LulzSec’s Dumpster Knights
A Krypton Radio Editorial
They’re like a bunch of garbagemen, trash-pickers who found a couple of old suits of armor in a dumpster and now think they’re knights. A disorganized gang of Kabuki dancers, running in and out of endless doorways, changing costumes, changing masks, making everyone think there’s more of them than there is. Angry, nihilistic college students, professors, and would-be entrepreneurs, guilty over their desire for success in a world where success is supposed to be a sign that you’ve sold out to the Dark Side.
The hackers, so-called “hacktivists” that have been breaking into systems as diverse as Eve Online, Sony, the CIA, the US Senate, and the UK’s Serious Organized Crime Agency, are lauded on one side as virtual freedom fighters, but seen by authorities as criminals and terrorists.
These are the hackers who have been terrorizing the Net – and it may have started at least partially in the online service called Second Life, owned and operated by California based Linden Research, Inc. A group calling themselves the Patriotic Nigras formed on 7Chan.org in December of 2006 and came to Second Life in an arrogant attempt to “own” it. At least one of the members of the Patriotic Nigras went on to form a branch of the amorphous internet gang calling itself “LulzSec”.
LulzSec has set their sights higher than dropping boxes in sims and telling furries to “Yiff in Hell”, but their attitudes haven’t changed all that much. When it was the Patriotic Nigras begging for attention in the sandboxes of Second Life, it was almost amusing, when Eekdacat Ondeneko’s “Doomsday Gun” would send clouds of “Choppa Man” cubes reproducing and screeching like mad all over a region until it crashed. But recently, the US Government has been reclassifying hacking as a potential act of war, something decidedly unamusing. This is no longer rape cubes and particle zombies, this is deadly serious. Too bad the hackers still seem to think it’s funny, some kind of video game, as an Anonymous IRC log seems to imply:
Jun 03 15:05:41 storm HACK US AND WE WILL BOMB YOU. – Obama
Jun 03 15:05:48 trollpoll didnt see 😛 nice lulz ye
Jun 03 15:05:54 trollpoll yes, this is not so lulz… 😛
Jun 03 15:06:03 storm lol
Jun 03 15:06:05 trollpoll and the NATO doc too…
Jun 03 15:06:12 storm i didnt see it
Jun 03 15:06:28 trollpoll NATO document talking about anonymous
Jun 03 15:06:29 * storm gives channel operator status to Topiary
Jun 03 15:06:35 storm oh
Jun 03 15:06:36 trollpoll that must be prosecuted
Jun 03 15:06:43 storm yeah i saw that
Jun 03 15:06:58 trollpoll one of these days we will have tanks on our homes…
Jun 03 15:07:19 storm yeah no shit
The “first strike” of the LulzSec boat appears to have been the recent breach of the Sony Playstation Network first reported on April 27 of this year. The interlopers broke into half a dozen web servers, stole and posted proprietary source code owned by Sony on BitTorrent sites and even left messages inside the system identifying themselves not only as Anonymous, but a specific splinter group within Anonymous calling themselves LulzSec.
LulzSec claimed that its attack on the Sony Playstation Network was an attempt to convince them to drop its charges against hacker George Hotz, who hacked his PS3 to “jailbreak” it.
George, however, is giving mixed messages on why Sony took exception to his bypassing the security on Playstation hardware. In one interview, he says his basic error in “making Sony mad”. (http://news.cnet.com/8301-13506_3-20028540-17.html) In another (http://www.pcworld.com/businesscenter/article/226603/playstation_hacker_sony_has_only_itself_to_blame_for_breach.html) he issued a statement: “The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts. Alienating the hacker community is not a good idea.” But still other posts have him wanting to get on with life and put the lawsuit behind him, accepting a permanent injunction. Even when unmasked, these people can’t stop shifting faces.
The “hacktivists”, however, wanted to avenge him anyway, and attacked Sony’s Playstation Network on April 19 to defend his questionable honor, sort of like burning down a bank that had a bankrobber arrested for robbing it. George himself doesn’t appear to be very grateful for his compatriots’ act of vengeance in his name. On the Kotaku news site, in an article reporting a rise in PS3 systems being hocked following the shutdown of the Playstation Network, George (or someone using his usual handle) made the following statement in a comment:
May 15, 2011 at 8:17 AM
Anonymous Hackers Top number 1 site to blame
http://www.somethingawful.com reasoning blameing 4chan site knowing it just to secret get FBI agentz off their legal hacks on interwebs & IRC channels
http://www.woodburyuniversity.edu Mostly all Anon crowns who dose this & run 4chan go’s to this college :] http://www.Lindenlabs.com probably their at getting back at Sony Homes riping off ScoundLife Like how Tizzers Foxchase soviet russia group goted their butt kick by furries & W-Hat hackers
Of particular interest are two names out of the entire post: Woodbury University and Tizzers Foxchase. Why on Earth would GeoHotz, the creator of the PS3 jailbreak hack, be mentioning Tizzers and Woodbury, much less Second Life, in a comment relating to the LulzSec phenomenon? Tizzers is known to have provided support for the nascent Patriotic Nigras in the Woodbury group in 2007, and for other raiders in 2010, but why is a small time operator like Tizzers even worth a mention in this saga?
