LulzSec hack... (Insert most recent target here)

[Badnik Mechanic]

THIS. Good grief, this.

If it takes a bunch of hackers breaking companies' security systems for the lulz to make said companies wake up and smell the ashes, said companies deserve no sympathy, nor can I possibly call them 'victims' with a straight face.

Oh fuck off...

This whole 'well hackers are doing this to make things better' argument is the biggest load of justifiable bullshit I've ever heard.

What you are saying is that is the same level of stupidity as saying that it was the bank/shop/garage/pub's fault that it got robbed and that it should have invested in a better security system.

I feel like I've gone to la-la land when I read some of these replies about how it's the fault of the company that got hacked. What planet are you people on? In what other situation would you praise a criminal for breaking into somewhere and blame the person who had their property stolen?

[Candescence]

Oh, for fuck's sake. I did not at all imply that the hackers were blameless in all of this. I don't condone their actions, especially the release of user info in that one instance involving the Sony server, but Jesus, the method they used to break into said server was so utterly rudimentary that it demonstrated that the server security was virtually nonexistent.

With that kind of absolutely worthless server security, would you trust anyone with such incompetence with your personal information?

[Chooch]

If it takes a bunch of hackers breaking companies' security systems for the lulz to make said companies wake up and smell the ashes, said companies deserve no sympathy, nor can I possibly call them 'victims' with a straight face.

So it's entirely okay if I were to hack into a website you log into and frequent, steal your e-mail and contact information and do whatever the hell I want with it because I'm under the excuse that I'm 'pointing out security flaws?'

Even under the pretense that the security was sub-par or as you say 'nonexistent' I still think that's a load of shit.

Edited June 14, 2011 by Chooch

[Candescence]

So it's entirely okay if I were to hack into a website you log into and frequent, steal your e-mail and contact information and do whatever the hell I want with it because I'm under the excuse that I'm 'pointing out security flaws?'

Even under the pretense that the security was sub-par or as you say 'nonexistent' I still think that's a load of shit.

[Velotix von Skruviktorrius]

I'm really tired of arguing this like a broken record - as is everyone else who enters the fray, which is why I simply linked a counterargument and said nothing in particular.

The facts are: the ultimate goal of this particular hacking group is to stir the hornet's nest, piss people off in executive management the world over, and have mischievous amoral fun in the process. They are also prepared to be complete assholes just to prove a point.

Most people are not prepared to do this for anything and cannot understand why anyone would, and so we have this thread.

The rest is (very significant) collateral damage. As I have made clear in the past, to be a competent security professional, you need to be a hacker with actual security clearance. That duality does not apply in any other real-world situation people keep mentioning as a comparison except *gasp* security, so the off-point analogies are getting pretty tedious too.

To expand on the aforementioned tedium-inducing analogy: no it's not OK to burgle someone's house, but if the homeowner locks their door loosely and then leaves their windows open with no-one else in the house, they shouldn't be surprised that the stuff upstairs got stolen whilst they were in the back garden tidying up the hedge - but they sure can be pissed off about it. So can the guy whose CDs you were borrowing and left in the same room unattended, and he'll blame both you and them.

[Chooch]

It doesn't matter how easy or hard it is. Hacking people's shit 'for the lulz' or whatever the fuck else is wrong.

Breaking and entering is fucking wrong. I don't care how you spin it. I'm not going to support what these people are doing.

[Agent York]

I wonder how many ways sideways these guys and girls will be screwed when they're sued from all the biggest name companies in the world?

[Velotix von Skruviktorrius]

I wonder how many ways sideways these guys and girls will be screwed when they're sued from all the biggest name companies in the world?

[Shaddix Leto Croft]

http://twitter.com/#!/LulzSec/status/80695414331940864

Just sunk the Minecraft login server, looks like their website also got hit from overkill: http://t.co/E3QnDYm not even firing at the site.

[Light]

I thought I already stated this clearly - stealing personal information is illegal for a damn good reason, and I don't condone it in any form. But while no system is hacker-proof, there's a difference between making it damn difficult for them to do it and making it laughably easy for them. If a company hasn't done nearly enough to protect their customers from such data theft, then the customers have more than enough right to be angry at the company as well as the hackers.

I'm with Mas on this. It really was too goddamn easy for Luzsec to get personal information on customers. There's a reason why we're hearing about Sony getting breached a not your bank account provider.

Edited June 14, 2011 by Light

[-Mark-]

We need King Kazma to kick some online ass.

...what do you mean he isn't real? :<

It seriously sucks at how Sony getting hacked seems to have set all the other hackers off for everything else.

