Hacker News new | past | comments | ask | show | jobs | submit login
Lulzsec Declares 'Operation Anti-Security' (pastebin.com)
69 points by itcmcgrath on June 20, 2011 | hide | past | favorite | 39 comments



The short and sweet:

Lulzsec is encouraging everyone to deface government websites with #AntiSec as well as in physical graffiti.

'Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments'.

Claims to have Anonymous on board.

Does anyone else smell a less free Internet approaching closer?


The less free internet seems inevitable. Laws are often passed and almost never abolished. So it's a slope that you can fall down slowly while almost never climbing back up. Over time it seems very, very, likely that more and more regulation and restrictions will be imposed on a per-country basis. The question seems to be the rate and resistance.


Agree completely, in fact i've just added this link: http://risky.biz/haroon (Lulzsec, Ranum and I Told You So!)


Good article. I had the chance to spend some time with Marcus Ranum back around that era and it was formative to my career focus in security. However, I think there there's a second part of this historical narrative you're laying out. It's that the government will fail to accomplish security of computer systems just like they've failed to accomplish security of physical locations. At that point that government will start looking like a really bad deal.

If this government wants to survive this coming era, it will not do what's feared. If it does do the sort of crackdowns people are fearing, it will not survive. Either it will be broken outright by the hackers and those who still care about freedom or it will fair to accomplish security and be broken by the people that still aren't safe.

The best chance is to actually address the issues by developing better technology in dialogue with the hackers and the security minded. This may make the short term harder but it will set the foundation for a superior nation built on something that can actually be defended.


How exactly do you think the internet would be "less free". Would there be fines/jail time for sql injection? Port scanning? Issuing DDOS attacks? I guess you'd have less freedom to do these things but most of these are against ISP TOS any way. Are you worried about an internet police state enforcing the rules?

Make the punishment stiffer and/or secure your servers (not exactly possibly with DDOS) and these "problems" go away.

In the early/mid 90's there were lots of high speed chases in Los Angeles. The penalties got stiffer, the media stopped reporting it, no one really cared, and i guess the freeways/roads became "less free".


One great example is DoHS shutting down gambling sites without due process.


> Does anyone else smell a less free Internet approaching closer?

Hmmm ... any chance Lulzsec is really a false flag operation?


I had a similar thought, but the less free internet has been in the works for years before these guys came around. With or without groups like this, it is inevitable. The powers in place fear what they can't control.


Dear Lulzsek, eye for an eye, and everybody goes blind. If you have something to ask from the government, please write a Petition or a Freedom of Information request, or any other formal request. Hey, with all your power you could event start a site to inform people of their democratic choices and suggest actions that make the world a better place.

Don't act like rude kids, that just denigrates our image as a whole and eventually further spoils our beloved common space known as the Internet.


Horey shiit, it's antisec tiem[1] kiddies! And it looks like I was right[2] about there being a strong correlation between Lulzsec gentlemen and AnonOps. This should be fun.

Btw, what's it gonna take to raise zerofor0wned from slumber again? They haven't published in awhile and I miss them. Surely Lulzsec kids are of the age of majority now, let's get the soft gloves off and do some real doxing.

[1]: http://en.wikipedia.org/wiki/Antisec_Movement

[2]: http://news.ycombinator.com/item?id=2631053


I'm confused about the relationship between Anti-Sec (in the sense of the wikipedia article) and Anonymous. Anti-Sec is "dedicated to eradicating full-disclosure of vulnerabilities and exploits and free discussion on hacking related topics" [1]. In contrast, Anonymous is a strong backer of Wikileaks which would seem to be squarely behind the concept of full disclosure (except insofar as it could undermine the process of full disclosure).

I wonder if LulzSec even intended to make this connection. This "call to action" is quite different from the Anti-Sec mission statement, but I would have a hard time believing they weren't aware of previous use of "Anti-Sec".

[1] http://seclists.org/fulldisclosure/2009/Jul/164


They don't really explain why we should be placing #AntiSec everywhere. This document seems like a rabble rousing speech without any substance at all.


I'm guessing it is just an awareness ploy. If the news picks it up, it gives all the stories something in common to mention. Likewise with any defacement that happens, if someone sees a common word, they are more likely to search for it and hence find more.

Where or not it works for them or turns in to a bit of an embarrassment for them, is yet to be seen.

I'll keep an eye on google trends to see how it pans out: http://www.google.com/trends?q=antisec%2Clulzsec&ctab=0&...


Lol, defacements happen everyday brah: http://zone-h.org/archive

And antisec, no-disclosure fundies have been around for a lot longer then Lulzsec.


No argument there. I'm unsure what your point is though?


It just seemed from your comment that you were implying any defacements in the near future from here on out should be attributed to Lulzsec fools. Which is nonsense.


I fear you have read words that don't exist.


Why has http://lulzsecurity.com not been seized?


That is a very good point. Given that the DHS does domain seizures, and luzsec are explicitly attacking the USA, the non-seizure is very fishy.


Not really. The previous seizures were over copyright infringement/IP issues, rather than hacking. It's possible that the DHS (who were behind the seizures before, as Customs is a part of them) is working on it, but they likely don't have the necessary paperwork or process in place for "hacking sites" instead.


No matter what you think about these folks, it is a very dangerous game they are playing. It takes some balls to organize this and to act on it.

This can only result in more crazy laws unfortunately.


It's interesting that there's an overall theme here that the only action government takes is more laws. This is recognized as an issue right? But people just don't think there's anything to do about it? That scares the hell out of me. If the people here have given up on having substantial control over the legal context of their lives, something is very very wrong.