Simply, all these people keep showing up over and over. The “hacktivist community” would have us believe that there are thousands and thousands of hackers all over the world, a “hacker army” hidden in plain sight. The truth is, there just aren’t that many of them. They show up over and over, wearing different clothes. This is why Tizzers and Woodbury are noteworthy. They’re a model in microcosm of the larger whole – but the whole is so concentrated, even someone as small as Tizzers can be a significant element.
So we go back to Eekdacat Ondaneko, one of the founders of the Patriotic Nigras, whose first name is identical to that of a member of LulzSec. A recent post on Pastebin.com, reported by several sources, has revealed EEKDACAT’s involvement in the sailing of the LulzSec boat.
The PN and Woodbury in SL use a tactic in common when engaging in griefing. A single entity could force multiply their effectiveness by building a large backup supply of throwaway accounts, already equipped with griefing tools from a safe repository in-world or from text files of scripts. The mask would change as the action progressed, even as the player behind the mask stayed constant.
In this fashion, few can have the effectiveness of many, and can look like a small army. If a machine can run more than one avatar at a time, this force multiplication by technology becomes even greater. But more to the point, as Justice League investigators moved the focus of their attention from griefing group to griefing group, they found that it was the same players involved in each case.
Operating through different masks, the griefers attempt to increase their apparent size and perceived threat, and to create the impression that we as a virtual society are literally drowning in griefers, and that the /b/tards outnumbered the normal citizens by some huge number. It makes it easy to begin to assert that anti-social or borderline criminal behavior should be accepted because it has become the norm. We’re told the griefing is unimportant, because it’s all just a game, or some kind of digital dream. We are meant to believe that fighting back is hopeless, because the battle is already lost.
Seeing the musical chairs approach for what it is dispels the smoke, and fogs the mirrors. The PN and Woodbury claimed to be legion, but knowing how they leveraged this illusion destroys it. They were not legion at all.
The LulzSec operation is little different. We’re seeing many of the same players from other hacking activities, and still others are outing them. We’re seeing some familiar names, some from our own neck of the woods, and is it surprising? We’re finding that the global hacker army is more of a global hacker platoon, playing musical chairs and trying to convince us they’re bigger and more dangerous.
What makes them more dangerous is that they’re as much after each other as they are the businesses and institutions they’re trying to destroy, and they don’t care much about hurting people who get between them and their targets. This includes the less clueful people they call “cannon fodder”.
One of the better known methods of attack wielded by Anonymous is a distributed denial of service attack that can be directed at any target by anyone downloading their LOIC software. LOIC stands for “Low Orbit Ion Cannon”, and runs on user’s machines. When invoked, everyone who has it installed contributes some of their bandwidth to an attack on a web server, and anyone can select a target. There’s only one problem: the LOIC does not hide your IP address when you use it, and every person with it installed reports their IP address with every packet it sends out. LOIC users are cannon fodder. If you’re caught, it’s just chalked up to “collateral damage”.
This is nothing more than a turf war, waged on the Internet and on other people’s property – and it’s suddenly clear that this turf war is being played on a vastly smaller scale in terms of numbers than anybody had previously supposed, but with higher stakes than anyone had imagined.
LulzSec hacked both the C.I.A and the United States Senate, and gloated about it. Since the participants come from countries around the world, it’s no longer just a matter for the United States’ Federal Bureau of Investigation – now they’ve inspired changes to military rules of engagement, and an international effort is underway to find and capture the members of LulzSec. Naturally, the members are now all saying they aren’t members, or were never members, and backing away from LulzSec as fast as they can. But should we believe them just because they say this?
Can they cause trouble? Yes. Should they be taken seriously? Yes. Are they a world-class threat, a “nation” inside the Net, that should be warred against?
No. They’re a small, relatively insular group of the same faces over and over. They’ve already succumbed to attack from other hackers who appear to have unmasked them. This is the true face of Anonymous – they’ll give each other away, or give up (possibly involuntarily). You can only make a handkerchief look like a bedsheet by cutting it up and rearranging the pieces for so long. Eventually, someone will notice the gaps.
– 30 –
Update – July 4, 2011
And now the music stops and the haxx04z take their seats…and a new group emerges…The Script Kiddies! New masks for the same bodies in a new arrangement! A new group calling itself – and we kid you not – TH3 5CR1PT K1DD3S – managed to hack into Fox New’s Twitter feed and announce that President Obama had died. They’re not LulzSec. They’re not the AntiSec group either (which was just LulzSec in a new fright wig) – they’re affiliated with AntiSec. Their statement to Fox News:
“We are a new group called The Script Kiddies. As i have stated in past interviews we do have connections to anonymous, however this does not represent them in anyway. personally I have been part of many hacks leading back to HBgary and #operationPyaback with anonymous. we will not go into details about how we have acquired Fox news twitter account. We do have several email accounts belonging to fox news. As far as our security i obviously can’t go into details, but i have faith that the members of the script kiddies will remain hidden. We have no announced plans for future attacks, we have brainstormed several ideas. we will be contributing to #antisec in the future but we have found nothing of value within fox to add to the leaks.The updates about Obama are the result of boards script kiddies members after we found no information to leak to anonymous“.
They got some email addresses, and hacked a Twitter account. Bow down before the might of – who were they again?
- infosecisland.com – FBI has IP Address of Anonymous Hackers
- thehackernews.com – LulzSec, Jester Expose Each Other
- wired.com – LulzSec Hacks Sony Again
- pcworld.com – UK Police Nab Teen Hacker, Suspected LulzSec Member
- Fox News – Twitter Account Hacked by LulzSec Copycats