Discussion on Lulzsec

[nihil]

I came across this link that might be of interest:

http://www.makeuseof.com/tag/10-sear...invisible-web/

Basically specialist search tools for the darknet?

[crim]

LulzSec is just a bunch of attention seeking scriptkiddies, using automated tools for their "hacks" and acts like hotshots while doing it.

[nihil]

Hey crim, how's it hangin?

Do you think that The-Spec is involved in all this...........?..........does look a bit like his style (without the Hello Kitties) ???

Cheers,

[crim]

looks like reality is closing in on these guys:

Reports are emerging that Topiary, a key member and spokesman of LulzSec, has been arrested.

Officers from the Metropolitan Police Service’s Police Central e-Crime Unit (PCeU) arrested a 19-year-old man in an intelligence-led operation today.

The announcement was made on the Metropolitan Police Website, and the arrest has been made as part of an “ongoing international investigation into the criminal activity of the so-called “hacktivist” groups Anonymous and LulzSec”. The statement also confirms that they believe the man they have is “Topiary”.

The suspect was arrested at a residential address in the Shetland Islands, off the north east coast of Scotland, and he is being transported to a police station in central London. His address is currently being searched.

Police are also searching another address in Lincolnshire, and a 17-year-old male is being interviewed under caution in connection with the inquiry, though he has not been arrested.

It’s thought that ‘Topiary’ is second-in-command at LulzSec, and the ‘public’ face of the hacktivist group. Topiary was notable for his eloquent writing, and it may surprise some to learn that the man suspected of being Topiary is still a teenager.

Topiary is thought to manage the main LulzSec Twitter account, which was last updated 5 hours ago, though he likely had a hand in most of the group’s announcements. He’s also thought to be well-known among hackers with links to more senior Anonymous members.

Up until now, very little has been known about his identity, though he has been referred to as ‘Daniel’ in some leaked transcripts in the past. And it seems that Topiary had wiped his Twitter feed too, leaving a single, solitary message, perhaps in anticipation of the net closing in on him:



We’ve written extensively about both LulzSec and Anonymous in recent months. LulzSec announced in June that it was to cease activities after 50 days, but the group was soon back in the fold. And just last week, we reported on LulzSec and Anonymous’ joint statement, which was directed at the FBI.

And today’s arrest has happened on the same day LulzSec and Anonymous issued another joint statement calling on people to boycott PayPal. “PayPal’s willingness to fold to legislation should be proof enough that they don’t deserve the customers they get. They do not deserve your business, and they do not deserve your respect.”

The LulzSec and Anonymous hacktivist groups seem to be spread far and wide. Last week we reported that the FBI had raided three people’s homes in New York, thought to be members of Anonymous. Shortly after, it was revealed that a 16-year old leading member of LulzSec, known as TFlow, had been taken into custody in London.

And at the time of writing, the Lulzsecurity website has been taken offline too: http://lulzsecurity.com/.

We’re sure there will be further statements from both LulzSec and Anonymous in due course, but it seems that the net is certainly closing in, and it will be interesting to see where the hacktivists go from here.

Source: http://thenextweb.com/insider/2011/0...-spokesperson/

[westin]

How many times have they arrested key members of lulzsec that turned out to be at best, loosely affiliated with them? This could very well be one of them, but I am a little skeptical...

[HYBR|D]

It was topiary.

Is all i can say. Hope they make an example out of these chaps... Ibet it won't be long before they all "Roll" on each other and we start seeing more "Anonymous" related arrest's also.

There 1 claim to fame is that they could google dork for website's that were vuln to a 2yr old sql script, And using the forgotten password feature and using easily obtainable info to obtain control of e-mail accounts.

i guess there starting to realise were not laughing with them, but at them.

[westin]

Interesting article here: http://www.dailytech.com/Exclusive+B...ticle22280.htm

[nihil]

There 1 claim to fame is that they could google dork for website's that were vuln to a 2yr old sql script, And using the forgotten password feature and using easily obtainable info to obtain control of e-mail accounts.

Hmmm, the doctrine of "contributory negligence" comes to mind, and British law is pretty lenient regarding these "prank" types of activity as it is. This could explain why there seem to be a disproportionate number of Brits involved............they don't perceive the risks as being so great as people in other countries might?

It was topiary.

But which one?

I think that this could drag on for a long time or they will just get bored and go away.

The problem with attention seekers is that you get a whole load of wannabees trying to claim the glory.

Our computer misuse act came into law in 1990. Since then there have only been about 200 cases brought under it..........sorry, no idea of the success/fail rate.

Our law enforcement people just don't like using it because it is too easy to create reasonable doubt in the minds of jurors, and it is hardly worth the effort of chasing skiddies (which is all these people are) given the cost and effort it would take.

I think that the article westin linked to may have a point........the Metropol are looking for some favourable publicity in the wake of the Murdoch bribery allegations?

This could well prove embarrassing for them

[metguru]

From what I've heard most of these skiddies are using things like LOIC and slowloris (correct me if I'm wrong). Has anyone analyzed these programs to see how they work? This is a security forum after all . I think that'd make an interesting discussion/project. It's probably not too difficult to see how it works though if you can get the code.

[westin]

I think Slowloris works by opening several simultaneous connections to a webserver, and then not allowing them to close. Most webservers only allow for a certain number of connections at once [I think 400 for apache?]. This will deny any access to additional connections once the threshold is reached.