The Hacker News Thread - FBI vs Welfare

security is pretty much impossible. after all, a chain is only as strong as its weakest link. you can have the most high tech security defenses in the world, but simple low-tech social engineering attacks such as dumpster diving or calling a clueless user to dupe them into revealing their password, are enough to compromise any system.

I like to call them “Janitor” accounts. We seriously have accounts for janitors here that never, EVER get logged into. I doubt anyone would notice if one became an admin one day. This is not even considering privilege escalation exploits.

Sovi3t: That’s exactly the point I was trying to make with my first post. You have 0 way to know 100% where an attack originates from. It leaves open wide windows for blame game, scapegoat false flag shenanigans to occur. That’s why this whole “cyber war” shenanigans is just that: Shenanigans. Most importantly, shenanigans that the average person doesn’t understand and probably doesn’t care to either.

One question that I really want to know the answer to, though, is:

WHY THE FUCK ARE SENSITIVE SYSTEMS EXPOSED TO THE INTERNET IN THE FIRST PLACE?? The only recent government hack that ever made sense to me was Stuxnet because that used USB drives and other removable storage devices as a propagation vector. That actually MAKES SENSE. Having a system that you want secured to all but an extremley limited few even touching the net makes none at all.

My opinion: you should reasonably secure your outwardly-facing systems, and the damage done to/by them, you are responsible for. If you have something capable of causing loss of life out on the internet you’re just as a bad a a reckless driver IMO.

And they have allegedly brought down the CIA’s front-facing website as well.

Seriously? The CIA is vulnerable to a DDoS? They really need to come out out and either say either 1. They were running vulnerable/unpatched software or 2. There is a new 0-day out there that absolutely no one knew about. I find both of those to be unlikely. At least someone else out there has a similar opinion.


Nothing is immune to DDoS. It is literally impossible to be fully immune to it because of how it works and what it is.

lulzsec hit a TON of targets today, most of them MMO’s oddly enough (such as EVE, LoL, and WoW):

They also phone bombed the FBI (lol seriously? What’s next, black faxing?)

lol if the US senate isn’t the wrong people then who the fuck is

someone with a brain

quoted that part because it’s what your post boils down to

nothing is as safe as we think it is. you think your house is safe because your windows are down and your door has a lock on it? you’ll think twice on that shit once some niggas who want to see your ass dead come after you. nothing anywhere is safe, even if you put armed guards by it.

what are the objectives of these groups?

If the systems are offline they can’t be hacked by online sources. That’s the point I’m trying to make. I know systems are inherently unsafe, which is why you place systems that are highly sensitive (I.E. the one’s that the media is all aflame over like defense systems and the electrical grid) off-line so that the only way they can be reached is from an internal LAN. NOT the internet.

There’s a lot of people thinking that this group is NOT a group of activists. Not gonna start speculating who they could be, but the internet is about to change.

In many companies, it’s necessary for your employees to be able to connect to your servers, for various reasons. It’s not as simple as just not being connected to the internet, in this day and age.

Lulzsec is a group of /b/ tards who are purely in it for the lulz, nothing more.

There’s VPN for corporate stuff.

Highly secure systems should require physical access. If this stuff is worth that much, it’s worth a warm body. What it’s not worth is any of my freedoms.

arent hackers considered terrorists anyways in the post 9/11 world?

Thats great for them but doesn’t really benefit regular people who enjoy very unregulated internet.

I’m not a computer guy, but reason tells me that there’s also a reason why those systems are online in the first place

I think the best lulz would be to hand out free money… in the short run. =X Then stock market would just go in flames. “You get a share of Microsoft! You get a share of Microsoft! You get a share of Microsoft!!!” /Oprah

I thought they started because a couple guys were banned for using modded ps3 consoles. They should h4x international sites/companies. Especially China involed ish.

Lulzsec hacked Paypal, Facebook, and Twitter today:

There is always a conflict of interest between security and convenience; the two are mutually exclusive. If you wanted a truly secure system, no computers would be connected to the internet. There’d be no phone lines in or out. You’d work in a building with no windows. There’d be biometrics at every checkpoint. But that wouldn’t be very convenient. On the flip side, just fuck it and give everyone admin accounts, open up all your ports, and fuck a firewall.

They banned everyone then took down 4chan earlier today. I saw them trying to sql inject on /g/ and fail miserably before it happened, it was really funny.

Or Pumpkinhead. Can’t forget his ass.

Stay away from Pumpkinhead, unless you’re tired of livin’
His enemies are mostly dead, he’s mean an’ unforgivin’
Laugh at him and you’re undone, but in some dreadful fashion
Vengeance, he considers fun, and plans it with a passion
Time will not erase or blot, a plot that he has brewin’
It’s when you think that he’s forgot, he’ll conjure your undoin’
Bolted doors and windows barred, guard dogs prowlin’ in your yard
None will keep you safe in bed. Nothin’ will, from Pumpkinhead.

Someone is revealing information on lulzsec. A post just when up where all vital information on Kayla, including real name, address, and even Social Security number.