I find this extremely worrying. Sure, I'm all for fighting the power, but a campaign like this could do a lot to damage our online freedom, e.g. the freedom to pay for things and conduct business online ... it would also result in governments limiting the internet in a way that they haven't done before, for a very long time ... that would really suck!


If it will damage your freedom, then, by definition, you don't have freedom.

The effect this might have, if any, is to show who pretends to have/give freedom and who really has/gives it.


This right on. Reading a lot of the comments here, I think people have already given up that freedom and just hope that no one makes them see what they've done. This discussion has certainly opened my eyes in regards to this. One freedom is always to go to a country which has different laws. Another freedom is to develop computers, OSes and networking protocols that better provide freedom. It seems that many are so used to building on frameworks that have inherent issues that they forget their are choices, basic choices, that still have to be made every day.


I get your point, and it's a valid one. I just hope that Lulz pick their targets wisely, because an all out war on the system will result in system lock-down, which will affect a lot of good people in negative ways, and will also fuel the governments belief that they should be exerting more control ...


Not that this at all the same, or that I support what Lolzsec is doing, but I think there were a lot of African Americans at the start of the Civil Rights movement who didn't want people to speak up for fear of there being harsh consequences.


You're dead right, it's not at all the same ...


Someone also wrote a rebuttal of sorts: http://pastebin.com/DfuG9T1W


Lulz are the children in their parents' basement. But Jester is the 40 year old, slightly nuts, overly apologetic for the government, 40 year old dude living in the basement falling for the trollish script kiddies.


So, if lulzSec are a group of Americans, then couldn't they not only be charged with breaking internet security laws and such but, also treason?


Using pastebin as an anon blog is cool idea though. Anyone can tell how anon it actually is?


it all depends on how you get there...


Interesting that they explicitly link the Hacker's Manifesto from '86 in there this time.


Every time I hear about LulzSec, I say "Conspiracy Theory Time" before I read the HN comments page. Finally I have some worthy conspiracy which I think no one has posted before. It goes something like this.

Axioms:

1. Most of the geeks and internet privacy aware people in America hate the American government. If not hate, they at least despise them for most of their new internet policies.

2. Out of these people there are a lot of smart teenagers and young men/women. This is the age where most of the sociologists (I don't know if that is the correct term, just read it as parents or people who have PhDs and study this kind of things) believe that this is the age where they are most impressionable. And more so if the idea is rebellious, that too at the highest level.

3. Terrorists are not a bunch of fools who don't know how to use a dvd player. Most of the times they are capable of carrying out sophisticated internet attacks. Also they have strategists competent enough to take on US intelligence. (Not very sure of the last sentence but who am I to suck the fun out of this).

4. After 9/11 it has become increasingly hard for the terrorists to do bomb blasts or other such activities. Also suicide bombers make recruiting a pain.

5. Terrorists hate America.

Hypothesis:

The chief aim of terrorists is to make you people's (read American's) life miserable. They used to do it with short term impact plans like bombs. One bomb and america is terrorised for around a year or max for two. Make them hate their own government and they would be terrorised for life. Well terrorised is not a very good word for it, but pedestrian word for massive pain in the rear end of human body is not allowed on HN. So they devise a new scheme. They start riding on the current AnonSec wave. While AnonSec did it for a cause (the wikileaks thing) they would say they did it for the lulz. Now the group is supposed to be an all american group but anyone can be anyone on the internet. Also doing it for the lulz sounds more rebellious. So more and more rebellious and smart to some level kids join lulzSec. In some time they may have an army of them. Then they would really start acting up and randomly deface the government site. The cyber crime department (whatever it is called in US of A) is spread thin looking for these young brats who are doing all this DDoS attacks. They may do a real attack on american security then or just sit back and enjoy while americans fight each other in a kind of civil war. As an added bonus here, the government, under the fear of such acts, will make new laws restricting internet use. This will further annoy people and make new LulzSec recruits. So the terrorists groups have their very own "Vicious Cycle". At this point all the terrorists will go "Whoopie".

Refutations:

1. I don't know but I think the government sites are not hosted on the same server as the other high security services. So DDoSing them will be just an annoyance. But still people shiver at the headline "Hackers successfully take down CIA website".

2. Government cyber crime unit is not that small that they are spread thin with just few DDoS attacks. Someone will have to help me out here as I have no idea if this is right or wrong.

Please feel free to come up with more refutations.


Most of these arguments (and most other conspiracy theories) can be shot down as just another instance of the Conjunction fallacy/Occam's Razor. The probability of a single event is always greater or equal to the probability of both events: P(A) >= P(A&B) where event A is 'Rebellious hacker teens' and event A&B is 'Rebellious hacker teens recruited by terrorists'.


While the latter is logically true, one has to be careful. It may be easy to erroneously interpret that as comparing “rebellious hacker teens not recruited by terrorists” and “rebellious hacker teens recruited by terrorists”, which pair has no such guaranteed monotonicity.


I didn't understand shit about all the high level math/CS stuff you two just discussed. But what I do understand is this. Whenever there is a possibility of government or terrorist organisations gaining immensely from something more often than not one of them is involved. This can either be a false alarm operation or something done by terrorists. But apart from that there are many small ways they can be involved. Like the government will ignore such activities (not investigate it fully to their power) then let it grow to such large a proportion so that they can justify their new restrictive Internet act.

OTOH, the terrorists may not be involved initially but they may send in some of their cyber force to help organizations like LulzSec so that they can help american people take down their own infrastructure. We should not forget that AnonSec did take down many payment portals to some level.LulzSec took down sony also. What is stopping LulzSec to go full blown DDoS on payment portals? If Al-Quida or other cyber aware terrorist organisation gives them a botnet or two god knows what they might do.


Hey, it's the new pr0j3kt m4yh3m! I suspect it will be as successful as the last one.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: