a caricature with a monocle, top hat, mustache and a glass of wine, vowed to continue hacking.

"These folks are trying to make a massive statement that security Relevant Products/Services isn't adequate," said technology analyst Rob Enderle of the Enderle Group. "I think their subtle point is that most [other] thieves would go in, steal the stuff, and no one would know they were there." He said LulzSec's activities suggest these sites aren't as secure as they need to be and can't identify hackers.

"The thing most folks don't seem to get is the implication that these sites likely have been compromised for some time and no one has known, or done anything about that," said Enderle. "Call it an 'emperor has no clothes exercise.'"

Long Arm of the Law

How likely is the LulzSec bunch to get caught?

"Sadly, the chance of getting away with cybercrookery is fairly high," said Paul Ducklin, head of technology for the Asia-Pacific office of the cybersecurity firm Sophos in Sydney. "Jurisdictional issues alone make it hard to work out who's responsible for investigating, and who's responsible for prosecuting."

But there are some notable exceptions.

"You'd think that the chance of a cyberscammer in Nigeria getting busted for taking money off someone on the other side of the world in an e-mail fraud would be impossibly small," Ducklin noted. "But here in Australia, the cops occasionally manage to do just that. Criminal complaints laid in Queensland, for example, have been relayed to Nigeria and Ghana, perpetrators found, arrested, charged and convicted, and even (though admittedly very rarely) restitution extracted. So it can be done."

Ducklin said it's likely that law enforcement in several countries are working together to find LulzSec. But he said the hackers are likely encouraged to show off their skills by fans who egg them on.

A recent Sophos poll found that 40 percent of respondents see LulzSec as fun and worthwhile, and a further 17 percent said that although what LulzSec did was bad, it was still fun.

Artikel yang Berkaitan

0 komentar:

Post a Comment