[Badnik Mechanic]

I'm with Mas on this. It really was too goddamn easy for Luzsec to get personal information on customers. There's a reason we're hearing about Sony getting breached a not your bank account provider.

It doesn't fucking matter!

What the fucking hell is wrong with you people? It doesn't matter how easy or hard they found it, the fact is it's a crime and you are siding with the criminals.

Again, what planet are you guys living on!?

[Dummy Bear]

It doesn't fucking matter!

What the fucking hell is wrong with you people? It doesn't matter how easy or hard they found it, the fact is it's a crime and you are siding with the criminals.

Again, what planet are you guys living on!?

I'm with Hogfather on this one. I really don't think we should be praising or glorifying these hackers, because even if they are "proving a point" they still have many people's personal information, which they shouldn't be having.

Seriously, what you guys are saying is pretty much the equivelant of saying "That girl was wearing revealing clothing so she deserved to be raped".

[Light]

I'm saying that these corporations are incompetent as fuck when it comes to protecting sensitive information.

Seriously hackers try to infiltrate banks everyday yet never actually succeed because the bank's network security division is always several steps ahead. I'm sure wanting corporations to invest in a substantially better network security division isn't out of the question. Especially if they rely on networks to conduct business. Once again, it's been too easy for Luzsec to acquire all this information.

[CtW]

I can't believe anyone is actually approving of this crap. In other news they're getting progressively less impressive every day. They had Minecraft, an indie game without a big company's support, down for less than an hour. That's hardly even an inconvenience, much less anything to rage over. I hope they enjoyed their moment in the spotlight because they're starting to fade already and the jail time they pay for the brief attention is not going to be filled with lulz.

[Yong]

I'm saying that these corporations are incompetent as fuck when it comes to protecting sensitive information.

Seriously hackers try to infiltrate banks everyday yet never actually succeed because the bank's network security division is always several steps ahead. I'm sure wanting corporations to invest in a substantially better network security division isn't out of the question. Especially if they rely on networks to conduct business. Once again, it's been too easy for Luzsec to acquire all this information.

[Nepenthe]

It'd be much easier to sympathize with these hackers if they weren't inadvertantly hurting customers in the process by taking their personal info. You want to prove a point to the corporations? Fine; leave a note. Why do you have to steal sensitive information to "get the point across" and leave me, the customer, open to fraud when I've done nothing wrong in this scenario? It's completely counterintuitive to their so-called message. We're not absolving these companies of the responsibility of protecting us either. We're simply saying we're tired of these guys constantly ruining shit, and saying, "Well, the companies should do better," doesn't address the fact that these guys are still constantly ruining shit.

This is all ignoring their pettiness, however; they went after PBS for airing a documentary they didn't like. So noble. Keep fighting the good fight.

[Light]

I knew someone was going to try and 1up me hence the "Especially if they rely on networks to conduct business."

Are you people really okay with the fact that these people announce hacks before they happen... and succeed?

[Agent York]

I can't believe I'm about to do this, but this whole conversation reminds me of Deadly Premonition (great game by the way, well more like best terrible game ever, but still more of you should check it out).

In the game, the question is posed on what makes a crime? When is a crime justifiable?I am going to use some of Agent York's wisdom to guide me here.

The point is brought up how to compare these crimes, the instance of the man who cut off victims heads and used their skulls to eat from compared to small thefts at a local grocery store. Emily (the female cop) feels like her crimes were nothing compared to his. However, York disagrees. All crimes will have a "criminal" and a "victim". No "victim" will welcome a crime, no matter what the size. Fundamentally, there is no difference in size.

Later in the game, such a criminal is trying to use justification to say why what he is doing the right thing, but York as he says it doesn't get what he's trying to say so he'll simplify it for him. This next scene has Deadly Premonition spoilers, but listen to the conversation between the "criminal" and Agent York. The criminal tries to justify what he is doing, but all York see's is a criminal committing a crime, no complications since what the criminal is doing is a crime and justifying it is only prettying up the problem.

http://www.youtube.com/watch?v=NK5WKS81deA

A criminal is a criminal, and is a criminal since they commit a crime against a victim. There are clear criminals and victims here, no excuse in the world can change that. There is another issue here about society, but these LulzSec are reaping off that excuse to commit crimes. Let that issue be dealt with on it's own, we don't need some false "justice bringer" to hack systems and commit crimes under the guise of righteousness.

[Noir]

Because I am a faggot I'm going to quote anime:

C.C.: [Narrating] In this world, evil can arise from the best intentions. And there is good that can come from evil intentions.

Point being that while LulzSec is clearly committing multiple crimes, deserves punishment, and should not be condoned at all, there's good that can (and should) come from it. For that reason, I'm glad that they're breaking laws (except when they start messing with people's personal info, as that's going too far). They're idiots for doing this, really, and I hope they get what's coming to them, but more than that I hope companies will realize that they need to fix their security.

It's not "ok," what they're doing, but it can lead to positive results and so I can accept their actions.

[TheGerkuman]

It's ironic that on a board where people generally pride themselves on debating important issues that there's so many cases of False Dichotomy going around. It is utterly possible, if not I would argue normal, to think that both sides in this particular conflict are wrong. On the one hand, Lulzsec should not be doing this. On the other, companies should not be burying their heads in the sand like ostriches.

I hope that Lulzsec gets brought to justice for what they do, but unless people start to give a proper crap about internet security then it won't be long until another Lulzsec comes along. One that may not be wearing a 'white hat'.

Edited June 14, 2011 by Gerkuman

[Agent York]

It's ironic that on a board where people generally pride themselves on debating important issues that there's so many cases of False Dichotomy going around. It is utterly possible, if not I would argue normal, to think that both sides in this particular conflict are wrong. On the one hand, Lulzsec should not be doing this. On the other, companies should not be burying their heads in the sand like ostriches.

I hope that Lulzsec gets brought to justice for what they do, but unless people start to give a proper crap about internet security then it won't be long until another Lulzsec comes along. One that may not be wearing a 'white hat'.

This is a point touched upon, personally speaking I believe LulzSec should not be doing this and they most certainly are committing crimes. And yes, websites should tighten security. But LulzSec is not justified to commit crimes to make websites tighten security, that is just an excuse.

[CtW]

It isn't like they aren't already black hat. Maybe not as money-oriented as your typical criminal hackers, but they have leaked personal information which pushes them over the edge from any semi-neutral territory they may otherwise have been in.

They DDoS'd League of Legends, too. The latest tweet seems to imply they're done for today.

And that concludes our DDoS party: Escapist Magazine, Eve Online, Minecraft, League of Legends + 8 phone requests. #TitanicTakeoverTuesday

[Velotix von Skruviktorrius]

Hah! The Minecraft login server? Why'd they bother with that?? Downing the Minecraft login server is trivial because it's not actually designed to handle very large volumes of simultaneous traffic anyway. A new version of Minecraft can take it down just as quick from legitimate traffic.

I'm still finding the 'roid rage about so-called "siding with the criminals" hilarious. There is such a thing as a neutral viewpoint - the world's not binary.

Why do you have to steal sensitive information to "get the point across" and leave me---

Because time and again it has been proven that companies will, unless they are major cross-discipline companies and know this stuff as part of their job, not invest heavily into security until they have already taken serious damage and their shareholders are jamming the company switchboard.

And yes, that you have to go that far in the first place is ridiculous, but that's reality. There's a lot of rose-tinted idealism in this thread. Most people who aren't actually security professionals, myself included, grossly overestimate the quality of existing computer security in general.

I would honestly be completely unsurprised if half of LulzSec actually work in computer security somewhere already, with the other half being in it purely to piss about. Security professionals are the kind of people who would find this sort of thing funny, plus they would feel morally obligated to point out security flaws wherever they find them.

It's heavy-handed and criminal, but it will work, and at the end of the day getting things to work your way is all a professional engineer cares about. dealwithit.jpg

It will probably also get a few panic laws rushed through that don't actually deal with the security problem, but c'est la vie.

PS: LulzSec are Grey Hats otherwise they would have utterly raped the NHS servers. They did not. Greys are mischievous amoral assholes, and that's LulzSec to a tee.

[Nepenthe]

Wait... they took down The Escapist?! Today?! On the day I get to watch Movie Bob's latest installment of his "The Big Picture" series?!!

*checks bookmark, gets an error message.*

.....

Fuck you guys' lame justifications for their actions. Now they've finally inconvenienced me, so now it's personal. I want these guys' heads on a pike.

@ Velotix: So, basically what you're saying is, if any customers out there have been or potentially will be the innocent victims of fraud as a direct result of LulzSec releasing their personal information, they are obligated to just deal with it simply because it was easy to do so when frankly, this entire operation could have been handled in a much classier and funnier fashion? Nice to see that you are effectively blaming the public as well. Again, this is completely counterintuitive to the message they're trying to send across, that being that the companies need better security, not the public. Screw that.

Edited June 14, 2011 by Nepenthe